korobeynikov

@mafijs, благодарю, заработало!

Собственно, задача: соединить оптикой RB3011UiAS-RM и CRS354-48P-4S+2Q+RM. У RB3011 стоит SFP, а CRS354 — SFP+. Локальный дилер запросил у дистрибьютора информацию, и поставил нам S+DA0001, уверяя на 100%, что должно работать. Но оно не работает. По таблице MikroTik SFP module compatibility table тоже ничего не понятно. Кто что подсказать может?

Нет, речь не про radius secret, речь про логины/пароли Active Directory.

Люди, как настроить EAP в связке с NPS с более-менее серьёзным подходом, чтобы хотя бы пароли в plaintext`е по сети не гуляли. Просидел вес день: поднял NPS, создал группу, в которую буду включать пользователей радиоустройств, создал отдельного пользователя для точки доступа (т.е. для самого МикроТика), сделал его членом группы Серверы RAS и IAS, проверил программкой NTRadPing, вроде даже получает response: Access-Accept, а NPS в SQL-сервер логи пишет. Что дальше? Как правильно Микротик подключать к NPS? Или там как всегда как надо не работает? Куда вводить реквизиты специально созданного пользователя - члена группы "Серверы RAS и IAS"?

Купил новый маршрутизатор, по привычке сразу обновился до последней стабильной версии даже не читая изменений. Как оказалось, очень зря. Изменения там были такие, что нужно делать отдельную ветку. Из самой мелочи: отменили master/slave-порты, и реализовали это через отдельные мосты (bridge). В итоге у маршрутизатора перестали сигнализировать LED-индикаторы (загораются и гаснут только при включении питания), а также порты 3 и 4 вовсе отвалились, как будто к ним ничего не подключено. Кто с подобным уже сталкивался и что думает по этому поводу?

Пожалуйста, посоветуйте бюджетный вариант SHDSL-модема для одного(!) потока E1. Есть варианты у Элтекса, но там решение на 4 потока за 40К. Доступнее решения на рынке бывают?

Ну это по сети беспредел. За 5 км. провода в месяц хотеть 25 тысяч, при том ещё, что модемы будут наши.

Сейчас позвонили, сказали, что ошиблись: Но всё равно, цене заоблачные. Кто имеет опыт, поделитесь, пожалуйста.

Собственно, Республика Саха, посёлок городского типа (даже не райцентр), где у Ростелекома имеется АТС типа EWSD. Внедряем организации на 30-50 человек IT-инфраструктуру, руки дошли до телефонии, и, традиционно, хотим поставить Звезду. В виду того, что в районе телефонию по SIP никто не даст, решили запросить поток E1 с SS7 или ISDN PRI. Отправили запрос. Сначала менеджеры не могли понять о каком-таком E1 идёт речь, но потом разобрались и дело передали технарям, те, оказались весьма дружелюбными и компетентными. Выяснили, что на станции через цифровой коммутатор МР-8 можно организовать E1 с требуемой сигнализацией. Дали добро, отправили к коммерсантам на просчёт. После трёх дней мучительного ожидания получили следующее предложение: Собственно, хотелось бы получить ответ на вопрос как с этим монополизмом бороться? Мы рассчитывали на 15–20 тысяч в месяц за 10 соединительных линий и 30 номеров. У кого уже есть подобный опыт? P.S. Просьба про FXO и GSM-шлюзы не писать. P.P.S. Ещё хотели получить ОКС-7, чтобы выставлять 6 категорию на при звонке на определенные номера.

Решило проблему: eap{ peap{ copy_request_to_tunnel = yes } } А помогло: https://serverfault.com/questions/567130/how-to-use-calling-station-id-on-a-per-user-basis-in-freeradius Благодарю за поддержку!

radiusd: FreeRADIUS Version 2.2.6, for host x86_64-redhat-linux-gnu, built on Jul 18 2017 at 12:13:14 Copyright © 1999-2013 The FreeRADIUS server project and contributors. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License. For more information about these matters, see the file named COPYRIGHT. Starting - reading configuration files ... including configuration file /etc/raddb/radiusd.conf including configuration file /etc/raddb/proxy.conf including configuration file /etc/raddb/clients.conf including files in directory /etc/raddb/modules/ including configuration file /etc/raddb/modules/sql_log including configuration file /etc/raddb/modules/acct_unique including configuration file /etc/raddb/modules/pam including configuration file /etc/raddb/modules/opendirectory including configuration file /etc/raddb/modules/radrelay including configuration file /etc/raddb/modules/ippool including configuration file /etc/raddb/modules/detail including configuration file /etc/raddb/modules/smsotp including configuration file /etc/raddb/modules/unix including configuration file /etc/raddb/modules/always including configuration file /etc/raddb/modules/exec including configuration file /etc/raddb/modules/policy including configuration file /etc/raddb/modules/perl including configuration file /etc/raddb/modules/mac2ip including configuration file /etc/raddb/modules/sqlcounter_expire_on_login including configuration file /etc/raddb/modules/preprocess including configuration file /etc/raddb/modules/digest including configuration file /etc/raddb/modules/chap including configuration file /etc/raddb/modules/dhcp_sqlippool including configuration file /etc/raddb/modules/cache including configuration file /etc/raddb/modules/logintime including configuration file /etc/raddb/modules/smbpasswd including configuration file /etc/raddb/modules/etc_group including configuration file /etc/raddb/modules/rediswho including configuration file /etc/raddb/modules/soh including configuration file /etc/raddb/modules/realm including configuration file /etc/raddb/modules/detail.example.com including configuration file /etc/raddb/modules/files including configuration file /etc/raddb/modules/checkval including configuration file /etc/raddb/modules/detail.log including configuration file /etc/raddb/modules/linelog including configuration file /etc/raddb/modules/otp including configuration file /etc/raddb/modules/ntlm_auth including configuration file /etc/raddb/modules/pap including configuration file /etc/raddb/modules/attr_filter including configuration file /etc/raddb/modules/counter including configuration file /etc/raddb/modules/passwd including configuration file /etc/raddb/modules/mschap including configuration file /etc/raddb/modules/attr_rewrite including configuration file /etc/raddb/modules/radutmp including configuration file /etc/raddb/modules/expiration including configuration file /etc/raddb/modules/inner-eap including configuration file /etc/raddb/modules/dynamic_clients including configuration file /etc/raddb/modules/wimax including configuration file /etc/raddb/modules/expr including configuration file /etc/raddb/modules/redis including configuration file /etc/raddb/modules/mac2vlan including configuration file /etc/raddb/modules/echo including configuration file /etc/raddb/modules/replicate including configuration file /etc/raddb/modules/sradutmp including configuration file /etc/raddb/modules/cui including configuration file /etc/raddb/eap.conf including configuration file /etc/raddb/policy.conf including files in directory /etc/raddb/sites-enabled/ including configuration file /etc/raddb/sites-enabled/control-socket including configuration file /etc/raddb/sites-enabled/inner-tunnel including configuration file /etc/raddb/sites-enabled/default main { user = "radiusd" group = "radiusd" allow_core_dumps = no } including dictionary file /etc/raddb/dictionary main { name = "radiusd" prefix = "/usr" localstatedir = "/var" sbindir = "/usr/sbin" logdir = "/var/log/radius" run_dir = "/var/run/radiusd" libdir = "/usr/lib64/freeradius" radacctdir = "/var/log/radius/radacct" hostname_lookups = no max_request_time = 30 cleanup_delay = 5 max_requests = 1024 pidfile = "/var/run/radiusd/radiusd.pid" checkrad = "/usr/sbin/checkrad" debug_level = 0 proxy_requests = yes log { stripped_names = no auth = no auth_badpass = no auth_goodpass = no msg_badpass = "Ooops!" msg_goodpass = "Welcome to Internet!" } security { max_attributes = 200 reject_delay = 1 status_server = yes } } radiusd: #### Loading Realms and Home Servers #### proxy server { retry_delay = 5 retry_count = 3 default_fallback = no dead_time = 120 wake_all_if_all_dead = no } home_server localhost { ipaddr = 127.0.0.1 port = 1812 type = "auth" secret = "testing123" response_window = 20.000000 response_timeouts = 1 max_outstanding = 65536 require_message_authenticator = yes zombie_period = 40 status_check = "status-server" ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 num_pings_to_alive = 3 revive_interval = 120 status_check_timeout = 4 coa { irt = 2 mrt = 16 mrc = 5 mrd = 30 } } home_server_pool my_auth_failover { type = fail-over home_server = localhost } realm example.com { auth_pool = my_auth_failover } realm LOCAL { } radiusd: #### Loading Clients #### client localhost { ipaddr = 127.0.0.1 require_message_authenticator = no secret = "testing123" nastype = "other" } client 10.0.0.9 { require_message_authenticator = no secret = "7IZ3j0861t2J" shortname = "dlink" } radiusd: #### Instantiating modules #### instantiate { Module: Linked to module rlm_exec Module: Instantiating module "exec" from file /etc/raddb/modules/exec exec { wait = no input_pairs = "request" shell_escape = yes timeout = 10 } Module: Linked to module rlm_expr Module: Instantiating module "expr" from file /etc/raddb/modules/expr Module: Linked to module rlm_expiration Module: Instantiating module "expiration" from file /etc/raddb/modules/expiration expiration { reply-message = "Password Has Expired " } Module: Linked to module rlm_logintime Module: Instantiating module "logintime" from file /etc/raddb/modules/logintime logintime { reply-message = "You are calling outside your allowed timespan " minimum-timeout = 60 } } radiusd: #### Loading Virtual Servers #### server { # from file modules { Module: Creating Auth-Type = digest Module: Creating Post-Auth-Type = REJECT Module: Checking authenticate {...} for more modules to load Module: Linked to module rlm_pap Module: Instantiating module "pap" from file /etc/raddb/modules/pap pap { encryption_scheme = "auto" auto_header = no } Module: Linked to module rlm_chap Module: Instantiating module "chap" from file /etc/raddb/modules/chap Module: Linked to module rlm_mschap Module: Instantiating module "mschap" from file /etc/raddb/modules/mschap mschap { use_mppe = yes require_encryption = no require_strong = no with_ntdomain_hack = no allow_retry = yes } Module: Linked to module rlm_digest Module: Instantiating module "digest" from file /etc/raddb/modules/digest Module: Linked to module rlm_unix Module: Instantiating module "unix" from file /etc/raddb/modules/unix unix { radwtmp = "/var/log/radius/radwtmp" } Module: Linked to module rlm_eap Module: Instantiating module "eap" from file /etc/raddb/eap.conf eap { default_eap_type = "md5" timer_expire = 60 ignore_unknown_eap_types = no cisco_accounting_username_bug = no max_sessions = 1024 } Module: Linked to sub-module rlm_eap_md5 Module: Instantiating eap-md5 Module: Linked to sub-module rlm_eap_leap Module: Instantiating eap-leap Module: Linked to sub-module rlm_eap_gtc Module: Instantiating eap-gtc gtc { challenge = "Password: " auth_type = "PAP" } Module: Linked to sub-module rlm_eap_tls Module: Instantiating eap-tls tls { rsa_key_exchange = no dh_key_exchange = yes rsa_key_length = 512 dh_key_length = 512 verify_depth = 0 CA_path = "/etc/raddb/certs" pem_file_type = yes private_key_file = "/etc/raddb/certs/server.pem" certificate_file = "/etc/raddb/certs/server.pem" CA_file = "/etc/raddb/certs/ca.pem" private_key_password = "whatever" dh_file = "/etc/raddb/certs/dh" fragment_size = 1024 include_length = yes check_crl = no cipher_list = "DEFAULT" ecdh_curve = "prime256v1" cache { enable = no lifetime = 24 max_entries = 255 } verify { } ocsp { enable = no override_cert_url = yes url = "http://127.0.0.1/ocsp/" use_nonce = yes timeout = 0 softfail = no } } Module: Linked to sub-module rlm_eap_ttls Module: Instantiating eap-ttls ttls { default_eap_type = "md5" copy_request_to_tunnel = no use_tunneled_reply = no virtual_server = "inner-tunnel" include_length = yes } Module: Linked to sub-module rlm_eap_peap Module: Instantiating eap-peap peap { default_eap_type = "mschapv2" copy_request_to_tunnel = no use_tunneled_reply = no proxy_tunneled_request_as_eap = yes virtual_server = "inner-tunnel" soh = no } Module: Linked to sub-module rlm_eap_mschapv2 Module: Instantiating eap-mschapv2 mschapv2 { with_ntdomain_hack = no send_error = no } Module: Checking authorize {...} for more modules to load Module: Linked to module rlm_preprocess Module: Instantiating module "preprocess" from file /etc/raddb/modules/preprocess preprocess { huntgroups = "/etc/raddb/huntgroups" hints = "/etc/raddb/hints" with_ascend_hack = no ascend_channels_per_line = 23 with_ntdomain_hack = no with_specialix_jetstream_hack = no with_cisco_vsa_hack = no with_alvarion_vsa_hack = no } reading pairlist file /etc/raddb/huntgroups reading pairlist file /etc/raddb/hints Module: Linked to module rlm_realm Module: Instantiating module "suffix" from file /etc/raddb/modules/realm realm suffix { format = "suffix" delimiter = "@" ignore_default = no ignore_null = no } Module: Linked to module rlm_files Module: Instantiating module "files" from file /etc/raddb/modules/files files { usersfile = "/etc/raddb/users" acctusersfile = "/etc/raddb/acct_users" preproxy_usersfile = "/etc/raddb/preproxy_users" compat = "no" } reading pairlist file /etc/raddb/users reading pairlist file /etc/raddb/acct_users reading pairlist file /etc/raddb/preproxy_users Module: Checking preacct {...} for more modules to load Module: Linked to module rlm_acct_unique Module: Instantiating module "acct_unique" from file /etc/raddb/modules/acct_unique acct_unique { key = "User-Name, Acct-Session-Id, NAS-IP-Address, NAS-Identifier, NAS-Port" } Module: Checking accounting {...} for more modules to load Module: Linked to module rlm_detail Module: Instantiating module "detail" from file /etc/raddb/modules/detail detail { detailfile = "/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d" header = "%t" detailperm = 384 dirperm = 493 locking = no log_packet_header = no } Module: Linked to module rlm_attr_filter Module: Instantiating module "attr_filter.accounting_response" from file /etc/raddb/modules/attr_filter attr_filter attr_filter.accounting_response { attrsfile = "/etc/raddb/attrs.accounting_response" key = "%{User-Name}" relaxed = no } reading pairlist file /etc/raddb/attrs.accounting_response Module: Checking session {...} for more modules to load Module: Linked to module rlm_radutmp Module: Instantiating module "radutmp" from file /etc/raddb/modules/radutmp radutmp { filename = "/var/log/radius/radutmp" username = "%{User-Name}" case_sensitive = yes check_with_nas = yes perm = 384 callerid = yes } Module: Checking post-proxy {...} for more modules to load Module: Checking post-auth {...} for more modules to load Module: Instantiating module "attr_filter.access_reject" from file /etc/raddb/modules/attr_filter attr_filter attr_filter.access_reject { attrsfile = "/etc/raddb/attrs.access_reject" key = "%{User-Name}" relaxed = no } reading pairlist file /etc/raddb/attrs.access_reject } # modules } # server server inner-tunnel { # from file /etc/raddb/sites-enabled/inner-tunnel modules { Module: Checking authenticate {...} for more modules to load Module: Checking authorize {...} for more modules to load Module: Checking session {...} for more modules to load Module: Checking post-proxy {...} for more modules to load Module: Checking post-auth {...} for more modules to load } # modules } # server radiusd: #### Opening IP addresses and Ports #### listen { type = "auth" ipaddr = * port = 0 } listen { type = "acct" ipaddr = * port = 0 } listen { type = "control" listen { socket = "/var/run/radiusd/radiusd.sock" } } listen { type = "auth" ipaddr = 127.0.0.1 port = 18120 } ... adding new socket proxy address * port 59124 Listening on authentication address * port 1812 Listening on accounting address * port 1813 Listening on command file /var/run/radiusd/radiusd.sock Listening on authentication address 127.0.0.1 port 18120 as server inner-tunnel Listening on proxy address * port 1814 Ready to process requests. rad_recv: Access-Request packet from host 10.0.0.9 port 39043, id=192, length=145 User-Name = "sergey" NAS-Port = 0 Called-Station-Id = "C4-A8-1D-05-12-AF:sunnet" Calling-Station-Id = "80-C5-E6-16-7F-01" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 0Mbps 802.11" EAP-Message = 0x0201000b01736572676579 Message-Authenticator = 0x1324500679f9c8a29571bbf7b5ff1ffd # Executing section authorize from file /etc/raddb/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop ++[digest] = noop [suffix] No '@' in User-Name = "sergey", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 1 length 11 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] = updated [files] users: Matched entry sergey at line 50 ++[files] = ok ++[expiration] = noop ++[logintime] = noop [pap] WARNING: Auth-Type already set. Not setting to PAP ++[pap] = noop +} # group authorize = updated Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/default +group authenticate { [eap] EAP Identity [eap] processing type md5 rlm_eap_md5: Issuing Challenge ++[eap] = handled +} # group authenticate = handled Sending Access-Challenge of id 192 to 10.0.0.9 port 39043 EAP-Message = 0x010200160410880ee0eaad9e8cec94766c50d705005e Message-Authenticator = 0x00000000000000000000000000000000 State = 0xdc94e110dc96e57ccdd61660f7c49ce7 Finished request 0. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.0.0.9 port 39043, id=193, length=159 User-Name = "sergey" NAS-Port = 0 Called-Station-Id = "C4-A8-1D-05-12-AF:sunnet" Calling-Station-Id = "80-C5-E6-16-7F-01" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 0Mbps 802.11" EAP-Message = 0x02020007031915 State = 0xdc94e110dc96e57ccdd61660f7c49ce7 Message-Authenticator = 0x9062a348d0f29a0b9391b22a887e33e8 # Executing section authorize from file /etc/raddb/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop ++[digest] = noop [suffix] No '@' in User-Name = "sergey", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 2 length 7 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] = updated [files] users: Matched entry sergey at line 50 ++[files] = ok ++[expiration] = noop ++[logintime] = noop [pap] WARNING: Auth-Type already set. Not setting to PAP ++[pap] = noop +} # group authorize = updated Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/default +group authenticate { [eap] Request found, released from the list [eap] EAP NAK [eap] EAP-NAK asked for EAP-Type/peap [eap] processing type tls [tls] Initiate [tls] Start returned 1 ++[eap] = handled +} # group authenticate = handled Sending Access-Challenge of id 193 to 10.0.0.9 port 39043 EAP-Message = 0x010300061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xdc94e110dd97f87ccdd61660f7c49ce7 Finished request 1. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.0.0.9 port 39043, id=194, length=322 User-Name = "sergey" NAS-Port = 0 Called-Station-Id = "C4-A8-1D-05-12-AF:sunnet" Calling-Station-Id = "80-C5-E6-16-7F-01" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 0Mbps 802.11" EAP-Message = 0x020300aa1980000000a0160303009b01000097030359774b3b10fe48f3babfb419c9506303b0900cd8d73c4a4dc94325bdf22b4db700002ec02cc02bc030c02f009f009ec024c023c028c027c00ac009c014c013009d009c003d003c0035002f000a0005000401000040000500050100000000000a00080006001d00170018000b00020100000d001400120401050102010403050302030202060106030023000000170000ff01000100 State = 0xdc94e110dd97f87ccdd61660f7c49ce7 Message-Authenticator = 0x68fd00aaa47a5cdb004bd91a4d4babed # Executing section authorize from file /etc/raddb/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop ++[digest] = noop [suffix] No '@' in User-Name = "sergey", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 3 length 170 [eap] Continuing tunnel setup. ++[eap] = ok +} # group authorize = ok Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/default +group authenticate { [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS TLS Length 160 [peap] Length Included [peap] eaptls_verify returned 11 [peap] (other): before/accept initialization [peap] TLS_accept: before/accept initialization [peap] <<< Unknown TLS version [length 009b] [peap] TLS_accept: SSLv3 read client hello A [peap] >>> Unknown TLS version [length 0039] [peap] TLS_accept: SSLv3 write server hello A [peap] >>> Unknown TLS version [length 08d0] [peap] TLS_accept: SSLv3 write certificate A [peap] >>> Unknown TLS version [length 014d] [peap] TLS_accept: SSLv3 write key exchange A [peap] >>> Unknown TLS version [length 0004] [peap] TLS_accept: SSLv3 write server done A [peap] TLS_accept: SSLv3 flush data [peap] TLS_accept: Need to read more data: SSLv3 read client certificate A [peap] TLS_accept: Need to read more data: SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] = handled +} # group authenticate = handled Sending Access-Challenge of id 194 to 10.0.0.9 port 39043 EAP-Message = 0x0104040019c000000a6e160303003902000035030359774b08f21e4bd58fdf1667f32cdba0368741ac00903e7e63da226862936e7800c03000000dff01000100000b00040300010216030308d00b0008cc0008c90003de308203da308202c2a003020102020101300d06092a864886f70d01010b0500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966 EAP-Message = 0x696361746520417574686f72697479301e170d3137303732353132303233335a170d3137303932333132303233335a307c310b3009060355040613024652310f300d0603550408130652616469757331153013060355040a130c4578616d706c6520496e632e312330210603550403131a4578616d706c65205365727665722043657274696669636174653120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a02820101009d103afebc867e0690c285ac9fcb62229ad73af0d58ae7242b3274caadb1fc1eab95f66f11771f0a236b6b1da02ddd EAP-Message = 0x968a369cb4e0ad4cb9e4998edf78e0f0f35d2fc66ec1f7d4041b1c5f9e2ef34955bffa7ad3a9257c517a6b450cb84962a8484d497e70ef9c90c48635fbaeddcfab279e560696f6584d4924ed2db957b5c6417782e076b57da49371ed0f3d9c3a63c14c956a96d0a618fb4af8e1d5eb7bbbdbdbf9deb8ffc0680079daea15a90134c3aeddd0c022b62f01998351ba04d870120abfab131a3174ce8dd0c141eb70de084d83ba4174cf3cf12f7f922af1efca824d87789f4c90d36be58cab918ea62851a67d317c0db1e672592ccbd54e93470203010001a34f304d30130603551d25040c300a06082b0601050507030130360603551d1f042f302d302ba0 EAP-Message = 0x29a0278625687474703a2f2f7777772e6578616d706c652e636f6d2f6578616d706c655f63612e63726c300d06092a864886f70d01010b050003820101005be3ed89af0f601ec5b7f0d69a02d5dfa15c8db6e1c4e6f01a9161da27692a7b9d4c653f4f97c78810c3628aeda1d272eb33348d00904551b1242dbbca111d342fc85056b797c584fe73bd81252b70c56bc0ae05c0a7c413465181ac151855e1a893a2927f7253224ca173582dcb9b57960ac8ba4b7e302874043dc1c35b6bcbd6eba315061ef95b10656dcc537ae386903ca6bfdc9511945ee01997f6b9eaea73fef79b157ae14f9c1091f286272848b7f410ec01cacf635fa74fc9137c63 EAP-Message = 0x05bb3ad19d3b3737076123ee Message-Authenticator = 0x00000000000000000000000000000000 State = 0xdc94e110de90f87ccdd61660f7c49ce7 Finished request 2. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.0.0.9 port 39043, id=195, length=158 User-Name = "sergey" NAS-Port = 0 Called-Station-Id = "C4-A8-1D-05-12-AF:sunnet" Calling-Station-Id = "80-C5-E6-16-7F-01" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 0Mbps 802.11" EAP-Message = 0x020400061900 State = 0xdc94e110de90f87ccdd61660f7c49ce7 Message-Authenticator = 0xb6a64c6f172f51623dec5edebfc8bca0 # Executing section authorize from file /etc/raddb/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop ++[digest] = noop [suffix] No '@' in User-Name = "sergey", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 4 length 6 [eap] Continuing tunnel setup. ++[eap] = ok +} # group authorize = ok Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/default +group authenticate { [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake fragment handler [peap] eaptls_verify returned 1 [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] = handled +} # group authenticate = handled Sending Access-Challenge of id 195 to 10.0.0.9 port 39043 EAP-Message = 0x010503fc194066e3c1a837cc32747026ec2e947a987046702fa48cd678ae3a6d96127719d7a3a809b9bd003dc706e546a61d3daa93b61619de275a0004e5308204e1308203c9a003020102020900ed3b7e265fca1585300d06092a864886f70d0101050500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479301e EAP-Message = 0x170d3137303732353132303233335a170d3137303932333132303233335a308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a02820101009e46dc8c640c0508302c4c1278ea822243d1f482bce84bec45da7407239108448e1eb6f295d37e12 EAP-Message = 0x875cf0c23c59a10e225879290bd50ac8b49896baf01ffeb8010850854164404f19ee2b4bea0d0bea6946a60851d7cc8d554c71197e94b4f7118c4387ed7259c2221aa0dc23aa2666e38ae252c384ee21ef999e5bb4aac97531e3994e7f8f15b221008d08e21d6db1c4a7f4e8d2e2b4acb9656e90f1f7b1ae82d41c60e3e09fd1600a00c00ccdb67514b01121e3b3682c6d4c2c54fc10189c74a0a2c86fadcfe58db136aa566a27740f1030de0004ef426c156922369d5af74fdacd2391a424108519a79d6cd668366878966c51ea68a190880bd13ddfc4250203010001a382013430820130301d0603551d0e04160414d876e90224ce3f9ca6dfc0a5e1 EAP-Message = 0xe62290910182673081c80603551d230481c03081bd8014d876e90224ce3f9ca6dfc0a5e1e6229091018267a18199a48196308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479820900ed3b7e265fca1585300c0603551d13040530030101ff30360603551d1f042f302d302ba029a0278625687474703a2f2f777777 EAP-Message = 0x2e6578616d706c65 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xdc94e110df91f87ccdd61660f7c49ce7 Finished request 3. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.0.0.9 port 39043, id=196, length=158 User-Name = "sergey" NAS-Port = 0 Called-Station-Id = "C4-A8-1D-05-12-AF:sunnet" Calling-Station-Id = "80-C5-E6-16-7F-01" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 0Mbps 802.11" EAP-Message = 0x020500061900 State = 0xdc94e110df91f87ccdd61660f7c49ce7 Message-Authenticator = 0xacd7dd0944ed4f3233c84cfaa6b14230 # Executing section authorize from file /etc/raddb/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop ++[digest] = noop [suffix] No '@' in User-Name = "sergey", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 5 length 6 [eap] Continuing tunnel setup. ++[eap] = ok +} # group authorize = ok Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/default +group authenticate { [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake fragment handler [peap] eaptls_verify returned 1 [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] = handled +} # group authenticate = handled Sending Access-Challenge of id 196 to 10.0.0.9 port 39043 EAP-Message = 0x0106028819002e636f6d2f6578616d706c655f63612e63726c300d06092a864886f70d0101050500038201010016a489b41baaed951be0ce640028fe8519b67a930815f0d79473e31c59135e2cea0bc55779f11af28d2dea9a940a3f84e66057789dac29cccc861b3a9340b458b541335ae774f911e160e03c4cd8d6380411b1cab8abad4d52d59b9c3fd024c539cdef238a7b5984a1d5c50efc0362eb1a05e9f3da3ac7196c1743b635763983875d3ec7cf75661d48500c69cfb3eed1fbf2fce7aff5dba3c81d8a62b5dadb61f6999333e37df27979bf76372eb4a07f1ccea558c646b2e308baea72658f00a99d3409be417dc804cd7374ad17f17174 EAP-Message = 0x28416bdbc3f316b4e4b1ce4342c64aaf7219f725251c992960b6842713b303edad67f3d00253db73cfc2931dd5105449160303014d0c0001490300174104e9d6414bc28e4a597656ac71de6d1ac55a02f8dfc8a023c96ce2233d0fb6c70b369dd4bd496ff5dfe55611ca20a88a9935779cb76b06fac841468035ead2f4ef040101009c7c0cb45732a16b07f34631cae6bd9966087dd9f881011995878f7946373404f387ae2e1ebec6182233deee6390efa98441a1d13c185cd3f25ad146f475002101b4a386edaa35f4fcdb0e415474b1fa9f89b711325a9ffba5eb0fec2ff88b52e2e045257a13dcb1b7eeafb950bc1307b2e7cb7bcdab6c9c11f7df EAP-Message = 0x51e613f67d93b600f6e4fcd0d37b47d2ba6be62acd9170bdf7f8f8f05ee09acb3aef2aa6598580961cdcc2e637c8dd312764b620212b99c5b2fe4a3238cd2e9247a5b95a21aed8e9fbbf3e35039ceeda393549edb3ebac2964b50f76eea51db07c64416dd06c1e8ed09cf66cd1be02734c23d551acfe6e9a3d5111c0a96ce930c0e3dfe3ea16030300040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xdc94e110d892f87ccdd61660f7c49ce7 Finished request 4. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.0.0.9 port 39043, id=197, length=288 User-Name = "sergey" NAS-Port = 0 Called-Station-Id = "C4-A8-1D-05-12-AF:sunnet" Calling-Station-Id = "80-C5-E6-16-7F-01" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 0Mbps 802.11" EAP-Message = 0x0206008819800000007e1603030046100000424104c936b6abbd29e1a3868ce2ea3e4d920bc3f22a22b69bc3b0e5e76122e03628108103fa2cc5e305c1ad867b83a8f0d870baf23206cd9c0e6f714f19a1fd71259614030300010116030300280000000000000000133a596454b9c668c3e2065f3c1997924246bb847d1b8248d3dcf501f7edd681 State = 0xdc94e110d892f87ccdd61660f7c49ce7 Message-Authenticator = 0x5741e4c5f7343dc4891c13d246744af5 # Executing section authorize from file /etc/raddb/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop ++[digest] = noop [suffix] No '@' in User-Name = "sergey", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 6 length 136 [eap] Continuing tunnel setup. ++[eap] = ok +} # group authorize = ok Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/default +group authenticate { [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS TLS Length 126 [peap] Length Included [peap] eaptls_verify returned 11 [peap] <<< Unknown TLS version [length 0046] [peap] TLS_accept: SSLv3 read client key exchange A [peap] <<< Unknown TLS version [length 0001] [peap] <<< Unknown TLS version [length 0010] [peap] TLS_accept: SSLv3 read finished A [peap] >>> Unknown TLS version [length 0001] [peap] TLS_accept: SSLv3 write change cipher spec A [peap] >>> Unknown TLS version [length 0010] [peap] TLS_accept: SSLv3 write finished A [peap] TLS_accept: SSLv3 flush data [peap] (other): SSL negotiation finished successfully SSL Connection Established [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] = handled +} # group authenticate = handled Sending Access-Challenge of id 197 to 10.0.0.9 port 39043 EAP-Message = 0x01070039190014030300010116030300284e350557832a50da638773a7573130edabcad7cfe1fe9ce4dab0fe6008c7d0b770236d7646d332ce Message-Authenticator = 0x00000000000000000000000000000000 State = 0xdc94e110d993f87ccdd61660f7c49ce7 Finished request 5. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.0.0.9 port 39043, id=198, length=158 User-Name = "sergey" NAS-Port = 0 Called-Station-Id = "C4-A8-1D-05-12-AF:sunnet" Calling-Station-Id = "80-C5-E6-16-7F-01" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 0Mbps 802.11" EAP-Message = 0x020700061900 State = 0xdc94e110d993f87ccdd61660f7c49ce7 Message-Authenticator = 0xcbf38e9aeb926a08a74443f03d4370de # Executing section authorize from file /etc/raddb/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop ++[digest] = noop [suffix] No '@' in User-Name = "sergey", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 7 length 6 [eap] Continuing tunnel setup. ++[eap] = ok +} # group authorize = ok Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/default +group authenticate { [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake is finished [peap] eaptls_verify returned 3 [peap] eaptls_process returned 3 [peap] EAPTLS_SUCCESS [peap] Session established. Decoding tunneled attributes. [peap] Peap state TUNNEL ESTABLISHED ++[eap] = handled +} # group authenticate = handled Sending Access-Challenge of id 198 to 10.0.0.9 port 39043 EAP-Message = 0x010800281900170303001d4e350557832a50dbee01fc37e8185803b797dcfe8fafc08e54f61defc1 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xdc94e110da9cf87ccdd61660f7c49ce7 Finished request 6. Going to the next request Waking up in 3.2 seconds. rad_recv: Access-Request packet from host 10.0.0.9 port 39043, id=199, length=194 User-Name = "sergey" NAS-Port = 0 Called-Station-Id = "C4-A8-1D-05-12-AF:sunnet" Calling-Station-Id = "80-C5-E6-16-7F-01" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 0Mbps 802.11" EAP-Message = 0x0208002a1900170303001f000000000000000112e600f8eed256d0c55c18c43d1128afa6ee7484223780 State = 0xdc94e110da9cf87ccdd61660f7c49ce7 Message-Authenticator = 0xd9e471034250cd2b71e613465bb605ab # Executing section authorize from file /etc/raddb/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop ++[digest] = noop [suffix] No '@' in User-Name = "sergey", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 8 length 42 [eap] Continuing tunnel setup. ++[eap] = ok +} # group authorize = ok Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/default +group authenticate { [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Peap state WAITING FOR INNER IDENTITY [peap] Identity - sergey [peap] Got inner identity 'sergey' [peap] Setting default EAP type for tunneled EAP session. [peap] Got tunneled request EAP-Message = 0x0208000b01736572676579 server { [peap] Setting User-Name to sergey Sending tunneled request EAP-Message = 0x0208000b01736572676579 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "sergey" server inner-tunnel { # Executing section authorize from file /etc/raddb/sites-enabled/inner-tunnel +group authorize { ++[chap] = noop ++[mschap] = noop [suffix] No '@' in User-Name = "sergey", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop ++update control { ++} # update control = noop [eap] EAP packet type response id 8 length 11 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] = updated ++[files] = noop ++[expiration] = noop ++[logintime] = noop ++[pap] = noop +} # group authorize = updated Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/inner-tunnel +group authenticate { [eap] EAP Identity [eap] processing type mschapv2 rlm_eap_mschapv2: Issuing Challenge ++[eap] = handled +} # group authenticate = handled } # server inner-tunnel [peap] Got tunneled reply code 11 EAP-Message = 0x010900201a0109001b108e56a77828f7f1c7c8e392aad6998bea736572676579 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x48abb49a48a2aef167353ef9cd131a85 [peap] Got tunneled reply RADIUS code Access-Challenge EAP-Message = 0x010900201a0109001b108e56a77828f7f1c7c8e392aad6998bea736572676579 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x48abb49a48a2aef167353ef9cd131a85 [peap] Got tunneled Access-Challenge ++[eap] = handled +} # group authenticate = handled Sending Access-Challenge of id 199 to 10.0.0.9 port 39043 EAP-Message = 0x0109003f190017030300344e350557832a50dc83ebdcf8515e08f114dbff74a7136e312fb7a9f21476869fe51a9217fd2897115e39cb027f75247e04cbfb53 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xdc94e110db9df87ccdd61660f7c49ce7 Finished request 7. Going to the next request Waking up in 3.2 seconds. rad_recv: Access-Request packet from host 10.0.0.9 port 39043, id=200, length=248 User-Name = "sergey" NAS-Port = 0 Called-Station-Id = "C4-A8-1D-05-12-AF:sunnet" Calling-Station-Id = "80-C5-E6-16-7F-01" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 0Mbps 802.11" EAP-Message = 0x02090060190017030300550000000000000002ab679e70d76e5a500ab38a8c0e6ccfbb46c47c71bdfa8e7c6e0b015d75ca9d826d4a7165d02868c6483882f883d63ebbce90895aaa5999e484fd80dfc844bc618d97a6eb46b75e8f10090b5718 State = 0xdc94e110db9df87ccdd61660f7c49ce7 Message-Authenticator = 0x5c226c80df12f87c3fb2453508656306 # Executing section authorize from file /etc/raddb/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop ++[digest] = noop [suffix] No '@' in User-Name = "sergey", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 9 length 96 [eap] Continuing tunnel setup. ++[eap] = ok +} # group authorize = ok Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/default +group authenticate { [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Peap state phase2 [peap] EAP type mschapv2 [peap] Got tunneled request EAP-Message = 0x020900411a0209003c31df8fe254eefa77199a0dac62aea23e3700000000000000009846e8ebe183eda84a3fc1beb39192d9a4dfb9cf41895d6f00736572676579 server { [peap] Setting User-Name to sergey Sending tunneled request EAP-Message = 0x020900411a0209003c31df8fe254eefa77199a0dac62aea23e3700000000000000009846e8ebe183eda84a3fc1beb39192d9a4dfb9cf41895d6f00736572676579 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "sergey" State = 0x48abb49a48a2aef167353ef9cd131a85 server inner-tunnel { # Executing section authorize from file /etc/raddb/sites-enabled/inner-tunnel +group authorize { ++[chap] = noop ++[mschap] = noop [suffix] No '@' in User-Name = "sergey", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop ++update control { ++} # update control = noop [eap] EAP packet type response id 9 length 65 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] = updated ++[files] = noop ++[expiration] = noop ++[logintime] = noop ++[pap] = noop +} # group authorize = updated Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/inner-tunnel +group authenticate { [eap] Request found, released from the list [eap] EAP/mschapv2 [eap] processing type mschapv2 [mschapv2] # Executing group from file /etc/raddb/sites-enabled/inner-tunnel [mschapv2] +group MS-CHAP { [mschap] No Cleartext-Password configured. Cannot create LM-Password. [mschap] No Cleartext-Password configured. Cannot create NT-Password. [mschap] Creating challenge hash with username: sergey [mschap] Client is using MS-CHAPv2 for sergey, we need NT-Password [mschap] FAILED: No NT/LM-Password. Cannot perform authentication. [mschap] FAILED: MS-CHAP2-Response is incorrect ++[mschap] = reject +} # group MS-CHAP = reject [eap] Freeing handler ++[eap] = reject +} # group authenticate = reject Failed to authenticate the user. Using Post-Auth-Type REJECT # Executing group from file /etc/raddb/sites-enabled/inner-tunnel +group REJECT { [attr_filter.access_reject] expand: %{User-Name} -> sergey attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] = updated +} # group REJECT = updated } # server inner-tunnel [peap] Got tunneled reply code 3 MS-CHAP-Error = "\tE=691 R=1" EAP-Message = 0x04090004 Message-Authenticator = 0x00000000000000000000000000000000 [peap] Got tunneled reply RADIUS code Access-Reject MS-CHAP-Error = "\tE=691 R=1" EAP-Message = 0x04090004 Message-Authenticator = 0x00000000000000000000000000000000 [peap] Tunneled authentication was rejected. [peap] FAILURE ++[eap] = handled +} # group authenticate = handled Sending Access-Challenge of id 200 to 10.0.0.9 port 39043 EAP-Message = 0x010a002e190017030300234e350557832a50dd3df1acf4bf6e347765e347a6eefc330214922730617e3e7a8b22a0 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xdc94e110d49ef87ccdd61660f7c49ce7 Finished request 8. Going to the next request Waking up in 3.2 seconds. rad_recv: Access-Request packet from host 10.0.0.9 port 39043, id=201, length=198 User-Name = "sergey" NAS-Port = 0 Called-Station-Id = "C4-A8-1D-05-12-AF:sunnet" Calling-Station-Id = "80-C5-E6-16-7F-01" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 0Mbps 802.11" EAP-Message = 0x020a002e190017030300230000000000000003d076e29f0013dc2e17e971482034019bb3af7da8f9fcf38b39c670 State = 0xdc94e110d49ef87ccdd61660f7c49ce7 Message-Authenticator = 0x26dbd6b19372ef66f116645e43254c64 # Executing section authorize from file /etc/raddb/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop ++[digest] = noop [suffix] No '@' in User-Name = "sergey", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 10 length 46 [eap] Continuing tunnel setup. ++[eap] = ok +} # group authorize = ok Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/default +group authenticate { [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Peap state send tlv failure [peap] Received EAP-TLV response. [peap] The users session was previously rejected: returning reject (again.) [peap] *** This means you need to read the PREVIOUS messages in the debug output [peap] *** to find out the reason why the user was rejected. [peap] *** Look for "reject" or "fail". Those earlier messages will tell you. [peap] *** what went wrong, and how to fix the problem. [eap] Handler failed in EAP/peap [eap] Failed in EAP select ++[eap] = invalid +} # group authenticate = invalid Failed to authenticate the user. Using Post-Auth-Type REJECT # Executing group from file /etc/raddb/sites-enabled/default +group REJECT { [attr_filter.access_reject] expand: %{User-Name} -> sergey attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] = updated +} # group REJECT = updated Delaying reject of request 9 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 9 Sending Access-Reject of id 201 to 10.0.0.9 port 39043 EAP-Message = 0x040a0004 Message-Authenticator = 0x00000000000000000000000000000000 Waking up in 2.2 seconds. Cleaning up request 0 ID 192 with timestamp +21 Cleaning up request 1 ID 193 with timestamp +21 Cleaning up request 2 ID 194 with timestamp +21 Cleaning up request 3 ID 195 with timestamp +21 Cleaning up request 4 ID 196 with timestamp +21 Cleaning up request 5 ID 197 with timestamp +21 Waking up in 1.6 seconds. Cleaning up request 6 ID 198 with timestamp +22 Cleaning up request 7 ID 199 with timestamp +22 Cleaning up request 8 ID 200 with timestamp +22 Waking up in 1.0 seconds. Cleaning up request 9 ID 201 with timestamp +22 Ready to process requests. Оригинальные MAC и название сети изменены по понятным причинам.

Не работает. Что-то не так с Calling-Station-Id.

Подскажите, кто сталкивался. Как быстро без MySQL настроить FreeRADIUS, чтобы в файле users прописать логин, пароль и MAC. Так должно работать? user1 Cleartext-Password := "12345678", Calling-Station-Id == "FC-E9-98-AA-BB-CC" Или не всё так просто?

ShyLion, вы не понимаете о чем вам пишут.

В запускающем скрипте не было никаких предпосылок для запуска нескольких экземпляров. Одним pid-файлом не обойдёшься.