Menu

Radiusdesk ruckus authentication problem

Help
Alfonso Gonzalez Sanchez
2017-02-03
2017-02-03

  • Alfonso Gonzalez Sanchez

    Alfonso Gonzalez Sanchez - 2017-02-03

    Before anything, I want to thank you dvdwalt/petravdw for this extraordinary piece of opensource software, it is just what I was looking for these past years!!!

    I've been playing around with the software the past 4 months, I currently have it installed on a local physical machine at home for testing, I successfully compiled and flashed a Chaos Calmer version (after some many setbacks) on an Alfa Networks W502U router, also I have access to OM2P and 2 ruckus aps (ZF2942/ZF2741 models), unfortunaly I can not use the Alfa ones for my intended purpose because of the poor wifi performance, the OM2P performs pretty good, but since I only own the Alfa's and the ruckus, I've been trying to make the ruckus work with radiusdesk, I followed the tutorial from A-Z to get the ruckus on track, but there seems to be something not right somewhere in the config (not sure if radiusdesk or ruckus itself), here's what I have/did:

    • Added several Alfa routers to both APdesk and Meshdesk with no problems of reporting, meshing, config, etc
    • Created working captive portal SSIDS
    • Created working vouchers for use in captive portal
    • Tested and working vouchers in captive portal (all tests made using both Alfa and OM2P)
    • Set the ruckus northbound settings right in the Dynamic php file
    • Set the proper (I guess) hotspot config back into the ruckus ap
    • Set the proper setting of the ruckus ap (nasid, ssid) in the Dynamic login pages

    After setting the redirect to this: http://radiusip/cake2/rd_cake/dynamic_details/ruckus_browser_detect.html I connect to the ssid of the ruckus hotspot but I get redirected to a Not a hotspot, Connect through a hotspot please page, I have to say that under Dynamic Radius Clients I can see the ruckus being detected, I then tried changing the redirect on the ruckus to this: http://radiusip/cake2/rd_cake/dynamic_details/chilli_browser_detect.html and magically I get the right Dynamic page, but after typing a known valid voucher code into the fields and click the login button all I get is this Authentication failure please try again, I decided then to run freeradius in debug mode to record both successful activation using the Alfa/OM2P and the Ruckus.

    ***FREERADIUS ALFA ACTIVATION

    (0) server dynamic_clients {
    (0) # Executing section authorize from file /etc/freeradius/sites-enabled/dynamic-clients
    (0) authorize {
    (0) if ("%{sql: SELECT nasname FROM nas WHERE nasname = '%{Packet-Src-IP-Address}'}") {
    (0) EXPAND %{User-Name}
    (0) -->
    (0) SQL-User-Name set to ''
    rlm_sql (sql): Reserved connection (1)
    (0) Executing select query: SELECT nasname FROM nas WHERE nasname = '201.167.123.244'
    (0) SQL query returned no results
    rlm_sql (sql): Released connection (1)
    rlm_sql (sql): Need 4 more connections to reach 10 spares
    rlm_sql (sql): Opening additional connection (6), 1 of 26 pending slots used
    rlm_sql_mysql: Starting connect to MySQL server
    rlm_sql_mysql: Connected to database 'rd' on Localhost via UNIX socket, server version 5.7.17-0ubuntu0.16.04.1, protocol version 10
    (0) EXPAND %{sql: SELECT nasname FROM nas WHERE nasname = '%{Packet-Src-IP-Address}'}
    (0) -->
    (0) if ("%{sql: SELECT nasname FROM nas WHERE nasname = '%{Packet-Src-IP-Address}'}") -> FALSE
    (0) else {
    (0) update control {
    (0) EXPAND %{Packet-Src-IP-Address}
    (0) --> 201.167.123.244
    (0) FreeRADIUS-Client-IP-Address = 201.167.123.244
    (0) FreeRADIUS-Client-Require-MA = no
    (0) FreeRADIUS-Client-Secret = "testing123"
    (0) EXPAND %{Packet-Src-IP-Address}
    (0) --> 201.167.123.244
    (0) FreeRADIUS-Client-Shortname = 201.167.123.244
    (0) FreeRADIUS-Client-NAS-Type = "other"
    (0) FreeRADIUS-Client-Virtual-Server = "radiusdesk-plain"
    (0) } # update control = noop
    (0) } # else = noop
    (0) [ok]     = ok
    (0) } # authorize = ok
    (0) } # server dynamic_clients
    (0) Converting control list to client fields
    (0) ipv4addr = 201.167.123.244
    (0) require_message_authenticator = no
    (0) secret = testing123
    (0) shortname = 201.167.123.244
    (0) nas_type = other
    (0) virtual_server = radiusdesk-plain
    Adding client 201.167.123.244/32 with shared secret "testing123"
    (0) Received Access-Request Id 30 from 201.167.123.244:52392 to 192.168.100.238:1812 length 302
    (0) ChilliSpot-Version = "1.3.1-svn"
    (0) User-Name = "yawningghost"
    (0) User-Password = "yawningghost"
    (0) Service-Type = Login-User
    (0) Acct-Session-Id = "5894b6bb00000002"
    (0) Framed-IP-Address = 10.1.0.4
    (0) NAS-Port-Type = Wireless-802.11
    (0) NAS-Port = 2
    (0) NAS-Port-Id = "00000002"
    (0) Calling-Station-Id = "E8-39-DF-9F-A9-71"
    (0) Called-Station-Id = "00-C0-CA-49-A5-C7"
    (0) NAS-IP-Address = 10.1.0.1
    (0) NAS-Identifier = "Margot_Alfa6_cp_49"
    (0) WISPr-Location-ID = "isocc=,cc=,ac=,network=MESHdesk,"
    (0) WISPr-Location-Name = "MESHdesk_hotspot"
    (0) WISPr-Logoff-URL = "http://10.1.0.1:3990/logoff"
    (0) Message-Authenticator = 0x975962370af3489eaeb321762a21c3eb
    (0) # Executing section authorize from file /etc/freeradius/sites-enabled/radiusdesk-plain
    (0) authorize {
    (0) policy RADIUSdesk_filter_username {
    (0) if (&User-Name) {
    (0) if (&User-Name) -> TRUE
    (0) if (&User-Name) {
    (0) if (&User-Name =~ / /) {
    (0) if (&User-Name =~ / /) -> FALSE
    (0) } # if (&User-Name) = notfound
    (0) } # policy RADIUSdesk_filter_username = notfound
    (0) [preprocess]     = ok
    (0) policy RADIUSdesk_rewrite_calling_station_id {
    (0) if (&request:Calling-Station-Id){
    (0) if (&request:Calling-Station-Id) -> TRUE
    (0) if (&request:Calling-Station-Id) {
    (0) if (&request:Calling-Station-Id =~ /([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})/i){
    (0) if (&request:Calling-Station-Id =~ /([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})/i) -> TRUE
    (0) if (&request:Calling-Station-Id =~ /([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})/i) {
    (0) update request {
    (0) EXPAND %{1}-%{2}-%{3}-%{4}-%{5}-%{6}
    (0) --> E8-39-DF-9F-A9-71
    (0) Calling-Station-Id := E8-39-DF-9F-A9-71
    (0) } # update request = noop
    (0) } # if (&request:Calling-Station-Id =~ /([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})/i) = noop
    (0) ... skipping else: Preceding "if" was taken
    (0) } # if (&request:Calling-Station-Id) = noop
    (0) ... skipping else: Preceding "if" was taken
    (0) } # policy RADIUSdesk_rewrite_calling_station_id = noop
    (0) policy RADIUSdesk_find_dynamic_client {
    (0) update control {
    (0) Rd-Dynamic-Client := 0
    (0) Rd-Unknown-Added := 0
    (0) Rd-Client-Updated := 0
    (0) } # update control = noop
    (0) if (&request:NAS-Identifier){
    (0) if (&request:NAS-Identifier) -> TRUE
    (0) if (&request:NAS-Identifier) {
    (0) update control {
    (0) EXPAND %{User-Name}
    (0) --> yawningghost
    (0) SQL-User-Name set to 'yawningghost'
    rlm_sql (sql): Reserved connection (2)
    (0) Executing select query: SELECT IFNULL((SELECT dynamic_clients.active FROM dynamic_clients WHERE nasidentifier='Margot_Alfa6_cp_49'),2)
    rlm_sql (sql): Released connection (2)
    (0) EXPAND %{sql:SELECT IFNULL((SELECT dynamic_clients.active FROM dynamic_clients WHERE nasidentifier='%{request:NAS-Identifier}'),2)}
    (0) --> 1
    (0) Rd-Client-Active := 1
    (0) } # update control = noop
    (0) if ((&control:Rd-Client-Active == 0)||(&control:Rd-Client-Active == 1)){
    (0) if ((&control:Rd-Client-Active == 0)||(&control:Rd-Client-Active == 1)) -> TRUE
    (0) if ((&control:Rd-Client-Active == 0)||(&control:Rd-Client-Active == 1)) {
    (0) EXPAND %{User-Name}
    (0) --> yawningghost
    (0) SQL-User-Name set to 'yawningghost'
    rlm_sql (sql): Reserved connection (3)
    (0) Executing query: UPDATE dynamic_clients SET last_contact_ip='201.167.123.244', last_contact=now() WHERE nasidentifier='Margot_Alfa6_cp_49'
    rlm_sql_mysql: Rows matched: 1 Changed: 1 Warnings: 0
    rlm_sql (sql): Released connection (3)
    (0) EXPAND %{sql:UPDATE dynamic_clients SET last_contact_ip='%{request:Packet-Src-IP-Address}', last_contact=now() WHERE nasidentifier='%{request:NAS-Identifier}' }
    (0) --> 1
    (0) update control {
    (0) Rd-Client-Updated := 1
    (0) } # update control = noop
    (0) if (&control:Rd-Client-Active == 1){
    (0) if (&control:Rd-Client-Active == 1) -> TRUE
    (0) if (&control:Rd-Client-Active == 1) {
    (0) update control {
    (0) Rd-Dynamic-Client := 1
    (0) } # update control = noop
    (0) } # if (&control:Rd-Client-Active == 1) = noop
    (0) ... skipping else: Preceding "if" was taken
    (0) } # if ((&control:Rd-Client-Active == 0)||(&control:Rd-Client-Active == 1)) = noop
    (0) if (&control:Rd-Client-Active == 2){
    (0) if (&control:Rd-Client-Active == 2) -> FALSE
    (0) } # if (&request:NAS-Identifier) = noop
    (0) if ((&control:Rd-Client-Active == 2)&&(&request:Called-Station-Id)){
    (0) if ((&control:Rd-Client-Active == 2)&&(&request:Called-Station-Id)) -> FALSE
    (0) if (&control:Rd-Dynamic-Client == 0){
    (0) if (&control:Rd-Dynamic-Client == 0) -> FALSE
    (0) } # policy RADIUSdesk_find_dynamic_client = noop
    (0) [chap] = noop
    (0) [mschap] = noop
    (0) [digest] = noop
    (0) suffix: Checking for suffix after "@"
    (0) suffix: No '@' in User-Name = "yawningghost", looking up realm NULL
    (0) suffix: No such realm "NULL"
    (0) [suffix] = noop
    (0) eap: No EAP-Message, not doing EAP
    (0) [eap] = noop
    (0) if (!EAP-Message) {
    (0) if (!EAP-Message) -> TRUE
    (0) if (!EAP-Message) {
    (0) policy RADIUSdesk_main {
    (0) if (&request:User-Name =~ /^([0-9a-f]{2})[-:]+([0-9a-f]{2})[-:]+([0-9a-f]{2})[-:]+([0-9a-f]{2})[-:]+([0-9a-f]{2})[-:]+([0-9a-f]{2})$/i){
    (0) if (&request:User-Name =~ /^([0-9a-f]{2})[-:]+([0-9a-f]{2})[-:]+([0-9a-f]{2})[-:]+([0-9a-f]{2})[-:]+([0-9a-f]{2})[-:]+([0-9a-f]{2})$/i) -> FALSE
    (0) if ("%{sql:SELECT count(username) FROM radcheck WHERE radcheck.username='%{request:User-Name}'}" == 0){
    (0) EXPAND %{User-Name}
    (0) --> yawningghost
    (0) SQL-User-Name set to 'yawningghost'
    rlm_sql (sql): Reserved connection (4)
    (0) Executing select query: SELECT count(username) FROM radcheck WHERE radcheck.username='yawningghost'
    rlm_sql (sql): Released connection (4)
    (0) EXPAND %{sql:SELECT count(username) FROM radcheck WHERE radcheck.username='%{request:User-Name}'}
    (0) --> 5
    (0) if ("%{sql:SELECT count(username) FROM radcheck WHERE radcheck.username='%{request:User-Name}'}" == 0) -> FALSE
    (0) if (&request:Calling-Station-Id){
    (0) if (&request:Calling-Station-Id) -> TRUE
    (0) if (&request:Calling-Station-Id) {
    (0) if ("%{sql:SELECT count(username) FROM radcheck WHERE radcheck.username='%{request:Calling-Station-Id}'}" != 0){
    (0) EXPAND %{User-Name}
    (0) --> yawningghost
    (0) SQL-User-Name set to 'yawningghost'
    rlm_sql (sql): Reserved connection (0)
    (0) Executing select query: SELECT count(username) FROM radcheck WHERE radcheck.username='E8-39-DF-9F-A9-71'
    rlm_sql (sql): Released connection (0)
    (0) EXPAND %{sql:SELECT count(username) FROM radcheck WHERE radcheck.username='%{request:Calling-Station-Id}'}
    (0) --> 0
    (0) if ("%{sql:SELECT count(username) FROM radcheck WHERE radcheck.username='%{request:Calling-Station-Id}'}" != 0) -> FALSE
    (0) elsif ("%{sql:SELECT count(radcheck.username) FROM radcheck WHERE radcheck.username='%{request:User-Name}' and attribute='Rd-Mac-Check' and value=1}" != 0){
    (0) EXPAND %{User-Name}
    (0) --> yawningghost
    (0) SQL-User-Name set to 'yawningghost'
    rlm_sql (sql): Reserved connection (5)
    (0) Executing select query: SELECT count(radcheck.username) FROM radcheck WHERE radcheck.username='yawningghost' and attribute='Rd-Mac-Check' and value=1
    rlm_sql (sql): Released connection (5)
    (0) EXPAND %{sql:SELECT count(radcheck.username) FROM radcheck WHERE radcheck.username='%{request:User-Name}' and attribute='Rd-Mac-Check' and value=1}
    (0) --> 0
    (0) elsif ("%{sql:SELECT count(radcheck.username) FROM radcheck WHERE radcheck.username='%{request:User-Name}' and attribute='Rd-Mac-Check' and value=1}" != 0) -> FALSE
    (0) } # if (&request:Calling-Station-Id) = ok
    (0) update control {
    (0) EXPAND %{User-Name}
    (0) --> yawningghost
    (0) SQL-User-Name set to 'yawningghost'
    rlm_sql (sql): Reserved connection (1)
    (0) Executing select query: SELECT IFNULL((SELECT value FROM radcheck WHERE radcheck.username='yawningghost' and attribute='Rd-Device-Owner'),'rd_not_found')
    rlm_sql (sql): Released connection (1)
    (0) EXPAND %{sql:SELECT IFNULL((SELECT value FROM radcheck WHERE radcheck.username='%{request:User-Name}' and attribute='Rd-Device-Owner'),'rd_not_found')}
    (0) --> rd_not_found
    (0) Rd-Tmp-Owner := rd_not_found
    (0) } # update control = noop
    (0) if (&control:Rd-Tmp-Owner != 'rd_not_found'){
    (0) if (&control:Rd-Tmp-Owner != 'rd_not_found') -> FALSE
    (0) else {
    (0) policy RADIUSdesk_user_check {
    (0) sql: EXPAND %{User-Name}
    (0) sql: --> yawningghost
    (0) sql: SQL-User-Name set to 'yawningghost'
    rlm_sql (sql): Reserved connection (6)
    (0) sql: EXPAND SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id
    (0) sql: --> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'yawningghost' ORDER BY id
    (0) sql: Executing select query: SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'yawningghost' ORDER BY id
    (0) sql: User found in radcheck table
    (0) sql: Conditional check items matched, merging assignment check items
    (0) sql: Cleartext-Password := "yawningghost"
    (0) sql: Rd-User-Type := "voucher"
    (0) sql: Rd-Realm := "Office_AP"
    (0) sql: User-Profile := "Test1"
    (0) sql: Rd-Voucher := "0-00-30-00"
    (0) sql: EXPAND SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id
    (0) sql: --> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'yawningghost' ORDER BY id
    (0) sql: Executing select query: SELECT id, username, attribute, value, op FROM radreply WHERE username = 'yawningghost' ORDER BY id
    (0) sql: EXPAND SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority
    (0) sql: --> SELECT groupname FROM radusergroup WHERE username = 'yawningghost' ORDER BY priority
    (0) sql: Executing select query: SELECT groupname FROM radusergroup WHERE username = 'yawningghost' ORDER BY priority
    (0) sql: User not found in any groups
    (0) sql: Checking profile Test1
    (0) sql: EXPAND Test1
    (0) sql: --> Test1
    (0) sql: SQL-User-Name set to 'Test1'
    (0) sql: EXPAND SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority
    (0) sql: --> SELECT groupname FROM radusergroup WHERE username = 'Test1' ORDER BY priority
    (0) sql: Executing select query: SELECT groupname FROM radusergroup WHERE username = 'Test1' ORDER BY priority
    (0) sql: User found in the group table
    (0) sql: EXPAND SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{SQL-Group}' ORDER BY id
    (0) sql: --> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'BW-512Kbs' ORDER BY id
    (0) sql: Executing select query: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'BW-512Kbs' ORDER BY id
    (0) sql: Group "BW-512Kbs": Conditional check items matched
    (0) sql: Group "BW-512Kbs": Merging assignment check items
    (0) sql: Simultaneous-Use := 1
    (0) sql: Idle-Timeout := 60
    (0) sql: Rd-Mac-Counter-Time := 1
    (0) sql: EXPAND SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{SQL-Group}' ORDER BY id
    (0) sql: --> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'BW-512Kbs' ORDER BY id
    (0) sql: Executing select query: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'BW-512Kbs' ORDER BY id
    (0) sql: Group "BW-512Kbs": Merging reply items
    (0) sql: Fall-Through := Yes
    (0) sql: WISPr-Bandwidth-Max-Up := 512000
    (0) sql: WISPr-Bandwidth-Max-Down := 512000
    rlm_sql (sql): Released connection (6)
    (0) [sql] = ok
    (0) if (ok){
    (0) if (ok) -> TRUE
    (0) if (ok) {
    (0) if ((&control:Rd-Account-Disabled)&&(&control:Rd-Account-Disabled == 1)){
    (0) if ((&control:Rd-Account-Disabled)&&(&control:Rd-Account-Disabled == 1)) -> FALSE
    (0) if (&control:Rd-Account-Activation-Time){
    (0) if (&control:Rd-Account-Activation-Time) -> FALSE
    (0) if (&control:Rd-Realm){
    (0) if (&control:Rd-Realm) -> TRUE
    (0) if (&control:Rd-Realm) {
    (0) update request {
    (0) EXPAND %{control:Rd-Realm}
    (0) --> Office_AP
    (0) Realm := Office_AP
    (0) } # update request = noop
    (0) } # if (&control:Rd-Realm) = noop
    (0) if ((&control:Rd-Auth-Type)&&(&control:Rd-Auth-Type != 'sql')){
    (0) if ((&control:Rd-Auth-Type)&&(&control:Rd-Auth-Type != 'sql')) -> FALSE
    (0) policy RADIUSdesk_data_counter {
    (0) if ((&control:Rd-Total-Data)&&(&control:Rd-Reset-Type-Data)&&(&control:Rd-Cap-Type-Data == 'hard')){
    (0) if ((&control:Rd-Total-Data)&&(&control:Rd-Reset-Type-Data)&&(&control:Rd-Cap-Type-Data == 'hard')) -> FALSE
    (0) } # policy RADIUSdesk_data_counter = noop
    (0) policy RADIUSdesk_time_counter {
    (0) if ((&control:Rd-Total-Time)&&(&control:Rd-Reset-Type-Time)&&(&control:Rd-Cap-Type-Time == 'hard')){
    (0) if ((&control:Rd-Total-Time)&&(&control:Rd-Reset-Type-Time)&&(&control:Rd-Cap-Type-Time == 'hard')) -> FALSE
    (0) } # policy RADIUSdesk_time_counter = noop
    (0) policy RADIUSdesk_voucher_check {
    (0) if (&control:Rd-Voucher){
    (0) if (&control:Rd-Voucher) -> TRUE
    (0) if (&control:Rd-Voucher) {
    (0) if (&control:Rd-Voucher =~ /([0-9]{1,3})[-]?([0-9]{2})[-]?([0-9]{2})[-]?([0-9]{2})/i){
    (0) if (&control:Rd-Voucher =~ /([0-9]{1,3})[-]?([0-9]{2})[-]?([0-9]{2})[-]?([0-9]{2})/i) -> TRUE
    (0) if (&control:Rd-Voucher =~ /([0-9]{1,3})[-]?([0-9]{2})[-]?([0-9]{2})[-]?([0-9]{2})/i) {
    (0) update control {
    (0) EXPAND %{expr: (%{1} * 86400)+(%{2} * 3600) + (%{3} 60) +(%{4})}
    (0) --> 1800
    (0) Rd-Voucher-Time-Available := 1800
    (0) } # update control = noop
    (0) if ("%{sql:SELECT count(username) FROM radacct WHERE radacct.username='%{request:User-Name}'}" > 0){
    (0) EXPAND %{User-Name}
    (0) --> yawningghost
    (0) SQL-User-Name set to 'yawningghost'
    rlm_sql (sql): Reserved connection (2)
    (0) Executing select query: SELECT count(username) FROM radacct WHERE radacct.username='yawningghost'
    rlm_sql (sql): Released connection (2)
    (0) EXPAND %{sql:SELECT count(username) FROM radacct WHERE radacct.username='%{request:User-Name}'}
    (0) --> 1
    (0) if ("%{sql:SELECT count(username) FROM radacct WHERE radacct.username='%{request:User-Name}'}" > 0) -> TRUE
    (0) if ("%{sql:SELECT count(username) FROM radacct WHERE radacct.username='%{request:User-Name}'}" > 0) {
    (0) update control {
    (0) EXPAND %{User-Name}
    (0) --> yawningghost
    (0) SQL-User-Name set to 'yawningghost'
    rlm_sql (sql): Reserved connection (3)
    (0) Executing select query: SELECT UNIX_TIMESTAMP(now()) - UNIX_TIMESTAMP(acctstarttime) FROM radacct WHERE username='yawningghost' ORDER by acctstarttime ASC LIMIT 1
    rlm_sql (sql): Released connection (3)
    (0) EXPAND %{sql:SELECT UNIX_TIMESTAMP(now()) - UNIX_TIMESTAMP(acctstarttime) FROM radacct WHERE username='%{request:User-Name}' ORDER by acctstarttime ASC LIMIT 1}
    (0) --> 1567
    (0) Rd-Voucher-Time-Expired := 1567
    (0) } # update control = noop
    (0) if (&control:Rd-Voucher-Time-Expired <= &control:Rd-Voucher-Time-Available){
    (0) if (&control:Rd-Voucher-Time-Expired <= &control:Rd-Voucher-Time-Available) -> TRUE
    (0) if (&control:Rd-Voucher-Time-Expired <= &control:Rd-Voucher-Time-Available) {
    (0) update control {
    (0) EXPAND %{expr: %{control:Rd-Voucher-Time-Available} - %{control:Rd-Voucher-Time-Expired}}
    (0) --> 233
    (0) Rd-Voucher-Timeout := 233
    (0) } # update control = noop
    (0) } # if (&control:Rd-Voucher-Time-Expired <= &control:Rd-Voucher-Time-Available) = noop
    (0) ... skipping else: Preceding "if" was taken
    (0) } # if ("%{sql:SELECT count(username) FROM radacct WHERE radacct.username='%{request:User-Name}'}" > 0) = noop
    (0) ... skipping else: Preceding "if" was taken
    (0) } # if (&control:Rd-Voucher =~ /([0-9]{1,3})[-]?([0-9]{2})[-]?([0-9]{2})[-]?([0-9]{2})/i) = noop
    (0) } # if (&control:Rd-Voucher) = noop
    (0) } # policy RADIUSdesk_voucher_check = noop
    (0) if (&control:Rd-Dynamic-Client){
    (0) if (&control:Rd-Dynamic-Client) -> TRUE
    (0) if (&control:Rd-Dynamic-Client) {
    (0) if (&control:Rd-Dynamic-Client == 1){
    (0) if (&control:Rd-Dynamic-Client == 1) -> TRUE
    (0) if (&control:Rd-Dynamic-Client == 1) {
    (0) policy RADIUSdesk_realm_dynamic_client_check {
    (0) if (&request:NAS-Identifier){
    (0) if (&request:NAS-Identifier) -> TRUE
    (0) if (&request:NAS-Identifier) {
    (0) if ("%{sql:SELECT COUNT(dynamic_client_realms.id) AS count FROM dynamic_clients LEFT JOIN dynamic_client_realms ON dynamic_clients.id=dynamic_client_realms.dynamic_client_id WHERE dynamic_clients.nasidentifier='%{request:NAS-Identifier}'}" > 0){
    (0) EXPAND %{User-Name}
    (0) --> yawningghost
    (0) SQL-User-Name set to 'yawningghost'
    rlm_sql (sql): Reserved connection (4)
    (0) Executing select query: SELECT COUNT(dynamic_client_realms.id) AS count FROM dynamic_clients LEFT JOIN dynamic_client_realms ON dynamic_clients.id=dynamic_client_realms.dynamic_client_id WHERE dynamic_clients.nasidentifier='Margot_Alfa6_cp_49'
    rlm_sql (sql): Released connection (4)
    (0) EXPAND %{sql:SELECT COUNT(dynamic_client_realms.id) AS count FROM dynamic_clients LEFT JOIN dynamic_client_realms ON dynamic_clients.id=dynamic_client_realms.dynamic_client_id WHERE dynamic_clients.nasidentifier='%{request:NAS-Identifier}'}
    (0) --> 1
    (0) if ("%{sql:SELECT COUNT(dynamic_client_realms.id) AS count FROM dynamic_clients LEFT JOIN dynamic_client_realms ON dynamic_clients.id=dynamic_client_realms.dynamic_client_id WHERE dynamic_clients.nasidentifier='%{request:NAS-Identifier}'}" > 0) -> TRUE
    (0) if ("%{sql:SELECT COUNT(dynamic_client_realms.id) AS count FROM dynamic_clients LEFT JOIN dynamic_client_realms ON dynamic_clients.id=dynamic_client_realms.dynamic_client_id WHERE dynamic_clients.nasidentifier='%{request:NAS-Identifier}'}" > 0) {
    (0) if (&control:Rd-Realm){
    (0) if (&control:Rd-Realm) -> TRUE
    (0) if (&control:Rd-Realm) {
    (0) if ("%{sql:SELECT COUNT(dynamic_clients.name) AS count FROM dynamic_clients LEFT JOIN dynamic_client_realms ON dynamic_clients.id=dynamic_client_realms.dynamic_client_id LEFT JOIN realms ON realms.id=dynamic_client_realms.realm_id WHERE dynamic_clients.nasidentifier='%{request:NAS-Identifier}' AND realms.name='%{control:Rd-Realm}'}" == 0){
    (0) EXPAND %{User-Name}
    (0) --> yawningghost
    (0) SQL-User-Name set to 'yawningghost'
    rlm_sql (sql): Reserved connection (0)
    (0) Executing select query: SELECT COUNT(dynamic_clients.name) AS count FROM dynamic_clients LEFT JOIN dynamic_client_realms ON dynamic_clients.id=dynamic_client_realms.dynamic_client_id LEFT JOIN realms ON realms.id=dynamic_client_realms.realm_id WHERE dynamic_clients.nasidentifier='Margot_Alfa6_cp_49' AND realms.name='Office_AP'
    rlm_sql (sql): Released connection (0)
    (0) EXPAND %{sql:SELECT COUNT(dynamic_clients.name) AS count FROM dynamic_clients LEFT JOIN dynamic_client_realms ON dynamic_clients.id=dynamic_client_realms.dynamic_client_id LEFT JOIN realms ON realms.id=dynamic_client_realms.realm_id WHERE dynamic_clients.nasidentifier='%{request:NAS-Identifier}' AND realms.name='%{control:Rd-Realm}'}
    (0) --> 1
    (0) if ("%{sql:SELECT COUNT(dynamic_clients.name) AS count FROM dynamic_clients LEFT JOIN dynamic_client_realms ON dynamic_clients.id=dynamic_client_realms.dynamic_client_id LEFT JOIN realms ON realms.id=dynamic_client_realms.realm_id WHERE dynamic_clients.nasidentifier='%{request:NAS-Identifier}' AND realms.name='%{control:Rd-Realm}'}" == 0) -> FALSE
    (0) } # if (&control:Rd-Realm) = noop
    (0) } # if ("%{sql:SELECT COUNT(dynamic_client_realms.id) AS count FROM dynamic_clients LEFT JOIN dynamic_client_realms ON dynamic_clients.id=dynamic_client_realms.dynamic_client_id WHERE dynamic_clients.nasidentifier='%{request:NAS-Identifier}'}" > 0) = noop
    (0) } # if (&request:NAS-Identifier) = noop
    (0) } # policy RADIUSdesk_realm_dynamic_client_check = noop
    (0) } # if (&control:Rd-Dynamic-Client == 1) = noop
    (0) ... skipping else: Preceding "if" was taken
    (0) } # if (&control:Rd-Dynamic-Client) = noop
    (0) policy RADIUSdesk_user_ssid_check {
    (0) if (&control:Rd-Ssid-Check){
    (0) if (&control:Rd-Ssid-Check) -> FALSE
    (0) } # policy RADIUSdesk_user_ssid_check = noop
    (0) } # if (ok) = noop
    (0) } # policy RADIUSdesk_user_check = ok
    (0) } # else = ok
    (0) } # policy RADIUSdesk_main = ok
    (0) } # if (!EAP-Message) = ok
    (0) ... skipping else: Preceding "if" was taken
    (0) [files] = noop
    (0) [expiration] = noop
    (0) [logintime] = noop
    (0) policy RADIUSdesk_session_timeout {
    (0) if (&reply:Session-Timeout){
    (0) if (&reply:Session-Timeout) -> FALSE
    (0) else {
    (0) if ((&control:Rd-Avail-Time)&&(&control:Rd-Voucher-Timeout)){
    (0) if ((&control:Rd-Avail-Time)&&(&control:Rd-Voucher-Timeout)) -> FALSE
    (0) elsif (&control:Rd-Avail-Time){
    (0) elsif (&control:Rd-Avail-Time) -> FALSE
    (0) elsif (&control:Rd-Voucher-Timeout){
    (0) elsif (&control:Rd-Voucher-Timeout) -> TRUE
    (0) elsif (&control:Rd-Voucher-Timeout) {
    (0) update reply {
    (0) EXPAND %{control:Rd-Voucher-Timeout}
    (0) --> 233
    (0) Session-Timeout := 233
    (0) } # update reply = noop
    (0) } # elsif (&control:Rd-Voucher-Timeout) = noop
    (0) } # else = noop
    (0) } # policy RADIUSdesk_session_timeout = noop
    (0) if ((&control:Rd-User-Type =='device')&&(!&control:Auth-Type)){
    (0) if ((&control:Rd-User-Type =='device')&&(!&control:Auth-Type)) -> FALSE
    (0) if ((&control:Rd-User-Type =='voucher-device')&&(!&control:Auth-Type)){
    (0) if ((&control:Rd-User-Type =='voucher-device')&&(!&control:Auth-Type)) -> FALSE
    (0) [pap] = updated
    (0) } # authorize = updated
    (0) Found Auth-Type = PAP
    (0) # Executing group from file /etc/freeradius/sites-enabled/radiusdesk-plain
    (0) Auth-Type PAP {
    (0) pap: Login attempt with password
    (0) pap: Comparing with "known good" Cleartext-Password
    (0) pap: User authenticated successfully
    (0) [pap] = ok
    (0) } # Auth-Type PAP = ok
    (0) # Executing section session from file /etc/freeradius/sites-enabled/radiusdesk-plain
    (0) session {
    (0) sql: EXPAND %{User-Name}
    (0) sql: --> yawningghost
    (0) sql: SQL-User-Name set to 'yawningghost'
    (0) sql: EXPAND SELECT COUNT(    ) FROM radacct WHERE username = '%{SQL-User-Name}' AND acctstoptime IS NULL
    (0) sql: --> SELECT COUNT() FROM radacct WHERE username = 'yawningghost' AND acctstoptime IS NULL
    rlm_sql (sql): Reserved connection (5)
    (0) sql: Executing select query: SELECT COUNT(    ) FROM radacct WHERE username = 'yawningghost' AND acctstoptime IS NULL
    rlm_sql (sql): Released connection (5)
    (0) [sql] = ok
    (0) } # session = ok
    (0) # Executing section post-auth from file /etc/freeradius/sites-enabled/radiusdesk-plain
    (0) post-auth {
    (0) policy RADIUSdesk_last_accept {
    (0) EXPAND %{User-Name}
    (0) --> yawningghost
    (0) SQL-User-Name set to 'yawningghost'
    rlm_sql (sql): Reserved connection (1)
    (0) Executing query: UPDATE permanent_users SET last_accept_time=now(),last_accept_nas='10.1.0.1' where username='yawningghost'
    rlm_sql_mysql: Rows matched: 0 Changed: 0 Warnings: 0
    (0) SQL query affected no rows
    rlm_sql (sql): Released connection (1)
    (0) EXPAND %{sql:UPDATE permanent_users SET last_accept_time=now(),last_accept_nas='%{NAS-IP-Address}' where username='%{User-Name}'}
    (0) -->
    (0) EXPAND %{User-Name}
    (0) --> yawningghost
    (0) SQL-User-Name set to 'yawningghost'
    rlm_sql (sql): Reserved connection (6)
    (0) Executing query: UPDATE devices SET last_accept_time=now(),last_accept_nas='10.1.0.1' where name='E8-39-DF-9F-A9-71'
    rlm_sql_mysql: Rows matched: 0 Changed: 0 Warnings: 0
    (0) SQL query affected no rows
    rlm_sql (sql): Released connection (6)
    (0) EXPAND %{sql:UPDATE devices SET last_accept_time=now(),last_accept_nas='%{NAS-IP-Address}' where name='%{Calling-Station-Id}'}
    (0) -->
    (0) EXPAND %{User-Name}
    (0) --> yawningghost
    (0) SQL-User-Name set to 'yawningghost'
    rlm_sql (sql): Reserved connection (2)
    (0) Executing query: UPDATE vouchers SET last_accept_time=now(),last_accept_nas='10.1.0.1' where name='yawningghost'
    rlm_sql_mysql: Rows matched: 1 Changed: 1 Warnings: 0
    rlm_sql (sql): Released connection (2)
    (0) EXPAND %{sql:UPDATE vouchers SET last_accept_time=now(),last_accept_nas='%{NAS-IP-Address}' where name='%{User-Name}'}
    (0) --> 1
    (0) } # policy RADIUSdesk_last_accept = noop
    (0) policy RADIUSdesk_post_auth {
    (0) if (EAP-Message){
    (0) if (EAP-Message) -> FALSE
    (0) if ((!&control:Rd-Not-Track-Auth)||(&control:Rd-Not-Track-Auth != 1)){
    (0) if ((!&control:Rd-Not-Track-Auth)||(&control:Rd-Not-Track-Auth != 1)) -> TRUE
    (0) if ((!&control:Rd-Not-Track-Auth)||(&control:Rd-Not-Track-Auth != 1)) {
    (0) sql: EXPAND .query
    (0) sql: --> .query
    (0) sql: Using query template 'query'
    rlm_sql (sql): Reserved connection (3)
    (0) sql: EXPAND %{User-Name}
    (0) sql: --> yawningghost
    (0) sql: SQL-User-Name set to 'yawningghost'
    (0) sql: EXPAND INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{SQL-User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S')
    (0) sql: --> INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'yawningghost', 'yawningghost', 'Access-Accept', '2017-02-03 10:59:14')
    (0) sql: Executing query: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'yawningghost', 'yawningghost', 'Access-Accept', '2017-02-03 10:59:14')
    (0) sql: SQL query returned: success
    (0) sql: 1 record(s) updated
    rlm_sql (sql): Released connection (3)
    (0) [sql] = ok
    (0) } # if ((!&control:Rd-Not-Track-Auth)||(&control:Rd-Not-Track-Auth != 1)) = ok
    (0) } # policy RADIUSdesk_post_auth = ok
    (0) policy RADIUSdesk_auto_devices_check {
    (0) if ((&request:User-Name)&&(&request:Calling-Station-Id)){
    (0) if ((&request:User-Name)&&(&request:Calling-Station-Id)) -> TRUE
    (0) if ((&request:User-Name)&&(&request:Calling-Station-Id)) {
    (0) if ((&control:Rd-Auto-Mac)&&(&control:Rd-Auto-Mac == 1)){
    (0) if ((&control:Rd-Auto-Mac)&&(&control:Rd-Auto-Mac == 1)) -> FALSE
    (0) } # if ((&request:User-Name)&&(&request:Calling-Station-Id)) = ok
    (0) } # policy RADIUSdesk_auto_devices_check = ok
    (0) } # post-auth = ok
    (0) Sent Access-Accept Id 30 from 192.168.100.238:1812 to 201.167.123.244:52392 length 0
    (0) WISPr-Bandwidth-Max-Up = 512000
    (0) WISPr-Bandwidth-Max-Down = 512000
    (0) Session-Timeout := 233
    (0) Finished request
    Waking up in 4.9 seconds.

    ***FREERADIUS RUCKUS ACTIVATION

    (6) Received Access-Request Id 82 from 201.167.123.244:32768 to 192.168.100.238:1812 length 190
    (6) User-Name = "yawningghost"
    (6) User-Password = "182274cc98d6e8a3"
    (6) NAS-IP-Address = 10.1.0.1
    (6) Service-Type = Login-User
    (6) Framed-IP-Address = 192.168.100.45
    (6) Calling-Station-Id = "E8-39-DF-9F-A9-71"
    (6) Called-Station-Id = "58-93-96-29-6C-F8:Wireless1"
    (6) NAS-Identifier = "nas01"
    (6) NAS-Port-Type = Wireless-802.11
    (6) NAS-Port = 1
    (6) WISPr-Logoff-URL = "http://10.1.0.1:3990/logoff"
    (6) Message-Authenticator = 0x3d1cfddd8bde242ad50a40d1897e50c7
    (6) # Executing section authorize from file /etc/freeradius/sites-enabled/radiusdesk-plain
    (6) authorize {
    (6) policy RADIUSdesk_filter_username {
    (6) if (&User-Name) {
    (6) if (&User-Name) -> TRUE
    (6) if (&User-Name) {
    (6) if (&User-Name =~ / /) {
    (6) if (&User-Name =~ / /) -> FALSE
    (6) } # if (&User-Name) = notfound
    (6) } # policy RADIUSdesk_filter_username = notfound
    (6) [preprocess] = ok
    (6) policy RADIUSdesk_rewrite_calling_station_id {
    (6) if (&request:Calling-Station-Id){
    (6) if (&request:Calling-Station-Id) -> TRUE
    (6) if (&request:Calling-Station-Id) {
    (6) if (&request:Calling-Station-Id =~ /([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})/i){
    (6) if (&request:Calling-Station-Id =~ /([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})/i) -> TRUE
    (6) if (&request:Calling-Station-Id =~ /([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})/i) {
    (6) update request {
    (6) EXPAND %{1}-%{2}-%{3}-%{4}-%{5}-%{6}
    (6) --> E8-39-DF-9F-A9-71
    (6) Calling-Station-Id := E8-39-DF-9F-A9-71
    (6) } # update request = noop
    (6) } # if (&request:Calling-Station-Id =~ /([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})/i) = noop
    (6) ... skipping else: Preceding "if" was taken
    (6) } # if (&request:Calling-Station-Id) = noop
    (6) ... skipping else: Preceding "if" was taken
    (6) } # policy RADIUSdesk_rewrite_calling_station_id = noop
    (6) policy RADIUSdesk_find_dynamic_client {
    (6) update control {
    (6) Rd-Dynamic-Client := 0
    (6) Rd-Unknown-Added := 0
    (6) Rd-Client-Updated := 0
    (6) } # update control = noop
    (6) if (&request:NAS-Identifier){
    (6) if (&request:NAS-Identifier) -> TRUE
    (6) if (&request:NAS-Identifier) {
    (6) update control {
    (6) EXPAND %{User-Name}
    (6) --> yawningghost
    (6) SQL-User-Name set to 'yawningghost'
    rlm_sql (sql): Reserved connection (7)
    (6) Executing select query: SELECT IFNULL((SELECT dynamic_clients.active FROM dynamic_clients WHERE nasidentifier='nas01'),2)
    rlm_sql (sql): Released connection (7)
    (6) EXPAND %{sql:SELECT IFNULL((SELECT dynamic_clients.active FROM dynamic_clients WHERE nasidentifier='%{request:NAS-Identifier}'),2)}
    (6) --> 1
    (6) Rd-Client-Active := 1
    (6) } # update control = noop
    (6) if ((&control:Rd-Client-Active == 0)||(&control:Rd-Client-Active == 1)){
    (6) if ((&control:Rd-Client-Active == 0)||(&control:Rd-Client-Active == 1)) -> TRUE
    (6) if ((&control:Rd-Client-Active == 0)||(&control:Rd-Client-Active == 1)) {
    (6) EXPAND %{User-Name}
    (6) --> yawningghost
    (6) SQL-User-Name set to 'yawningghost'
    rlm_sql (sql): Reserved connection (8)
    (6) Executing query: UPDATE dynamic_clients SET last_contact_ip='201.167.123.244', last_contact=now() WHERE nasidentifier='nas01'
    rlm_sql_mysql: Rows matched: 1 Changed: 1 Warnings: 0
    rlm_sql (sql): Released connection (8)
    (6) EXPAND %{sql:UPDATE dynamic_clients SET last_contact_ip='%{request:Packet-Src-IP-Address}', last_contact=now() WHERE nasidentifier='%{request:NAS-Identifier}' }
    (6) --> 1
    (6) update control {
    (6) Rd-Client-Updated := 1
    (6) } # update control = noop
    (6) if (&control:Rd-Client-Active == 1){
    (6) if (&control:Rd-Client-Active == 1) -> TRUE
    (6) if (&control:Rd-Client-Active == 1) {
    (6) update control {
    (6) Rd-Dynamic-Client := 1
    (6) } # update control = noop
    (6) } # if (&control:Rd-Client-Active == 1) = noop
    (6) ... skipping else: Preceding "if" was taken
    (6) } # if ((&control:Rd-Client-Active == 0)||(&control:Rd-Client-Active == 1)) = noop
    (6) if (&control:Rd-Client-Active == 2){
    (6) if (&control:Rd-Client-Active == 2) -> FALSE
    (6) } # if (&request:NAS-Identifier) = noop
    (6) if ((&control:Rd-Client-Active == 2)&&(&request:Called-Station-Id)){
    (6) if ((&control:Rd-Client-Active == 2)&&(&request:Called-Station-Id)) -> FALSE
    (6) if (&control:Rd-Dynamic-Client == 0){
    (6) if (&control:Rd-Dynamic-Client == 0) -> FALSE
    (6) } # policy RADIUSdesk_find_dynamic_client = noop
    (6) [chap] = noop
    (6) [mschap] = noop
    (6) [digest] = noop
    (6) suffix: Checking for suffix after "@"
    (6) suffix: No '@' in User-Name = "yawningghost", looking up realm NULL
    (6) suffix: No such realm "NULL"
    (6) [suffix] = noop
    (6) eap: No EAP-Message, not doing EAP
    (6) [eap] = noop
    (6) if (!EAP-Message) {
    (6) if (!EAP-Message) -> TRUE
    (6) if (!EAP-Message) {
    (6) policy RADIUSdesk_main {
    (6) if (&request:User-Name =~ /^([0-9a-f]{2})[-:]+([0-9a-f]{2})[-:]+([0-9a-f]{2})[-:]+([0-9a-f]{2})[-:]+([0-9a-f]{2})[-:]+([0-9a-f]{2})$/i){
    (6) if (&request:User-Name =~ /^([0-9a-f]{2})[-:]+([0-9a-f]{2})[-:]+([0-9a-f]{2})[-:]+([0-9a-f]{2})[-:]+([0-9a-f]{2})[-:]+([0-9a-f]{2})$/i) -> FALSE
    (6) if ("%{sql:SELECT count(username) FROM radcheck WHERE radcheck.username='%{request:User-Name}'}" == 0){
    (6) EXPAND %{User-Name}
    (6) --> yawningghost
    (6) SQL-User-Name set to 'yawningghost'
    rlm_sql (sql): Reserved connection (9)
    (6) Executing select query: SELECT count(username) FROM radcheck WHERE radcheck.username='yawningghost'
    rlm_sql (sql): Released connection (9)
    (6) EXPAND %{sql:SELECT count(username) FROM radcheck WHERE radcheck.username='%{request:User-Name}'}
    (6) --> 5
    (6) if ("%{sql:SELECT count(username) FROM radcheck WHERE radcheck.username='%{request:User-Name}'}" == 0) -> FALSE
    (6) if (&request:Calling-Station-Id){
    (6) if (&request:Calling-Station-Id) -> TRUE
    (6) if (&request:Calling-Station-Id) {
    (6) if ("%{sql:SELECT count(username) FROM radcheck WHERE radcheck.username='%{request:Calling-Station-Id}'}" != 0){
    (6) EXPAND %{User-Name}
    (6) --> yawningghost
    (6) SQL-User-Name set to 'yawningghost'
    rlm_sql (sql): Reserved connection (7)
    (6) Executing select query: SELECT count(username) FROM radcheck WHERE radcheck.username='E8-39-DF-9F-A9-71'
    rlm_sql (sql): Released connection (7)
    (6) EXPAND %{sql:SELECT count(username) FROM radcheck WHERE radcheck.username='%{request:Calling-Station-Id}'}
    (6) --> 0
    (6) if ("%{sql:SELECT count(username) FROM radcheck WHERE radcheck.username='%{request:Calling-Station-Id}'}" != 0) -> FALSE
    (6) elsif ("%{sql:SELECT count(radcheck.username) FROM radcheck WHERE radcheck.username='%{request:User-Name}' and attribute='Rd-Mac-Check' and value=1}" != 0){
    (6) EXPAND %{User-Name}
    (6) --> yawningghost
    (6) SQL-User-Name set to 'yawningghost'
    rlm_sql (sql): Reserved connection (8)
    (6) Executing select query: SELECT count(radcheck.username) FROM radcheck WHERE radcheck.username='yawningghost' and attribute='Rd-Mac-Check' and value=1
    rlm_sql (sql): Released connection (8)
    (6) EXPAND %{sql:SELECT count(radcheck.username) FROM radcheck WHERE radcheck.username='%{request:User-Name}' and attribute='Rd-Mac-Check' and value=1}
    (6) --> 0
    (6) elsif ("%{sql:SELECT count(radcheck.username) FROM radcheck WHERE radcheck.username='%{request:User-Name}' and attribute='Rd-Mac-Check' and value=1}" != 0) -> FALSE
    (6) } # if (&request:Calling-Station-Id) = ok
    (6) update control {
    (6) EXPAND %{User-Name}
    (6) --> yawningghost
    (6) SQL-User-Name set to 'yawningghost'
    rlm_sql (sql): Reserved connection (9)
    (6) Executing select query: SELECT IFNULL((SELECT value FROM radcheck WHERE radcheck.username='yawningghost' and attribute='Rd-Device-Owner'),'rd_not_found')
    rlm_sql (sql): Released connection (9)
    (6) EXPAND %{sql:SELECT IFNULL((SELECT value FROM radcheck WHERE radcheck.username='%{request:User-Name}' and attribute='Rd-Device-Owner'),'rd_not_found')}
    (6) --> rd_not_found
    (6) Rd-Tmp-Owner := rd_not_found
    (6) } # update control = noop
    (6) if (&control:Rd-Tmp-Owner != 'rd_not_found'){
    (6) if (&control:Rd-Tmp-Owner != 'rd_not_found') -> FALSE
    (6) else {
    (6) policy RADIUSdesk_user_check {
    (6) sql: EXPAND %{User-Name}
    (6) sql: --> yawningghost
    (6) sql: SQL-User-Name set to 'yawningghost'
    rlm_sql (sql): Reserved connection (7)
    (6) sql: EXPAND SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id
    (6) sql: --> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'yawningghost' ORDER BY id
    (6) sql: Executing select query: SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'yawningghost' ORDER BY id
    (6) sql: User found in radcheck table
    (6) sql: Conditional check items matched, merging assignment check items
    (6) sql: Cleartext-Password := "yawningghost"
    (6) sql: Rd-User-Type := "voucher"
    (6) sql: Rd-Realm := "Office_AP"
    (6) sql: User-Profile := "Test1"
    (6) sql: Rd-Voucher := "0-00-30-00"
    (6) sql: EXPAND SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id
    (6) sql: --> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'yawningghost' ORDER BY id
    (6) sql: Executing select query: SELECT id, username, attribute, value, op FROM radreply WHERE username = 'yawningghost' ORDER BY id
    (6) sql: EXPAND SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority
    (6) sql: --> SELECT groupname FROM radusergroup WHERE username = 'yawningghost' ORDER BY priority
    (6) sql: Executing select query: SELECT groupname FROM radusergroup WHERE username = 'yawningghost' ORDER BY priority
    (6) sql: User not found in any groups
    (6) sql: Checking profile Test1
    (6) sql: EXPAND Test1
    (6) sql: --> Test1
    (6) sql: SQL-User-Name set to 'Test1'
    (6) sql: EXPAND SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority
    (6) sql: --> SELECT groupname FROM radusergroup WHERE username = 'Test1' ORDER BY priority
    (6) sql: Executing select query: SELECT groupname FROM radusergroup WHERE username = 'Test1' ORDER BY priority
    (6) sql: User found in the group table
    (6) sql: EXPAND SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{SQL-Group}' ORDER BY id
    (6) sql: --> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'BW-512Kbs' ORDER BY id
    (6) sql: Executing select query: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'BW-512Kbs' ORDER BY id
    (6) sql: Group "BW-512Kbs": Conditional check items matched
    (6) sql: Group "BW-512Kbs": Merging assignment check items
    (6) sql: Simultaneous-Use := 1
    (6) sql: Idle-Timeout := 60
    (6) sql: Rd-Mac-Counter-Time := 1
    (6) sql: EXPAND SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{SQL-Group}' ORDER BY id
    (6) sql: --> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'BW-512Kbs' ORDER BY id
    (6) sql: Executing select query: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'BW-512Kbs' ORDER BY id
    (6) sql: Group "BW-512Kbs": Merging reply items
    (6) sql: Fall-Through := Yes
    (6) sql: WISPr-Bandwidth-Max-Up := 512000
    (6) sql: WISPr-Bandwidth-Max-Down := 512000
    rlm_sql (sql): Released connection (7)
    (6) [sql] = ok
    (6) if (ok){
    (6) if (ok) -> TRUE
    (6) if (ok) {
    (6) if ((&control:Rd-Account-Disabled)&&(&control:Rd-Account-Disabled == 1)){
    (6) if ((&control:Rd-Account-Disabled)&&(&control:Rd-Account-Disabled == 1)) -> FALSE
    (6) if (&control:Rd-Account-Activation-Time){
    (6) if (&control:Rd-Account-Activation-Time) -> FALSE
    (6) if (&control:Rd-Realm){
    (6) if (&control:Rd-Realm) -> TRUE
    (6) if (&control:Rd-Realm) {
    (6) update request {
    (6) EXPAND %{control:Rd-Realm}
    (6) --> Office_AP
    (6) Realm := Office_AP
    (6) } # update request = noop
    (6) } # if (&control:Rd-Realm) = noop
    (6) if ((&control:Rd-Auth-Type)&&(&control:Rd-Auth-Type != 'sql')){
    (6) if ((&control:Rd-Auth-Type)&&(&control:Rd-Auth-Type != 'sql')) -> FALSE
    (6) policy RADIUSdesk_data_counter {
    (6) if ((&control:Rd-Total-Data)&&(&control:Rd-Reset-Type-Data)&&(&control:Rd-Cap-Type-Data == 'hard')){
    (6) if ((&control:Rd-Total-Data)&&(&control:Rd-Reset-Type-Data)&&(&control:Rd-Cap-Type-Data == 'hard')) -> FALSE
    (6) } # policy RADIUSdesk_data_counter = noop
    (6) policy RADIUSdesk_time_counter {
    (6) if ((&control:Rd-Total-Time)&&(&control:Rd-Reset-Type-Time)&&(&control:Rd-Cap-Type-Time == 'hard')){
    (6) if ((&control:Rd-Total-Time)&&(&control:Rd-Reset-Type-Time)&&(&control:Rd-Cap-Type-Time == 'hard')) -> FALSE
    (6) } # policy RADIUSdesk_time_counter = noop
    (6) policy RADIUSdesk_voucher_check {
    (6) if (&control:Rd-Voucher){
    (6) if (&control:Rd-Voucher) -> TRUE
    (6) if (&control:Rd-Voucher) {
    (6) if (&control:Rd-Voucher =~ /([0-9]{1,3})[-]?([0-9]{2})[-]?([0-9]{2})[-]?([0-9]{2})/i){
    (6) if (&control:Rd-Voucher =~ /([0-9]{1,3})[-]?([0-9]{2})[-]?([0-9]{2})[-]?([0-9]{2})/i) -> TRUE
    (6) if (&control:Rd-Voucher =~ /([0-9]{1,3})[-]?([0-9]{2})[-]?([0-9]{2})[-]?([0-9]{2})/i) {
    (6) update control {
    (6) EXPAND %{expr: (%{1} * 86400)+(%{2} * 3600) + (%{3}* 60) +(%{4})}
    (6) --> 1800
    (6) Rd-Voucher-Time-Available := 1800
    (6) } # update control = noop
    (6) if ("%{sql:SELECT count(username) FROM radacct WHERE radacct.username='%{request:User-Name}'}" > 0){
    (6) EXPAND %{User-Name}
    (6) --> yawningghost
    (6) SQL-User-Name set to 'yawningghost'
    rlm_sql (sql): Reserved connection (8)
    (6) Executing select query: SELECT count(username) FROM radacct WHERE radacct.username='yawningghost'
    rlm_sql (sql): Released connection (8)
    (6) EXPAND %{sql:SELECT count(username) FROM radacct WHERE radacct.username='%{request:User-Name}'}
    (6) --> 3
    (6) if ("%{sql:SELECT count(username) FROM radacct WHERE radacct.username='%{request:User-Name}'}" > 0) -> TRUE
    (6) if ("%{sql:SELECT count(username) FROM radacct WHERE radacct.username='%{request:User-Name}'}" > 0) {
    (6) update control {
    (6) EXPAND %{User-Name}
    (6) --> yawningghost
    (6) SQL-User-Name set to 'yawningghost'
    rlm_sql (sql): Reserved connection (9)
    (6) Executing select query: SELECT UNIX_TIMESTAMP(now()) - UNIX_TIMESTAMP(acctstarttime) FROM radacct WHERE username='yawningghost' ORDER by acctstarttime ASC LIMIT 1
    rlm_sql (sql): Released connection (9)
    (6) EXPAND %{sql:SELECT UNIX_TIMESTAMP(now()) - UNIX_TIMESTAMP(acctstarttime) FROM radacct WHERE username='%{request:User-Name}' ORDER by acctstarttime ASC LIMIT 1}
    (6) --> 1704
    (6) Rd-Voucher-Time-Expired := 1704
    (6) } # update control = noop
    (6) if (&control:Rd-Voucher-Time-Expired <= &control:Rd-Voucher-Time-Available){
    (6) if (&control:Rd-Voucher-Time-Expired <= &control:Rd-Voucher-Time-Available) -> TRUE
    (6) if (&control:Rd-Voucher-Time-Expired <= &control:Rd-Voucher-Time-Available) {
    (6) update control {
    (6) EXPAND %{expr: %{control:Rd-Voucher-Time-Available} - %{control:Rd-Voucher-Time-Expired}}
    (6) --> 96
    (6) Rd-Voucher-Timeout := 96
    (6) } # update control = noop
    (6) } # if (&control:Rd-Voucher-Time-Expired <= &control:Rd-Voucher-Time-Available) = noop
    (6) ... skipping else: Preceding "if" was taken
    (6) } # if ("%{sql:SELECT count(username) FROM radacct WHERE radacct.username='%{request:User-Name}'}" > 0) = noop
    (6) ... skipping else: Preceding "if" was taken
    (6) } # if (&control:Rd-Voucher =~ /([0-9]{1,3})[-]?([0-9]{2})[-]?([0-9]{2})[-]?([0-9]{2})/i) = noop
    (6) } # if (&control:Rd-Voucher) = noop
    (6) } # policy RADIUSdesk_voucher_check = noop
    (6) if (&control:Rd-Dynamic-Client){
    (6) if (&control:Rd-Dynamic-Client) -> TRUE
    (6) if (&control:Rd-Dynamic-Client) {
    (6) if (&control:Rd-Dynamic-Client == 1){
    (6) if (&control:Rd-Dynamic-Client == 1) -> TRUE
    (6) if (&control:Rd-Dynamic-Client == 1) {
    (6) policy RADIUSdesk_realm_dynamic_client_check {
    (6) if (&request:NAS-Identifier){
    (6) if (&request:NAS-Identifier) -> TRUE
    (6) if (&request:NAS-Identifier) {
    (6) if ("%{sql:SELECT COUNT(dynamic_client_realms.id) AS count FROM dynamic_clients LEFT JOIN dynamic_client_realms ON dynamic_clients.id=dynamic_client_realms.dynamic_client_id WHERE dynamic_clients.nasidentifier='%{request:NAS-Identifier}'}" > 0){
    (6) EXPAND %{User-Name}
    (6) --> yawningghost
    (6) SQL-User-Name set to 'yawningghost'
    rlm_sql (sql): Reserved connection (7)
    (6) Executing select query: SELECT COUNT(dynamic_client_realms.id) AS count FROM dynamic_clients LEFT JOIN dynamic_client_realms ON dynamic_clients.id=dynamic_client_realms.dynamic_client_id WHERE dynamic_clients.nasidentifier='nas01'
    rlm_sql (sql): Released connection (7)
    (6) EXPAND %{sql:SELECT COUNT(dynamic_client_realms.id) AS count FROM dynamic_clients LEFT JOIN dynamic_client_realms ON dynamic_clients.id=dynamic_client_realms.dynamic_client_id WHERE dynamic_clients.nasidentifier='%{request:NAS-Identifier}'}
    (6) --> 0
    (6) if ("%{sql:SELECT COUNT(dynamic_client_realms.id) AS count FROM dynamic_clients LEFT JOIN dynamic_client_realms ON dynamic_clients.id=dynamic_client_realms.dynamic_client_id WHERE dynamic_clients.nasidentifier='%{request:NAS-Identifier}'}" > 0) -> FALSE
    (6) } # if (&request:NAS-Identifier) = noop
    (6) } # policy RADIUSdesk_realm_dynamic_client_check = noop
    (6) } # if (&control:Rd-Dynamic-Client == 1) = noop
    (6) ... skipping else: Preceding "if" was taken
    (6) } # if (&control:Rd-Dynamic-Client) = noop
    (6) policy RADIUSdesk_user_ssid_check {
    (6) if (&control:Rd-Ssid-Check){
    (6) if (&control:Rd-Ssid-Check) -> FALSE
    (6) } # policy RADIUSdesk_user_ssid_check = noop
    (6) } # if (ok) = noop
    (6) } # policy RADIUSdesk_user_check = ok
    (6) } # else = ok
    (6) } # policy RADIUSdesk_main = ok
    (6) } # if (!EAP-Message) = ok
    (6) ... skipping else: Preceding "if" was taken
    (6) [files] = noop
    (6) [expiration] = noop
    (6) [logintime] = noop
    (6) policy RADIUSdesk_session_timeout {
    (6) if (&reply:Session-Timeout){
    (6) if (&reply:Session-Timeout) -> FALSE
    (6) else {
    (6) if ((&control:Rd-Avail-Time)&&(&control:Rd-Voucher-Timeout)){
    (6) if ((&control:Rd-Avail-Time)&&(&control:Rd-Voucher-Timeout)) -> FALSE
    (6) elsif (&control:Rd-Avail-Time){
    (6) elsif (&control:Rd-Avail-Time) -> FALSE
    (6) elsif (&control:Rd-Voucher-Timeout){
    (6) elsif (&control:Rd-Voucher-Timeout) -> TRUE
    (6) elsif (&control:Rd-Voucher-Timeout) {
    (6) update reply {
    (6) EXPAND %{control:Rd-Voucher-Timeout}
    (6) --> 96
    (6) Session-Timeout := 96
    (6) } # update reply = noop
    (6) } # elsif (&control:Rd-Voucher-Timeout) = noop
    (6) } # else = noop
    (6) } # policy RADIUSdesk_session_timeout = noop
    (6) if ((&control:Rd-User-Type =='device')&&(!&control:Auth-Type)){
    (6) if ((&control:Rd-User-Type =='device')&&(!&control:Auth-Type)) -> FALSE
    (6) if ((&control:Rd-User-Type =='voucher-device')&&(!&control:Auth-Type)){
    (6) if ((&control:Rd-User-Type =='voucher-device')&&(!&control:Auth-Type)) -> FALSE
    (6) [pap] = updated
    (6) } # authorize = updated
    (6) Found Auth-Type = PAP
    (6) # Executing group from file /etc/freeradius/sites-enabled/radiusdesk-plain
    (6) Auth-Type PAP {
    (6) pap: Login attempt with password
    (6) pap: Comparing with "known good" Cleartext-Password
    (6) pap: ERROR: Cleartext password "182274cc98d6e8a3" does not match "known good" password
    (6) pap: Passwords don't match
    (6) [pap]     = reject
    (6) } # Auth-Type PAP = reject
    (6) Failed to authenticate the user
    (6) Using Post-Auth-Type Reject
    (6) # Executing group from file /etc/freeradius/sites-enabled/radiusdesk-plain
    (6) Post-Auth-Type REJECT {
    (6) attr_filter.access_reject: EXPAND %{User-Name}
    (6) attr_filter.access_reject: --> yawningghost
    (6) attr_filter.access_reject: Matched entry DEFAULT at line 11
    (6) [attr_filter.access_reject] = updated
    (6) if (reply:Reply-Message =~ /You are already logged in/i){
    (6) ERROR: Failed retrieving values required to evaluate condition
    (6) policy RADIUSdesk_last_reject {
    (6) if (EAP-Message){
    (6) if (EAP-Message) -> FALSE
    (6) EXPAND %{User-Name}
    (6) --> yawningghost
    (6) SQL-User-Name set to 'yawningghost'
    rlm_sql (sql): Reserved connection (8)
    (6) Executing query: UPDATE permanent_users SET last_reject_time=now(),last_reject_nas='10.1.0.1',last_reject_message='N/A' where username='yawningghost'
    rlm_sql_mysql: Rows matched: 0 Changed: 0 Warnings: 0
    (6) SQL query affected no rows
    rlm_sql (sql): Released connection (8)
    (6) EXPAND %{sql:UPDATE permanent_users SET last_reject_time=now(),last_reject_nas='%{NAS-IP-Address}',last_reject_message='%{%{reply:Reply-Message}:-N/A}' where username='%{User-Name}'}
    (6) -->
    (6) EXPAND %{User-Name}
    (6) --> yawningghost
    (6) SQL-User-Name set to 'yawningghost'
    rlm_sql (sql): Reserved connection (9)
    (6) Executing query: UPDATE devices SET last_reject_time=now(),last_reject_nas='10.1.0.1',last_reject_message='N/A' where name='E8-39-DF-9F-A9-71'
    rlm_sql_mysql: Rows matched: 0 Changed: 0 Warnings: 0
    (6) SQL query affected no rows
    rlm_sql (sql): Released connection (9)
    (6) EXPAND %{sql:UPDATE devices SET last_reject_time=now(),last_reject_nas='%{NAS-IP-Address}',last_reject_message='%{%{reply:Reply-Message}:-N/A}' where name='%{Calling-Station-Id}'}
    (6) -->
    (6) EXPAND %{User-Name}
    (6) --> yawningghost
    (6) SQL-User-Name set to 'yawningghost'
    rlm_sql (sql): Reserved connection (7)
    (6) Executing query: UPDATE vouchers SET last_reject_time=now(),last_reject_nas='10.1.0.1',last_reject_message='N/A' where name='yawningghost'
    rlm_sql_mysql: Rows matched: 1 Changed: 1 Warnings: 0
    rlm_sql (sql): Released connection (7)
    (6) EXPAND %{sql:UPDATE vouchers SET last_reject_time=now(),last_reject_nas='%{NAS-IP-Address}',last_reject_message='%{%{reply:Reply-Message}:-N/A}' where name='%{User-Name}'}
    (6) --> 1
    (6) } # policy RADIUSdesk_last_reject = updated
    (6) } # Post-Auth-Type REJECT = updated
    (6) Delaying response for 1.000000 seconds
    Waking up in 0.2 seconds.
    Waking up in 0.7 seconds.
    (6) Sending delayed response
    (6) Sent Access-Reject Id 82 from 192.168.100.238:1812 to 201.167.123.244:32768 length 20
    Waking up in 3.9 seconds.
    (6) Cleaning up request packet ID 82 with timestamp +166
    Ready to process requests

    That's what I have so far, I'd really appreciate some help here, if more info is needed with no doubt I will provide or test if required, thanks again in advance!!!

     

  • Fabrizio Lazzaretti

    Fabrizio Lazzaretti - 2017-02-06

    Hi, maybe the problem is in this line:
    (6) pap: Comparing with "known good" Cleartext-Password
    (6) pap: ERROR: Cleartext password "182274cc98d6e8a3" does not match "known good" password
    (6) pap: Passwords don't match

     

  • Alfonso Gonzalez Sanchez

    Alfonso Gonzalez Sanchez - 2017-02-06

    Hello Fabrizio, yes, I was also thinking that was the problem, but I did not know where this password was coming from, I later did some more searching, checking configs in both radiusdesk and ruckus ap, and I found that the uam secret from the ruckus (not set per default) was missing, therefore not matching the one from radiusdesk coova-chilli config, after matching the secret I was able to successfully get the ruckus ap to work as intended, thannks!!!

     

Log in to post a comment.

Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.