eap { pwd { #group = 19 server_id = example@example.com # Thi

1. eap {
2. pwd {
3. #group = 19
4.  
5. server_id = example@example.com
6.  
7. # This has the same meaning as for TLS.
8. fragment_size = 1020
9.  
10. # The virtual server which determines the "known good" password for the user.
11. # Note that unlike TLS, only the "authorize" section is processed.
12. # EAP-PWD requests can be distinguished by having a User-Name, but no User-Password, CHAP-Password, EAP-Message, etc.
13. #virtual_server = "inner-tunnel"
14. }
15.  
16. authorize {
17. filter_username
18. preprocess
19.  
20. # Look in an SQL database.
21. sql
22.  
23. #permit_only_eap
24. eap {
25. ok = return
26. }
27.  
28. logintime
29. }
30.  
31. authenticate {
32. # Allow EAP authentication.
33. eap
34. }
35.  
36. authorize {
37. eap {
38. ok = return
39. }
40.  
41. # Look in an SQL database.
42. sql
43.  
44. expiration
45. }
46.  
47. authenticate {
48. mschap
49.  
50. # Allow EAP authentication.
51. eap
52. }
53.  
54. (2) eap: Peer sent method PWD (52)
55. (2) eap: EAP PWD (52)
56. (2) eap: Calling eap_pwd to process EAP data
57. (2) eap_pwd: Sending tunneled request
58. (2) eap_pwd: server default {
59. (2) # Executing section authorize from file /etc/freeradius/sites-enabled/default
60. (2) authorize {
61. (2) policy filter_username {
62. (2) if (!&User-Name) {
63. (2) if (!&User-Name) -> TRUE
64. (2) if (!&User-Name) {
65. (2) [noop] = noop
66. (2) } # if (!&User-Name) = noop
67. (2) if (&User-Name =~ / /) {
68. (2) ERROR: Failed retrieving values required to evaluate condition
69. (2) if (&User-Name =~ /@.*@/ ) {
70. (2) ERROR: Failed retrieving values required to evaluate condition
71. (2) if (&User-Name =~ /../ ) {
72. (2) ERROR: Failed retrieving values required to evaluate condition
73. (2) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+).(.+)$/)) {
74. (2) ERROR: Failed retrieving values required to evaluate condition
75. (2) if (&User-Name =~ /.$/) {
76. (2) ERROR: Failed retrieving values required to evaluate condition
77. (2) if (&User-Name =~ /@./) {
78. (2) ERROR: Failed retrieving values required to evaluate condition
79. (2) } # policy filter_username = noop
80. (2) [preprocess] = ok
81. (2) sql: EXPAND %{User-Name}
82. (2) sql: -->
83. (2) sql: SQL-User-Name set to ''
84. rlm_sql (sql): Reserved connection (4)
85. (2) sql: EXPAND SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id
86. (2) sql: --> SELECT id, username, attribute, value, op FROM radcheck WHERE username = '' ORDER BY id
87. (2) sql: Executing select query: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '' ORDER BY id
88. (2) sql: EXPAND SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority
89. (2) sql: --> SELECT groupname FROM radusergroup WHERE username = '' ORDER BY priority
90. (2) sql: Executing select query: SELECT groupname FROM radusergroup WHERE username = '' ORDER BY priority
91. (2) sql: User not found in any groups
92. rlm_sql (sql): Released connection (4)
93. (2) [sql] = notfound
94. (2) eap: No EAP-Message, not doing EAP
95. (2) [eap] = noop
96. (2) [logintime] = noop
97. (2) } # authorize = ok
98. (2) eap_pwd: } # server default
99. (2) eap_pwd: Got tunneled reply code 0
100. failed to find password for lars to do pwd authentication
101. (2) eap: ERROR: Failed continuing EAP PWD (52) session. EAP sub-module failed
102. (2) eap: Failed in EAP select
103. (2) [eap] = invalid
104. (2) } # authenticate = invalid
105. (2) Failed to authenticate the user
106. (2) Login incorrect (eap: Failed continuing EAP PWD (52) session. EAP sub-module failed): [lars] (from client LARS-RANNOCH port 4 cli 48-59-29-F6-BA-89)