вот логи радиуса.
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 15728640
NAS-Port-Type = Ethernet
User-Name = "udal1"
Calling-Station-Id = "1C:AF:F7:70:01:F4"
Called-Station-Id = "pppoe_vid11"
NAS-Port-Id = "vlan11"
MS-CHAP-Challenge = 0x5f878b72711e9404018166138e2841a0
MS-CHAP2-Response = 0x0100529ad514970adfea296a6256bb672a6b00000000000000 0096c5da9f3fdd149dcc26ec1428df8856e1a4d051b456d36d
NAS-Identifier = "kyahulay nas2"
NAS-IP-Address = 10.90.92.2
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+group authorize {
++[preprocess] = ok
++[chap] = noop
[mschap] Found MS-CHAP attributes. Setting 'Auth-Type = mschap'
++[mschap] = ok
++[digest] = noop
[suffix] No '@' in User-Name = "udal1", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] = noop
[eap] No EAP-Message, not doing EAP
++[eap] = noop
[files] users: Matched entry DEFAULT at line 115
++[files] = ok
[sql] expand: %{User-Name} -> udal1
[sql] sql_set_user escaped user --> 'udal1'
rlm_sql (sql): Reserving sql socket id: 18
[sql] expand: SELECT id, username, attribute, value, op FROM radchec k WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE usern ame = 'udal1' ORDER BY id
WARNING: Found User-Password == "...".
WARNING: Are you sure you don't mean Cleartext-Password?
WARNING: See "man rlm_pap" for more information.
[sql] User found in radcheck table
[sql] expand: SELECT id, username, attribute, value, op FROM radrepl y WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE usern ame = 'udal1' ORDER BY id
[sql] expand: SELECT groupname FROM radusergroup WHERE use rname = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'udal1' ORDER BY pri ority
rlm_sql (sql): Released sql socket id: 18
++[sql] = ok
++[expiration] = noop
++[logintime] = noop
[pap] WARNING: Auth-Type already set. Not setting to PAP
++[pap] = noop
+} # group authorize = ok
Found Auth-Type = MSCHAP
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Replacing User-Password in config items with Cleartext-Password. !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Please update your configuration so that the "known good" !!!
!!! clear text password is in Cleartext-Password, and not in User-Password. !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
# Executing group from file /etc/freeradius/sites-enabled/default
+group MS-CHAP {
[mschap] Creating challenge hash with username: udal1
[mschap] Client is using MS-CHAPv2 for udal1, we need NT-Password
[mschap] adding MS-CHAPv2 MPPE keys
++[mschap] = ok
+} # group MS-CHAP = ok
# Executing section post-auth from file /etc/freeradius/sites-enabled/default
+group post-auth {
[sql] expand: %{User-Name} -> udal1
[sql] sql_set_user escaped user --> 'udal1'
[sql] expand: %{User-Password} ->
[sql] ... expanding second conditional
[sql] expand: %{Chap-Password} ->
[sql] expand: INSERT INTO radpostauth (username, pas s, reply, authdate) VALUES ( '%{User-Name}', '%{%{User-Password}:-%{Chap-Password} }', '%{reply:Packet-Type}', '%S') -> INSERT INTO radpo stauth (username, pass, reply, authdate) VALUES ( 'udal1', '', 'Access-Accept', '2016-09-07 21:47:53')
rlm_sql (sql) in sql_postauth: query is INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'udal1', '', 'Access-Accept', '2016-09-07 21:47:53')
rlm_sql (sql): Reserving sql socket id: 17
rlm_sql (sql): Released sql socket id: 17
++[sql] = ok
++[exec] = noop
+} # group post-auth = ok
Sending Access-Accept of id 24 to 10.90.92.2 port 50840
Framed-Protocol = PPP
Framed-Compression = Van-Jacobson-TCP-IP
Filter-Id = "25000"
Mikrotik-Rate-Limit = "25000k"
MS-CHAP2-Success = 0x01533d324335304143353337373637423241383639344638373 64630353941453842303846384135423645
MS-MPPE-Recv-Key = 0xb78b960fe88c12bb5b213f305bcb131c
MS-MPPE-Send-Key = 0xbb7fc41553d12a1665c16de0b54a910c
MS-MPPE-Encryption-Policy = 0x00000001
MS-MPPE-Encryption-Types = 0x00000006
Finished request 22.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.90.92.2 port 50840, id=24, length=1 94
Sending duplicate reply to client testclient port 50840 - ID: 24
Sending Access-Accept of id 24 to 10.90.92.2 port 50840
Waking up in 4.6 seconds.
rad_recv: Access-Request packet from host 10.90.92.2 port 50840, id=24, length=1 94
Sending duplicate reply to client testclient port 50840 - ID: 24
Sending Access-Accept of id 24 to 10.90.92.2 port 50840
Waking up in 4.3 seconds.
Cleaning up request 22 ID 24 with timestamp +248
Ready to process requests.
а микротик в логах пишет user udal1 authentication failed - radius timeout
как лечить это?
