Помогите настроить freeradius+cisco 1130AG!

Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.24.5:1645, id=53, length=250
        User-Name = "user"
        Framed-MTU = 1400
        Called-Station-Id = "001d.a174.d080"
        Calling-Station-Id = "0015.af38.2141"
        Service-Type = Login-User
        Message-Authenticator = 0x6b9fa236a421d0641597329891947ee0
        EAP-Message = 0x02040073198000000069160301006401000060030147600c5c8c3cd24008a0924dc8f0bca42f3
e319eacbbff82106ac7df66f229ad000018002f00350005000ac009c00ac013c0140032003800130
0040100001f00000009000700000475736572000a00080006001700180019000b00020100
        NAS-Port-Type = Wireless-802.11
        NAS-Port = 395
        NAS-Port-Id = "395"
        State = 0xbe96aa6179623e846c8f3996d13ac6a8
        NAS-IP-Address = 192.168.24.5
        NAS-Identifier = "ap"
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 2
  modcall[authorize]: module "preprocess" returns ok for request 2
  rlm_eap: EAP packet type response id 4 length 115
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 2
radius_xlat:  'user'
rlm_sql (sql): sql_set_user escaped user --> 'user'
radius_xlat:  'SELECT id, UserName, Attribute, Value, op           FROM radcheck           WHERE Username = 'user'           ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 2
radius_xlat:  'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.
Value,radgroupcheck.op  FROM radgroupcheck,usergroup WHERE usergroup.Username = 'user' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'
radius_xlat:  'SELECT id, UserName, Attribute, Value, op           FROM radreply           WHERE Username = 'user'           ORDER BY id'
radius_xlat:  'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.
Value,radgroupreply.op  FROM radgroupreply,usergroup WHERE usergroup.Username = 'user' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id'
rlm_sql (sql): Released sql socket id: 2
  modcall[authorize]: module "sql" returns ok for request 2
modcall: leaving group authorize (returns updated) for request 2
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 2
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS
rlm_eap_tls:  Length Included
  eaptls_verify returned 11
    (other): before/accept initialization
    TLS_accept: before/accept initialization
  rlm_eap_tls: <<< TLS 1.0 Handshake [length 0064], ClientHello
    TLS_accept: SSLv3 read client hello A
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
    TLS_accept: SSLv3 write server hello A
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 0694], Certificate
    TLS_accept: SSLv3 write certificate A
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
    TLS_accept: SSLv3 write server done A
    TLS_accept: SSLv3 flush data
    TLS_accept: Need to read more data: SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
  eaptls_process returned 13
  rlm_eap_peap: EAPTLS_HANDLED
  modcall[authenticate]: module "eap" returns handled for request 2
modcall: leaving group authenticate (returns handled) for request 2
Sending Access-Challenge of id 53 to 192.168.24.5 port 1645
        Password = "pass"
        EAP-Message = 0x0105040a19c0000006f1160301004a02000046030147600bfbcac2adfba44205c6a1c66b0abfd
c68c66dcba5fee41ce1fecadd888b2027122b2d73994cae15cc9837309132c76be5f0f070e0c2ba1
0dcf63d00f0a46f002f0016030106940b00069000068d0002cd308202c930820232a003020102020
102300d06092a864886f70d010104050030819f310b30090603550406130243413111300f0603550
408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040
a130c4f7267616e697a6174696f6e31123010060355040b13096c6f63616c686f7374311b3019060
35504031312436c69656e74206365
        EAP-Message = 0x7274696669636174653121301f06092a864886f70d0109011612636c69656e74406578616d706
c652e636f6d301e170d3034303132353133323631305a170d3035303132343133323631305a30819
b310b30090603550406130243413111300f0603550408130850726f76696e6365311230100603550
4071309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e311230100
60355040b13096c6f63616c686f73743119301706035504031310526f6f742063657274696669636
17465311f301d06092a864886f70d0109011610726f6f74406578616d706c652e636f6d30819f300
d06092a864886f70d010101050003
        EAP-Message = 0x818d0030818902818100dac525422bfedb082629a2cba44b3449c90d0ab462fb72c8434a78209
8863d7eb7d7e70028c2b7ad555a51cc756cf4fa1d7091615ab450d5289553ae6616aff014a55085d
6b8fb4aee98638e426175cdd36c665c63cda177d34920eb30585edc8773999c2980f81ad4638bbbe
a1c82d054023db7ef24a3ec1c3f6241a903d7f30203010001a317301530130603551d25040c300a0
6082b06010505070301300d06092a864886f70d0101040500038181007a2d921b1cf13bf2982a917
8ec9ede6d88edc178a2e8bd40a0a06fb6f0769957884cd7084537083496fd184165293f583c8e824
0eb68e042c94b15752e4c07e80d09
        EAP-Message = 0x779afa3dd55c24fa54ac292d77205d1c2477ed30d59f57caf9bd21ff2a8d16cc0911c50e4f295
763fcb60efa3c3d2d0e43850f6e6fbe284902f6e83503650003ba308203b63082031fa0030201020
20100300d06092a864886f70d010104050030819f310b30090603550406130243413111300f06035
50408130850726f76696e63653112301006035504071309536f6d652043697479311530130603550
40a130c4f7267616e697a6174696f6e31123010060355040b13096c6f63616c686f7374311b30190
6035504031312436c69656e742063657274696669636174653121301f06092a864886f70d0109011
612636c69656e74406578616d706c
        EAP-Message = 0x652e636f6d301e170d3034303132353133323630375a
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x63484b60a8d8e098a30fe4664d97ee74
Finished request 2
Going to the next request

Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.24.5:1645, id=54, length=141
        User-Name = "user"
        Framed-MTU = 1400
        Called-Station-Id = "001d.a174.d080"
        Calling-Station-Id = "0015.af38.2141"
        Service-Type = Login-User
        Message-Authenticator = 0x3a4c230754bdfb53beab1a04e85ef865
        EAP-Message = 0x020500061900
        NAS-Port-Type = Wireless-802.11
        NAS-Port = 395
        NAS-Port-Id = "395"
        State = 0x63484b60a8d8e098a30fe4664d97ee74
        NAS-IP-Address = 192.168.24.5
        NAS-Identifier = "ap"
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 3
  modcall[authorize]: module "preprocess" returns ok for request 3
  rlm_eap: EAP packet type response id 5 length 6
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 3
radius_xlat:  'user'
rlm_sql (sql): sql_set_user escaped user --> 'user'
radius_xlat:  'SELECT id, UserName, Attribute, Value, op           FROM radcheck           WHERE Username = 'user'           ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 1
radius_xlat:  'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.
Value,radgroupcheck.op  FROM radgroupcheck,usergroup WHERE usergroup.Username = 'user' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'
radius_xlat:  'SELECT id, UserName, Attribute, Value, op           FROM radreply           WHERE Username = 'user'           ORDER BY id'
radius_xlat:  'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.
Value,radgroupreply.op  FROM radgroupreply,usergroup WHERE usergroup.Username = 'user' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id'
rlm_sql (sql): Released sql socket id: 1
  modcall[authorize]: module "sql" returns ok for request 3
modcall: leaving group authorize (returns updated) for request 3
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 3
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
  rlm_eap_tls: ack handshake fragment handler
  eaptls_verify returned 1
  eaptls_process returned 13
  rlm_eap_peap: EAPTLS_HANDLED
  modcall[authenticate]: module "eap" returns handled for request 3
modcall: leaving group authenticate (returns handled) for request 3
Sending Access-Challenge of id 54 to 192.168.24.5 port 1645
        Password = "pass"
        EAP-Message = 0x010602f71900170d3036303132343133323630375a30819f310b3009060355040613024341311
1300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153
013060355040a130c4f7267616e697a6174696f6e31123010060355040b13096c6f63616c686f737
4311b301906035504031312436c69656e742063657274696669636174653121301f06092a864886f
70d0109011612636c69656e74406578616d706c652e636f6d30819f300d06092a864886f70d01010
1050003818d0030818902818100d4c5b19724f164acf1ffb189db1c8fbff4f14396ea7cb1e90f78d
69451725377895dfe52ccb99b41e8
        EAP-Message = 0x0ddeb58b127a943f4f58cbc562878192fbdc6fece9f871e7c130d35cf5188817e9b133249edd2
a1c75d31043ae87553cec7a77ef26aa7d74281db9b77e17c6446c5dd9b188b43250ca0229963722a
123a726b00b4027fd0203010001a381ff3081fc301d0603551d0e0416041468d36d3e1ee7bc9d5a0
57021c363da1365d1ade33081cc0603551d230481c43081c1801468d36d3e1ee7bc9d5a057021c36
3da1365d1ade3a181a5a481a230819f310b30090603550406130243413111300f060355040813085
0726f76696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7
267616e697a6174696f6e31123010
        EAP-Message = 0x060355040b13096c6f63616c686f7374311b301906035504031312436c69656e7420636572746
96669636174653121301f06092a864886f70d0109011612636c69656e74406578616d706c652e636
f6d820100300c0603551d13040530030101ff300d06092a864886f70d01010405000381810033c00
b66b1e579ef73a06798252dab8d5e5511fc00fd276d80d12f834777c6743fdc2743fca1507704e4b
c0979e4f60ac3ad9ee83e6f347369229d1f77229ba2e982359da563024a00163dba6d6c986c0bad2
8af85132ff8f0d76501bf1b7c2dff658ce1e62c01997b6e64e3e8d4373354ce9912847651539063b
85bbc5485c516030100040e000000
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x3f7bc9050fd1d7c0e1b52be6695cdc51
Finished request 3
Going to the next request

Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.24.5:1645, id=55, length=141
        User-Name = "user"
        Framed-MTU = 1400
        Called-Station-Id = "001d.a174.d080"
        Calling-Station-Id = "0015.af38.2141"
        Service-Type = Login-User
        Message-Authenticator = 0x7bbd05f19b9bfe69ee989d67c1fa8536
        EAP-Message = 0x020600061900
        NAS-Port-Type = Wireless-802.11
        NAS-Port = 395
        NAS-Port-Id = "395"
        State = 0x3f7bc9050fd1d7c0e1b52be6695cdc51
        NAS-IP-Address = 192.168.24.5
        NAS-Identifier = "ap"
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 4
  modcall[authorize]: module "preprocess" returns ok for request 4
  rlm_eap: EAP packet type response id 6 length 6
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 4
radius_xlat:  'user'
rlm_sql (sql): sql_set_user escaped user --> 'user'
radius_xlat:  'SELECT id, UserName, Attribute, Value, op           FROM radcheck           WHERE Username = 'user'           ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 0
radius_xlat:  'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.
Value,radgroupcheck.op  FROM radgroupcheck,usergroup WHERE usergroup.Username = 'user' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'
radius_xlat:  'SELECT id, UserName, Attribute, Value, op           FROM radreply           WHERE Username = 'user'           ORDER BY id'
radius_xlat:  'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.
Value,radgroupreply.op  FROM radgroupreply,usergroup WHERE usergroup.Username = 'user' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id'
rlm_sql (sql): Released sql socket id: 0
  modcall[authorize]: module "sql" returns ok for request 4
modcall: leaving group authorize (returns updated) for request 4
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 4
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
  rlm_eap_tls: ack handshake fragment handler
  eaptls_verify returned 1
  eaptls_process returned 13
  rlm_eap_peap: EAPTLS_HANDLED
  modcall[authenticate]: module "eap" returns handled for request 4
modcall: leaving group authenticate (returns handled) for request 4
Sending Access-Challenge of id 55 to 192.168.24.5 port 1645
        Password = "pass"
        EAP-Message = 0x010700061900
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x9a2334c0c8ad4d54435d0fcf9d5b0dd8
Finished request 4
Going to the next request
--- Walking the entire request list ---
Waking up in 5 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 51 with timestamp 47600bfb
Cleaning up request 1 ID 52 with timestamp 47600bfb
Cleaning up request 2 ID 53 with timestamp 47600bfb
Cleaning up request 3 ID 54 with timestamp 47600bfb
Waking up in 1 seconds...
--- Walking the entire request list ---
Cleaning up request 4 ID 55 with timestamp 47600bfc
Nothing to do.  Sleeping until we see a request.

Дистриб debian etch, freeradius самосборный 1.1.7.

Если нужны какие либо конфиги я выложу.

Тут ещё поковырялся, теперь вижу такое:

modcall: entering group authenticate for request 8
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS
  eaptls_verify returned 7
  rlm_eap_tls: Done initial handshake
  eaptls_process returned 7
  rlm_eap_peap: EAPTLS_OK
  rlm_eap_peap: Session established.  Decoding tunneled attributes.
  rlm_eap_peap: Received EAP-TLV response.
  rlm_eap_peap: Tunneled data is valid.
  rlm_eap_peap: Success
  rlm_eap: Freeing handler
  modcall[authenticate]: module "eap" returns ok for request 8
modcall: leaving group authenticate (returns ok) for request 8
  Processing the post-auth section of radiusd.conf
modcall: entering group post-auth for request 8
rlm_sql (sql): Processing sql_postauth
radius_xlat:  'user'
rlm_sql (sql): sql_set_user escaped user --> 'user'
radius_xlat:  'INSERT into radpostauth (user, pass, reply, date) values ('user', 'Chap-Password', 'Access-Accept', NOW())'
rlm_sql (sql) in sql_postauth: query is INSERT into radpostauth (user, pass, reply, date) values ('user', 'Chap-Password', 'Access-Accept', NOW())
rlm_sql (sql): Reserving sql socket id: 1
rlm_sql (sql): Released sql socket id: 1
  modcall[post-auth]: module "sql" returns ok for request 8
modcall: leaving group post-auth (returns ok) for request 8
Sending Access-Accept of id 215 to 192.168.24.5 port 1645
        Framed-IP-Address = 192.168.25.6
        MS-MPPE-Recv-Key = 0x7506f5c122d9519a0f848c2e1dbddc042829ae5ea74e52c55a3188d5f22bbc31
        MS-MPPE-Send-Key = 0x31f659bcdbefded6e9d6ea71d5300b61221ba7b3b7bb7f924d24e58d3cb6824b
        EAP-Message = 0x030a0004
        Message-Authenticator = 0x00000000000000000000000000000000
        User-Name = "user"
Finished request 8
Going to the next request
Waking up in 6 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 207 with timestamp 47610849
Cleaning up request 1 ID 208 with timestamp 47610849
Cleaning up request 2 ID 209 with timestamp 47610849
Cleaning up request 3 ID 210 with timestamp 47610849
Cleaning up request 4 ID 211 with timestamp 47610849
Cleaning up request 5 ID 212 with timestamp 47610849
Cleaning up request 6 ID 213 with timestamp 47610849
Cleaning up request 7 ID 214 with timestamp 47610849
Cleaning up request 8 ID 215 with timestamp 47610849
Nothing to do.  Sleeping until we see a request.


т.е. получается что машина получает ИП из radreply, авторизация вроде как то же проходит нормально, но клиент не коннектиться %(((

Всё проблема решена. Были проблемы с настройками циски.