API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jan 23rd, 2016
473
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 27.67 KB | None | 0 0
raw download clone embed print report
  1. mohammed@linuxserver:~$ sudo freeradius -X
  2. FreeRADIUS Version 2.1.12, for host i686-pc-linux-gnu, built on Feb 27 2015 at 1 2:38:42
  3. Copyright (C) 1999-2009 The FreeRADIUS server project and contributors.
  4. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
  5. PARTICULAR PURPOSE.
  6. You may redistribute copies of FreeRADIUS under the terms of the
  7. GNU General Public License v2.
  8. Starting - reading configuration files ...
  9. including configuration file /etc/freeradius/radiusd.conf
  10. including configuration file /etc/freeradius/proxy.conf
  11. including configuration file /etc/freeradius/clients.conf
  12. including files in directory /etc/freeradius/modules/
  13. including configuration file /etc/freeradius/modules/detail
  14. including configuration file /etc/freeradius/modules/cui
  15. including configuration file /etc/freeradius/modules/smsotp
  16. including configuration file /etc/freeradius/modules/expiration
  17. including configuration file /etc/freeradius/modules/unix
  18. including configuration file /etc/freeradius/modules/replicate
  19. including configuration file /etc/freeradius/modules/detail.example.com
  20. including configuration file /etc/freeradius/modules/passwd
  21. including configuration file /etc/freeradius/modules/opendirectory
  22. including configuration file /etc/freeradius/modules/ippool
  23. including configuration file /etc/freeradius/modules/chap
  24. including configuration file /etc/freeradius/modules/mschap
  25. including configuration file /etc/freeradius/modules/soh
  26. including configuration file /etc/freeradius/modules/etc_group
  27. including configuration file /etc/freeradius/modules/logintime
  28. including configuration file /etc/freeradius/modules/radutmp
  29. including configuration file /etc/freeradius/modules/exec
  30. including configuration file /etc/freeradius/modules/counter
  31. including configuration file /etc/freeradius/modules/inner-eap
  32. including configuration file /etc/freeradius/modules/mac2vlan
  33. including configuration file /etc/freeradius/modules/files
  34. including configuration file /etc/freeradius/modules/perl
  35. including configuration file /etc/freeradius/modules/mac2ip
  36. including configuration file /etc/freeradius/modules/krb5
  37. including configuration file /etc/freeradius/modules/ntlm_auth
  38. including configuration file /etc/freeradius/modules/preprocess
  39. including configuration file /etc/freeradius/modules/ldap
  40. including configuration file /etc/freeradius/modules/sql_log
  41. including configuration file /etc/freeradius/modules/dynamic_clients
  42. including configuration file /etc/freeradius/modules/policy
  43. including configuration file /etc/freeradius/modules/smbpasswd
  44. including configuration file /etc/freeradius/modules/linelog
  45. including configuration file /etc/freeradius/modules/pap
  46. including configuration file /etc/freeradius/modules/sradutmp
  47. including configuration file /etc/freeradius/modules/always
  48. including configuration file /etc/freeradius/modules/pam
  49. including configuration file /etc/freeradius/modules/sqlcounter_expire_on_login
  50. including configuration file /etc/freeradius/modules/echo
  51. including configuration file /etc/freeradius/modules/rediswho
  52. including configuration file /etc/freeradius/modules/redis
  53. including configuration file /etc/freeradius/modules/attr_rewrite
  54. including configuration file /etc/freeradius/modules/realm
  55. including configuration file /etc/freeradius/modules/attr_filter
  56. including configuration file /etc/freeradius/modules/expr
  57. including configuration file /etc/freeradius/modules/otp
  58. including configuration file /etc/freeradius/modules/detail.log
  59. including configuration file /etc/freeradius/modules/digest
  60. including configuration file /etc/freeradius/modules/wimax
  61. including configuration file /etc/freeradius/modules/acct_unique
  62. including configuration file /etc/freeradius/modules/checkval
  63. including configuration file /etc/freeradius/eap.conf
  64. including configuration file /etc/freeradius/policy.conf
  65. including files in directory /etc/freeradius/sites-enabled/
  66. including configuration file /etc/freeradius/sites-enabled/default
  67. including configuration file /etc/freeradius/sites-enabled/inner-tunnel
  68. main {
  69. user = "freerad"
  70. group = "freerad"
  71. allow_core_dumps = no
  72. }
  73. including dictionary file /etc/freeradius/dictionary
  74. main {
  75. name = "freeradius"
  76. prefix = "/usr"
  77. localstatedir = "/var"
  78. sbindir = "/usr/sbin"
  79. logdir = "/var/log/freeradius"
  80. run_dir = "/var/run/freeradius"
  81. libdir = "/usr/lib/freeradius"
  82. radacctdir = "/var/log/freeradius/radacct"
  83. hostname_lookups = no
  84. max_request_time = 30
  85. cleanup_delay = 5
  86. max_requests = 1024
  87. pidfile = "/var/run/freeradius/freeradius.pid"
  88. checkrad = "/usr/sbin/checkrad"
  89. debug_level = 0
  90. proxy_requests = no
  91. log {
  92. stripped_names = no
  93. auth = no
  94. auth_badpass = no
  95. auth_goodpass = no
  96. }
  97. security {
  98. max_attributes = 200
  99. reject_delay = 1
  100. status_server = yes
  101. }
  102. }
  103. radiusd: #### Loading Realms and Home Servers ####
  104. proxy server {
  105. retry_delay = 5
  106. retry_count = 3
  107. default_fallback = no
  108. dead_time = 120
  109. wake_all_if_all_dead = no
  110. }
  111. home_server localhost {
  112. ipaddr = 127.0.0.1
  113. port = 1812
  114. type = "auth"
  115. secret = "testing123"
  116. response_window = 20
  117. max_outstanding = 65536
  118. require_message_authenticator = yes
  119. zombie_period = 40
  120. status_check = "status-server"
  121. ping_interval = 30
  122. check_interval = 30
  123. num_answers_to_alive = 3
  124. num_pings_to_alive = 3
  125. revive_interval = 120
  126. status_check_timeout = 4
  127. coa {
  128. irt = 2
  129. mrt = 16
  130. mrc = 5
  131. mrd = 30
  132. }
  133. }
  134. home_server_pool my_auth_failover {
  135. type = fail-over
  136. home_server = localhost
  137. }
  138. realm example.com {
  139. auth_pool = my_auth_failover
  140. }
  141. realm LOCAL {
  142. }
  143. radiusd: #### Loading Clients ####
  144. client localhost {
  145. ipaddr = 127.0.0.1
  146. require_message_authenticator = no
  147. secret = "testing123"
  148. nastype = "other"
  149. }
  150. client 192.168.1.0/24 {
  151. require_message_authenticator = no
  152. secret = "testing123"
  153. shortname = "private-network-1"
  154. }
  155. radiusd: #### Instantiating modules ####
  156. instantiate {
  157. Module: Linked to module rlm_exec
  158. Module: Instantiating module "exec" from file /etc/freeradius/modules/exec
  159. exec {
  160. wait = no
  161. input_pairs = "request"
  162. shell_escape = yes
  163. }
  164. Module: Linked to module rlm_expr
  165. Module: Instantiating module "expr" from file /etc/freeradius/modules/expr
  166. Module: Linked to module rlm_expiration
  167. Module: Instantiating module "expiration" from file /etc/freeradius/modules/exp iration
  168. expiration {
  169. reply-message = "Password Has Expired "
  170. }
  171. Module: Linked to module rlm_logintime
  172. Module: Instantiating module "logintime" from file /etc/freeradius/modules/logi ntime
  173. logintime {
  174. reply-message = "You are calling outside your allowed timespan "
  175. minimum-timeout = 60
  176. }
  177. }
  178. radiusd: #### Loading Virtual Servers ####
  179. server { # from file /etc/freeradius/radiusd.conf
  180. modules {
  181. Module: Creating Auth-Type = digest
  182. Module: Creating Auth-Type = LDAP
  183. Module: Creating Post-Auth-Type = REJECT
  184. Module: Checking authenticate {...} for more modules to load
  185. Module: Linked to module rlm_pap
  186. Module: Instantiating module "pap" from file /etc/freeradius/modules/pap
  187. pap {
  188. encryption_scheme = "auto"
  189. auto_header = no
  190. }
  191. Module: Linked to module rlm_chap
  192. Module: Instantiating module "chap" from file /etc/freeradius/modules/chap
  193. Module: Linked to module rlm_mschap
  194. Module: Instantiating module "mschap" from file /etc/freeradius/modules/mschap
  195. mschap {
  196. use_mppe = yes
  197. require_encryption = no
  198. require_strong = no
  199. with_ntdomain_hack = no
  200. allow_retry = yes
  201. }
  202. Module: Linked to module rlm_digest
  203. Module: Instantiating module "digest" from file /etc/freeradius/modules/digest
  204. Module: Linked to module rlm_unix
  205. Module: Instantiating module "unix" from file /etc/freeradius/modules/unix
  206. unix {
  207. radwtmp = "/var/log/freeradius/radwtmp"
  208. }
  209. Module: Linked to module rlm_ldap
  210. Module: Instantiating module "ldap" from file /etc/freeradius/modules/ldap
  211. ldap {
  212. server = "192.168.1.110"
  213. port = 389
  214. password = "M13n14e5"
  215. identity = "cn=admin,dc=example,dc=com"
  216. net_timeout = 1
  217. timeout = 4
  218. timelimit = 3
  219. tls_mode = no
  220. start_tls = no
  221. tls_require_cert = "allow"
  222. tls {
  223. start_tls = no
  224. require_cert = "allow"
  225. }
  226. basedn = "ou=people,dc=example,dc=com"
  227. filter = "(uniqueIdentifier=%{%{Stripped-User-Name}:-%{User-Name}})"
  228. base_filter = "(objectclass=radiusprofile)"
  229. auto_header = no
  230. access_attr_used_for_allow = yes
  231. groupname_attribute = "cn"
  232. groupmembership_filter = "(|(&(objectClass=GroupOfNames)(member=%{Ldap-U serDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))"
  233. dictionary_mapping = "/etc/freeradius/ldap.attrmap"
  234. ldap_debug = 0
  235. ldap_connections_number = 5
  236. compare_check_items = no
  237. do_xlat = yes
  238. edir_account_policy_check = no
  239. set_auth_type = yes
  240. keepalive {
  241. idle = 60
  242. probes = 3
  243. interval = 3
  244. }
  245. }
  246. rlm_ldap: Registering ldap_groupcmp for Ldap-Group
  247. rlm_ldap: Registering ldap_xlat with xlat_name ldap
  248. rlm_ldap: reading ldap<->radius mappings from file /etc/freeradius/ldap.attrmap
  249. rlm_ldap: LDAP radiusCheckItem mapped to RADIUS $GENERIC$
  250. rlm_ldap: LDAP radiusReplyItem mapped to RADIUS $GENERIC$
  251. rlm_ldap: LDAP radiusAuthType mapped to RADIUS Auth-Type
  252. rlm_ldap: LDAP radiusSimultaneousUse mapped to RADIUS Simultaneous-Use
  253. rlm_ldap: LDAP radiusCalledStationId mapped to RADIUS Called-Station-Id
  254. rlm_ldap: LDAP radiusCallingStationId mapped to RADIUS Calling-Station-Id
  255. rlm_ldap: LDAP lmPassword mapped to RADIUS LM-Password
  256. rlm_ldap: LDAP ntPassword mapped to RADIUS NT-Password
  257. rlm_ldap: LDAP sambaLmPassword mapped to RADIUS LM-Password
  258. rlm_ldap: LDAP sambaNtPassword mapped to RADIUS NT-Password
  259. rlm_ldap: LDAP dBCSPwd mapped to RADIUS LM-Password
  260. rlm_ldap: LDAP userPassword mapped to RADIUS Password-With-Header
  261. rlm_ldap: LDAP acctFlags mapped to RADIUS SMB-Account-CTRL-TEXT
  262. rlm_ldap: LDAP radiusExpiration mapped to RADIUS Expiration
  263. rlm_ldap: LDAP radiusNASIpAddress mapped to RADIUS NAS-IP-Address
  264. rlm_ldap: LDAP uniqueIdentifier mapped to RADIUS Pool-Name
  265. rlm_ldap: LDAP radiusServiceType mapped to RADIUS Service-Type
  266. rlm_ldap: LDAP radiusFramedProtocol mapped to RADIUS Framed-Protocol
  267. rlm_ldap: LDAP radiusFramedIPAddress mapped to RADIUS Framed-IP-Address
  268. rlm_ldap: LDAP radiusFramedIPNetmask mapped to RADIUS Framed-IP-Netmask
  269. rlm_ldap: LDAP radiusFramedRoute mapped to RADIUS Framed-Route
  270. rlm_ldap: LDAP radiusFramedRouting mapped to RADIUS Framed-Routing
  271. rlm_ldap: LDAP radiusFilterId mapped to RADIUS Filter-Id
  272. rlm_ldap: LDAP radiusFramedMTU mapped to RADIUS Framed-MTU
  273. rlm_ldap: LDAP radiusFramedCompression mapped to RADIUS Framed-Compression
  274. rlm_ldap: LDAP radiusLoginIPHost mapped to RADIUS Login-IP-Host
  275. rlm_ldap: LDAP radiusLoginService mapped to RADIUS Login-Service
  276. rlm_ldap: LDAP radiusLoginTCPPort mapped to RADIUS Login-TCP-Port
  277. rlm_ldap: LDAP radiusCallbackNumber mapped to RADIUS Callback-Number
  278. rlm_ldap: LDAP radiusCallbackId mapped to RADIUS Callback-Id
  279. rlm_ldap: LDAP radiusFramedIPXNetwork mapped to RADIUS Framed-IPX-Network
  280. rlm_ldap: LDAP radiusClass mapped to RADIUS Class
  281. rlm_ldap: LDAP radiusSessionTimeout mapped to RADIUS Session-Timeout
  282. rlm_ldap: LDAP radiusIdleTimeout mapped to RADIUS Idle-Timeout
  283. rlm_ldap: LDAP radiusTerminationAction mapped to RADIUS Termination-Action
  284. rlm_ldap: LDAP radiusLoginLATService mapped to RADIUS Login-LAT-Service
  285. rlm_ldap: LDAP radiusLoginLATNode mapped to RADIUS Login-LAT-Node
  286. rlm_ldap: LDAP radiusLoginLATGroup mapped to RADIUS Login-LAT-Group
  287. rlm_ldap: LDAP radiusFramedAppleTalkLink mapped to RADIUS Framed-AppleTalk-Link
  288. rlm_ldap: LDAP radiusFramedAppleTalkNetwork mapped to RADIUS Framed-AppleTalk-Ne twork
  289. rlm_ldap: LDAP radiusFramedAppleTalkZone mapped to RADIUS Framed-AppleTalk-Zone
  290. rlm_ldap: LDAP radiusPortLimit mapped to RADIUS Port-Limit
  291. rlm_ldap: LDAP radiusLoginLATPort mapped to RADIUS Login-LAT-Port
  292. rlm_ldap: LDAP radiusReplyMessage mapped to RADIUS Reply-Message
  293. rlm_ldap: LDAP radiusTunnelType mapped to RADIUS Tunnel-Type
  294. rlm_ldap: LDAP radiusTunnelMediumType mapped to RADIUS Tunnel-Medium-Type
  295. rlm_ldap: LDAP radiusTunnelPrivateGroupId mapped to RADIUS Tunnel-Private-Group- Id
  296. conns: 0x935d438
  297. Module: Linked to module rlm_eap
  298. Module: Instantiating module "eap" from file /etc/freeradius/eap.conf
  299. eap {
  300. default_eap_type = "ttls"
  301. timer_expire = 60
  302. ignore_unknown_eap_types = no
  303. cisco_accounting_username_bug = no
  304. max_sessions = 4096
  305. }
  306. Module: Linked to sub-module rlm_eap_md5
  307. Module: Instantiating eap-md5
  308. Module: Linked to sub-module rlm_eap_leap
  309. Module: Instantiating eap-leap
  310. Module: Linked to sub-module rlm_eap_gtc
  311. Module: Instantiating eap-gtc
  312. gtc {
  313. challenge = "Password: "
  314. auth_type = "PAP"
  315. }
  316. Module: Linked to sub-module rlm_eap_tls
  317. Module: Instantiating eap-tls
  318. tls {
  319. rsa_key_exchange = no
  320. dh_key_exchange = yes
  321. rsa_key_length = 512
  322. dh_key_length = 512
  323. verify_depth = 0
  324. CA_path = "/etc/freeradius/certs"
  325. pem_file_type = yes
  326. private_key_file = "/etc/freeradius/certs/server.key"
  327. certificate_file = "/etc/freeradius/certs/server.pem"
  328. CA_file = "/etc/freeradius/certs/ca.pem"
  329. private_key_password = "whatever"
  330. dh_file = "/etc/freeradius/certs/dh"
  331. random_file = "/dev/urandom"
  332. fragment_size = 1024
  333. include_length = yes
  334. check_crl = no
  335. cipher_list = "DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA"
  336. make_cert_command = "/etc/freeradius/certs/bootstrap"
  337. ecdh_curve = "prime256v1"
  338. cache {
  339. enable = no
  340. lifetime = 24
  341. max_entries = 255
  342. }
  343. verify {
  344. }
  345. ocsp {
  346. enable = no
  347. override_cert_url = yes
  348. url = "http://127.0.0.1/ocsp/"
  349. }
  350. }
  351. Module: Linked to sub-module rlm_eap_ttls
  352. Module: Instantiating eap-ttls
  353. ttls {
  354. default_eap_type = "mschapv2"
  355. copy_request_to_tunnel = no
  356. use_tunneled_reply = no
  357. virtual_server = "inner-tunnel"
  358. include_length = yes
  359. }
  360. Module: Linked to sub-module rlm_eap_peap
  361. Module: Instantiating eap-peap
  362. peap {
  363. default_eap_type = "mschapv2"
  364. copy_request_to_tunnel = no
  365. use_tunneled_reply = no
  366. proxy_tunneled_request_as_eap = yes
  367. virtual_server = "inner-tunnel"
  368. soh = no
  369. }
  370. Module: Linked to sub-module rlm_eap_mschapv2
  371. Module: Instantiating eap-mschapv2
  372. mschapv2 {
  373. with_ntdomain_hack = no
  374. send_error = no
  375. }
  376. Module: Checking authorize {...} for more modules to load
  377. Module: Linked to module rlm_preprocess
  378. Module: Instantiating module "preprocess" from file /etc/freeradius/modules/pre process
  379. preprocess {
  380. huntgroups = "/etc/freeradius/huntgroups"
  381. hints = "/etc/freeradius/hints"
  382. with_ascend_hack = no
  383. ascend_channels_per_line = 23
  384. with_ntdomain_hack = no
  385. with_specialix_jetstream_hack = no
  386. with_cisco_vsa_hack = no
  387. with_alvarion_vsa_hack = no
  388. }
  389. Module: Linked to module rlm_realm
  390. Module: Instantiating module "suffix" from file /etc/freeradius/modules/realm
  391. realm suffix {
  392. format = "suffix"
  393. delimiter = "@"
  394. ignore_default = no
  395. ignore_null = no
  396. }
  397. Module: Linked to module rlm_files
  398. Module: Instantiating module "files" from file /etc/freeradius/modules/files
  399. files {
  400. usersfile = "/etc/freeradius/users"
  401. acctusersfile = "/etc/freeradius/acct_users"
  402. preproxy_usersfile = "/etc/freeradius/preproxy_users"
  403. compat = "no"
  404. }
  405. Module: Checking preacct {...} for more modules to load
  406. Module: Linked to module rlm_acct_unique
  407. Module: Instantiating module "acct_unique" from file /etc/freeradius/modules/ac ct_unique
  408. acct_unique {
  409. key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NA S-Port"
  410. }
  411. Module: Checking accounting {...} for more modules to load
  412. Module: Linked to module rlm_detail
  413. Module: Instantiating module "detail" from file /etc/freeradius/modules/detail
  414. detail {
  415. detailfile = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{ Packet-Src-IPv6-Address}}/detail-%Y%m%d"
  416. header = "%t"
  417. detailperm = 384
  418. dirperm = 493
  419. locking = no
  420. log_packet_header = no
  421. }
  422. Module: Linked to module rlm_radutmp
  423. Module: Instantiating module "radutmp" from file /etc/freeradius/modules/radutm p
  424. radutmp {
  425. filename = "/var/log/freeradius/radutmp"
  426. username = "%{User-Name}"
  427. case_sensitive = yes
  428. check_with_nas = yes
  429. perm = 384
  430. callerid = yes
  431. }
  432. Module: Linked to module rlm_attr_filter
  433. Module: Instantiating module "attr_filter.accounting_response" from file /etc/f reeradius/modules/attr_filter
  434. attr_filter attr_filter.accounting_response {
  435. attrsfile = "/etc/freeradius/attrs.accounting_response"
  436. key = "%{User-Name}"
  437. relaxed = no
  438. }
  439. Module: Checking session {...} for more modules to load
  440. Module: Checking post-proxy {...} for more modules to load
  441. Module: Checking post-auth {...} for more modules to load
  442. Module: Linked to module rlm_ippool
  443. Module: Instantiating module "main_pool" from file /etc/freeradius/modules/ippo ol
  444. ippool main_pool {
  445. session-db = "/etc/freeradius/db.ippool"
  446. ip-index = "/etc/freeradius/db.ipindex"
  447. key = "%{NAS-IP-Address} %{NAS-Port}"
  448. range-start = 192.168.1.1
  449. range-stop = 192.168.3.254
  450. netmask = 255.255.255.0
  451. cache-size = 800
  452. override = no
  453. maximum-timeout = 0
  454. }
  455. Module: Instantiating module "attr_filter.access_reject" from file /etc/freerad ius/modules/attr_filter
  456. attr_filter attr_filter.access_reject {
  457. attrsfile = "/etc/freeradius/attrs.access_reject"
  458. key = "%{User-Name}"
  459. relaxed = no
  460. }
  461. } # modules
  462. } # server
  463. server inner-tunnel { # from file /etc/freeradius/sites-enabled/inner-tunnel
  464. modules {
  465. Module: Checking authenticate {...} for more modules to load
  466. Module: Checking authorize {...} for more modules to load
  467. Module: Checking session {...} for more modules to load
  468. Module: Checking post-proxy {...} for more modules to load
  469. Module: Checking post-auth {...} for more modules to load
  470. } # modules
  471. } # server
  472. radiusd: #### Opening IP addresses and Ports ####
  473. listen {
  474. type = "auth"
  475. ipaddr = *
  476. port = 0
  477. }
  478. listen {
  479. type = "acct"
  480. ipaddr = *
  481. port = 0
  482. }
  483. listen {
  484. type = "auth"
  485. ipaddr = 127.0.0.1
  486. port = 18120
  487. }
  488. Listening on authentication address * port 1812
  489. Listening on accounting address * port 1813
  490. Listening on authentication address 127.0.0.1 port 18120 as server inner-tunnel
  491. Ready to process requests.
  492. rad_recv: Access-Request packet from host 192.168.1.1 port 59319, id=240, length =211
  493. User-Name = "alice@mneserver.mooo.com"
  494. NAS-IP-Address = 0.0.0.0
  495. Called-Station-Id = "A2-F3-C1-67-EC-68:MNE-Guests"
  496. NAS-Port-Type = Wireless-802.11
  497. NAS-Port = 1
  498. Calling-Station-Id = "48-D2-24-3F-55-D4"
  499. Connect-Info = "CONNECT 54Mbps 802.11g"
  500. Acct-Session-Id = "56A2E162-00000030"
  501. Framed-MTU = 1400
  502. EAP-Message = 0x021e001d01616c696365406d6e657365727665722e6d6f6f6f2e636f 6d
  503. Message-Authenticator = 0xd8fadb08f7b12c01945d0f8fea2cc7e1
  504. # Executing section authorize from file /etc/freeradius/sites-enabled/default
  505. +- entering group authorize {...}
  506. ++[preprocess] returns ok
  507. ++[chap] returns noop
  508. ++[mschap] returns noop
  509. ++[digest] returns noop
  510. [suffix] Looking up realm "mneserver.mooo.com" for User-Name = "alice@mneserver. mooo.com"
  511. [suffix] No such realm "mneserver.mooo.com"
  512. ++[suffix] returns noop
  513. [eap] EAP packet type response id 30 length 29
  514. [eap] No EAP Start, assuming it's an on-going EAP conversation
  515. ++[eap] returns updated
  516. ++[files] returns noop
  517. [ldap] performing user authorization for alice@mneserver.mooo.com
  518. [ldap] expand: %{Stripped-User-Name} ->
  519. [ldap] ... expanding second conditional
  520. [ldap] expand: %{User-Name} -> alice@mneserver.mooo.com
  521. [ldap] expand: (uniqueIdentifier=%{%{Stripped-User-Name}:-%{User-Name}}) -> (un iqueIdentifier=alice@mneserver.mooo.com)
  522. [ldap] expand: ou=people,dc=example,dc=com -> ou=people,dc=example,dc=com
  523. [ldap] ldap_get_conn: Checking Id: 0
  524. [ldap] ldap_get_conn: Got Id: 0
  525. [ldap] attempting LDAP reconnection
  526. [ldap] (re)connect to 192.168.1.110:389, authentication 0
  527. [ldap] bind as cn=admin,dc=example,dc=com/M13n14e5 to 192.168.1.110:389
  528. [ldap] waiting for bind result ...
  529. [ldap] Bind was successful
  530. [ldap] performing search in ou=people,dc=example,dc=com, with filter (uniqueId entifier=alice@mneserver.mooo.com)
  531. [ldap] No default NMAS login sequence
  532. [ldap] looking for check items in directory...
  533. [ldap] uniqueIdentifier -> Pool-Name == "alice@mneserver.mooo.com"
  534. [ldap] userPassword -> Password-With-Header == "{MD5}b49XcVCQ2iYyRTmI2aFQGw=="
  535. [ldap] looking for reply items in directory...
  536. [ldap] user alice@mneserver.mooo.com authorized to use remote access
  537. [ldap] ldap_release_conn: Release Id: 0
  538. ++[ldap] returns ok
  539. ++[expiration] returns noop
  540. ++[logintime] returns noop
  541. [pap] WARNING: Auth-Type already set. Not setting to PAP
  542. ++[pap] returns noop
  543. Found Auth-Type = EAP
  544. # Executing group from file /etc/freeradius/sites-enabled/default
  545. +- entering group authenticate {...}
  546. [eap] EAP Identity
  547. [eap] processing type tls
  548. [tls] Initiate
  549. [tls] Start returned 1
  550. ++[eap] returns handled
  551. Sending Access-Challenge of id 240 to 192.168.1.1 port 59319
  552. EAP-Message = 0x011f00061520
  553. Message-Authenticator = 0x00000000000000000000000000000000
  554. State = 0x3ad924243ac63141dcee8e838b87b8d9
  555. Finished request 0.
  556. Going to the next request
  557. Waking up in 4.9 seconds.
  558. rad_recv: Access-Request packet from host 192.168.1.1 port 59319, id=241, length =369
  559. User-Name = "alice@mneserver.mooo.com"
  560. NAS-IP-Address = 0.0.0.0
  561. Called-Station-Id = "A2-F3-C1-67-EC-68:MNE-Guests"
  562. NAS-Port-Type = Wireless-802.11
  563. NAS-Port = 1
  564. Calling-Station-Id = "48-D2-24-3F-55-D4"
  565. Connect-Info = "CONNECT 54Mbps 802.11g"
  566. Acct-Session-Id = "56A2E162-00000030"
  567. Framed-MTU = 1400
  568. EAP-Message = 0x021f00a915800000009f160303009a01000096030356a3fe3864cf8f 8698afb0762e8d2d34e472522c4f71856d0f00906e155288c7000038c02cc02bc030c02f009f009e c024c023c028c027c00ac009c014c013009d009c003d003c0035002f000a006a0040003800320013 0005000401000035000a0006000400170018000b00020100000d0014001204010501020104030503 02030202060106030023000000170000ff01000100
  569. State = 0x3ad924243ac63141dcee8e838b87b8d9
  570. Message-Authenticator = 0xb8be4749a4389f5087710672acba4ca7
  571. # Executing section authorize from file /etc/freeradius/sites-enabled/default
  572. +- entering group authorize {...}
  573. ++[preprocess] returns ok
  574. ++[chap] returns noop
  575. ++[mschap] returns noop
  576. ++[digest] returns noop
  577. [suffix] Looking up realm "mneserver.mooo.com" for User-Name = "alice@mneserver. mooo.com"
  578. [suffix] No such realm "mneserver.mooo.com"
  579. ++[suffix] returns noop
  580. [eap] EAP packet type response id 31 length 169
  581. [eap] Continuing tunnel setup.
  582. ++[eap] returns ok
  583. Found Auth-Type = EAP
  584. # Executing group from file /etc/freeradius/sites-enabled/default
  585. +- entering group authenticate {...}
  586. [eap] Request found, released from the list
  587. [eap] EAP/ttls
  588. [eap] processing type ttls
  589. [ttls] Authenticate
  590. [ttls] processing EAP-TLS
  591. TLS Length 159
  592. [ttls] Length Included
  593. [ttls] eaptls_verify returned 11
  594. [ttls] (other): before/accept initialization
  595. [ttls] TLS_accept: before/accept initialization
  596. [ttls] <<< TLS 1.0 Handshake [length 009a], ClientHello
  597. [ttls] >>> TLS 1.0 Alert [length 0002], fatal handshake_failure
  598. TLS Alert write:fatal:handshake failure
  599. TLS_accept: error in SSLv3 read client hello C
  600. rlm_eap: SSL error error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared c ipher
  601. SSL: SSL_read failed in a system call (-1), TLS session fails.
  602. TLS receive handshake failed during operation
  603. [ttls] eaptls_process returned 4
  604. [eap] Handler failed in EAP/ttls
  605. [eap] Failed in EAP select
  606. ++[eap] returns invalid
  607. Failed to authenticate the user.
  608. Using Post-Auth-Type Reject
  609. # Executing group from file /etc/freeradius/sites-enabled/default
  610. +- entering group REJECT {...}
  611. [attr_filter.access_reject] expand: %{User-Name} -> alice@mneserver.mooo.com
  612. attr_filter: Matched entry DEFAULT at line 11
  613. ++[attr_filter.access_reject] returns updated
  614. Delaying reject of request 1 for 1 seconds
  615. Going to the next request
  616. Waking up in 0.9 seconds.
  617. Sending delayed reject for request 1
  618. Sending Access-Reject of id 241 to 192.168.1.1 port 59319
  619. EAP-Message = 0x041f0004
  620. Message-Authenticator = 0x00000000000000000000000000000000
  621. Waking up in 3.9 seconds.
  622. Cleaning up request 0 ID 240 with timestamp +10
  623. Waking up in 1.0 seconds.
  624. Cleaning up request 1 ID 241 with timestamp +10
  625. Ready to process requests.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!