API tools faq
paste
Advertisement
Guest User

radius debug output

a guest
Jan 28th, 2014
61
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 25.45 KB | None | 0 0
raw download clone embed print report
  1. [root@spacewalk ~]# radiusd -X
  2. radiusd: FreeRADIUS Version 3.0.1, for host x86_64-redhat-linux-gnu, built on Jan 27 2014 at 11:27:40
  3. Copyright (C) 1999-2014 The FreeRADIUS server project and contributors
  4. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
  5. PARTICULAR PURPOSE
  6. You may redistribute copies of FreeRADIUS under the terms of the
  7. GNU General Public License
  8. For more information about these matters, see the file named COPYRIGHT
  9. Starting - reading configuration files ...
  10. including dictionary file /etc/raddb/dictionary
  11. including configuration file /etc/raddb/radiusd.conf
  12. including configuration file /etc/raddb/proxy.conf
  13. including configuration file /etc/raddb/clients.conf
  14. including files in directory /etc/raddb/mods-enabled/
  15. including configuration file /etc/raddb/mods-enabled/perl
  16. including configuration file /etc/raddb/mods-enabled/pam
  17. including configuration file /etc/raddb/mods-enabled/attr_filter
  18. including configuration file /etc/raddb/mods-enabled/unix
  19. including configuration file /etc/raddb/mods-enabled/always
  20. including configuration file /etc/raddb/mods-enabled/ldap
  21. including configuration file /etc/raddb/mods-enabled/passwd
  22. including configuration file /etc/raddb/mods-enabled/echo
  23. including configuration file /etc/raddb/mods-enabled/expiration
  24. including configuration file /etc/raddb/mods-enabled/preprocess
  25. including configuration file /etc/raddb/mods-enabled/files
  26. including configuration file /etc/raddb/mods-enabled/exec
  27. including configuration file /etc/raddb/mods-enabled/sradutmp
  28. including configuration file /etc/raddb/mods-enabled/detail.log
  29. including configuration file /etc/raddb/mods-enabled/realm
  30. including configuration file /etc/raddb/mods-enabled/detail
  31. including configuration file /etc/raddb/mods-enabled/krb5
  32. including configuration file /etc/raddb/mods-enabled/digest
  33. including configuration file /etc/raddb/mods-enabled/pap
  34. including configuration file /etc/raddb/mods-enabled/expr
  35. including configuration file /etc/raddb/mods-enabled/counter
  36. including configuration file /etc/raddb/mods-enabled/logintime
  37. including configuration file /etc/raddb/mods-enabled/utf8
  38. including configuration file /etc/raddb/mods-enabled/radutmp
  39. including files in directory /etc/raddb/policy.d/
  40. including configuration file /etc/raddb/policy.d/eap
  41. including configuration file /etc/raddb/policy.d/operator-name
  42. including configuration file /etc/raddb/policy.d/cui
  43. including configuration file /etc/raddb/policy.d/control
  44. including configuration file /etc/raddb/policy.d/dhcp
  45. including configuration file /etc/raddb/policy.d/filter
  46. including configuration file /etc/raddb/policy.d/accounting
  47. including configuration file /etc/raddb/policy.d/canonicalization
  48. including files in directory /etc/raddb/sites-enabled/
  49. including configuration file /etc/raddb/sites-enabled/default
  50. main {
  51. security {
  52. user = "radiusd"
  53. group = "radiusd"
  54. allow_core_dumps = no
  55. }
  56. }
  57. main {
  58. name = "radiusd"
  59. prefix = "/usr"
  60. localstatedir = "/var"
  61. sbindir = "/usr/sbin"
  62. logdir = "/var/log/radius"
  63. run_dir = "/var/run/radiusd"
  64. libdir = "/usr/lib64/freeradius"
  65. radacctdir = "/var/log/radius/radacct"
  66. hostname_lookups = no
  67. max_request_time = 30
  68. cleanup_delay = 5
  69. max_requests = 1024
  70. pidfile = "/var/run/radiusd/radiusd.pid"
  71. checkrad = "/usr/sbin/checkrad"
  72. debug_level = 0
  73. proxy_requests = yes
  74. log {
  75. stripped_names = no
  76. auth = yes
  77. auth_badpass = no
  78. auth_goodpass = no
  79. colourise = yes
  80. }
  81. security {
  82. max_attributes = 200
  83. reject_delay = 1
  84. status_server = yes
  85. }
  86. }
  87. radiusd: #### Loading Realms and Home Servers ####
  88. proxy server {
  89. retry_delay = 5
  90. retry_count = 3
  91. default_fallback = no
  92. dead_time = 120
  93. wake_all_if_all_dead = no
  94. }
  95. home_server yubi_221_mcs {
  96. ipaddr = 10.0.6.30
  97. port = 1812
  98. type = "auth"
  99. secret = "secret"
  100. response_window = 20
  101. max_outstanding = 65536
  102. zombie_period = 40
  103. status_check = "status-server"
  104. ping_interval = 30
  105. check_interval = 30
  106. num_answers_to_alive = 3
  107. revive_interval = 120
  108. status_check_timeout = 4
  109. coa {
  110. irt = 2
  111. mrt = 16
  112. mrc = 5
  113. mrd = 30
  114. }
  115. limit {
  116. max_connections = 16
  117. max_requests = 0
  118. lifetime = 0
  119. idle_timeout = 0
  120. }
  121. }
  122. home_server yubi_240_mcs {
  123. ipaddr = 10.0.8.14
  124. port = 1812
  125. type = "auth"
  126. secret = "secret"
  127. response_window = 20
  128. max_outstanding = 65536
  129. zombie_period = 40
  130. status_check = "status-server"
  131. ping_interval = 30
  132. check_interval = 30
  133. num_answers_to_alive = 3
  134. revive_interval = 120
  135. status_check_timeout = 4
  136. coa {
  137. irt = 2
  138. mrt = 16
  139. mrc = 5
  140. mrd = 30
  141. }
  142. limit {
  143. max_connections = 16
  144. max_requests = 0
  145. lifetime = 0
  146. idle_timeout = 0
  147. }
  148. }
  149. home_server_pool yubikey_mcs {
  150. type = fail-over
  151. home_server = yubi_221_mcs
  152. home_server = yubi_240_mcs
  153. }
  154. realm yubiauth.example.com {
  155. auth_pool = yubikey_mcs
  156. }
  157. realm LOCAL {
  158. }
  159. realm NULL {
  160. }
  161. radiusd: #### Loading Clients ####
  162. client 127.0.0.1 {
  163. require_message_authenticator = no
  164. secret = "test"
  165. shortname = "local-test"
  166. limit {
  167. max_connections = 16
  168. lifetime = 0
  169. idle_timeout = 30
  170. }
  171. }
  172. client 10.0.0.0/17 {
  173. require_message_authenticator = no
  174. secret = "secret"
  175. shortname = "Desktop-Server_Logins"
  176. nas_type = "other"
  177. limit {
  178. max_connections = 16
  179. lifetime = 0
  180. idle_timeout = 30
  181. }
  182. }
  183. radiusd: #### Instantiating modules ####
  184. instantiate {
  185. }
  186. modules {
  187. # Loaded module rlm_perl
  188. # Instantiating module "perl" from file /etc/raddb/mods-enabled/perl
  189. perl {
  190. filename = "/etc/raddb/scripts/get_domain"
  191. func_authorize = "authorize"
  192. func_authenticate = "authenticate"
  193. func_post_auth = "post_auth"
  194. func_accounting = "accounting"
  195. func_preacct = "preacct"
  196. func_checksimul = "checksimul"
  197. func_detach = "detach"
  198. func_xlat = "xlat"
  199. func_pre_proxy = "pre_proxy"
  200. func_post_proxy = "post_proxy"
  201. func_recv_coa = "recv_coa"
  202. func_send_coa = "send_coa"
  203. }
  204. # Loaded module rlm_pam
  205. # Instantiating module "pam" from file /etc/raddb/mods-enabled/pam
  206. pam {
  207. pam_auth = "radiusd"
  208. }
  209. # Loaded module rlm_attr_filter
  210. # Instantiating module "attr_filter.post-proxy" from file /etc/raddb/mods-enabled/attr_filter
  211. attr_filter attr_filter.post-proxy {
  212. filename = "/etc/raddb/mods-config/attr_filter/post-proxy"
  213. key = "%{Realm}"
  214. relaxed = no
  215. }
  216. reading pairlist file /etc/raddb/mods-config/attr_filter/post-proxy
  217. # Instantiating module "attr_filter.pre-proxy" from file /etc/raddb/mods-enabled/attr_filter
  218. attr_filter attr_filter.pre-proxy {
  219. filename = "/etc/raddb/mods-config/attr_filter/pre-proxy"
  220. key = "%{Realm}"
  221. relaxed = no
  222. }
  223. reading pairlist file /etc/raddb/mods-config/attr_filter/pre-proxy
  224. # Instantiating module "attr_filter.access_reject" from file /etc/raddb/mods-enabled/attr_filter
  225. attr_filter attr_filter.access_reject {
  226. filename = "/etc/raddb/mods-config/attr_filter/access_reject"
  227. key = "%{User-Name}"
  228. relaxed = no
  229. }
  230. reading pairlist file /etc/raddb/mods-config/attr_filter/access_reject
  231. # Instantiating module "attr_filter.access_challenge" from file /etc/raddb/mods-enabled/attr_filter
  232. attr_filter attr_filter.access_challenge {
  233. filename = "/etc/raddb/mods-config/attr_filter/access_challenge"
  234. key = "%{User-Name}"
  235. relaxed = no
  236. }
  237. reading pairlist file /etc/raddb/mods-config/attr_filter/access_challenge
  238. # Instantiating module "attr_filter.accounting_response" from file /etc/raddb/mods-enabled/attr_filter
  239. attr_filter attr_filter.accounting_response {
  240. filename = "/etc/raddb/mods-config/attr_filter/accounting_response"
  241. key = "%{User-Name}"
  242. relaxed = no
  243. }
  244. reading pairlist file /etc/raddb/mods-config/attr_filter/accounting_response
  245. # Loaded module rlm_unix
  246. # Instantiating module "unix" from file /etc/raddb/mods-enabled/unix
  247. unix {
  248. radwtmp = "/var/log/radius/radwtmp"
  249. }
  250. # Loaded module rlm_always
  251. # Instantiating module "fail" from file /etc/raddb/mods-enabled/always
  252. always fail {
  253. rcode = "fail"
  254. simulcount = 0
  255. mpp = no
  256. }
  257. # Instantiating module "reject" from file /etc/raddb/mods-enabled/always
  258. always reject {
  259. rcode = "reject"
  260. simulcount = 0
  261. mpp = no
  262. }
  263. # Instantiating module "noop" from file /etc/raddb/mods-enabled/always
  264. always noop {
  265. rcode = "noop"
  266. simulcount = 0
  267. mpp = no
  268. }
  269. # Instantiating module "handled" from file /etc/raddb/mods-enabled/always
  270. always handled {
  271. rcode = "handled"
  272. simulcount = 0
  273. mpp = no
  274. }
  275. # Instantiating module "updated" from file /etc/raddb/mods-enabled/always
  276. always updated {
  277. rcode = "updated"
  278. simulcount = 0
  279. mpp = no
  280. }
  281. # Instantiating module "notfound" from file /etc/raddb/mods-enabled/always
  282. always notfound {
  283. rcode = "notfound"
  284. simulcount = 0
  285. mpp = no
  286. }
  287. # Instantiating module "ok" from file /etc/raddb/mods-enabled/always
  288. always ok {
  289. rcode = "ok"
  290. simulcount = 0
  291. mpp = no
  292. }
  293. # Loaded module rlm_ldap
  294. # Instantiating module "ldap" from file /etc/raddb/mods-enabled/ldap
  295. ldap {
  296. server = "kerdap-stage.example.com"
  297. port = 389
  298. password = ""
  299. identity = ""
  300. user {
  301. filter = "(&(objectClass=posixAccount)(uid=%{%{Stripped-User-Name}:-%{User-Name}}))"
  302. scope = "sub"
  303. base_dn = "ou=people,dc=example,dc=com"
  304. access_positive = yes
  305. }
  306. group {
  307. filter = "(objectClass=posixGroup)"
  308. scope = "sub"
  309. base_dn = "ou=groups,dc=example,dc=com"
  310. name_attribute = "cn"
  311. membership_filter = "(&(objectClass=posixGroup)(memberUid=%{%{Stripped-User-Name}:-%{User-Name}}))"
  312. cacheable_name = no
  313. cacheable_dn = no
  314. }
  315. client {
  316. filter = "(objectClass=frClient)"
  317. scope = "sub"
  318. base_dn = "dc=example,dc=com"
  319. attribute {
  320. identifier = "radiusClientIdentifier"
  321. shortname = "cn"
  322. secret = "radiusClientSecret"
  323. }
  324. }
  325. profile {
  326. filter = "(&)"
  327. }
  328. options {
  329. ldap_debug = 40
  330. chase_referrals = yes
  331. rebind = yes
  332. net_timeout = 1
  333. res_timeout = 20
  334. srv_timelimit = 20
  335. idle = 60
  336. probes = 3
  337. interval = 3
  338. }
  339. tls {
  340. start_tls = yes
  341. }
  342. }
  343. accounting {
  344. reference = "%{tolower:type.%{Acct-Status-Type}}"
  345. }
  346. post-auth {
  347. reference = "."
  348. }
  349. rlm_ldap (ldap): Initialising connection pool
  350. pool {
  351. start = 5
  352. min = 4
  353. max = 10
  354. spare = 3
  355. uses = 0
  356. lifetime = 0
  357. cleanup_delay = 5
  358. idle_timeout = 60
  359. spread = no
  360. }
  361. rlm_ldap (ldap): Opening additional connection (0)
  362. rlm_ldap (ldap): Connecting to kerdap-stage.example.com:389
  363. TLS: certificate [E=systems@example.com,CN=Certificate Authority,O=Example Inc.,L=City,ST=State,C=US] is not valid - error -8172:Peer's certificate issuer has been marked as not trusted by the user..
  364. rlm_ldap (ldap): Waiting for bind result...
  365. rlm_ldap (ldap): Bind successful
  366. rlm_ldap (ldap): Opening additional connection (1)
  367. rlm_ldap (ldap): Connecting to kerdap-stage.example.com:389
  368. TLS: certificate [E=systems@example.com,CN=Certificate Authority,O=Example Inc.,L=City,ST=State,C=US] is not valid - error -8172:Peer's certificate issuer has been marked as not trusted by the user..
  369. rlm_ldap (ldap): Waiting for bind result...
  370. rlm_ldap (ldap): Bind successful
  371. rlm_ldap (ldap): Opening additional connection (2)
  372. rlm_ldap (ldap): Connecting to kerdap-stage.example.com:389
  373. TLS: certificate [E=systems@example.com,CN=Certificate Authority,O=Example Inc.,L=City,ST=State,C=US] is not valid - error -8172:Peer's certificate issuer has been marked as not trusted by the user..
  374. rlm_ldap (ldap): Waiting for bind result...
  375. rlm_ldap (ldap): Bind successful
  376. rlm_ldap (ldap): Opening additional connection (3)
  377. rlm_ldap (ldap): Connecting to kerdap-stage.example.com:389
  378. TLS: certificate [E=systems@example.com,CN=Certificate Authority,O=Example Inc.,L=City,ST=State,C=US] is not valid - error -8172:Peer's certificate issuer has been marked as not trusted by the user..
  379. rlm_ldap (ldap): Waiting for bind result...
  380. rlm_ldap (ldap): Bind successful
  381. rlm_ldap (ldap): Opening additional connection (4)
  382. rlm_ldap (ldap): Connecting to kerdap-stage.example.com:389
  383. TLS: certificate [E=systems@example.com,CN=Certificate Authority,O=Example Inc.,L=City,ST=State,C=US] is not valid - error -8172:Peer's certificate issuer has been marked as not trusted by the user..
  384. rlm_ldap (ldap): Waiting for bind result...
  385. rlm_ldap (ldap): Bind successful
  386. # Loaded module rlm_passwd
  387. # Instantiating module "etc_passwd" from file /etc/raddb/mods-enabled/passwd
  388. passwd etc_passwd {
  389. filename = "/etc/passwd"
  390. format = "*User-Name:Crypt-Password:"
  391. delimiter = ":"
  392. ignore_nislike = no
  393. ignore_empty = yes
  394. allow_multiple_keys = no
  395. hash_size = 100
  396. }
  397. rlm_passwd: nfields: 3 keyfield 0(User-Name) listable: no
  398. # Loaded module rlm_exec
  399. # Instantiating module "echo" from file /etc/raddb/mods-enabled/echo
  400. exec echo {
  401. wait = yes
  402. program = "/bin/echo %{User-Name}"
  403. input_pairs = "request"
  404. output_pairs = "reply"
  405. shell_escape = yes
  406. }
  407. # Loaded module rlm_expiration
  408. # Instantiating module "expiration" from file /etc/raddb/mods-enabled/expiration
  409. # Loaded module rlm_preprocess
  410. # Instantiating module "preprocess" from file /etc/raddb/mods-enabled/preprocess
  411. preprocess {
  412. huntgroups = "/etc/raddb/mods-config/preprocess/huntgroups"
  413. hints = "/etc/raddb/mods-config/preprocess/hints"
  414. with_ascend_hack = no
  415. ascend_channels_per_line = 23
  416. with_ntdomain_hack = no
  417. with_specialix_jetstream_hack = no
  418. with_cisco_vsa_hack = no
  419. with_alvarion_vsa_hack = no
  420. }
  421. reading pairlist file /etc/raddb/mods-config/preprocess/huntgroups
  422. reading pairlist file /etc/raddb/mods-config/preprocess/hints
  423. # Loaded module rlm_files
  424. # Instantiating module "files" from file /etc/raddb/mods-enabled/files
  425. files {
  426. filename = "/etc/raddb/mods-config/files/authorize"
  427. usersfile = "/etc/raddb/mods-config/files/authorize"
  428. acctusersfile = "/etc/raddb/mods-config/files/accounting"
  429. preproxy_usersfile = "/etc/raddb/mods-config/files/pre-proxy"
  430. compat = "no"
  431. }
  432. reading pairlist file /etc/raddb/mods-config/files/authorize
  433. reading pairlist file /etc/raddb/mods-config/files/authorize
  434. reading pairlist file /etc/raddb/mods-config/files/accounting
  435. reading pairlist file /etc/raddb/mods-config/files/pre-proxy
  436. # Instantiating module "exec" from file /etc/raddb/mods-enabled/exec
  437. exec {
  438. wait = no
  439. input_pairs = "request"
  440. shell_escape = yes
  441. timeout = 10
  442. }
  443. # Loaded module rlm_radutmp
  444. # Instantiating module "sradutmp" from file /etc/raddb/mods-enabled/sradutmp
  445. radutmp sradutmp {
  446. filename = "/var/log/radius/sradutmp"
  447. username = "%{User-Name}"
  448. case_sensitive = yes
  449. check_with_nas = yes
  450. permissions = 420
  451. caller_id = no
  452. }
  453. # Loaded module rlm_detail
  454. # Instantiating module "auth_log" from file /etc/raddb/mods-enabled/detail.log
  455. detail auth_log {
  456. filename = "/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d"
  457. header = "%t"
  458. permissions = 384
  459. dir_permissions = 493
  460. locking = no
  461. log_packet_header = no
  462. }
  463. rlm_detail (auth_log): 'User-Password' suppressed, will not appear in detail output
  464. # Instantiating module "reply_log" from file /etc/raddb/mods-enabled/detail.log
  465. detail reply_log {
  466. filename = "/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/reply-detail-%Y%m%d"
  467. header = "%t"
  468. permissions = 384
  469. dir_permissions = 493
  470. locking = no
  471. log_packet_header = no
  472. }
  473. # Instantiating module "pre_proxy_log" from file /etc/raddb/mods-enabled/detail.log
  474. detail pre_proxy_log {
  475. filename = "/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/pre-proxy-detail-%Y%m%d"
  476. header = "%t"
  477. permissions = 384
  478. dir_permissions = 493
  479. locking = no
  480. log_packet_header = no
  481. }
  482. # Instantiating module "post_proxy_log" from file /etc/raddb/mods-enabled/detail.log
  483. detail post_proxy_log {
  484. filename = "/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/post-proxy-detail-%Y%m%d"
  485. header = "%t"
  486. permissions = 384
  487. dir_permissions = 493
  488. locking = no
  489. log_packet_header = no
  490. }
  491. # Loaded module rlm_realm
  492. # Instantiating module "suffix" from file /etc/raddb/mods-enabled/realm
  493. realm suffix {
  494. format = "suffix"
  495. delimiter = "%"
  496. ignore_default = no
  497. ignore_null = no
  498. }
  499. # Instantiating module "detail" from file /etc/raddb/mods-enabled/detail
  500. detail {
  501. filename = "/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d"
  502. header = "%t"
  503. permissions = 384
  504. dir_permissions = 493
  505. locking = no
  506. log_packet_header = no
  507. }
  508. # Loaded module rlm_krb5
  509. # Instantiating module "krb5" from file /etc/raddb/mods-enabled/krb5
  510. krb5 {
  511. keytab = "/etc/raddb/radius.keytab"
  512. service_principal = "radius/spacewalk.example.com"
  513. }
  514. Using MIT Kerberos library
  515. rlm_krb5 (krb5): Using service principal "radius/spacewalk.example.com@EXAMPLE.COM"
  516. rlm_krb5 (krb5): Using keytab "FILE:/etc/raddb/radius.keytab"
  517. rlm_krb5 (krb5): Initialising connection pool
  518. pool {
  519. start = 10
  520. min = 4
  521. max = 10
  522. spare = 3
  523. uses = 0
  524. lifetime = 0
  525. cleanup_delay = 5
  526. idle_timeout = 60
  527. spread = no
  528. }
  529. rlm_krb5 (krb5): Opening additional connection (0)
  530. rlm_krb5 (krb5): Opening additional connection (1)
  531. rlm_krb5 (krb5): Opening additional connection (2)
  532. rlm_krb5 (krb5): Opening additional connection (3)
  533. rlm_krb5 (krb5): Opening additional connection (4)
  534. rlm_krb5 (krb5): Opening additional connection (5)
  535. rlm_krb5 (krb5): Opening additional connection (6)
  536. rlm_krb5 (krb5): Opening additional connection (7)
  537. rlm_krb5 (krb5): Opening additional connection (8)
  538. rlm_krb5 (krb5): Opening additional connection (9)
  539. # Loaded module rlm_digest
  540. # Instantiating module "digest" from file /etc/raddb/mods-enabled/digest
  541. # Loaded module rlm_pap
  542. # Instantiating module "pap" from file /etc/raddb/mods-enabled/pap
  543. pap {
  544. auto_header = no
  545. normalise = yes
  546. }
  547. # Loaded module rlm_expr
  548. # Instantiating module "expr" from file /etc/raddb/mods-enabled/expr
  549. expr {
  550. safe_characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
  551. }
  552. # Loaded module rlm_counter
  553. # Instantiating module "daily" from file /etc/raddb/mods-enabled/counter
  554. counter daily {
  555. filename = "/var/lib/radiusd/db.daily"
  556. key = "User-Name"
  557. reset = "daily"
  558. count_attribute = "Acct-Session-Time"
  559. counter_name = "Daily-Session-Time"
  560. check_name = "Max-Daily-Session"
  561. reply_name = "Session-Timeout"
  562. allowed_service_type = "Framed-User"
  563. cache_size = 5000
  564. }
  565. rlm_counter: Counter attribute Daily-Session-Time is number 11273
  566. rlm_counter: Current Time: 1390930541 [2014-01-28 11:35:41], Next reset 1390975200 [2014-01-29 00:00:00]
  567. rlm_counter: add_defaults: Start
  568. rlm_counter: DEFAULT1 set to 1390975200
  569. rlm_counter: DEFAULT2 set to 1390930541
  570. rlm_counter: add_defaults: End
  571. # Loaded module rlm_logintime
  572. # Instantiating module "logintime" from file /etc/raddb/mods-enabled/logintime
  573. logintime {
  574. minimum_timeout = 60
  575. }
  576. # Loaded module rlm_utf8
  577. # Instantiating module "utf8" from file /etc/raddb/mods-enabled/utf8
  578. # Instantiating module "radutmp" from file /etc/raddb/mods-enabled/radutmp
  579. radutmp {
  580. filename = "/var/log/radius/radutmp"
  581. username = "%{User-Name}"
  582. case_sensitive = yes
  583. check_with_nas = yes
  584. permissions = 384
  585. caller_id = yes
  586. }
  587. } # modules
  588. radiusd: #### Loading Virtual Servers ####
  589. server { # from file /etc/raddb/radiusd.conf
  590. } # server
  591. server default { # from file /etc/raddb/sites-enabled/default
  592. # Loading authenticate {...}
  593. # Loading authorize {...}
  594. # Loading virtual module filter_username
  595. # Loading preacct {...}
  596. # Loading virtual module acct_unique
  597. # Loading accounting {...}
  598. # Loading session {...}
  599. # Loading pre-proxy {...}
  600. } # server default
  601. radiusd: #### Opening IP addresses and Ports ####
  602. listen {
  603. type = "auth"
  604. ipaddr = *
  605. port = 0
  606. limit {
  607. max_connections = 16
  608. lifetime = 0
  609. idle_timeout = 30
  610. }
  611. }
  612. listen {
  613. type = "acct"
  614. ipaddr = *
  615. port = 0
  616. limit {
  617. max_connections = 16
  618. lifetime = 0
  619. idle_timeout = 30
  620. }
  621. }
  622. Listening on auth address * port 1812 as server default
  623. Listening on acct address * port 1813 as server default
  624. Opening new proxy address * port 1814
  625. Listening on proxy address * port 1814
  626. Ready to process requests.
  627. rad_recv: Access-Request packet from host 10.0.8.45 port 31776, id=86, length=144
  628. User-Name = 'leggett'
  629. User-Password = 'password'
  630. NAS-IP-Address = 10.0.8.45
  631. NAS-Identifier = 'sshd'
  632. NAS-Port = 30751
  633. NAS-Port-Type = Virtual
  634. Service-Type = Authenticate-Only
  635. Calling-Station-Id = 'client.example.com'
  636. (0) # Executing section authorize from file /etc/raddb/sites-enabled/default
  637. (0) authorize {
  638. (0) filter_username filter_username {
  639. (0) ? if (User-Name != "%{tolower:%{User-Name}}")
  640. (0) expand: "%{tolower:%{User-Name}}" -> 'leggett'
  641. (0) ? if (User-Name != "%{tolower:%{User-Name}}") -> FALSE
  642. (0) ? if (User-Name =~ / /)
  643. (0) ? if (User-Name =~ / /) -> FALSE
  644. (0) ? if (User-Name =~ /@.*@/ )
  645. (0) ? if (User-Name =~ /@.*@/ ) -> FALSE
  646. (0) ? if (User-Name =~ /\\.\\./ )
  647. (0) ? if (User-Name =~ /\\.\\./ ) -> FALSE
  648. (0) ? if ((User-Name =~ /@/) && (User-Name !~ /@(.+)\\.(.+)$/))
  649. (0) ? if ((User-Name =~ /@/) && (User-Name !~ /@(.+)\\.(.+)$/)) -> FALSE
  650. (0) ? if (User-Name =~ /\\.$/)
  651. (0) ? if (User-Name =~ /\\.$/) -> FALSE
  652. (0) ? if (User-Name =~ /@\\./)
  653. (0) ? if (User-Name =~ /@\\./) -> FALSE
  654. (0) } # filter_username filter_username = notfound
  655. (0) [preprocess] = ok
  656. (0) [unix] = notfound
  657. (0) [files] = noop
  658. rlm_ldap (ldap): Reserved connection (4)
  659. (0) ldap : expand: "(&(objectClass=posixAccount)(uid=%{%{Stripped-User-Name}:-%{User-Name}}))" -> '(&(objectClass=posixAccount)(uid=leggett))'
  660. (0) ldap : expand: "ou=people,dc=example,dc=com" -> 'ou=people,dc=example,dc=com'
  661. (0) ldap : Performing search in 'ou=people,dc=example,dc=com' with filter '(&(objectClass=posixAccount)(uid=leggett))'
  662. (0) ldap : Waiting for search result...
  663. (0) ldap : User object found at DN "uid=leggett,ou=people,dc=example,dc=com"
  664. (0) ldap : Processing user attributes
  665. (0) WARNING: ldap : No "reference" password added. Ensure the admin user has permission to read the password attribute
  666. (0) WARNING: ldap : PAP authentication will *NOT* work with Active Directory (if that is what you were trying to configure)
  667. rlm_ldap (ldap): Released connection (4)
  668. rlm_ldap (ldap): Closing connection (0): Too many free connections (5 > 3)
  669. (0) [ldap] = ok
  670. rlm_perl: RAD_REQUEST: NAS-Port-Type = Virtual
  671. rlm_perl: RAD_REQUEST: Service-Type = Authenticate-Only
  672. rlm_perl: RAD_REQUEST: Calling-Station-Id = clie
  673. rlm_perl: RAD_REQUEST: User-Name = legg
  674. rlm_perl: RAD_REQUEST: User-Password = pass
  675. rlm_perl: RAD_REQUEST: NAS-Identifier = sshd
  676. rlm_perl: RAD_REQUEST: NAS-IP-Address = 10.0.8.45
  677. rlm_perl: RAD_REQUEST: NAS-Port = 30751
  678. rlm_perl: Added pair NAS-Port-Type = Virtual
  679. rlm_perl: Added pair Service-Type = Authenticate-Only
  680. rlm_perl: Added pair Calling-Station-Id = namb
  681. rlm_perl: Added pair User-Name = legg
  682. rlm_perl: Added pair User-Password = pass
  683. rlm_perl: Added pair NAS-Identifier = sshd
  684. rlm_perl: Added pair NAS-IP-Address = 10.0.8.45
  685. rlm_perl: Added pair NAS-Port = 30751
  686. rlm_perl: Added pair Ldap-UserDn = uid=
  687. (0) [perl] = fail
  688. (0) } # authorize = fail
  689. (0) Invalid user: [legg] (from client Desktop-Server_Logins port 30751 cli namb)
  690. (0) Using Post-Auth-Type Reject
  691. (0) WARNING: Unknown value specified for Post-Auth-Type. Cannot perform requested action.
  692. (0) Finished request 0.
  693. Waking up in 0.3 seconds.
  694. Waking up in 0.6 seconds.
  695. (0) Sending delayed reject
  696. Sending Access-Reject of id 86 from 10.0.8.45 port 1812 to 10.0.8.45 port 31776
  697. Waking up in 4.9 seconds.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!