API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Dec 3rd, 2014
284
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 50.18 KB | None | 0 0
raw download clone embed print report
  1. freeradius: FreeRADIUS Version 3.0.4, for host i686-pc-linux-gnu, built on Sep 22 2014 at 10:14:56
  2. Copyright (C) 1999-2014 The FreeRADIUS server project and contributors
  3. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
  4. PARTICULAR PURPOSE
  5. You may redistribute copies of FreeRADIUS under the terms of the
  6. GNU General Public License
  7. For more information about these matters, see the file named COPYRIGHT
  8. Starting - reading configuration files ...
  9. including dictionary file /usr/share/freeradius/dictionary
  10. including dictionary file /usr/share/freeradius/dictionary.dhcp
  11. including dictionary file /usr/share/freeradius/dictionary.vqp
  12. including dictionary file /etc/freeradius/dictionary
  13. including configuration file /etc/freeradius/radiusd.conf
  14. including configuration file /etc/freeradius/proxy.conf
  15. including configuration file /etc/freeradius/clients.conf
  16. including files in directory /etc/freeradius/mods-enabled/
  17. including configuration file /etc/freeradius/mods-enabled/linelog
  18. including configuration file /etc/freeradius/mods-enabled/ntlm_auth
  19. including configuration file /etc/freeradius/mods-enabled/radutmp
  20. including configuration file /etc/freeradius/mods-enabled/detail.log
  21. including configuration file /etc/freeradius/mods-enabled/dhcp
  22. including configuration file /etc/freeradius/mods-enabled/expr
  23. including configuration file /etc/freeradius/mods-enabled/unpack
  24. including configuration file /etc/freeradius/mods-enabled/always
  25. including configuration file /etc/freeradius/mods-enabled/digest
  26. including configuration file /etc/freeradius/mods-enabled/replicate
  27. including configuration file /etc/freeradius/mods-enabled/realm
  28. including configuration file /etc/freeradius/mods-enabled/cache_eap
  29. including configuration file /etc/freeradius/mods-enabled/dynamic_clients
  30. including configuration file /etc/freeradius/mods-enabled/passwd
  31. including configuration file /etc/freeradius/mods-enabled/detail
  32. including configuration file /etc/freeradius/mods-enabled/pap
  33. including configuration file /etc/freeradius/mods-enabled/eap
  34. including configuration file /etc/freeradius/mods-enabled/logintime
  35. including configuration file /etc/freeradius/mods-enabled/files
  36. including configuration file /etc/freeradius/mods-enabled/utf8
  37. including configuration file /etc/freeradius/mods-enabled/sql
  38. including configuration file /etc/freeradius/mods-config/sql/main/mysql/queries.conf
  39. including configuration file /etc/freeradius/mods-enabled/unix
  40. including configuration file /etc/freeradius/mods-enabled/mschap
  41. including configuration file /etc/freeradius/mods-enabled/exec
  42. including configuration file /etc/freeradius/mods-enabled/attr_filter
  43. including configuration file /etc/freeradius/mods-enabled/echo
  44. including configuration file /etc/freeradius/mods-enabled/chap
  45. including configuration file /etc/freeradius/mods-enabled/expiration
  46. including configuration file /etc/freeradius/mods-enabled/sqlcounter
  47. including configuration file /etc/freeradius/mods-config/sql/counter/mysql/checkthetime.conf
  48. including configuration file /etc/freeradius/mods-enabled/preprocess
  49. including configuration file /etc/freeradius/mods-enabled/soh
  50. including configuration file /etc/freeradius/mods-enabled/sradutmp
  51. including configuration file /etc/freeradius/mods-enabled/sql
  52. including configuration file /etc/freeradius/mods-config/sql/main/mysql/queries.conf
  53. including configuration file /etc/freeradius/mods-enabled/sqlcounter
  54. including configuration file /etc/freeradius/mods-config/sql/counter/mysql/checkthetime.conf
  55. including files in directory /etc/freeradius/policy.d/
  56. including configuration file /etc/freeradius/policy.d/accounting
  57. including configuration file /etc/freeradius/policy.d/dhcp
  58. including configuration file /etc/freeradius/policy.d/operator-name
  59. including configuration file /etc/freeradius/policy.d/debug
  60. including configuration file /etc/freeradius/policy.d/control
  61. including configuration file /etc/freeradius/policy.d/cui
  62. including configuration file /etc/freeradius/policy.d/eap
  63. including configuration file /etc/freeradius/policy.d/filter
  64. including configuration file /etc/freeradius/policy.d/canonicalization
  65. including files in directory /etc/freeradius/sites-enabled/
  66. including configuration file /etc/freeradius/sites-enabled/default
  67. including configuration file /etc/freeradius/sites-enabled/inner-tunnel
  68. including configuration file /etc/freeradius/sites-enabled/coa
  69. main {
  70. name = "freeradius"
  71. prefix = "/usr"
  72. localstatedir = "/var"
  73. sbindir = "/usr/sbin"
  74. logdir = "/var/log/freeradius"
  75. run_dir = "/var/run/freeradius"
  76. libdir = "/usr/lib/freeradius"
  77. radacctdir = "/var/log/freeradius/radacct"
  78. hostname_lookups = no
  79. max_request_time = 30
  80. cleanup_delay = 5
  81. max_requests = 1024
  82. pidfile = "/var/run/freeradius/freeradius.pid"
  83. checkrad = "/usr/sbin/checkrad"
  84. debug_level = 0
  85. proxy_requests = yes
  86. log {
  87. stripped_names = no
  88. auth = no
  89. auth_badpass = no
  90. auth_goodpass = no
  91. colourise = yes
  92. msg_denied = "You are already logged in - access denied"
  93. }
  94. security {
  95. max_attributes = 200
  96. reject_delay = 1
  97. status_server = yes
  98. allow_vulnerable_openssl = "CVE-2014-0160"
  99. }
  100. }
  101. radiusd: #### Loading Realms and Home Servers ####
  102. proxy server {
  103. retry_delay = 5
  104. retry_count = 3
  105. default_fallback = no
  106. dead_time = 120
  107. wake_all_if_all_dead = no
  108. }
  109. home_server localhost {
  110. ipaddr = 127.0.0.1
  111. port = 1812
  112. type = "auth"
  113. secret = <<< secret >>>
  114. response_window = 20.000000
  115. response_timeouts = 1
  116. max_outstanding = 65536
  117. zombie_period = 40
  118. status_check = "status-server"
  119. ping_interval = 30
  120. check_interval = 30
  121. check_timeout = 4
  122. num_answers_to_alive = 3
  123. revive_interval = 120
  124. coa {
  125. irt = 2
  126. mrt = 16
  127. mrc = 5
  128. mrd = 30
  129. }
  130. limit {
  131. max_connections = 16
  132. max_requests = 0
  133. lifetime = 0
  134. idle_timeout = 0
  135. }
  136. }
  137. home_server_pool my_auth_failover {
  138. type = fail-over
  139. home_server = localhost
  140. }
  141. realm example.com {
  142. auth_pool = my_auth_failover
  143. }
  144. realm LOCAL {
  145. }
  146. radiusd: #### Loading Clients ####
  147. client localhost {
  148. ipaddr = 127.0.0.1
  149. require_message_authenticator = no
  150. secret = <<< secret >>>
  151. nas_type = "other"
  152. proto = "*"
  153. limit {
  154. max_connections = 16
  155. lifetime = 0
  156. idle_timeout = 30
  157. }
  158. }
  159. client localhost_ipv6 {
  160. ipv6addr = ::1
  161. require_message_authenticator = no
  162. secret = <<< secret >>>
  163. limit {
  164. max_connections = 16
  165. lifetime = 0
  166. idle_timeout = 30
  167. }
  168. }
  169. radiusd: #### Instantiating modules ####
  170. instantiate {
  171. }
  172. modules {
  173. # Loaded module rlm_linelog
  174. # Instantiating module "linelog" from file /etc/freeradius/mods-enabled/linelog
  175. linelog {
  176. filename = "/var/log/freeradius/linelog"
  177. permissions = 384
  178. format = "This is a log message for %{User-Name}"
  179. reference = "messages.%{%{Packet-Type}:-default}"
  180. }
  181. # Instantiating module "log_accounting" from file /etc/freeradius/mods-enabled/linelog
  182. linelog log_accounting {
  183. filename = "/var/log/freeradius/linelog-accounting"
  184. permissions = 384
  185. format = ""
  186. reference = "Accounting-Request.%{%{Acct-Status-Type}:-unknown}"
  187. }
  188. # Loaded module rlm_exec
  189. # Instantiating module "ntlm_auth" from file /etc/freeradius/mods-enabled/ntlm_auth
  190. exec ntlm_auth {
  191. wait = yes
  192. program = "/path/to/ntlm_auth --request-nt-key --domain=MYDOMAIN --username=%{mschap:User-Name} --password=%{User-Password}"
  193. shell_escape = yes
  194. }
  195. # Loaded module rlm_radutmp
  196. # Instantiating module "radutmp" from file /etc/freeradius/mods-enabled/radutmp
  197. radutmp {
  198. filename = "/var/log/freeradius/radutmp"
  199. username = "%{User-Name}"
  200. case_sensitive = yes
  201. check_with_nas = yes
  202. permissions = 384
  203. caller_id = yes
  204. }
  205. # Loaded module rlm_detail
  206. # Instantiating module "auth_log" from file /etc/freeradius/mods-enabled/detail.log
  207. detail auth_log {
  208. filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d"
  209. header = "%t"
  210. permissions = 384
  211. locking = no
  212. log_packet_header = no
  213. }
  214. rlm_detail (auth_log): 'User-Password' suppressed, will not appear in detail output
  215. # Instantiating module "reply_log" from file /etc/freeradius/mods-enabled/detail.log
  216. detail reply_log {
  217. filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/reply-detail-%Y%m%d"
  218. header = "%t"
  219. permissions = 384
  220. locking = no
  221. log_packet_header = no
  222. }
  223. # Instantiating module "pre_proxy_log" from file /etc/freeradius/mods-enabled/detail.log
  224. detail pre_proxy_log {
  225. filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/pre-proxy-detail-%Y%m%d"
  226. header = "%t"
  227. permissions = 384
  228. locking = no
  229. log_packet_header = no
  230. }
  231. # Instantiating module "post_proxy_log" from file /etc/freeradius/mods-enabled/detail.log
  232. detail post_proxy_log {
  233. filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/post-proxy-detail-%Y%m%d"
  234. header = "%t"
  235. permissions = 384
  236. locking = no
  237. log_packet_header = no
  238. }
  239. # Loaded module rlm_dhcp
  240. # Instantiating module "dhcp" from file /etc/freeradius/mods-enabled/dhcp
  241. # Loaded module rlm_expr
  242. # Instantiating module "expr" from file /etc/freeradius/mods-enabled/expr
  243. expr {
  244. safe_characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
  245. }
  246. # Loaded module rlm_unpack
  247. # Instantiating module "unpack" from file /etc/freeradius/mods-enabled/unpack
  248. # Loaded module rlm_always
  249. # Instantiating module "reject" from file /etc/freeradius/mods-enabled/always
  250. always reject {
  251. rcode = "reject"
  252. simulcount = 0
  253. mpp = no
  254. }
  255. # Instantiating module "fail" from file /etc/freeradius/mods-enabled/always
  256. always fail {
  257. rcode = "fail"
  258. simulcount = 0
  259. mpp = no
  260. }
  261. # Instantiating module "ok" from file /etc/freeradius/mods-enabled/always
  262. always ok {
  263. rcode = "ok"
  264. simulcount = 0
  265. mpp = no
  266. }
  267. # Instantiating module "handled" from file /etc/freeradius/mods-enabled/always
  268. always handled {
  269. rcode = "handled"
  270. simulcount = 0
  271. mpp = no
  272. }
  273. # Instantiating module "invalid" from file /etc/freeradius/mods-enabled/always
  274. always invalid {
  275. rcode = "invalid"
  276. simulcount = 0
  277. mpp = no
  278. }
  279. # Instantiating module "userlock" from file /etc/freeradius/mods-enabled/always
  280. always userlock {
  281. rcode = "userlock"
  282. simulcount = 0
  283. mpp = no
  284. }
  285. # Instantiating module "notfound" from file /etc/freeradius/mods-enabled/always
  286. always notfound {
  287. rcode = "notfound"
  288. simulcount = 0
  289. mpp = no
  290. }
  291. # Instantiating module "noop" from file /etc/freeradius/mods-enabled/always
  292. always noop {
  293. rcode = "noop"
  294. simulcount = 0
  295. mpp = no
  296. }
  297. # Instantiating module "updated" from file /etc/freeradius/mods-enabled/always
  298. always updated {
  299. rcode = "updated"
  300. simulcount = 0
  301. mpp = no
  302. }
  303. # Loaded module rlm_digest
  304. # Instantiating module "digest" from file /etc/freeradius/mods-enabled/digest
  305. # Loaded module rlm_replicate
  306. # Instantiating module "replicate" from file /etc/freeradius/mods-enabled/replicate
  307. # Loaded module rlm_realm
  308. # Instantiating module "IPASS" from file /etc/freeradius/mods-enabled/realm
  309. realm IPASS {
  310. format = "prefix"
  311. delimiter = "/"
  312. ignore_default = no
  313. ignore_null = no
  314. }
  315. # Instantiating module "suffix" from file /etc/freeradius/mods-enabled/realm
  316. realm suffix {
  317. format = "suffix"
  318. delimiter = "@"
  319. ignore_default = no
  320. ignore_null = no
  321. }
  322. # Instantiating module "realmpercent" from file /etc/freeradius/mods-enabled/realm
  323. realm realmpercent {
  324. format = "suffix"
  325. delimiter = "%"
  326. ignore_default = no
  327. ignore_null = no
  328. }
  329. # Instantiating module "ntdomain" from file /etc/freeradius/mods-enabled/realm
  330. realm ntdomain {
  331. format = "prefix"
  332. delimiter = "\"
  333. ignore_default = no
  334. ignore_null = no
  335. }
  336. # Loaded module rlm_cache
  337. # Instantiating module "cache_eap" from file /etc/freeradius/mods-enabled/cache_eap
  338. cache cache_eap {
  339. key = "%{%{control:State}:-%{%{reply:State}:-%{State}}}"
  340. ttl = 15
  341. max_entries = 16384
  342. epoch = 0
  343. add_stats = no
  344. }
  345. # Loaded module rlm_dynamic_clients
  346. # Instantiating module "dynamic_clients" from file /etc/freeradius/mods-enabled/dynamic_clients
  347. # Loaded module rlm_passwd
  348. # Instantiating module "etc_passwd" from file /etc/freeradius/mods-enabled/passwd
  349. passwd etc_passwd {
  350. filename = "/etc/passwd"
  351. format = "*User-Name:Crypt-Password:"
  352. delimiter = ":"
  353. ignore_nislike = no
  354. ignore_empty = yes
  355. allow_multiple_keys = no
  356. hash_size = 100
  357. }
  358. rlm_passwd: nfields: 3 keyfield 0(User-Name) listable: no
  359. # Instantiating module "detail" from file /etc/freeradius/mods-enabled/detail
  360. detail {
  361. filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d"
  362. header = "%t"
  363. permissions = 384
  364. locking = no
  365. log_packet_header = no
  366. }
  367. # Loaded module rlm_pap
  368. # Instantiating module "pap" from file /etc/freeradius/mods-enabled/pap
  369. pap {
  370. normalise = yes
  371. }
  372. # Loaded module rlm_eap
  373. # Instantiating module "eap" from file /etc/freeradius/mods-enabled/eap
  374. eap {
  375. default_eap_type = "md5"
  376. timer_expire = 60
  377. ignore_unknown_eap_types = no
  378. mod_accounting_username_bug = no
  379. max_sessions = 1024
  380. }
  381. # Linked to sub-module rlm_eap_md5
  382. # Linked to sub-module rlm_eap_leap
  383. # Linked to sub-module rlm_eap_gtc
  384. gtc {
  385. challenge = "Password: "
  386. auth_type = "PAP"
  387. }
  388. # Linked to sub-module rlm_eap_tls
  389. tls {
  390. tls = "tls-common"
  391. }
  392. tls-config tls-common {
  393. rsa_key_exchange = no
  394. dh_key_exchange = yes
  395. rsa_key_length = 512
  396. dh_key_length = 512
  397. verify_depth = 0
  398. ca_path = "/etc/freeradius/certs"
  399. pem_file_type = yes
  400. private_key_file = "/etc/freeradius/certs/server.pem"
  401. certificate_file = "/etc/freeradius/certs/server.pem"
  402. ca_file = "/etc/freeradius/certs/ca.pem"
  403. private_key_password = <<< secret >>>
  404. dh_file = "/etc/freeradius/certs/dh"
  405. fragment_size = 1024
  406. include_length = yes
  407. check_crl = no
  408. cipher_list = "DEFAULT"
  409. ecdh_curve = "prime256v1"
  410. cache {
  411. enable = yes
  412. lifetime = 24
  413. max_entries = 255
  414. }
  415. verify {
  416. }
  417. ocsp {
  418. enable = no
  419. override_cert_url = yes
  420. url = "http://127.0.0.1/ocsp/"
  421. use_nonce = yes
  422. timeout = 0
  423. softfail = yes
  424. }
  425. }
  426. # Linked to sub-module rlm_eap_ttls
  427. ttls {
  428. tls = "tls-common"
  429. default_eap_type = "md5"
  430. copy_request_to_tunnel = no
  431. use_tunneled_reply = no
  432. virtual_server = "inner-tunnel"
  433. include_length = yes
  434. require_client_cert = no
  435. }
  436. Using cached TLS configuration from previous invocation
  437. # Linked to sub-module rlm_eap_peap
  438. peap {
  439. tls = "tls-common"
  440. default_method = "mschapv2"
  441. copy_request_to_tunnel = no
  442. use_tunneled_reply = no
  443. proxy_tunneled_request_as_eap = yes
  444. virtual_server = "inner-tunnel"
  445. soh = no
  446. require_client_cert = no
  447. }
  448. Using cached TLS configuration from previous invocation
  449. # Linked to sub-module rlm_eap_mschapv2
  450. mschapv2 {
  451. with_ntdomain_hack = no
  452. send_error = no
  453. }
  454. # Loaded module rlm_logintime
  455. # Instantiating module "logintime" from file /etc/freeradius/mods-enabled/logintime
  456. logintime {
  457. minimum_timeout = 60
  458. }
  459. # Loaded module rlm_files
  460. # Instantiating module "files" from file /etc/freeradius/mods-enabled/files
  461. files {
  462. filename = "/etc/freeradius/mods-config/files/authorize"
  463. usersfile = "/etc/freeradius/mods-config/files/authorize"
  464. acctusersfile = "/etc/freeradius/mods-config/files/accounting"
  465. preproxy_usersfile = "/etc/freeradius/mods-config/files/pre-proxy"
  466. compat = "cistron"
  467. }
  468. reading pairlist file /etc/freeradius/mods-config/files/authorize
  469. [/etc/freeradius/mods-config/files/authorize]:1 Cistron compatibility checks for entry alice ...
  470. [/etc/freeradius/mods-config/files/authorize]:184 Cistron compatibility checks for entry DEFAULT ...
  471. [/etc/freeradius/mods-config/files/authorize]:191 Cistron compatibility checks for entry DEFAULT ...
  472. [/etc/freeradius/mods-config/files/authorize]:198 Cistron compatibility checks for entry DEFAULT ...
  473. reading pairlist file /etc/freeradius/mods-config/files/authorize
  474. [/etc/freeradius/mods-config/files/authorize]:1 Cistron compatibility checks for entry alice ...
  475. [/etc/freeradius/mods-config/files/authorize]:184 Cistron compatibility checks for entry DEFAULT ...
  476. [/etc/freeradius/mods-config/files/authorize]:191 Cistron compatibility checks for entry DEFAULT ...
  477. [/etc/freeradius/mods-config/files/authorize]:198 Cistron compatibility checks for entry DEFAULT ...
  478. reading pairlist file /etc/freeradius/mods-config/files/accounting
  479. reading pairlist file /etc/freeradius/mods-config/files/pre-proxy
  480. # Loaded module rlm_utf8
  481. # Instantiating module "utf8" from file /etc/freeradius/mods-enabled/utf8
  482. # Loaded module rlm_sql
  483. # Instantiating module "sql" from file /etc/freeradius/mods-enabled/sql
  484. sql {
  485. driver = "rlm_sql_mysql"
  486. server = "localhost"
  487. port = "3306"
  488. login = "radius"
  489. password = <<< secret >>>
  490. radius_db = "radius"
  491. read_groups = yes
  492. read_profiles = yes
  493. read_clients = yes
  494. delete_stale_sessions = yes
  495. sql_user_name = "%{User-Name}"
  496. default_user_profile = ""
  497. client_query = "SELECT id, nasname, shortname, type, secret, server FROM nas"
  498. authorize_check_query = "SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id"
  499. authorize_reply_query = "SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id"
  500. authorize_group_check_query = "SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id"
  501. authorize_group_reply_query = "SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id"
  502. group_membership_query = "SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority"
  503. simul_count_query = ""
  504. simul_verify_query = "SELECT radacctid, acctsessionid, username, nasipaddress, nasportid, framedipaddress, callingstationid, framedprotocol FROM radacct WHERE username = '%{SQL-User-Name}' AND acctstoptime IS NULL"
  505. safe_characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
  506. }
  507. accounting {
  508. reference = "%{tolower:type.%{Acct-Status-Type}.query}"
  509. }
  510. post-auth {
  511. reference = ".query"
  512. }
  513. mysql {
  514. tls {
  515. }
  516. }
  517. rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked
  518. rlm_sql (sql): Attempting to connect to database "radius"
  519. rlm_sql (sql): Initialising connection pool
  520. pool {
  521. start = 5
  522. min = 4
  523. max = 32
  524. spare = 3
  525. uses = 0
  526. lifetime = 0
  527. cleanup_interval = 30
  528. idle_timeout = 60
  529. retry_delay = 1
  530. spread = no
  531. }
  532. rlm_sql (sql): Opening additional connection (0)
  533. rlm_sql_mysql: Starting connect to MySQL server
  534. rlm_sql (sql): Opening additional connection (1)
  535. rlm_sql_mysql: Starting connect to MySQL server
  536. rlm_sql (sql): Opening additional connection (2)
  537. rlm_sql_mysql: Starting connect to MySQL server
  538. rlm_sql (sql): Opening additional connection (3)
  539. rlm_sql_mysql: Starting connect to MySQL server
  540. rlm_sql (sql): Opening additional connection (4)
  541. rlm_sql_mysql: Starting connect to MySQL server
  542. rlm_sql (sql): Processing generate_sql_clients
  543. rlm_sql (sql) in generate_sql_clients: query is SELECT id, nasname, shortname, type, secret, server FROM nas
  544. rlm_sql (sql): Reserved connection (4)
  545. rlm_sql (sql): Executing query: 'SELECT id, nasname, shortname, type, secret, server FROM nas'
  546. rlm_sql (sql): Adding client 192.168.40.101 (mikrotik) to global clients list
  547. rlm_sql (192.168.40.101): Client "mikrotik" (sql) added
  548. rlm_sql (sql): Released connection (4)
  549. # Loaded module rlm_unix
  550. # Instantiating module "unix" from file /etc/freeradius/mods-enabled/unix
  551. unix {
  552. radwtmp = "/var/log/freeradius/radwtmp"
  553. }
  554. # Loaded module rlm_mschap
  555. # Instantiating module "mschap" from file /etc/freeradius/mods-enabled/mschap
  556. mschap {
  557. use_mppe = yes
  558. require_encryption = no
  559. require_strong = no
  560. with_ntdomain_hack = yes
  561. passchange {
  562. }
  563. allow_retry = yes
  564. }
  565. # Instantiating module "exec" from file /etc/freeradius/mods-enabled/exec
  566. exec {
  567. wait = no
  568. input_pairs = "request"
  569. shell_escape = yes
  570. timeout = 10
  571. }
  572. # Loaded module rlm_attr_filter
  573. # Instantiating module "attr_filter.post-proxy" from file /etc/freeradius/mods-enabled/attr_filter
  574. attr_filter attr_filter.post-proxy {
  575. filename = "/etc/freeradius/mods-config/attr_filter/post-proxy"
  576. key = "%{Realm}"
  577. relaxed = no
  578. }
  579. reading pairlist file /etc/freeradius/mods-config/attr_filter/post-proxy
  580. # Instantiating module "attr_filter.pre-proxy" from file /etc/freeradius/mods-enabled/attr_filter
  581. attr_filter attr_filter.pre-proxy {
  582. filename = "/etc/freeradius/mods-config/attr_filter/pre-proxy"
  583. key = "%{Realm}"
  584. relaxed = no
  585. }
  586. reading pairlist file /etc/freeradius/mods-config/attr_filter/pre-proxy
  587. # Instantiating module "attr_filter.access_reject" from file /etc/freeradius/mods-enabled/attr_filter
  588. attr_filter attr_filter.access_reject {
  589. filename = "/etc/freeradius/mods-config/attr_filter/access_reject"
  590. key = "%{User-Name}"
  591. relaxed = no
  592. }
  593. reading pairlist file /etc/freeradius/mods-config/attr_filter/access_reject
  594. # Instantiating module "attr_filter.access_challenge" from file /etc/freeradius/mods-enabled/attr_filter
  595. attr_filter attr_filter.access_challenge {
  596. filename = "/etc/freeradius/mods-config/attr_filter/access_challenge"
  597. key = "%{User-Name}"
  598. relaxed = no
  599. }
  600. reading pairlist file /etc/freeradius/mods-config/attr_filter/access_challenge
  601. # Instantiating module "attr_filter.accounting_response" from file /etc/freeradius/mods-enabled/attr_filter
  602. attr_filter attr_filter.accounting_response {
  603. filename = "/etc/freeradius/mods-config/attr_filter/accounting_response"
  604. key = "%{User-Name}"
  605. relaxed = no
  606. }
  607. reading pairlist file /etc/freeradius/mods-config/attr_filter/accounting_response
  608. # Instantiating module "echo" from file /etc/freeradius/mods-enabled/echo
  609. exec echo {
  610. wait = yes
  611. program = "/bin/echo %{User-Name}"
  612. input_pairs = "request"
  613. output_pairs = "reply"
  614. shell_escape = yes
  615. }
  616. # Loaded module rlm_chap
  617. # Instantiating module "chap" from file /etc/freeradius/mods-enabled/chap
  618. # Loaded module rlm_expiration
  619. # Instantiating module "expiration" from file /etc/freeradius/mods-enabled/expiration
  620. # Loaded module rlm_sqlcounter
  621. # Instantiating module "checkthetime" from file /etc/freeradius/mods-enabled/sqlcounter
  622. sqlcounter checkthetime {
  623. sql_module_instance = "sql"
  624. key = "User-Name"
  625. query = "SELECT HOUR(SEC_TO_TIME(UNIX_TIMESTAMP() - UNIX_TIMESTAMP(AcctStartTime))) FROM radacct WHERE UserName = '%{User-Name}' LIMIT 1;"
  626. reset = "never"
  627. counter_name = "All-Hours-Passed"
  628. check_name = "Max-Hours-Passed"
  629. reply_name = "Session-Timeout"
  630. }
  631. rlm_sqlcounter: Current Time: 1417603200 [2014-12-03 12:40:00], Next reset 0 [2014-12-03 12:00:00]
  632. rlm_sqlcounter: Current Time: 1417603200 [2014-12-03 12:40:00], Prev reset 0 [2014-12-03 12:00:00]
  633. # Loaded module rlm_preprocess
  634. # Instantiating module "preprocess" from file /etc/freeradius/mods-enabled/preprocess
  635. preprocess {
  636. huntgroups = "/etc/freeradius/mods-config/preprocess/huntgroups"
  637. hints = "/etc/freeradius/mods-config/preprocess/hints"
  638. with_ascend_hack = no
  639. ascend_channels_per_line = 23
  640. with_ntdomain_hack = no
  641. with_specialix_jetstream_hack = no
  642. with_cisco_vsa_hack = no
  643. with_alvarion_vsa_hack = no
  644. }
  645. reading pairlist file /etc/freeradius/mods-config/preprocess/huntgroups
  646. reading pairlist file /etc/freeradius/mods-config/preprocess/hints
  647. # Loaded module rlm_soh
  648. # Instantiating module "soh" from file /etc/freeradius/mods-enabled/soh
  649. soh {
  650. dhcp = yes
  651. }
  652. # Instantiating module "sradutmp" from file /etc/freeradius/mods-enabled/sradutmp
  653. radutmp sradutmp {
  654. filename = "/var/log/freeradius/sradutmp"
  655. username = "%{User-Name}"
  656. case_sensitive = yes
  657. check_with_nas = yes
  658. permissions = 420
  659. caller_id = no
  660. }
  661. } # modules
  662. radiusd: #### Loading Virtual Servers ####
  663. server { # from file /etc/freeradius/radiusd.conf
  664. } # server
  665. server default { # from file /etc/freeradius/sites-enabled/default
  666. # Creating Auth-Type = digest
  667. # Loading authenticate {...}
  668. # Loading authorize {...}
  669. Ignoring "ldap" (see raddb/mods-available/README.rst)
  670. # Loading preacct {...}
  671. # Loading accounting {...}
  672. # Loading session {...}
  673. # Loading post-proxy {...}
  674. # Loading post-auth {...}
  675. } # server default
  676. server inner-tunnel { # from file /etc/freeradius/sites-enabled/inner-tunnel
  677. # Loading authenticate {...}
  678. # Loading authorize {...}
  679. # Loading session {...}
  680. # Loading post-proxy {...}
  681. # Loading post-auth {...}
  682. } # server inner-tunnel
  683. server coa { # from file /etc/freeradius/sites-enabled/coa
  684. # Loading recv-coa {...}
  685. # Loading send-coa {...}
  686. } # server coa
  687. radiusd: #### Opening IP addresses and Ports ####
  688. listen {
  689. type = "coa"
  690. virtual_server = "coa"
  691. ipaddr = *
  692. port = 3799
  693. }
  694. listen {
  695. type = "auth"
  696. ipaddr = *
  697. port = 0
  698. limit {
  699. max_connections = 16
  700. lifetime = 0
  701. idle_timeout = 30
  702. }
  703. }
  704. listen {
  705. type = "acct"
  706. ipaddr = *
  707. port = 0
  708. limit {
  709. max_connections = 16
  710. lifetime = 0
  711. idle_timeout = 30
  712. }
  713. }
  714. listen {
  715. type = "auth"
  716. ipv6addr = ::
  717. port = 0
  718. limit {
  719. max_connections = 16
  720. lifetime = 0
  721. idle_timeout = 30
  722. }
  723. }
  724. listen {
  725. type = "acct"
  726. ipv6addr = ::
  727. port = 0
  728. limit {
  729. max_connections = 16
  730. lifetime = 0
  731. idle_timeout = 30
  732. }
  733. }
  734. listen {
  735. type = "auth"
  736. ipaddr = 127.0.0.1
  737. port = 18120
  738. }
  739. Listening on coa address * port 3799 as server coa
  740. Listening on auth address * port 1812 as server default
  741. Listening on acct address * port 1813 as server default
  742. Listening on auth address :: port 1812 as server default
  743. Listening on acct address :: port 1813 as server default
  744. Listening on auth address 127.0.0.1 port 18120 as server inner-tunnel
  745. Opening new proxy socket 'proxy address * port 0'
  746. Listening on proxy address * port 55288
  747. Ready to process requests
  748. Received Accounting-Request Id 31 from 192.168.40.101:38992 to 192.168.40.12:1813 length 193
  749. Acct-Status-Type = Stop
  750. Acct-Terminate-Cause = User-Request
  751. NAS-Port-Type = Wireless-802.11
  752. Calling-Station-Id = '30:39:26:86:CC:EA'
  753. Called-Station-Id = 'hotspot1'
  754. NAS-Port-Id = 'citystore_test'
  755. User-Name = 'kos1'
  756. NAS-Port = 2147483657
  757. Acct-Session-Id = '80000009'
  758. Framed-IP-Address = 10.5.50.253
  759. Mikrotik-Host-IP = 10.5.50.253
  760. Event-Timestamp = 'Oct 10 2014 08:09:42 EEST'
  761. Acct-Input-Octets = 15621
  762. Acct-Output-Octets = 41469
  763. Acct-Input-Gigawords = 0
  764. Acct-Output-Gigawords = 0
  765. Acct-Input-Packets = 144
  766. Acct-Output-Packets = 125
  767. Acct-Session-Time = 2013
  768. NAS-Identifier = 'MikroTik'
  769. Acct-Delay-Time = 0
  770. NAS-IP-Address = 192.168.40.101
  771. (0) Received Accounting-Request packet from host 192.168.40.101 port 38992, id=31, length=193
  772. (0) Acct-Status-Type = Stop
  773. (0) Acct-Terminate-Cause = User-Request
  774. (0) NAS-Port-Type = Wireless-802.11
  775. (0) Calling-Station-Id = '30:39:26:86:CC:EA'
  776. (0) Called-Station-Id = 'hotspot1'
  777. (0) NAS-Port-Id = 'citystore_test'
  778. (0) User-Name = 'kos1'
  779. (0) NAS-Port = 2147483657
  780. (0) Acct-Session-Id = '80000009'
  781. (0) Framed-IP-Address = 10.5.50.253
  782. (0) Mikrotik-Host-IP = 10.5.50.253
  783. (0) Event-Timestamp = 'Oct 10 2014 08:09:42 EEST'
  784. (0) Acct-Input-Octets = 15621
  785. (0) Acct-Output-Octets = 41469
  786. (0) Acct-Input-Gigawords = 0
  787. (0) Acct-Output-Gigawords = 0
  788. (0) Acct-Input-Packets = 144
  789. (0) Acct-Output-Packets = 125
  790. (0) Acct-Session-Time = 2013
  791. (0) NAS-Identifier = 'MikroTik'
  792. (0) Acct-Delay-Time = 0
  793. (0) NAS-IP-Address = 192.168.40.101
  794. (0) # Executing section preacct from file /etc/freeradius/sites-enabled/default
  795. (0) preacct {
  796. (0) [preprocess] = ok
  797. (0) acct_unique acct_unique {
  798. (0) if ("%{string:Class}" =~ /ai:([0-9a-f]{32})/i)
  799. (0) EXPAND %{string:Class}
  800. (0) -->
  801. (0) if ("%{string:Class}" =~ /ai:([0-9a-f]{32})/i) -> FALSE
  802. (0) else else {
  803. (0) update request {
  804. (0) EXPAND %{md5:%{User-Name},%{Acct-Session-ID},%{%{NAS-IPv6-Address}:-%{NAS-IP-Address}},%{NAS-Identifier},%{NAS-Port-ID},%{NAS-Port}}
  805. (0) --> 1e74e032a86c49f5e64bcb9da8329ce4
  806. (0) Acct-Unique-Session-Id := "1e74e032a86c49f5e64bcb9da8329ce4"
  807. (0) } # update request = noop
  808. (0) } # else else = noop
  809. (0) } # acct_unique acct_unique = noop
  810. (0) suffix : Checking for suffix after "@"
  811. (0) suffix : No '@' in User-Name = "kos1", looking up realm NULL
  812. (0) suffix : No such realm "NULL"
  813. (0) [suffix] = noop
  814. (0) [files] = noop
  815. (0) } # preacct = ok
  816. (0) # Executing section accounting from file /etc/freeradius/sites-enabled/default
  817. (0) accounting {
  818. (0) detail : EXPAND /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d
  819. (0) detail : --> /var/log/freeradius/radacct/192.168.40.101/detail-20141203
  820. (0) detail : /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d expands to /var/log/freeradius/radacct/192.168.40.101/detail-20141203
  821. (0) detail : EXPAND %t
  822. (0) detail : --> Wed Dec 3 12:40:25 2014
  823. (0) [detail] = ok
  824. (0) [unix] = ok
  825. (0) radutmp : EXPAND /var/log/freeradius/radutmp
  826. (0) radutmp : --> /var/log/freeradius/radutmp
  827. (0) radutmp : EXPAND %{User-Name}
  828. (0) radutmp : --> kos1
  829. (0) [radutmp] = ok
  830. (0) sql : EXPAND %{tolower:type.%{Acct-Status-Type}.query}
  831. (0) sql : --> type.stop.query
  832. (0) sql : Using query template 'query'
  833. rlm_sql (sql): Reserved connection (4)
  834. (0) sql : EXPAND %{User-Name}
  835. (0) sql : --> kos1
  836. (0) sql : SQL-User-Name set to 'kos1'
  837. (0) sql : EXPAND UPDATE radacct SET acctstoptime = FROM_UNIXTIME(%{integer:Event-Timestamp}), acctsessiontime = '%{Acct-Session-Time}', acctinputoctets = '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}', acctterminatecause = '%{Acct-Terminate-Cause}', connectinfo_stop = '%{Connect-Info}' WHERE acctsessionid = '%{Acct-Session-Id}' AND username = '%{SQL-User-Name}' AND nasipaddress = '%{NAS-IP-Address}'
  838. (0) sql : --> UPDATE radacct SET acctstoptime = FROM_UNIXTIME(1412917782), acctsessiontime = '2013', acctinputoctets = '0' << 32 | '15621', acctoutputoctets = '0' << 32 | '41469', acctterminatecause = 'User-Request', connectinfo_stop = '' WHERE acctsessionid = '80000009' AND username = 'kos1' AND nasipaddress = '192.168.40.101'
  839. rlm_sql (sql): Executing query: 'UPDATE radacct SET acctstoptime = FROM_UNIXTIME(1412917782), acctsessiontime = '2013', acctinputoctets = '0' << 32 | '15621', acctoutputoctets = '0' << 32 | '41469', acctterminatecause = 'User-Request', connectinfo_stop = '' WHERE acctsessionid = '80000009' AND username = 'kos1' AND nasipaddress = '192.168.40.101''
  840. rlm_sql_mysql: Rows matched: 1 Changed: 1 Warnings: 0
  841. rlm_sql (sql): Released connection (4)
  842. (0) [sql] = ok
  843. (0) [exec] = noop
  844. (0) attr_filter.accounting_response : EXPAND %{User-Name}
  845. (0) attr_filter.accounting_response : --> kos1
  846. (0) attr_filter.accounting_response : Matched entry DEFAULT at line 12
  847. (0) [attr_filter.accounting_response] = updated
  848. (0) } # accounting = updated
  849. (0) Sending Accounting-Response packet to host 192.168.40.101 port 38992, id=31, length=0
  850. Sending Accounting-Response Id 31 from 192.168.40.12:1813 to 192.168.40.101:38992
  851. (0) Finished request
  852. Waking up in 0.2 seconds.
  853. (0) Cleaning up request packet ID 31 with timestamp +25
  854. Ready to process requests
  855. Received Access-Request Id 32 from 192.168.40.101:46813 to 192.168.40.12:1812 length 182
  856. NAS-Port-Type = Wireless-802.11
  857. Calling-Station-Id = '30:39:26:86:CC:EA'
  858. Called-Station-Id = 'hotspot1'
  859. NAS-Port-Id = 'citystore_test'
  860. User-Name = 'kos1'
  861. NAS-Port = 2147483658
  862. Acct-Session-Id = '8000000a'
  863. Framed-IP-Address = 10.5.50.253
  864. Mikrotik-Host-IP = 10.5.50.253
  865. User-Password = '1234'
  866. Service-Type = Login-User
  867. WISPr-Logoff-URL = 'http://10.5.50.1/logout'
  868. NAS-Identifier = 'MikroTik'
  869. NAS-IP-Address = 192.168.40.101
  870. (1) Received Access-Request packet from host 192.168.40.101 port 46813, id=32, length=182
  871. (1) NAS-Port-Type = Wireless-802.11
  872. (1) Calling-Station-Id = '30:39:26:86:CC:EA'
  873. (1) Called-Station-Id = 'hotspot1'
  874. (1) NAS-Port-Id = 'citystore_test'
  875. (1) User-Name = 'kos1'
  876. (1) NAS-Port = 2147483658
  877. (1) Acct-Session-Id = '8000000a'
  878. (1) Framed-IP-Address = 10.5.50.253
  879. (1) Mikrotik-Host-IP = 10.5.50.253
  880. (1) User-Password = '1234'
  881. (1) Service-Type = Login-User
  882. (1) WISPr-Logoff-URL = 'http://10.5.50.1/logout'
  883. (1) NAS-Identifier = 'MikroTik'
  884. (1) NAS-IP-Address = 192.168.40.101
  885. (1) # Executing section authorize from file /etc/freeradius/sites-enabled/default
  886. (1) authorize {
  887. (1) filter_username filter_username {
  888. (1) if (!&User-Name)
  889. (1) if (!&User-Name) -> FALSE
  890. (1) if (&User-Name =~ / /)
  891. (1) if (&User-Name =~ / /) -> FALSE
  892. (1) if (&User-Name =~ /@.*@/ )
  893. (1) if (&User-Name =~ /@.*@/ ) -> FALSE
  894. (1) if (&User-Name =~ /\\.\\./ )
  895. (1) if (&User-Name =~ /\\.\\./ ) -> FALSE
  896. (1) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))
  897. (1) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/)) -> FALSE
  898. (1) if (&User-Name =~ /\\.$/)
  899. (1) if (&User-Name =~ /\\.$/) -> FALSE
  900. (1) if (&User-Name =~ /@\\./)
  901. (1) if (&User-Name =~ /@\\./) -> FALSE
  902. (1) } # filter_username filter_username = notfound
  903. (1) [preprocess] = ok
  904. (1) [chap] = noop
  905. (1) [mschap] = noop
  906. (1) [digest] = noop
  907. (1) suffix : Checking for suffix after "@"
  908. (1) suffix : No '@' in User-Name = "kos1", looking up realm NULL
  909. (1) suffix : No such realm "NULL"
  910. (1) [suffix] = noop
  911. (1) eap : No EAP-Message, not doing EAP
  912. (1) [eap] = noop
  913. (1) [files] = noop
  914. (1) sql : EXPAND %{User-Name}
  915. (1) sql : --> kos1
  916. (1) sql : SQL-User-Name set to 'kos1'
  917. rlm_sql (sql): Reserved connection (4)
  918. (1) sql : EXPAND SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id
  919. (1) sql : --> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'kos1' ORDER BY id
  920. rlm_sql (sql): Executing query: 'SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'kos1' ORDER BY id'
  921. (1) sql : User found in radcheck table
  922. (1) sql : Check items matched
  923. (1) sql : EXPAND SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id
  924. (1) sql : --> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'kos1' ORDER BY id
  925. rlm_sql (sql): Executing query: 'SELECT id, username, attribute, value, op FROM radreply WHERE username = 'kos1' ORDER BY id'
  926. (1) sql : User found in radreply table
  927. (1) sql : EXPAND SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority
  928. (1) sql : --> SELECT groupname FROM radusergroup WHERE username = 'kos1' ORDER BY priority
  929. rlm_sql (sql): Executing query: 'SELECT groupname FROM radusergroup WHERE username = 'kos1' ORDER BY priority'
  930. (1) sql : User found in the group table
  931. (1) sql : EXPAND SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id
  932. (1) sql : --> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '512K/1M' ORDER BY id
  933. rlm_sql (sql): Executing query: 'SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '512K/1M' ORDER BY id'
  934. (1) sql : Group "512K/1M" check items matched
  935. (1) sql : EXPAND SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id
  936. (1) sql : --> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '512K/1M' ORDER BY id
  937. rlm_sql (sql): Executing query: 'SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '512K/1M' ORDER BY id'
  938. (1) sql : Group "512K/1M" reply items processed
  939. rlm_sql (sql): Released connection (4)
  940. rlm_sql (sql): Closing connection (0), from 1 unused connections
  941. rlm_sql_mysql: Socket destructor called, closing socket
  942. (1) [sql] = ok
  943. (1) WARNING: checkthetime : Couldn't find control attribute 'control:Max-Hours-Passed'
  944. (1) [checkthetime] = noop
  945. (1) [expiration] = noop
  946. (1) [logintime] = noop
  947. (1) [pap] = updated
  948. (1) } # authorize = updated
  949. (1) Found Auth-Type = PAP
  950. (1) # Executing group from file /etc/freeradius/sites-enabled/default
  951. (1) Auth-Type PAP {
  952. (1) pap : Login attempt with password
  953. (1) pap : User authenticated successfully
  954. (1) [pap] = ok
  955. (1) } # Auth-Type PAP = ok
  956. (1) # Executing section post-auth from file /etc/freeradius/sites-enabled/default
  957. (1) post-auth {
  958. (1) sql : EXPAND .query
  959. (1) sql : --> .query
  960. (1) sql : Using query template 'query'
  961. rlm_sql (sql): Reserved connection (4)
  962. (1) sql : EXPAND %{User-Name}
  963. (1) sql : --> kos1
  964. (1) sql : SQL-User-Name set to 'kos1'
  965. (1) sql : EXPAND INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{SQL-User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S')
  966. (1) sql : --> INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'kos1', '1234', 'Access-Accept', '2014-12-03 12:40:35')
  967. rlm_sql (sql): Executing query: 'INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'kos1', '1234', 'Access-Accept', '2014-12-03 12:40:35')'
  968. rlm_sql (sql): Released connection (4)
  969. (1) [sql] = ok
  970. (1) [exec] = noop
  971. (1) remove_reply_message_if_eap remove_reply_message_if_eap {
  972. (1) if (&reply:EAP-Message && &reply:Reply-Message)
  973. (1) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
  974. (1) else else {
  975. (1) [noop] = noop
  976. (1) } # else else = noop
  977. (1) } # remove_reply_message_if_eap remove_reply_message_if_eap = noop
  978. (1) } # post-auth = ok
  979. (1) Sending Access-Accept packet to host 192.168.40.101 port 46813, id=32, length=0
  980. (1) Fall-Through = Yes
  981. (1) Mikrotik-Rate-Limit = '512k/1M'
  982. Sending Access-Accept Id 32 from 192.168.40.12:1812 to 192.168.40.101:46813
  983. Mikrotik-Rate-Limit = '512k/1M'
  984. (1) Finished request
  985. Waking up in 0.3 seconds.
  986. Received Accounting-Request Id 33 from 192.168.40.101:54868 to 192.168.40.12:1813 length 145
  987. Acct-Status-Type = Start
  988. NAS-Port-Type = Wireless-802.11
  989. Calling-Station-Id = '30:39:26:86:CC:EA'
  990. Called-Station-Id = 'hotspot1'
  991. NAS-Port-Id = 'citystore_test'
  992. User-Name = 'kos1'
  993. NAS-Port = 2147483658
  994. Acct-Session-Id = '8000000a'
  995. Framed-IP-Address = 10.5.50.253
  996. Mikrotik-Host-IP = 10.5.50.253
  997. Event-Timestamp = 'Oct 10 2014 08:09:52 EEST'
  998. NAS-Identifier = 'MikroTik'
  999. Acct-Delay-Time = 0
  1000. NAS-IP-Address = 192.168.40.101
  1001. (2) Received Accounting-Request packet from host 192.168.40.101 port 54868, id=33, length=145
  1002. (2) Acct-Status-Type = Start
  1003. (2) NAS-Port-Type = Wireless-802.11
  1004. (2) Calling-Station-Id = '30:39:26:86:CC:EA'
  1005. (2) Called-Station-Id = 'hotspot1'
  1006. (2) NAS-Port-Id = 'citystore_test'
  1007. (2) User-Name = 'kos1'
  1008. (2) NAS-Port = 2147483658
  1009. (2) Acct-Session-Id = '8000000a'
  1010. (2) Framed-IP-Address = 10.5.50.253
  1011. (2) Mikrotik-Host-IP = 10.5.50.253
  1012. (2) Event-Timestamp = 'Oct 10 2014 08:09:52 EEST'
  1013. (2) NAS-Identifier = 'MikroTik'
  1014. (2) Acct-Delay-Time = 0
  1015. (2) NAS-IP-Address = 192.168.40.101
  1016. (2) # Executing section preacct from file /etc/freeradius/sites-enabled/default
  1017. (2) preacct {
  1018. (2) [preprocess] = ok
  1019. (2) acct_unique acct_unique {
  1020. (2) if ("%{string:Class}" =~ /ai:([0-9a-f]{32})/i)
  1021. (2) EXPAND %{string:Class}
  1022. (2) -->
  1023. (2) if ("%{string:Class}" =~ /ai:([0-9a-f]{32})/i) -> FALSE
  1024. (2) else else {
  1025. (2) update request {
  1026. (2) EXPAND %{md5:%{User-Name},%{Acct-Session-ID},%{%{NAS-IPv6-Address}:-%{NAS-IP-Address}},%{NAS-Identifier},%{NAS-Port-ID},%{NAS-Port}}
  1027. (2) --> 58b427db47953f04469bf5cbd799c223
  1028. (2) Acct-Unique-Session-Id := "58b427db47953f04469bf5cbd799c223"
  1029. (2) } # update request = noop
  1030. (2) } # else else = noop
  1031. (2) } # acct_unique acct_unique = noop
  1032. (2) suffix : Checking for suffix after "@"
  1033. (2) suffix : No '@' in User-Name = "kos1", looking up realm NULL
  1034. (2) suffix : No such realm "NULL"
  1035. (2) [suffix] = noop
  1036. (2) [files] = noop
  1037. (2) } # preacct = ok
  1038. (2) # Executing section accounting from file /etc/freeradius/sites-enabled/default
  1039. (2) accounting {
  1040. (2) detail : EXPAND /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d
  1041. (2) detail : --> /var/log/freeradius/radacct/192.168.40.101/detail-20141203
  1042. (2) detail : /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d expands to /var/log/freeradius/radacct/192.168.40.101/detail-20141203
  1043. (2) detail : EXPAND %t
  1044. (2) detail : --> Wed Dec 3 12:40:35 2014
  1045. (2) [detail] = ok
  1046. (2) [unix] = ok
  1047. (2) radutmp : EXPAND /var/log/freeradius/radutmp
  1048. (2) radutmp : --> /var/log/freeradius/radutmp
  1049. (2) radutmp : EXPAND %{User-Name}
  1050. (2) radutmp : --> kos1
  1051. (2) [radutmp] = ok
  1052. (2) sql : EXPAND %{tolower:type.%{Acct-Status-Type}.query}
  1053. (2) sql : --> type.start.query
  1054. (2) sql : Using query template 'query'
  1055. rlm_sql (sql): Reserved connection (4)
  1056. (2) sql : EXPAND %{User-Name}
  1057. (2) sql : --> kos1
  1058. (2) sql : SQL-User-Name set to 'kos1'
  1059. (2) sql : EXPAND INSERT INTO radacct (acctsessionid, acctuniqueid, username, realm, nasipaddress, nasportid, nasporttype, acctstarttime, acctupdatetime, acctstoptime, acctsessiontime, acctauthentic, connectinfo_start, connectinfo_stop, acctinputoctets, acctoutputoctets, calledstationid, callingstationid, acctterminatecause, servicetype, framedprotocol, framedipaddress) VALUES ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', FROM_UNIXTIME(%{integer:Event-Timestamp}), FROM_UNIXTIME(%{integer:Event-Timestamp}), NULL, '0', '%{Acct-Authentic}', '%{Connect-Info}', '', '0', '0', '%{Called-Station-Id}', '%{Calling-Station-Id}', '', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}')
  1060. (2) sql : --> INSERT INTO radacct (acctsessionid, acctuniqueid, username, realm, nasipaddress, nasportid, nasporttype, acctstarttime, acctupdatetime, acctstoptime, acctsessiontime, acctauthentic, connectinfo_start, connectinfo_stop, acctinputoctets, acctoutputoctets, calledstationid, callingstationid, acctterminatecause, servicetype, framedprotocol, framedipaddress) VALUES ('8000000a', '58b427db47953f04469bf5cbd799c223', 'kos1', '', '192.168.40.101', '2147483658', 'Wireless-802.11', FROM_UNIXTIME(1412917792), FROM_UNIXTIME(1412917792), NULL, '0', '', '', '', '0', '0', 'hotspot1', '30:39:26:86:CC:EA', '', '', '', '10.5.50.253')
  1061. rlm_sql (sql): Executing query: 'INSERT INTO radacct (acctsessionid, acctuniqueid, username, realm, nasipaddress, nasportid, nasporttype, acctstarttime, acctupdatetime, acctstoptime, acctsessiontime, acctauthentic, connectinfo_start, connectinfo_stop, acctinputoctets, acctoutputoctets, calledstationid, callingstationid, acctterminatecause, servicetype, framedprotocol, framedipaddress) VALUES ('8000000a', '58b427db47953f04469bf5cbd799c223', 'kos1', '', '192.168.40.101', '2147483658', 'Wireless-802.11', FROM_UNIXTIME(1412917792), FROM_UNIXTIME(1412917792), NULL, '0', '', '', '', '0', '0', 'hotspot1', '30:39:26:86:CC:EA', '', '', '', '10.5.50.253')'
  1062. rlm_sql (sql): Released connection (4)
  1063. (2) [sql] = ok
  1064. (2) [exec] = noop
  1065. (2) attr_filter.accounting_response : EXPAND %{User-Name}
  1066. (2) attr_filter.accounting_response : --> kos1
  1067. (2) attr_filter.accounting_response : Matched entry DEFAULT at line 12
  1068. (2) [attr_filter.accounting_response] = updated
  1069. (2) } # accounting = updated
  1070. (2) Sending Accounting-Response packet to host 192.168.40.101 port 54868, id=33, length=0
  1071. Sending Accounting-Response Id 33 from 192.168.40.12:1813 to 192.168.40.101:54868
  1072. (2) Finished request
  1073. Waking up in 0.2 seconds.
  1074. (2) Cleaning up request packet ID 33 with timestamp +35
  1075. Waking up in 4.6 seconds.
  1076. (1) Cleaning up request packet ID 32 with timestamp +35
  1077. Ready to process requests
  1078. Received Accounting-Request Id 34 from 192.168.40.101:56132 to 192.168.40.12:1813 length 193
  1079. Acct-Status-Type = Stop
  1080. Acct-Terminate-Cause = User-Request
  1081. NAS-Port-Type = Wireless-802.11
  1082. Calling-Station-Id = '30:39:26:86:CC:EA'
  1083. Called-Station-Id = 'hotspot1'
  1084. NAS-Port-Id = 'citystore_test'
  1085. User-Name = 'kos1'
  1086. NAS-Port = 2147483658
  1087. Acct-Session-Id = '8000000a'
  1088. Framed-IP-Address = 10.5.50.253
  1089. Mikrotik-Host-IP = 10.5.50.253
  1090. Event-Timestamp = 'Oct 10 2014 08:10:39 EEST'
  1091. Acct-Input-Octets = 160
  1092. Acct-Output-Octets = 208
  1093. Acct-Input-Gigawords = 0
  1094. Acct-Output-Gigawords = 0
  1095. Acct-Input-Packets = 4
  1096. Acct-Output-Packets = 4
  1097. Acct-Session-Time = 48
  1098. NAS-Identifier = 'MikroTik'
  1099. Acct-Delay-Time = 0
  1100. NAS-IP-Address = 192.168.40.101
  1101. (3) Received Accounting-Request packet from host 192.168.40.101 port 56132, id=34, length=193
  1102. (3) Acct-Status-Type = Stop
  1103. (3) Acct-Terminate-Cause = User-Request
  1104. (3) NAS-Port-Type = Wireless-802.11
  1105. (3) Calling-Station-Id = '30:39:26:86:CC:EA'
  1106. (3) Called-Station-Id = 'hotspot1'
  1107. (3) NAS-Port-Id = 'citystore_test'
  1108. (3) User-Name = 'kos1'
  1109. (3) NAS-Port = 2147483658
  1110. (3) Acct-Session-Id = '8000000a'
  1111. (3) Framed-IP-Address = 10.5.50.253
  1112. (3) Mikrotik-Host-IP = 10.5.50.253
  1113. (3) Event-Timestamp = 'Oct 10 2014 08:10:39 EEST'
  1114. (3) Acct-Input-Octets = 160
  1115. (3) Acct-Output-Octets = 208
  1116. (3) Acct-Input-Gigawords = 0
  1117. (3) Acct-Output-Gigawords = 0
  1118. (3) Acct-Input-Packets = 4
  1119. (3) Acct-Output-Packets = 4
  1120. (3) Acct-Session-Time = 48
  1121. (3) NAS-Identifier = 'MikroTik'
  1122. (3) Acct-Delay-Time = 0
  1123. (3) NAS-IP-Address = 192.168.40.101
  1124. (3) # Executing section preacct from file /etc/freeradius/sites-enabled/default
  1125. (3) preacct {
  1126. (3) [preprocess] = ok
  1127. (3) acct_unique acct_unique {
  1128. (3) if ("%{string:Class}" =~ /ai:([0-9a-f]{32})/i)
  1129. (3) EXPAND %{string:Class}
  1130. (3) -->
  1131. (3) if ("%{string:Class}" =~ /ai:([0-9a-f]{32})/i) -> FALSE
  1132. (3) else else {
  1133. (3) update request {
  1134. (3) EXPAND %{md5:%{User-Name},%{Acct-Session-ID},%{%{NAS-IPv6-Address}:-%{NAS-IP-Address}},%{NAS-Identifier},%{NAS-Port-ID},%{NAS-Port}}
  1135. (3) --> 58b427db47953f04469bf5cbd799c223
  1136. (3) Acct-Unique-Session-Id := "58b427db47953f04469bf5cbd799c223"
  1137. (3) } # update request = noop
  1138. (3) } # else else = noop
  1139. (3) } # acct_unique acct_unique = noop
  1140. (3) suffix : Checking for suffix after "@"
  1141. (3) suffix : No '@' in User-Name = "kos1", looking up realm NULL
  1142. (3) suffix : No such realm "NULL"
  1143. (3) [suffix] = noop
  1144. (3) [files] = noop
  1145. (3) } # preacct = ok
  1146. (3) # Executing section accounting from file /etc/freeradius/sites-enabled/default
  1147. (3) accounting {
  1148. (3) detail : EXPAND /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d
  1149. (3) detail : --> /var/log/freeradius/radacct/192.168.40.101/detail-20141203
  1150. (3) detail : /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d expands to /var/log/freeradius/radacct/192.168.40.101/detail-20141203
  1151. (3) detail : EXPAND %t
  1152. (3) detail : --> Wed Dec 3 12:41:22 2014
  1153. (3) [detail] = ok
  1154. (3) [unix] = ok
  1155. (3) radutmp : EXPAND /var/log/freeradius/radutmp
  1156. (3) radutmp : --> /var/log/freeradius/radutmp
  1157. (3) radutmp : EXPAND %{User-Name}
  1158. (3) radutmp : --> kos1
  1159. (3) [radutmp] = ok
  1160. (3) sql : EXPAND %{tolower:type.%{Acct-Status-Type}.query}
  1161. (3) sql : --> type.stop.query
  1162. (3) sql : Using query template 'query'
  1163. rlm_sql (sql): Reserved connection (4)
  1164. (3) sql : EXPAND %{User-Name}
  1165. (3) sql : --> kos1
  1166. (3) sql : SQL-User-Name set to 'kos1'
  1167. (3) sql : EXPAND UPDATE radacct SET acctstoptime = FROM_UNIXTIME(%{integer:Event-Timestamp}), acctsessiontime = '%{Acct-Session-Time}', acctinputoctets = '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}', acctterminatecause = '%{Acct-Terminate-Cause}', connectinfo_stop = '%{Connect-Info}' WHERE acctsessionid = '%{Acct-Session-Id}' AND username = '%{SQL-User-Name}' AND nasipaddress = '%{NAS-IP-Address}'
  1168. (3) sql : --> UPDATE radacct SET acctstoptime = FROM_UNIXTIME(1412917839), acctsessiontime = '48', acctinputoctets = '0' << 32 | '160', acctoutputoctets = '0' << 32 | '208', acctterminatecause = 'User-Request', connectinfo_stop = '' WHERE acctsessionid = '8000000a' AND username = 'kos1' AND nasipaddress = '192.168.40.101'
  1169. rlm_sql (sql): Executing query: 'UPDATE radacct SET acctstoptime = FROM_UNIXTIME(1412917839), acctsessiontime = '48', acctinputoctets = '0' << 32 | '160', acctoutputoctets = '0' << 32 | '208', acctterminatecause = 'User-Request', connectinfo_stop = '' WHERE acctsessionid = '8000000a' AND username = 'kos1' AND nasipaddress = '192.168.40.101''
  1170. rlm_sql_mysql: Rows matched: 1 Changed: 1 Warnings: 0
  1171. rlm_sql (sql): Released connection (4)
  1172. rlm_sql (sql): Closing connection (3): Hit idle_timeout, was idle for 82 seconds
  1173. rlm_sql (sql): You probably need to lower "min"
  1174. rlm_sql_mysql: Socket destructor called, closing socket
  1175. rlm_sql (sql): Closing connection (2): Hit idle_timeout, was idle for 82 seconds
  1176. rlm_sql (sql): You probably need to lower "min"
  1177. rlm_sql_mysql: Socket destructor called, closing socket
  1178. rlm_sql (sql): Closing connection (1): Hit idle_timeout, was idle for 82 seconds
  1179. rlm_sql (sql): You probably need to lower "min"
  1180. rlm_sql_mysql: Socket destructor called, closing socket
  1181. (3) [sql] = ok
  1182. (3) [exec] = noop
  1183. (3) attr_filter.accounting_response : EXPAND %{User-Name}
  1184. (3) attr_filter.accounting_response : --> kos1
  1185. (3) attr_filter.accounting_response : Matched entry DEFAULT at line 12
  1186. (3) [attr_filter.accounting_response] = updated
  1187. (3) } # accounting = updated
  1188. (3) Sending Accounting-Response packet to host 192.168.40.101 port 56132, id=34, length=0
  1189. Sending Accounting-Response Id 34 from 192.168.40.12:1813 to 192.168.40.101:56132
  1190. (3) Finished request
  1191. Waking up in 0.3 seconds.
  1192. (3) Cleaning up request packet ID 34 with timestamp +82
  1193. Ready to process requests
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!