freeradius

1. FreeRADIUS Version 2.1.10, for host x86_64-pc-linux-gnu, built on Nov 24 2011 at 07:53:12
2. Copyright (C) 1999-2009 The FreeRADIUS server project and contributors.
3. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
4. PARTICULAR PURPOSE.
5. You may redistribute copies of FreeRADIUS under the terms of the
6. GNU General Public License v2.
7. Starting - reading configuration files ...
8. including configuration file /etc/freeradius/radiusd.conf
9. including configuration file /etc/freeradius/proxy.conf
10. including configuration file /etc/freeradius/clients.conf
11. including files in directory /etc/freeradius/modules/
12. including configuration file /etc/freeradius/modules/cui
13. including configuration file /etc/freeradius/modules/expr
14. including configuration file /etc/freeradius/modules/detail.log
15. including configuration file /etc/freeradius/modules/smsotp
16. including configuration file /etc/freeradius/modules/dynamic_clients
17. including configuration file /etc/freeradius/modules/chap
18. including configuration file /etc/freeradius/modules/krb5
19. including configuration file /etc/freeradius/modules/mschap
20. including configuration file /etc/freeradius/modules/wimax
21. including configuration file /etc/freeradius/modules/sql_log
22. including configuration file /etc/freeradius/modules/opendirectory
23. including configuration file /etc/freeradius/modules/ntlm_auth
24. including configuration file /etc/freeradius/modules/etc_group
25. including configuration file /etc/freeradius/modules/ippool
26. including configuration file /etc/freeradius/modules/counter
27. including configuration file /etc/freeradius/modules/radutmp
28. including configuration file /etc/freeradius/modules/passwd
29. including configuration file /etc/freeradius/modules/pam
30. including configuration file /etc/freeradius/modules/attr_rewrite
31. including configuration file /etc/freeradius/modules/smbpasswd
32. including configuration file /etc/freeradius/modules/always
33. including configuration file /etc/freeradius/modules/otp
34. including configuration file /etc/freeradius/modules/sqlcounter_expire_on_login
35. including configuration file /etc/freeradius/modules/mac2ip
36. including configuration file /etc/freeradius/modules/acct_unique
37. including configuration file /etc/freeradius/modules/inner-eap
38. including configuration file /etc/freeradius/modules/logintime
39. including configuration file /etc/freeradius/modules/attr_filter
40. including configuration file /etc/freeradius/modules/pap
41. including configuration file /etc/freeradius/modules/digest
42. including configuration file /etc/freeradius/modules/perl
43. including configuration file /etc/freeradius/modules/detail.example.com
44. including configuration file /etc/freeradius/modules/files
45. including configuration file /etc/freeradius/modules/echo
46. including configuration file /etc/freeradius/modules/unix
47. including configuration file /etc/freeradius/modules/expiration
48. including configuration file /etc/freeradius/modules/preprocess
49.  
50. including configuration file /etc/freeradius/modules/realm
51. including configuration file /etc/freeradius/modules/linelog
52. including configuration file /etc/freeradius/modules/exec
53. including configuration file /etc/freeradius/modules/sradutmp
54. including configuration file /etc/freeradius/modules/checkval
55. including configuration file /etc/freeradius/modules/policy
56. including configuration file /etc/freeradius/modules/mac2vlan
57. including configuration file /etc/freeradius/modules/ldap
58. including configuration file /etc/freeradius/modules/detail
59. including configuration file /etc/freeradius/eap.conf
60. including configuration file /etc/freeradius/policy.conf
61. including files in directory /etc/freeradius/sites-enabled/
62. including configuration file /etc/freeradius/sites-enabled/inner-tunnel
63. including configuration file /etc/freeradius/sites-enabled/default
64. main {
65. user = "freerad"
66. group = "freerad"
67. allow_core_dumps = no
68. }
69. including dictionary file /etc/freeradius/dictionary
70. main {
71. prefix = "/usr"
72. localstatedir = "/var"
73. logdir = "/var/log/freeradius"
74. libdir = "/usr/lib/freeradius"
75. radacctdir = "/var/log/freeradius/radacct"
76. hostname_lookups = no
77. max_request_time = 30
78. cleanup_delay = 5
79. max_requests = 1024
80. pidfile = "/var/run/freeradius/freeradius.pid"
81. checkrad = "/usr/sbin/checkrad"
82. debug_level = 0
83. proxy_requests = yes
84. log {
85. stripped_names = no
86. auth = yes
87. auth_badpass = yes
88. auth_goodpass = yes
89. }
90. security {
91. max_attributes = 200
92. reject_delay = 1
93. status_server = no
94. }
95. }
96.  
97.  
98. radiusd: #### Loading Realms and Home Servers ####
99. proxy server {
100. retry_delay = 5
101. retry_count = 3
102. default_fallback = no
103. dead_time = 120
104. wake_all_if_all_dead = no
105. }
106. home_server localhost {
107. ipaddr = 127.0.0.1
108. port = 1812
109. type = "auth"
110. secret = "testing123"
111. response_window = 20
112. max_outstanding = 65536
113. require_message_authenticator = yes
114. zombie_period = 40
115. status_check = "status-server"
116. ping_interval = 30
117. check_interval = 30
118. num_answers_to_alive = 3
119. num_pings_to_alive = 3
120. revive_interval = 120
121. status_check_timeout = 4
122. irt = 2
123. mrt = 16
124. mrc = 5
125. mrd = 30
126. }
127. home_server_pool my_auth_failover {
128. type = fail-over
129. home_server = localhost
130. }
131. realm example.com {
132. auth_pool = my_auth_failover
133. }
134. realm LOCAL {
135. }
136. radiusd: #### Loading Clients ####
137. client localhost {
138. ipaddr = 127.0.0.1
139. require_message_authenticator = no
140. secret = "testing123"
141. nastype = "other"
142. }
143.  
144. radiusd: #### Instantiating modules ####
145. instantiate {
146. Module: Linked to module rlm_exec
147. Module: Instantiating module "exec" from file /etc/freeradius/modules/exec
148. exec {
149. wait = no
150. input_pairs = "request"
151. shell_escape = yes
152. }
153. Module: Linked to module rlm_expr
154. Module: Instantiating module "expr" from file /etc/freeradius/modules/expr
155. Module: Linked to module rlm_expiration
156. Module: Instantiating module "expiration" from file /etc/freeradius/modules/expiration
157.  
158. expiration {
159. reply-message = "Password Has Expired "
160. }
161. Module: Linked to module rlm_logintime
162. Module: Instantiating module "logintime" from file /etc/freeradius/modules/logintime
163. logintime {
164. reply-message = "You are calling outside your allowed timespan "
165. minimum-timeout = 60
166. }
167. }
168. radiusd: #### Loading Virtual Servers ####
169. server inner-tunnel { # from file /etc/freeradius/sites-enabled/inner-tunnel
170. modules {
171. Module: Checking authenticate {...} for more modules to load
172. Module: Linked to module rlm_pap
173. Module: Instantiating module "pap" from file /etc/freeradius/radiusd.conf
174. pap {
175. encryption_scheme = "crypt"
176. auto_header = no
177. }
178. Module: Linked to module rlm_chap
179. Module: Instantiating module "chap" from file /etc/freeradius/radiusd.conf
180. Module: Linked to module rlm_mschap
181. Module: Instantiating module "mschap" from file /etc/freeradius/radiusd.conf
182. mschap {
183. use_mppe = yes
184. require_encryption = no
185. require_strong = no
186. with_ntdomain_hack = no
187. }
188. Module: Linked to module rlm_unix
189. Module: Instantiating module "unix" from file /etc/freeradius/modules/unix
190. unix {
191. radwtmp = "/var/log/freeradius/radwtmp"
192. }
193. Module: Linked to module rlm_eap
194. Module: Instantiating module "eap" from file /etc/freeradius/eap.conf
195. eap {
196. default_eap_type = "md5"
197. timer_expire = 60
198. ignore_unknown_eap_types = no
199. cisco_accounting_username_bug = no
200. max_sessions = 4096
201. }
202. Module: Linked to sub-module rlm_eap_md5
203. Module: Instantiating eap-md5
204. Module: Linked to sub-module rlm_eap_leap
205.  
206. Module: Instantiating eap-leap
207. Module: Linked to sub-module rlm_eap_gtc
208. Module: Instantiating eap-gtc
209. gtc {
210. challenge = "Password: "
211. auth_type = "PAP"
212. }
213. Module: Linked to sub-module rlm_eap_tls
214. Module: Instantiating eap-tls
215. tls {
216. rsa_key_exchange = no
217. dh_key_exchange = yes
218. rsa_key_length = 512
219. dh_key_length = 512
220. verify_depth = 0
221. CA_path = "/etc/freeradius/certs"
222. pem_file_type = yes
223. private_key_file = "/etc/freeradius/certs/server.key"
224. certificate_file = "/etc/freeradius/certs/server.pem"
225. CA_file = "/etc/freeradius/certs/ca.pem"
226. private_key_password = "whatever"
227.  
228. dh_file = "/etc/freeradius/certs/dh"
229. random_file = "/dev/urandom"
230. fragment_size = 1024
231. include_length = yes
232. check_crl = no
233. cipher_list = "DEFAULT"
234. make_cert_command = "/etc/freeradius/certs/bootstrap"
235. cache {
236. enable = no
237. lifetime = 24
238. max_entries = 255
239. }
240. verify {
241. }
242. }
243. Module: Linked to sub-module rlm_eap_ttls
244. Module: Instantiating eap-ttls
245. ttls {
246. default_eap_type = "md5"
247. copy_request_to_tunnel = no
248. use_tunneled_reply = no
249. virtual_server = "inner-tunnel"
250. include_length = yes
251. }
252. Module: Linked to sub-module rlm_eap_peap
253. Module: Instantiating eap-peap
254. peap {
255. default_eap_type = "mschapv2"
256. copy_request_to_tunnel = no
257. use_tunneled_reply = no
258. proxy_tunneled_request_as_eap = yes
259. virtual_server = "inner-tunnel"
260. }
261. Module: Linked to sub-module rlm_eap_mschapv2
262. Module: Instantiating eap-mschapv2
263. mschapv2 {
264. with_ntdomain_hack = no
265. }
266. Module: Checking authorize {...} for more modules to load
267. Module: Linked to module rlm_realm
268. Module: Instantiating module "suffix" from file /etc/freeradius/radiusd.conf
269. realm suffix {
270.  
271. format = "suffix"
272. delimiter = "@"
273. ignore_default = no
274. ignore_null = no
275. }
276. Module: Linked to module rlm_files
277. Module: Instantiating module "files" from file /etc/freeradius/modules/files
278. files {
279. usersfile = "/etc/freeradius/users"
280. acctusersfile = "/etc/freeradius/acct_users"
281. preproxy_usersfile = "/etc/freeradius/preproxy_users"
282. compat = "no"
283. }
284. Module: Checking session {...} for more modules to load
285. Module: Linked to module rlm_radutmp
286. Module: Instantiating module "radutmp" from file /etc/freeradius/modules/radutmp
287. radutmp {
288. filename = "/var/log/freeradius/radutmp"
289. username = "%{User-Name}"
290. case_sensitive = yes
291. check_with_nas = yes
292. perm = 384
293. callerid = yes
294. }
295. Module: Checking post-proxy {...} for more modules to load
296. Module: Checking post-auth {...} for more modules to load
297. Module: Linked to module rlm_attr_filter
298. Module: Instantiating module "attr_filter.access_reject" from file /etc/freeradius/modules/attr_filter
299. attr_filter attr_filter.access_reject {
300. attrsfile = "/etc/freeradius/attrs.access_reject"
301. key = "%{User-Name}"
302. }
303. } # modules
304. } # server
305. server { # from file /etc/freeradius/radiusd.conf
306. modules {
307. Module: Checking authenticate {...} for more modules to load
308. Module: Linked to module rlm_digest
309. Module: Instantiating module "digest" from file /etc/freeradius/modules/digest
310. Module: Checking authorize {...} for more modules to load
311. Module: Linked to module rlm_preprocess
312. Module: Instantiating module "preprocess" from file /etc/freeradius/modules/preprocess
313. preprocess {
314. huntgroups = "/etc/freeradius/huntgroups"
315. hints = "/etc/freeradius/hints"
316. with_ascend_hack = no
317.  
318. ascend_channels_per_line = 23
319. with_ntdomain_hack = no
320. with_specialix_jetstream_hack = no
321. with_cisco_vsa_hack = no
322. with_alvarion_vsa_hack = no
323. }
324. Module: Checking preacct {...} for more modules to load
325. Module: Linked to module rlm_acct_unique
326. Module: Instantiating module "acct_unique" from file /etc/freeradius/modules/acct_unique
327. acct_unique {
328. key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port"
329. }
330. Module: Checking accounting {...} for more modules to load
331. Module: Linked to module rlm_detail
332. Module: Instantiating module "detail" from file /etc/freeradius/modules/detail
333. detail {
334. detailfile = "/var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
335. header = "%t"
336. detailperm = 384
337. dirperm = 493
338. locking = no
339. log_packet_header = no
340. }
341. Module: Instantiating module "attr_filter.accounting_response" from file /etc/freeradius/modules/attr_filter
342. attr_filter attr_filter.accounting_response {
343. attrsfile = "/etc/freeradius/attrs.accounting_response"
344. key = "%{User-Name}"
345. }
346. Module: Checking session {...} for more modules to load
347. Module: Checking post-proxy {...} for more modules to load
348. Module: Checking post-auth {...} for more modules to load
349. } # modules
350. } # server
351. radiusd: #### Opening IP addresses and Ports ####
352. listen {
353. type = "auth"
354. ipaddr = *
355. port = 0
356. }
357. listen {
358. type = "auth"
359. ipaddr = 127.0.0.1
360. port = 18120
361. }
362. Listening on authentication address * port 1812
363. Listening on authentication address 127.0.0.1 port 18120 as server inner-tunnel
364.  
365. Listening on proxy address * port 1814
366. Ready to process requests.