API tools faq
paste
Guest User

Untitled

a guest
Jan 22nd, 2016
485
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 36.84 KB | None | 0 0
raw download clone embed print report
  1. FreeRADIUS Version 2.1.12, for host i686-pc-linux-gnu, built on Feb 27 2015 at 12:38:42
  2. Copyright (C) 1999-2009 The FreeRADIUS server project and contributors.
  3. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
  4. PARTICULAR PURPOSE.
  5. You may redistribute copies of FreeRADIUS under the terms of the
  6. GNU General Public License v2.
  7. Starting - reading configuration files ...
  8. including configuration file /etc/freeradius/radiusd.conf
  9. including configuration file /etc/freeradius/proxy.conf
  10. including configuration file /etc/freeradius/clients.conf
  11. including files in directory /etc/freeradius/modules/
  12. including configuration file /etc/freeradius/modules/detail
  13. including configuration file /etc/freeradius/modules/cui
  14. including configuration file /etc/freeradius/modules/smsotp
  15. including configuration file /etc/freeradius/modules/expiration
  16. including configuration file /etc/freeradius/modules/unix
  17. including configuration file /etc/freeradius/modules/replicate
  18. including configuration file /etc/freeradius/modules/detail.example.com
  19. including configuration file /etc/freeradius/modules/passwd
  20. including configuration file /etc/freeradius/modules/opendirectory
  21. including configuration file /etc/freeradius/modules/ippool
  22. including configuration file /etc/freeradius/modules/chap
  23. including configuration file /etc/freeradius/modules/mschap
  24. including configuration file /etc/freeradius/modules/soh
  25. including configuration file /etc/freeradius/modules/etc_group
  26. including configuration file /etc/freeradius/modules/logintime
  27. including configuration file /etc/freeradius/modules/radutmp
  28. including configuration file /etc/freeradius/modules/exec
  29. including configuration file /etc/freeradius/modules/counter
  30. including configuration file /etc/freeradius/modules/inner-eap
  31. including configuration file /etc/freeradius/modules/mac2vlan
  32. including configuration file /etc/freeradius/modules/files
  33. including configuration file /etc/freeradius/modules/perl
  34. including configuration file /etc/freeradius/modules/mac2ip
  35. including configuration file /etc/freeradius/modules/krb5
  36. including configuration file /etc/freeradius/modules/ntlm_auth
  37. including configuration file /etc/freeradius/modules/preprocess
  38. including configuration file /etc/freeradius/modules/ldap
  39. including configuration file /etc/freeradius/modules/sql_log
  40. including configuration file /etc/freeradius/modules/dynamic_clients
  41. including configuration file /etc/freeradius/modules/policy
  42. including configuration file /etc/freeradius/modules/smbpasswd
  43. including configuration file /etc/freeradius/modules/linelog
  44. including configuration file /etc/freeradius/modules/pap
  45. including configuration file /etc/freeradius/modules/sradutmp
  46. including configuration file /etc/freeradius/modules/always
  47. including configuration file /etc/freeradius/modules/pam
  48. including configuration file /etc/freeradius/modules/sqlcounter_expire_on_login
  49. including configuration file /etc/freeradius/modules/echo
  50. including configuration file /etc/freeradius/modules/rediswho
  51. including configuration file /etc/freeradius/modules/redis
  52. including configuration file /etc/freeradius/modules/attr_rewrite
  53. including configuration file /etc/freeradius/modules/realm
  54. including configuration file /etc/freeradius/modules/attr_filter
  55. including configuration file /etc/freeradius/modules/expr
  56. including configuration file /etc/freeradius/modules/otp
  57. including configuration file /etc/freeradius/modules/detail.log
  58. including configuration file /etc/freeradius/modules/digest
  59. including configuration file /etc/freeradius/modules/wimax
  60. including configuration file /etc/freeradius/modules/acct_unique
  61. including configuration file /etc/freeradius/modules/checkval
  62. including configuration file /etc/freeradius/eap.conf
  63. including configuration file /etc/freeradius/policy.conf
  64. including files in directory /etc/freeradius/sites-enabled/
  65. including configuration file /etc/freeradius/sites-enabled/default
  66. including configuration file /etc/freeradius/sites-enabled/inner-tunnel
  67. main {
  68. user = "freerad"
  69. group = "freerad"
  70. allow_core_dumps = no
  71. }
  72. including dictionary file /etc/freeradius/dictionary
  73. main {
  74. name = "freeradius"
  75. prefix = "/usr"
  76. localstatedir = "/var"
  77. sbindir = "/usr/sbin"
  78. logdir = "/var/log/freeradius"
  79. run_dir = "/var/run/freeradius"
  80. libdir = "/usr/lib/freeradius"
  81. radacctdir = "/var/log/freeradius/radacct"
  82. hostname_lookups = no
  83. max_request_time = 30
  84. cleanup_delay = 5
  85. max_requests = 1024
  86. pidfile = "/var/run/freeradius/freeradius.pid"
  87. checkrad = "/usr/sbin/checkrad"
  88. debug_level = 0
  89. proxy_requests = no
  90. log {
  91. stripped_names = no
  92. auth = no
  93. auth_badpass = no
  94. auth_goodpass = no
  95. }
  96. security {
  97. max_attributes = 200
  98. reject_delay = 1
  99. status_server = yes
  100. }
  101. }
  102. radiusd: #### Loading Realms and Home Servers ####
  103. proxy server {
  104. retry_delay = 5
  105. retry_count = 3
  106. default_fallback = no
  107. dead_time = 120
  108. wake_all_if_all_dead = no
  109. }
  110. home_server localhost {
  111. ipaddr = 127.0.0.1
  112. port = 1812
  113. type = "auth"
  114. secret = "testing123"
  115. response_window = 20
  116. max_outstanding = 65536
  117. require_message_authenticator = yes
  118. zombie_period = 40
  119. status_check = "status-server"
  120. ping_interval = 30
  121. check_interval = 30
  122. num_answers_to_alive = 3
  123. num_pings_to_alive = 3
  124. revive_interval = 120
  125. status_check_timeout = 4
  126. coa {
  127. irt = 2
  128. mrt = 16
  129. mrc = 5
  130. mrd = 30
  131. }
  132. }
  133. home_server_pool my_auth_failover {
  134. type = fail-over
  135. home_server = localhost
  136. }
  137. realm example.com {
  138. auth_pool = my_auth_failover
  139. }
  140. realm LOCAL {
  141. }
  142. radiusd: #### Loading Clients ####
  143. client localhost {
  144. ipaddr = 127.0.0.1
  145. require_message_authenticator = no
  146. secret = "testing123"
  147. nastype = "other"
  148. }
  149. client 192.168.1.0/24 {
  150. require_message_authenticator = no
  151. secret = "testing123"
  152. shortname = "private-network-1"
  153. }
  154. radiusd: #### Instantiating modules ####
  155. instantiate {
  156. Module: Linked to module rlm_exec
  157. Module: Instantiating module "exec" from file /etc/freeradius/modules/exec
  158. exec {
  159. wait = no
  160. input_pairs = "request"
  161. shell_escape = yes
  162. }
  163. Module: Linked to module rlm_expr
  164. Module: Instantiating module "expr" from file /etc/freeradius/modules/expr
  165. Module: Linked to module rlm_expiration
  166. Module: Instantiating module "expiration" from file /etc/freeradius/modules/expiration
  167. expiration {
  168. reply-message = "Password Has Expired "
  169. }
  170. Module: Linked to module rlm_logintime
  171. Module: Instantiating module "logintime" from file /etc/freeradius/modules/logintime
  172. logintime {
  173. reply-message = "You are calling outside your allowed timespan "
  174. minimum-timeout = 60
  175. }
  176. }
  177. radiusd: #### Loading Virtual Servers ####
  178. server { # from file /etc/freeradius/radiusd.conf
  179. modules {
  180. Module: Creating Auth-Type = digest
  181. Module: Creating Auth-Type = LDAP
  182. Module: Creating Post-Auth-Type = REJECT
  183. Module: Checking authenticate {...} for more modules to load
  184. Module: Linked to module rlm_pap
  185. Module: Instantiating module "pap" from file /etc/freeradius/modules/pap
  186. pap {
  187. encryption_scheme = "auto"
  188. auto_header = no
  189. }
  190. Module: Linked to module rlm_chap
  191. Module: Instantiating module "chap" from file /etc/freeradius/modules/chap
  192. Module: Linked to module rlm_mschap
  193. Module: Instantiating module "mschap" from file /etc/freeradius/modules/mschap
  194. mschap {
  195. use_mppe = yes
  196. require_encryption = no
  197. require_strong = no
  198. with_ntdomain_hack = no
  199. allow_retry = yes
  200. }
  201. Module: Linked to module rlm_digest
  202. Module: Instantiating module "digest" from file /etc/freeradius/modules/digest
  203. Module: Linked to module rlm_unix
  204. Module: Instantiating module "unix" from file /etc/freeradius/modules/unix
  205. unix {
  206. radwtmp = "/var/log/freeradius/radwtmp"
  207. }
  208. Module: Linked to module rlm_ldap
  209. Module: Instantiating module "ldap" from file /etc/freeradius/modules/ldap
  210. ldap {
  211. server = "192.168.1.110"
  212. port = 389
  213. password = "M13n14e5"
  214. identity = "cn=admin,dc=example,dc=com"
  215. net_timeout = 1
  216. timeout = 4
  217. timelimit = 3
  218. tls_mode = no
  219. start_tls = no
  220. tls_require_cert = "allow"
  221. tls {
  222. start_tls = no
  223. require_cert = "allow"
  224. }
  225. basedn = "ou=people,dc=example,dc=com"
  226. filter = "(uniqueIdentifier=%{%{Stripped-User-Name}:-%{User-Name}})"
  227. base_filter = "(objectclass=radiusprofile)"
  228. auto_header = no
  229. access_attr_used_for_allow = yes
  230. groupname_attribute = "cn"
  231. groupmembership_filter = "(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))"
  232. dictionary_mapping = "/etc/freeradius/ldap.attrmap"
  233. ldap_debug = 0
  234. ldap_connections_number = 5
  235. compare_check_items = no
  236. do_xlat = yes
  237. edir_account_policy_check = no
  238. set_auth_type = yes
  239. keepalive {
  240. idle = 60
  241. probes = 3
  242. interval = 3
  243. }
  244. }
  245. rlm_ldap: Registering ldap_groupcmp for Ldap-Group
  246. rlm_ldap: Registering ldap_xlat with xlat_name ldap
  247. rlm_ldap: reading ldap<->radius mappings from file /etc/freeradius/ldap.attrmap
  248. rlm_ldap: LDAP radiusCheckItem mapped to RADIUS $GENERIC$
  249. rlm_ldap: LDAP radiusReplyItem mapped to RADIUS $GENERIC$
  250. rlm_ldap: LDAP radiusAuthType mapped to RADIUS Auth-Type
  251. rlm_ldap: LDAP radiusSimultaneousUse mapped to RADIUS Simultaneous-Use
  252. rlm_ldap: LDAP radiusCalledStationId mapped to RADIUS Called-Station-Id
  253. rlm_ldap: LDAP radiusCallingStationId mapped to RADIUS Calling-Station-Id
  254. rlm_ldap: LDAP lmPassword mapped to RADIUS LM-Password
  255. rlm_ldap: LDAP ntPassword mapped to RADIUS NT-Password
  256. rlm_ldap: LDAP sambaLmPassword mapped to RADIUS LM-Password
  257. rlm_ldap: LDAP sambaNtPassword mapped to RADIUS NT-Password
  258. rlm_ldap: LDAP dBCSPwd mapped to RADIUS LM-Password
  259. rlm_ldap: LDAP userPassword mapped to RADIUS Password-With-Header
  260. rlm_ldap: LDAP acctFlags mapped to RADIUS SMB-Account-CTRL-TEXT
  261. rlm_ldap: LDAP radiusExpiration mapped to RADIUS Expiration
  262. rlm_ldap: LDAP radiusNASIpAddress mapped to RADIUS NAS-IP-Address
  263. rlm_ldap: LDAP uniqueIdentifier mapped to RADIUS Pool-Name
  264. rlm_ldap: LDAP radiusServiceType mapped to RADIUS Service-Type
  265. rlm_ldap: LDAP radiusFramedProtocol mapped to RADIUS Framed-Protocol
  266. rlm_ldap: LDAP radiusFramedIPAddress mapped to RADIUS Framed-IP-Address
  267. rlm_ldap: LDAP radiusFramedIPNetmask mapped to RADIUS Framed-IP-Netmask
  268. rlm_ldap: LDAP radiusFramedRoute mapped to RADIUS Framed-Route
  269. rlm_ldap: LDAP radiusFramedRouting mapped to RADIUS Framed-Routing
  270. rlm_ldap: LDAP radiusFilterId mapped to RADIUS Filter-Id
  271. rlm_ldap: LDAP radiusFramedMTU mapped to RADIUS Framed-MTU
  272. rlm_ldap: LDAP radiusFramedCompression mapped to RADIUS Framed-Compression
  273. rlm_ldap: LDAP radiusLoginIPHost mapped to RADIUS Login-IP-Host
  274. rlm_ldap: LDAP radiusLoginService mapped to RADIUS Login-Service
  275. rlm_ldap: LDAP radiusLoginTCPPort mapped to RADIUS Login-TCP-Port
  276. rlm_ldap: LDAP radiusCallbackNumber mapped to RADIUS Callback-Number
  277. rlm_ldap: LDAP radiusCallbackId mapped to RADIUS Callback-Id
  278. rlm_ldap: LDAP radiusFramedIPXNetwork mapped to RADIUS Framed-IPX-Network
  279. rlm_ldap: LDAP radiusClass mapped to RADIUS Class
  280. rlm_ldap: LDAP radiusSessionTimeout mapped to RADIUS Session-Timeout
  281. rlm_ldap: LDAP radiusIdleTimeout mapped to RADIUS Idle-Timeout
  282. rlm_ldap: LDAP radiusTerminationAction mapped to RADIUS Termination-Action
  283. rlm_ldap: LDAP radiusLoginLATService mapped to RADIUS Login-LAT-Service
  284. rlm_ldap: LDAP radiusLoginLATNode mapped to RADIUS Login-LAT-Node
  285. rlm_ldap: LDAP radiusLoginLATGroup mapped to RADIUS Login-LAT-Group
  286. rlm_ldap: LDAP radiusFramedAppleTalkLink mapped to RADIUS Framed-AppleTalk-Link
  287. rlm_ldap: LDAP radiusFramedAppleTalkNetwork mapped to RADIUS Framed-AppleTalk-Network
  288. rlm_ldap: LDAP radiusFramedAppleTalkZone mapped to RADIUS Framed-AppleTalk-Zone
  289. rlm_ldap: LDAP radiusPortLimit mapped to RADIUS Port-Limit
  290. rlm_ldap: LDAP radiusLoginLATPort mapped to RADIUS Login-LAT-Port
  291. rlm_ldap: LDAP radiusReplyMessage mapped to RADIUS Reply-Message
  292. rlm_ldap: LDAP radiusTunnelType mapped to RADIUS Tunnel-Type
  293. rlm_ldap: LDAP radiusTunnelMediumType mapped to RADIUS Tunnel-Medium-Type
  294. rlm_ldap: LDAP radiusTunnelPrivateGroupId mapped to RADIUS Tunnel-Private-Group-Id
  295. conns: 0x8d7c438
  296. Module: Linked to module rlm_eap
  297. Module: Instantiating module "eap" from file /etc/freeradius/eap.conf
  298. eap {
  299. default_eap_type = "ttls"
  300. timer_expire = 60
  301. ignore_unknown_eap_types = no
  302. cisco_accounting_username_bug = no
  303. max_sessions = 4096
  304. }
  305. Module: Linked to sub-module rlm_eap_md5
  306. Module: Instantiating eap-md5
  307. Module: Linked to sub-module rlm_eap_leap
  308. Module: Instantiating eap-leap
  309. Module: Linked to sub-module rlm_eap_gtc
  310. Module: Instantiating eap-gtc
  311. gtc {
  312. challenge = "Password: "
  313. auth_type = "PAP"
  314. }
  315. Module: Linked to sub-module rlm_eap_tls
  316. Module: Instantiating eap-tls
  317. tls {
  318. rsa_key_exchange = no
  319. dh_key_exchange = yes
  320. rsa_key_length = 512
  321. dh_key_length = 512
  322. verify_depth = 0
  323. CA_path = "/etc/freeradius/certs"
  324. pem_file_type = yes
  325. private_key_file = "/etc/freeradius/certs/server.key"
  326. certificate_file = "/etc/freeradius/certs/server.pem"
  327. CA_file = "/etc/freeradius/certs/ca.pem"
  328. private_key_password = "whatever"
  329. dh_file = "/etc/freeradius/certs/dh"
  330. random_file = "/dev/urandom"
  331. fragment_size = 1024
  332. include_length = yes
  333. check_crl = no
  334. cipher_list = "DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA"
  335. make_cert_command = "/etc/freeradius/certs/bootstrap"
  336. ecdh_curve = "prime256v1"
  337. cache {
  338. enable = no
  339. lifetime = 24
  340. max_entries = 255
  341. }
  342. verify {
  343. }
  344. ocsp {
  345. enable = no
  346. override_cert_url = yes
  347. url = "http://127.0.0.1/ocsp/"
  348. }
  349. }
  350. Module: Linked to sub-module rlm_eap_ttls
  351. Module: Instantiating eap-ttls
  352. ttls {
  353. default_eap_type = "mschapv2"
  354. copy_request_to_tunnel = no
  355. use_tunneled_reply = no
  356. virtual_server = "inner-tunnel"
  357. include_length = yes
  358. }
  359. Module: Linked to sub-module rlm_eap_peap
  360. Module: Instantiating eap-peap
  361. peap {
  362. default_eap_type = "mschapv2"
  363. copy_request_to_tunnel = no
  364. use_tunneled_reply = no
  365. proxy_tunneled_request_as_eap = yes
  366. virtual_server = "inner-tunnel"
  367. soh = no
  368. }
  369. Module: Linked to sub-module rlm_eap_mschapv2
  370. Module: Instantiating eap-mschapv2
  371. mschapv2 {
  372. with_ntdomain_hack = no
  373. send_error = no
  374. }
  375. Module: Checking authorize {...} for more modules to load
  376. Module: Linked to module rlm_preprocess
  377. Module: Instantiating module "preprocess" from file /etc/freeradius/modules/preprocess
  378. preprocess {
  379. huntgroups = "/etc/freeradius/huntgroups"
  380. hints = "/etc/freeradius/hints"
  381. with_ascend_hack = no
  382. ascend_channels_per_line = 23
  383. with_ntdomain_hack = no
  384. with_specialix_jetstream_hack = no
  385. with_cisco_vsa_hack = no
  386. with_alvarion_vsa_hack = no
  387. }
  388. Module: Linked to module rlm_realm
  389. Module: Instantiating module "suffix" from file /etc/freeradius/modules/realm
  390. realm suffix {
  391. format = "suffix"
  392. delimiter = "@"
  393. ignore_default = no
  394. ignore_null = no
  395. }
  396. Module: Linked to module rlm_files
  397. Module: Instantiating module "files" from file /etc/freeradius/modules/files
  398. files {
  399. usersfile = "/etc/freeradius/users"
  400. acctusersfile = "/etc/freeradius/acct_users"
  401. preproxy_usersfile = "/etc/freeradius/preproxy_users"
  402. compat = "no"
  403. }
  404. Module: Checking preacct {...} for more modules to load
  405. Module: Linked to module rlm_acct_unique
  406. Module: Instantiating module "acct_unique" from file /etc/freeradius/modules/acct_unique
  407. acct_unique {
  408. key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port"
  409. }
  410. Module: Checking accounting {...} for more modules to load
  411. Module: Linked to module rlm_detail
  412. Module: Instantiating module "detail" from file /etc/freeradius/modules/detail
  413. detail {
  414. detailfile = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d"
  415. header = "%t"
  416. detailperm = 384
  417. dirperm = 493
  418. locking = no
  419. log_packet_header = no
  420. }
  421. Module: Linked to module rlm_radutmp
  422. Module: Instantiating module "radutmp" from file /etc/freeradius/modules/radutmp
  423. radutmp {
  424. filename = "/var/log/freeradius/radutmp"
  425. username = "%{User-Name}"
  426. case_sensitive = yes
  427. check_with_nas = yes
  428. perm = 384
  429. callerid = yes
  430. }
  431. Module: Linked to module rlm_attr_filter
  432. Module: Instantiating module "attr_filter.accounting_response" from file /etc/freeradius/modules/attr_filter
  433. attr_filter attr_filter.accounting_response {
  434. attrsfile = "/etc/freeradius/attrs.accounting_response"
  435. key = "%{User-Name}"
  436. relaxed = no
  437. }
  438. Module: Checking session {...} for more modules to load
  439. Module: Checking post-proxy {...} for more modules to load
  440. Module: Checking post-auth {...} for more modules to load
  441. Module: Linked to module rlm_ippool
  442. Module: Instantiating module "main_pool" from file /etc/freeradius/modules/ippool
  443. ippool main_pool {
  444. session-db = "/etc/freeradius/db.ippool"
  445. ip-index = "/etc/freeradius/db.ipindex"
  446. key = "%{NAS-IP-Address} %{NAS-Port}"
  447. range-start = 192.168.1.1
  448. range-stop = 192.168.3.254
  449. netmask = 255.255.255.0
  450. cache-size = 800
  451. override = no
  452. maximum-timeout = 0
  453. }
  454. Module: Instantiating module "attr_filter.access_reject" from file /etc/freeradius/modules/attr_filter
  455. attr_filter attr_filter.access_reject {
  456. attrsfile = "/etc/freeradius/attrs.access_reject"
  457. key = "%{User-Name}"
  458. relaxed = no
  459. }
  460. } # modules
  461. } # server
  462. server inner-tunnel { # from file /etc/freeradius/sites-enabled/inner-tunnel
  463. modules {
  464. Module: Checking authenticate {...} for more modules to load
  465. Module: Checking authorize {...} for more modules to load
  466. Module: Checking session {...} for more modules to load
  467. Module: Checking post-proxy {...} for more modules to load
  468. Module: Checking post-auth {...} for more modules to load
  469. } # modules
  470. } # server
  471. radiusd: #### Opening IP addresses and Ports ####
  472. listen {
  473. type = "auth"
  474. ipaddr = *
  475. port = 0
  476. }
  477. listen {
  478. type = "acct"
  479. ipaddr = *
  480. port = 0
  481. }
  482. listen {
  483. type = "auth"
  484. ipaddr = 127.0.0.1
  485. port = 18120
  486. }
  487. Listening on authentication address * port 1812
  488. Listening on accounting address * port 1813
  489. Listening on authentication address 127.0.0.1 port 18120 as server inner-tunnel
  490. Ready to process requests.
  491. rad_recv: Access-Request packet from host 192.168.1.1 port 40550, id=122, length=154
  492. User-Name = "alice"
  493. NAS-IP-Address = 193.171.242.72
  494. Called-Station-Id = "A2-F3-C1-67-EC-68:MNE-Guests"
  495. NAS-Port-Type = Wireless-802.11
  496. NAS-Port = 1
  497. Calling-Station-Id = "C0-EE-FB-04-60-6A"
  498. Connect-Info = "CONNECT 54Mbps 802.11g"
  499. Framed-MTU = 1400
  500. EAP-Message = 0x027b000a01616c696365
  501. Message-Authenticator = 0x9fbddc479d70cae5084aff7c06c1f5a3
  502. # Executing section authorize from file /etc/freeradius/sites-enabled/default
  503. +- entering group authorize {...}
  504. ++[preprocess] returns ok
  505. ++[chap] returns noop
  506. ++[mschap] returns noop
  507. ++[digest] returns noop
  508. [suffix] No '@' in User-Name = "alice", looking up realm NULL
  509. [suffix] No such realm "NULL"
  510. ++[suffix] returns noop
  511. [eap] EAP packet type response id 123 length 10
  512. [eap] No EAP Start, assuming it's an on-going EAP conversation
  513. ++[eap] returns updated
  514. ++[files] returns noop
  515. [ldap] performing user authorization for alice
  516. [ldap] expand: %{Stripped-User-Name} ->
  517. [ldap] ... expanding second conditional
  518. [ldap] expand: %{User-Name} -> alice
  519. [ldap] expand: (uniqueIdentifier=%{%{Stripped-User-Name}:-%{User-Name}}) -> (uniqueIdentifier=alice)
  520. [ldap] expand: ou=people,dc=example,dc=com -> ou=people,dc=example,dc=com
  521. [ldap] ldap_get_conn: Checking Id: 0
  522. [ldap] ldap_get_conn: Got Id: 0
  523. [ldap] attempting LDAP reconnection
  524. [ldap] (re)connect to 192.168.1.110:389, authentication 0
  525. [ldap] bind as cn=admin,dc=example,dc=com/M13n14e5 to 192.168.1.110:389
  526. [ldap] waiting for bind result ...
  527. [ldap] Bind was successful
  528. [ldap] performing search in ou=people,dc=example,dc=com, with filter (uniqueIdentifier=alice)
  529. [ldap] No default NMAS login sequence
  530. [ldap] looking for check items in directory...
  531. [ldap] uniqueIdentifier -> Pool-Name == "alice"
  532. [ldap] userPassword -> Password-With-Header == "{MD5}b49XcVCQ2iYyRTmI2aFQGw=="
  533. [ldap] looking for reply items in directory...
  534. [ldap] user alice authorized to use remote access
  535. [ldap] ldap_release_conn: Release Id: 0
  536. ++[ldap] returns ok
  537. ++[expiration] returns noop
  538. ++[logintime] returns noop
  539. [pap] WARNING: Auth-Type already set. Not setting to PAP
  540. ++[pap] returns noop
  541. Found Auth-Type = EAP
  542. # Executing group from file /etc/freeradius/sites-enabled/default
  543. +- entering group authenticate {...}
  544. [eap] EAP Identity
  545. [eap] processing type tls
  546. [tls] Initiate
  547. [tls] Start returned 1
  548. ++[eap] returns handled
  549. Sending Access-Challenge of id 122 to 192.168.1.1 port 40550
  550. EAP-Message = 0x017c00061520
  551. Message-Authenticator = 0x00000000000000000000000000000000
  552. State = 0x1ac173331abd6662ca291ca9c4b6d545
  553. Finished request 0.
  554. Going to the next request
  555. Waking up in 4.9 seconds.
  556. rad_recv: Access-Request packet from host 192.168.1.1 port 40550, id=123, length=354
  557. User-Name = "alice"
  558. NAS-IP-Address = 193.171.242.72
  559. Called-Station-Id = "A2-F3-C1-67-EC-68:MNE-Guests"
  560. NAS-Port-Type = Wireless-802.11
  561. NAS-Port = 1
  562. Calling-Station-Id = "C0-EE-FB-04-60-6A"
  563. Connect-Info = "CONNECT 54Mbps 802.11g"
  564. Framed-MTU = 1400
  565. EAP-Message = 0x027c00c0150016030100b5010000b1030162f0b69228b38ac74ff0f2f8a0a3580d743f27117145aca73ce24b8bf0da054f000048c014c00a00390038c00fc0050035c013c00900330032c00ec004002fc011c007c00cc00200050004c012c00800160013c00dc003000a0015001200090014001100080006000300ff01000040000b000403000102000a00340032000e000d0019000b000c00180009000a00160017000800060007001400150004000500120013000100020003000f00100011
  566. State = 0x1ac173331abd6662ca291ca9c4b6d545
  567. Message-Authenticator = 0x234d2358189a6472adcadf8d0b4a49b9
  568. # Executing section authorize from file /etc/freeradius/sites-enabled/default
  569. +- entering group authorize {...}
  570. ++[preprocess] returns ok
  571. ++[chap] returns noop
  572. ++[mschap] returns noop
  573. ++[digest] returns noop
  574. [suffix] No '@' in User-Name = "alice", looking up realm NULL
  575. [suffix] No such realm "NULL"
  576. ++[suffix] returns noop
  577. [eap] EAP packet type response id 124 length 192
  578. [eap] Continuing tunnel setup.
  579. ++[eap] returns ok
  580. Found Auth-Type = EAP
  581. # Executing group from file /etc/freeradius/sites-enabled/default
  582. +- entering group authenticate {...}
  583. [eap] Request found, released from the list
  584. [eap] EAP/ttls
  585. [eap] processing type ttls
  586. [ttls] Authenticate
  587. [ttls] processing EAP-TLS
  588. [ttls] eaptls_verify returned 7
  589. [ttls] Done initial handshake
  590. [ttls] (other): before/accept initialization
  591. [ttls] TLS_accept: before/accept initialization
  592. [ttls] <<< TLS 1.0 Handshake [length 00b5], ClientHello
  593. [ttls] TLS_accept: SSLv3 read client hello A
  594. [ttls] >>> TLS 1.0 Handshake [length 0031], ServerHello
  595. [ttls] TLS_accept: SSLv3 write server hello A
  596. [ttls] >>> TLS 1.0 Handshake [length 02ca], Certificate
  597. [ttls] TLS_accept: SSLv3 write certificate A
  598. [ttls] >>> TLS 1.0 Handshake [length 020d], ServerKeyExchange
  599. [ttls] TLS_accept: SSLv3 write key exchange A
  600. [ttls] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
  601. [ttls] TLS_accept: SSLv3 write server done A
  602. [ttls] TLS_accept: SSLv3 flush data
  603. [ttls] TLS_accept: Need to read more data: SSLv3 read client certificate A
  604. In SSL Handshake Phase
  605. In SSL Accept mode
  606. [ttls] eaptls_process returned 13
  607. ++[eap] returns handled
  608. Sending Access-Challenge of id 123 to 192.168.1.1 port 40550
  609. EAP-Message = 0x017d040015c00000052016030100310200002d03010cb895296bce9c3213c19196a82aec6dab55de4b0da478942dfda17f49ff0b27000039000005ff0100010016030102ca0b0002c60002c30002c0308202bc308201a4a003020102020900d8fffb2ce37c816e300d06092a864886f70d01010b05003016311430120603550403130b6c696e7578736572766572301e170d3135313031383232343233315a170d3235313031353232343233315a3016311430120603550403130b6c696e757873657276657230820122300d06092a864886f70d01010105000382010f003082010a0282010100a33f4717e994096300100201c659e060f87a80c37f44
  610. EAP-Message = 0x6fcf399b0e38865bbeccd402a792060d7fad938aa8e618ab69f092c4e66a5566944ea8889951f7455e26d8c16c5caf44cb77ada6b22c8f09395d088389c807f05795993131216f529f03f026f201d132b2d46792e5e061715d57d789ad2635913be9f2707edb56ec46640d5e7e10114fdd926aeb077219288e12def007c276cb094492f6324177a34acc4f6bd0ae42bd33f8c146c3459a6729fbae330a50c850c6168f639393b1df61b4844ba3817c1d1ae9372fd748974b759fe004fc7896fd836cf2c451b9b839676a7daf3f159a25556786004477806a2d7e4533082fc65f54ff962c9d8b1b4024970203010001a30d300b30090603551d13040230
  611. EAP-Message = 0x00300d06092a864886f70d01010b05000382010100096042f13ba70b77da7f7776664837865d6e5aba369ec417a35b2dfb7a133d3e8dbd5a8206112ae45d2e0f5229c6dd6af7d2c65d069127bf4d14310362320ccc6cfe604c84afbe9a710450c7ba8e2566e796339ce6755e475cd617e238979ae4105bba8a4cee6beef40b73284a9a8543f468c285cb57e2c8a6793fce7adcca70b61097bda46ba3574a27f57f3d41644325f77342426e67866d0ba1278cf42078042a82e87fbaa3e60c443411c954bee628f20b5cccbd9a4d366724f7306bb12f91dd12388cdf83d83407aa0d9cf73b114f7000b1e6ff7bceffce75b3fee35aed73d9164c24d9786f
  612. EAP-Message = 0xdab5a9db0ab89f202f96f6cd0be79956fa33fe13644244ad160301020d0c00020900809b9de6643a42a3a6a2648ef72ee2e764c82cefbf4c8a322400fc244bd610d0149a0d441c51cb1b47c38421a21f1dd6250bb18c9fe3a25a2d08320bd8216f11806b87d51f012b1eda5abb5c4c8db617a2384da3ab3353d9d4573567a949316435b51727536759ce67ab64a6594ef495b81fcb386ae9fb4a9d375ce3ce21f3b5e300010200803f7ee8a5a337c656acaa50a5a5039924f1bbd5a02e5e89b1a1ee60d489899406c660459e47eedb33bdc629e8a0d2f6cbfd3e8fbf974190fea6699b5bb52cb42fe60027aba663825761ea41e2a0098fe529db51e92b
  613. EAP-Message = 0xd1eb1a2f455eb2b3f2a01e80
  614. Message-Authenticator = 0x00000000000000000000000000000000
  615. State = 0x1ac173331bbc6662ca291ca9c4b6d545
  616. Finished request 1.
  617. Going to the next request
  618. Waking up in 4.9 seconds.
  619. rad_recv: Access-Request packet from host 192.168.1.1 port 40550, id=124, length=168
  620. User-Name = "alice"
  621. NAS-IP-Address = 193.171.242.72
  622. Called-Station-Id = "A2-F3-C1-67-EC-68:MNE-Guests"
  623. NAS-Port-Type = Wireless-802.11
  624. NAS-Port = 1
  625. Calling-Station-Id = "C0-EE-FB-04-60-6A"
  626. Connect-Info = "CONNECT 54Mbps 802.11g"
  627. Framed-MTU = 1400
  628. EAP-Message = 0x027d00061500
  629. State = 0x1ac173331bbc6662ca291ca9c4b6d545
  630. Message-Authenticator = 0xfd3644475d89e2d180c96ddd321d7755
  631. # Executing section authorize from file /etc/freeradius/sites-enabled/default
  632. +- entering group authorize {...}
  633. ++[preprocess] returns ok
  634. ++[chap] returns noop
  635. ++[mschap] returns noop
  636. ++[digest] returns noop
  637. [suffix] No '@' in User-Name = "alice", looking up realm NULL
  638. [suffix] No such realm "NULL"
  639. ++[suffix] returns noop
  640. [eap] EAP packet type response id 125 length 6
  641. [eap] Continuing tunnel setup.
  642. ++[eap] returns ok
  643. Found Auth-Type = EAP
  644. # Executing group from file /etc/freeradius/sites-enabled/default
  645. +- entering group authenticate {...}
  646. [eap] Request found, released from the list
  647. [eap] EAP/ttls
  648. [eap] processing type ttls
  649. [ttls] Authenticate
  650. [ttls] processing EAP-TLS
  651. [ttls] Received TLS ACK
  652. [ttls] ACK handshake fragment handler
  653. [ttls] eaptls_verify returned 1
  654. [ttls] eaptls_process returned 13
  655. ++[eap] returns handled
  656. Sending Access-Challenge of id 124 to 192.168.1.1 port 40550
  657. EAP-Message = 0x017e0134158000000520f94d423431890ac50f2c4945b424421a67dac7614d47021086be0e175f132401001c58f1a5c135ae2e76626c9be13436c1f6b3b8a9737e2ab2e63b853a853ccf3e06c9d3c687d8e52187c7391d3ab9ac73fd90804cd5cd36c95b39b57e8f5d2b1db288c1febcd026efb1436a7923b11fcf95167ee914a171d0cb5b01ace04afef2365bdd76ec9e4eebaf8f9c07efcaed57f78990c22d84b8e14c12feb0e347708cb98ce2858df9a4164baf283013da4ae6719b990b3f74e42bc11524cce76be6a1e26b26168a79080bea6ab0df46e0a46a8e0e8d172285e90701025485e45da3e93c1c87dc73cf2abe794dcfc70ca9834d6fe7
  658. EAP-Message = 0x5009c82f3cabf515bd049e6a5ecc3e25340bce373df493a8deded6aafe0c5432973aeab93aa00a200511d450772f16030100040e000000
  659. Message-Authenticator = 0x00000000000000000000000000000000
  660. State = 0x1ac1733318bf6662ca291ca9c4b6d545
  661. Finished request 2.
  662. Going to the next request
  663. Waking up in 4.9 seconds.
  664. rad_recv: Access-Request packet from host 192.168.1.1 port 40550, id=125, length=366
  665. User-Name = "alice"
  666. NAS-IP-Address = 193.171.242.72
  667. Called-Station-Id = "A2-F3-C1-67-EC-68:MNE-Guests"
  668. NAS-Port-Type = Wireless-802.11
  669. NAS-Port = 1
  670. Calling-Station-Id = "C0-EE-FB-04-60-6A"
  671. Connect-Info = "CONNECT 54Mbps 802.11g"
  672. Framed-MTU = 1400
  673. EAP-Message = 0x027e00cc150016030100861000008200800eacf11527677157b89b1b560d5c2f5bd4e05fce1761bfdd8c57d910ddf513e216839da9f13b07fa7d7b4d4e3fed164b86abffea0846f687d1a813ad061e4fb7b36e287256e7e643aa1166bf47fe82044d025f1852cd385da4fed3a998427caabd17c5fc96e5ccf523d68e78c9c1e8ffcaf547c0927f0793ddc51820085489db14030100010116030100303dc312fec90a60567bbc527ac8eb0328a61cd9e9b849b9b18682eb66d8a4a2a756ed83046cd1e39d58118dc4d305fb3c
  674. State = 0x1ac1733318bf6662ca291ca9c4b6d545
  675. Message-Authenticator = 0x93a126ee025f7bf315b79d81344934f7
  676. # Executing section authorize from file /etc/freeradius/sites-enabled/default
  677. +- entering group authorize {...}
  678. ++[preprocess] returns ok
  679. ++[chap] returns noop
  680. ++[mschap] returns noop
  681. ++[digest] returns noop
  682. [suffix] No '@' in User-Name = "alice", looking up realm NULL
  683. [suffix] No such realm "NULL"
  684. ++[suffix] returns noop
  685. [eap] EAP packet type response id 126 length 204
  686. [eap] Continuing tunnel setup.
  687. ++[eap] returns ok
  688. Found Auth-Type = EAP
  689. # Executing group from file /etc/freeradius/sites-enabled/default
  690. +- entering group authenticate {...}
  691. [eap] Request found, released from the list
  692. [eap] EAP/ttls
  693. [eap] processing type ttls
  694. [ttls] Authenticate
  695. [ttls] processing EAP-TLS
  696. [ttls] eaptls_verify returned 7
  697. [ttls] Done initial handshake
  698. [ttls] <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange
  699. [ttls] TLS_accept: SSLv3 read client key exchange A
  700. [ttls] <<< TLS 1.0 ChangeCipherSpec [length 0001]
  701. [ttls] <<< TLS 1.0 Handshake [length 0010], Finished
  702. [ttls] TLS_accept: SSLv3 read finished A
  703. [ttls] >>> TLS 1.0 ChangeCipherSpec [length 0001]
  704. [ttls] TLS_accept: SSLv3 write change cipher spec A
  705. [ttls] >>> TLS 1.0 Handshake [length 0010], Finished
  706. [ttls] TLS_accept: SSLv3 write finished A
  707. [ttls] TLS_accept: SSLv3 flush data
  708. [ttls] (other): SSL negotiation finished successfully
  709. SSL Connection Established
  710. [ttls] eaptls_process returned 13
  711. ++[eap] returns handled
  712. Sending Access-Challenge of id 125 to 192.168.1.1 port 40550
  713. EAP-Message = 0x017f004515800000003b1403010001011603010030d2e1d1e295ce51cdd113a19fa41866d4181b7e6c41546517e94c89ce6bb7a67ed543cef5dc6c99576fd6f7fd79b4ad1b
  714. Message-Authenticator = 0x00000000000000000000000000000000
  715. State = 0x1ac1733319be6662ca291ca9c4b6d545
  716. Finished request 3.
  717. Going to the next request
  718. Waking up in 4.9 seconds.
  719. rad_recv: Access-Request packet from host 192.168.1.1 port 40550, id=126, length=237
  720. User-Name = "alice"
  721. NAS-IP-Address = 193.171.242.72
  722. Called-Station-Id = "A2-F3-C1-67-EC-68:MNE-Guests"
  723. NAS-Port-Type = Wireless-802.11
  724. NAS-Port = 1
  725. Calling-Station-Id = "C0-EE-FB-04-60-6A"
  726. Connect-Info = "CONNECT 54Mbps 802.11g"
  727. Framed-MTU = 1400
  728. EAP-Message = 0x027f004b150017030100403757a04ace682091b3a47c491171d463c63731d532d54888970d2540252140fe9f2fa6717d9cac22944b1631fd3966702d7f782b94adb3bdefa0c901a2e1424d
  729. State = 0x1ac1733319be6662ca291ca9c4b6d545
  730. Message-Authenticator = 0xba4dce2df8cc3f3bca307024c2031604
  731. # Executing section authorize from file /etc/freeradius/sites-enabled/default
  732. +- entering group authorize {...}
  733. ++[preprocess] returns ok
  734. ++[chap] returns noop
  735. ++[mschap] returns noop
  736. ++[digest] returns noop
  737. [suffix] No '@' in User-Name = "alice", looking up realm NULL
  738. [suffix] No such realm "NULL"
  739. ++[suffix] returns noop
  740. [eap] EAP packet type response id 127 length 75
  741. [eap] Continuing tunnel setup.
  742. ++[eap] returns ok
  743. Found Auth-Type = EAP
  744. # Executing group from file /etc/freeradius/sites-enabled/default
  745. +- entering group authenticate {...}
  746. [eap] Request found, released from the list
  747. [eap] EAP/ttls
  748. [eap] processing type ttls
  749. [ttls] Authenticate
  750. [ttls] processing EAP-TLS
  751. [ttls] eaptls_verify returned 7
  752. [ttls] Done initial handshake
  753. [ttls] eaptls_process returned 7
  754. [ttls] Session established. Proceeding to decode tunneled attributes.
  755. [ttls] Got tunneled request
  756. User-Name = "alice"
  757. User-Password = "m"
  758. FreeRADIUS-Proxied-To = 127.0.0.1
  759. [ttls] Sending tunneled request
  760. User-Name = "alice"
  761. User-Password = "m"
  762. FreeRADIUS-Proxied-To = 127.0.0.1
  763. server inner-tunnel {
  764. # Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel
  765. +- entering group authorize {...}
  766. ++[chap] returns noop
  767. ++[mschap] returns noop
  768. ++[control] returns noop
  769. [eap] No EAP-Message, not doing EAP
  770. ++[eap] returns noop
  771. ++[files] returns noop
  772. [ldap] performing user authorization for alice
  773. [ldap] expand: %{Stripped-User-Name} ->
  774. [ldap] ... expanding second conditional
  775. [ldap] expand: %{User-Name} -> alice
  776. [ldap] expand: (uniqueIdentifier=%{%{Stripped-User-Name}:-%{User-Name}}) -> (uniqueIdentifier=alice)
  777. [ldap] expand: ou=people,dc=example,dc=com -> ou=people,dc=example,dc=com
  778. [ldap] ldap_get_conn: Checking Id: 0
  779. [ldap] ldap_get_conn: Got Id: 0
  780. [ldap] performing search in ou=people,dc=example,dc=com, with filter (uniqueIdentifier=alice)
  781. [ldap] No default NMAS login sequence
  782. [ldap] looking for check items in directory...
  783. [ldap] uniqueIdentifier -> Pool-Name == "alice"
  784. [ldap] userPassword -> Password-With-Header == "{MD5}b49XcVCQ2iYyRTmI2aFQGw=="
  785. [ldap] looking for reply items in directory...
  786. [ldap] Setting Auth-Type = LDAP
  787. [ldap] user alice authorized to use remote access
  788. [ldap] ldap_release_conn: Release Id: 0
  789. ++[ldap] returns ok
  790. ++[expiration] returns noop
  791. ++[logintime] returns noop
  792. [pap] Normalizing MD5-Password from base64 encoding
  793. [pap] WARNING: Auth-Type already set. Not setting to PAP
  794. ++[pap] returns noop
  795. Found Auth-Type = LDAP
  796. # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
  797. +- entering group LDAP {...}
  798. [ldap] login attempt by "alice" with password "m"
  799. [ldap] user DN: uniqueIdentifier=alice,ou=people,dc=example,dc=com
  800. [ldap] (re)connect to 192.168.1.110:389, authentication 1
  801. [ldap] bind as uniqueIdentifier=alice,ou=people,dc=example,dc=com/m to 192.168.1.110:389
  802. [ldap] waiting for bind result ...
  803. [ldap] Bind was successful
  804. [ldap] user alice authenticated succesfully
  805. ++[ldap] returns ok
  806. # Executing section post-auth from file /etc/freeradius/sites-enabled/inner-tunnel
  807. +- entering group post-auth {...}
  808. ++[ldap] returns noop
  809. } # server inner-tunnel
  810. [ttls] Got tunneled reply code 2
  811. [ttls] Got tunneled Access-Accept
  812. [eap] Freeing handler
  813. ++[eap] returns ok
  814. # Executing section post-auth from file /etc/freeradius/sites-enabled/default
  815. +- entering group post-auth {...}
  816. [main_pool] Could not find Pool-Name attribute.
  817. ++[main_pool] returns noop
  818. ++[ldap] returns noop
  819. ++[exec] returns noop
  820. Sending Access-Accept of id 126 to 192.168.1.1 port 40550
  821. MS-MPPE-Recv-Key = 0x45e19fdc5102e332eaf184504154dbc86cddf26c9052fcd0ecbc21c990fad691
  822. MS-MPPE-Send-Key = 0x247f2e8207ede1d05f48758b177ff19b70a460057d0bda04cd3288cfc71ff307
  823. EAP-Message = 0x037f0004
  824. Message-Authenticator = 0x00000000000000000000000000000000
  825. User-Name = "alice"
  826. Finished request 4.
  827. Going to the next request
  828. Waking up in 4.8 seconds.
  829. Cleaning up request 0 ID 122 with timestamp +9
  830. Cleaning up request 1 ID 123 with timestamp +9
  831. Cleaning up request 2 ID 124 with timestamp +9
  832. Cleaning up request 3 ID 125 with timestamp +9
  833. Cleaning up request 4 ID 126 with timestamp +9
  834. Ready to process requests.
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!