API tools faq
paste
damagesinc

freeradius_tls_error

damagesinc
Feb 1st, 2016
111
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 24.91 KB | None | 0 0
raw download clone embed print report
  1. root@radius:/etc/freeradius# freeradius -X
  2. Server was built with:
  3. accounting : yes
  4. authentication : yes
  5. ascend-binary-attributes : yes
  6. coa : yes
  7. control-socket : yes
  8. detail : yes
  9. dhcp : yes
  10. dynamic-clients : yes
  11. osfc2 : no
  12. proxy : yes
  13. regex-pcre : no
  14. regex-posix : yes
  15. regex-posix-extended : yes
  16. session-management : yes
  17. stats : yes
  18. tcp : yes
  19. threads : no
  20. tls : yes
  21. unlang : yes
  22. vmps : yes
  23. developer : no
  24. socket-timestamps : yes
  25. Server core libs:
  26. freeradius-server : 3.1.0
  27. talloc : 2.0.*
  28. ssl : 1.0.1f release
  29. Endianness:
  30. little
  31. Compilation flags:
  32. cppflags : -D_FORTIFY_SOURCE=2
  33. cflags : -I/root/freeradius-server -I/root/freeradius-server/src -include /root/freeradius-server/src/freeradius-devel/autoconf.h -include /root/freeradius-server/src/freeradius-devel/build.h -include /root/freeradius-server/src/freeradius-devel/features.h -include /root/freeradius-server/src/freeradius-devel/radpaths.h -fno-strict-aliasing -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -O2 -std=c11 -Wall -D_GNU_SOURCE -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -DOPENSSL_NO_KRB5 -DNDEBUG -DIS_MODULE=1
  34. ldflags : -Wl,-Bsymbolic-functions -Wl,-z,relro
  35. libs : -lcrypto -lssl -ltalloc -lcap -lrt -lnsl -lresolv -ldl -lpthread -lreadline
  36.  
  37. Copyright (C) 1999-2016 The FreeRADIUS server project and contributors
  38. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
  39. PARTICULAR PURPOSE
  40. You may redistribute copies of FreeRADIUS under the terms of the
  41. GNU General Public License
  42. For more information about these matters, see the file named COPYRIGHT
  43. Starting - reading configuration files ...
  44. including dictionary file /usr/share/freeradius/dictionary
  45. including dictionary file /usr/share/freeradius/dictionary.dhcp
  46. including dictionary file /usr/share/freeradius/dictionary.vqp
  47. including dictionary file /etc/freeradius/dictionary
  48. including configuration file /etc/freeradius/radiusd.conf
  49. including configuration file /etc/freeradius/proxy.conf
  50. including configuration file /etc/freeradius/clients.conf
  51. including files in directory /etc/freeradius/mods-enabled/
  52. including configuration file /etc/freeradius/mods-enabled/chap
  53. including configuration file /etc/freeradius/mods-enabled/preprocess
  54. including configuration file /etc/freeradius/mods-enabled/expiration
  55. including configuration file /etc/freeradius/mods-enabled/soh
  56. including configuration file /etc/freeradius/mods-enabled/always
  57. including configuration file /etc/freeradius/mods-enabled/pap
  58. including configuration file /etc/freeradius/mods-enabled/linelog
  59. /etc/freeradius/mods-enabled/linelog[114]: Reference "${..pool}" not found
  60. /etc/freeradius/mods-enabled/linelog[127]: Reference "${..pool}" not found
  61. including configuration file /etc/freeradius/mods-enabled/utf8
  62. including configuration file /etc/freeradius/mods-enabled/ldap
  63. including configuration file /etc/freeradius/mods-enabled/detail.log
  64. including configuration file /etc/freeradius/mods-enabled/exec
  65. including configuration file /etc/freeradius/mods-enabled/realm
  66. including configuration file /etc/freeradius/mods-enabled/cache_eap
  67. including configuration file /etc/freeradius/mods-enabled/files
  68. including configuration file /etc/freeradius/mods-enabled/mschap
  69. including configuration file /etc/freeradius/mods-enabled/attr_filter
  70. including configuration file /etc/freeradius/mods-enabled/radutmp
  71. including configuration file /etc/freeradius/mods-enabled/logintime
  72. including configuration file /etc/freeradius/mods-enabled/sradutmp
  73. including configuration file /etc/freeradius/mods-enabled/unix
  74. including configuration file /etc/freeradius/mods-enabled/passwd
  75. including configuration file /etc/freeradius/mods-enabled/ntlm_auth
  76. including configuration file /etc/freeradius/mods-enabled/detail
  77. including configuration file /etc/freeradius/mods-enabled/dynamic_clients
  78. including configuration file /etc/freeradius/mods-enabled/digest
  79. including configuration file /etc/freeradius/mods-enabled/expr
  80. including configuration file /etc/freeradius/mods-enabled/echo
  81. including configuration file /etc/freeradius/mods-enabled/replicate
  82. including configuration file /etc/freeradius/mods-enabled/unpack
  83. including configuration file /etc/freeradius/mods-enabled/eap
  84. including files in directory /etc/freeradius/policy.d/
  85. including configuration file /etc/freeradius/policy.d/vendor
  86. including configuration file /etc/freeradius/policy.d/control
  87. including configuration file /etc/freeradius/policy.d/dhcp
  88. including configuration file /etc/freeradius/policy.d/cui
  89. including configuration file /etc/freeradius/policy.d/filter
  90. including configuration file /etc/freeradius/policy.d/accounting
  91. including configuration file /etc/freeradius/policy.d/operator-name
  92. including configuration file /etc/freeradius/policy.d/debug
  93. including configuration file /etc/freeradius/policy.d/abfab-tr
  94. including configuration file /etc/freeradius/policy.d/canonicalization
  95. including configuration file /etc/freeradius/policy.d/eap
  96. including files in directory /etc/freeradius/sites-enabled/
  97. including configuration file /etc/freeradius/sites-enabled/default
  98. including configuration file /etc/freeradius/sites-enabled/inner-tunnel
  99. main {
  100. security {
  101. user = "freerad"
  102. group = "freerad"
  103. allow_core_dumps = no
  104. }
  105. name = "freeradius"
  106. prefix = "/usr"
  107. localstatedir = "/var"
  108. logdir = "/var/log/freeradius"
  109. run_dir = "/var/run/freeradius"
  110. }
  111. main {
  112. name = "freeradius"
  113. prefix = "/usr"
  114. localstatedir = "/var"
  115. sbindir = "/usr/sbin"
  116. logdir = "/var/log/freeradius"
  117. run_dir = "/var/run/freeradius"
  118. libdir = "/usr/lib/freeradius"
  119. radacctdir = "/var/log/freeradius/radacct"
  120. hostname_lookups = no
  121. max_request_time = 30
  122. cleanup_delay = 5
  123. continuation_timeout = 15
  124. max_requests = 16384
  125. pidfile = "/var/run/freeradius/freeradius.pid"
  126. checkrad = "/usr/sbin/checkrad"
  127. debug_level = 0
  128. proxy_requests = yes
  129. log {
  130. stripped_names = no
  131. auth = no
  132. auth_badpass = no
  133. auth_goodpass = no
  134. colourise = yes
  135. msg_denied = "You are already logged in - access denied"
  136. }
  137. resources {
  138. }
  139. security {
  140. max_attributes = 200
  141. reject_delay = 1.000000
  142. status_server = yes
  143. }
  144. }
  145. radiusd: #### Loading Realms and Home Servers ####
  146. proxy server {
  147. retry_delay = 5
  148. retry_count = 3
  149. default_fallback = no
  150. dynamic = no
  151. dead_time = 120
  152. wake_all_if_all_dead = no
  153. }
  154. home_server localhost {
  155. ipaddr = 127.0.0.1
  156. port = 1812
  157. type = "auth"
  158. secret = <<< secret >>>
  159. response_window = 20.000000
  160. response_timeouts = 1
  161. max_outstanding = 65536
  162. zombie_period = 40
  163. status_check = "status-server"
  164. ping_interval = 30
  165. check_interval = 30
  166. check_timeout = 4
  167. num_answers_to_alive = 3
  168. revive_interval = 120
  169. limit {
  170. max_connections = 16
  171. max_requests = 0
  172. lifetime = 0
  173. idle_timeout = 0
  174. }
  175. coa {
  176. irt = 2
  177. mrt = 16
  178. mrc = 5
  179. mrd = 30
  180. }
  181. }
  182. home_server_pool my_auth_failover {
  183. type = fail-over
  184. home_server = localhost
  185. }
  186. realm example.com {
  187. auth_pool = my_auth_failover
  188. }
  189. realm LOCAL {
  190. }
  191. radiusd: #### Loading Clients ####
  192. client localhost {
  193. ipaddr = 127.0.0.1
  194. require_message_authenticator = no
  195. secret = <<< secret >>>
  196. nas_type = "other"
  197. proto = "*"
  198. limit {
  199. max_connections = 16
  200. lifetime = 0
  201. idle_timeout = 30
  202. }
  203. }
  204. client localhost_ipv6 {
  205. ipv6addr = ::1
  206. require_message_authenticator = no
  207. secret = <<< secret >>>
  208. limit {
  209. max_connections = 16
  210. lifetime = 0
  211. idle_timeout = 30
  212. }
  213. }
  214. Debugger not attached
  215. thread pool {
  216. start_servers = 5
  217. max_servers = 32
  218. min_spare_servers = 3
  219. max_spare_servers = 10
  220. max_requests_per_server = 0
  221. cleanup_delay = 5
  222. max_queue_size = 65536
  223. queue_priority = "default"
  224. auto_limit_acct = no
  225. }
  226. listen {
  227. type = "auth"
  228. ipaddr = *
  229. port = 0
  230. recv_buff = 0
  231. limit {
  232. max_connections = 16
  233. lifetime = 0
  234. idle_timeout = 30
  235. }
  236. }
  237. listen {
  238. type = "acct"
  239. ipaddr = *
  240. port = 0
  241. recv_buff = 0
  242. limit {
  243. max_connections = 16
  244. lifetime = 0
  245. idle_timeout = 30
  246. }
  247. }
  248. listen {
  249. type = "auth"
  250. ipv6addr = ::
  251. port = 0
  252. recv_buff = 0
  253. limit {
  254. max_connections = 16
  255. lifetime = 0
  256. idle_timeout = 30
  257. }
  258. }
  259. listen {
  260. type = "acct"
  261. ipv6addr = ::
  262. port = 0
  263. recv_buff = 0
  264. limit {
  265. max_connections = 16
  266. lifetime = 0
  267. idle_timeout = 30
  268. }
  269. }
  270. # Creating Auth-Type = PAP
  271. # Creating Auth-Type = CHAP
  272. # Creating Auth-Type = MS-CHAP
  273. # Creating Auth-Type = digest
  274. # Creating Auth-Type = eap
  275. listen {
  276. type = "auth"
  277. ipaddr = 127.0.0.1
  278. port = 18120
  279. recv_buff = 0
  280. }
  281. radiusd: #### Loading modules ####
  282. modules {
  283. # Loaded module "rlm_chap"
  284. # Loading module "chap" from file /etc/freeradius/mods-enabled/chap
  285. # Loaded module "rlm_preprocess"
  286. # Loading module "preprocess" from file /etc/freeradius/mods-enabled/preprocess
  287. preprocess {
  288. huntgroups = "/etc/freeradius/mods-config/preprocess/huntgroups"
  289. hints = "/etc/freeradius/mods-config/preprocess/hints"
  290. with_ascend_hack = no
  291. ascend_channels_per_line = 23
  292. with_ntdomain_hack = no
  293. with_specialix_jetstream_hack = no
  294. with_cisco_vsa_hack = no
  295. with_alvarion_vsa_hack = no
  296. }
  297. # Loaded module "rlm_expiration"
  298. # Loading module "expiration" from file /etc/freeradius/mods-enabled/expiration
  299. # Loaded module "rlm_soh"
  300. # Loading module "soh" from file /etc/freeradius/mods-enabled/soh
  301. soh {
  302. dhcp = yes
  303. }
  304. # Loaded module "rlm_always"
  305. # Loading module "reject" from file /etc/freeradius/mods-enabled/always
  306. always reject {
  307. rcode = "reject"
  308. simulcount = 0
  309. mpp = no
  310. }
  311. # Loading module "fail" from file /etc/freeradius/mods-enabled/always
  312. always fail {
  313. rcode = "fail"
  314. simulcount = 0
  315. mpp = no
  316. }
  317. # Loading module "ok" from file /etc/freeradius/mods-enabled/always
  318. always ok {
  319. rcode = "ok"
  320. simulcount = 0
  321. mpp = no
  322. }
  323. # Loading module "handled" from file /etc/freeradius/mods-enabled/always
  324. always handled {
  325. rcode = "handled"
  326. simulcount = 0
  327. mpp = no
  328. }
  329. # Loading module "invalid" from file /etc/freeradius/mods-enabled/always
  330. always invalid {
  331. rcode = "invalid"
  332. simulcount = 0
  333. mpp = no
  334. }
  335. # Loading module "userlock" from file /etc/freeradius/mods-enabled/always
  336. always userlock {
  337. rcode = "userlock"
  338. simulcount = 0
  339. mpp = no
  340. }
  341. # Loading module "notfound" from file /etc/freeradius/mods-enabled/always
  342. always notfound {
  343. rcode = "notfound"
  344. simulcount = 0
  345. mpp = no
  346. }
  347. # Loading module "noop" from file /etc/freeradius/mods-enabled/always
  348. always noop {
  349. rcode = "noop"
  350. simulcount = 0
  351. mpp = no
  352. }
  353. # Loading module "updated" from file /etc/freeradius/mods-enabled/always
  354. always updated {
  355. rcode = "updated"
  356. simulcount = 0
  357. mpp = no
  358. }
  359. # Loaded module "rlm_pap"
  360. # Loading module "pap" from file /etc/freeradius/mods-enabled/pap
  361. pap {
  362. normalise = yes
  363. }
  364. # Loaded module "rlm_linelog"
  365. # Loading module "linelog" from file /etc/freeradius/mods-enabled/linelog
  366. linelog {
  367. destination = "file"
  368. delimiter = " "
  369. file {
  370. filename = "/var/log/freeradius/linelog"
  371. permissions = 384
  372. escape_filenames = no
  373. }
  374. syslog {
  375. severity = "info"
  376. }
  377. unix {
  378. }
  379. tcp {
  380. port = 514
  381. timeout = 2.000000
  382. }
  383. udp {
  384. port = 514
  385. timeout = 2.000000
  386. }
  387. }
  388. # Loading module "log_accounting" from file /etc/freeradius/mods-enabled/linelog
  389. linelog log_accounting {
  390. destination = "file"
  391. delimiter = " "
  392. file {
  393. filename = "/var/log/freeradius/linelog-accounting"
  394. permissions = 384
  395. escape_filenames = no
  396. }
  397. syslog {
  398. severity = "info"
  399. }
  400. unix {
  401. }
  402. tcp {
  403. timeout = 1000.000000
  404. }
  405. udp {
  406. timeout = 1000.000000
  407. }
  408. }
  409. # Loaded module "rlm_utf8"
  410. # Loading module "utf8" from file /etc/freeradius/mods-enabled/utf8
  411. # Loaded module "rlm_ldap"
  412. # Loading module "ldap" from file /etc/freeradius/mods-enabled/ldap
  413. ldap {
  414. server = "ldaps://ldap.myhost.com"
  415. port = 636
  416. identity = "uid=user,ou=Users,dc=myhost,dc=com"
  417. password = <<< secret >>>
  418. sasl {
  419. }
  420. user {
  421. scope = "sub"
  422. access_positive = yes
  423. sasl {
  424. }
  425. }
  426. group {
  427. filter = "(objectClass=posixGroup)"
  428. scope = "sub"
  429. name_attribute = "cn"
  430. membership_attribute = "memberOf"
  431. cacheable_name = no
  432. cacheable_dn = no
  433. }
  434. client {
  435. filter = "(objectClass=radiusClient)"
  436. scope = "sub"
  437. base_dn = "ou=Users,dc=myhost,dc=com"
  438. }
  439. profile {
  440. }
  441. options {
  442. ldap_debug = 40
  443. chase_referrals = yes
  444. use_referral_credentials = no
  445. rebind = yes
  446. session_tracking = no
  447. res_timeout = 10
  448. srv_timelimit = 3
  449. idle = 60
  450. probes = 3
  451. interval = 3
  452. }
  453. tls {
  454. ca_file = "/etc/freeradius/certs/current/rootCA.pem"
  455. ca_path = "/etc/freeradius/certs/current"
  456. certificate_file = "/etc/freeradius/certs/current/radius.crt"
  457. private_key_file = "/etc/freeradius/certs/current/radius.key"
  458. random_file = "/dev/urandom"
  459. start_tls = no
  460. }
  461. }
  462. Creating attribute LDAP-Group
  463. # Loaded module "rlm_detail"
  464. # Loading module "auth_log" from file /etc/freeradius/mods-enabled/detail.log
  465. detail auth_log {
  466. filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d"
  467. header = "%t"
  468. permissions = 384
  469. locking = no
  470. escape_filenames = no
  471. log_packet_header = no
  472. }
  473. # Loading module "reply_log" from file /etc/freeradius/mods-enabled/detail.log
  474. detail reply_log {
  475. filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/reply-detail-%Y%m%d"
  476. header = "%t"
  477. permissions = 384
  478. locking = no
  479. escape_filenames = no
  480. log_packet_header = no
  481. }
  482. # Loading module "pre_proxy_log" from file /etc/freeradius/mods-enabled/detail.log
  483. detail pre_proxy_log {
  484. filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/pre-proxy-detail-%Y%m%d"
  485. header = "%t"
  486. permissions = 384
  487. locking = no
  488. escape_filenames = no
  489. log_packet_header = no
  490. }
  491. # Loading module "post_proxy_log" from file /etc/freeradius/mods-enabled/detail.log
  492. detail post_proxy_log {
  493. filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/post-proxy-detail-%Y%m%d"
  494. header = "%t"
  495. permissions = 384
  496. locking = no
  497. escape_filenames = no
  498. log_packet_header = no
  499. }
  500. # Loaded module "rlm_exec"
  501. # Loading module "exec" from file /etc/freeradius/mods-enabled/exec
  502. exec {
  503. wait = no
  504. input_pairs = "request"
  505. shell_escape = yes
  506. timeout = 10
  507. }
  508. # Loaded module "rlm_realm"
  509. # Loading module "IPASS" from file /etc/freeradius/mods-enabled/realm
  510. realm IPASS {
  511. format = "prefix"
  512. delimiter = "/"
  513. ignore_default = no
  514. ignore_null = no
  515. }
  516. # Loading module "suffix" from file /etc/freeradius/mods-enabled/realm
  517. realm suffix {
  518. format = "suffix"
  519. delimiter = "@"
  520. ignore_default = no
  521. ignore_null = no
  522. }
  523. # Loading module "realmpercent" from file /etc/freeradius/mods-enabled/realm
  524. realm realmpercent {
  525. format = "suffix"
  526. delimiter = "%"
  527. ignore_default = no
  528. ignore_null = no
  529. }
  530. # Loading module "ntdomain" from file /etc/freeradius/mods-enabled/realm
  531. realm ntdomain {
  532. format = "prefix"
  533. delimiter = "\\"
  534. ignore_default = no
  535. ignore_null = no
  536. }
  537. # Loaded module "rlm_cache"
  538. # Loading module "cache_eap" from file /etc/freeradius/mods-enabled/cache_eap
  539. cache cache_eap {
  540. driver = "rlm_cache_rbtree"
  541. ttl = 15
  542. max_entries = 0
  543. epoch = 0
  544. add_stats = no
  545. }
  546. # Loaded module "rlm_files"
  547. # Loading module "files" from file /etc/freeradius/mods-enabled/files
  548. files {
  549. filename = "/etc/freeradius/mods-config/files/authorize"
  550. acctusersfile = "/etc/freeradius/mods-config/files/accounting"
  551. preproxy_usersfile = "/etc/freeradius/mods-config/files/pre-proxy"
  552. }
  553. # Loaded module "rlm_mschap"
  554. # Loading module "mschap" from file /etc/freeradius/mods-enabled/mschap
  555. mschap {
  556. use_mppe = yes
  557. require_encryption = no
  558. require_strong = no
  559. with_ntdomain_hack = yes
  560. passchange {
  561. }
  562. allow_retry = yes
  563. }
  564. # Loaded module "rlm_attr_filter"
  565. # Loading module "attr_filter.post-proxy" from file /etc/freeradius/mods-enabled/attr_filter
  566. attr_filter attr_filter.post-proxy {
  567. filename = "/etc/freeradius/mods-config/attr_filter/post-proxy"
  568. relaxed = no
  569. }
  570. # Loading module "attr_filter.pre-proxy" from file /etc/freeradius/mods-enabled/attr_filter
  571. attr_filter attr_filter.pre-proxy {
  572. filename = "/etc/freeradius/mods-config/attr_filter/pre-proxy"
  573. relaxed = no
  574. }
  575. # Loading module "attr_filter.access_reject" from file /etc/freeradius/mods-enabled/attr_filter
  576. attr_filter attr_filter.access_reject {
  577. filename = "/etc/freeradius/mods-config/attr_filter/access_reject"
  578. relaxed = no
  579. }
  580. # Loading module "attr_filter.access_challenge" from file /etc/freeradius/mods-enabled/attr_filter
  581. attr_filter attr_filter.access_challenge {
  582. filename = "/etc/freeradius/mods-config/attr_filter/access_challenge"
  583. relaxed = no
  584. }
  585. # Loading module "attr_filter.accounting_response" from file /etc/freeradius/mods-enabled/attr_filter
  586. attr_filter attr_filter.accounting_response {
  587. filename = "/etc/freeradius/mods-config/attr_filter/accounting_response"
  588. relaxed = no
  589. }
  590. # Loaded module "rlm_radutmp"
  591. # Loading module "radutmp" from file /etc/freeradius/mods-enabled/radutmp
  592. radutmp {
  593. filename = "/var/log/freeradius/radutmp"
  594. username = "%{User-Name}"
  595. case_sensitive = yes
  596. check_with_nas = yes
  597. permissions = 384
  598. caller_id = yes
  599. }
  600. # Loaded module "rlm_logintime"
  601. # Loading module "logintime" from file /etc/freeradius/mods-enabled/logintime
  602. logintime {
  603. minimum_timeout = 60
  604. }
  605. # Loading module "sradutmp" from file /etc/freeradius/mods-enabled/sradutmp
  606. radutmp sradutmp {
  607. filename = "/var/log/freeradius/sradutmp"
  608. username = "%{User-Name}"
  609. case_sensitive = yes
  610. check_with_nas = yes
  611. permissions = 420
  612. caller_id = no
  613. }
  614. # Loaded module "rlm_unix"
  615. # Loading module "unix" from file /etc/freeradius/mods-enabled/unix
  616. unix {
  617. radwtmp = "/var/log/freeradius/radwtmp"
  618. }
  619. Creating attribute Unix-Group
  620. # Loaded module "rlm_passwd"
  621. # Loading module "etc_passwd" from file /etc/freeradius/mods-enabled/passwd
  622. passwd etc_passwd {
  623. filename = "/etc/passwd"
  624. format = "*User-Name:Crypt-Password:"
  625. delimiter = ":"
  626. ignore_nislike = no
  627. ignore_empty = yes
  628. allow_multiple_keys = no
  629. hash_size = 100
  630. }
  631. # Loading module "ntlm_auth" from file /etc/freeradius/mods-enabled/ntlm_auth
  632. exec ntlm_auth {
  633. wait = yes
  634. program = "/path/to/ntlm_auth --request-nt-key --domain=MYDOMAIN --username=%{mschap:User-Name} --password=%{User-Password}"
  635. shell_escape = yes
  636. }
  637. # Loading module "detail" from file /etc/freeradius/mods-enabled/detail
  638. detail {
  639. filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d"
  640. header = "%t"
  641. permissions = 384
  642. locking = no
  643. escape_filenames = no
  644. log_packet_header = no
  645. }
  646. # Loaded module "rlm_dynamic_clients"
  647. # Loading module "dynamic_clients" from file /etc/freeradius/mods-enabled/dynamic_clients
  648. # Loaded module "rlm_digest"
  649. # Loading module "digest" from file /etc/freeradius/mods-enabled/digest
  650. # Loaded module "rlm_expr"
  651. # Loading module "expr" from file /etc/freeradius/mods-enabled/expr
  652. expr {
  653. safe_characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /äéöüàâæçèéêëîïôœùûüaÿÄÉÖÜßÀÂÆÇÈÉÊËÎÏÔŒÙÛÜŸ"
  654. }
  655. # Loading module "echo" from file /etc/freeradius/mods-enabled/echo
  656. exec echo {
  657. wait = yes
  658. program = "/bin/echo %{User-Name}"
  659. input_pairs = "request"
  660. output_pairs = "reply"
  661. shell_escape = yes
  662. }
  663. # Loaded module "rlm_replicate"
  664. # Loading module "replicate" from file /etc/freeradius/mods-enabled/replicate
  665. # Loaded module "rlm_unpack"
  666. # Loading module "unpack" from file /etc/freeradius/mods-enabled/unpack
  667. # Loaded module "rlm_eap"
  668. # Loading module "eap" from file /etc/freeradius/mods-enabled/eap
  669. eap {
  670. default_eap_type = "md5"
  671. ignore_unknown_eap_types = no
  672. cisco_accounting_username_bug = no
  673. }
  674. # Linked to sub-module rlm_eap_md5
  675. # Linked to sub-module rlm_eap_leap
  676. # Linked to sub-module rlm_eap_gtc
  677. gtc {
  678. challenge = "Password: "
  679. auth_type = "PAP"
  680. }
  681. # Linked to sub-module rlm_eap_tls
  682. tls {
  683. tls = "tls-common"
  684. require_client_cert = yes
  685. }
  686. tls-config tls-common {
  687. verify_depth = 0
  688. ca_path = "/etc/freeradius/certs"
  689. pem_file_type = yes
  690. private_key_file = "/etc/freeradius/certs/server.pem"
  691. certificate_file = "/etc/freeradius/certs/server.pem"
  692. ca_file = "/etc/freeradius/certs/ca.pem"
  693. private_key_password = <<< secret >>>
  694. dh_file = "/etc/freeradius/certs/dh"
  695. fragment_size = 1024
  696. include_length = yes
  697. auto_chain = yes
  698. check_crl = no
  699. check_all_crl = no
  700. cipher_list = "DEFAULT"
  701. ecdh_curve = "prime256v1"
  702. cache {
  703. }
  704. verify {
  705. }
  706. ocsp {
  707. enable = no
  708. override_cert_url = yes
  709. url = "http://127.0.0.1/ocsp/"
  710. use_nonce = yes
  711. timeout = 0
  712. softfail = no
  713. }
  714. }
  715. # Linked to sub-module rlm_eap_ttls
  716. ttls {
  717. tls = "tls-common"
  718. default_eap_type = "md5"
  719. copy_request_to_tunnel = no
  720. use_tunneled_reply = no
  721. virtual_server = "inner-tunnel"
  722. include_length = yes
  723. require_client_cert = no
  724. }
  725. tls - Using cached TLS configuration from previous invocation
  726. # Linked to sub-module rlm_eap_peap
  727. peap {
  728. tls = "tls-common"
  729. default_eap_type = "mschapv2"
  730. copy_request_to_tunnel = no
  731. use_tunneled_reply = no
  732. proxy_tunneled_request_as_eap = yes
  733. virtual_server = "inner-tunnel"
  734. soh = no
  735. require_client_cert = no
  736. }
  737. tls - Using cached TLS configuration from previous invocation
  738. # Linked to sub-module rlm_eap_mschapv2
  739. mschapv2 {
  740. with_ntdomain_hack = no
  741. send_error = no
  742. }
  743. instantiate {
  744. }
  745. } # modules
  746. # Instantiating module "preprocess" from file /etc/freeradius/mods-enabled/preprocess
  747. reading file /etc/freeradius/mods-config/preprocess/huntgroups
  748. reading file /etc/freeradius/mods-config/preprocess/hints
  749. # Instantiating module "expiration" from file /etc/freeradius/mods-enabled/expiration
  750. # Instantiating module "reject" from file /etc/freeradius/mods-enabled/always
  751. # Instantiating module "fail" from file /etc/freeradius/mods-enabled/always
  752. # Instantiating module "ok" from file /etc/freeradius/mods-enabled/always
  753. # Instantiating module "handled" from file /etc/freeradius/mods-enabled/always
  754. # Instantiating module "invalid" from file /etc/freeradius/mods-enabled/always
  755. # Instantiating module "userlock" from file /etc/freeradius/mods-enabled/always
  756. # Instantiating module "notfound" from file /etc/freeradius/mods-enabled/always
  757. # Instantiating module "noop" from file /etc/freeradius/mods-enabled/always
  758. # Instantiating module "updated" from file /etc/freeradius/mods-enabled/always
  759. # Instantiating module "pap" from file /etc/freeradius/mods-enabled/pap
  760. # Instantiating module "linelog" from file /etc/freeradius/mods-enabled/linelog
  761. # Instantiating module "log_accounting" from file /etc/freeradius/mods-enabled/linelog
  762. # Instantiating module "ldap" from file /etc/freeradius/mods-enabled/ldap
  763. rlm_ldap (ldap) - libldap vendor: OpenLDAP, version: 20431
  764. accounting {
  765. reference = "%{tolower:type.%{Acct-Status-Type}}"
  766. }
  767. post-auth {
  768. reference = "."
  769. }
  770. rlm_ldap (ldap) - Initialising connection pool
  771. pool {
  772. start = 5
  773. min = 3
  774. max = 32
  775. spare = 10
  776. uses = 0
  777. lifetime = 0
  778. cleanup_interval = 30
  779. idle_timeout = 60
  780. connect_timeout = 3.000000
  781. retry_delay = 30
  782. spread = no
  783. }
  784. rlm_ldap (ldap) - Opening additional connection (0), 1 of 32 pending slots used
  785. rlm_ldap (ldap) - Connecting to ldaps://ldap.myhost.com:636
  786. TLS: gcry_control GCRYCTL_SET_RNDEGD_SOCKET failed
  787. TLS: warning: cacertdir not implemented for gnutls
  788. rlm_ldap (ldap) - Failed setting connection option new TLS context: Unknown error
  789. rlm_ldap (ldap) - Opening connection failed (0)
  790. rlm_ldap (ldap) - Removing connection pool
  791. /etc/freeradius/mods-enabled/ldap[8]: Instantiation failed for module "ldap"
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!