API tools faq
paste
Guest User

Untitled

a guest
Jan 11th, 2017
262
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 31.80 KB | None | 0 0
raw download clone embed print report
  1. [root@plipclick ~]# radiusd -X
  2. FreeRADIUS Version 3.0.12
  3. Copyright (C) 1999-2016 The FreeRADIUS server project and contributors
  4. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
  5. PARTICULAR PURPOSE
  6. You may redistribute copies of FreeRADIUS under the terms of the
  7. GNU General Public License
  8. For more information about these matters, see the file named COPYRIGHT
  9. Starting - reading configuration files ...
  10. including dictionary file /usr/local/share/freeradius/dictionary
  11. including dictionary file /usr/local/share/freeradius/dictionary.dhcp
  12. including dictionary file /usr/local/share/freeradius/dictionary.vqp
  13. including dictionary file /usr/local/etc/raddb/dictionary
  14. including configuration file /usr/local/etc/raddb/radiusd.conf
  15. including configuration file /usr/local/etc/raddb/proxy.conf
  16. including configuration file /usr/local/etc/raddb/clients.conf
  17. including files in directory /usr/local/etc/raddb/mods-enabled/
  18. including configuration file /usr/local/etc/raddb/mods-enabled/always
  19. including configuration file /usr/local/etc/raddb/mods-enabled/attr_filter
  20. including configuration file /usr/local/etc/raddb/mods-enabled/cache_eap
  21. including configuration file /usr/local/etc/raddb/mods-enabled/chap
  22. including configuration file /usr/local/etc/raddb/mods-enabled/date
  23. including configuration file /usr/local/etc/raddb/mods-enabled/detail
  24. including configuration file /usr/local/etc/raddb/mods-enabled/detail.log
  25. including configuration file /usr/local/etc/raddb/mods-enabled/digest
  26. including configuration file /usr/local/etc/raddb/mods-enabled/dhcp
  27. including configuration file /usr/local/etc/raddb/mods-enabled/dynamic_clients
  28. including configuration file /usr/local/etc/raddb/mods-enabled/eap
  29. including configuration file /usr/local/etc/raddb/mods-enabled/echo
  30. including configuration file /usr/local/etc/raddb/mods-enabled/exec
  31. including configuration file /usr/local/etc/raddb/mods-enabled/expiration
  32. including configuration file /usr/local/etc/raddb/mods-enabled/expr
  33. including configuration file /usr/local/etc/raddb/mods-enabled/files
  34. including configuration file /usr/local/etc/raddb/mods-enabled/linelog
  35. including configuration file /usr/local/etc/raddb/mods-enabled/logintime
  36. including configuration file /usr/local/etc/raddb/mods-enabled/mschap
  37. including configuration file /usr/local/etc/raddb/mods-enabled/ntlm_auth
  38. including configuration file /usr/local/etc/raddb/mods-enabled/pap
  39. including configuration file /usr/local/etc/raddb/mods-enabled/passwd
  40. including configuration file /usr/local/etc/raddb/mods-enabled/preprocess
  41. including configuration file /usr/local/etc/raddb/mods-enabled/radutmp
  42. including configuration file /usr/local/etc/raddb/mods-enabled/realm
  43. including configuration file /usr/local/etc/raddb/mods-enabled/replicate
  44. including configuration file /usr/local/etc/raddb/mods-enabled/soh
  45. including configuration file /usr/local/etc/raddb/mods-enabled/sradutmp
  46. including configuration file /usr/local/etc/raddb/mods-enabled/unix
  47. including configuration file /usr/local/etc/raddb/mods-enabled/unpack
  48. including configuration file /usr/local/etc/raddb/mods-enabled/utf8
  49. including configuration file /usr/local/etc/raddb/mods-enabled/sql
  50. including configuration file /usr/local/etc/raddb/mods-config/sql/main/sqlite/queries.conf
  51. including files in directory /usr/local/etc/raddb/policy.d/
  52. including configuration file /usr/local/etc/raddb/policy.d/abfab-tr
  53. including configuration file /usr/local/etc/raddb/policy.d/accounting
  54. including configuration file /usr/local/etc/raddb/policy.d/canonicalization
  55. including configuration file /usr/local/etc/raddb/policy.d/control
  56. including configuration file /usr/local/etc/raddb/policy.d/cui
  57. including configuration file /usr/local/etc/raddb/policy.d/debug
  58. including configuration file /usr/local/etc/raddb/policy.d/dhcp
  59. including configuration file /usr/local/etc/raddb/policy.d/eap
  60. including configuration file /usr/local/etc/raddb/policy.d/filter
  61. including configuration file /usr/local/etc/raddb/policy.d/moonshot-targeted-ids
  62. including configuration file /usr/local/etc/raddb/policy.d/operator-name
  63. including files in directory /usr/local/etc/raddb/sites-enabled/
  64. including configuration file /usr/local/etc/raddb/sites-enabled/default
  65. including configuration file /usr/local/etc/raddb/sites-enabled/inner-tunnel
  66. main {
  67. security {
  68. allow_core_dumps = no
  69. }
  70. name = "radiusd"
  71. prefix = "/usr/local"
  72. localstatedir = "/usr/local/var"
  73. logdir = "/usr/local/var/log/radius"
  74. run_dir = "/usr/local/var/run/radiusd"
  75. }
  76. main {
  77. name = "radiusd"
  78. prefix = "/usr/local"
  79. localstatedir = "/usr/local/var"
  80. sbindir = "/usr/local/sbin"
  81. logdir = "/usr/local/var/log/radius"
  82. run_dir = "/usr/local/var/run/radiusd"
  83. libdir = "/usr/local/lib"
  84. radacctdir = "/usr/local/var/log/radius/radacct"
  85. hostname_lookups = no
  86. max_request_time = 30
  87. cleanup_delay = 5
  88. max_requests = 16384
  89. pidfile = "/usr/local/var/run/radiusd/radiusd.pid"
  90. checkrad = "/usr/local/sbin/checkrad"
  91. debug_level = 0
  92. proxy_requests = yes
  93. log {
  94. stripped_names = no
  95. auth = no
  96. auth_badpass = no
  97. auth_goodpass = no
  98. colourise = yes
  99. msg_denied = "You are already logged in - access denied"
  100. }
  101. resources {
  102. }
  103. security {
  104. max_attributes = 200
  105. reject_delay = 1.000000
  106. status_server = yes
  107. allow_vulnerable_openssl = "CVE-2016-6304"
  108. }
  109. }
  110. radiusd: #### Loading Realms and Home Servers ####
  111. proxy server {
  112. retry_delay = 5
  113. retry_count = 3
  114. default_fallback = no
  115. dead_time = 120
  116. wake_all_if_all_dead = no
  117. }
  118. home_server localhost {
  119. ipaddr = 127.0.0.1
  120. port = 1812
  121. type = "auth"
  122. secret = <<< secret >>>
  123. response_window = 20.000000
  124. response_timeouts = 1
  125. max_outstanding = 65536
  126. zombie_period = 40
  127. status_check = "status-server"
  128. ping_interval = 30
  129. check_interval = 30
  130. check_timeout = 4
  131. num_answers_to_alive = 3
  132. revive_interval = 120
  133. limit {
  134. max_connections = 16
  135. max_requests = 0
  136. lifetime = 0
  137. idle_timeout = 0
  138. }
  139. coa {
  140. irt = 2
  141. mrt = 16
  142. mrc = 5
  143. mrd = 30
  144. }
  145. }
  146. home_server_pool my_auth_failover {
  147. type = fail-over
  148. home_server = localhost
  149. }
  150. realm example.com {
  151. auth_pool = my_auth_failover
  152. }
  153. realm LOCAL {
  154. }
  155. radiusd: #### Loading Clients ####
  156. client localhost {
  157. ipaddr = 127.0.0.1
  158. require_message_authenticator = no
  159. secret = <<< secret >>>
  160. nas_type = "other"
  161. proto = "*"
  162. limit {
  163. max_connections = 16
  164. lifetime = 0
  165. idle_timeout = 30
  166. }
  167. }
  168. client localhost_ipv6 {
  169. ipv6addr = ::1
  170. require_message_authenticator = no
  171. secret = <<< secret >>>
  172. limit {
  173. max_connections = 16
  174. lifetime = 0
  175. idle_timeout = 30
  176. }
  177. }
  178. Debugger not attached
  179. # Creating Auth-Type = mschap
  180. # Creating Auth-Type = digest
  181. # Creating Auth-Type = eap
  182. # Creating Auth-Type = PAP
  183. # Creating Auth-Type = CHAP
  184. # Creating Auth-Type = MS-CHAP
  185. radiusd: #### Instantiating modules ####
  186. modules {
  187. # Loaded module rlm_always
  188. # Loading module "reject" from file /usr/local/etc/raddb/mods-enabled/always
  189. always reject {
  190. rcode = "reject"
  191. simulcount = 0
  192. mpp = no
  193. }
  194. # Loading module "fail" from file /usr/local/etc/raddb/mods-enabled/always
  195. always fail {
  196. rcode = "fail"
  197. simulcount = 0
  198. mpp = no
  199. }
  200. # Loading module "ok" from file /usr/local/etc/raddb/mods-enabled/always
  201. always ok {
  202. rcode = "ok"
  203. simulcount = 0
  204. mpp = no
  205. }
  206. # Loading module "handled" from file /usr/local/etc/raddb/mods-enabled/always
  207. always handled {
  208. rcode = "handled"
  209. simulcount = 0
  210. mpp = no
  211. }
  212. # Loading module "invalid" from file /usr/local/etc/raddb/mods-enabled/always
  213. always invalid {
  214. rcode = "invalid"
  215. simulcount = 0
  216. mpp = no
  217. }
  218. # Loading module "userlock" from file /usr/local/etc/raddb/mods-enabled/always
  219. always userlock {
  220. rcode = "userlock"
  221. simulcount = 0
  222. mpp = no
  223. }
  224. # Loading module "notfound" from file /usr/local/etc/raddb/mods-enabled/always
  225. always notfound {
  226. rcode = "notfound"
  227. simulcount = 0
  228. mpp = no
  229. }
  230. # Loading module "noop" from file /usr/local/etc/raddb/mods-enabled/always
  231. always noop {
  232. rcode = "noop"
  233. simulcount = 0
  234. mpp = no
  235. }
  236. # Loading module "updated" from file /usr/local/etc/raddb/mods-enabled/always
  237. always updated {
  238. rcode = "updated"
  239. simulcount = 0
  240. mpp = no
  241. }
  242. # Loaded module rlm_attr_filter
  243. # Loading module "attr_filter.post-proxy" from file /usr/local/etc/raddb/mods-enabled/attr_filter
  244. attr_filter attr_filter.post-proxy {
  245. filename = "/usr/local/etc/raddb/mods-config/attr_filter/post-proxy"
  246. key = "%{Realm}"
  247. relaxed = no
  248. }
  249. # Loading module "attr_filter.pre-proxy" from file /usr/local/etc/raddb/mods-enabled/attr_filter
  250. attr_filter attr_filter.pre-proxy {
  251. filename = "/usr/local/etc/raddb/mods-config/attr_filter/pre-proxy"
  252. key = "%{Realm}"
  253. relaxed = no
  254. }
  255. # Loading module "attr_filter.access_reject" from file /usr/local/etc/raddb/mods-enabled/attr_filter
  256. attr_filter attr_filter.access_reject {
  257. filename = "/usr/local/etc/raddb/mods-config/attr_filter/access_reject"
  258. key = "%{User-Name}"
  259. relaxed = no
  260. }
  261. # Loading module "attr_filter.access_challenge" from file /usr/local/etc/raddb/mods-enabled/attr_filter
  262. attr_filter attr_filter.access_challenge {
  263. filename = "/usr/local/etc/raddb/mods-config/attr_filter/access_challenge"
  264. key = "%{User-Name}"
  265. relaxed = no
  266. }
  267. # Loading module "attr_filter.accounting_response" from file /usr/local/etc/raddb/mods-enabled/attr_filter
  268. attr_filter attr_filter.accounting_response {
  269. filename = "/usr/local/etc/raddb/mods-config/attr_filter/accounting_response"
  270. key = "%{User-Name}"
  271. relaxed = no
  272. }
  273. # Loaded module rlm_cache
  274. # Loading module "cache_eap" from file /usr/local/etc/raddb/mods-enabled/cache_eap
  275. cache cache_eap {
  276. driver = "rlm_cache_rbtree"
  277. key = "%{%{control:State}:-%{%{reply:State}:-%{State}}}"
  278. ttl = 15
  279. max_entries = 0
  280. epoch = 0
  281. add_stats = no
  282. }
  283. # Loaded module rlm_chap
  284. # Loading module "chap" from file /usr/local/etc/raddb/mods-enabled/chap
  285. # Loaded module rlm_date
  286. # Loading module "date" from file /usr/local/etc/raddb/mods-enabled/date
  287. date {
  288. format = "%b %e %Y %H:%M:%S %Z"
  289. }
  290. # Loaded module rlm_detail
  291. # Loading module "detail" from file /usr/local/etc/raddb/mods-enabled/detail
  292. detail {
  293. filename = "/usr/local/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d"
  294. header = "%t"
  295. permissions = 384
  296. locking = no
  297. escape_filenames = no
  298. log_packet_header = no
  299. }
  300. # Loading module "auth_log" from file /usr/local/etc/raddb/mods-enabled/detail.log
  301. detail auth_log {
  302. filename = "/usr/local/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d"
  303. header = "%t"
  304. permissions = 384
  305. locking = no
  306. escape_filenames = no
  307. log_packet_header = no
  308. }
  309. # Loading module "reply_log" from file /usr/local/etc/raddb/mods-enabled/detail.log
  310. detail reply_log {
  311. filename = "/usr/local/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/reply-detail-%Y%m%d"
  312. header = "%t"
  313. permissions = 384
  314. locking = no
  315. escape_filenames = no
  316. log_packet_header = no
  317. }
  318. # Loading module "pre_proxy_log" from file /usr/local/etc/raddb/mods-enabled/detail.log
  319. detail pre_proxy_log {
  320. filename = "/usr/local/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/pre-proxy-detail-%Y%m%d"
  321. header = "%t"
  322. permissions = 384
  323. locking = no
  324. escape_filenames = no
  325. log_packet_header = no
  326. }
  327. # Loading module "post_proxy_log" from file /usr/local/etc/raddb/mods-enabled/detail.log
  328. detail post_proxy_log {
  329. filename = "/usr/local/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/post-proxy-detail-%Y%m%d"
  330. header = "%t"
  331. permissions = 384
  332. locking = no
  333. escape_filenames = no
  334. log_packet_header = no
  335. }
  336. # Loaded module rlm_digest
  337. # Loading module "digest" from file /usr/local/etc/raddb/mods-enabled/digest
  338. # Loaded module rlm_dhcp
  339. # Loading module "dhcp" from file /usr/local/etc/raddb/mods-enabled/dhcp
  340. # Loaded module rlm_dynamic_clients
  341. # Loading module "dynamic_clients" from file /usr/local/etc/raddb/mods-enabled/dynamic_clients
  342. # Loaded module rlm_eap
  343. # Loading module "eap" from file /usr/local/etc/raddb/mods-enabled/eap
  344. eap {
  345. default_eap_type = "md5"
  346. timer_expire = 60
  347. ignore_unknown_eap_types = no
  348. cisco_accounting_username_bug = no
  349. max_sessions = 16384
  350. }
  351. # Loaded module rlm_exec
  352. # Loading module "echo" from file /usr/local/etc/raddb/mods-enabled/echo
  353. exec echo {
  354. wait = yes
  355. program = "/bin/echo %{User-Name}"
  356. input_pairs = "request"
  357. output_pairs = "reply"
  358. shell_escape = yes
  359. }
  360. # Loading module "exec" from file /usr/local/etc/raddb/mods-enabled/exec
  361. exec {
  362. wait = no
  363. input_pairs = "request"
  364. shell_escape = yes
  365. timeout = 10
  366. }
  367. # Loaded module rlm_expiration
  368. # Loading module "expiration" from file /usr/local/etc/raddb/mods-enabled/expiration
  369. # Loaded module rlm_expr
  370. # Loading module "expr" from file /usr/local/etc/raddb/mods-enabled/expr
  371. expr {
  372. safe_characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /äéöüàâæçèéêëîïôœùûüaÿÄÉÖÜßÀÂÆÇÈÉÊËÎÏÔŒÙÛÜŸ"
  373. }
  374. # Loaded module rlm_files
  375. # Loading module "files" from file /usr/local/etc/raddb/mods-enabled/files
  376. files {
  377. filename = "/usr/local/etc/raddb/mods-config/files/authorize"
  378. acctusersfile = "/usr/local/etc/raddb/mods-config/files/accounting"
  379. preproxy_usersfile = "/usr/local/etc/raddb/mods-config/files/pre-proxy"
  380. }
  381. # Loaded module rlm_linelog
  382. # Loading module "linelog" from file /usr/local/etc/raddb/mods-enabled/linelog
  383. linelog {
  384. filename = "/usr/local/var/log/radius/linelog"
  385. escape_filenames = no
  386. syslog_severity = "info"
  387. permissions = 384
  388. format = "This is a log message for %{User-Name}"
  389. reference = "messages.%{%{reply:Packet-Type}:-default}"
  390. }
  391. # Loading module "log_accounting" from file /usr/local/etc/raddb/mods-enabled/linelog
  392. linelog log_accounting {
  393. filename = "/usr/local/var/log/radius/linelog-accounting"
  394. escape_filenames = no
  395. syslog_severity = "info"
  396. permissions = 384
  397. format = ""
  398. reference = "Accounting-Request.%{%{Acct-Status-Type}:-unknown}"
  399. }
  400. # Loaded module rlm_logintime
  401. # Loading module "logintime" from file /usr/local/etc/raddb/mods-enabled/logintime
  402. logintime {
  403. minimum_timeout = 60
  404. }
  405. # Loaded module rlm_mschap
  406. # Loading module "mschap" from file /usr/local/etc/raddb/mods-enabled/mschap
  407. mschap {
  408. use_mppe = yes
  409. require_encryption = no
  410. require_strong = no
  411. with_ntdomain_hack = yes
  412. passchange {
  413. }
  414. allow_retry = yes
  415. }
  416. # Loading module "ntlm_auth" from file /usr/local/etc/raddb/mods-enabled/ntlm_auth
  417. exec ntlm_auth {
  418. wait = yes
  419. program = "/path/to/ntlm_auth --request-nt-key --domain=MYDOMAIN --username=%{mschap:User-Name} --password=%{User-Password}"
  420. shell_escape = yes
  421. }
  422. # Loaded module rlm_pap
  423. # Loading module "pap" from file /usr/local/etc/raddb/mods-enabled/pap
  424. pap {
  425. normalise = yes
  426. }
  427. # Loaded module rlm_passwd
  428. # Loading module "etc_passwd" from file /usr/local/etc/raddb/mods-enabled/passwd
  429. passwd etc_passwd {
  430. filename = "/etc/passwd"
  431. format = "*User-Name:Crypt-Password:"
  432. delimiter = ":"
  433. ignore_nislike = no
  434. ignore_empty = yes
  435. allow_multiple_keys = no
  436. hash_size = 100
  437. }
  438. # Loaded module rlm_preprocess
  439. # Loading module "preprocess" from file /usr/local/etc/raddb/mods-enabled/preprocess
  440. preprocess {
  441. huntgroups = "/usr/local/etc/raddb/mods-config/preprocess/huntgroups"
  442. hints = "/usr/local/etc/raddb/mods-config/preprocess/hints"
  443. with_ascend_hack = no
  444. ascend_channels_per_line = 23
  445. with_ntdomain_hack = no
  446. with_specialix_jetstream_hack = no
  447. with_cisco_vsa_hack = no
  448. with_alvarion_vsa_hack = no
  449. }
  450. # Loaded module rlm_radutmp
  451. # Loading module "radutmp" from file /usr/local/etc/raddb/mods-enabled/radutmp
  452. radutmp {
  453. filename = "/usr/local/var/log/radius/radutmp"
  454. username = "%{User-Name}"
  455. case_sensitive = yes
  456. check_with_nas = yes
  457. permissions = 384
  458. caller_id = yes
  459. }
  460. # Loaded module rlm_realm
  461. # Loading module "IPASS" from file /usr/local/etc/raddb/mods-enabled/realm
  462. realm IPASS {
  463. format = "prefix"
  464. delimiter = "/"
  465. ignore_default = no
  466. ignore_null = no
  467. }
  468. # Loading module "suffix" from file /usr/local/etc/raddb/mods-enabled/realm
  469. realm suffix {
  470. format = "suffix"
  471. delimiter = "@"
  472. ignore_default = no
  473. ignore_null = no
  474. }
  475. # Loading module "realmpercent" from file /usr/local/etc/raddb/mods-enabled/realm
  476. realm realmpercent {
  477. format = "suffix"
  478. delimiter = "%"
  479. ignore_default = no
  480. ignore_null = no
  481. }
  482. # Loading module "ntdomain" from file /usr/local/etc/raddb/mods-enabled/realm
  483. realm ntdomain {
  484. format = "prefix"
  485. delimiter = "\\"
  486. ignore_default = no
  487. ignore_null = no
  488. }
  489. # Loaded module rlm_replicate
  490. # Loading module "replicate" from file /usr/local/etc/raddb/mods-enabled/replicate
  491. # Loaded module rlm_soh
  492. # Loading module "soh" from file /usr/local/etc/raddb/mods-enabled/soh
  493. soh {
  494. dhcp = yes
  495. }
  496. # Loading module "sradutmp" from file /usr/local/etc/raddb/mods-enabled/sradutmp
  497. radutmp sradutmp {
  498. filename = "/usr/local/var/log/radius/sradutmp"
  499. username = "%{User-Name}"
  500. case_sensitive = yes
  501. check_with_nas = yes
  502. permissions = 420
  503. caller_id = no
  504. }
  505. # Loaded module rlm_unix
  506. # Loading module "unix" from file /usr/local/etc/raddb/mods-enabled/unix
  507. unix {
  508. radwtmp = "/usr/local/var/log/radius/radwtmp"
  509. }
  510. Creating attribute Unix-Group
  511. # Loaded module rlm_unpack
  512. # Loading module "unpack" from file /usr/local/etc/raddb/mods-enabled/unpack
  513. # Loaded module rlm_utf8
  514. # Loading module "utf8" from file /usr/local/etc/raddb/mods-enabled/utf8
  515. # Loaded module rlm_sql
  516. # Loading module "sql" from file /usr/local/etc/raddb/mods-enabled/sql
  517. sql {
  518. driver = "rlm_sql_null"
  519. server = "localhost"
  520. port = 3306
  521. login = "radius"
  522. password = <<< secret >>>
  523. radius_db = "ciawifi_radius"
  524. read_groups = yes
  525. read_profiles = yes
  526. read_clients = yes
  527. delete_stale_sessions = yes
  528. sql_user_name = "%{User-Name}"
  529. default_user_profile = ""
  530. client_query = "SELECT id, nasname, shortname, type, secret, server FROM nas"
  531. authorize_check_query = "SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id"
  532. authorize_reply_query = "SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id"
  533. authorize_group_check_query = "SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{SQL-Group}' ORDER BY id"
  534. authorize_group_reply_query = "SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{SQL-Group}' ORDER BY id"
  535. group_membership_query = "SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority"
  536. simul_count_query = "SELECT COUNT(*) FROM radacct WHERE username = '%{SQL-User-Name}' AND acctstoptime IS NULL"
  537. simul_verify_query = "SELECT radacctid, acctsessionid, username, nasipaddress, nasportid, framedipaddress, callingstationid, framedprotocol FROM radacct WHERE username = '%{SQL-Group}' AND acctstoptime IS NULL"
  538. safe_characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
  539. accounting {
  540. reference = "%{tolower:type.%{Acct-Status-Type}.query}"
  541. type {
  542. accounting-on {
  543. query = "UPDATE radacct SET acctstoptime = %{%{integer:Event-Timestamp}:-date('now')}, acctsessiontime = (%{%{integer:Event-Timestamp}:-strftime('%%s', 'now')} - strftime('%%s', acctstarttime)), acctterminatecause = '%{Acct-Terminate-Cause}' WHERE acctstoptime IS NULL AND nasipaddress = '%{NAS-IP-Address}' AND acctstarttime <= %{integer:Event-Timestamp}"
  544. }
  545. accounting-off {
  546. query = "UPDATE radacct SET acctstoptime = %{%{integer:Event-Timestamp}:-date('now')}, acctsessiontime = (%{%{integer:Event-Timestamp}:-strftime('%%s', 'now')} - strftime('%%s', acctstarttime)), acctterminatecause = '%{Acct-Terminate-Cause}' WHERE acctstoptime IS NULL AND nasipaddress = '%{NAS-IP-Address}' AND acctstarttime <= %{integer:Event-Timestamp}"
  547. }
  548. start {
  549. query = "INSERT INTO radacct (acctsessionid, acctuniqueid, username, realm, nasipaddress, nasportid, nasporttype, acctstarttime, acctupdatetime, acctstoptime, acctsessiontime, acctauthentic, connectinfo_start, connectinfo_stop, acctinputoctets, acctoutputoctets, calledstationid, callingstationid, acctterminatecause, servicetype, framedprotocol, framedipaddress) VALUES ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{%{NAS-Port-ID}:-%{NAS-Port}}', '%{NAS-Port-Type}', %{%{integer:Event-Timestamp}:-date('now')}, %{%{integer:Event-Timestamp}:-date('now')}, NULL, '0', '%{Acct-Authentic}', '%{Connect-Info}', '', '0', '0', '%{Called-Station-Id}', '%{Calling-Station-Id}', '', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}')"
  550. }
  551. interim-update {
  552. query = "UPDATE radacct SET acctupdatetime = %{%{integer:Event-Timestamp}:-date('now')}, acctinterval = 0, framedipaddress = '%{Framed-IP-Address}', acctsessiontime = %{%{Acct-Session-Time}:-NULL}, acctinputoctets = %{%{Acct-Input-Gigawords}:-0} << 32 | %{%{Acct-Input-Octets}:-0}, acctoutputoctets = %{%{Acct-Output-Gigawords}:-0} << 32 | %{%{Acct-Output-Octets}:-0} WHERE AcctUniqueId = '%{Acct-Unique-Session-Id}'"
  553. }
  554. stop {
  555. query = "UPDATE radacct SET acctstoptime = %{%{integer:Event-Timestamp}:-date('now')}, acctsessiontime = %{%{Acct-Session-Time}:-NULL}, acctinputoctets = %{%{Acct-Input-Gigawords}:-0} << 32 | %{%{Acct-Input-Octets}:-0}, acctoutputoctets = %{%{Acct-Output-Gigawords}:-0} << 32 | %{%{Acct-Output-Octets}:-0}, acctterminatecause = '%{Acct-Terminate-Cause}', connectinfo_stop = '%{Connect-Info}' WHERE AcctUniqueId = '%{Acct-Unique-Session-Id}'"
  556. }
  557. }
  558. }
  559. post-auth {
  560. reference = ".query"
  561. query = "INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{SQL-User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S')"
  562. }
  563. }
  564. rlm_sql (sql): Driver rlm_sql_null (module rlm_sql_null) loaded and linked
  565. Creating attribute SQL-Group
  566. instantiate {
  567. }
  568. # Instantiating module "reject" from file /usr/local/etc/raddb/mods-enabled/always
  569. # Instantiating module "fail" from file /usr/local/etc/raddb/mods-enabled/always
  570. # Instantiating module "ok" from file /usr/local/etc/raddb/mods-enabled/always
  571. # Instantiating module "handled" from file /usr/local/etc/raddb/mods-enabled/always
  572. # Instantiating module "invalid" from file /usr/local/etc/raddb/mods-enabled/always
  573. # Instantiating module "userlock" from file /usr/local/etc/raddb/mods-enabled/always
  574. # Instantiating module "notfound" from file /usr/local/etc/raddb/mods-enabled/always
  575. # Instantiating module "noop" from file /usr/local/etc/raddb/mods-enabled/always
  576. # Instantiating module "updated" from file /usr/local/etc/raddb/mods-enabled/always
  577. # Instantiating module "attr_filter.post-proxy" from file /usr/local/etc/raddb/mods-enabled/attr_filter
  578. reading pairlist file /usr/local/etc/raddb/mods-config/attr_filter/post-proxy
  579. # Instantiating module "attr_filter.pre-proxy" from file /usr/local/etc/raddb/mods-enabled/attr_filter
  580. reading pairlist file /usr/local/etc/raddb/mods-config/attr_filter/pre-proxy
  581. # Instantiating module "attr_filter.access_reject" from file /usr/local/etc/raddb/mods-enabled/attr_filter
  582. reading pairlist file /usr/local/etc/raddb/mods-config/attr_filter/access_reject
  583. [/usr/local/etc/raddb/mods-config/attr_filter/access_reject]:11 Check item "FreeRADIUS-Response-Delay" found in filter list for realm "DEFAULT".
  584. [/usr/local/etc/raddb/mods-config/attr_filter/access_reject]:11 Check item "FreeRADIUS-Response-Delay-USec" found in filter list for realm "DEFAULT".
  585. # Instantiating module "attr_filter.access_challenge" from file /usr/local/etc/raddb/mods-enabled/attr_filter
  586. reading pairlist file /usr/local/etc/raddb/mods-config/attr_filter/access_challenge
  587. # Instantiating module "attr_filter.accounting_response" from file /usr/local/etc/raddb/mods-enabled/attr_filter
  588. reading pairlist file /usr/local/etc/raddb/mods-config/attr_filter/accounting_response
  589. # Instantiating module "cache_eap" from file /usr/local/etc/raddb/mods-enabled/cache_eap
  590. rlm_cache (cache_eap): Driver rlm_cache_rbtree (module rlm_cache_rbtree) loaded and linked
  591. # Instantiating module "detail" from file /usr/local/etc/raddb/mods-enabled/detail
  592. # Instantiating module "auth_log" from file /usr/local/etc/raddb/mods-enabled/detail.log
  593. rlm_detail (auth_log): 'User-Password' suppressed, will not appear in detail output
  594. # Instantiating module "reply_log" from file /usr/local/etc/raddb/mods-enabled/detail.log
  595. # Instantiating module "pre_proxy_log" from file /usr/local/etc/raddb/mods-enabled/detail.log
  596. # Instantiating module "post_proxy_log" from file /usr/local/etc/raddb/mods-enabled/detail.log
  597. # Instantiating module "eap" from file /usr/local/etc/raddb/mods-enabled/eap
  598. # Linked to sub-module rlm_eap_md5
  599. # Linked to sub-module rlm_eap_leap
  600. # Linked to sub-module rlm_eap_gtc
  601. gtc {
  602. challenge = "Password: "
  603. auth_type = "PAP"
  604. }
  605. # Linked to sub-module rlm_eap_tls
  606. tls {
  607. tls = "tls-common"
  608. }
  609. tls-config tls-common {
  610. verify_depth = 0
  611. ca_path = "/usr/local/etc/raddb/certs"
  612. pem_file_type = yes
  613. private_key_file = "/usr/local/etc/raddb/certs/server.pem"
  614. certificate_file = "/usr/local/etc/raddb/certs/server.pem"
  615. ca_file = "/usr/local/etc/raddb/certs/ca.pem"
  616. private_key_password = <<< secret >>>
  617. dh_file = "/usr/local/etc/raddb/certs/dh"
  618. fragment_size = 1024
  619. include_length = yes
  620. auto_chain = yes
  621. check_crl = no
  622. check_all_crl = no
  623. cipher_list = "DEFAULT"
  624. ecdh_curve = "prime256v1"
  625. cache {
  626. enable = yes
  627. lifetime = 24
  628. max_entries = 255
  629. }
  630. verify {
  631. skip_if_ocsp_ok = no
  632. }
  633. ocsp {
  634. enable = no
  635. override_cert_url = yes
  636. url = "http://127.0.0.1/ocsp/"
  637. use_nonce = yes
  638. timeout = 0
  639. softfail = no
  640. }
  641. }
  642. # Linked to sub-module rlm_eap_ttls
  643. ttls {
  644. tls = "tls-common"
  645. default_eap_type = "md5"
  646. copy_request_to_tunnel = no
  647. use_tunneled_reply = no
  648. virtual_server = "inner-tunnel"
  649. include_length = yes
  650. require_client_cert = no
  651. }
  652. tls: Using cached TLS configuration from previous invocation
  653. # Linked to sub-module rlm_eap_peap
  654. peap {
  655. tls = "tls-common"
  656. default_eap_type = "mschapv2"
  657. copy_request_to_tunnel = no
  658. use_tunneled_reply = no
  659. proxy_tunneled_request_as_eap = yes
  660. virtual_server = "inner-tunnel"
  661. soh = no
  662. require_client_cert = no
  663. }
  664. tls: Using cached TLS configuration from previous invocation
  665. # Linked to sub-module rlm_eap_mschapv2
  666. mschapv2 {
  667. with_ntdomain_hack = no
  668. send_error = no
  669. }
  670. # Instantiating module "expiration" from file /usr/local/etc/raddb/mods-enabled/expiration
  671. # Instantiating module "files" from file /usr/local/etc/raddb/mods-enabled/files
  672. reading pairlist file /usr/local/etc/raddb/mods-config/files/authorize
  673. reading pairlist file /usr/local/etc/raddb/mods-config/files/accounting
  674. reading pairlist file /usr/local/etc/raddb/mods-config/files/pre-proxy
  675. # Instantiating module "linelog" from file /usr/local/etc/raddb/mods-enabled/linelog
  676. # Instantiating module "log_accounting" from file /usr/local/etc/raddb/mods-enabled/linelog
  677. # Instantiating module "logintime" from file /usr/local/etc/raddb/mods-enabled/logintime
  678. # Instantiating module "mschap" from file /usr/local/etc/raddb/mods-enabled/mschap
  679. rlm_mschap (mschap): using internal authentication
  680. # Instantiating module "pap" from file /usr/local/etc/raddb/mods-enabled/pap
  681. # Instantiating module "etc_passwd" from file /usr/local/etc/raddb/mods-enabled/passwd
  682. rlm_passwd: nfields: 3 keyfield 0(User-Name) listable: no
  683. # Instantiating module "preprocess" from file /usr/local/etc/raddb/mods-enabled/preprocess
  684. reading pairlist file /usr/local/etc/raddb/mods-config/preprocess/huntgroups
  685. reading pairlist file /usr/local/etc/raddb/mods-config/preprocess/hints
  686. # Instantiating module "IPASS" from file /usr/local/etc/raddb/mods-enabled/realm
  687. # Instantiating module "suffix" from file /usr/local/etc/raddb/mods-enabled/realm
  688. # Instantiating module "realmpercent" from file /usr/local/etc/raddb/mods-enabled/realm
  689. # Instantiating module "ntdomain" from file /usr/local/etc/raddb/mods-enabled/realm
  690. # Instantiating module "sql" from file /usr/local/etc/raddb/mods-enabled/sql
  691. rlm_sql (sql): Attempting to connect to database "ciawifi_radius"
  692. rlm_sql (sql): Initialising connection pool
  693. pool {
  694. start = 5
  695. min = 3
  696. max = 32
  697. spare = 10
  698. uses = 0
  699. lifetime = 0
  700. cleanup_interval = 30
  701. idle_timeout = 60
  702. retry_delay = 30
  703. spread = no
  704. }
  705. rlm_sql (sql): Opening additional connection (0), 1 of 32 pending slots used
  706. rlm_sql (sql): Opening additional connection (1), 1 of 31 pending slots used
  707. rlm_sql (sql): Opening additional connection (2), 1 of 30 pending slots used
  708. rlm_sql (sql): Opening additional connection (3), 1 of 29 pending slots used
  709. rlm_sql (sql): Opening additional connection (4), 1 of 28 pending slots used
  710. rlm_sql (sql): Processing generate_sql_clients
  711. rlm_sql (sql) in generate_sql_clients: query is SELECT id, nasname, shortname, type, secret, server FROM nas
  712. rlm_sql (sql): Reserved connection (0)
  713. rlm_sql (sql): Executing select query: SELECT id, nasname, shortname, type, secret, server FROM nas
  714. rlm_sql (sql): Released connection (0)
  715. rlm_sql (sql): Need 5 more connections to reach 10 spares
  716. rlm_sql (sql): Opening additional connection (5), 1 of 27 pending slots used
  717. } # modules
  718. radiusd: #### Loading Virtual Servers ####
  719. server { # from file /usr/local/etc/raddb/radiusd.conf
  720. } # server
  721. server default { # from file /usr/local/etc/raddb/sites-enabled/default
  722. # Loading authenticate {...}
  723. # Loading authorize {...}
  724. Ignoring "ldap" (see raddb/mods-available/README.rst)
  725. # Loading preacct {...}
  726. # Loading accounting {...}
  727. # Loading post-proxy {...}
  728. # Loading post-auth {...}
  729. } # server default
  730. server inner-tunnel { # from file /usr/local/etc/raddb/sites-enabled/inner-tunnel
  731. # Loading authenticate {...}
  732. # Loading authorize {...}
  733. # Loading session {...}
  734. # Loading post-proxy {...}
  735. # Loading post-auth {...}
  736. } # server inner-tunnel
  737. radiusd: #### Opening IP addresses and Ports ####
  738. listen {
  739. type = "auth"
  740. ipaddr = SERVER_IP
  741. port = 0
  742. limit {
  743. max_connections = 16
  744. lifetime = 0
  745. idle_timeout = 30
  746. }
  747. }
  748. listen {
  749. type = "acct"
  750. ipaddr = SERVER_IP
  751. port = 0
  752. limit {
  753. max_connections = 16
  754. lifetime = 0
  755. idle_timeout = 30
  756. }
  757. }
  758. listen {
  759. type = "auth"
  760. ipv6addr = ::
  761. port = 0
  762. limit {
  763. max_connections = 16
  764. lifetime = 0
  765. idle_timeout = 30
  766. }
  767. }
  768. listen {
  769. type = "acct"
  770. ipv6addr = ::
  771. port = 0
  772. limit {
  773. max_connections = 16
  774. lifetime = 0
  775. idle_timeout = 30
  776. }
  777. }
  778. listen {
  779. type = "auth"
  780. ipaddr = 127.0.0.1
  781. port = 18120
  782. }
  783. Listening on auth address SERVER_IP port 1812 bound to server default
  784. Listening on acct address SERVER_IP port 1813 bound to server default
  785. Listening on auth address :: port 1812 bound to server default
  786. Listening on acct address :: port 1813 bound to server default
  787. Listening on auth address 127.0.0.1 port 18120 bound to server inner-tunnel
  788. Listening on proxy address * port 36770
  789. Listening on proxy address :: port 60754
  790. Ready to process requests
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!