Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- root@ndpl:/usr/local/nodeny # radiusd -X
- radiusd: FreeRADIUS Version 2.2.9, for host amd64-portbld-freebsd10.4, built on Feb 17 2018 at 19:49:49
- Copyright (C) 1999-2015 The FreeRADIUS server project and contributors.
- There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
- PARTICULAR PURPOSE.
- You may redistribute copies of FreeRADIUS under the terms of the
- GNU General Public License.
- For more information about these matters, see the file named COPYRIGHT.
- Starting - reading configuration files ...
- including configuration file /usr/local/etc/raddb/radiusd.conf
- including configuration file /usr/local/etc/raddb/proxy.conf
- including configuration file /usr/local/etc/raddb/clients.conf
- including files in directory /usr/local/etc/raddb/modules/
- including configuration file /usr/local/etc/raddb/modules/always
- including configuration file /usr/local/etc/raddb/modules/attr_filter
- including configuration file /usr/local/etc/raddb/modules/attr_rewrite
- including configuration file /usr/local/etc/raddb/modules/cache
- including configuration file /usr/local/etc/raddb/modules/chap
- including configuration file /usr/local/etc/raddb/modules/checkval
- including configuration file /usr/local/etc/raddb/modules/counter
- including configuration file /usr/local/etc/raddb/modules/cui
- including configuration file /usr/local/etc/raddb/modules/detail
- including configuration file /usr/local/etc/raddb/modules/detail.example.com
- including configuration file /usr/local/etc/raddb/modules/detail.log
- including configuration file /usr/local/etc/raddb/modules/dhcp_sqlippool
- including configuration file /usr/local/etc/raddb/sql/mysql/ippool-dhcp.conf
- including configuration file /usr/local/etc/raddb/modules/digest
- including configuration file /usr/local/etc/raddb/modules/dynamic_clients
- including configuration file /usr/local/etc/raddb/modules/echo
- including configuration file /usr/local/etc/raddb/modules/etc_group
- including configuration file /usr/local/etc/raddb/modules/exec
- including configuration file /usr/local/etc/raddb/modules/expiration
- including configuration file /usr/local/etc/raddb/modules/expr
- including configuration file /usr/local/etc/raddb/modules/files
- including configuration file /usr/local/etc/raddb/modules/inner-eap
- including configuration file /usr/local/etc/raddb/modules/ippool
- including configuration file /usr/local/etc/raddb/modules/krb5
- including configuration file /usr/local/etc/raddb/modules/ldap
- including configuration file /usr/local/etc/raddb/modules/linelog
- including configuration file /usr/local/etc/raddb/modules/logintime
- including configuration file /usr/local/etc/raddb/modules/otp
- including configuration file /usr/local/etc/raddb/modules/mac2ip
- including configuration file /usr/local/etc/raddb/modules/mac2vlan
- including configuration file /usr/local/etc/raddb/modules/mschap
- including configuration file /usr/local/etc/raddb/modules/ntlm_auth
- including configuration file /usr/local/etc/raddb/modules/opendirectory
- including configuration file /usr/local/etc/raddb/modules/pam
- including configuration file /usr/local/etc/raddb/modules/pap
- including configuration file /usr/local/etc/raddb/modules/passwd
- including configuration file /usr/local/etc/raddb/modules/perl
- including configuration file /usr/local/etc/raddb/modules/policy
- including configuration file /usr/local/etc/raddb/modules/preprocess
- including configuration file /usr/local/etc/raddb/modules/radrelay
- including configuration file /usr/local/etc/raddb/modules/radutmp
- including configuration file /usr/local/etc/raddb/modules/realm
- including configuration file /usr/local/etc/raddb/modules/redis
- including configuration file /usr/local/etc/raddb/modules/rediswho
- including configuration file /usr/local/etc/raddb/modules/replicate
- including configuration file /usr/local/etc/raddb/modules/smbpasswd
- including configuration file /usr/local/etc/raddb/modules/smsotp
- including configuration file /usr/local/etc/raddb/modules/soh
- including configuration file /usr/local/etc/raddb/modules/sql_log
- including configuration file /usr/local/etc/raddb/modules/sqlcounter_expire_on_login
- including configuration file /usr/local/etc/raddb/modules/sradutmp
- including configuration file /usr/local/etc/raddb/modules/unix
- including configuration file /usr/local/etc/raddb/modules/wimax
- including configuration file /usr/local/etc/raddb/modules/acct_unique
- including configuration file /usr/local/etc/raddb/eap.conf
- including configuration file /usr/local/etc/raddb/sql.conf
- including configuration file /usr/local/etc/raddb/policy.conf
- including files in directory /usr/local/etc/raddb/sites-enabled/
- including configuration file /usr/local/etc/raddb/sites-enabled/default
- including configuration file /usr/local/etc/raddb/sites-enabled/inner-tunnel
- including configuration file /usr/local/etc/raddb/sites-enabled/control-socket
- main {
- allow_core_dumps = no
- }
- including dictionary file /usr/local/etc/raddb/dictionary
- main {
- name = "radiusd"
- prefix = "/usr/local"
- localstatedir = "/var"
- sbindir = "/usr/local/sbin"
- logdir = "/var/log"
- run_dir = "/var/run/radiusd"
- libdir = "/usr/local/lib/freeradius-2.2.9"
- radacctdir = "/var/log/radacct"
- hostname_lookups = no
- max_request_time = 30
- cleanup_delay = 5
- max_requests = 1024
- pidfile = "/var/run/radiusd/radiusd.pid"
- checkrad = "/usr/local/sbin/checkrad"
- debug_level = 0
- proxy_requests = yes
- log {
- stripped_names = no
- auth = no
- auth_badpass = no
- auth_goodpass = no
- }
- security {
- max_attributes = 200
- reject_delay = 1
- status_server = yes
- allow_vulnerable_openssl = no
- }
- }
- radiusd: #### Loading Realms and Home Servers ####
- proxy server {
- retry_delay = 5
- retry_count = 3
- default_fallback = no
- dead_time = 120
- wake_all_if_all_dead = no
- }
- home_server localhost {
- ipaddr = 127.0.0.1
- port = 1812
- type = "auth"
- secret = "testing123"
- response_window = 20
- max_outstanding = 65536
- require_message_authenticator = yes
- zombie_period = 40
- status_check = "status-server"
- ping_interval = 30
- check_interval = 30
- num_answers_to_alive = 3
- num_pings_to_alive = 3
- revive_interval = 120
- status_check_timeout = 4
- coa {
- irt = 2
- mrt = 16
- mrc = 5
- mrd = 30
- }
- }
- home_server_pool my_auth_failover {
- type = fail-over
- home_server = localhost
- }
- realm example.com {
- auth_pool = my_auth_failover
- }
- realm LOCAL {
- }
- radiusd: #### Loading Clients ####
- client 127.0.0.1 {
- require_message_authenticator = no
- secret = "hardpass5"
- shortname = "NoDenyDB"
- nastype = "cisco"
- }
- client 93.170.1.245 {
- require_message_authenticator = no
- secret = "bras"
- shortname = "bras-ya"
- nastype = "cisco"
- }
- radiusd: #### Instantiating modules ####
- instantiate {
- Module: Linked to module rlm_exec
- Module: Instantiating module "exec" from file /usr/local/etc/raddb/modules/exec
- exec {
- wait = no
- input_pairs = "request"
- shell_escape = yes
- timeout = 10
- }
- Module: Linked to module rlm_expr
- Module: Instantiating module "expr" from file /usr/local/etc/raddb/modules/expr
- Module: Linked to module rlm_expiration
- Module: Instantiating module "expiration" from file /usr/local/etc/raddb/modules/expiration
- expiration {
- reply-message = "Password Has Expired "
- }
- Module: Linked to module rlm_logintime
- Module: Instantiating module "logintime" from file /usr/local/etc/raddb/modules/logintime
- logintime {
- reply-message = "You are calling outside your allowed timespan "
- minimum-timeout = 60
- }
- }
- radiusd: #### Loading Virtual Servers ####
- server { # from file /usr/local/etc/raddb/radiusd.conf
- modules {
- Module: Creating Auth-Type = digest
- Module: Checking authenticate {...} for more modules to load
- Module: Linked to module rlm_pap
- Module: Instantiating module "pap" from file /usr/local/etc/raddb/modules/pap
- pap {
- encryption_scheme = "auto"
- auto_header = no
- }
- Module: Linked to module rlm_chap
- Module: Instantiating module "chap" from file /usr/local/etc/raddb/modules/chap
- Module: Linked to module rlm_mschap
- Module: Instantiating module "mschap" from file /usr/local/etc/raddb/modules/mschap
- mschap {
- use_mppe = yes
- require_encryption = no
- require_strong = no
- with_ntdomain_hack = no
- allow_retry = yes
- }
- Module: Linked to module rlm_digest
- Module: Instantiating module "digest" from file /usr/local/etc/raddb/modules/digest
- Module: Linked to module rlm_unix
- Module: Instantiating module "unix" from file /usr/local/etc/raddb/modules/unix
- unix {
- radwtmp = "/var/log/radwtmp"
- }
- Module: Linked to module rlm_eap
- Module: Instantiating module "eap" from file /usr/local/etc/raddb/eap.conf
- eap {
- default_eap_type = "md5"
- timer_expire = 60
- ignore_unknown_eap_types = no
- cisco_accounting_username_bug = no
- max_sessions = 1024
- }
- Module: Linked to sub-module rlm_eap_md5
- Module: Instantiating eap-md5
- Module: Linked to sub-module rlm_eap_leap
- Module: Instantiating eap-leap
- Module: Linked to sub-module rlm_eap_gtc
- Module: Instantiating eap-gtc
- gtc {
- challenge = "Password: "
- auth_type = "PAP"
- }
- Module: Linked to sub-module rlm_eap_tls
- Module: Instantiating eap-tls
- tls {
- rsa_key_exchange = no
- dh_key_exchange = yes
- rsa_key_length = 512
- dh_key_length = 512
- verify_depth = 0
- CA_path = "/usr/local/etc/raddb/certs"
- pem_file_type = yes
- private_key_file = "/usr/local/etc/raddb/certs/server.pem"
- certificate_file = "/usr/local/etc/raddb/certs/server.pem"
- CA_file = "/usr/local/etc/raddb/certs/ca.pem"
- private_key_password = "whatever"
- dh_file = "/usr/local/etc/raddb/certs/dh"
- fragment_size = 1024
- include_length = yes
- check_crl = no
- check_all_crl = no
- cipher_list = "DEFAULT"
- make_cert_command = "/usr/local/etc/raddb/certs/bootstrap"
- ecdh_curve = "prime256v1"
- cache {
- enable = no
- lifetime = 24
- max_entries = 255
- }
- verify {
- }
- ocsp {
- enable = no
- override_cert_url = yes
- url = "http://127.0.0.1/ocsp/"
- use_nonce = yes
- timeout = 0
- softfail = no
- }
- }
- Module: Linked to sub-module rlm_eap_ttls
- Module: Instantiating eap-ttls
- ttls {
- default_eap_type = "md5"
- copy_request_to_tunnel = no
- use_tunneled_reply = no
- virtual_server = "inner-tunnel"
- include_length = yes
- }
- Module: Linked to sub-module rlm_eap_peap
- Module: Instantiating eap-peap
- peap {
- default_eap_type = "mschapv2"
- copy_request_to_tunnel = no
- use_tunneled_reply = no
- proxy_tunneled_request_as_eap = yes
- virtual_server = "inner-tunnel"
- soh = no
- }
- Module: Linked to sub-module rlm_eap_mschapv2
- Module: Instantiating eap-mschapv2
- mschapv2 {
- with_ntdomain_hack = no
- send_error = no
- }
- Module: Checking authorize {...} for more modules to load
- Module: Linked to module rlm_preprocess
- Module: Instantiating module "preprocess" from file /usr/local/etc/raddb/modules/preprocess
- preprocess {
- huntgroups = "/usr/local/etc/raddb/huntgroups"
- hints = "/usr/local/etc/raddb/hints"
- with_ascend_hack = no
- ascend_channels_per_line = 23
- with_ntdomain_hack = no
- with_specialix_jetstream_hack = no
- with_cisco_vsa_hack = no
- with_alvarion_vsa_hack = no
- }
- reading pairlist file /usr/local/etc/raddb/huntgroups
- reading pairlist file /usr/local/etc/raddb/hints
- Module: Linked to module rlm_realm
- Module: Instantiating module "suffix" from file /usr/local/etc/raddb/modules/realm
- realm suffix {
- format = "suffix"
- delimiter = "@"
- ignore_default = no
- ignore_null = no
- }
- Module: Linked to module rlm_files
- Module: Instantiating module "files" from file /usr/local/etc/raddb/modules/files
- files {
- usersfile = "/usr/local/etc/raddb/users"
- acctusersfile = "/usr/local/etc/raddb/acct_users"
- preproxy_usersfile = "/usr/local/etc/raddb/preproxy_users"
- compat = "no"
- }
- reading pairlist file /usr/local/etc/raddb/users
- reading pairlist file /usr/local/etc/raddb/acct_users
- reading pairlist file /usr/local/etc/raddb/preproxy_users
- Module: Linked to module rlm_sql
- Module: Instantiating module "sql" from file /usr/local/etc/raddb/sql.conf
- sql {
- driver = "rlm_sql_mysql"
- server = "localhost"
- port = "3306"
- login = "nodeny"
- password = "hardpass"
- radius_db = "nodeny"
- read_groups = yes
- sqltrace = no
- sqltracefile = "/var/log/sqltrace.sql"
- readclients = no
- deletestalesessions = yes
- num_sql_socks = 5
- lifetime = 0
- max_queries = 0
- sql_user_name = ""
- default_user_profile = ""
- nas_query = "SELECT id,nasname,shortname,type,secret FROM nas"
- authorize_check_query = "call radcheck('%{User-Name}')"
- authorize_reply_query = "call radreply('%{User-Name}')"
- authorize_group_check_query = ""
- authorize_group_reply_query = ""
- accounting_onoff_query = ""
- accounting_update_query = "call radupdate('%{User-Name}','%{Framed-IP-Address}', 'nas=%{NAS-IP-Address}')"
- accounting_update_query_alt = ""
- accounting_start_query = ""
- accounting_start_query_alt = ""
- accounting_stop_query = ""
- accounting_stop_query_alt = ""
- connect_failure_retry_delay = 60
- simul_count_query = ""
- simul_verify_query = ""
- postauth_query = "call radupdate('%{User-Name}','%{reply:Framed-IP-Address}', 'nas=%{NAS-IP-Address}')"
- safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
- }
- rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked
- rlm_sql (sql): Attempting to connect to nodeny@localhost:3306/nodeny
- rlm_sql (sql): starting 0
- rlm_sql (sql): Attempting to connect rlm_sql_mysql #0
- rlm_sql_mysql: Starting connect to MySQL server for #0
- rlm_sql (sql): Connected new DB handle, #0
- rlm_sql (sql): starting 1
- rlm_sql (sql): Attempting to connect rlm_sql_mysql #1
- rlm_sql_mysql: Starting connect to MySQL server for #1
- rlm_sql (sql): Connected new DB handle, #1
- rlm_sql (sql): starting 2
- rlm_sql (sql): Attempting to connect rlm_sql_mysql #2
- rlm_sql_mysql: Starting connect to MySQL server for #2
- rlm_sql (sql): Connected new DB handle, #2
- rlm_sql (sql): starting 3
- rlm_sql (sql): Attempting to connect rlm_sql_mysql #3
- rlm_sql_mysql: Starting connect to MySQL server for #3
- rlm_sql (sql): Connected new DB handle, #3
- rlm_sql (sql): starting 4
- rlm_sql (sql): Attempting to connect rlm_sql_mysql #4
- rlm_sql_mysql: Starting connect to MySQL server for #4
- rlm_sql (sql): Connected new DB handle, #4
- Module: Checking preacct {...} for more modules to load
- Module: Linked to module rlm_acct_unique
- Module: Instantiating module "acct_unique" from file /usr/local/etc/raddb/modules/acct_unique
- acct_unique {
- key = "User-Name, Acct-Session-Id, NAS-IP-Address, NAS-Identifier, NAS-Port"
- }
- Module: Checking accounting {...} for more modules to load
- Module: Linked to module rlm_detail
- Module: Instantiating module "detail" from file /usr/local/etc/raddb/modules/detail
- detail {
- detailfile = "/var/log/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d"
- header = "%t"
- detailperm = 384
- dirperm = 493
- locking = no
- log_packet_header = no
- escape_filenames = no
- }
- Module: Linked to module rlm_attr_filter
- Module: Instantiating module "attr_filter.accounting_response" from file /usr/local/etc/raddb/modules/attr_filter
- attr_filter attr_filter.accounting_response {
- attrsfile = "/usr/local/etc/raddb/attrs.accounting_response"
- key = "%{User-Name}"
- relaxed = no
- }
- reading pairlist file /usr/local/etc/raddb/attrs.accounting_response
- Module: Checking session {...} for more modules to load
- Module: Linked to module rlm_radutmp
- Module: Instantiating module "radutmp" from file /usr/local/etc/raddb/modules/radutmp
- radutmp {
- filename = "/var/log/radutmp"
- username = "%{User-Name}"
- case_sensitive = yes
- check_with_nas = yes
- perm = 384
- callerid = yes
- }
- Module: Checking post-proxy {...} for more modules to load
- Module: Checking post-auth {...} for more modules to load
- Module: Instantiating module "attr_filter.access_reject" from file /usr/local/etc/raddb/modules/attr_filter
- attr_filter attr_filter.access_reject {
- attrsfile = "/usr/local/etc/raddb/attrs.access_reject"
- key = "%{User-Name}"
- relaxed = no
- }
- reading pairlist file /usr/local/etc/raddb/attrs.access_reject
- } # modules
- } # server
- server inner-tunnel { # from file /usr/local/etc/raddb/sites-enabled/inner-tunnel
- modules {
- Module: Checking authenticate {...} for more modules to load
- Module: Checking authorize {...} for more modules to load
- Module: Checking session {...} for more modules to load
- Module: Checking post-proxy {...} for more modules to load
- Module: Checking post-auth {...} for more modules to load
- } # modules
- } # server
- radiusd: #### Opening IP addresses and Ports ####
- listen {
- type = "auth"
- ipaddr = *
- port = 0
- }
- listen {
- type = "acct"
- ipaddr = *
- port = 0
- }
- listen {
- type = "control"
- listen {
- socket = "/var/run/radiusd/radiusd.sock"
- }
- }
- listen {
- type = "auth"
- ipaddr = 127.0.0.1
- port = 18120
- }
- ... adding new socket proxy address * port 55446
- Listening on authentication address * port 1812
- Listening on accounting address * port 1813
- Listening on command file /var/run/radiusd/radiusd.sock
- Listening on authentication address 127.0.0.1 port 18120 as server inner-tunnel
- Listening on proxy address * port 1814
- Ready to process requests.
- rad_recv: Access-Request packet from host 93.170.1.245 port 31626, id=1, length=135
- User-Name = "d6:79:07:63:3a:52"
- NAS-Identifier = "bras_ya"
- NAS-IP-Address = 93.170.1.245
- NAS-Port = 151
- NAS-Port-Id = "ipoe0"
- NAS-Port-Type = Ethernet
- Calling-Station-Id = "d6:79:07:63:3a:52"
- Called-Station-Id = "eth5.11"
- User-Password = "d6:79:07:63:3a:52"
- # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
- +group authorize {
- ++[preprocess] = ok
- ++[chap] = noop
- ++[mschap] = noop
- ++[digest] = noop
- [suffix] No '@' in User-Name = "d6:79:07:63:3a:52", looking up realm NULL
- [suffix] No such realm "NULL"
- ++[suffix] = noop
- [eap] No EAP-Message, not doing EAP
- ++[eap] = noop
- ++[files] = noop
- rlm_sql (sql): Reserving sql socket id: 4
- [sql] expand: call radcheck('%{User-Name}') -> call radcheck('d6:79:07:63:3a:52')
- [sql] User found in radcheck table
- [sql] expand: call radreply('%{User-Name}') -> call radreply('d6:79:07:63:3a:52')
- rlm_sql (sql): Released sql socket id: 4
- ++[sql] = ok
- ++[expiration] = noop
- ++[logintime] = noop
- ++[pap] = updated
- +} # group authorize = updated
- Found Auth-Type = PAP
- # Executing group from file /usr/local/etc/raddb/sites-enabled/default
- +group PAP {
- [pap] login attempt with password "d6:79:07:63:3a:52"
- [pap] Using clear text password ""
- [pap] Passwords don't match
- ++[pap] = reject
- +} # group PAP = reject
- Failed to authenticate the user.
- Using Post-Auth-Type Reject
- # Executing group from file /usr/local/etc/raddb/sites-enabled/default
- +group REJECT {
- [eap] Request didn't contain an EAP-Message, not inserting EAP-Failure
- ++[eap] = noop
- [attr_filter.access_reject] expand: %{User-Name} -> d6:79:07:63:3a:52
- attr_filter: Matched entry DEFAULT at line 11
- ++[attr_filter.access_reject] = updated
- +} # group REJECT = updated
- Delaying reject of request 0 for 1 seconds
- Going to the next request
- Waking up in 0.9 seconds.
- Sending delayed reject for request 0
- Sending Access-Reject of id 1 to 93.170.1.245 port 31626
- Waking up in 4.9 seconds.
- rad_recv: Access-Request packet from host 93.170.1.245 port 51382, id=1, length=135
- User-Name = "d6:79:07:63:3a:52"
- NAS-Identifier = "bras_ya"
- NAS-IP-Address = 93.170.1.245
- NAS-Port = 152
- NAS-Port-Id = "ipoe0"
- NAS-Port-Type = Ethernet
- Calling-Station-Id = "d6:79:07:63:3a:52"
- Called-Station-Id = "eth5.11"
- User-Password = "d6:79:07:63:3a:52"
- # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
- +group authorize {
- ++[preprocess] = ok
- ++[chap] = noop
- ++[mschap] = noop
- ++[digest] = noop
- [suffix] No '@' in User-Name = "d6:79:07:63:3a:52", looking up realm NULL
- [suffix] No such realm "NULL"
- ++[suffix] = noop
- [eap] No EAP-Message, not doing EAP
- ++[eap] = noop
- ++[files] = noop
- rlm_sql (sql): Reserving sql socket id: 3
- [sql] expand: call radcheck('%{User-Name}') -> call radcheck('d6:79:07:63:3a:52')
- [sql] User found in radcheck table
- [sql] expand: call radreply('%{User-Name}') -> call radreply('d6:79:07:63:3a:52')
- rlm_sql (sql): Released sql socket id: 3
- ++[sql] = ok
- ++[expiration] = noop
- ++[logintime] = noop
- ++[pap] = updated
- +} # group authorize = updated
- Found Auth-Type = PAP
- # Executing group from file /usr/local/etc/raddb/sites-enabled/default
- +group PAP {
- [pap] login attempt with password "d6:79:07:63:3a:52"
- [pap] Using clear text password ""
- [pap] Passwords don't match
- ++[pap] = reject
- +} # group PAP = reject
- Failed to authenticate the user.
- Using Post-Auth-Type Reject
- # Executing group from file /usr/local/etc/raddb/sites-enabled/default
- +group REJECT {
- [eap] Request didn't contain an EAP-Message, not inserting EAP-Failure
- ++[eap] = noop
- [attr_filter.access_reject] expand: %{User-Name} -> d6:79:07:63:3a:52
- attr_filter: Matched entry DEFAULT at line 11
- ++[attr_filter.access_reject] = updated
- +} # group REJECT = updated
- Delaying reject of request 1 for 1 seconds
- Going to the next request
- Waking up in 0.9 seconds.
- Sending delayed reject for request 1
- Sending Access-Reject of id 1 to 93.170.1.245 port 51382
- Waking up in 1.9 seconds.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement