Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- FreeRADIUS Version 2.1.8, for host i486-pc-linux-gnu, built on Jan 5 2010 at 02:49:11
- Copyright © 1999-2009 The FreeRADIUS server project and contributors.
- There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
- PARTICULAR PURPOSE.
- You may redistribute copies of FreeRADIUS under the terms of the
- GNU General Public License v2.
- Starting - reading configuration files ...
- including configuration file /etc/freeradius/radiusd.conf
- including configuration file /etc/freeradius/proxy.conf
- including configuration file /etc/freeradius/clients.conf
- including files in directory /etc/freeradius/modules/
- including configuration file /etc/freeradius/modules/detail.log
- including configuration file /etc/freeradius/modules/expr
- including configuration file /etc/freeradius/modules/unix
- including configuration file /etc/freeradius/modules/wimax
- including configuration file /etc/freeradius/modules/attr_rewrite
- including configuration file /etc/freeradius/modules/mac2vlan
- including configuration file /etc/freeradius/modules/pam
- including configuration file /etc/freeradius/modules/files
- including configuration file /etc/freeradius/modules/preprocess
- including configuration file /etc/freeradius/modules/cui
- including configuration file /etc/freeradius/modules/radutmp
- including configuration file /etc/freeradius/modules/exec
- including configuration file /etc/freeradius/modules/krb5
- including configuration file /etc/freeradius/modules/sqlcounter_expire_on_login
- including configuration file /etc/freeradius/modules/inner-eap
- including configuration file /etc/freeradius/modules/attr_filter
- including configuration file /etc/freeradius/modules/otp
- including configuration file /etc/freeradius/modules/logintime
- including configuration file /etc/freeradius/modules/smbpasswd
- including configuration file /etc/freeradius/modules/counter
- including configuration file /etc/freeradius/modules/perl
- including configuration file /etc/freeradius/modules/realm
- including configuration file /etc/freeradius/modules/chap
- including configuration file /etc/freeradius/modules/digest
- including configuration file /etc/freeradius/modules/mac2ip
- including configuration file /etc/freeradius/modules/detail
- including configuration file /etc/freeradius/modules/echo
- including configuration file /etc/freeradius/modules/always
- including configuration file /etc/freeradius/modules/etc_group
- including configuration file /etc/freeradius/modules/ntlm_auth
- including configuration file /etc/freeradius/modules/policy
- including configuration file /etc/freeradius/modules/sql_log
- including configuration file /etc/freeradius/modules/acct_unique
- including configuration file /etc/freeradius/modules/passwd
- including configuration file /etc/freeradius/modules/sradutmp
- including configuration file /etc/freeradius/modules/checkval
- including configuration file /etc/freeradius/modules/linelog
- including configuration file /etc/freeradius/modules/ippool
- including configuration file /etc/freeradius/modules/smsotp
- including configuration file /etc/freeradius/modules/expiration
- including configuration file /etc/freeradius/modules/mschap
- including configuration file /etc/freeradius/modules/pap
- including configuration file /etc/freeradius/modules/detail.example.com
- including configuration file /etc/freeradius/modules/ldap
- including configuration file /etc/freeradius/eap.conf
- including configuration file /etc/freeradius/policy.conf
- including files in directory /etc/freeradius/sites-enabled/
- including configuration file /etc/freeradius/sites-enabled/inner-tunnel
- including configuration file /etc/freeradius/sites-enabled/default
- main {
- user = "freerad"
- group = "freerad"
- allow_core_dumps = no
- }
- including dictionary file /etc/freeradius/dictionary
- main {
- prefix = "/usr"
- localstatedir = "/var"
- logdir = "/var/log/freeradius"
- libdir = "/usr/lib/freeradius"
- radacctdir = "/var/log/freeradius/radacct"
- hostname_lookups = no
- max_request_time = 30
- cleanup_delay = 5
- max_requests = 1024
- pidfile = "/var/run/freeradius/freeradius.pid"
- checkrad = "/usr/sbin/checkrad"
- debug_level = 0
- proxy_requests = yes
- log {
- stripped_names = no
- auth = no
- auth_badpass = no
- auth_goodpass = no
- }
- security {
- max_attributes = 200
- reject_delay = 1
- status_server = yes
- }
- }
- radiusd: #### Loading Realms and Home Servers ####
- proxy server {
- retry_delay = 5
- retry_count = 3
- default_fallback = no
- dead_time = 120
- wake_all_if_all_dead = no
- }
- home_server localhost {
- ipaddr = 127.0.0.1
- port = 1812
- type = "auth"
- secret = "testing123"
- response_window = 20
- max_outstanding = 65536
- require_message_authenticator = no
- zombie_period = 40
- status_check = "status-server"
- ping_interval = 30
- check_interval = 30
- num_answers_to_alive = 3
- num_pings_to_alive = 3
- revive_interval = 120
- status_check_timeout = 4
- irt = 2
- mrt = 16
- mrc = 5
- mrd = 30
- }
- home_server_pool my_auth_failover {
- type = fail-over
- home_server = localhost
- }
- realm example.com {
- auth_pool = my_auth_failover
- }
- realm LOCAL {
- }
- radiusd: #### Loading Clients ####
- client localhost {
- ipaddr = 127.0.0.1
- require_message_authenticator = no
- secret = "radsecret"
- shortname = "shortname"
- }
- radiusd: #### Instantiating modules ####
- instantiate {
- Module: Linked to module rlm_exec
- Module: Instantiating exec
- exec {
- wait = yes
- input_pairs = "request"
- output_pairs = "reply"
- shell_escape = yes
- }
- Module: Linked to module rlm_expr
- Module: Instantiating expr
- Module: Linked to module rlm_expiration
- Module: Instantiating expiration
- expiration {
- reply-message = "Password Has Expired "
- }
- Module: Linked to module rlm_logintime
- Module: Instantiating logintime
- logintime {
- reply-message = "You are calling outside your allowed timespan "
- minimum-timeout = 60
- }
- }
- radiusd: #### Loading Virtual Servers ####
- server inner-tunnel {
- modules {
- Module: Checking authenticate {...} for more modules to load
- Module: Linked to module rlm_pap
- Module: Instantiating pap
- pap {
- encryption_scheme = "auto"
- auto_header = no
- }
- Module: Linked to module rlm_chap
- Module: Instantiating chap
- Module: Linked to module rlm_mschap
- Module: Instantiating mschap
- mschap {
- use_mppe = yes
- require_encryption = no
- require_strong = no
- with_ntdomain_hack = no
- }
- Module: Linked to module rlm_unix
- Module: Instantiating unix
- unix {
- radwtmp = "/var/log/freeradius/radwtmp"
- }
- Module: Linked to module rlm_eap
- Module: Instantiating eap
- eap {
- default_eap_type = "md5"
- timer_expire = 60
- ignore_unknown_eap_types = no
- cisco_accounting_username_bug = no
- max_sessions = 4096
- }
- Module: Linked to sub-module rlm_eap_md5
- Module: Instantiating eap-md5
- Module: Linked to sub-module rlm_eap_leap
- Module: Instantiating eap-leap
- Module: Linked to sub-module rlm_eap_gtc
- Module: Instantiating eap-gtc
- gtc {
- challenge = "Password: "
- auth_type = "PAP"
- }
- Module: Linked to sub-module rlm_eap_tls
- Module: Instantiating eap-tls
- tls {
- rsa_key_exchange = no
- dh_key_exchange = yes
- rsa_key_length = 512
- dh_key_length = 512
- verify_depth = 0
- pem_file_type = yes
- private_key_file = "/etc/freeradius/certs/server.key"
- certificate_file = "/etc/freeradius/certs/server.pem"
- CA_file = "/etc/freeradius/certs/ca.pem"
- private_key_password = "whatever"
- dh_file = "/etc/freeradius/certs/dh"
- random_file = "/etc/freeradius/certs/random"
- fragment_size = 1024
- include_length = yes
- check_crl = no
- cipher_list = "DEFAULT"
- make_cert_command = "/etc/freeradius/certs/bootstrap"
- cache {
- enable = no
- lifetime = 24
- max_entries = 255
- }
- }
- Module: Linked to sub-module rlm_eap_ttls
- Module: Instantiating eap-ttls
- ttls {
- default_eap_type = "md5"
- copy_request_to_tunnel = no
- use_tunneled_reply = no
- virtual_server = "inner-tunnel"
- include_length = yes
- }
- Module: Linked to sub-module rlm_eap_peap
- Module: Instantiating eap-peap
- peap {
- default_eap_type = "mschapv2"
- copy_request_to_tunnel = no
- use_tunneled_reply = no
- proxy_tunneled_request_as_eap = yes
- virtual_server = "inner-tunnel"
- }
- Module: Linked to sub-module rlm_eap_mschapv2
- Module: Instantiating eap-mschapv2
- mschapv2 {
- with_ntdomain_hack = no
- }
- Module: Checking authorize {...} for more modules to load
- Module: Linked to module rlm_realm
- Module: Instantiating suffix
- realm suffix {
- format = "suffix"
- delimiter = "@"
- ignore_default = no
- ignore_null = no
- }
- Module: Linked to module rlm_files
- Module: Instantiating files
- files {
- usersfile = "/etc/freeradius/users"
- acctusersfile = "/etc/freeradius/acct_users"
- preproxy_usersfile = "/etc/freeradius/preproxy_users"
- compat = "no"
- }
- Module: Checking session {...} for more modules to load
- Module: Linked to module rlm_radutmp
- Module: Instantiating radutmp
- radutmp {
- filename = "/var/log/freeradius/radutmp"
- username = "%{User-Name}"
- case_sensitive = yes
- check_with_nas = yes
- perm = 384
- callerid = yes
- }
- Module: Checking post-proxy {...} for more modules to load
- Module: Checking post-auth {...} for more modules to load
- Module: Linked to module rlm_attr_filter
- Module: Instantiating attr_filter.access_reject
- attr_filter attr_filter.access_reject {
- attrsfile = "/etc/freeradius/attrs.access_reject"
- key = "%{User-Name}"
- }
- } # modules
- } # server
- server {
- modules {
- Module: Checking authenticate {...} for more modules to load
- Module: Checking authorize {...} for more modules to load
- Module: Linked to module rlm_preprocess
- Module: Instantiating preprocess
- preprocess {
- huntgroups = "/etc/freeradius/huntgroups"
- hints = "/etc/freeradius/hints"
- with_ascend_hack = no
- ascend_channels_per_line = 23
- with_ntdomain_hack = no
- with_specialix_jetstream_hack = no
- with_cisco_vsa_hack = no
- with_alvarion_vsa_hack = no
- }
- Module: Instantiating abills_preauth
- exec abills_preauth {
- wait = yes
- program = "/usr/abills/libexec/rauth.pl pre_auth"
- input_pairs = "request"
- output_pairs = "config"
- shell_escape = yes
- }
- Module: Instantiating abills_auth
- exec abills_auth {
- wait = yes
- program = "/usr/abills/libexec/rauth.pl"
- input_pairs = "request"
- output_pairs = "reply"
- shell_escape = yes
- }
- Module: Checking preacct {...} for more modules to load
- Module: Instantiating abills_acc
- exec abills_acc {
- wait = yes
- program = "/usr/abills/libexec/racct.pl"
- input_pairs = "request"
- output_pairs = "reply"
- shell_escape = yes
- }
- Module: Checking session {...} for more modules to load
- Module: Checking post-proxy {...} for more modules to load
- Module: Checking post-auth {...} for more modules to load
- Module: Instantiating abills_postauth
- exec abills_postauth {
- wait = yes
- program = "/usr/abills/libexec/rauth.pl post_auth"
- input_pairs = "request"
- output_pairs = "config"
- shell_escape = yes
- }
- } # modules
- } # server
- radiusd: #### Opening IP addresses and Ports ####
- listen {
- type = "auth"
- ipaddr = *
- port = 0
- }
- listen {
- type = "acct"
- ipaddr = *
- port = 0
- }
- Listening on authentication address * port 1812
- Listening on accounting address * port 1813
- Listening on proxy address * port 1814
- Ready to process requests.
- rad_recv: Access-Request packet from host 127.0.0.1 port 57777, id=135, length=66
- Service-Type = Framed-User
- Framed-Protocol = PPP
- User-Name = "nikita"
- Calling-Station-Id = "192.168.4.16"
- NAS-IP-Address = 192.168.4.29
- NAS-Port = 0
- +- entering group authorize {...}
- ++[preprocess] returns ok
- Exec-Program output: Auth-Type := Accept
- Exec-Program-Wait: value-pairs: Auth-Type := Accept
- Exec-Program: returned: 0
- ++[abills_preauth] returns ok
- ++[mschap] returns noop
- [files] users: Matched entry DEFAULT at line 172
- ++[files] returns ok
- Exec-Program output: Reply-Message = "Unknow server '192.168.4.29'"
- Exec-Program-Wait: value-pairs: Reply-Message = "Unknow server '192.168.4.29'"
- Exec-Program: returned: 1
- ++[abills_auth] returns reject
- Using Post-Auth-Type Reject
- +- entering group REJECT {...}
- Exec-Program output:
- Exec-Program: returned: 0
- ++[abills_postauth] returns ok
- Delaying reject of request 0 for 1 seconds
- Going to the next request
- Waking up in 0.4 seconds.
- Sending delayed reject for request 0
- Sending Access-Reject of id 135 to 127.0.0.1 port 57777
- Framed-Protocol = PPP
- Framed-Compression = Van-Jacobson-TCP-IP
- Reply-Message = "Unknow server '192.168.4.29'"
- Waking up in 4.9 seconds.
- Cleaning up request 0 ID 135 with timestamp +6
- Ready to process requests.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement