FreeRADIUS Version 2.1.8, for host i486-pc-linux-gnu, built on Jan 5 2010 at 02

1. FreeRADIUS Version 2.1.8, for host i486-pc-linux-gnu, built on Jan 5 2010 at 02:49:11
2. Copyright © 1999-2009 The FreeRADIUS server project and contributors.
3. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
4. PARTICULAR PURPOSE.
5. You may redistribute copies of FreeRADIUS under the terms of the
6. GNU General Public License v2.
7. Starting - reading configuration files ...
8. including configuration file /etc/freeradius/radiusd.conf
9. including configuration file /etc/freeradius/proxy.conf
10. including configuration file /etc/freeradius/clients.conf
11. including files in directory /etc/freeradius/modules/
12. including configuration file /etc/freeradius/modules/detail.log
13. including configuration file /etc/freeradius/modules/expr
14. including configuration file /etc/freeradius/modules/unix
15. including configuration file /etc/freeradius/modules/wimax
16. including configuration file /etc/freeradius/modules/attr_rewrite
17. including configuration file /etc/freeradius/modules/mac2vlan
18. including configuration file /etc/freeradius/modules/pam
19. including configuration file /etc/freeradius/modules/files
20. including configuration file /etc/freeradius/modules/preprocess
21. including configuration file /etc/freeradius/modules/cui
22. including configuration file /etc/freeradius/modules/radutmp
23. including configuration file /etc/freeradius/modules/exec
24. including configuration file /etc/freeradius/modules/krb5
25. including configuration file /etc/freeradius/modules/sqlcounter_expire_on_login
26. including configuration file /etc/freeradius/modules/inner-eap
27. including configuration file /etc/freeradius/modules/attr_filter
28. including configuration file /etc/freeradius/modules/otp
29. including configuration file /etc/freeradius/modules/logintime
30. including configuration file /etc/freeradius/modules/smbpasswd
31. including configuration file /etc/freeradius/modules/counter
32. including configuration file /etc/freeradius/modules/perl
33. including configuration file /etc/freeradius/modules/realm
34. including configuration file /etc/freeradius/modules/chap
35. including configuration file /etc/freeradius/modules/digest
36. including configuration file /etc/freeradius/modules/mac2ip
37. including configuration file /etc/freeradius/modules/detail
38. including configuration file /etc/freeradius/modules/echo
39. including configuration file /etc/freeradius/modules/always
40. including configuration file /etc/freeradius/modules/etc_group
41. including configuration file /etc/freeradius/modules/ntlm_auth
42. including configuration file /etc/freeradius/modules/policy
43. including configuration file /etc/freeradius/modules/sql_log
44. including configuration file /etc/freeradius/modules/acct_unique
45. including configuration file /etc/freeradius/modules/passwd
46. including configuration file /etc/freeradius/modules/sradutmp
47. including configuration file /etc/freeradius/modules/checkval
48. including configuration file /etc/freeradius/modules/linelog
49. including configuration file /etc/freeradius/modules/ippool
50. including configuration file /etc/freeradius/modules/smsotp
51. including configuration file /etc/freeradius/modules/expiration
52. including configuration file /etc/freeradius/modules/mschap
53. including configuration file /etc/freeradius/modules/pap
54. including configuration file /etc/freeradius/modules/detail.example.com
55. including configuration file /etc/freeradius/modules/ldap
56. including configuration file /etc/freeradius/eap.conf
57. including configuration file /etc/freeradius/policy.conf
58. including files in directory /etc/freeradius/sites-enabled/
59. including configuration file /etc/freeradius/sites-enabled/inner-tunnel
60. including configuration file /etc/freeradius/sites-enabled/default
61. main {
62. user = "freerad"
63. group = "freerad"
64. allow_core_dumps = no
65. }
66. including dictionary file /etc/freeradius/dictionary
67. main {
68. prefix = "/usr"
69. localstatedir = "/var"
70. logdir = "/var/log/freeradius"
71. libdir = "/usr/lib/freeradius"
72. radacctdir = "/var/log/freeradius/radacct"
73. hostname_lookups = no
74. max_request_time = 30
75. cleanup_delay = 5
76. max_requests = 1024
77. pidfile = "/var/run/freeradius/freeradius.pid"
78. checkrad = "/usr/sbin/checkrad"
79. debug_level = 0
80. proxy_requests = yes
81. log {
82. stripped_names = no
83. auth = no
84. auth_badpass = no
85. auth_goodpass = no
86. }
87. security {
88. max_attributes = 200
89. reject_delay = 1
90. status_server = yes
91. }
92. }
93. radiusd: #### Loading Realms and Home Servers ####
94. proxy server {
95. retry_delay = 5
96. retry_count = 3
97. default_fallback = no
98. dead_time = 120
99. wake_all_if_all_dead = no
100. }
101. home_server localhost {
102. ipaddr = 127.0.0.1
103. port = 1812
104. type = "auth"
105. secret = "testing123"
106. response_window = 20
107. max_outstanding = 65536
108. require_message_authenticator = no
109. zombie_period = 40
110. status_check = "status-server"
111. ping_interval = 30
112. check_interval = 30
113. num_answers_to_alive = 3
114. num_pings_to_alive = 3
115. revive_interval = 120
116. status_check_timeout = 4
117. irt = 2
118. mrt = 16
119. mrc = 5
120. mrd = 30
121. }
122. home_server_pool my_auth_failover {
123. type = fail-over
124. home_server = localhost
125. }
126. realm example.com {
127. auth_pool = my_auth_failover
128. }
129. realm LOCAL {
130. }
131. radiusd: #### Loading Clients ####
132. client localhost {
133. ipaddr = 127.0.0.1
134. require_message_authenticator = no
135. secret = "radsecret"
136. shortname = "shortname"
137. }
138. radiusd: #### Instantiating modules ####
139. instantiate {
140. Module: Linked to module rlm_exec
141. Module: Instantiating exec
142. exec {
143. wait = yes
144. input_pairs = "request"
145. output_pairs = "reply"
146. shell_escape = yes
147. }
148. Module: Linked to module rlm_expr
149. Module: Instantiating expr
150. Module: Linked to module rlm_expiration
151. Module: Instantiating expiration
152. expiration {
153. reply-message = "Password Has Expired "
154. }
155. Module: Linked to module rlm_logintime
156. Module: Instantiating logintime
157. logintime {
158. reply-message = "You are calling outside your allowed timespan "
159. minimum-timeout = 60
160. }
161. }
162. radiusd: #### Loading Virtual Servers ####
163. server inner-tunnel {
164. modules {
165. Module: Checking authenticate {...} for more modules to load
166. Module: Linked to module rlm_pap
167. Module: Instantiating pap
168. pap {
169. encryption_scheme = "auto"
170. auto_header = no
171. }
172. Module: Linked to module rlm_chap
173. Module: Instantiating chap
174. Module: Linked to module rlm_mschap
175. Module: Instantiating mschap
176. mschap {
177. use_mppe = yes
178. require_encryption = no
179. require_strong = no
180. with_ntdomain_hack = no
181. }
182. Module: Linked to module rlm_unix
183. Module: Instantiating unix
184. unix {
185. radwtmp = "/var/log/freeradius/radwtmp"
186. }
187. Module: Linked to module rlm_eap
188. Module: Instantiating eap
189. eap {
190. default_eap_type = "md5"
191. timer_expire = 60
192. ignore_unknown_eap_types = no
193. cisco_accounting_username_bug = no
194. max_sessions = 4096
195. }
196. Module: Linked to sub-module rlm_eap_md5
197. Module: Instantiating eap-md5
198. Module: Linked to sub-module rlm_eap_leap
199. Module: Instantiating eap-leap
200. Module: Linked to sub-module rlm_eap_gtc
201. Module: Instantiating eap-gtc
202. gtc {
203. challenge = "Password: "
204. auth_type = "PAP"
205. }
206. Module: Linked to sub-module rlm_eap_tls
207. Module: Instantiating eap-tls
208. tls {
209. rsa_key_exchange = no
210. dh_key_exchange = yes
211. rsa_key_length = 512
212. dh_key_length = 512
213. verify_depth = 0
214. pem_file_type = yes
215. private_key_file = "/etc/freeradius/certs/server.key"
216. certificate_file = "/etc/freeradius/certs/server.pem"
217. CA_file = "/etc/freeradius/certs/ca.pem"
218. private_key_password = "whatever"
219. dh_file = "/etc/freeradius/certs/dh"
220. random_file = "/etc/freeradius/certs/random"
221. fragment_size = 1024
222. include_length = yes
223. check_crl = no
224. cipher_list = "DEFAULT"
225. make_cert_command = "/etc/freeradius/certs/bootstrap"
226. cache {
227. enable = no
228. lifetime = 24
229. max_entries = 255
230. }
231. }
232. Module: Linked to sub-module rlm_eap_ttls
233. Module: Instantiating eap-ttls
234. ttls {
235. default_eap_type = "md5"
236. copy_request_to_tunnel = no
237. use_tunneled_reply = no
238. virtual_server = "inner-tunnel"
239. include_length = yes
240. }
241. Module: Linked to sub-module rlm_eap_peap
242. Module: Instantiating eap-peap
243. peap {
244. default_eap_type = "mschapv2"
245. copy_request_to_tunnel = no
246. use_tunneled_reply = no
247. proxy_tunneled_request_as_eap = yes
248. virtual_server = "inner-tunnel"
249. }
250. Module: Linked to sub-module rlm_eap_mschapv2
251. Module: Instantiating eap-mschapv2
252. mschapv2 {
253. with_ntdomain_hack = no
254. }
255. Module: Checking authorize {...} for more modules to load
256. Module: Linked to module rlm_realm
257. Module: Instantiating suffix
258. realm suffix {
259. format = "suffix"
260. delimiter = "@"
261. ignore_default = no
262. ignore_null = no
263. }
264. Module: Linked to module rlm_files
265. Module: Instantiating files
266. files {
267. usersfile = "/etc/freeradius/users"
268. acctusersfile = "/etc/freeradius/acct_users"
269. preproxy_usersfile = "/etc/freeradius/preproxy_users"
270. compat = "no"
271. }
272. Module: Checking session {...} for more modules to load
273. Module: Linked to module rlm_radutmp
274. Module: Instantiating radutmp
275. radutmp {
276. filename = "/var/log/freeradius/radutmp"
277. username = "%{User-Name}"
278. case_sensitive = yes
279. check_with_nas = yes
280. perm = 384
281. callerid = yes
282. }
283. Module: Checking post-proxy {...} for more modules to load
284. Module: Checking post-auth {...} for more modules to load
285. Module: Linked to module rlm_attr_filter
286. Module: Instantiating attr_filter.access_reject
287. attr_filter attr_filter.access_reject {
288. attrsfile = "/etc/freeradius/attrs.access_reject"
289. key = "%{User-Name}"
290. }
291. } # modules
292. } # server
293. server {
294. modules {
295. Module: Checking authenticate {...} for more modules to load
296. Module: Checking authorize {...} for more modules to load
297. Module: Linked to module rlm_preprocess
298. Module: Instantiating preprocess
299. preprocess {
300. huntgroups = "/etc/freeradius/huntgroups"
301. hints = "/etc/freeradius/hints"
302. with_ascend_hack = no
303. ascend_channels_per_line = 23
304. with_ntdomain_hack = no
305. with_specialix_jetstream_hack = no
306. with_cisco_vsa_hack = no
307. with_alvarion_vsa_hack = no
308. }
309. Module: Instantiating abills_preauth
310. exec abills_preauth {
311. wait = yes
312. program = "/usr/abills/libexec/rauth.pl pre_auth"
313. input_pairs = "request"
314. output_pairs = "config"
315. shell_escape = yes
316. }
317. Module: Instantiating abills_auth
318. exec abills_auth {
319. wait = yes
320. program = "/usr/abills/libexec/rauth.pl"
321. input_pairs = "request"
322. output_pairs = "reply"
323. shell_escape = yes
324. }
325. Module: Checking preacct {...} for more modules to load
326. Module: Instantiating abills_acc
327. exec abills_acc {
328. wait = yes
329. program = "/usr/abills/libexec/racct.pl"
330. input_pairs = "request"
331. output_pairs = "reply"
332. shell_escape = yes
333. }
334. Module: Checking session {...} for more modules to load
335. Module: Checking post-proxy {...} for more modules to load
336. Module: Checking post-auth {...} for more modules to load
337. Module: Instantiating abills_postauth
338. exec abills_postauth {
339. wait = yes
340. program = "/usr/abills/libexec/rauth.pl post_auth"
341. input_pairs = "request"
342. output_pairs = "config"
343. shell_escape = yes
344. }
345. } # modules
346. } # server
347. radiusd: #### Opening IP addresses and Ports ####
348. listen {
349. type = "auth"
350. ipaddr = *
351. port = 0
352. }
353. listen {
354. type = "acct"
355. ipaddr = *
356. port = 0
357. }
358. Listening on authentication address * port 1812
359. Listening on accounting address * port 1813
360. Listening on proxy address * port 1814
361. Ready to process requests.
362. rad_recv: Access-Request packet from host 127.0.0.1 port 57777, id=135, length=66
363. Service-Type = Framed-User
364. Framed-Protocol = PPP
365. User-Name = "nikita"
366. Calling-Station-Id = "192.168.4.16"
367. NAS-IP-Address = 192.168.4.29
368. NAS-Port = 0
369. +- entering group authorize {...}
370. ++[preprocess] returns ok
371. Exec-Program output: Auth-Type := Accept
372. Exec-Program-Wait: value-pairs: Auth-Type := Accept
373. Exec-Program: returned: 0
374. ++[abills_preauth] returns ok
375. ++[mschap] returns noop
376. [files] users: Matched entry DEFAULT at line 172
377. ++[files] returns ok
378. Exec-Program output: Reply-Message = "Unknow server '192.168.4.29'"
379. Exec-Program-Wait: value-pairs: Reply-Message = "Unknow server '192.168.4.29'"
380. Exec-Program: returned: 1
381. ++[abills_auth] returns reject
382. Using Post-Auth-Type Reject
383. +- entering group REJECT {...}
384. Exec-Program output:
385. Exec-Program: returned: 0
386. ++[abills_postauth] returns ok
387. Delaying reject of request 0 for 1 seconds
388. Going to the next request
389. Waking up in 0.4 seconds.
390. Sending delayed reject for request 0
391. Sending Access-Reject of id 135 to 127.0.0.1 port 57777
392. Framed-Protocol = PPP
393. Framed-Compression = Van-Jacobson-TCP-IP
394. Reply-Message = "Unknow server '192.168.4.29'"
395. Waking up in 4.9 seconds.
396. Cleaning up request 0 ID 135 with timestamp +6
397. Ready to process requests.