API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Nov 25th, 2016
118
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 27.90 KB | None | 0 0
raw download clone embed print report
  1. FreeRADIUS Version 3.0.13
  2. Copyright (C) 1999-2016 The FreeRADIUS server project and contributors
  3. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
  4. PARTICULAR PURPOSE
  5. You may redistribute copies of FreeRADIUS under the terms of the
  6. GNU General Public License
  7. For more information about these matters, see the file named COPYRIGHT
  8. Starting - reading configuration files ...
  9. including dictionary file /usr/share/freeradius/dictionary
  10. including dictionary file /usr/share/freeradius/dictionary.dhcp
  11. including dictionary file /usr/share/freeradius/dictionary.vqp
  12. including dictionary file /etc/freeradius/dictionary
  13. including configuration file /etc/freeradius/radiusd.conf
  14. including configuration file /etc/freeradius/proxy.conf
  15. including configuration file /etc/freeradius/clients.conf
  16. including files in directory /etc/freeradius/mods-enabled/
  17. including configuration file /etc/freeradius/mods-enabled/replicate
  18. including configuration file /etc/freeradius/mods-enabled/pap
  19. including configuration file /etc/freeradius/mods-enabled/mschap
  20. including configuration file /etc/freeradius/mods-enabled/soh
  21. including configuration file /etc/freeradius/mods-enabled/dynamic_clients
  22. including configuration file /etc/freeradius/mods-enabled/unpack
  23. including configuration file /etc/freeradius/mods-enabled/preprocess
  24. including configuration file /etc/freeradius/mods-enabled/exec
  25. including configuration file /etc/freeradius/mods-enabled/expr
  26. including configuration file /etc/freeradius/mods-enabled/ntlm_auth
  27. including configuration file /etc/freeradius/mods-enabled/digest
  28. including configuration file /etc/freeradius/mods-enabled/realm
  29. including configuration file /etc/freeradius/mods-enabled/detail
  30. including configuration file /etc/freeradius/mods-enabled/logintime
  31. including configuration file /etc/freeradius/mods-enabled/utf8
  32. including configuration file /etc/freeradius/mods-enabled/files
  33. including configuration file /etc/freeradius/mods-enabled/always
  34. including configuration file /etc/freeradius/mods-enabled/unix
  35. including configuration file /etc/freeradius/mods-enabled/date
  36. including configuration file /etc/freeradius/mods-enabled/expiration
  37. including configuration file /etc/freeradius/mods-enabled/passwd
  38. including configuration file /etc/freeradius/mods-enabled/attr_filter
  39. including configuration file /etc/freeradius/mods-enabled/chap
  40. including configuration file /etc/freeradius/mods-enabled/sradutmp
  41. including configuration file /etc/freeradius/mods-enabled/eap
  42. including configuration file /etc/freeradius/mods-enabled/cache_eap
  43. including configuration file /etc/freeradius/mods-enabled/detail.log
  44. including configuration file /etc/freeradius/mods-enabled/radutmp
  45. including configuration file /etc/freeradius/mods-enabled/echo
  46. including configuration file /etc/freeradius/mods-enabled/linelog
  47. including files in directory /etc/freeradius/policy.d/
  48. including configuration file /etc/freeradius/policy.d/debug
  49. including configuration file /etc/freeradius/policy.d/accounting
  50. including configuration file /etc/freeradius/policy.d/moonshot-targeted-ids
  51. including configuration file /etc/freeradius/policy.d/dhcp
  52. including configuration file /etc/freeradius/policy.d/canonicalization
  53. including configuration file /etc/freeradius/policy.d/abfab-tr
  54. including configuration file /etc/freeradius/policy.d/control
  55. including configuration file /etc/freeradius/policy.d/operator-name
  56. including configuration file /etc/freeradius/policy.d/eap
  57. including configuration file /etc/freeradius/policy.d/filter
  58. including configuration file /etc/freeradius/policy.d/cui
  59. including files in directory /etc/freeradius/sites-enabled/
  60. including configuration file /etc/freeradius/sites-enabled/inner-tunnel
  61. including configuration file /etc/freeradius/sites-enabled/default
  62. main {
  63. security {
  64. user = "freerad"
  65. group = "freerad"
  66. allow_core_dumps = no
  67. }
  68. name = "freeradius"
  69. prefix = "/usr"
  70. localstatedir = "/var"
  71. logdir = "/var/log/freeradius"
  72. run_dir = "/var/run/freeradius"
  73. }
  74. main {
  75. name = "freeradius"
  76. prefix = "/usr"
  77. localstatedir = "/var"
  78. sbindir = "/usr/sbin"
  79. logdir = "/var/log/freeradius"
  80. run_dir = "/var/run/freeradius"
  81. libdir = "/usr/lib/freeradius"
  82. radacctdir = "/var/log/freeradius/radacct"
  83. hostname_lookups = no
  84. max_request_time = 30
  85. cleanup_delay = 5
  86. max_requests = 16384
  87. pidfile = "/var/run/freeradius/freeradius.pid"
  88. checkrad = "/usr/sbin/checkrad"
  89. debug_level = 0
  90. proxy_requests = yes
  91. log {
  92. stripped_names = no
  93. auth = no
  94. auth_badpass = no
  95. auth_goodpass = no
  96. colourise = yes
  97. msg_denied = "You are already logged in - access denied"
  98. }
  99. resources {
  100. }
  101. security {
  102. max_attributes = 200
  103. reject_delay = 1.000000
  104. status_server = yes
  105. }
  106. }
  107. radiusd: #### Loading Realms and Home Servers ####
  108. proxy server {
  109. retry_delay = 5
  110. retry_count = 3
  111. default_fallback = no
  112. dead_time = 120
  113. wake_all_if_all_dead = no
  114. }
  115. home_server localhost {
  116. ipaddr = 127.0.0.1
  117. port = 1812
  118. type = "auth"
  119. secret = <<< secret >>>
  120. response_window = 20.000000
  121. response_timeouts = 1
  122. max_outstanding = 65536
  123. zombie_period = 40
  124. status_check = "status-server"
  125. ping_interval = 30
  126. check_interval = 30
  127. check_timeout = 4
  128. num_answers_to_alive = 3
  129. revive_interval = 120
  130. limit {
  131. max_connections = 16
  132. max_requests = 0
  133. lifetime = 0
  134. idle_timeout = 0
  135. }
  136. coa {
  137. irt = 2
  138. mrt = 16
  139. mrc = 5
  140. mrd = 30
  141. }
  142. }
  143. home_server_pool my_auth_failover {
  144. type = fail-over
  145. home_server = localhost
  146. }
  147. realm example.com {
  148. auth_pool = my_auth_failover
  149. }
  150. realm LOCAL {
  151. }
  152. radiusd: #### Loading Clients ####
  153. client localhost {
  154. ipaddr = 127.0.0.1
  155. require_message_authenticator = no
  156. secret = <<< secret >>>
  157. nas_type = "other"
  158. proto = "*"
  159. limit {
  160. max_connections = 16
  161. lifetime = 0
  162. idle_timeout = 30
  163. }
  164. }
  165. client localhost_ipv6 {
  166. ipv6addr = ::1
  167. require_message_authenticator = no
  168. secret = <<< secret >>>
  169. limit {
  170. max_connections = 16
  171. lifetime = 0
  172. idle_timeout = 30
  173. }
  174. }
  175. client ap29 {
  176. ipaddr = 10.0.0.29/32
  177. require_message_authenticator = no
  178. secret = <<< secret >>>
  179. limit {
  180. max_connections = 16
  181. lifetime = 0
  182. idle_timeout = 30
  183. }
  184. }
  185. Debugger not attached
  186. # Creating Auth-Type = mschap
  187. # Creating Auth-Type = eap
  188. # Creating Auth-Type = PAP
  189. # Creating Auth-Type = CHAP
  190. # Creating Auth-Type = MS-CHAP
  191. # Creating Auth-Type = digest
  192. radiusd: #### Instantiating modules ####
  193. modules {
  194. # Loaded module rlm_replicate
  195. # Loading module "replicate" from file /etc/freeradius/mods-enabled/replicate
  196. # Loaded module rlm_pap
  197. # Loading module "pap" from file /etc/freeradius/mods-enabled/pap
  198. pap {
  199. normalise = yes
  200. }
  201. # Loaded module rlm_mschap
  202. # Loading module "mschap" from file /etc/freeradius/mods-enabled/mschap
  203. mschap {
  204. use_mppe = yes
  205. require_encryption = no
  206. require_strong = no
  207. with_ntdomain_hack = yes
  208. passchange {
  209. }
  210. allow_retry = yes
  211. }
  212. # Loaded module rlm_soh
  213. # Loading module "soh" from file /etc/freeradius/mods-enabled/soh
  214. soh {
  215. dhcp = yes
  216. }
  217. # Loaded module rlm_dynamic_clients
  218. # Loading module "dynamic_clients" from file /etc/freeradius/mods-enabled/dynamic_clients
  219. # Loaded module rlm_unpack
  220. # Loading module "unpack" from file /etc/freeradius/mods-enabled/unpack
  221. # Loaded module rlm_preprocess
  222. # Loading module "preprocess" from file /etc/freeradius/mods-enabled/preprocess
  223. preprocess {
  224. huntgroups = "/etc/freeradius/mods-config/preprocess/huntgroups"
  225. hints = "/etc/freeradius/mods-config/preprocess/hints"
  226. with_ascend_hack = no
  227. ascend_channels_per_line = 23
  228. with_ntdomain_hack = no
  229. with_specialix_jetstream_hack = no
  230. with_cisco_vsa_hack = no
  231. with_alvarion_vsa_hack = no
  232. }
  233. # Loaded module rlm_exec
  234. # Loading module "exec" from file /etc/freeradius/mods-enabled/exec
  235. exec {
  236. wait = no
  237. input_pairs = "request"
  238. shell_escape = yes
  239. timeout = 10
  240. }
  241. # Loaded module rlm_expr
  242. # Loading module "expr" from file /etc/freeradius/mods-enabled/expr
  243. expr {
  244. safe_characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /äéöüàâæçèéêëîïôœùûüaÿÄÉÖÜßÀÂÆÇÈÉÊËÎÏÔŒÙÛÜŸ"
  245. }
  246. # Loading module "ntlm_auth" from file /etc/freeradius/mods-enabled/ntlm_auth
  247. exec ntlm_auth {
  248. wait = yes
  249. program = "/path/to/ntlm_auth --request-nt-key --domain=MYDOMAIN --username=%{mschap:User-Name} --password=%{User-Password}"
  250. shell_escape = yes
  251. }
  252. # Loaded module rlm_digest
  253. # Loading module "digest" from file /etc/freeradius/mods-enabled/digest
  254. # Loaded module rlm_realm
  255. # Loading module "IPASS" from file /etc/freeradius/mods-enabled/realm
  256. realm IPASS {
  257. format = "prefix"
  258. delimiter = "/"
  259. ignore_default = no
  260. ignore_null = no
  261. }
  262. # Loading module "suffix" from file /etc/freeradius/mods-enabled/realm
  263. realm suffix {
  264. format = "suffix"
  265. delimiter = "@"
  266. ignore_default = no
  267. ignore_null = no
  268. }
  269. # Loading module "realmpercent" from file /etc/freeradius/mods-enabled/realm
  270. realm realmpercent {
  271. format = "suffix"
  272. delimiter = "%"
  273. ignore_default = no
  274. ignore_null = no
  275. }
  276. # Loading module "ntdomain" from file /etc/freeradius/mods-enabled/realm
  277. realm ntdomain {
  278. format = "prefix"
  279. delimiter = "\\"
  280. ignore_default = no
  281. ignore_null = no
  282. }
  283. # Loaded module rlm_detail
  284. # Loading module "detail" from file /etc/freeradius/mods-enabled/detail
  285. detail {
  286. filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d"
  287. header = "%t"
  288. permissions = 384
  289. locking = no
  290. escape_filenames = no
  291. log_packet_header = no
  292. }
  293. # Loaded module rlm_logintime
  294. # Loading module "logintime" from file /etc/freeradius/mods-enabled/logintime
  295. logintime {
  296. minimum_timeout = 60
  297. }
  298. # Loaded module rlm_utf8
  299. # Loading module "utf8" from file /etc/freeradius/mods-enabled/utf8
  300. # Loaded module rlm_files
  301. # Loading module "files" from file /etc/freeradius/mods-enabled/files
  302. files {
  303. filename = "/etc/freeradius/mods-config/files/authorize"
  304. acctusersfile = "/etc/freeradius/mods-config/files/accounting"
  305. preproxy_usersfile = "/etc/freeradius/mods-config/files/pre-proxy"
  306. }
  307. # Loaded module rlm_always
  308. # Loading module "reject" from file /etc/freeradius/mods-enabled/always
  309. always reject {
  310. rcode = "reject"
  311. simulcount = 0
  312. mpp = no
  313. }
  314. # Loading module "fail" from file /etc/freeradius/mods-enabled/always
  315. always fail {
  316. rcode = "fail"
  317. simulcount = 0
  318. mpp = no
  319. }
  320. # Loading module "ok" from file /etc/freeradius/mods-enabled/always
  321. always ok {
  322. rcode = "ok"
  323. simulcount = 0
  324. mpp = no
  325. }
  326. # Loading module "handled" from file /etc/freeradius/mods-enabled/always
  327. always handled {
  328. rcode = "handled"
  329. simulcount = 0
  330. mpp = no
  331. }
  332. # Loading module "invalid" from file /etc/freeradius/mods-enabled/always
  333. always invalid {
  334. rcode = "invalid"
  335. simulcount = 0
  336. mpp = no
  337. }
  338. # Loading module "userlock" from file /etc/freeradius/mods-enabled/always
  339. always userlock {
  340. rcode = "userlock"
  341. simulcount = 0
  342. mpp = no
  343. }
  344. # Loading module "notfound" from file /etc/freeradius/mods-enabled/always
  345. always notfound {
  346. rcode = "notfound"
  347. simulcount = 0
  348. mpp = no
  349. }
  350. # Loading module "noop" from file /etc/freeradius/mods-enabled/always
  351. always noop {
  352. rcode = "noop"
  353. simulcount = 0
  354. mpp = no
  355. }
  356. # Loading module "updated" from file /etc/freeradius/mods-enabled/always
  357. always updated {
  358. rcode = "updated"
  359. simulcount = 0
  360. mpp = no
  361. }
  362. # Loaded module rlm_unix
  363. # Loading module "unix" from file /etc/freeradius/mods-enabled/unix
  364. unix {
  365. radwtmp = "/var/log/freeradius/radwtmp"
  366. }
  367. Creating attribute Unix-Group
  368. # Loaded module rlm_date
  369. # Loading module "date" from file /etc/freeradius/mods-enabled/date
  370. date {
  371. format = "%b %e %Y %H:%M:%S %Z"
  372. }
  373. # Loaded module rlm_expiration
  374. # Loading module "expiration" from file /etc/freeradius/mods-enabled/expiration
  375. # Loaded module rlm_passwd
  376. # Loading module "etc_passwd" from file /etc/freeradius/mods-enabled/passwd
  377. passwd etc_passwd {
  378. filename = "/etc/passwd"
  379. format = "*User-Name:Crypt-Password:"
  380. delimiter = ":"
  381. ignore_nislike = no
  382. ignore_empty = yes
  383. allow_multiple_keys = no
  384. hash_size = 100
  385. }
  386. # Loaded module rlm_attr_filter
  387. # Loading module "attr_filter.post-proxy" from file /etc/freeradius/mods-enabled/attr_filter
  388. attr_filter attr_filter.post-proxy {
  389. filename = "/etc/freeradius/mods-config/attr_filter/post-proxy"
  390. key = "%{Realm}"
  391. relaxed = no
  392. }
  393. # Loading module "attr_filter.pre-proxy" from file /etc/freeradius/mods-enabled/attr_filter
  394. attr_filter attr_filter.pre-proxy {
  395. filename = "/etc/freeradius/mods-config/attr_filter/pre-proxy"
  396. key = "%{Realm}"
  397. relaxed = no
  398. }
  399. # Loading module "attr_filter.access_reject" from file /etc/freeradius/mods-enabled/attr_filter
  400. attr_filter attr_filter.access_reject {
  401. filename = "/etc/freeradius/mods-config/attr_filter/access_reject"
  402. key = "%{User-Name}"
  403. relaxed = no
  404. }
  405. # Loading module "attr_filter.access_challenge" from file /etc/freeradius/mods-enabled/attr_filter
  406. attr_filter attr_filter.access_challenge {
  407. filename = "/etc/freeradius/mods-config/attr_filter/access_challenge"
  408. key = "%{User-Name}"
  409. relaxed = no
  410. }
  411. # Loading module "attr_filter.accounting_response" from file /etc/freeradius/mods-enabled/attr_filter
  412. attr_filter attr_filter.accounting_response {
  413. filename = "/etc/freeradius/mods-config/attr_filter/accounting_response"
  414. key = "%{User-Name}"
  415. relaxed = no
  416. }
  417. # Loaded module rlm_chap
  418. # Loading module "chap" from file /etc/freeradius/mods-enabled/chap
  419. # Loaded module rlm_radutmp
  420. # Loading module "sradutmp" from file /etc/freeradius/mods-enabled/sradutmp
  421. radutmp sradutmp {
  422. filename = "/var/log/freeradius/sradutmp"
  423. username = "%{User-Name}"
  424. case_sensitive = yes
  425. check_with_nas = yes
  426. permissions = 420
  427. caller_id = no
  428. }
  429. # Loaded module rlm_eap
  430. # Loading module "eap" from file /etc/freeradius/mods-enabled/eap
  431. eap {
  432. default_eap_type = "md5"
  433. timer_expire = 60
  434. ignore_unknown_eap_types = no
  435. cisco_accounting_username_bug = no
  436. max_sessions = 16384
  437. }
  438. # Loaded module rlm_cache
  439. # Loading module "cache_eap" from file /etc/freeradius/mods-enabled/cache_eap
  440. cache cache_eap {
  441. driver = "rlm_cache_rbtree"
  442. key = "%{%{control:State}:-%{%{reply:State}:-%{State}}}"
  443. ttl = 15
  444. max_entries = 0
  445. epoch = 0
  446. add_stats = no
  447. }
  448. # Loading module "auth_log" from file /etc/freeradius/mods-enabled/detail.log
  449. detail auth_log {
  450. filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d"
  451. header = "%t"
  452. permissions = 384
  453. locking = no
  454. escape_filenames = no
  455. log_packet_header = no
  456. }
  457. # Loading module "reply_log" from file /etc/freeradius/mods-enabled/detail.log
  458. detail reply_log {
  459. filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/reply-detail-%Y%m%d"
  460. header = "%t"
  461. permissions = 384
  462. locking = no
  463. escape_filenames = no
  464. log_packet_header = no
  465. }
  466. # Loading module "pre_proxy_log" from file /etc/freeradius/mods-enabled/detail.log
  467. detail pre_proxy_log {
  468. filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/pre-proxy-detail-%Y%m%d"
  469. header = "%t"
  470. permissions = 384
  471. locking = no
  472. escape_filenames = no
  473. log_packet_header = no
  474. }
  475. # Loading module "post_proxy_log" from file /etc/freeradius/mods-enabled/detail.log
  476. detail post_proxy_log {
  477. filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/post-proxy-detail-%Y%m%d"
  478. header = "%t"
  479. permissions = 384
  480. locking = no
  481. escape_filenames = no
  482. log_packet_header = no
  483. }
  484. # Loading module "radutmp" from file /etc/freeradius/mods-enabled/radutmp
  485. radutmp {
  486. filename = "/var/log/freeradius/radutmp"
  487. username = "%{User-Name}"
  488. case_sensitive = yes
  489. check_with_nas = yes
  490. permissions = 384
  491. caller_id = yes
  492. }
  493. # Loading module "echo" from file /etc/freeradius/mods-enabled/echo
  494. exec echo {
  495. wait = yes
  496. program = "/bin/echo %{User-Name}"
  497. input_pairs = "request"
  498. output_pairs = "reply"
  499. shell_escape = yes
  500. }
  501. # Loaded module rlm_linelog
  502. # Loading module "linelog" from file /etc/freeradius/mods-enabled/linelog
  503. linelog {
  504. filename = "/var/log/freeradius/linelog"
  505. escape_filenames = no
  506. syslog_severity = "info"
  507. permissions = 384
  508. format = "This is a log message for %{User-Name}"
  509. reference = "messages.%{%{reply:Packet-Type}:-default}"
  510. }
  511. # Loading module "log_accounting" from file /etc/freeradius/mods-enabled/linelog
  512. linelog log_accounting {
  513. filename = "/var/log/freeradius/linelog-accounting"
  514. escape_filenames = no
  515. syslog_severity = "info"
  516. permissions = 384
  517. format = ""
  518. reference = "Accounting-Request.%{%{Acct-Status-Type}:-unknown}"
  519. }
  520. instantiate {
  521. }
  522. # Instantiating module "pap" from file /etc/freeradius/mods-enabled/pap
  523. # Instantiating module "mschap" from file /etc/freeradius/mods-enabled/mschap
  524. rlm_mschap (mschap): using internal authentication
  525. # Instantiating module "preprocess" from file /etc/freeradius/mods-enabled/preprocess
  526. reading pairlist file /etc/freeradius/mods-config/preprocess/huntgroups
  527. reading pairlist file /etc/freeradius/mods-config/preprocess/hints
  528. # Instantiating module "IPASS" from file /etc/freeradius/mods-enabled/realm
  529. # Instantiating module "suffix" from file /etc/freeradius/mods-enabled/realm
  530. # Instantiating module "realmpercent" from file /etc/freeradius/mods-enabled/realm
  531. # Instantiating module "ntdomain" from file /etc/freeradius/mods-enabled/realm
  532. # Instantiating module "detail" from file /etc/freeradius/mods-enabled/detail
  533. # Instantiating module "logintime" from file /etc/freeradius/mods-enabled/logintime
  534. # Instantiating module "files" from file /etc/freeradius/mods-enabled/files
  535. reading pairlist file /etc/freeradius/mods-config/files/authorize
  536. reading pairlist file /etc/freeradius/mods-config/files/accounting
  537. reading pairlist file /etc/freeradius/mods-config/files/pre-proxy
  538. # Instantiating module "reject" from file /etc/freeradius/mods-enabled/always
  539. # Instantiating module "fail" from file /etc/freeradius/mods-enabled/always
  540. # Instantiating module "ok" from file /etc/freeradius/mods-enabled/always
  541. # Instantiating module "handled" from file /etc/freeradius/mods-enabled/always
  542. # Instantiating module "invalid" from file /etc/freeradius/mods-enabled/always
  543. # Instantiating module "userlock" from file /etc/freeradius/mods-enabled/always
  544. # Instantiating module "notfound" from file /etc/freeradius/mods-enabled/always
  545. # Instantiating module "noop" from file /etc/freeradius/mods-enabled/always
  546. # Instantiating module "updated" from file /etc/freeradius/mods-enabled/always
  547. # Instantiating module "expiration" from file /etc/freeradius/mods-enabled/expiration
  548. # Instantiating module "etc_passwd" from file /etc/freeradius/mods-enabled/passwd
  549. rlm_passwd: nfields: 3 keyfield 0(User-Name) listable: no
  550. # Instantiating module "attr_filter.post-proxy" from file /etc/freeradius/mods-enabled/attr_filter
  551. reading pairlist file /etc/freeradius/mods-config/attr_filter/post-proxy
  552. # Instantiating module "attr_filter.pre-proxy" from file /etc/freeradius/mods-enabled/attr_filter
  553. reading pairlist file /etc/freeradius/mods-config/attr_filter/pre-proxy
  554. # Instantiating module "attr_filter.access_reject" from file /etc/freeradius/mods-enabled/attr_filter
  555. reading pairlist file /etc/freeradius/mods-config/attr_filter/access_reject
  556. [/etc/freeradius/mods-config/attr_filter/access_reject]:11 Check item "FreeRADIUS-Response-Delay" found in filter list for realm "DEFAULT".
  557. [/etc/freeradius/mods-config/attr_filter/access_reject]:11 Check item "FreeRADIUS-Response-Delay-USec" found in filter list for realm "DEFAULT".
  558. # Instantiating module "attr_filter.access_challenge" from file /etc/freeradius/mods-enabled/attr_filter
  559. reading pairlist file /etc/freeradius/mods-config/attr_filter/access_challenge
  560. # Instantiating module "attr_filter.accounting_response" from file /etc/freeradius/mods-enabled/attr_filter
  561. reading pairlist file /etc/freeradius/mods-config/attr_filter/accounting_response
  562. # Instantiating module "eap" from file /etc/freeradius/mods-enabled/eap
  563. # Linked to sub-module rlm_eap_md5
  564. # Linked to sub-module rlm_eap_leap
  565. # Linked to sub-module rlm_eap_gtc
  566. gtc {
  567. challenge = "Password: "
  568. auth_type = "PAP"
  569. }
  570. # Linked to sub-module rlm_eap_tls
  571. tls {
  572. tls = "tls-common"
  573. }
  574. tls-config tls-common {
  575. verify_depth = 0
  576. ca_path = "/etc/freeradius/certs"
  577. pem_file_type = yes
  578. private_key_file = "/etc/freeradius/certs/server.pem"
  579. certificate_file = "/etc/freeradius/certs/server.pem"
  580. ca_file = "/etc/freeradius/certs/ca.pem"
  581. private_key_password = <<< secret >>>
  582. dh_file = "/etc/freeradius/certs/dh"
  583. fragment_size = 1024
  584. include_length = yes
  585. auto_chain = yes
  586. check_crl = no
  587. check_all_crl = no
  588. cipher_list = "DEFAULT"
  589. ecdh_curve = "prime256v1"
  590. cache {
  591. enable = yes
  592. lifetime = 24
  593. max_entries = 255
  594. }
  595. verify {
  596. skip_if_ocsp_ok = no
  597. }
  598. ocsp {
  599. enable = no
  600. override_cert_url = yes
  601. url = "http://127.0.0.1/ocsp/"
  602. use_nonce = yes
  603. timeout = 0
  604. softfail = no
  605. }
  606. }
  607. # Linked to sub-module rlm_eap_ttls
  608. ttls {
  609. tls = "tls-common"
  610. default_eap_type = "md5"
  611. copy_request_to_tunnel = no
  612. use_tunneled_reply = no
  613. virtual_server = "inner-tunnel"
  614. include_length = yes
  615. require_client_cert = no
  616. }
  617. tls: Using cached TLS configuration from previous invocation
  618. # Linked to sub-module rlm_eap_peap
  619. peap {
  620. tls = "tls-common"
  621. default_eap_type = "mschapv2"
  622. copy_request_to_tunnel = no
  623. use_tunneled_reply = no
  624. proxy_tunneled_request_as_eap = yes
  625. virtual_server = "inner-tunnel"
  626. soh = no
  627. require_client_cert = no
  628. }
  629. tls: Using cached TLS configuration from previous invocation
  630. # Linked to sub-module rlm_eap_mschapv2
  631. mschapv2 {
  632. with_ntdomain_hack = no
  633. send_error = no
  634. }
  635. # Instantiating module "cache_eap" from file /etc/freeradius/mods-enabled/cache_eap
  636. rlm_cache (cache_eap): Driver rlm_cache_rbtree (module rlm_cache_rbtree) loaded and linked
  637. # Instantiating module "auth_log" from file /etc/freeradius/mods-enabled/detail.log
  638. rlm_detail (auth_log): 'User-Password' suppressed, will not appear in detail output
  639. # Instantiating module "reply_log" from file /etc/freeradius/mods-enabled/detail.log
  640. # Instantiating module "pre_proxy_log" from file /etc/freeradius/mods-enabled/detail.log
  641. # Instantiating module "post_proxy_log" from file /etc/freeradius/mods-enabled/detail.log
  642. # Instantiating module "linelog" from file /etc/freeradius/mods-enabled/linelog
  643. # Instantiating module "log_accounting" from file /etc/freeradius/mods-enabled/linelog
  644. } # modules
  645. radiusd: #### Loading Virtual Servers ####
  646. server { # from file /etc/freeradius/radiusd.conf
  647. } # server
  648. server inner-tunnel { # from file /etc/freeradius/sites-enabled/inner-tunnel
  649. # Loading authenticate {...}
  650. # Loading authorize {...}
  651. Ignoring "sql" (see raddb/mods-available/README.rst)
  652. Ignoring "ldap" (see raddb/mods-available/README.rst)
  653. # Loading session {...}
  654. # Loading post-proxy {...}
  655. # Loading post-auth {...}
  656. } # server inner-tunnel
  657. server default { # from file /etc/freeradius/sites-enabled/default
  658. # Loading authenticate {...}
  659. # Loading authorize {...}
  660. # Loading preacct {...}
  661. # Loading accounting {...}
  662. # Loading post-proxy {...}
  663. # Loading post-auth {...}
  664. } # server default
  665. radiusd: #### Opening IP addresses and Ports ####
  666. listen {
  667. type = "auth"
  668. ipaddr = 127.0.0.1
  669. port = 18120
  670. }
  671. listen {
  672. type = "auth"
  673. ipaddr = *
  674. port = 0
  675. limit {
  676. max_connections = 16
  677. lifetime = 0
  678. idle_timeout = 30
  679. }
  680. }
  681. listen {
  682. type = "acct"
  683. ipaddr = *
  684. port = 0
  685. limit {
  686. max_connections = 16
  687. lifetime = 0
  688. idle_timeout = 30
  689. }
  690. }
  691. listen {
  692. type = "auth"
  693. ipv6addr = ::
  694. port = 0
  695. limit {
  696. max_connections = 16
  697. lifetime = 0
  698. idle_timeout = 30
  699. }
  700. }
  701. listen {
  702. type = "acct"
  703. ipv6addr = ::
  704. port = 0
  705. limit {
  706. max_connections = 16
  707. lifetime = 0
  708. idle_timeout = 30
  709. }
  710. }
  711. Listening on auth address 127.0.0.1 port 18120 bound to server inner-tunnel
  712. Listening on auth address * port 1812 bound to server default
  713. Listening on acct address * port 1813 bound to server default
  714. Listening on auth address :: port 1812 bound to server default
  715. Listening on acct address :: port 1813 bound to server default
  716. Listening on proxy address * port 51874
  717. Listening on proxy address :: port 58553
  718. Ready to process requests
  719. (0) Received Access-Request Id 134 from 127.0.0.1:49494 to 127.0.0.1:1812 length 76
  720. (0) User-Name = "ndavis"
  721. (0) User-Password = "testing"
  722. (0) NAS-IP-Address = 10.0.0.15
  723. (0) NAS-Port = 0
  724. (0) Message-Authenticator = 0x198292dbb362e883f49d02084ef4dede
  725. (0) # Executing section authorize from file /etc/freeradius/sites-enabled/default
  726. (0) authorize {
  727. (0) policy filter_username {
  728. (0) if (&User-Name) {
  729. (0) if (&User-Name) -> TRUE
  730. (0) if (&User-Name) {
  731. (0) if (&User-Name =~ / /) {
  732. (0) if (&User-Name =~ / /) -> FALSE
  733. (0) if (&User-Name =~ /@[^@]*@/ ) {
  734. (0) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
  735. (0) if (&User-Name =~ /\.\./ ) {
  736. (0) if (&User-Name =~ /\.\./ ) -> FALSE
  737. (0) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
  738. (0) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
  739. (0) if (&User-Name =~ /\.$/) {
  740. (0) if (&User-Name =~ /\.$/) -> FALSE
  741. (0) if (&User-Name =~ /@\./) {
  742. (0) if (&User-Name =~ /@\./) -> FALSE
  743. (0) } # if (&User-Name) = notfound
  744. (0) } # policy filter_username = notfound
  745. (0) [preprocess] = ok
  746. (0) [chap] = noop
  747. (0) [mschap] = noop
  748. (0) [digest] = noop
  749. (0) suffix: Checking for suffix after "@"
  750. (0) suffix: No '@' in User-Name = "ndavis", looking up realm NULL
  751. (0) suffix: No such realm "NULL"
  752. (0) [suffix] = noop
  753. (0) eap: No EAP-Message, not doing EAP
  754. (0) [eap] = noop
  755. (0) [files] = noop
  756. (0) [expiration] = noop
  757. (0) [logintime] = noop
  758. (0) pap: WARNING: No "known good" password found for the user. Not setting Auth-Type
  759. (0) pap: WARNING: Authentication will fail unless a "known good" password is available
  760. (0) [pap] = noop
  761. (0) } # authorize = ok
  762. (0) ERROR: No Auth-Type found: rejecting the user via Post-Auth-Type = Reject
  763. (0) Failed to authenticate the user
  764. (0) Using Post-Auth-Type Reject
  765. (0) # Executing group from file /etc/freeradius/sites-enabled/default
  766. (0) Post-Auth-Type REJECT {
  767. (0) attr_filter.access_reject: EXPAND %{User-Name}
  768. (0) attr_filter.access_reject: --> ndavis
  769. (0) attr_filter.access_reject: Matched entry DEFAULT at line 11
  770. (0) [attr_filter.access_reject] = updated
  771. (0) [eap] = noop
  772. (0) policy remove_reply_message_if_eap {
  773. (0) if (&reply:EAP-Message && &reply:Reply-Message) {
  774. (0) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
  775. (0) else {
  776. (0) [noop] = noop
  777. (0) } # else = noop
  778. (0) } # policy remove_reply_message_if_eap = noop
  779. (0) } # Post-Auth-Type REJECT = updated
  780. (0) Delaying response for 1.000000 seconds
  781. Waking up in 0.3 seconds.
  782. Waking up in 0.6 seconds.
  783. (0) Sending delayed response
  784. (0) Sent Access-Reject Id 134 from 127.0.0.1:1812 to 127.0.0.1:49494 length 20
  785. Waking up in 3.9 seconds.
  786. (0) Cleaning up request packet ID 134 with timestamp +2
  787. Ready to process requests
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!