Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- mohammed@linuxserver:~$ sudo freeradius -X
- [sudo] password for mohammed:
- FreeRADIUS Version 2.1.12, for host i686-pc-linux-gnu, built on Feb 27 2015 at 12:38:42
- Copyright (C) 1999-2009 The FreeRADIUS server project and contributors.
- There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
- PARTICULAR PURPOSE.
- You may redistribute copies of FreeRADIUS under the terms of the
- GNU General Public License v2.
- Starting - reading configuration files ...
- including configuration file /etc/freeradius/radiusd.conf
- including configuration file /etc/freeradius/proxy.conf
- including configuration file /etc/freeradius/clients.conf
- including files in directory /etc/freeradius/modules/
- including configuration file /etc/freeradius/modules/detail
- including configuration file /etc/freeradius/modules/cui
- including configuration file /etc/freeradius/modules/smsotp
- including configuration file /etc/freeradius/modules/expiration
- including configuration file /etc/freeradius/modules/unix
- including configuration file /etc/freeradius/modules/replicate
- including configuration file /etc/freeradius/modules/detail.example.com
- including configuration file /etc/freeradius/modules/passwd
- including configuration file /etc/freeradius/modules/opendirectory
- including configuration file /etc/freeradius/modules/ippool
- including configuration file /etc/freeradius/modules/chap
- including configuration file /etc/freeradius/modules/mschap
- including configuration file /etc/freeradius/modules/soh
- including configuration file /etc/freeradius/modules/etc_group
- including configuration file /etc/freeradius/modules/logintime
- including configuration file /etc/freeradius/modules/radutmp
- including configuration file /etc/freeradius/modules/exec
- including configuration file /etc/freeradius/modules/counter
- including configuration file /etc/freeradius/modules/inner-eap
- including configuration file /etc/freeradius/modules/mac2vlan
- including configuration file /etc/freeradius/modules/files
- including configuration file /etc/freeradius/modules/perl
- including configuration file /etc/freeradius/modules/mac2ip
- including configuration file /etc/freeradius/modules/krb5
- including configuration file /etc/freeradius/modules/ntlm_auth
- including configuration file /etc/freeradius/modules/preprocess
- including configuration file /etc/freeradius/modules/ldap
- including configuration file /etc/freeradius/modules/sql_log
- including configuration file /etc/freeradius/modules/dynamic_clients
- including configuration file /etc/freeradius/modules/policy
- including configuration file /etc/freeradius/modules/smbpasswd
- including configuration file /etc/freeradius/modules/linelog
- including configuration file /etc/freeradius/modules/pap
- including configuration file /etc/freeradius/modules/sradutmp
- including configuration file /etc/freeradius/modules/always
- including configuration file /etc/freeradius/modules/pam
- including configuration file /etc/freeradius/modules/sqlcounter_expire_on_login
- including configuration file /etc/freeradius/modules/echo
- including configuration file /etc/freeradius/modules/rediswho
- including configuration file /etc/freeradius/modules/redis
- including configuration file /etc/freeradius/modules/attr_rewrite
- including configuration file /etc/freeradius/modules/realm
- including configuration file /etc/freeradius/modules/attr_filter
- including configuration file /etc/freeradius/modules/expr
- including configuration file /etc/freeradius/modules/otp
- including configuration file /etc/freeradius/modules/detail.log
- including configuration file /etc/freeradius/modules/digest
- including configuration file /etc/freeradius/modules/wimax
- including configuration file /etc/freeradius/modules/acct_unique
- including configuration file /etc/freeradius/modules/checkval
- including configuration file /etc/freeradius/policy.conf
- including files in directory /etc/freeradius/sites-enabled/
- including configuration file /etc/freeradius/sites-enabled/default
- including configuration file /etc/freeradius/sites-enabled/inner-tunnel
- main {
- user = "freerad"
- group = "freerad"
- allow_core_dumps = no
- }
- including dictionary file /etc/freeradius/dictionary
- main {
- name = "freeradius"
- prefix = "/usr"
- localstatedir = "/var"
- sbindir = "/usr/sbin"
- logdir = "/var/log/freeradius"
- run_dir = "/var/run/freeradius"
- libdir = "/usr/lib/freeradius"
- radacctdir = "/var/log/freeradius/radacct"
- hostname_lookups = no
- max_request_time = 30
- cleanup_delay = 5
- max_requests = 1024
- pidfile = "/var/run/freeradius/freeradius.pid"
- checkrad = "/usr/sbin/checkrad"
- debug_level = 0
- proxy_requests = yes
- log {
- stripped_names = no
- auth = no
- auth_badpass = no
- auth_goodpass = no
- }
- security {
- max_attributes = 200
- reject_delay = 1
- status_server = yes
- }
- }
- radiusd: #### Loading Realms and Home Servers ####
- proxy server {
- retry_delay = 5
- retry_count = 3
- default_fallback = no
- dead_time = 120
- wake_all_if_all_dead = no
- }
- home_server localhost {
- ipaddr = 127.0.0.1
- port = 1812
- type = "auth"
- secret = "testing123"
- response_window = 20
- max_outstanding = 65536
- require_message_authenticator = yes
- zombie_period = 40
- status_check = "status-server"
- ping_interval = 30
- check_interval = 30
- num_answers_to_alive = 3
- num_pings_to_alive = 3
- revive_interval = 120
- status_check_timeout = 4
- coa {
- irt = 2
- mrt = 16
- mrc = 5
- mrd = 30
- }
- }
- home_server_pool my_auth_failover {
- type = fail-over
- home_server = localhost
- }
- realm example.com {
- auth_pool = my_auth_failover
- }
- realm LOCAL {
- }
- radiusd: #### Loading Clients ####
- client localhost {
- ipaddr = 127.0.0.1
- require_message_authenticator = no
- secret = "secretkey"
- nastype = "other"
- }
- client 192.168.0.0/16 {
- require_message_authenticator = no
- secret = "secretkey"
- nastype = "other"
- }
- client 10.0.0.0/8 {
- require_message_authenticator = no
- secret = "secretkey"
- nastype = "other"
- }
- radiusd: #### Instantiating modules ####
- instantiate {
- Module: Linked to module rlm_exec
- Module: Instantiating module "exec" from file /etc/freeradius/modules/exec
- exec {
- wait = no
- input_pairs = "request"
- shell_escape = yes
- }
- Module: Linked to module rlm_expr
- Module: Instantiating module "expr" from file /etc/freeradius/modules/expr
- Module: Linked to module rlm_expiration
- Module: Instantiating module "expiration" from file /etc/freeradius/modules/expiration
- expiration {
- reply-message = "Password Has Expired "
- }
- Module: Linked to module rlm_logintime
- Module: Instantiating module "logintime" from file /etc/freeradius/modules/logintime
- logintime {
- reply-message = "You are calling outside your allowed timespan "
- minimum-timeout = 60
- }
- }
- radiusd: #### Loading Virtual Servers ####
- server { # from file /etc/freeradius/radiusd.conf
- modules {
- Module: Creating Auth-Type = LDAP
- Module: Creating Post-Auth-Type = REJECT
- Module: Checking authenticate {...} for more modules to load
- Module: Linked to module rlm_ldap
- Module: Instantiating module "ldap" from file /etc/freeradius/modules/ldap
- ldap {
- server = "127.0.0.1"
- port = 389
- password = "M13n14e5"
- identity = "cn=admin,dc=example,dc=com"
- net_timeout = 1
- timeout = 4
- timelimit = 3
- tls_mode = no
- start_tls = no
- tls_require_cert = "allow"
- basedn = "ou=people,dc=example,dc=com"
- filter = "(uniqueIdentifier=%{%{Stripped-User-Name}:-%{User-Name}})"
- base_filter = "(objectclass=radiusprofile)"
- auto_header = no
- access_attr_used_for_allow = yes
- groupname_attribute = "cn"
- groupmembership_filter = "(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))"
- dictionary_mapping = "/etc/freeradius/ldap.attrmap"
- ldap_debug = 0
- ldap_connections_number = 5
- compare_check_items = no
- do_xlat = yes
- edir_account_policy_check = no
- set_auth_type = yes
- }
- rlm_ldap: Registering ldap_groupcmp for Ldap-Group
- rlm_ldap: Registering ldap_xlat with xlat_name ldap
- rlm_ldap: reading ldap<->radius mappings from file /etc/freeradius/ldap.attrmap
- rlm_ldap: LDAP radiusCheckItem mapped to RADIUS $GENERIC$
- rlm_ldap: LDAP radiusReplyItem mapped to RADIUS $GENERIC$
- rlm_ldap: LDAP radiusAuthType mapped to RADIUS Auth-Type
- rlm_ldap: LDAP radiusSimultaneousUse mapped to RADIUS Simultaneous-Use
- rlm_ldap: LDAP radiusCalledStationId mapped to RADIUS Called-Station-Id
- rlm_ldap: LDAP radiusCallingStationId mapped to RADIUS Calling-Station-Id
- rlm_ldap: LDAP lmPassword mapped to RADIUS LM-Password
- rlm_ldap: LDAP ntPassword mapped to RADIUS NT-Password
- rlm_ldap: LDAP sambaLmPassword mapped to RADIUS LM-Password
- rlm_ldap: LDAP sambaNtPassword mapped to RADIUS NT-Password
- rlm_ldap: LDAP dBCSPwd mapped to RADIUS LM-Password
- rlm_ldap: LDAP userPassword mapped to RADIUS Password-With-Header
- rlm_ldap: LDAP acctFlags mapped to RADIUS SMB-Account-CTRL-TEXT
- rlm_ldap: LDAP radiusExpiration mapped to RADIUS Expiration
- rlm_ldap: LDAP radiusNASIpAddress mapped to RADIUS NAS-IP-Address
- rlm_ldap: LDAP radiusServiceType mapped to RADIUS Service-Type
- rlm_ldap: LDAP radiusFramedProtocol mapped to RADIUS Framed-Protocol
- rlm_ldap: LDAP radiusFramedIPAddress mapped to RADIUS Framed-IP-Address
- rlm_ldap: LDAP radiusFramedIPNetmask mapped to RADIUS Framed-IP-Netmask
- rlm_ldap: LDAP radiusFramedRoute mapped to RADIUS Framed-Route
- rlm_ldap: LDAP radiusFramedRouting mapped to RADIUS Framed-Routing
- rlm_ldap: LDAP radiusFilterId mapped to RADIUS Filter-Id
- rlm_ldap: LDAP radiusFramedMTU mapped to RADIUS Framed-MTU
- rlm_ldap: LDAP radiusFramedCompression mapped to RADIUS Framed-Compression
- rlm_ldap: LDAP radiusLoginIPHost mapped to RADIUS Login-IP-Host
- rlm_ldap: LDAP radiusLoginService mapped to RADIUS Login-Service
- rlm_ldap: LDAP radiusLoginTCPPort mapped to RADIUS Login-TCP-Port
- rlm_ldap: LDAP radiusCallbackNumber mapped to RADIUS Callback-Number
- rlm_ldap: LDAP radiusCallbackId mapped to RADIUS Callback-Id
- rlm_ldap: LDAP radiusFramedIPXNetwork mapped to RADIUS Framed-IPX-Network
- rlm_ldap: LDAP radiusClass mapped to RADIUS Class
- rlm_ldap: LDAP radiusSessionTimeout mapped to RADIUS Session-Timeout
- rlm_ldap: LDAP radiusIdleTimeout mapped to RADIUS Idle-Timeout
- rlm_ldap: LDAP radiusTerminationAction mapped to RADIUS Termination-Action
- rlm_ldap: LDAP radiusLoginLATService mapped to RADIUS Login-LAT-Service
- rlm_ldap: LDAP radiusLoginLATNode mapped to RADIUS Login-LAT-Node
- rlm_ldap: LDAP radiusLoginLATGroup mapped to RADIUS Login-LAT-Group
- rlm_ldap: LDAP radiusFramedAppleTalkLink mapped to RADIUS Framed-AppleTalk-Link
- rlm_ldap: LDAP radiusFramedAppleTalkNetwork mapped to RADIUS Framed-AppleTalk-Network
- rlm_ldap: LDAP radiusFramedAppleTalkZone mapped to RADIUS Framed-AppleTalk-Zone
- rlm_ldap: LDAP radiusPortLimit mapped to RADIUS Port-Limit
- rlm_ldap: LDAP radiusLoginLATPort mapped to RADIUS Login-LAT-Port
- rlm_ldap: LDAP radiusReplyMessage mapped to RADIUS Reply-Message
- rlm_ldap: LDAP radiusTunnelType mapped to RADIUS Tunnel-Type
- rlm_ldap: LDAP radiusTunnelMediumType mapped to RADIUS Tunnel-Medium-Type
- rlm_ldap: LDAP radiusTunnelPrivateGroupId mapped to RADIUS Tunnel-Private-Group-Id
- conns: 0x90f7348
- Module: Checking authorize {...} for more modules to load
- Module: Checking session {...} for more modules to load
- Module: Linked to module rlm_radutmp
- Module: Instantiating module "radutmp" from file /etc/freeradius/modules/radutmp
- radutmp {
- filename = "/var/log/freeradius/radutmp"
- username = "%{User-Name}"
- case_sensitive = yes
- check_with_nas = yes
- perm = 384
- callerid = yes
- }
- Module: Checking post-auth {...} for more modules to load
- Module: Linked to module rlm_attr_filter
- Module: Instantiating module "attr_filter.access_reject" from file /etc/freeradius/modules/attr_filter
- attr_filter attr_filter.access_reject {
- attrsfile = "/etc/freeradius/attrs.access_reject"
- key = "%{User-Name}"
- relaxed = no
- }
- } # modules
- } # server
- server inner-tunnel { # from file /etc/freeradius/sites-enabled/inner-tunnel
- modules {
- Module: Checking authenticate {...} for more modules to load
- Module: Checking authorize {...} for more modules to load
- Module: Checking session {...} for more modules to load
- Module: Checking post-auth {...} for more modules to load
- } # modules
- } # server
- radiusd: #### Opening IP addresses and Ports ####
- listen {
- type = "auth"
- ipaddr = *
- port = 0
- }
- listen {
- type = "acct"
- ipaddr = *
- port = 0
- }
- ... adding new socket proxy address * port 33445
- Listening on authentication address * port 1812
- Listening on accounting address * port 1813
- Listening on proxy address * port 1814
- Ready to process requests.
- rad_recv: Access-Request packet from host 192.168.1.110 port 33824, id=107, length=75
- User-Name = "alice"
- User-Password = "M13n14e5"
- NAS-IP-Address = 127.0.1.1
- NAS-Port = 1812
- Message-Authenticator = 0x5a72ebd326bf2df52bf7a0050a36b091
- # Executing section authorize from file /etc/freeradius/sites-enabled/default
- +- entering group authorize {...}
- [ldap] performing user authorization for alice
- [ldap] expand: %{Stripped-User-Name} ->
- [ldap] ... expanding second conditional
- [ldap] expand: %{User-Name} -> alice
- [ldap] expand: (uniqueIdentifier=%{%{Stripped-User-Name}:-%{User-Name}}) -> (uniqueIdentifier=alice)
- [ldap] expand: ou=people,dc=example,dc=com -> ou=people,dc=example,dc=com
- [ldap] ldap_get_conn: Checking Id: 0
- [ldap] ldap_get_conn: Got Id: 0
- [ldap] attempting LDAP reconnection
- [ldap] (re)connect to 127.0.0.1:389, authentication 0
- [ldap] bind as cn=admin,dc=example,dc=com/M13n14e5 to 127.0.0.1:389
- [ldap] waiting for bind result ...
- [ldap] Bind was successful
- [ldap] performing search in ou=people,dc=example,dc=com, with filter (uniqueIdentifier=alice)
- [ldap] No default NMAS login sequence
- [ldap] looking for check items in directory...
- [ldap] userPassword -> Password-With-Header == "M13n14e5"
- [ldap] looking for reply items in directory...
- [ldap] Setting Auth-Type = LDAP
- [ldap] user alice authorized to use remote access
- [ldap] ldap_release_conn: Release Id: 0
- ++[ldap] returns ok
- Found Auth-Type = LDAP
- # Executing group from file /etc/freeradius/sites-enabled/default
- +- entering group LDAP {...}
- [ldap] login attempt by "alice" with password "M13n14e5"
- [ldap] user DN: uniqueIdentifier=alice,ou=people,dc=example,dc=com
- [ldap] (re)connect to 127.0.0.1:389, authentication 1
- [ldap] bind as uniqueIdentifier=alice,ou=people,dc=example,dc=com/M13n14e5 to 127.0.0.1:389
- [ldap] waiting for bind result ...
- [ldap] Bind was successful
- [ldap] user alice authenticated succesfully
- ++[ldap] returns ok
- # Executing section post-auth from file /etc/freeradius/sites-enabled/default
- +- entering group post-auth {...}
- ++[exec] returns noop
- Sending Access-Accept of id 107 to 192.168.1.110 port 33824
- Finished request 0.
- Going to the next request
- Waking up in 4.9 seconds.
- Cleaning up request 0 ID 107 with timestamp +38
- Ready to process requests.
- rad_recv: Access-Request packet from host 192.168.1.1 port 41816, id=16, length=160
- User-Name = "someuser"
- NAS-IP-Address = 78.104.81.132
- Called-Station-Id = "A2-F3-C1-67-EC-68:MNE-Guests"
- NAS-Port-Type = Wireless-802.11
- NAS-Port = 1
- Calling-Station-Id = "48-D2-24-3F-55-D4"
- Connect-Info = "CONNECT 54Mbps 802.11g"
- Framed-MTU = 1400
- EAP-Message = 0x02d4000d01736f6d6575736572
- Message-Authenticator = 0x3a7a01d881fc2b687f1e77a3ff9ecf07
- # Executing section authorize from file /etc/freeradius/sites-enabled/default
- +- entering group authorize {...}
- [ldap] performing user authorization for someuser
- [ldap] expand: %{Stripped-User-Name} ->
- [ldap] ... expanding second conditional
- [ldap] expand: %{User-Name} -> someuser
- [ldap] expand: (uniqueIdentifier=%{%{Stripped-User-Name}:-%{User-Name}}) -> (uniqueIdentifier=someuser)
- [ldap] expand: ou=people,dc=example,dc=com -> ou=people,dc=example,dc=com
- [ldap] ldap_get_conn: Checking Id: 0
- [ldap] ldap_get_conn: Got Id: 0
- [ldap] performing search in ou=people,dc=example,dc=com, with filter (uniqueIdentifier=someuser)
- [ldap] object not found
- [ldap] search failed
- [ldap] ldap_release_conn: Release Id: 0
- ++[ldap] returns notfound
- ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user
- Failed to authenticate the user.
- Using Post-Auth-Type Reject
- # Executing group from file /etc/freeradius/sites-enabled/default
- +- entering group REJECT {...}
- [attr_filter.access_reject] expand: %{User-Name} -> someuser
- attr_filter: Matched entry DEFAULT at line 11
- ++[attr_filter.access_reject] returns updated
- Delaying reject of request 1 for 1 seconds
- Going to the next request
- Waking up in 0.9 seconds.
- Sending delayed reject for request 1
- Sending Access-Reject of id 16 to 192.168.1.1 port 41816
- Waking up in 4.9 seconds.
- Cleaning up request 1 ID 16 with timestamp +54
- Ready to process requests.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement