API tools faq
paste
Guest User

Untitled

a guest
Nov 7th, 2016
598
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 61.41 KB | None | 0 0
raw download clone embed print report
  1. Server was built with:
  2. accounting : yes
  3. authentication : yes
  4. ascend-binary-attributes : yes
  5. coa : yes
  6. control-socket : yes
  7. detail : yes
  8. dhcp : yes
  9. dynamic-clients : yes
  10. osfc2 : no
  11. proxy : yes
  12. regex-pcre : no
  13. regex-posix : yes
  14. regex-posix-extended : yes
  15. session-management : yes
  16. stats : yes
  17. tcp : yes
  18. threads : yes
  19. tls : yes
  20. unlang : yes
  21. vmps : yes
  22. developer : no
  23. Server core libs:
  24. freeradius-server : 3.0.11
  25. talloc : 2.0.*
  26. ssl : 1.0.2g release
  27. Endianness:
  28. little
  29. Compilation flags:
  30. cppflags : -Wdate-time -D_FORTIFY_SOURCE=2
  31. cflags : -I/build/freeradius-G88Mfz/freeradius-3.0.11 -I/build/freeradius-G88Mfz/freeradius-3.0.11/src -include /build/freeradius-G88Mfz/freeradius-3.0.11/src/freeradius-devel/autoconf.h -include /build/freeradius-G88Mfz/freeradius-3.0.11/src/freeradius-devel/build.h -include /build/freeradius-G88Mfz/freeradius-3.0.11/src/freeradius-devel/features.h -include /build/freeradius-G88Mfz/freeradius-3.0.11/src/freeradius-devel/radpaths.h -fno-strict-aliasing -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -O2 -Wall -std=c99 -D_GNU_SOURCE -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -DOPENSSL_NO_KRB5 -DNDEBUG -DIS_MODULE=1
  32. ldflags : -Wl,-Bsymbolic-functions -Wl,-z,relro
  33. libs : -lcrypto -lssl -ltalloc -lcap -lnsl -lresolv -ldl -lpthread -lreadline
  34.  
  35. Copyright (C) 1999-2016 The FreeRADIUS server project and contributors
  36. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
  37. PARTICULAR PURPOSE
  38. You may redistribute copies of FreeRADIUS under the terms of the
  39. GNU General Public License
  40. For more information about these matters, see the file named COPYRIGHT
  41. Starting - reading configuration files ...
  42. including dictionary file /usr/share/freeradius/dictionary
  43. including dictionary file /usr/share/freeradius/dictionary.dhcp
  44. including dictionary file /usr/share/freeradius/dictionary.vqp
  45. including dictionary file /etc/freeradius/dictionary
  46. including configuration file /etc/freeradius/radiusd.conf
  47. including configuration file /etc/freeradius/proxy.conf
  48. including configuration file /etc/freeradius/clients.conf
  49. including files in directory /etc/freeradius/mods-enabled/
  50. including configuration file /etc/freeradius/mods-enabled/logintime
  51. including configuration file /etc/freeradius/mods-enabled/chap
  52. including configuration file /etc/freeradius/mods-enabled/unix
  53. including configuration file /etc/freeradius/mods-enabled/detail
  54. including configuration file /etc/freeradius/mods-enabled/radutmp
  55. including configuration file /etc/freeradius/mods-enabled/always
  56. including configuration file /etc/freeradius/mods-enabled/digest
  57. including configuration file /etc/freeradius/mods-enabled/attr_filter
  58. including configuration file /etc/freeradius/mods-enabled/sradutmp
  59. including configuration file /etc/freeradius/mods-enabled/preprocess
  60. including configuration file /etc/freeradius/mods-enabled/exec
  61. including configuration file /etc/freeradius/mods-enabled/detail.log
  62. including configuration file /etc/freeradius/mods-enabled/sql
  63. including configuration file /etc/freeradius/mods-config/sql/main/mysql/queries.conf
  64. including configuration file /etc/freeradius/mods-config/sql_dhcp/main/mysql/queries.conf
  65. including configuration file /etc/freeradius/mods-enabled/soh
  66. including configuration file /etc/freeradius/mods-enabled/ntlm_auth
  67. including configuration file /etc/freeradius/mods-enabled/cache_eap
  68. including configuration file /etc/freeradius/mods-enabled/files
  69. including configuration file /etc/freeradius/mods-enabled/replicate
  70. including configuration file /etc/freeradius/mods-enabled/unpack
  71. including configuration file /etc/freeradius/mods-enabled/passwd
  72. including configuration file /etc/freeradius/mods-enabled/expiration
  73. including configuration file /etc/freeradius/mods-enabled/pap
  74. including configuration file /etc/freeradius/mods-enabled/expr
  75. including configuration file /etc/freeradius/mods-enabled/mac2ip
  76. including configuration file /etc/freeradius/mods-enabled/linelog
  77. including configuration file /etc/freeradius/mods-enabled/utf8
  78. including configuration file /etc/freeradius/mods-enabled/mschap
  79. including configuration file /etc/freeradius/mods-enabled/realm
  80. including configuration file /etc/freeradius/mods-enabled/dynamic_clients
  81. including configuration file /etc/freeradius/mods-enabled/echo
  82. including configuration file /etc/freeradius/mods-enabled/eap
  83. including files in directory /etc/freeradius/policy.d/
  84. including configuration file /etc/freeradius/policy.d/debug
  85. including configuration file /etc/freeradius/policy.d/abfab-tr
  86. including configuration file /etc/freeradius/policy.d/dhcp
  87. including configuration file /etc/freeradius/policy.d/filter
  88. including configuration file /etc/freeradius/policy.d/control
  89. including configuration file /etc/freeradius/policy.d/canonicalization
  90. including configuration file /etc/freeradius/policy.d/operator-name
  91. including configuration file /etc/freeradius/policy.d/accounting
  92. including configuration file /etc/freeradius/policy.d/cui
  93. including configuration file /etc/freeradius/policy.d/eap
  94. including files in directory /etc/freeradius/sites-enabled/
  95. including configuration file /etc/freeradius/sites-enabled/inner-tunnel
  96. including configuration file /etc/freeradius/sites-enabled/dhcp_static
  97. including configuration file /etc/freeradius/sites-enabled/default
  98. main {
  99. security {
  100. allow_core_dumps = no
  101. }
  102. name = "radius"
  103. prefix = "/usr"
  104. localstatedir = "/var"
  105. logdir = "/var/log/freeradius"
  106. run_dir = "/var/run/radius"
  107. }
  108. main {
  109. name = "radius"
  110. prefix = "/usr"
  111. localstatedir = "/var"
  112. sbindir = "/usr/sbin"
  113. logdir = "/var/log/freeradius"
  114. run_dir = "/var/run/radius"
  115. libdir = "/usr/lib/freeradius"
  116. radacctdir = "/var/log/freeradius/radacct"
  117. hostname_lookups = no
  118. max_request_time = 30
  119. cleanup_delay = 5
  120. max_requests = 16384
  121. pidfile = "/var/run/radius/radius.pid"
  122. checkrad = "/usr/sbin/checkrad"
  123. debug_level = 0
  124. proxy_requests = yes
  125. log {
  126. stripped_names = no
  127. auth = no
  128. auth_badpass = no
  129. auth_goodpass = no
  130. colourise = yes
  131. msg_denied = "You are already logged in - access denied"
  132. }
  133. resources {
  134. }
  135. security {
  136. max_attributes = 200
  137. reject_delay = 1.000000
  138. status_server = yes
  139. }
  140. }
  141. radiusd: #### Loading Realms and Home Servers ####
  142. proxy server {
  143. retry_delay = 5
  144. retry_count = 3
  145. default_fallback = no
  146. dead_time = 120
  147. wake_all_if_all_dead = no
  148. }
  149. home_server localhost {
  150. ipaddr = 127.0.0.1
  151. port = 1812
  152. type = "auth"
  153. secret = <<< secret >>>
  154. response_window = 20.000000
  155. response_timeouts = 1
  156. max_outstanding = 65536
  157. zombie_period = 40
  158. status_check = "status-server"
  159. ping_interval = 30
  160. check_interval = 30
  161. check_timeout = 4
  162. num_answers_to_alive = 3
  163. revive_interval = 120
  164. limit {
  165. max_connections = 16
  166. max_requests = 0
  167. lifetime = 0
  168. idle_timeout = 0
  169. }
  170. coa {
  171. irt = 2
  172. mrt = 16
  173. mrc = 5
  174. mrd = 30
  175. }
  176. }
  177. home_server_pool my_auth_failover {
  178. type = fail-over
  179. home_server = localhost
  180. }
  181. realm example.com {
  182. auth_pool = my_auth_failover
  183. }
  184. realm LOCAL {
  185. }
  186. radiusd: #### Loading Clients ####
  187. client localhost {
  188. ipaddr = 127.0.0.1
  189. require_message_authenticator = no
  190. secret = <<< secret >>>
  191. nas_type = "other"
  192. proto = "*"
  193. limit {
  194. max_connections = 16
  195. lifetime = 0
  196. idle_timeout = 30
  197. }
  198. }
  199. client localhost_ipv6 {
  200. ipv6addr = ::1
  201. require_message_authenticator = no
  202. secret = <<< secret >>>
  203. limit {
  204. max_connections = 16
  205. lifetime = 0
  206. idle_timeout = 30
  207. }
  208. }
  209. Debugger not attached
  210. # Creating Auth-Type = PAP
  211. # Creating Auth-Type = CHAP
  212. # Creating Auth-Type = MS-CHAP
  213. # Creating Auth-Type = eap
  214. # Creating Auth-Type = digest
  215. radiusd: #### Instantiating modules ####
  216. modules {
  217. # Loaded module rlm_logintime
  218. # Loading module "logintime" from file /etc/freeradius/mods-enabled/logintime
  219. logintime {
  220. minimum_timeout = 60
  221. }
  222. # Loaded module rlm_chap
  223. # Loading module "chap" from file /etc/freeradius/mods-enabled/chap
  224. # Loaded module rlm_unix
  225. # Loading module "unix" from file /etc/freeradius/mods-enabled/unix
  226. unix {
  227. radwtmp = "/var/log/freeradius/radwtmp"
  228. }
  229. Creating attribute Unix-Group
  230. # Loaded module rlm_detail
  231. # Loading module "detail" from file /etc/freeradius/mods-enabled/detail
  232. detail {
  233. filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d"
  234. header = "%t"
  235. permissions = 384
  236. locking = no
  237. escape_filenames = no
  238. log_packet_header = no
  239. }
  240. # Loaded module rlm_radutmp
  241. # Loading module "radutmp" from file /etc/freeradius/mods-enabled/radutmp
  242. radutmp {
  243. filename = "/var/log/freeradius/radutmp"
  244. username = "%{User-Name}"
  245. case_sensitive = yes
  246. check_with_nas = yes
  247. permissions = 384
  248. caller_id = yes
  249. }
  250. # Loaded module rlm_always
  251. # Loading module "reject" from file /etc/freeradius/mods-enabled/always
  252. always reject {
  253. rcode = "reject"
  254. simulcount = 0
  255. mpp = no
  256. }
  257. # Loading module "fail" from file /etc/freeradius/mods-enabled/always
  258. always fail {
  259. rcode = "fail"
  260. simulcount = 0
  261. mpp = no
  262. }
  263. # Loading module "ok" from file /etc/freeradius/mods-enabled/always
  264. always ok {
  265. rcode = "ok"
  266. simulcount = 0
  267. mpp = no
  268. }
  269. # Loading module "handled" from file /etc/freeradius/mods-enabled/always
  270. always handled {
  271. rcode = "handled"
  272. simulcount = 0
  273. mpp = no
  274. }
  275. # Loading module "invalid" from file /etc/freeradius/mods-enabled/always
  276. always invalid {
  277. rcode = "invalid"
  278. simulcount = 0
  279. mpp = no
  280. }
  281. # Loading module "userlock" from file /etc/freeradius/mods-enabled/always
  282. always userlock {
  283. rcode = "userlock"
  284. simulcount = 0
  285. mpp = no
  286. }
  287. # Loading module "notfound" from file /etc/freeradius/mods-enabled/always
  288. always notfound {
  289. rcode = "notfound"
  290. simulcount = 0
  291. mpp = no
  292. }
  293. # Loading module "noop" from file /etc/freeradius/mods-enabled/always
  294. always noop {
  295. rcode = "noop"
  296. simulcount = 0
  297. mpp = no
  298. }
  299. # Loading module "updated" from file /etc/freeradius/mods-enabled/always
  300. always updated {
  301. rcode = "updated"
  302. simulcount = 0
  303. mpp = no
  304. }
  305. # Loaded module rlm_digest
  306. # Loading module "digest" from file /etc/freeradius/mods-enabled/digest
  307. # Loaded module rlm_attr_filter
  308. # Loading module "attr_filter.post-proxy" from file /etc/freeradius/mods-enabled/attr_filter
  309. attr_filter attr_filter.post-proxy {
  310. filename = "/etc/freeradius/mods-config/attr_filter/post-proxy"
  311. key = "%{Realm}"
  312. relaxed = no
  313. }
  314. # Loading module "attr_filter.pre-proxy" from file /etc/freeradius/mods-enabled/attr_filter
  315. attr_filter attr_filter.pre-proxy {
  316. filename = "/etc/freeradius/mods-config/attr_filter/pre-proxy"
  317. key = "%{Realm}"
  318. relaxed = no
  319. }
  320. # Loading module "attr_filter.access_reject" from file /etc/freeradius/mods-enabled/attr_filter
  321. attr_filter attr_filter.access_reject {
  322. filename = "/etc/freeradius/mods-config/attr_filter/access_reject"
  323. key = "%{User-Name}"
  324. relaxed = no
  325. }
  326. # Loading module "attr_filter.access_challenge" from file /etc/freeradius/mods-enabled/attr_filter
  327. attr_filter attr_filter.access_challenge {
  328. filename = "/etc/freeradius/mods-config/attr_filter/access_challenge"
  329. key = "%{User-Name}"
  330. relaxed = no
  331. }
  332. # Loading module "attr_filter.accounting_response" from file /etc/freeradius/mods-enabled/attr_filter
  333. attr_filter attr_filter.accounting_response {
  334. filename = "/etc/freeradius/mods-config/attr_filter/accounting_response"
  335. key = "%{User-Name}"
  336. relaxed = no
  337. }
  338. # Loading module "sradutmp" from file /etc/freeradius/mods-enabled/sradutmp
  339. radutmp sradutmp {
  340. filename = "/var/log/freeradius/sradutmp"
  341. username = "%{User-Name}"
  342. case_sensitive = yes
  343. check_with_nas = yes
  344. permissions = 420
  345. caller_id = no
  346. }
  347. # Loaded module rlm_preprocess
  348. # Loading module "preprocess" from file /etc/freeradius/mods-enabled/preprocess
  349. preprocess {
  350. huntgroups = "/etc/freeradius/mods-config/preprocess/huntgroups"
  351. hints = "/etc/freeradius/mods-config/preprocess/hints"
  352. with_ascend_hack = no
  353. ascend_channels_per_line = 23
  354. with_ntdomain_hack = no
  355. with_specialix_jetstream_hack = no
  356. with_cisco_vsa_hack = no
  357. with_alvarion_vsa_hack = no
  358. }
  359. # Loaded module rlm_exec
  360. # Loading module "exec" from file /etc/freeradius/mods-enabled/exec
  361. exec {
  362. wait = no
  363. input_pairs = "request"
  364. shell_escape = yes
  365. timeout = 10
  366. }
  367. # Loading module "auth_log" from file /etc/freeradius/mods-enabled/detail.log
  368. detail auth_log {
  369. filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d"
  370. header = "%t"
  371. permissions = 384
  372. locking = no
  373. escape_filenames = no
  374. log_packet_header = no
  375. }
  376. # Loading module "reply_log" from file /etc/freeradius/mods-enabled/detail.log
  377. detail reply_log {
  378. filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/reply-detail-%Y%m%d"
  379. header = "%t"
  380. permissions = 384
  381. locking = no
  382. escape_filenames = no
  383. log_packet_header = no
  384. }
  385. # Loading module "pre_proxy_log" from file /etc/freeradius/mods-enabled/detail.log
  386. detail pre_proxy_log {
  387. filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/pre-proxy-detail-%Y%m%d"
  388. header = "%t"
  389. permissions = 384
  390. locking = no
  391. escape_filenames = no
  392. log_packet_header = no
  393. }
  394. # Loading module "post_proxy_log" from file /etc/freeradius/mods-enabled/detail.log
  395. detail post_proxy_log {
  396. filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/post-proxy-detail-%Y%m%d"
  397. header = "%t"
  398. permissions = 384
  399. locking = no
  400. escape_filenames = no
  401. log_packet_header = no
  402. }
  403. # Loaded module rlm_sql
  404. # Loading module "sql" from file /etc/freeradius/mods-enabled/sql
  405. sql {
  406. driver = "rlm_sql_mysql"
  407. server = "localhost"
  408. port = 3306
  409. login = "radius"
  410. password = <<< secret >>>
  411. radius_db = "radius"
  412. read_groups = yes
  413. read_profiles = yes
  414. read_clients = yes
  415. delete_stale_sessions = yes
  416. sql_user_name = "%{%{Stripped-User-Name}:-%{%{User-Name}:-DEFAULT}}"
  417. default_user_profile = ""
  418. client_query = "SELECT id, nasname, shortname, type, secret, server FROM nas"
  419. authorize_check_query = "SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id"
  420. authorize_reply_query = "SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id"
  421. authorize_group_check_query = "SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{SQL-Group}' ORDER BY id"
  422. authorize_group_reply_query = "SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{SQL-Group}' ORDER BY id"
  423. group_membership_query = "SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority"
  424. simul_verify_query = "SELECT radacctid, acctsessionid, username, nasipaddress, nasportid, framedipaddress, callingstationid, framedprotocol FROM radacct WHERE username = '%{SQL-User-Name}' AND acctstoptime IS NULL"
  425. safe_characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
  426. query_timeout = 5
  427. accounting {
  428. reference = "%{tolower:type.%{Acct-Status-Type}.query}"
  429. type {
  430. accounting-on {
  431. query = "UPDATE radacct SET acctstoptime = FROM_UNIXTIME(%{integer:Event-Timestamp}), acctsessiontime = '%{integer:Event-Timestamp}' - UNIX_TIMESTAMP(acctstarttime), acctterminatecause = '%{%{Acct-Terminate-Cause}:-NAS-Reboot}' WHERE acctstoptime IS NULL AND nasipaddress = '%{NAS-IP-Address}' AND acctstarttime <= FROM_UNIXTIME(%{integer:Event-Timestamp})"
  432. }
  433. accounting-off {
  434. query = "UPDATE radacct SET acctstoptime = FROM_UNIXTIME(%{integer:Event-Timestamp}), acctsessiontime = '%{integer:Event-Timestamp}' - UNIX_TIMESTAMP(acctstarttime), acctterminatecause = '%{%{Acct-Terminate-Cause}:-NAS-Reboot}' WHERE acctstoptime IS NULL AND nasipaddress = '%{NAS-IP-Address}' AND acctstarttime <= FROM_UNIXTIME(%{integer:Event-Timestamp})"
  435. }
  436. start {
  437. query = "INSERT INTO radacct (acctsessionid, acctuniqueid, username, realm, nasipaddress, nasportid, nasporttype, acctstarttime, acctupdatetime, acctstoptime, acctsessiontime, acctauthentic, connectinfo_start, connectinfo_stop, acctinputoctets, acctoutputoctets, calledstationid, callingstationid, acctterminatecause, servicetype, framedprotocol, framedipaddress) VALUES ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{%{NAS-Port-ID}:-%{NAS-Port}}', '%{NAS-Port-Type}', FROM_UNIXTIME(%{integer:Event-Timestamp}), FROM_UNIXTIME(%{integer:Event-Timestamp}), NULL, '0', '%{Acct-Authentic}', '%{Connect-Info}', '', '0', '0', '%{Called-Station-Id}', '%{Calling-Station-Id}', '', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}')"
  438. }
  439. interim-update {
  440. query = "UPDATE radacct SET acctupdatetime = (@acctupdatetime_old:=acctupdatetime), acctupdatetime = FROM_UNIXTIME(%{integer:Event-Timestamp}), acctinterval = %{integer:Event-Timestamp} - UNIX_TIMESTAMP(@acctupdatetime_old), framedipaddress = '%{Framed-IP-Address}', acctsessiontime = %{%{Acct-Session-Time}:-NULL}, acctinputoctets = '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}' WHERE AcctUniqueId = '%{Acct-Unique-Session-Id}'"
  441. }
  442. stop {
  443. query = "UPDATE radacct SET acctstoptime = FROM_UNIXTIME(%{integer:Event-Timestamp}), acctsessiontime = %{%{Acct-Session-Time}:-NULL}, acctinputoctets = '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}', acctterminatecause = '%{Acct-Terminate-Cause}', connectinfo_stop = '%{Connect-Info}' WHERE AcctUniqueId = '%{Acct-Unique-Session-Id}'"
  444. }
  445. }
  446. }
  447. post-auth {
  448. reference = ".query"
  449. query = "INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{SQL-User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S')"
  450. }
  451. }
  452. rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked
  453. Creating attribute SQL-Group
  454. # Loading module "sql_dhcp" from file /etc/freeradius/mods-enabled/sql
  455. sql sql_dhcp {
  456. driver = "rlm_sql_mysql"
  457. server = "localhost"
  458. port = 3306
  459. login = "radius"
  460. password = <<< secret >>>
  461. radius_db = "radius"
  462. read_groups = yes
  463. read_profiles = yes
  464. read_clients = yes
  465. delete_stale_sessions = yes
  466. sql_user_name = "%{DHCP-Client-Hardware-Address}"
  467. default_user_profile = ""
  468. client_query = "SELECT id, nasname, shortname, type, secret, server FROM nas"
  469. authorize_check_query = "SELECT id, username, attribute, value, op FROM raddhcpcheck WHERE username = '%{SQL-User-Name}' ORDER BY id"
  470. authorize_reply_query = "SELECT id, username, attribute, value, op FROM raddhcpreply WHERE username = '%{SQL-User-Name}' ORDER BY id"
  471. authorize_group_check_query = "SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{sql_dhcp-SQL-Group}' ORDER BY id"
  472. authorize_group_reply_query = "SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{sql_dhcp-SQL-Group}' ORDER BY id"
  473. group_membership_query = "SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority"
  474. simul_verify_query = "SELECT radacctid, acctsessionid, username, nasipaddress, nasportid, framedipaddress, callingstationid, framedprotocol FROM radacct WHERE username = '%{SQL-User-Name}' AND acctstoptime IS NULL"
  475. safe_characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
  476. query_timeout = 5
  477. accounting {
  478. reference = "%{tolower:type.%{Acct-Status-Type}.query}"
  479. type {
  480. accounting-on {
  481. query = "UPDATE radacct SET acctstoptime = FROM_UNIXTIME(%{integer:Event-Timestamp}), acctsessiontime = '%{integer:Event-Timestamp}' - UNIX_TIMESTAMP(acctstarttime), acctterminatecause = '%{%{Acct-Terminate-Cause}:-NAS-Reboot}' WHERE acctstoptime IS NULL AND nasipaddress = '%{NAS-IP-Address}' AND acctstarttime <= FROM_UNIXTIME(%{integer:Event-Timestamp})"
  482. }
  483. accounting-off {
  484. query = "UPDATE radacct SET acctstoptime = FROM_UNIXTIME(%{integer:Event-Timestamp}), acctsessiontime = '%{integer:Event-Timestamp}' - UNIX_TIMESTAMP(acctstarttime), acctterminatecause = '%{%{Acct-Terminate-Cause}:-NAS-Reboot}' WHERE acctstoptime IS NULL AND nasipaddress = '%{NAS-IP-Address}' AND acctstarttime <= FROM_UNIXTIME(%{integer:Event-Timestamp})"
  485. }
  486. start {
  487. query = "INSERT INTO radacct (acctsessionid, acctuniqueid, username, realm, nasipaddress, nasportid, nasporttype, acctstarttime, acctupdatetime, acctstoptime, acctsessiontime, acctauthentic, connectinfo_start, connectinfo_stop, acctinputoctets, acctoutputoctets, calledstationid, callingstationid, acctterminatecause, servicetype, framedprotocol, framedipaddress) VALUES ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{%{NAS-Port-ID}:-%{NAS-Port}}', '%{NAS-Port-Type}', FROM_UNIXTIME(%{integer:Event-Timestamp}), FROM_UNIXTIME(%{integer:Event-Timestamp}), NULL, '0', '%{Acct-Authentic}', '%{Connect-Info}', '', '0', '0', '%{Called-Station-Id}', '%{Calling-Station-Id}', '', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}')"
  488. }
  489. interim-update {
  490. query = "UPDATE radacct SET acctupdatetime = (@acctupdatetime_old:=acctupdatetime), acctupdatetime = FROM_UNIXTIME(%{integer:Event-Timestamp}), acctinterval = %{integer:Event-Timestamp} - UNIX_TIMESTAMP(@acctupdatetime_old), framedipaddress = '%{Framed-IP-Address}', acctsessiontime = %{%{Acct-Session-Time}:-NULL}, acctinputoctets = '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}' WHERE AcctUniqueId = '%{Acct-Unique-Session-Id}'"
  491. }
  492. stop {
  493. query = "UPDATE radacct SET acctstoptime = FROM_UNIXTIME(%{integer:Event-Timestamp}), acctsessiontime = %{%{Acct-Session-Time}:-NULL}, acctinputoctets = '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}', acctterminatecause = '%{Acct-Terminate-Cause}', connectinfo_stop = '%{Connect-Info}' WHERE AcctUniqueId = '%{Acct-Unique-Session-Id}'"
  494. }
  495. }
  496. }
  497. post-auth {
  498. reference = ".query"
  499. query = "INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{SQL-User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S')"
  500. }
  501. }
  502. rlm_sql (sql_dhcp): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked
  503. Creating attribute sql_dhcp-SQL-Group
  504. # Loaded module rlm_soh
  505. # Loading module "soh" from file /etc/freeradius/mods-enabled/soh
  506. soh {
  507. dhcp = yes
  508. }
  509. # Loading module "ntlm_auth" from file /etc/freeradius/mods-enabled/ntlm_auth
  510. exec ntlm_auth {
  511. wait = yes
  512. program = "/path/to/ntlm_auth --request-nt-key --domain=MYDOMAIN --username=%{mschap:User-Name} --password=%{User-Password}"
  513. shell_escape = yes
  514. }
  515. # Loaded module rlm_cache
  516. # Loading module "cache_eap" from file /etc/freeradius/mods-enabled/cache_eap
  517. cache cache_eap {
  518. driver = "rlm_cache_rbtree"
  519. key = "%{%{control:State}:-%{%{reply:State}:-%{State}}}"
  520. ttl = 15
  521. max_entries = 0
  522. epoch = 0
  523. add_stats = no
  524. }
  525. # Loaded module rlm_files
  526. # Loading module "files" from file /etc/freeradius/mods-enabled/files
  527. files {
  528. filename = "/etc/freeradius/mods-config/files/authorize"
  529. acctusersfile = "/etc/freeradius/mods-config/files/accounting"
  530. preproxy_usersfile = "/etc/freeradius/mods-config/files/pre-proxy"
  531. }
  532. # Loaded module rlm_replicate
  533. # Loading module "replicate" from file /etc/freeradius/mods-enabled/replicate
  534. # Loaded module rlm_unpack
  535. # Loading module "unpack" from file /etc/freeradius/mods-enabled/unpack
  536. # Loaded module rlm_passwd
  537. # Loading module "etc_passwd" from file /etc/freeradius/mods-enabled/passwd
  538. passwd etc_passwd {
  539. filename = "/etc/passwd"
  540. format = "*User-Name:Crypt-Password:"
  541. delimiter = ":"
  542. ignore_nislike = no
  543. ignore_empty = yes
  544. allow_multiple_keys = no
  545. hash_size = 100
  546. }
  547. # Loaded module rlm_expiration
  548. # Loading module "expiration" from file /etc/freeradius/mods-enabled/expiration
  549. # Loaded module rlm_pap
  550. # Loading module "pap" from file /etc/freeradius/mods-enabled/pap
  551. pap {
  552. normalise = yes
  553. }
  554. # Loaded module rlm_expr
  555. # Loading module "expr" from file /etc/freeradius/mods-enabled/expr
  556. expr {
  557. safe_characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /äéöüàâæçèéêëîïôœùûüaÿÄÉÖÜßÀÂÆÇÈÉÊËÎÏÔŒÙÛÜŸ"
  558. }
  559. # Loading module "mac2ip" from file /etc/freeradius/mods-enabled/mac2ip
  560. passwd mac2ip {
  561. filename = "/etc/freeradius/mods-config/passwd/mac2ip"
  562. format = "*DHCP-Client-Hardware-Address:=DHCP-Your-IP-Address"
  563. delimiter = ","
  564. ignore_nislike = yes
  565. ignore_empty = yes
  566. allow_multiple_keys = no
  567. hash_size = 100
  568. }
  569. # Loaded module rlm_linelog
  570. # Loading module "linelog" from file /etc/freeradius/mods-enabled/linelog
  571. linelog {
  572. filename = "/var/log/freeradius/linelog"
  573. escape_filenames = no
  574. syslog_severity = "info"
  575. permissions = 384
  576. format = "This is a log message for %{User-Name}"
  577. reference = "messages.%{%{reply:Packet-Type}:-default}"
  578. }
  579. # Loading module "log_accounting" from file /etc/freeradius/mods-enabled/linelog
  580. linelog log_accounting {
  581. filename = "/var/log/freeradius/linelog-accounting"
  582. escape_filenames = no
  583. syslog_severity = "info"
  584. permissions = 384
  585. format = ""
  586. reference = "Accounting-Request.%{%{Acct-Status-Type}:-unknown}"
  587. }
  588. # Loaded module rlm_utf8
  589. # Loading module "utf8" from file /etc/freeradius/mods-enabled/utf8
  590. # Loaded module rlm_mschap
  591. # Loading module "mschap" from file /etc/freeradius/mods-enabled/mschap
  592. mschap {
  593. use_mppe = yes
  594. require_encryption = no
  595. require_strong = no
  596. with_ntdomain_hack = yes
  597. passchange {
  598. }
  599. allow_retry = yes
  600. }
  601. # Loaded module rlm_realm
  602. # Loading module "IPASS" from file /etc/freeradius/mods-enabled/realm
  603. realm IPASS {
  604. format = "prefix"
  605. delimiter = "/"
  606. ignore_default = no
  607. ignore_null = no
  608. }
  609. # Loading module "suffix" from file /etc/freeradius/mods-enabled/realm
  610. realm suffix {
  611. format = "suffix"
  612. delimiter = "@"
  613. ignore_default = no
  614. ignore_null = no
  615. }
  616. # Loading module "realmpercent" from file /etc/freeradius/mods-enabled/realm
  617. realm realmpercent {
  618. format = "suffix"
  619. delimiter = "%"
  620. ignore_default = no
  621. ignore_null = no
  622. }
  623. # Loading module "ntdomain" from file /etc/freeradius/mods-enabled/realm
  624. realm ntdomain {
  625. format = "prefix"
  626. delimiter = "\\"
  627. ignore_default = no
  628. ignore_null = no
  629. }
  630. # Loaded module rlm_dynamic_clients
  631. # Loading module "dynamic_clients" from file /etc/freeradius/mods-enabled/dynamic_clients
  632. # Loading module "echo" from file /etc/freeradius/mods-enabled/echo
  633. exec echo {
  634. wait = yes
  635. program = "/bin/echo %{User-Name}"
  636. input_pairs = "request"
  637. output_pairs = "reply"
  638. shell_escape = yes
  639. }
  640. # Loaded module rlm_eap
  641. # Loading module "eap" from file /etc/freeradius/mods-enabled/eap
  642. eap {
  643. default_eap_type = "peap"
  644. timer_expire = 60
  645. ignore_unknown_eap_types = no
  646. cisco_accounting_username_bug = no
  647. max_sessions = 16384
  648. }
  649. instantiate {
  650. }
  651. # Instantiating module "logintime" from file /etc/freeradius/mods-enabled/logintime
  652. # Instantiating module "detail" from file /etc/freeradius/mods-enabled/detail
  653. # Instantiating module "reject" from file /etc/freeradius/mods-enabled/always
  654. # Instantiating module "fail" from file /etc/freeradius/mods-enabled/always
  655. # Instantiating module "ok" from file /etc/freeradius/mods-enabled/always
  656. # Instantiating module "handled" from file /etc/freeradius/mods-enabled/always
  657. # Instantiating module "invalid" from file /etc/freeradius/mods-enabled/always
  658. # Instantiating module "userlock" from file /etc/freeradius/mods-enabled/always
  659. # Instantiating module "notfound" from file /etc/freeradius/mods-enabled/always
  660. # Instantiating module "noop" from file /etc/freeradius/mods-enabled/always
  661. # Instantiating module "updated" from file /etc/freeradius/mods-enabled/always
  662. # Instantiating module "attr_filter.post-proxy" from file /etc/freeradius/mods-enabled/attr_filter
  663. reading pairlist file /etc/freeradius/mods-config/attr_filter/post-proxy
  664. # Instantiating module "attr_filter.pre-proxy" from file /etc/freeradius/mods-enabled/attr_filter
  665. reading pairlist file /etc/freeradius/mods-config/attr_filter/pre-proxy
  666. # Instantiating module "attr_filter.access_reject" from file /etc/freeradius/mods-enabled/attr_filter
  667. reading pairlist file /etc/freeradius/mods-config/attr_filter/access_reject
  668. [/etc/freeradius/mods-config/attr_filter/access_reject]:11 Check item "FreeRADIUS-Response-Delay" found in filter list for realm "DEFAULT".
  669. [/etc/freeradius/mods-config/attr_filter/access_reject]:11 Check item "FreeRADIUS-Response-Delay-USec" found in filter list for realm "DEFAULT".
  670. # Instantiating module "attr_filter.access_challenge" from file /etc/freeradius/mods-enabled/attr_filter
  671. reading pairlist file /etc/freeradius/mods-config/attr_filter/access_challenge
  672. # Instantiating module "attr_filter.accounting_response" from file /etc/freeradius/mods-enabled/attr_filter
  673. reading pairlist file /etc/freeradius/mods-config/attr_filter/accounting_response
  674. # Instantiating module "preprocess" from file /etc/freeradius/mods-enabled/preprocess
  675. reading pairlist file /etc/freeradius/mods-config/preprocess/huntgroups
  676. reading pairlist file /etc/freeradius/mods-config/preprocess/hints
  677. # Instantiating module "auth_log" from file /etc/freeradius/mods-enabled/detail.log
  678. rlm_detail (auth_log): 'User-Password' suppressed, will not appear in detail output
  679. # Instantiating module "reply_log" from file /etc/freeradius/mods-enabled/detail.log
  680. # Instantiating module "pre_proxy_log" from file /etc/freeradius/mods-enabled/detail.log
  681. # Instantiating module "post_proxy_log" from file /etc/freeradius/mods-enabled/detail.log
  682. # Instantiating module "sql" from file /etc/freeradius/mods-enabled/sql
  683. rlm_sql_mysql: libmysql version: 5.7.16
  684. mysql {
  685. tls {
  686. }
  687. warnings = "auto"
  688. }
  689. rlm_sql (sql): Attempting to connect to database "radius"
  690. rlm_sql (sql): Initialising connection pool
  691. pool {
  692. start = 5
  693. min = 3
  694. max = 32
  695. spare = 10
  696. uses = 0
  697. lifetime = 0
  698. cleanup_interval = 30
  699. idle_timeout = 60
  700. retry_delay = 30
  701. spread = no
  702. }
  703. rlm_sql (sql): Opening additional connection (0), 1 of 32 pending slots used
  704. rlm_sql_mysql: Starting connect to MySQL server
  705. rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX socket, server version 5.7.16, protocol version 10
  706. rlm_sql (sql): Opening additional connection (1), 1 of 31 pending slots used
  707. rlm_sql_mysql: Starting connect to MySQL server
  708. rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX socket, server version 5.7.16, protocol version 10
  709. rlm_sql (sql): Opening additional connection (2), 1 of 30 pending slots used
  710. rlm_sql_mysql: Starting connect to MySQL server
  711. rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX socket, server version 5.7.16, protocol version 10
  712. rlm_sql (sql): Opening additional connection (3), 1 of 29 pending slots used
  713. rlm_sql_mysql: Starting connect to MySQL server
  714. rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX socket, server version 5.7.16, protocol version 10
  715. rlm_sql (sql): Opening additional connection (4), 1 of 28 pending slots used
  716. rlm_sql_mysql: Starting connect to MySQL server
  717. rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX socket, server version 5.7.16, protocol version 10
  718. rlm_sql (sql): Processing generate_sql_clients
  719. rlm_sql (sql) in generate_sql_clients: query is SELECT id, nasname, shortname, type, secret, server FROM nas
  720. rlm_sql (sql): Reserved connection (0)
  721. rlm_sql (sql): Executing select query: SELECT id, nasname, shortname, type, secret, server FROM nas
  722. rlm_sql (sql): Adding client 10.11.12.10 (Unifi Switch) to global clients list
  723. rlm_sql (10.11.12.10): Client "Unifi Switch" (sql) added
  724. rlm_sql (sql): Adding client 10.11.12.11 (Unifi AP) to global clients list
  725. rlm_sql (10.11.12.11): Client "Unifi AP" (sql) added
  726. rlm_sql (sql): Released connection (0)
  727. rlm_sql (sql): Need 5 more connections to reach 10 spares
  728. rlm_sql (sql): Opening additional connection (5), 1 of 27 pending slots used
  729. rlm_sql_mysql: Starting connect to MySQL server
  730. rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX socket, server version 5.7.16, protocol version 10
  731. # Instantiating module "sql_dhcp" from file /etc/freeradius/mods-enabled/sql
  732. mysql {
  733. tls {
  734. }
  735. warnings = "auto"
  736. }
  737. rlm_sql (sql_dhcp): Attempting to connect to database "radius"
  738. rlm_sql (sql_dhcp): Initialising connection pool
  739. pool {
  740. start = 5
  741. min = 3
  742. max = 32
  743. spare = 10
  744. uses = 0
  745. lifetime = 0
  746. cleanup_interval = 30
  747. idle_timeout = 60
  748. retry_delay = 30
  749. spread = no
  750. }
  751. rlm_sql (sql_dhcp): Opening additional connection (0), 1 of 32 pending slots used
  752. rlm_sql_mysql: Starting connect to MySQL server
  753. rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX socket, server version 5.7.16, protocol version 10
  754. rlm_sql (sql_dhcp): Opening additional connection (1), 1 of 31 pending slots used
  755. rlm_sql_mysql: Starting connect to MySQL server
  756. rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX socket, server version 5.7.16, protocol version 10
  757. rlm_sql (sql_dhcp): Opening additional connection (2), 1 of 30 pending slots used
  758. rlm_sql_mysql: Starting connect to MySQL server
  759. rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX socket, server version 5.7.16, protocol version 10
  760. rlm_sql (sql_dhcp): Opening additional connection (3), 1 of 29 pending slots used
  761. rlm_sql_mysql: Starting connect to MySQL server
  762. rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX socket, server version 5.7.16, protocol version 10
  763. rlm_sql (sql_dhcp): Opening additional connection (4), 1 of 28 pending slots used
  764. rlm_sql_mysql: Starting connect to MySQL server
  765. rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX socket, server version 5.7.16, protocol version 10
  766. rlm_sql (sql_dhcp): Processing generate_sql_clients
  767. rlm_sql (sql_dhcp) in generate_sql_clients: query is SELECT id, nasname, shortname, type, secret, server FROM nas
  768. rlm_sql (sql_dhcp): Reserved connection (0)
  769. rlm_sql (sql_dhcp): Executing select query: SELECT id, nasname, shortname, type, secret, server FROM nas
  770. rlm_sql (sql_dhcp): Adding client 10.11.12.10 (Unifi Switch) to global clients list
  771. Ignoring duplicate client 10.11.12.10
  772. rlm_sql (10.11.12.10): Client "Unifi Switch" (sql_dhcp) added
  773. rlm_sql (sql_dhcp): Adding client 10.11.12.11 (Unifi AP) to global clients list
  774. Ignoring duplicate client 10.11.12.11
  775. rlm_sql (10.11.12.11): Client "Unifi AP" (sql_dhcp) added
  776. rlm_sql (sql_dhcp): Released connection (0)
  777. rlm_sql (sql_dhcp): Need 5 more connections to reach 10 spares
  778. rlm_sql (sql_dhcp): Opening additional connection (5), 1 of 27 pending slots used
  779. rlm_sql_mysql: Starting connect to MySQL server
  780. rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX socket, server version 5.7.16, protocol version 10
  781. # Instantiating module "cache_eap" from file /etc/freeradius/mods-enabled/cache_eap
  782. rlm_cache (cache_eap): Driver rlm_cache_rbtree (module rlm_cache_rbtree) loaded and linked
  783. # Instantiating module "files" from file /etc/freeradius/mods-enabled/files
  784. reading pairlist file /etc/freeradius/mods-config/files/authorize
  785. reading pairlist file /etc/freeradius/mods-config/files/accounting
  786. reading pairlist file /etc/freeradius/mods-config/files/pre-proxy
  787. # Instantiating module "etc_passwd" from file /etc/freeradius/mods-enabled/passwd
  788. rlm_passwd: nfields: 3 keyfield 0(User-Name) listable: no
  789. # Instantiating module "expiration" from file /etc/freeradius/mods-enabled/expiration
  790. # Instantiating module "pap" from file /etc/freeradius/mods-enabled/pap
  791. # Instantiating module "mac2ip" from file /etc/freeradius/mods-enabled/mac2ip
  792. rlm_passwd: nfields: 2 keyfield 0(DHCP-Client-Hardware-Address) listable: no
  793. # Instantiating module "linelog" from file /etc/freeradius/mods-enabled/linelog
  794. # Instantiating module "log_accounting" from file /etc/freeradius/mods-enabled/linelog
  795. # Instantiating module "mschap" from file /etc/freeradius/mods-enabled/mschap
  796. rlm_mschap (mschap): using internal authentication
  797. # Instantiating module "IPASS" from file /etc/freeradius/mods-enabled/realm
  798. # Instantiating module "suffix" from file /etc/freeradius/mods-enabled/realm
  799. # Instantiating module "realmpercent" from file /etc/freeradius/mods-enabled/realm
  800. # Instantiating module "ntdomain" from file /etc/freeradius/mods-enabled/realm
  801. # Instantiating module "eap" from file /etc/freeradius/mods-enabled/eap
  802. # Linked to sub-module rlm_eap_gtc
  803. gtc {
  804. challenge = "Password: "
  805. auth_type = "PAP"
  806. }
  807. # Linked to sub-module rlm_eap_tls
  808. tls {
  809. tls = "tls-common"
  810. }
  811. tls-config tls-common {
  812. verify_depth = 0
  813. ca_path = "/etc/freeradius/certs"
  814. pem_file_type = yes
  815. private_key_file = "/etc/freeradius/certs/server.pem"
  816. certificate_file = "/etc/freeradius/certs/server.pem"
  817. ca_file = "/etc/freeradius/certs/ca.pem"
  818. private_key_password = <<< secret >>>
  819. dh_file = "/etc/freeradius/certs/dh"
  820. fragment_size = 1024
  821. include_length = yes
  822. auto_chain = yes
  823. check_crl = no
  824. check_all_crl = no
  825. cipher_list = "DEFAULT"
  826. ecdh_curve = "prime256v1"
  827. cache {
  828. enable = yes
  829. lifetime = 24
  830. max_entries = 255
  831. }
  832. verify {
  833. skip_if_ocsp_ok = no
  834. }
  835. ocsp {
  836. enable = no
  837. override_cert_url = yes
  838. url = "http://127.0.0.1/ocsp/"
  839. use_nonce = yes
  840. timeout = 0
  841. softfail = no
  842. }
  843. }
  844. # Linked to sub-module rlm_eap_ttls
  845. ttls {
  846. tls = "tls-common"
  847. default_eap_type = "md5"
  848. copy_request_to_tunnel = yes
  849. use_tunneled_reply = no
  850. virtual_server = "inner-tunnel"
  851. include_length = yes
  852. require_client_cert = no
  853. }
  854. tls: Using cached TLS configuration from previous invocation
  855. # Linked to sub-module rlm_eap_peap
  856. peap {
  857. tls = "tls-common"
  858. default_eap_type = "mschapv2"
  859. copy_request_to_tunnel = yes
  860. use_tunneled_reply = no
  861. proxy_tunneled_request_as_eap = yes
  862. virtual_server = "inner-tunnel"
  863. soh = no
  864. require_client_cert = no
  865. }
  866. tls: Using cached TLS configuration from previous invocation
  867. # Linked to sub-module rlm_eap_mschapv2
  868. mschapv2 {
  869. with_ntdomain_hack = no
  870. send_error = no
  871. identity = "ubuntuServer"
  872. }
  873. } # modules
  874. radiusd: #### Loading Virtual Servers ####
  875. server { # from file /etc/freeradius/radiusd.conf
  876. } # server
  877. server inner-tunnel { # from file /etc/freeradius/sites-enabled/inner-tunnel
  878. # Loading authenticate {...}
  879. # Loading authorize {...}
  880. Ignoring "ldap" (see raddb/mods-available/README.rst)
  881. # Loading session {...}
  882. # Loading post-proxy {...}
  883. # Loading post-auth {...}
  884. } # server inner-tunnel
  885. server dhcp { # from file /etc/freeradius/sites-enabled/dhcp_static
  886. # Loading dhcp DHCP-Discover {...}
  887. # Loading dhcp DHCP-Request {...}
  888. # Loading dhcp DHCP-Decline {...}
  889. # Loading dhcp DHCP-Inform {...}
  890. # Loading dhcp DHCP-Release {...}
  891. # Loading dhcp DHCP-Lease-Query {...}
  892. } # server dhcp
  893. server default { # from file /etc/freeradius/sites-enabled/default
  894. # Loading authenticate {...}
  895. # Loading authorize {...}
  896. # Loading preacct {...}
  897. # Loading accounting {...}
  898. # Loading session {...}
  899. # Loading post-proxy {...}
  900. # Loading post-auth {...}
  901. } # server default
  902. radiusd: #### Opening IP addresses and Ports ####
  903. listen {
  904. type = "auth"
  905. ipaddr = 127.0.0.1
  906. port = 18120
  907. }
  908. listen {
  909. type = "dhcp"
  910. ipaddr = 255.255.255.255
  911. port = 67
  912. src_ipaddr = 127.0.0.1
  913. }
  914. listen {
  915. type = "auth"
  916. ipaddr = *
  917. port = 0
  918. limit {
  919. max_connections = 16
  920. lifetime = 0
  921. idle_timeout = 30
  922. }
  923. }
  924. listen {
  925. type = "acct"
  926. ipaddr = *
  927. port = 0
  928. limit {
  929. max_connections = 16
  930. lifetime = 0
  931. idle_timeout = 30
  932. }
  933. }
  934. listen {
  935. type = "auth"
  936. ipv6addr = ::
  937. port = 0
  938. limit {
  939. max_connections = 16
  940. lifetime = 0
  941. idle_timeout = 30
  942. }
  943. }
  944. listen {
  945. type = "acct"
  946. ipv6addr = ::
  947. port = 0
  948. limit {
  949. max_connections = 16
  950. lifetime = 0
  951. idle_timeout = 30
  952. }
  953. }
  954. Listening on auth address 127.0.0.1 port 18120 bound to server inner-tunnel
  955. Listening on dhcp interface eth1 address 255.255.255.255 port 67 bound to server dhcp
  956. Listening on auth address * port 1812 bound to server default
  957. Listening on acct address * port 1813 bound to server default
  958. Listening on auth address :: port 1812 bound to server default
  959. Listening on acct address :: port 1813 bound to server default
  960. Listening on proxy address * port 41572
  961. Listening on proxy address :: port 52686
  962. Ready to process requests
  963. Received DHCP-Discover of Id dd52cbf7 from 0.0.0.0:68 to 255.255.255.255:67
  964. DHCP-Opcode = Client-Message
  965. DHCP-Hardware-Type = Ethernet
  966. DHCP-Hardware-Address-Length = 6
  967. DHCP-Hop-Count = 0
  968. DHCP-Transaction-Id = 3713190903
  969. DHCP-Number-of-Seconds = 0
  970. DHCP-Flags = 0
  971. DHCP-Client-IP-Address = 0.0.0.0
  972. DHCP-Your-IP-Address = 0.0.0.0
  973. DHCP-Server-IP-Address = 0.0.0.0
  974. DHCP-Gateway-IP-Address = 0.0.0.0
  975. DHCP-Client-Hardware-Address = 00:11:22:33:44:55
  976. DHCP-Message-Type = DHCP-Discover
  977. DHCP-Client-Identifier = 0x01001122334455
  978. DHCP-DHCP-Maximum-Msg-Size = 1500
  979. DHCP-Vendor-Class-Identifier = 0x616e64726f69642d646863702d372e30
  980. DHCP-Hostname = "android-host"
  981. DHCP-Parameter-Request-List = DHCP-Subnet-Mask
  982. DHCP-Parameter-Request-List = DHCP-Router-Address
  983. DHCP-Parameter-Request-List = DHCP-Domain-Name-Server
  984. DHCP-Parameter-Request-List = DHCP-Domain-Name
  985. DHCP-Parameter-Request-List = DHCP-Interface-MTU-Size
  986. DHCP-Parameter-Request-List = DHCP-Broadcast-Address
  987. DHCP-Parameter-Request-List = DHCP-IP-Address-Lease-Time
  988. DHCP-Parameter-Request-List = DHCP-Renewal-Time
  989. DHCP-Parameter-Request-List = DHCP-Rebinding-Time
  990. DHCP-Parameter-Request-List = DHCP-Vendor
  991. (0) Received code 1025 Id -581776393 from 0.0.0.0:68 to 255.255.255.255:67 length 314
  992. (0) DHCP-Opcode = Client-Message
  993. (0) DHCP-Hardware-Type = Ethernet
  994. (0) DHCP-Hardware-Address-Length = 6
  995. (0) DHCP-Hop-Count = 0
  996. (0) DHCP-Transaction-Id = 3713190903
  997. (0) DHCP-Number-of-Seconds = 0
  998. (0) DHCP-Flags = 0
  999. (0) DHCP-Client-IP-Address = 0.0.0.0
  1000. (0) DHCP-Your-IP-Address = 0.0.0.0
  1001. (0) DHCP-Server-IP-Address = 0.0.0.0
  1002. (0) DHCP-Gateway-IP-Address = 0.0.0.0
  1003. (0) DHCP-Client-Hardware-Address = 00:11:22:33:44:55
  1004. (0) DHCP-Message-Type = DHCP-Discover
  1005. (0) DHCP-Client-Identifier = 0x01001122334455
  1006. (0) DHCP-DHCP-Maximum-Msg-Size = 1500
  1007. (0) DHCP-Vendor-Class-Identifier = 0x616e64726f69642d646863702d372e30
  1008. (0) DHCP-Hostname = "android-host"
  1009. (0) DHCP-Parameter-Request-List = DHCP-Subnet-Mask
  1010. (0) DHCP-Parameter-Request-List = DHCP-Router-Address
  1011. (0) DHCP-Parameter-Request-List = DHCP-Domain-Name-Server
  1012. (0) DHCP-Parameter-Request-List = DHCP-Domain-Name
  1013. (0) DHCP-Parameter-Request-List = DHCP-Interface-MTU-Size
  1014. (0) DHCP-Parameter-Request-List = DHCP-Broadcast-Address
  1015. (0) DHCP-Parameter-Request-List = DHCP-IP-Address-Lease-Time
  1016. (0) DHCP-Parameter-Request-List = DHCP-Renewal-Time
  1017. (0) DHCP-Parameter-Request-List = DHCP-Rebinding-Time
  1018. (0) DHCP-Parameter-Request-List = DHCP-Vendor
  1019. Trying sub-section dhcp DHCP-Discover {...}
  1020. (0) dhcp DHCP-Discover {
  1021. (0) update reply {
  1022. (0) DHCP-Message-Type = DHCP-Offer
  1023. (0) } # update reply = noop
  1024. (0) update reply {
  1025. (0) &DHCP-Subnet-Mask = 255.255.255.0
  1026. (0) &DHCP-Router-Address = 10.11.12.1
  1027. (0) &DHCP-IP-Address-Lease-Time = 86400
  1028. (0) &DHCP-DHCP-Server-Identifier = 10.11.12.3
  1029. (0) } # update reply = noop
  1030. (0) sql_dhcp: EXPAND %{DHCP-Client-Hardware-Address}
  1031. (0) sql_dhcp: --> 00:11:22:33:44:55
  1032. (0) sql_dhcp: SQL-User-Name set to '00:11:22:33:44:55'
  1033. rlm_sql (sql_dhcp): Reserved connection (1)
  1034. (0) sql_dhcp: EXPAND SELECT id, username, attribute, value, op FROM raddhcpcheck WHERE username = '%{SQL-User-Name}' ORDER BY id
  1035. (0) sql_dhcp: --> SELECT id, username, attribute, value, op FROM raddhcpcheck WHERE username = '00:11:22:33:44:55' ORDER BY id
  1036. (0) sql_dhcp: Executing select query: SELECT id, username, attribute, value, op FROM raddhcpcheck WHERE username = '00:11:22:33:44:55' ORDER BY id
  1037. (0) sql_dhcp: User found in radcheck table
  1038. (0) sql_dhcp: Conditional check items matched, merging assignment check items
  1039. (0) sql_dhcp: Cleartext-Password := ""
  1040. (0) sql_dhcp: EXPAND SELECT id, username, attribute, value, op FROM raddhcpreply WHERE username = '%{SQL-User-Name}' ORDER BY id
  1041. (0) sql_dhcp: --> SELECT id, username, attribute, value, op FROM raddhcpreply WHERE username = '00:11:22:33:44:55' ORDER BY id
  1042. (0) sql_dhcp: Executing select query: SELECT id, username, attribute, value, op FROM raddhcpreply WHERE username = '00:11:22:33:44:55' ORDER BY id
  1043. (0) sql_dhcp: User found in radreply table, merging reply items
  1044. (0) sql_dhcp: DHCP-Your-IP-Address := 10.11.12.100
  1045. (0) sql_dhcp: EXPAND SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority
  1046. (0) sql_dhcp: --> SELECT groupname FROM radusergroup WHERE username = '00:11:22:33:44:55' ORDER BY priority
  1047. (0) sql_dhcp: Executing select query: SELECT groupname FROM radusergroup WHERE username = '00:11:22:33:44:55' ORDER BY priority
  1048. (0) sql_dhcp: User not found in any groups
  1049. rlm_sql (sql_dhcp): Released connection (1)
  1050. rlm_sql (sql_dhcp): Need 4 more connections to reach 10 spares
  1051. rlm_sql (sql_dhcp): Opening additional connection (6), 1 of 26 pending slots used
  1052. rlm_sql_mysql: Starting connect to MySQL server
  1053. rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX socket, server version 5.7.16, protocol version 10
  1054. (0) [sql_dhcp.authorize] = ok
  1055. (0) [ok] = ok
  1056. (0) } # dhcp DHCP-Discover = ok
  1057. (0) DHCP: Reply will be unicast to your-ip-address
  1058. (0) Sent code 1026 Id -581776393 from 127.0.0.1:67 to 10.11.12.100:68 length 0
  1059. (0) DHCP-Message-Type = DHCP-Offer
  1060. (0) DHCP-Subnet-Mask = 255.255.255.0
  1061. (0) DHCP-Router-Address = 10.11.12.1
  1062. (0) DHCP-IP-Address-Lease-Time = 86400
  1063. (0) DHCP-DHCP-Server-Identifier = 10.11.12.3
  1064. (0) DHCP-Your-IP-Address = 10.11.12.100
  1065. (0) DHCP-DHCP-Maximum-Msg-Size = 1500
  1066. (0) DHCP-Opcode = Server-Message
  1067. (0) DHCP-Hardware-Type = Ethernet
  1068. (0) DHCP-Hardware-Address-Length = 6
  1069. (0) DHCP-Hop-Count = 0
  1070. (0) DHCP-Transaction-Id = 3713190903
  1071. (0) DHCP-Flags = 0
  1072. (0) DHCP-Client-IP-Address = 0.0.0.0
  1073. (0) DHCP-Gateway-IP-Address = 0.0.0.0
  1074. (0) DHCP-Client-Hardware-Address = 00:11:22:33:44:55
  1075. DHCP-Opcode = Server-Message
  1076. DHCP-Hardware-Type = Ethernet
  1077. DHCP-Hardware-Address-Length = 6
  1078. DHCP-Hop-Count = 0
  1079. DHCP-Transaction-Id = 3713190903
  1080. DHCP-Number-of-Seconds = 0
  1081. DHCP-Flags = 0
  1082. DHCP-Client-IP-Address = 0.0.0.0
  1083. DHCP-Your-IP-Address = 10.11.12.100
  1084. DHCP-Server-IP-Address = 0.0.0.0
  1085. DHCP-Gateway-IP-Address = 0.0.0.0
  1086. DHCP-Client-Hardware-Address = 00:11:22:33:44:55
  1087. DHCP-Server-Host-Name = ""
  1088. DHCP-Boot-Filename = ""
  1089. DHCP-Subnet-Mask = 255.255.255.0
  1090. DHCP-Router-Address = 10.11.12.1
  1091. DHCP-IP-Address-Lease-Time = 86400
  1092. DHCP-DHCP-Server-Identifier = 10.11.12.3
  1093. DHCP-DHCP-Maximum-Msg-Size = 1500
  1094. Sending DHCP-Offer Id dd52cbf7 from 127.0.0.1:67 to 10.11.12.100:68
  1095. (0) Finished request
  1096. (0) Cleaning up request packet ID 3713190903 with timestamp +7
  1097. Ready to process requests
  1098. Received DHCP-Discover of Id dd52cbf7 from 0.0.0.0:68 to 255.255.255.255:67
  1099. DHCP-Opcode = Client-Message
  1100. DHCP-Hardware-Type = Ethernet
  1101. DHCP-Hardware-Address-Length = 6
  1102. DHCP-Hop-Count = 0
  1103. DHCP-Transaction-Id = 3713190903
  1104. DHCP-Number-of-Seconds = 2
  1105. DHCP-Flags = 0
  1106. DHCP-Client-IP-Address = 0.0.0.0
  1107. DHCP-Your-IP-Address = 0.0.0.0
  1108. DHCP-Server-IP-Address = 0.0.0.0
  1109. DHCP-Gateway-IP-Address = 0.0.0.0
  1110. DHCP-Client-Hardware-Address = 00:11:22:33:44:55
  1111. DHCP-Message-Type = DHCP-Discover
  1112. DHCP-Client-Identifier = 0x01001122334455
  1113. DHCP-DHCP-Maximum-Msg-Size = 1500
  1114. DHCP-Vendor-Class-Identifier = 0x616e64726f69642d646863702d372e30
  1115. DHCP-Hostname = "android-host"
  1116. DHCP-Parameter-Request-List = DHCP-Subnet-Mask
  1117. DHCP-Parameter-Request-List = DHCP-Router-Address
  1118. DHCP-Parameter-Request-List = DHCP-Domain-Name-Server
  1119. DHCP-Parameter-Request-List = DHCP-Domain-Name
  1120. DHCP-Parameter-Request-List = DHCP-Interface-MTU-Size
  1121. DHCP-Parameter-Request-List = DHCP-Broadcast-Address
  1122. DHCP-Parameter-Request-List = DHCP-IP-Address-Lease-Time
  1123. DHCP-Parameter-Request-List = DHCP-Renewal-Time
  1124. DHCP-Parameter-Request-List = DHCP-Rebinding-Time
  1125. DHCP-Parameter-Request-List = DHCP-Vendor
  1126. (1) Received code 1025 Id -581776393 from 0.0.0.0:68 to 255.255.255.255:67 length 314
  1127. (1) DHCP-Opcode = Client-Message
  1128. (1) DHCP-Hardware-Type = Ethernet
  1129. (1) DHCP-Hardware-Address-Length = 6
  1130. (1) DHCP-Hop-Count = 0
  1131. (1) DHCP-Transaction-Id = 3713190903
  1132. (1) DHCP-Number-of-Seconds = 2
  1133. (1) DHCP-Flags = 0
  1134. (1) DHCP-Client-IP-Address = 0.0.0.0
  1135. (1) DHCP-Your-IP-Address = 0.0.0.0
  1136. (1) DHCP-Server-IP-Address = 0.0.0.0
  1137. (1) DHCP-Gateway-IP-Address = 0.0.0.0
  1138. (1) DHCP-Client-Hardware-Address = 00:11:22:33:44:55
  1139. (1) DHCP-Message-Type = DHCP-Discover
  1140. (1) DHCP-Client-Identifier = 0x01001122334455
  1141. (1) DHCP-DHCP-Maximum-Msg-Size = 1500
  1142. (1) DHCP-Vendor-Class-Identifier = 0x616e64726f69642d646863702d372e30
  1143. (1) DHCP-Hostname = "android-host"
  1144. (1) DHCP-Parameter-Request-List = DHCP-Subnet-Mask
  1145. (1) DHCP-Parameter-Request-List = DHCP-Router-Address
  1146. (1) DHCP-Parameter-Request-List = DHCP-Domain-Name-Server
  1147. (1) DHCP-Parameter-Request-List = DHCP-Domain-Name
  1148. (1) DHCP-Parameter-Request-List = DHCP-Interface-MTU-Size
  1149. (1) DHCP-Parameter-Request-List = DHCP-Broadcast-Address
  1150. (1) DHCP-Parameter-Request-List = DHCP-IP-Address-Lease-Time
  1151. (1) DHCP-Parameter-Request-List = DHCP-Renewal-Time
  1152. (1) DHCP-Parameter-Request-List = DHCP-Rebinding-Time
  1153. (1) DHCP-Parameter-Request-List = DHCP-Vendor
  1154. Trying sub-section dhcp DHCP-Discover {...}
  1155. (1) dhcp DHCP-Discover {
  1156. (1) update reply {
  1157. (1) DHCP-Message-Type = DHCP-Offer
  1158. (1) } # update reply = noop
  1159. (1) update reply {
  1160. (1) &DHCP-Subnet-Mask = 255.255.255.0
  1161. (1) &DHCP-Router-Address = 10.11.12.1
  1162. (1) &DHCP-IP-Address-Lease-Time = 86400
  1163. (1) &DHCP-DHCP-Server-Identifier = 10.11.12.3
  1164. (1) } # update reply = noop
  1165. (1) sql_dhcp: EXPAND %{DHCP-Client-Hardware-Address}
  1166. (1) sql_dhcp: --> 00:11:22:33:44:55
  1167. (1) sql_dhcp: SQL-User-Name set to '00:11:22:33:44:55'
  1168. rlm_sql (sql_dhcp): Reserved connection (2)
  1169. (1) sql_dhcp: EXPAND SELECT id, username, attribute, value, op FROM raddhcpcheck WHERE username = '%{SQL-User-Name}' ORDER BY id
  1170. (1) sql_dhcp: --> SELECT id, username, attribute, value, op FROM raddhcpcheck WHERE username = '00:11:22:33:44:55' ORDER BY id
  1171. (1) sql_dhcp: Executing select query: SELECT id, username, attribute, value, op FROM raddhcpcheck WHERE username = '00:11:22:33:44:55' ORDER BY id
  1172. (1) sql_dhcp: User found in radcheck table
  1173. (1) sql_dhcp: Conditional check items matched, merging assignment check items
  1174. (1) sql_dhcp: Cleartext-Password := ""
  1175. (1) sql_dhcp: EXPAND SELECT id, username, attribute, value, op FROM raddhcpreply WHERE username = '%{SQL-User-Name}' ORDER BY id
  1176. (1) sql_dhcp: --> SELECT id, username, attribute, value, op FROM raddhcpreply WHERE username = '00:11:22:33:44:55' ORDER BY id
  1177. (1) sql_dhcp: Executing select query: SELECT id, username, attribute, value, op FROM raddhcpreply WHERE username = '00:11:22:33:44:55' ORDER BY id
  1178. (1) sql_dhcp: User found in radreply table, merging reply items
  1179. (1) sql_dhcp: DHCP-Your-IP-Address := 10.11.12.100
  1180. (1) sql_dhcp: EXPAND SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority
  1181. (1) sql_dhcp: --> SELECT groupname FROM radusergroup WHERE username = '00:11:22:33:44:55' ORDER BY priority
  1182. (1) sql_dhcp: Executing select query: SELECT groupname FROM radusergroup WHERE username = '00:11:22:33:44:55' ORDER BY priority
  1183. (1) sql_dhcp: User not found in any groups
  1184. rlm_sql (sql_dhcp): Released connection (2)
  1185. rlm_sql (sql_dhcp): Need 3 more connections to reach 10 spares
  1186. rlm_sql (sql_dhcp): Opening additional connection (7), 1 of 25 pending slots used
  1187. rlm_sql_mysql: Starting connect to MySQL server
  1188. rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX socket, server version 5.7.16, protocol version 10
  1189. (1) [sql_dhcp.authorize] = ok
  1190. (1) [ok] = ok
  1191. (1) } # dhcp DHCP-Discover = ok
  1192. (1) DHCP: Reply will be unicast to your-ip-address
  1193. (1) Sent code 1026 Id -581776393 from 127.0.0.1:67 to 10.11.12.100:68 length 0
  1194. (1) DHCP-Message-Type = DHCP-Offer
  1195. (1) DHCP-Subnet-Mask = 255.255.255.0
  1196. (1) DHCP-Router-Address = 10.11.12.1
  1197. (1) DHCP-IP-Address-Lease-Time = 86400
  1198. (1) DHCP-DHCP-Server-Identifier = 10.11.12.3
  1199. (1) DHCP-Your-IP-Address = 10.11.12.100
  1200. (1) DHCP-DHCP-Maximum-Msg-Size = 1500
  1201. (1) DHCP-Opcode = Server-Message
  1202. (1) DHCP-Hardware-Type = Ethernet
  1203. (1) DHCP-Hardware-Address-Length = 6
  1204. (1) DHCP-Hop-Count = 0
  1205. (1) DHCP-Transaction-Id = 3713190903
  1206. (1) DHCP-Flags = 0
  1207. (1) DHCP-Client-IP-Address = 0.0.0.0
  1208. (1) DHCP-Gateway-IP-Address = 0.0.0.0
  1209. (1) DHCP-Client-Hardware-Address = 00:11:22:33:44:55
  1210. DHCP-Opcode = Server-Message
  1211. DHCP-Hardware-Type = Ethernet
  1212. DHCP-Hardware-Address-Length = 6
  1213. DHCP-Hop-Count = 0
  1214. DHCP-Transaction-Id = 3713190903
  1215. DHCP-Number-of-Seconds = 0
  1216. DHCP-Flags = 0
  1217. DHCP-Client-IP-Address = 0.0.0.0
  1218. DHCP-Your-IP-Address = 10.11.12.100
  1219. DHCP-Server-IP-Address = 0.0.0.0
  1220. DHCP-Gateway-IP-Address = 0.0.0.0
  1221. DHCP-Client-Hardware-Address = 00:11:22:33:44:55
  1222. DHCP-Server-Host-Name = ""
  1223. DHCP-Boot-Filename = ""
  1224. DHCP-Subnet-Mask = 255.255.255.0
  1225. DHCP-Router-Address = 10.11.12.1
  1226. DHCP-IP-Address-Lease-Time = 86400
  1227. DHCP-DHCP-Server-Identifier = 10.11.12.3
  1228. DHCP-DHCP-Maximum-Msg-Size = 1500
  1229. Sending DHCP-Offer Id dd52cbf7 from 127.0.0.1:67 to 10.11.12.100:68
  1230. (1) Finished request
  1231. (1) Cleaning up request packet ID 3713190903 with timestamp +9
  1232. Ready to process requests
  1233. Received DHCP-Discover of Id dd52cbf7 from 0.0.0.0:68 to 255.255.255.255:67
  1234. DHCP-Opcode = Client-Message
  1235. DHCP-Hardware-Type = Ethernet
  1236. DHCP-Hardware-Address-Length = 6
  1237. DHCP-Hop-Count = 0
  1238. DHCP-Transaction-Id = 3713190903
  1239. DHCP-Number-of-Seconds = 5
  1240. DHCP-Flags = 0
  1241. DHCP-Client-IP-Address = 0.0.0.0
  1242. DHCP-Your-IP-Address = 0.0.0.0
  1243. DHCP-Server-IP-Address = 0.0.0.0
  1244. DHCP-Gateway-IP-Address = 0.0.0.0
  1245. DHCP-Client-Hardware-Address = 00:11:22:33:44:55
  1246. DHCP-Message-Type = DHCP-Discover
  1247. DHCP-Client-Identifier = 0x01001122334455
  1248. DHCP-DHCP-Maximum-Msg-Size = 1500
  1249. DHCP-Vendor-Class-Identifier = 0x616e64726f69642d646863702d372e30
  1250. DHCP-Hostname = "android-host"
  1251. DHCP-Parameter-Request-List = DHCP-Subnet-Mask
  1252. DHCP-Parameter-Request-List = DHCP-Router-Address
  1253. DHCP-Parameter-Request-List = DHCP-Domain-Name-Server
  1254. DHCP-Parameter-Request-List = DHCP-Domain-Name
  1255. DHCP-Parameter-Request-List = DHCP-Interface-MTU-Size
  1256. DHCP-Parameter-Request-List = DHCP-Broadcast-Address
  1257. DHCP-Parameter-Request-List = DHCP-IP-Address-Lease-Time
  1258. DHCP-Parameter-Request-List = DHCP-Renewal-Time
  1259. DHCP-Parameter-Request-List = DHCP-Rebinding-Time
  1260. DHCP-Parameter-Request-List = DHCP-Vendor
  1261. (2) Received code 1025 Id -581776393 from 0.0.0.0:68 to 255.255.255.255:67 length 314
  1262. (2) DHCP-Opcode = Client-Message
  1263. (2) DHCP-Hardware-Type = Ethernet
  1264. (2) DHCP-Hardware-Address-Length = 6
  1265. (2) DHCP-Hop-Count = 0
  1266. (2) DHCP-Transaction-Id = 3713190903
  1267. (2) DHCP-Number-of-Seconds = 5
  1268. (2) DHCP-Flags = 0
  1269. (2) DHCP-Client-IP-Address = 0.0.0.0
  1270. (2) DHCP-Your-IP-Address = 0.0.0.0
  1271. (2) DHCP-Server-IP-Address = 0.0.0.0
  1272. (2) DHCP-Gateway-IP-Address = 0.0.0.0
  1273. (2) DHCP-Client-Hardware-Address = 00:11:22:33:44:55
  1274. (2) DHCP-Message-Type = DHCP-Discover
  1275. (2) DHCP-Client-Identifier = 0x01001122334455
  1276. (2) DHCP-DHCP-Maximum-Msg-Size = 1500
  1277. (2) DHCP-Vendor-Class-Identifier = 0x616e64726f69642d646863702d372e30
  1278. (2) DHCP-Hostname = "android-host"
  1279. (2) DHCP-Parameter-Request-List = DHCP-Subnet-Mask
  1280. (2) DHCP-Parameter-Request-List = DHCP-Router-Address
  1281. (2) DHCP-Parameter-Request-List = DHCP-Domain-Name-Server
  1282. (2) DHCP-Parameter-Request-List = DHCP-Domain-Name
  1283. (2) DHCP-Parameter-Request-List = DHCP-Interface-MTU-Size
  1284. (2) DHCP-Parameter-Request-List = DHCP-Broadcast-Address
  1285. (2) DHCP-Parameter-Request-List = DHCP-IP-Address-Lease-Time
  1286. (2) DHCP-Parameter-Request-List = DHCP-Renewal-Time
  1287. (2) DHCP-Parameter-Request-List = DHCP-Rebinding-Time
  1288. (2) DHCP-Parameter-Request-List = DHCP-Vendor
  1289. Trying sub-section dhcp DHCP-Discover {...}
  1290. (2) dhcp DHCP-Discover {
  1291. (2) update reply {
  1292. (2) DHCP-Message-Type = DHCP-Offer
  1293. (2) } # update reply = noop
  1294. (2) update reply {
  1295. (2) &DHCP-Subnet-Mask = 255.255.255.0
  1296. (2) &DHCP-Router-Address = 10.11.12.1
  1297. (2) &DHCP-IP-Address-Lease-Time = 86400
  1298. (2) &DHCP-DHCP-Server-Identifier = 10.11.12.3
  1299. (2) } # update reply = noop
  1300. (2) sql_dhcp: EXPAND %{DHCP-Client-Hardware-Address}
  1301. (2) sql_dhcp: --> 00:11:22:33:44:55
  1302. (2) sql_dhcp: SQL-User-Name set to '00:11:22:33:44:55'
  1303. rlm_sql (sql_dhcp): Reserved connection (3)
  1304. (2) sql_dhcp: EXPAND SELECT id, username, attribute, value, op FROM raddhcpcheck WHERE username = '%{SQL-User-Name}' ORDER BY id
  1305. (2) sql_dhcp: --> SELECT id, username, attribute, value, op FROM raddhcpcheck WHERE username = '00:11:22:33:44:55' ORDER BY id
  1306. (2) sql_dhcp: Executing select query: SELECT id, username, attribute, value, op FROM raddhcpcheck WHERE username = '00:11:22:33:44:55' ORDER BY id
  1307. (2) sql_dhcp: User found in radcheck table
  1308. (2) sql_dhcp: Conditional check items matched, merging assignment check items
  1309. (2) sql_dhcp: Cleartext-Password := ""
  1310. (2) sql_dhcp: EXPAND SELECT id, username, attribute, value, op FROM raddhcpreply WHERE username = '%{SQL-User-Name}' ORDER BY id
  1311. (2) sql_dhcp: --> SELECT id, username, attribute, value, op FROM raddhcpreply WHERE username = '00:11:22:33:44:55' ORDER BY id
  1312. (2) sql_dhcp: Executing select query: SELECT id, username, attribute, value, op FROM raddhcpreply WHERE username = '00:11:22:33:44:55' ORDER BY id
  1313. (2) sql_dhcp: User found in radreply table, merging reply items
  1314. (2) sql_dhcp: DHCP-Your-IP-Address := 10.11.12.100
  1315. (2) sql_dhcp: EXPAND SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority
  1316. (2) sql_dhcp: --> SELECT groupname FROM radusergroup WHERE username = '00:11:22:33:44:55' ORDER BY priority
  1317. (2) sql_dhcp: Executing select query: SELECT groupname FROM radusergroup WHERE username = '00:11:22:33:44:55' ORDER BY priority
  1318. (2) sql_dhcp: User not found in any groups
  1319. rlm_sql (sql_dhcp): Released connection (3)
  1320. rlm_sql (sql_dhcp): Need 2 more connections to reach 10 spares
  1321. rlm_sql (sql_dhcp): Opening additional connection (8), 1 of 24 pending slots used
  1322. rlm_sql_mysql: Starting connect to MySQL server
  1323. rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX socket, server version 5.7.16, protocol version 10
  1324. (2) [sql_dhcp.authorize] = ok
  1325. (2) [ok] = ok
  1326. (2) } # dhcp DHCP-Discover = ok
  1327. (2) DHCP: Reply will be unicast to your-ip-address
  1328. (2) Sent code 1026 Id -581776393 from 127.0.0.1:67 to 10.11.12.100:68 length 0
  1329. (2) DHCP-Message-Type = DHCP-Offer
  1330. (2) DHCP-Subnet-Mask = 255.255.255.0
  1331. (2) DHCP-Router-Address = 10.11.12.1
  1332. (2) DHCP-IP-Address-Lease-Time = 86400
  1333. (2) DHCP-DHCP-Server-Identifier = 10.11.12.3
  1334. (2) DHCP-Your-IP-Address = 10.11.12.100
  1335. (2) DHCP-DHCP-Maximum-Msg-Size = 1500
  1336. (2) DHCP-Opcode = Server-Message
  1337. (2) DHCP-Hardware-Type = Ethernet
  1338. (2) DHCP-Hardware-Address-Length = 6
  1339. (2) DHCP-Hop-Count = 0
  1340. (2) DHCP-Transaction-Id = 3713190903
  1341. (2) DHCP-Flags = 0
  1342. (2) DHCP-Client-IP-Address = 0.0.0.0
  1343. (2) DHCP-Gateway-IP-Address = 0.0.0.0
  1344. (2) DHCP-Client-Hardware-Address = 00:11:22:33:44:55
  1345. DHCP-Opcode = Server-Message
  1346. DHCP-Hardware-Type = Ethernet
  1347. DHCP-Hardware-Address-Length = 6
  1348. DHCP-Hop-Count = 0
  1349. DHCP-Transaction-Id = 3713190903
  1350. DHCP-Number-of-Seconds = 0
  1351. DHCP-Flags = 0
  1352. DHCP-Client-IP-Address = 0.0.0.0
  1353. DHCP-Your-IP-Address = 10.11.12.100
  1354. DHCP-Server-IP-Address = 0.0.0.0
  1355. DHCP-Gateway-IP-Address = 0.0.0.0
  1356. DHCP-Client-Hardware-Address = 00:11:22:33:44:55
  1357. DHCP-Server-Host-Name = ""
  1358. DHCP-Boot-Filename = ""
  1359. DHCP-Subnet-Mask = 255.255.255.0
  1360. DHCP-Router-Address = 10.11.12.1
  1361. DHCP-IP-Address-Lease-Time = 86400
  1362. DHCP-DHCP-Server-Identifier = 10.11.12.3
  1363. DHCP-DHCP-Maximum-Msg-Size = 1500
  1364. Sending DHCP-Offer Id dd52cbf7 from 127.0.0.1:67 to 10.11.12.100:68
  1365. (2) Finished request
  1366. (2) Cleaning up request packet ID 3713190903 with timestamp +13
  1367. Ready to process requests
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!