API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Oct 11th, 2017
69
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 15.14 KB | None | 0 0
raw download clone embed print report
  1. media@media:/etc/freeradius$ sudo freeradius -X
  2. freeradius: FreeRADIUS Version 2.2.8, for host x86_64-pc-linux-gnu, built on Jul 26 2017 at 15:27:21
  3. Copyright (C) 1999-2015 The FreeRADIUS server project and contributors.
  4. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
  5. PARTICULAR PURPOSE.
  6. You may redistribute copies of FreeRADIUS under the terms of the
  7. GNU General Public License.
  8. For more information about these matters, see the file named COPYRIGHT.
  9. Starting - reading configuration files ...
  10. including configuration file /etc/freeradius/radiusd.conf
  11. including configuration file /etc/freeradius/proxy.conf
  12. including configuration file /etc/freeradius/clients.conf
  13. including files in directory /etc/freeradius/modules/
  14. including configuration file /etc/freeradius/modules/mac2vlan
  15. including configuration file /etc/freeradius/modules/exec
  16. including configuration file /etc/freeradius/modules/mschap
  17. including configuration file /etc/freeradius/modules/files
  18. including configuration file /etc/freeradius/modules/attr_rewrite
  19. including configuration file /etc/freeradius/modules/detail.log
  20. including configuration file /etc/freeradius/modules/soh
  21. including configuration file /etc/freeradius/modules/dhcp_sqlippool
  22. including configuration file /etc/freeradius/modules/mac2ip
  23. including configuration file /etc/freeradius/modules/radutmp
  24. including configuration file /etc/freeradius/modules/always
  25. including configuration file /etc/freeradius/modules/otp
  26. including configuration file /etc/freeradius/modules/unix
  27. including configuration file /etc/freeradius/modules/detail.example.com
  28. including configuration file /etc/freeradius/modules/rediswho
  29. including configuration file /etc/freeradius/modules/counter
  30. including configuration file /etc/freeradius/modules/linelog
  31. including configuration file /etc/freeradius/modules/smbpasswd
  32. including configuration file /etc/freeradius/modules/sradutmp
  33. including configuration file /etc/freeradius/modules/chap
  34. including configuration file /etc/freeradius/modules/pap
  35. including configuration file /etc/freeradius/modules/cui
  36. including configuration file /etc/freeradius/modules/ntlm_auth
  37. including configuration file /etc/freeradius/modules/passwd
  38. including configuration file /etc/freeradius/modules/ippool
  39. including configuration file /etc/freeradius/modules/checkval
  40. including configuration file /etc/freeradius/modules/sqlcounter_expire_on_login
  41. including configuration file /etc/freeradius/modules/inner-eap
  42. including configuration file /etc/freeradius/modules/redis
  43. including configuration file /etc/freeradius/modules/detail
  44. including configuration file /etc/freeradius/modules/etc_group
  45. including configuration file /etc/freeradius/modules/smsotp
  46. including configuration file /etc/freeradius/modules/realm
  47. including configuration file /etc/freeradius/modules/perl
  48. including configuration file /etc/freeradius/modules/opendirectory
  49. including configuration file /etc/freeradius/modules/attr_filter
  50. including configuration file /etc/freeradius/modules/pam
  51. including configuration file /etc/freeradius/modules/logintime
  52. including configuration file /etc/freeradius/modules/echo
  53. including configuration file /etc/freeradius/modules/krb5
  54. including configuration file /etc/freeradius/modules/expr
  55. including configuration file /etc/freeradius/modules/expiration
  56. including configuration file /etc/freeradius/modules/ldap
  57. including configuration file /etc/freeradius/modules/radrelay
  58. including configuration file /etc/freeradius/modules/policy
  59. including configuration file /etc/freeradius/modules/dynamic_clients
  60. including configuration file /etc/freeradius/modules/sql_log
  61. including configuration file /etc/freeradius/modules/preprocess
  62. including configuration file /etc/freeradius/modules/digest
  63. including configuration file /etc/freeradius/modules/replicate
  64. including configuration file /etc/freeradius/modules/wimax
  65. including configuration file /etc/freeradius/modules/acct_unique
  66. including configuration file /etc/freeradius/modules/cache
  67. including configuration file /etc/freeradius/eap.conf
  68. including configuration file /etc/freeradius/policy.conf
  69. including files in directory /etc/freeradius/sites-enabled/
  70. including configuration file /etc/freeradius/sites-enabled/default
  71. including configuration file /etc/freeradius/sites-enabled/inner-tunnel
  72. main {
  73. user = "freerad"
  74. group = "freerad"
  75. allow_core_dumps = no
  76. }
  77. including dictionary file /etc/freeradius/dictionary
  78. main {
  79. name = "freeradius"
  80. prefix = "/usr"
  81. localstatedir = "/var"
  82. sbindir = "/usr/sbin"
  83. logdir = "/var/log/freeradius"
  84. run_dir = "/var/run/freeradius"
  85. libdir = "/usr/lib/freeradius"
  86. radacctdir = "/var/log/freeradius/radacct"
  87. hostname_lookups = no
  88. max_request_time = 30
  89. cleanup_delay = 5
  90. max_requests = 5120
  91. pidfile = "/var/run/freeradius/freeradius.pid"
  92. checkrad = "/usr/sbin/checkrad"
  93. debug_level = 0
  94. proxy_requests = no
  95. log {
  96. stripped_names = no
  97. auth = no
  98. auth_badpass = no
  99. auth_goodpass = no
  100. }
  101. security {
  102. max_attributes = 200
  103. reject_delay = 1
  104. status_server = yes
  105. allow_vulnerable_openssl = no
  106. }
  107. }
  108. radiusd: #### Loading Realms and Home Servers ####
  109. proxy server {
  110. retry_delay = 5
  111. retry_count = 3
  112. default_fallback = no
  113. dead_time = 120
  114. wake_all_if_all_dead = no
  115. }
  116. home_server localhost {
  117. ipaddr = 127.0.0.1
  118. port = 1812
  119. type = "auth"
  120. secret = "testing123"
  121. response_window = 20
  122. max_outstanding = 65536
  123. require_message_authenticator = yes
  124. zombie_period = 40
  125. status_check = "status-server"
  126. ping_interval = 30
  127. check_interval = 30
  128. num_answers_to_alive = 3
  129. num_pings_to_alive = 3
  130. revive_interval = 120
  131. status_check_timeout = 4
  132. coa {
  133. irt = 2
  134. mrt = 16
  135. mrc = 5
  136. mrd = 30
  137. }
  138. }
  139. home_server_pool my_auth_failover {
  140. type = fail-over
  141. home_server = localhost
  142. }
  143. realm example.com {
  144. auth_pool = my_auth_failover
  145. }
  146. realm LOCAL {
  147. }
  148. radiusd: #### Loading Clients ####
  149. client localhost {
  150. ipaddr = 127.0.0.1
  151. require_message_authenticator = no
  152. secret = "PASSWORD@Server"
  153. nastype = "other"
  154. }
  155. client dd-wrt {
  156. ipaddr = 192.168.0.2
  157. require_message_authenticator = no
  158. secret = "PASSWORD@DD-WRT"
  159. }
  160. client netgear {
  161. ipaddr = 192.168.0.1
  162. require_message_authenticator = no
  163. secret = "PASSWORD@Netgear"
  164. }
  165. radiusd: #### Instantiating modules ####
  166. instantiate {
  167. Module: Linked to module rlm_exec
  168. Module: Instantiating module "exec" from file /etc/freeradius/modules/exec
  169. exec {
  170. wait = no
  171. input_pairs = "request"
  172. shell_escape = yes
  173. timeout = 10
  174. }
  175. Module: Linked to module rlm_expr
  176. Module: Instantiating module "expr" from file /etc/freeradius/modules/expr
  177. Module: Linked to module rlm_expiration
  178. Module: Instantiating module "expiration" from file /etc/freeradius/modules/expiration
  179. expiration {
  180. reply-message = "Password Has Expired "
  181. }
  182. Module: Linked to module rlm_logintime
  183. Module: Instantiating module "logintime" from file /etc/freeradius/modules/logintime
  184. logintime {
  185. reply-message = "You are calling outside your allowed timespan "
  186. minimum-timeout = 60
  187. }
  188. }
  189. radiusd: #### Loading Virtual Servers ####
  190. server { # from file /etc/freeradius/radiusd.conf
  191. modules {
  192. Module: Creating Auth-Type = digest
  193. Module: Checking authenticate {...} for more modules to load
  194. Module: Linked to module rlm_pap
  195. Module: Instantiating module "pap" from file /etc/freeradius/modules/pap
  196. pap {
  197. encryption_scheme = "auto"
  198. auto_header = no
  199. }
  200. Module: Linked to module rlm_chap
  201. Module: Instantiating module "chap" from file /etc/freeradius/modules/chap
  202. Module: Linked to module rlm_mschap
  203. Module: Instantiating module "mschap" from file /etc/freeradius/modules/mschap
  204. mschap {
  205. use_mppe = yes
  206. require_encryption = no
  207. require_strong = no
  208. with_ntdomain_hack = no
  209. allow_retry = yes
  210. }
  211. Module: Linked to module rlm_digest
  212. Module: Instantiating module "digest" from file /etc/freeradius/modules/digest
  213. Module: Linked to module rlm_unix
  214. Module: Instantiating module "unix" from file /etc/freeradius/modules/unix
  215. unix {
  216. radwtmp = "/var/log/freeradius/radwtmp"
  217. }
  218. Module: Linked to module rlm_eap
  219. Module: Instantiating module "eap" from file /etc/freeradius/eap.conf
  220. eap {
  221. default_eap_type = "ttls"
  222. timer_expire = 60
  223. ignore_unknown_eap_types = no
  224. cisco_accounting_username_bug = no
  225. max_sessions = 5120
  226. }
  227. Module: Linked to sub-module rlm_eap_md5
  228. Module: Instantiating eap-md5
  229. Module: Linked to sub-module rlm_eap_leap
  230. Module: Instantiating eap-leap
  231. Module: Linked to sub-module rlm_eap_gtc
  232. Module: Instantiating eap-gtc
  233. gtc {
  234. challenge = "Password: "
  235. auth_type = "PAP"
  236. }
  237. Module: Linked to sub-module rlm_eap_tls
  238. Module: Instantiating eap-tls
  239. tls {
  240. rsa_key_exchange = no
  241. dh_key_exchange = yes
  242. rsa_key_length = 512
  243. dh_key_length = 512
  244. verify_depth = 0
  245. CA_path = "/etc/freeradius/certs"
  246. pem_file_type = yes
  247. private_key_file = "/etc/freeradius/certs/server.key"
  248. certificate_file = "/etc/freeradius/certs/server.pem"
  249. CA_file = "/etc/freeradius/certs/ca.pem"
  250. private_key_password = "whatever"
  251. dh_file = "/etc/freeradius/certs/dh"
  252. random_file = "/dev/urandom"
  253. fragment_size = 1024
  254. include_length = yes
  255. check_crl = no
  256. check_all_crl = no
  257. cipher_list = "DEFAULT"
  258. make_cert_command = "/etc/freeradius/certs/bootstrap"
  259. ecdh_curve = "prime256v1"
  260. cache {
  261. enable = no
  262. lifetime = 24
  263. max_entries = 255
  264. }
  265. verify {
  266. }
  267. ocsp {
  268. enable = no
  269. override_cert_url = yes
  270. url = "http://127.0.0.1/ocsp/"
  271. use_nonce = yes
  272. timeout = 0
  273. softfail = no
  274. }
  275. }
  276. Module: Linked to sub-module rlm_eap_ttls
  277. Module: Instantiating eap-ttls
  278. ttls {
  279. default_eap_type = "mschapv2"
  280. copy_request_to_tunnel = no
  281. use_tunneled_reply = no
  282. virtual_server = "inner-tunnel"
  283. include_length = yes
  284. }
  285. Module: Linked to sub-module rlm_eap_peap
  286. Module: Instantiating eap-peap
  287. peap {
  288. default_eap_type = "mschapv2"
  289. copy_request_to_tunnel = no
  290. use_tunneled_reply = no
  291. proxy_tunneled_request_as_eap = yes
  292. virtual_server = "inner-tunnel"
  293. soh = no
  294. }
  295. Module: Linked to sub-module rlm_eap_mschapv2
  296. Module: Instantiating eap-mschapv2
  297. mschapv2 {
  298. with_ntdomain_hack = no
  299. send_error = no
  300. }
  301. Module: Checking authorize {...} for more modules to load
  302. Module: Linked to module rlm_preprocess
  303. Module: Instantiating module "preprocess" from file /etc/freeradius/modules/preprocess
  304. preprocess {
  305. huntgroups = "/etc/freeradius/huntgroups"
  306. hints = "/etc/freeradius/hints"
  307. with_ascend_hack = no
  308. ascend_channels_per_line = 23
  309. with_ntdomain_hack = no
  310. with_specialix_jetstream_hack = no
  311. with_cisco_vsa_hack = no
  312. with_alvarion_vsa_hack = no
  313. }
  314. reading pairlist file /etc/freeradius/huntgroups
  315. reading pairlist file /etc/freeradius/hints
  316. Module: Linked to module rlm_realm
  317. Module: Instantiating module "suffix" from file /etc/freeradius/modules/realm
  318. realm suffix {
  319. format = "suffix"
  320. delimiter = "@"
  321. ignore_default = no
  322. ignore_null = no
  323. }
  324. Module: Linked to module rlm_files
  325. Module: Instantiating module "files" from file /etc/freeradius/modules/files
  326. files {
  327. usersfile = "/etc/freeradius/users"
  328. acctusersfile = "/etc/freeradius/acct_users"
  329. preproxy_usersfile = "/etc/freeradius/preproxy_users"
  330. compat = "no"
  331. }
  332. reading pairlist file /etc/freeradius/users
  333. reading pairlist file /etc/freeradius/acct_users
  334. reading pairlist file /etc/freeradius/preproxy_users
  335. Module: Checking preacct {...} for more modules to load
  336. Module: Linked to module rlm_acct_unique
  337. Module: Instantiating module "acct_unique" from file /etc/freeradius/modules/acct_unique
  338. acct_unique {
  339. key = "User-Name, Acct-Session-Id, NAS-IP-Address, NAS-Identifier, NAS-Port"
  340. }
  341. Module: Checking accounting {...} for more modules to load
  342. Module: Linked to module rlm_detail
  343. Module: Instantiating module "detail" from file /etc/freeradius/modules/detail
  344. detail {
  345. detailfile = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d"
  346. header = "%t"
  347. detailperm = 384
  348. dirperm = 493
  349. locking = no
  350. log_packet_header = no
  351. escape_filenames = no
  352. }
  353. Module: Linked to module rlm_attr_filter
  354. Module: Instantiating module "attr_filter.accounting_response" from file /etc/freeradius/modules/attr_filter
  355. attr_filter attr_filter.accounting_response {
  356. attrsfile = "/etc/freeradius/attrs.accounting_response"
  357. key = "%{User-Name}"
  358. relaxed = no
  359. }
  360. reading pairlist file /etc/freeradius/attrs.accounting_response
  361. Module: Checking session {...} for more modules to load
  362. Module: Linked to module rlm_radutmp
  363. Module: Instantiating module "radutmp" from file /etc/freeradius/modules/radutmp
  364. radutmp {
  365. filename = "/var/log/freeradius/radutmp"
  366. username = "%{User-Name}"
  367. case_sensitive = yes
  368. check_with_nas = yes
  369. perm = 384
  370. callerid = yes
  371. }
  372. Module: Checking post-proxy {...} for more modules to load
  373. Module: Checking post-auth {...} for more modules to load
  374. Module: Instantiating module "attr_filter.access_reject" from file /etc/freeradius/modules/attr_filter
  375. attr_filter attr_filter.access_reject {
  376. attrsfile = "/etc/freeradius/attrs.access_reject"
  377. key = "%{User-Name}"
  378. relaxed = no
  379. }
  380. reading pairlist file /etc/freeradius/attrs.access_reject
  381. } # modules
  382. } # server
  383. server inner-tunnel { # from file /etc/freeradius/sites-enabled/inner-tunnel
  384. modules {
  385. Module: Checking authenticate {...} for more modules to load
  386. Module: Checking authorize {...} for more modules to load
  387. Module: Checking session {...} for more modules to load
  388. Module: Checking post-proxy {...} for more modules to load
  389. Module: Checking post-auth {...} for more modules to load
  390. } # modules
  391. } # server
  392. radiusd: #### Opening IP addresses and Ports ####
  393. listen {
  394. type = "auth"
  395. ipaddr = *
  396. port = 0
  397. }
  398. listen {
  399. type = "acct"
  400. ipaddr = *
  401. port = 0
  402. }
  403. listen {
  404. type = "auth"
  405. ipaddr = 127.0.0.1
  406. port = 18120
  407. }
  408. Listening on authentication address * port 1812
  409. Listening on accounting address * port 1813
  410. Listening on authentication address 127.0.0.1 port 18120 as server inner-tunnel
  411. Ready to process requests.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!