API tools faq
paste
Advertisement
Guest User

freeradius_debug2

a guest
Jul 16th, 2016
69
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 40.40 KB | None | 0 0
raw download clone embed print report
  1. root@raspberrypi:/etc/freeradius/certs# sudo freeradius -X | sudo tee /home/pi/r adius_debug.log
  2. Server was built with:
  3. accounting : yes
  4. authentication : yes
  5. ascend-binary-attributes : yes
  6. coa : yes
  7. control-socket : yes
  8. detail : yes
  9. dhcp : yes
  10. dynamic-clients : yes
  11. osfc2 : no
  12. proxy : yes
  13. regex-pcre : no
  14. regex-posix : yes
  15. regex-posix-extended : yes
  16. session-management : yes
  17. stats : yes
  18. tcp : yes
  19. threads : yes
  20. tls : yes
  21. unlang : yes
  22. vmps : yes
  23. developer : no
  24. Server core libs:
  25. freeradius-server : 3.0.11
  26. talloc : 2.0.*
  27. ssl : 1.0.1t release
  28. Endianness:
  29. little
  30. Compilation flags:
  31. cppflags : -D_FORTIFY_SOURCE=2
  32. cflags : -I/home/pi/freeradius-server-3.0.11 -I/home/pi/freeradius-server-3. 0.11/src -include /home/pi/freeradius-server-3.0.11/src/freeradius-devel/autocon f.h -include /home/pi/freeradius-server-3.0.11/src/freeradius-devel/build.h -inc lude /home/pi/freeradius-server-3.0.11/src/freeradius-devel/features.h -include /home/pi/freeradius-server-3.0.11/src/freeradius-devel/radpaths.h -fno-strict-al iasing -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -O2 -Wal l -std=c99 -D_GNU_SOURCE -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -DOPENSSL_NO_KR B5 -DNDEBUG -DIS_MODULE=1
  33. ldflags : -Wl,-z,relro
  34. libs : -lcrypto -lssl -ltalloc -lcap -lnsl -lresolv -ldl -lpthread -lreadl ine
  35.  
  36. Copyright (C) 1999-2016 The FreeRADIUS server project and contributors
  37. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
  38. PARTICULAR PURPOSE
  39. You may redistribute copies of FreeRADIUS under the terms of the
  40. GNU General Public License
  41. For more information about these matters, see the file named COPYRIGHT
  42. Starting - reading configuration files ...
  43. including dictionary file /usr/share/freeradius/dictionary
  44. including dictionary file /usr/share/freeradius/dictionary.dhcp
  45. including dictionary file /usr/share/freeradius/dictionary.vqp
  46. including dictionary file /etc/freeradius/dictionary
  47. including configuration file /etc/freeradius/radiusd.conf
  48. including configuration file /etc/freeradius/proxy.conf
  49. including configuration file /etc/freeradius/clients.conf
  50. including files in directory /etc/freeradius/mods-enabled/
  51. including configuration file /etc/freeradius/mods-enabled/files
  52. including configuration file /etc/freeradius/mods-enabled/digest
  53. including configuration file /etc/freeradius/mods-enabled/exec
  54. including configuration file /etc/freeradius/mods-enabled/radutmp
  55. including configuration file /etc/freeradius/mods-enabled/unpack
  56. including configuration file /etc/freeradius/mods-enabled/soh
  57. including configuration file /etc/freeradius/mods-enabled/realm
  58. including configuration file /etc/freeradius/mods-enabled/pap
  59. including configuration file /etc/freeradius/mods-enabled/utf8
  60. including configuration file /etc/freeradius/mods-enabled/mschap
  61. including configuration file /etc/freeradius/mods-enabled/sradutmp
  62. including configuration file /etc/freeradius/mods-enabled/detail
  63. including configuration file /etc/freeradius/mods-enabled/replicate
  64. including configuration file /etc/freeradius/mods-enabled/attr_filter
  65. including configuration file /etc/freeradius/mods-enabled/linelog
  66. including configuration file /etc/freeradius/mods-enabled/detail.log
  67. including configuration file /etc/freeradius/mods-enabled/ntlm_auth
  68. including configuration file /etc/freeradius/mods-enabled/cache_eap
  69. including configuration file /etc/freeradius/mods-enabled/passwd
  70. including configuration file /etc/freeradius/mods-enabled/preprocess
  71. including configuration file /etc/freeradius/mods-enabled/unix
  72. including configuration file /etc/freeradius/mods-enabled/logintime
  73. including configuration file /etc/freeradius/mods-enabled/dynamic_clients
  74. including configuration file /etc/freeradius/mods-enabled/echo
  75. including configuration file /etc/freeradius/mods-enabled/chap
  76. including configuration file /etc/freeradius/mods-enabled/eap
  77. including configuration file /etc/freeradius/mods-enabled/always
  78. including configuration file /etc/freeradius/mods-enabled/expiration
  79. including configuration file /etc/freeradius/mods-enabled/expr
  80. including files in directory /etc/freeradius/policy.d/
  81. including configuration file /etc/freeradius/policy.d/cui
  82. including configuration file /etc/freeradius/policy.d/abfab-tr
  83. including configuration file /etc/freeradius/policy.d/operator-name
  84. including configuration file /etc/freeradius/policy.d/control
  85. including configuration file /etc/freeradius/policy.d/accounting
  86. including configuration file /etc/freeradius/policy.d/debug
  87. including configuration file /etc/freeradius/policy.d/canonicalization
  88. including configuration file /etc/freeradius/policy.d/filter
  89. including configuration file /etc/freeradius/policy.d/dhcp
  90. including configuration file /etc/freeradius/policy.d/eap
  91. including files in directory /etc/freeradius/sites-enabled/
  92. including configuration file /etc/freeradius/sites-enabled/default
  93. including configuration file /etc/freeradius/sites-enabled/inner-tunnel
  94. main {
  95. security {
  96. user = "freerad"
  97. group = "freerad"
  98. allow_core_dumps = no
  99. }
  100. name = "freeradius"
  101. prefix = "/usr"
  102. localstatedir = "/var"
  103. logdir = "/var/log/freeradius"
  104. run_dir = "/var/run/freeradius"
  105. }
  106. main {
  107. name = "freeradius"
  108. prefix = "/usr"
  109. localstatedir = "/var"
  110. sbindir = "/usr/sbin"
  111. logdir = "/var/log/freeradius"
  112. run_dir = "/var/run/freeradius"
  113. libdir = "/usr/lib/freeradius"
  114. radacctdir = "/var/log/freeradius/radacct"
  115. hostname_lookups = no
  116. max_request_time = 30
  117. cleanup_delay = 5
  118. max_requests = 16384
  119. pidfile = "/var/run/freeradius/freeradius.pid"
  120. checkrad = "/usr/sbin/checkrad"
  121. debug_level = 0
  122. proxy_requests = yes
  123. log {
  124. stripped_names = no
  125. auth = no
  126. auth_badpass = no
  127. auth_goodpass = no
  128. colourise = yes
  129. msg_denied = "You are already logged in - access denied"
  130. }
  131. resources {
  132. }
  133. security {
  134. max_attributes = 200
  135. reject_delay = 1.000000
  136. status_server = yes
  137. }
  138. }
  139. radiusd: #### Loading Realms and Home Servers ####
  140. proxy server {
  141. retry_delay = 5
  142. retry_count = 3
  143. default_fallback = no
  144. dead_time = 120
  145. wake_all_if_all_dead = no
  146. }
  147. home_server localhost {
  148. ipaddr = 127.0.0.1
  149. port = 1812
  150. type = "auth"
  151. secret = <<< secret >>>
  152. response_window = 20.000000
  153. response_timeouts = 1
  154. max_outstanding = 65536
  155. zombie_period = 40
  156. status_check = "status-server"
  157. ping_interval = 30
  158. check_interval = 30
  159. check_timeout = 4
  160. num_answers_to_alive = 3
  161. revive_interval = 120
  162. limit {
  163. max_connections = 16
  164. max_requests = 0
  165. lifetime = 0
  166. idle_timeout = 0
  167. }
  168. coa {
  169. irt = 2
  170. mrt = 16
  171. mrc = 5
  172. mrd = 30
  173. }
  174. }
  175. home_server_pool my_auth_failover {
  176. type = fail-over
  177. home_server = localhost
  178. }
  179. realm example.com {
  180. auth_pool = my_auth_failover
  181. }
  182. realm LOCAL {
  183. }
  184. radiusd: #### Loading Clients ####
  185. client localhost {
  186. ipaddr = 127.0.0.1
  187. require_message_authenticator = no
  188. secret = <<< secret >>>
  189. nas_type = "other"
  190. proto = "*"
  191. limit {
  192. max_connections = 16
  193. lifetime = 0
  194. idle_timeout = 30
  195. }
  196. }
  197. client localhost_ipv6 {
  198. ipv6addr = ::1
  199. require_message_authenticator = no
  200. secret = <<< secret >>>
  201. limit {
  202. max_connections = 16
  203. lifetime = 0
  204. idle_timeout = 30
  205. }
  206. }
  207. client 192.168.1.1 {
  208. require_message_authenticator = no
  209. secret = <<< secret >>>
  210. shortname = "TP-Link"
  211. limit {
  212. max_connections = 16
  213. lifetime = 0
  214. idle_timeout = 30
  215. }
  216. }
  217. No 'ipaddr' or 'ipv4addr' or 'ipv6addr' field found in client 192.168.1.1. Pleas e fix your configuration
  218. Support for old-style clients will be removed in a future release
  219. client 145.120.15.172 {
  220. require_message_authenticator = no
  221. secret = <<< secret >>>
  222. shortname = "Cisco"
  223. limit {
  224. max_connections = 16
  225. lifetime = 0
  226. idle_timeout = 30
  227. }
  228. }
  229. No 'ipaddr' or 'ipv4addr' or 'ipv6addr' field found in client 145.120.15.172. Pl ease fix your configuration
  230. Support for old-style clients will be removed in a future release
  231. Debugger not attached
  232. # Creating Auth-Type = PAP
  233. # Creating Auth-Type = CHAP
  234. # Creating Auth-Type = MS-CHAP
  235. # Creating Auth-Type = digest
  236. # Creating Auth-Type = eap
  237. radiusd: #### Instantiating modules ####
  238. modules {
  239. # Loaded module rlm_files
  240. # Loading module "files" from file /etc/freeradius/mods-enabled/files
  241. files {
  242. filename = "/etc/freeradius/mods-config/files/authorize"
  243. acctusersfile = "/etc/freeradius/mods-config/files/accounting"
  244. preproxy_usersfile = "/etc/freeradius/mods-config/files/pre-proxy"
  245. }
  246. # Loaded module rlm_digest
  247. # Loading module "digest" from file /etc/freeradius/mods-enabled/digest
  248. # Loaded module rlm_exec
  249. # Loading module "exec" from file /etc/freeradius/mods-enabled/exec
  250. exec {
  251. wait = no
  252. input_pairs = "request"
  253. shell_escape = yes
  254. timeout = 10
  255. }
  256. # Loaded module rlm_radutmp
  257. # Loading module "radutmp" from file /etc/freeradius/mods-enabled/radutmp
  258. radutmp {
  259. filename = "/var/log/freeradius/radutmp"
  260. username = "%{User-Name}"
  261. case_sensitive = yes
  262. check_with_nas = yes
  263. permissions = 384
  264. caller_id = yes
  265. }
  266. # Loaded module rlm_unpack
  267. # Loading module "unpack" from file /etc/freeradius/mods-enabled/unpack
  268. # Loaded module rlm_soh
  269. # Loading module "soh" from file /etc/freeradius/mods-enabled/soh
  270. soh {
  271. dhcp = yes
  272. }
  273. # Loaded module rlm_realm
  274. # Loading module "IPASS" from file /etc/freeradius/mods-enabled/realm
  275. realm IPASS {
  276. format = "prefix"
  277. delimiter = "/"
  278. ignore_default = no
  279. ignore_null = no
  280. }
  281. # Loading module "suffix" from file /etc/freeradius/mods-enabled/realm
  282. realm suffix {
  283. format = "suffix"
  284. delimiter = "@"
  285. ignore_default = no
  286. ignore_null = no
  287. }
  288. # Loading module "realmpercent" from file /etc/freeradius/mods-enabled/realm
  289. realm realmpercent {
  290. format = "suffix"
  291. delimiter = "%"
  292. ignore_default = no
  293. ignore_null = no
  294. }
  295. # Loading module "ntdomain" from file /etc/freeradius/mods-enabled/realm
  296. realm ntdomain {
  297. format = "prefix"
  298. delimiter = "\\"
  299. ignore_default = no
  300. ignore_null = no
  301. }
  302. # Loaded module rlm_pap
  303. # Loading module "pap" from file /etc/freeradius/mods-enabled/pap
  304. pap {
  305. normalise = yes
  306. }
  307. # Loaded module rlm_utf8
  308. # Loading module "utf8" from file /etc/freeradius/mods-enabled/utf8
  309. # Loaded module rlm_mschap
  310. # Loading module "mschap" from file /etc/freeradius/mods-enabled/mschap
  311. mschap {
  312. use_mppe = yes
  313. require_encryption = no
  314. require_strong = no
  315. with_ntdomain_hack = yes
  316. passchange {
  317. }
  318. allow_retry = yes
  319. }
  320. # Loading module "sradutmp" from file /etc/freeradius/mods-enabled/sradutmp
  321. radutmp sradutmp {
  322. filename = "/var/log/freeradius/sradutmp"
  323. username = "%{User-Name}"
  324. case_sensitive = yes
  325. check_with_nas = yes
  326. permissions = 420
  327. caller_id = no
  328. }
  329. # Loaded module rlm_detail
  330. # Loading module "detail" from file /etc/freeradius/mods-enabled/detail
  331. detail {
  332. filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Pa cket-Src-IPv6-Address}}/detail-%Y%m%d"
  333. header = "%t"
  334. permissions = 384
  335. locking = no
  336. escape_filenames = no
  337. log_packet_header = no
  338. }
  339. # Loaded module rlm_replicate
  340. # Loading module "replicate" from file /etc/freeradius/mods-enabled/replicate
  341. # Loaded module rlm_attr_filter
  342. # Loading module "attr_filter.post-proxy" from file /etc/freeradius/mods-enabl ed/attr_filter
  343. attr_filter attr_filter.post-proxy {
  344. filename = "/etc/freeradius/mods-config/attr_filter/post-proxy"
  345. key = "%{Realm}"
  346. relaxed = no
  347. }
  348. # Loading module "attr_filter.pre-proxy" from file /etc/freeradius/mods-enable d/attr_filter
  349. attr_filter attr_filter.pre-proxy {
  350. filename = "/etc/freeradius/mods-config/attr_filter/pre-proxy"
  351. key = "%{Realm}"
  352. relaxed = no
  353. }
  354. # Loading module "attr_filter.access_reject" from file /etc/freeradius/mods-en abled/attr_filter
  355. attr_filter attr_filter.access_reject {
  356. filename = "/etc/freeradius/mods-config/attr_filter/access_reject"
  357. key = "%{User-Name}"
  358. relaxed = no
  359. }
  360. # Loading module "attr_filter.access_challenge" from file /etc/freeradius/mods -enabled/attr_filter
  361. attr_filter attr_filter.access_challenge {
  362. filename = "/etc/freeradius/mods-config/attr_filter/access_challenge"
  363. key = "%{User-Name}"
  364. relaxed = no
  365. }
  366. # Loading module "attr_filter.accounting_response" from file /etc/freeradius/m ods-enabled/attr_filter
  367. attr_filter attr_filter.accounting_response {
  368. filename = "/etc/freeradius/mods-config/attr_filter/accounting_response"
  369. key = "%{User-Name}"
  370. relaxed = no
  371. }
  372. # Loaded module rlm_linelog
  373. # Loading module "linelog" from file /etc/freeradius/mods-enabled/linelog
  374. linelog {
  375. filename = "/var/log/freeradius/linelog"
  376. escape_filenames = no
  377. syslog_severity = "info"
  378. permissions = 384
  379. format = "This is a log message for %{User-Name}"
  380. reference = "messages.%{%{reply:Packet-Type}:-default}"
  381. }
  382. # Loading module "log_accounting" from file /etc/freeradius/mods-enabled/linel og
  383. linelog log_accounting {
  384. filename = "/var/log/freeradius/linelog-accounting"
  385. escape_filenames = no
  386. syslog_severity = "info"
  387. permissions = 384
  388. format = ""
  389. reference = "Accounting-Request.%{%{Acct-Status-Type}:-unknown}"
  390. }
  391. # Loading module "auth_log" from file /etc/freeradius/mods-enabled/detail.log
  392. detail auth_log {
  393. filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Pa cket-Src-IPv6-Address}}/auth-detail-%Y%m%d"
  394. header = "%t"
  395. permissions = 384
  396. locking = no
  397. escape_filenames = no
  398. log_packet_header = no
  399. }
  400. # Loading module "reply_log" from file /etc/freeradius/mods-enabled/detail.log
  401. detail reply_log {
  402. filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Pa cket-Src-IPv6-Address}}/reply-detail-%Y%m%d"
  403. header = "%t"
  404. permissions = 384
  405. locking = no
  406. escape_filenames = no
  407. log_packet_header = no
  408. }
  409. # Loading module "pre_proxy_log" from file /etc/freeradius/mods-enabled/detail .log
  410. detail pre_proxy_log {
  411. filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Pa cket-Src-IPv6-Address}}/pre-proxy-detail-%Y%m%d"
  412. header = "%t"
  413. permissions = 384
  414. locking = no
  415. escape_filenames = no
  416. log_packet_header = no
  417. }
  418. # Loading module "post_proxy_log" from file /etc/freeradius/mods-enabled/detai l.log
  419. detail post_proxy_log {
  420. filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Pa cket-Src-IPv6-Address}}/post-proxy-detail-%Y%m%d"
  421. header = "%t"
  422. permissions = 384
  423. locking = no
  424. escape_filenames = no
  425. log_packet_header = no
  426. }
  427. # Loading module "ntlm_auth" from file /etc/freeradius/mods-enabled/ntlm_auth
  428. exec ntlm_auth {
  429. wait = yes
  430. program = "/path/to/ntlm_auth --request-nt-key --domain=MYDOMAIN --usern ame=%{mschap:User-Name} --password=%{User-Password}"
  431. shell_escape = yes
  432. }
  433. # Loaded module rlm_cache
  434. # Loading module "cache_eap" from file /etc/freeradius/mods-enabled/cache_eap
  435. cache cache_eap {
  436. driver = "rlm_cache_rbtree"
  437. key = "%{%{control:State}:-%{%{reply:State}:-%{State}}}"
  438. ttl = 15
  439. max_entries = 0
  440. epoch = 0
  441. add_stats = no
  442. }
  443. # Loaded module rlm_passwd
  444. # Loading module "etc_passwd" from file /etc/freeradius/mods-enabled/passwd
  445. passwd etc_passwd {
  446. filename = "/etc/passwd"
  447. format = "*User-Name:Crypt-Password:"
  448. delimiter = ":"
  449. ignore_nislike = no
  450. ignore_empty = yes
  451. allow_multiple_keys = no
  452. hash_size = 100
  453. }
  454. # Loaded module rlm_preprocess
  455. # Loading module "preprocess" from file /etc/freeradius/mods-enabled/preproces s
  456. preprocess {
  457. huntgroups = "/etc/freeradius/mods-config/preprocess/huntgroups"
  458. hints = "/etc/freeradius/mods-config/preprocess/hints"
  459. with_ascend_hack = no
  460. ascend_channels_per_line = 23
  461. with_ntdomain_hack = no
  462. with_specialix_jetstream_hack = no
  463. with_cisco_vsa_hack = no
  464. with_alvarion_vsa_hack = no
  465. }
  466. # Loaded module rlm_unix
  467. # Loading module "unix" from file /etc/freeradius/mods-enabled/unix
  468. unix {
  469. radwtmp = "/var/log/freeradius/radwtmp"
  470. }
  471. Creating attribute Unix-Group
  472. # Loaded module rlm_logintime
  473. # Loading module "logintime" from file /etc/freeradius/mods-enabled/logintime
  474. logintime {
  475. minimum_timeout = 60
  476. }
  477. # Loaded module rlm_dynamic_clients
  478. # Loading module "dynamic_clients" from file /etc/freeradius/mods-enabled/dyna mic_clients
  479. # Loading module "echo" from file /etc/freeradius/mods-enabled/echo
  480. exec echo {
  481. wait = yes
  482. program = "/bin/echo %{User-Name}"
  483. input_pairs = "request"
  484. output_pairs = "reply"
  485. shell_escape = yes
  486. }
  487. # Loaded module rlm_chap
  488. # Loading module "chap" from file /etc/freeradius/mods-enabled/chap
  489. # Loaded module rlm_eap
  490. # Loading module "eap" from file /etc/freeradius/mods-enabled/eap
  491. eap {
  492. default_eap_type = "peap"
  493. timer_expire = 60
  494. ignore_unknown_eap_types = no
  495. cisco_accounting_username_bug = no
  496. max_sessions = 16384
  497. }
  498. # Loaded module rlm_always
  499. # Loading module "reject" from file /etc/freeradius/mods-enabled/always
  500. always reject {
  501. rcode = "reject"
  502. simulcount = 0
  503. mpp = no
  504. }
  505. # Loading module "fail" from file /etc/freeradius/mods-enabled/always
  506. always fail {
  507. rcode = "fail"
  508. simulcount = 0
  509. mpp = no
  510. }
  511. # Loading module "ok" from file /etc/freeradius/mods-enabled/always
  512. always ok {
  513. rcode = "ok"
  514. simulcount = 0
  515. mpp = no
  516. }
  517. # Loading module "handled" from file /etc/freeradius/mods-enabled/always
  518. always handled {
  519. rcode = "handled"
  520. simulcount = 0
  521. mpp = no
  522. }
  523. # Loading module "invalid" from file /etc/freeradius/mods-enabled/always
  524. always invalid {
  525. rcode = "invalid"
  526. simulcount = 0
  527. mpp = no
  528. }
  529. # Loading module "userlock" from file /etc/freeradius/mods-enabled/always
  530. always userlock {
  531. rcode = "userlock"
  532. simulcount = 0
  533. mpp = no
  534. }
  535. # Loading module "notfound" from file /etc/freeradius/mods-enabled/always
  536. always notfound {
  537. rcode = "notfound"
  538. simulcount = 0
  539. mpp = no
  540. }
  541. # Loading module "noop" from file /etc/freeradius/mods-enabled/always
  542. always noop {
  543. rcode = "noop"
  544. simulcount = 0
  545. mpp = no
  546. }
  547. # Loading module "updated" from file /etc/freeradius/mods-enabled/always
  548. always updated {
  549. rcode = "updated"
  550. simulcount = 0
  551. mpp = no
  552. }
  553. # Loaded module rlm_expiration
  554. # Loading module "expiration" from file /etc/freeradius/mods-enabled/expiratio n
  555. # Loaded module rlm_expr
  556. # Loading module "expr" from file /etc/freeradius/mods-enabled/expr
  557. expr {
  558. safe_characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ 0123456789.-_: /äéöüàâæçèéêëîïôœùûüaÿÄÉÖÜßÀÂÆÇÈÉÊËÎÏÔŒÙÛÜŸ"
  559. }
  560. instantiate {
  561. }
  562. # Instantiating module "files" from file /etc/freeradius/mods-enabled/files
  563. reading pairlist file /etc/freeradius/mods-config/files/authorize
  564. reading pairlist file /etc/freeradius/mods-config/files/accounting
  565. reading pairlist file /etc/freeradius/mods-config/files/pre-proxy
  566. # Instantiating module "IPASS" from file /etc/freeradius/mods-enabled/realm
  567. # Instantiating module "suffix" from file /etc/freeradius/mods-enabled/realm
  568. # Instantiating module "realmpercent" from file /etc/freeradius/mods-enabled/r ealm
  569. # Instantiating module "ntdomain" from file /etc/freeradius/mods-enabled/realm
  570. # Instantiating module "pap" from file /etc/freeradius/mods-enabled/pap
  571. # Instantiating module "mschap" from file /etc/freeradius/mods-enabled/mschap
  572. rlm_mschap (mschap): using internal authentication
  573. # Instantiating module "detail" from file /etc/freeradius/mods-enabled/detail
  574. # Instantiating module "attr_filter.post-proxy" from file /etc/freeradius/mods -enabled/attr_filter
  575. reading pairlist file /etc/freeradius/mods-config/attr_filter/post-proxy
  576. # Instantiating module "attr_filter.pre-proxy" from file /etc/freeradius/mods- enabled/attr_filter
  577. reading pairlist file /etc/freeradius/mods-config/attr_filter/pre-proxy
  578. # Instantiating module "attr_filter.access_reject" from file /etc/freeradius/m ods-enabled/attr_filter
  579. reading pairlist file /etc/freeradius/mods-config/attr_filter/access_reject
  580. [/etc/freeradius/mods-config/attr_filter/access_reject]:11 Check item "FreeRADIU S-Response-Delay" found in filter list for realm "DEFAULT".
  581. [/etc/freeradius/mods-config/attr_filter/access_reject]:11 Check item "FreeRADIU S-Response-Delay-USec" found in filter list for realm "DEFAULT".
  582. # Instantiating module "attr_filter.access_challenge" from file /etc/freeradiu s/mods-enabled/attr_filter
  583. reading pairlist file /etc/freeradius/mods-config/attr_filter/access_challenge
  584. # Instantiating module "attr_filter.accounting_response" from file /etc/freera dius/mods-enabled/attr_filter
  585. reading pairlist file /etc/freeradius/mods-config/attr_filter/accounting_respons e
  586. # Instantiating module "linelog" from file /etc/freeradius/mods-enabled/linelo g
  587. # Instantiating module "log_accounting" from file /etc/freeradius/mods-enabled /linelog
  588. # Instantiating module "auth_log" from file /etc/freeradius/mods-enabled/detai l.log
  589. rlm_detail (auth_log): 'User-Password' suppressed, will not appear in detail out put
  590. # Instantiating module "reply_log" from file /etc/freeradius/mods-enabled/deta il.log
  591. # Instantiating module "pre_proxy_log" from file /etc/freeradius/mods-enabled/ detail.log
  592. # Instantiating module "post_proxy_log" from file /etc/freeradius/mods-enabled /detail.log
  593. # Instantiating module "cache_eap" from file /etc/freeradius/mods-enabled/cach e_eap
  594. rlm_cache (cache_eap): Driver rlm_cache_rbtree (module rlm_cache_rbtree) loaded and linked
  595. # Instantiating module "etc_passwd" from file /etc/freeradius/mods-enabled/pas swd
  596. rlm_passwd: nfields: 3 keyfield 0(User-Name) listable: no
  597. # Instantiating module "preprocess" from file /etc/freeradius/mods-enabled/pre process
  598. reading pairlist file /etc/freeradius/mods-config/preprocess/huntgroups
  599. reading pairlist file /etc/freeradius/mods-config/preprocess/hints
  600. # Instantiating module "logintime" from file /etc/freeradius/mods-enabled/logi ntime
  601. # Instantiating module "eap" from file /etc/freeradius/mods-enabled/eap
  602. # Linked to sub-module rlm_eap_md5
  603. # Linked to sub-module rlm_eap_leap
  604. # Linked to sub-module rlm_eap_gtc
  605. gtc {
  606. challenge = "Password: "
  607. auth_type = "PAP"
  608. }
  609. # Linked to sub-module rlm_eap_tls
  610. tls {
  611. tls = "tls-common"
  612. }
  613. tls-config tls-common {
  614. verify_depth = 0
  615. ca_path = "/etc/freeradius/certs"
  616. pem_file_type = yes
  617. private_key_file = "/etc/freeradius/certs/server.pem"
  618. certificate_file = "/etc/freeradius/certs/server.pem"
  619. ca_file = "/etc/freeradius/certs/ca.pem"
  620. private_key_password = <<< secret >>>
  621. dh_file = "/etc/freeradius/certs/dh"
  622. fragment_size = 1024
  623. include_length = yes
  624. auto_chain = yes
  625. check_crl = no
  626. check_all_crl = no
  627. cipher_list = "DEFAULT"
  628. ecdh_curve = "prime256v1"
  629. cache {
  630. enable = yes
  631. lifetime = 24
  632. max_entries = 255
  633. }
  634. verify {
  635. skip_if_ocsp_ok = no
  636. }
  637. ocsp {
  638. enable = no
  639. override_cert_url = yes
  640. url = "http://127.0.0.1/ocsp/"
  641. use_nonce = yes
  642. timeout = 0
  643. softfail = no
  644. }
  645. }
  646. # Linked to sub-module rlm_eap_ttls
  647. ttls {
  648. tls = "tls-common"
  649. default_eap_type = "md5"
  650. copy_request_to_tunnel = no
  651. use_tunneled_reply = no
  652. virtual_server = "inner-tunnel"
  653. include_length = yes
  654. require_client_cert = no
  655. }
  656. tls: Using cached TLS configuration from previous invocation
  657. # Linked to sub-module rlm_eap_peap
  658. peap {
  659. tls = "tls-common"
  660. default_eap_type = "mschapv2"
  661. copy_request_to_tunnel = no
  662. use_tunneled_reply = no
  663. proxy_tunneled_request_as_eap = yes
  664. virtual_server = "inner-tunnel"
  665. soh = no
  666. require_client_cert = no
  667. }
  668. tls: Using cached TLS configuration from previous invocation
  669. # Linked to sub-module rlm_eap_mschapv2
  670. mschapv2 {
  671. with_ntdomain_hack = no
  672. send_error = no
  673. }
  674. # Instantiating module "reject" from file /etc/freeradius/mods-enabled/always
  675. # Instantiating module "fail" from file /etc/freeradius/mods-enabled/always
  676. # Instantiating module "ok" from file /etc/freeradius/mods-enabled/always
  677. # Instantiating module "handled" from file /etc/freeradius/mods-enabled/always
  678. # Instantiating module "invalid" from file /etc/freeradius/mods-enabled/always
  679. # Instantiating module "userlock" from file /etc/freeradius/mods-enabled/alway s
  680. # Instantiating module "notfound" from file /etc/freeradius/mods-enabled/alway s
  681. # Instantiating module "noop" from file /etc/freeradius/mods-enabled/always
  682. # Instantiating module "updated" from file /etc/freeradius/mods-enabled/always
  683. # Instantiating module "expiration" from file /etc/freeradius/mods-enabled/exp iration
  684. } # modules
  685. radiusd: #### Loading Virtual Servers ####
  686. server { # from file /etc/freeradius/radiusd.conf
  687. } # server
  688. server default { # from file /etc/freeradius/sites-enabled/default
  689. # Loading authenticate {...}
  690. # Loading authorize {...}
  691. Ignoring "sql" (see raddb/mods-available/README.rst)
  692. Ignoring "ldap" (see raddb/mods-available/README.rst)
  693. # Loading preacct {...}
  694. # Loading accounting {...}
  695. # Loading post-proxy {...}
  696. # Loading post-auth {...}
  697. } # server default
  698. server inner-tunnel { # from file /etc/freeradius/sites-enabled/inner-tunnel
  699. # Loading authenticate {...}
  700. # Loading authorize {...}
  701. # Loading session {...}
  702. # Loading post-proxy {...}
  703. # Loading post-auth {...}
  704. } # server inner-tunnel
  705. radiusd: #### Opening IP addresses and Ports ####
  706. listen {
  707. type = "auth"
  708. ipaddr = *
  709. port = 0
  710. limit {
  711. max_connections = 16
  712. lifetime = 0
  713. idle_timeout = 30
  714. }
  715. }
  716. listen {
  717. type = "acct"
  718. ipaddr = *
  719. port = 0
  720. limit {
  721. max_connections = 16
  722. lifetime = 0
  723. idle_timeout = 30
  724. }
  725. }
  726. listen {
  727. type = "auth"
  728. ipv6addr = ::
  729. port = 0
  730. limit {
  731. max_connections = 16
  732. lifetime = 0
  733. idle_timeout = 30
  734. }
  735. }
  736. listen {
  737. type = "acct"
  738. ipv6addr = ::
  739. port = 0
  740. limit {
  741. max_connections = 16
  742. lifetime = 0
  743. idle_timeout = 30
  744. }
  745. }
  746. listen {
  747. type = "auth"
  748. ipaddr = 127.0.0.1
  749. port = 18120
  750. }
  751. Listening on auth address * port 1812 bound to server default
  752. Listening on acct address * port 1813 bound to server default
  753. Listening on auth address :: port 1812 bound to server default
  754. Listening on acct address :: port 1813 bound to server default
  755. Listening on auth address 127.0.0.1 port 18120 bound to server inner-tunnel
  756. Listening on proxy address * port 53454
  757. Listening on proxy address :: port 52145
  758. Ready to process requests
  759. (0) Received Access-Request Id 102 from 192.168.1.1:54308 to 192.168.1.100:1812 length 179
  760. (0) User-Name = "Roy_dell"
  761. (0) NAS-IP-Address = 192.168.2.2
  762. (0) Called-Station-Id = "10-FE-ED-E6-6D-A7:Kookwekker"
  763. (0) NAS-Port-Type = Wireless-802.11
  764. (0) NAS-Port = 5
  765. (0) Calling-Station-Id = "AC-2B-6E-0B-5F-40"
  766. (0) Connect-Info = "CONNECT 54Mbps 802.11g"
  767. (0) Acct-Session-Id = "00000008-000000DA"
  768. (0) Framed-MTU = 1400
  769. (0) EAP-Message = 0x02e6000d01526f795f64656c6c
  770. (0) Message-Authenticator = 0xcfed70f24c9e6124be01862a48fdc080
  771. (0) # Executing section authorize from file /etc/freeradius/sites-enabled/defaul t
  772. (0) authorize {
  773. (0) policy filter_username {
  774. (0) if (&User-Name) {
  775. (0) if (&User-Name) -> TRUE
  776. (0) if (&User-Name) {
  777. (0) if (&User-Name =~ / /) {
  778. (0) if (&User-Name =~ / /) -> FALSE
  779. (0) if (&User-Name =~ /@[^@]*@/ ) {
  780. (0) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
  781. (0) if (&User-Name =~ /\.\./ ) {
  782. (0) if (&User-Name =~ /\.\./ ) -> FALSE
  783. (0) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
  784. (0) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALS E
  785. (0) if (&User-Name =~ /\.$/) {
  786. (0) if (&User-Name =~ /\.$/) -> FALSE
  787. (0) if (&User-Name =~ /@\./) {
  788. (0) if (&User-Name =~ /@\./) -> FALSE
  789. (0) } # if (&User-Name) = notfound
  790. (0) } # policy filter_username = notfound
  791. (0) [preprocess] = ok
  792. (0) [chap] = noop
  793. (0) [mschap] = noop
  794. (0) [digest] = noop
  795. (0) suffix: Checking for suffix after "@"
  796. (0) suffix: No '@' in User-Name = "Roy_dell", looking up realm NULL
  797. (0) suffix: No such realm "NULL"
  798. (0) [suffix] = noop
  799. (0) eap: Peer sent EAP Response (code 2) ID 230 length 13
  800. (0) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
  801. (0) [eap] = ok
  802. (0) } # authorize = ok
  803. (0) Found Auth-Type = eap
  804. (0) # Executing group from file /etc/freeradius/sites-enabled/default
  805. (0) authenticate {
  806. (0) eap: Peer sent packet with method EAP Identity (1)
  807. (0) eap: Calling submodule eap_peap to process data
  808. (0) eap_peap: Initiating new EAP-TLS session
  809. (0) eap_peap: Flushing SSL sessions (of #0)
  810. (0) eap_peap: [eaptls start] = request
  811. (0) eap: Sending EAP Request (code 1) ID 231 length 6
  812. (0) eap: EAP session adding &reply:State = 0xe6b9f899e65ee14b
  813. (0) [eap] = handled
  814. (0) } # authenticate = handled
  815. (0) Using Post-Auth-Type Challenge
  816. (0) Post-Auth-Type sub-section not found. Ignoring.
  817. (0) # Executing group from file /etc/freeradius/sites-enabled/default
  818. (0) Sent Access-Challenge Id 102 from 192.168.1.100:1812 to 192.168.1.1:54308 le ngth 0
  819. (0) EAP-Message = 0x01e700061920
  820. (0) Message-Authenticator = 0x00000000000000000000000000000000
  821. (0) State = 0xe6b9f899e65ee14b4b97e487f6d95f85
  822. (0) Finished request
  823. Waking up in 4.9 seconds.
  824. (0) Cleaning up request packet ID 102 with timestamp +7
  825. Ready to process requests
  826. ^Croot@raspberrypi:/etc/freeradius/certs#
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!