server:# /usr/sbin/freeradius -XFreeRADIUS Version 2.0.4, for host i486-pc-li

1. server:# /usr/sbin/freeradius -X
2. FreeRADIUS Version 2.0.4, for host i486-pc-linux-gnu, built on Sep 7 2008 at 23:35:34
3. Copyright (C) 1999-2008 The FreeRADIUS server project and contributors.
4. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
5. PARTICULAR PURPOSE.
6. You may redistribute copies of FreeRADIUS under the terms of the
7. GNU General Public License.
8. Starting - reading configuration files ...
9. including configuration file /etc/freeradius/radiusd.conf
10. including configuration file /etc/freeradius/proxy.conf
11. including configuration file /etc/freeradius/clients.conf
12. including configuration file /etc/freeradius/snmp.conf
13. including configuration file /etc/freeradius/eap.conf
14. including configuration file /etc/freeradius/sql.conf
15. including configuration file /etc/freeradius/sql/mysql/dialup.conf
16. including configuration file /etc/freeradius/policy.conf
17. including files in directory /etc/freeradius/sites-enabled/
18. including configuration file /etc/freeradius/sites-enabled/inner-tunnel
19. including configuration file /etc/freeradius/sites-enabled/default
20. including dictionary file /etc/freeradius/dictionary
21. main {
22. prefix = "/usr"
23. localstatedir = "/var"
24. logdir = "/var/log/freeradius"
25. libdir = "/usr/lib/freeradius"
26. radacctdir = "/var/log/freeradius/radacct"
27. hostname_lookups = no
28. max_request_time = 30
29. cleanup_delay = 5
30. max_requests = 1024
31. allow_core_dumps = no
32. pidfile = "/var/run/freeradius/freeradius.pid"
33. user = "freerad"
34. group = "freerad"
35. checkrad = "/usr/sbin/checkrad"
36. debug_level = 0
37. proxy_requests = yes
38. security {
39. max_attributes = 200
40. reject_delay = 1
41. status_server = yes
42. }
43. }
44. client localhost {
45. ipaddr = 127.0.0.1
46. require_message_authenticator = no
47. secret = "testing123"
48. nastype = "other"
49. }
50. radiusd: #### Loading Realms and Home Servers ####
51. proxy server {
52. retry_delay = 5
53. retry_count = 3
54. default_fallback = no
55. dead_time = 120
56. wake_all_if_all_dead = no
57. }
58. home_server localhost {
59. ipaddr = 127.0.0.1
60. port = 1812
61. type = "auth"
62. secret = "testing123"
63. response_window = 20
64. max_outstanding = 65536
65. zombie_period = 40
66. status_check = "status-server"
67. ping_check = "none"
68. ping_interval = 30
69. check_interval = 30
70. num_answers_to_alive = 3
71. num_pings_to_alive = 3
72. revive_interval = 120
73. status_check_timeout = 4
74. }
75. home_server_pool my_auth_failover {
76. type = fail-over
77. home_server = localhost
78. }
79. realm example.com {
80. auth_pool = my_auth_failover
81. }
82. realm LOCAL {
83. }
84. radiusd: #### Instantiating modules ####
85. instantiate {
86. Module: Linked to module rlm_exec
87. Module: Instantiating exec
88. exec {
89. wait = yes
90. input_pairs = "request"
91. shell_escape = yes
92. }
93. Module: Linked to module rlm_expr
94. Module: Instantiating expr
95. Module: Linked to module rlm_expiration
96. Module: Instantiating expiration
97. expiration {
98. reply-message = "Password Has Expired "
99. }
100. Module: Linked to module rlm_logintime
101. Module: Instantiating logintime
102. logintime {
103. reply-message = "You are calling outside your allowed timespan "
104. minimum-timeout = 60
105. }
106. }
107. radiusd: #### Loading Virtual Servers ####
108. server inner-tunnel {
109. modules {
110. Module: Checking authenticate {...} for more modules to load
111. Module: Linked to module rlm_pap
112. Module: Instantiating pap
113. pap {
114. encryption_scheme = "auto"
115. auto_header = no
116. }
117. Module: Linked to module rlm_chap
118. Module: Instantiating chap
119. Module: Linked to module rlm_mschap
120. Module: Instantiating mschap
121. mschap {
122. use_mppe = yes
123. require_encryption = no
124. require_strong = no
125. with_ntdomain_hack = no
126. }
127. Module: Linked to module rlm_unix
128. Module: Instantiating unix
129. unix {
130. radwtmp = "/var/log/freeradius/radwtmp"
131. }
132. Module: Linked to module rlm_eap
133. Module: Instantiating eap
134. eap {
135. default_eap_type = "md5"
136. timer_expire = 60
137. ignore_unknown_eap_types = no
138. cisco_accounting_username_bug = no
139. }
140. Module: Linked to sub-module rlm_eap_md5
141. Module: Instantiating eap-md5
142. Module: Linked to sub-module rlm_eap_leap
143. Module: Instantiating eap-leap
144. Module: Linked to sub-module rlm_eap_gtc
145. Module: Instantiating eap-gtc
146. gtc {
147. challenge = "Password: "
148. auth_type = "PAP"
149. }
150. rlm_eap: Ignoring EAP-Type/tls because we do not have OpenSSL support.
151. rlm_eap: Ignoring EAP-Type/ttls because we do not have OpenSSL support.
152. rlm_eap: Ignoring EAP-Type/peap because we do not have OpenSSL support.
153. Module: Linked to sub-module rlm_eap_mschapv2
154. Module: Instantiating eap-mschapv2
155. mschapv2 {
156. with_ntdomain_hack = no
157. }
158. Module: Checking authorize {...} for more modules to load
159. Module: Linked to module rlm_realm
160. Module: Instantiating suffix
161. realm suffix {
162. format = "suffix"
163. delimiter = "@"
164. ignore_default = no
165. ignore_null = no
166. }
167. Module: Linked to module rlm_files
168. Module: Instantiating files
169. files {
170. usersfile = "/etc/freeradius/users"
171. acctusersfile = "/etc/freeradius/acct_users"
172. preproxy_usersfile = "/etc/freeradius/preproxy_users"
173. compat = "no"
174. }
175. Module: Checking session {...} for more modules to load
176. Module: Linked to module rlm_radutmp
177. Module: Instantiating radutmp
178. radutmp {
179. filename = "/var/log/freeradius/radutmp"
180. username = "%{User-Name}"
181. case_sensitive = yes
182. check_with_nas = yes
183. perm = 384
184. callerid = yes
185. }
186. Module: Checking post-proxy {...} for more modules to load
187. Module: Checking post-auth {...} for more modules to load
188. Module: Linked to module rlm_attr_filter
189. Module: Instantiating attr_filter.access_reject
190. attr_filter attr_filter.access_reject {
191. attrsfile = "/etc/freeradius/attrs.access_reject"
192. key = "%{User-Name}"
193. }
194. }
195. }
196. server {
197. modules {
198. Module: Checking authenticate {...} for more modules to load
199. Module: Checking authorize {...} for more modules to load
200. Module: Linked to module rlm_preprocess
201. Module: Instantiating preprocess
202. preprocess {
203. huntgroups = "/etc/freeradius/huntgroups"
204. hints = "/etc/freeradius/hints"
205. with_ascend_hack = no
206. ascend_channels_per_line = 23
207. with_ntdomain_hack = no
208. with_specialix_jetstream_hack = no
209. with_cisco_vsa_hack = no
210. with_alvarion_vsa_hack = no
211. }
212. Module: Checking preacct {...} for more modules to load
213. Module: Linked to module rlm_acct_unique
214. Module: Instantiating acct_unique
215. acct_unique {
216. key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port"
217. }
218. Module: Checking accounting {...} for more modules to load
219. Module: Linked to module rlm_detail
220. Module: Instantiating detail
221. detail {
222. detailfile = "/var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
223. header = "%t"
224. detailperm = 384
225. dirperm = 493
226. locking = no
227. log_packet_header = no
228. }
229. Module: Instantiating attr_filter.accounting_response
230. attr_filter attr_filter.accounting_response {
231. attrsfile = "/etc/freeradius/attrs.accounting_response"
232. key = "%{User-Name}"
233. }
234. Module: Checking session {...} for more modules to load
235. Module: Checking post-proxy {...} for more modules to load
236. Module: Checking post-auth {...} for more modules to load
237. }
238. }
239. radiusd: #### Opening IP addresses and Ports ####
240. listen {
241. type = "auth"
242. ipaddr = *
243. port = 0
244. }
245. listen {
246. type = "acct"
247. ipaddr = *
248. port = 0
249. }
250. main {
251. snmp = no
252. smux_password = ""
253. snmp_write_access = no
254. }
255. Listening on authentication address * port 1812
256. Listening on accounting address * port 1813
257. Listening on proxy address * port 1814
258. Ready to process requests.
259.  
260.  
261.  
262.  
263.  
264.  
265. rad_recv: Access-Request packet from host 127.0.0.1 port 50327, id=52, length=54
266. User-Name = "me"
267. User-Password = "pass"
268. NAS-IP-Address = 127.0.1.1
269. NAS-Port = 1813
270. +- entering group authorize
271. ++[preprocess] returns ok
272. ++[chap] returns noop
273. ++[mschap] returns noop
274. rlm_realm: No '@' in User-Name = "me", looking up realm NULL
275. rlm_realm: No such realm "NULL"
276. ++[suffix] returns noop
277. rlm_eap: No EAP-Message, not doing EAP
278. ++[eap] returns noop
279. ++[unix] returns notfound
280. ++[files] returns noop
281. ++[expiration] returns noop
282. ++[logintime] returns noop
283. rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this.
284. ++[pap] returns noop
285. auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user
286. auth: Failed to validate the user.
287. Login incorrect: [me/pass] (from client localhost port 1813)
288. Found Post-Auth-Type Reject
289. +- entering group REJECT
290. expand: %{User-Name} -> me
291. attr_filter: Matched entry DEFAULT at line 11
292. ++[attr_filter.access_reject] returns updated
293. Delaying reject of request 1 for 1 seconds
294. Going to the next request
295. Waking up in 0.9 seconds.
296. Sending delayed reject for request 1
297. Sending Access-Reject of id 52 to 127.0.0.1 port 50327
298. Waking up in 4.9 seconds.
299.  
300.  
301. Cleaning up request 1 ID 52 with timestamp +286
302. Ready to process requests.