Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- server:# /usr/sbin/freeradius -X
- FreeRADIUS Version 2.0.4, for host i486-pc-linux-gnu, built on Sep 7 2008 at 23:35:34
- Copyright (C) 1999-2008 The FreeRADIUS server project and contributors.
- There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
- PARTICULAR PURPOSE.
- You may redistribute copies of FreeRADIUS under the terms of the
- GNU General Public License.
- Starting - reading configuration files ...
- including configuration file /etc/freeradius/radiusd.conf
- including configuration file /etc/freeradius/proxy.conf
- including configuration file /etc/freeradius/clients.conf
- including configuration file /etc/freeradius/snmp.conf
- including configuration file /etc/freeradius/eap.conf
- including configuration file /etc/freeradius/sql.conf
- including configuration file /etc/freeradius/sql/mysql/dialup.conf
- including configuration file /etc/freeradius/policy.conf
- including files in directory /etc/freeradius/sites-enabled/
- including configuration file /etc/freeradius/sites-enabled/inner-tunnel
- including configuration file /etc/freeradius/sites-enabled/default
- including dictionary file /etc/freeradius/dictionary
- main {
- prefix = "/usr"
- localstatedir = "/var"
- logdir = "/var/log/freeradius"
- libdir = "/usr/lib/freeradius"
- radacctdir = "/var/log/freeradius/radacct"
- hostname_lookups = no
- max_request_time = 30
- cleanup_delay = 5
- max_requests = 1024
- allow_core_dumps = no
- pidfile = "/var/run/freeradius/freeradius.pid"
- user = "freerad"
- group = "freerad"
- checkrad = "/usr/sbin/checkrad"
- debug_level = 0
- proxy_requests = yes
- security {
- max_attributes = 200
- reject_delay = 1
- status_server = yes
- }
- }
- client localhost {
- ipaddr = 127.0.0.1
- require_message_authenticator = no
- secret = "testing123"
- nastype = "other"
- }
- radiusd: #### Loading Realms and Home Servers ####
- proxy server {
- retry_delay = 5
- retry_count = 3
- default_fallback = no
- dead_time = 120
- wake_all_if_all_dead = no
- }
- home_server localhost {
- ipaddr = 127.0.0.1
- port = 1812
- type = "auth"
- secret = "testing123"
- response_window = 20
- max_outstanding = 65536
- zombie_period = 40
- status_check = "status-server"
- ping_check = "none"
- ping_interval = 30
- check_interval = 30
- num_answers_to_alive = 3
- num_pings_to_alive = 3
- revive_interval = 120
- status_check_timeout = 4
- }
- home_server_pool my_auth_failover {
- type = fail-over
- home_server = localhost
- }
- realm example.com {
- auth_pool = my_auth_failover
- }
- realm LOCAL {
- }
- radiusd: #### Instantiating modules ####
- instantiate {
- Module: Linked to module rlm_exec
- Module: Instantiating exec
- exec {
- wait = yes
- input_pairs = "request"
- shell_escape = yes
- }
- Module: Linked to module rlm_expr
- Module: Instantiating expr
- Module: Linked to module rlm_expiration
- Module: Instantiating expiration
- expiration {
- reply-message = "Password Has Expired "
- }
- Module: Linked to module rlm_logintime
- Module: Instantiating logintime
- logintime {
- reply-message = "You are calling outside your allowed timespan "
- minimum-timeout = 60
- }
- }
- radiusd: #### Loading Virtual Servers ####
- server inner-tunnel {
- modules {
- Module: Checking authenticate {...} for more modules to load
- Module: Linked to module rlm_pap
- Module: Instantiating pap
- pap {
- encryption_scheme = "auto"
- auto_header = no
- }
- Module: Linked to module rlm_chap
- Module: Instantiating chap
- Module: Linked to module rlm_mschap
- Module: Instantiating mschap
- mschap {
- use_mppe = yes
- require_encryption = no
- require_strong = no
- with_ntdomain_hack = no
- }
- Module: Linked to module rlm_unix
- Module: Instantiating unix
- unix {
- radwtmp = "/var/log/freeradius/radwtmp"
- }
- Module: Linked to module rlm_eap
- Module: Instantiating eap
- eap {
- default_eap_type = "md5"
- timer_expire = 60
- ignore_unknown_eap_types = no
- cisco_accounting_username_bug = no
- }
- Module: Linked to sub-module rlm_eap_md5
- Module: Instantiating eap-md5
- Module: Linked to sub-module rlm_eap_leap
- Module: Instantiating eap-leap
- Module: Linked to sub-module rlm_eap_gtc
- Module: Instantiating eap-gtc
- gtc {
- challenge = "Password: "
- auth_type = "PAP"
- }
- rlm_eap: Ignoring EAP-Type/tls because we do not have OpenSSL support.
- rlm_eap: Ignoring EAP-Type/ttls because we do not have OpenSSL support.
- rlm_eap: Ignoring EAP-Type/peap because we do not have OpenSSL support.
- Module: Linked to sub-module rlm_eap_mschapv2
- Module: Instantiating eap-mschapv2
- mschapv2 {
- with_ntdomain_hack = no
- }
- Module: Checking authorize {...} for more modules to load
- Module: Linked to module rlm_realm
- Module: Instantiating suffix
- realm suffix {
- format = "suffix"
- delimiter = "@"
- ignore_default = no
- ignore_null = no
- }
- Module: Linked to module rlm_files
- Module: Instantiating files
- files {
- usersfile = "/etc/freeradius/users"
- acctusersfile = "/etc/freeradius/acct_users"
- preproxy_usersfile = "/etc/freeradius/preproxy_users"
- compat = "no"
- }
- Module: Checking session {...} for more modules to load
- Module: Linked to module rlm_radutmp
- Module: Instantiating radutmp
- radutmp {
- filename = "/var/log/freeradius/radutmp"
- username = "%{User-Name}"
- case_sensitive = yes
- check_with_nas = yes
- perm = 384
- callerid = yes
- }
- Module: Checking post-proxy {...} for more modules to load
- Module: Checking post-auth {...} for more modules to load
- Module: Linked to module rlm_attr_filter
- Module: Instantiating attr_filter.access_reject
- attr_filter attr_filter.access_reject {
- attrsfile = "/etc/freeradius/attrs.access_reject"
- key = "%{User-Name}"
- }
- }
- }
- server {
- modules {
- Module: Checking authenticate {...} for more modules to load
- Module: Checking authorize {...} for more modules to load
- Module: Linked to module rlm_preprocess
- Module: Instantiating preprocess
- preprocess {
- huntgroups = "/etc/freeradius/huntgroups"
- hints = "/etc/freeradius/hints"
- with_ascend_hack = no
- ascend_channels_per_line = 23
- with_ntdomain_hack = no
- with_specialix_jetstream_hack = no
- with_cisco_vsa_hack = no
- with_alvarion_vsa_hack = no
- }
- Module: Checking preacct {...} for more modules to load
- Module: Linked to module rlm_acct_unique
- Module: Instantiating acct_unique
- acct_unique {
- key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port"
- }
- Module: Checking accounting {...} for more modules to load
- Module: Linked to module rlm_detail
- Module: Instantiating detail
- detail {
- detailfile = "/var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
- header = "%t"
- detailperm = 384
- dirperm = 493
- locking = no
- log_packet_header = no
- }
- Module: Instantiating attr_filter.accounting_response
- attr_filter attr_filter.accounting_response {
- attrsfile = "/etc/freeradius/attrs.accounting_response"
- key = "%{User-Name}"
- }
- Module: Checking session {...} for more modules to load
- Module: Checking post-proxy {...} for more modules to load
- Module: Checking post-auth {...} for more modules to load
- }
- }
- radiusd: #### Opening IP addresses and Ports ####
- listen {
- type = "auth"
- ipaddr = *
- port = 0
- }
- listen {
- type = "acct"
- ipaddr = *
- port = 0
- }
- main {
- snmp = no
- smux_password = ""
- snmp_write_access = no
- }
- Listening on authentication address * port 1812
- Listening on accounting address * port 1813
- Listening on proxy address * port 1814
- Ready to process requests.
- rad_recv: Access-Request packet from host 127.0.0.1 port 50327, id=52, length=54
- User-Name = "me"
- User-Password = "pass"
- NAS-IP-Address = 127.0.1.1
- NAS-Port = 1813
- +- entering group authorize
- ++[preprocess] returns ok
- ++[chap] returns noop
- ++[mschap] returns noop
- rlm_realm: No '@' in User-Name = "me", looking up realm NULL
- rlm_realm: No such realm "NULL"
- ++[suffix] returns noop
- rlm_eap: No EAP-Message, not doing EAP
- ++[eap] returns noop
- ++[unix] returns notfound
- ++[files] returns noop
- ++[expiration] returns noop
- ++[logintime] returns noop
- rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this.
- ++[pap] returns noop
- auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user
- auth: Failed to validate the user.
- Login incorrect: [me/pass] (from client localhost port 1813)
- Found Post-Auth-Type Reject
- +- entering group REJECT
- expand: %{User-Name} -> me
- attr_filter: Matched entry DEFAULT at line 11
- ++[attr_filter.access_reject] returns updated
- Delaying reject of request 1 for 1 seconds
- Going to the next request
- Waking up in 0.9 seconds.
- Sending delayed reject for request 1
- Sending Access-Reject of id 52 to 127.0.0.1 port 50327
- Waking up in 4.9 seconds.
- Cleaning up request 1 ID 52 with timestamp +286
- Ready to process requests.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement