Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Module: Linked to sub-module rlm_eap_peap
- Module: Instantiating eap-peap
- peap {
- default_eap_type = "mschapv2"
- copy_request_to_tunnel = no
- use_tunneled_reply = no
- proxy_tunneled_request_as_eap = yes
- virtual_server = "inner-tunnel"
- soh = no
- }
- Module: Linked to sub-module rlm_eap_mschapv2
- Module: Instantiating eap-mschapv2
- mschapv2 {
- with_ntdomain_hack = no
- send_error = no
- }
- Module: Checking authorize {...} for more modules to load
- Module: Linked to module rlm_preprocess
- Module: Instantiating module "preprocess" from file /usr/local/etc/raddb/modules/preprocess
- preprocess {
- huntgroups = "/usr/local/etc/raddb/huntgroups"
- hints = "/usr/local/etc/raddb/hints"
- with_ascend_hack = no
- ascend_channels_per_line = 23
- with_ntdomain_hack = no
- with_specialix_jetstream_hack = no
- with_cisco_vsa_hack = no
- with_alvarion_vsa_hack = no
- }
- Module: Linked to module rlm_realm
- Module: Instantiating module "suffix" from file /usr/local/etc/raddb/modules/realm
- realm suffix {
- format = "suffix"
- delimiter = "@"
- ignore_default = no
- ignore_null = no
- }
- Module: Linked to module rlm_sql
- Module: Instantiating module "sql" from file /usr/local/etc/raddb/sql.conf
- sql {
- driver = "rlm_sql_mysql"
- server = "localhost"
- port = "3306"
- login = "radius"
- password = "radpass"
- radius_db = "radius"
- read_groups = yes
- sqltrace = no
- sqltracefile = "/usr/local/var/log/radius/sqltrace.sql"
- readclients = no
- deletestalesessions = yes
- num_sql_socks = 5
- lifetime = 0
- max_queries = 0
- sql_user_name = "%{User-Name}"
- default_user_profile = ""
- nas_query = "SELECT id, nasname, shortname, type, secret, server FROM nas"
- authorize_check_query = "SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id"
- authorize_reply_query = "SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id"
- authorize_group_check_query = "SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id"
- authorize_group_reply_query = "SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id"
- accounting_onoff_query = " UPDATE radacct SET acctstoptime = '%S', acctsessiontime = unix_timestamp('%S') - unix_timestamp(acctstarttime), acctterminatecause = '%{Acct-Terminate-Cause}', acctstopdelay = %{%{Acct-Delay-Time}:-0} WHERE acctstoptime IS NULL AND nasipaddress = '%{NAS-IP-Address}' AND acctstarttime <= '%S'"
- accounting_update_query = " UPDATE radacct SET framedipaddress = '%{Framed-IP-Address}', acctsessiontime = '%{Acct-Session-Time}', acctinputoctets = '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}' WHERE acctsessionid = '%{Acct-Session-Id}' AND username = '%{SQL-User-Name}' AND nasipaddress = '%{NAS-IP-Address}'"
- accounting_update_query_alt = " INSERT INTO radacct (acctsessionid, acctuniqueid, username, realm, nasipaddress, nasportid, nasporttype, acctstarttime, acctsessiontime, acctauthentic, connectinfo_start, acctinputoctets, acctoutputoctets, calledstationid, callingstationid, servicetype, framedprotocol, framedipaddress, acctstartdelay, xascendsessionsvrkey) VALUES ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', DATE_SUB('%S', INTERVAL (%{%{Acct-Session-Time}:-0} + %{%{Acct-Delay-Time}:-0}) SECOND), '%{Acct-Session-Time}', '%{Acct-Authentic}', '', '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}', '%{Called-Station-Id}', '%{Calling-Station-Id}', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '0', '%{X-Ascend-Session-Svr-Key}')"
- accounting_start_query = " INSERT INTO radacct (acctsessionid, acctuniqueid, username, realm, nasipaddress, nasportid, nasporttype, acctstarttime, acctstoptime, acctsessiontime, acctauthentic, connectinfo_start, connectinfo_stop, acctinputoctets, acctoutputoctets, calledstationid, callingstationid, acctterminatecause, servicetype, framedprotocol, framedipaddress, acctstartdelay, acctstopdelay, xascendsessionsvrkey) VALUES ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', '%S', NULL, '0', '%{Acct-Authentic}', '%{Connect-Info}', '', '0', '0', '%{Called-Station-Id}', '%{Calling-Station-Id}', '', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '%{%{Acct-Delay-Time}:-0}', '0', '%{X-Ascend-Session-Svr-Key}')"
- accounting_start_query_alt = " UPDATE radacct SET acctstarttime = '%S', acctstartdelay = '%{%{Acct-Delay-Time}:-0}', connectinfo_start = '%{Connect-Info}' WHERE acctsessionid = '%{Acct-Session-Id}' AND username = '%{SQL-User-Name}' AND nasipaddress = '%{NAS-IP-Address}'"
- accounting_stop_query = " UPDATE radacct SET acctstoptime = '%S', acctsessiontime = '%{Acct-Session-Time}', acctinputoctets = '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}', acctterminatecause = '%{Acct-Terminate-Cause}', acctstopdelay = '%{%{Acct-Delay-Time}:-0}', connectinfo_stop = '%{Connect-Info}' WHERE acctsessionid = '%{Acct-Session-Id}' AND username = '%{SQL-User-Name}' AND nasipaddress = '%{NAS-IP-Address}'"
- accounting_stop_query_alt = " INSERT INTO radacct (acctsessionid, acctuniqueid, username, realm, nasipaddress, nasportid, nasporttype, acctstarttime, acctstoptime, acctsessiontime, acctauthentic, connectinfo_start, connectinfo_stop, acctinputoctets, acctoutputoctets, calledstationid, callingstationid, acctterminatecause, servicetype, framedprotocol, framedipaddress, acctstartdelay, acctstopdelay) VALUES ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', DATE_SUB('%S', INTERVAL (%{%{Acct-Session-Time}:-0} + %{%{Acct-Delay-Time}:-0}) SECOND), '%S', '%{Acct-Session-Time}', '%{Acct-Authentic}', '', '%{Connect-Info}', '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}', '%{Called-Station-Id}', '%{Calling-Station-Id}', '%{Acct-Terminate-Cause}', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '0', '%{%{Acct-Delay-Time}:-0}')"
- group_membership_query = "SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority"
- connect_failure_retry_delay = 60
- simul_count_query = "SELECT COUNT(*) #FROM radacct #WHERE username = '%{SQL-User-Name}' #AND acctstoptime IS NULL"
- simul_verify_query = "SELECT radacctid, acctsessionid, username, nasipaddress, nasportid, framedipaddress, callingstationid, framedprotocol FROM radacct WHERE username = '%{SQL-User-Name}' AND acctstoptime IS NULL"
- postauth_query = "INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S')"
- safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
- }
- rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked
- rlm_sql (sql): Attempting to connect to radius@localhost:3306/radius
- rlm_sql (sql): starting 0
- rlm_sql (sql): Attempting to connect rlm_sql_mysql #0
- rlm_sql_mysql: Starting connect to MySQL server for #0
- rlm_sql (sql): Connected new DB handle, #0
- rlm_sql (sql): starting 1
- rlm_sql (sql): Attempting to connect rlm_sql_mysql #1
- rlm_sql_mysql: Starting connect to MySQL server for #1
- rlm_sql (sql): Connected new DB handle, #1
- rlm_sql (sql): starting 2
- rlm_sql (sql): Attempting to connect rlm_sql_mysql #2
- rlm_sql_mysql: Starting connect to MySQL server for #2
- rlm_sql (sql): Connected new DB handle, #2
- rlm_sql (sql): starting 3
- rlm_sql (sql): Attempting to connect rlm_sql_mysql #3
- rlm_sql_mysql: Starting connect to MySQL server for #3
- rlm_sql (sql): Connected new DB handle, #3
- rlm_sql (sql): starting 4
- rlm_sql (sql): Attempting to connect rlm_sql_mysql #4
- rlm_sql_mysql: Starting connect to MySQL server for #4
- rlm_sql (sql): Connected new DB handle, #4
- Module: Linked to module rlm_sqlcounter
- Module: Instantiating module "volumelimitcounter" from file /usr/local/etc/raddb/sqlcounter.conf
- sqlcounter volumelimitcounter {
- counter-name = "Total-Max-Octets"
- check-name = "Max-Octets"
- reply-name = "ChilliSpot-Max-Total-Octets"
- key = "User-Name"
- sqlmod-inst = "sql"
- query = "SELECT SUM(AcctOutputOctets+AcctInputOctets) FROM radacct where UserName='%{User-Name}'"
- reset = "never"
- safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
- }
- rlm_sqlcounter: Reply attribute ChilliSpot-Max-Total-Octets is number 954138627
- rlm_sqlcounter: Counter attribute Total-Max-Octets is number 11273
- rlm_sqlcounter: Check attribute Max-Octets is number 11274
- rlm_sqlcounter: Current Time: 1323806811 [2011-12-13 21:06:51], Next reset 0 [2011-12-13 21:00:00]
- rlm_sqlcounter: Current Time: 1323806811 [2011-12-13 21:06:51], Prev reset 0 [2011-12-13 21:00:00]
- Module: Checking preacct {...} for more modules to load
- Module: Linked to module rlm_acct_unique
- Module: Instantiating module "acct_unique" from file /usr/local/etc/raddb/modules/acct_unique
- acct_unique {
- key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port"
- }
- Module: Linked to module rlm_files
- Module: Instantiating module "files" from file /usr/local/etc/raddb/modules/files
- files {
- usersfile = "/usr/local/etc/raddb/users"
- acctusersfile = "/usr/local/etc/raddb/acct_users"
- preproxy_usersfile = "/usr/local/etc/raddb/preproxy_users"
- compat = "no"
- }
- Module: Checking accounting {...} for more modules to load
- Module: Linked to module rlm_attr_filter
- Module: Instantiating module "attr_filter.accounting_response" from file /usr/local/etc/raddb/modules/attr_filter
- attr_filter attr_filter.accounting_response {
- attrsfile = "/usr/local/etc/raddb/attrs.accounting_response"
- key = "%{User-Name}"
- relaxed = no
- }
- Module: Checking session {...} for more modules to load
- Module: Checking post-proxy {...} for more modules to load
- Module: Checking post-auth {...} for more modules to load
- Module: Instantiating module "attr_filter.access_reject" from file /usr/local/etc/raddb/modules/attr_filter
- attr_filter attr_filter.access_reject {
- attrsfile = "/usr/local/etc/raddb/attrs.access_reject"
- key = "%{User-Name}"
- relaxed = no
- }
- } # modules
- } # server
- server inner-tunnel { # from file /usr/local/etc/raddb/sites-enabled/inner-tunnel
- modules {
- Module: Checking authenticate {...} for more modules to load
- Module: Checking authorize {...} for more modules to load
- Module: Checking session {...} for more modules to load
- Module: Linked to module rlm_radutmp
- Module: Instantiating module "radutmp" from file /usr/local/etc/raddb/modules/radutmp
- radutmp {
- filename = "/usr/local/var/log/radius/radutmp"
- username = "%{User-Name}"
- case_sensitive = yes
- check_with_nas = yes
- perm = 384
- callerid = yes
- }
- Module: Checking post-proxy {...} for more modules to load
- Module: Checking post-auth {...} for more modules to load
- } # modules
- } # server
- radiusd: #### Opening IP addresses and Ports ####
- listen {
- type = "auth"
- ipaddr = *
- port = 0
- }
- listen {
- type = "acct"
- ipaddr = *
- port = 0
- }
- listen {
- type = "control"
- listen {
- socket = "/usr/local/var/run/radiusd/radiusd.sock"
- }
- }
- listen {
- type = "auth"
- ipaddr = 127.0.0.1
- port = 18120
- }
- ... adding new socket proxy address * port 42170
- Listening on authentication address * port 1812
- Listening on accounting address * port 1813
- Listening on command file /usr/local/var/run/radiusd/radiusd.sock
- Listening on authentication address 127.0.0.1 port 18120 as server inner-tunnel
- Listening on proxy address * port 1814
- Ready to process requests.
- rad_recv: Access-Request packet from host 192.168.77.1 port 64714, id=43, length=129
- NAS-IP-Address = 192.168.10.48
- NAS-Identifier = "m0n0wall.local"
- User-Name = "test1"
- User-Password = "test"
- Service-Type = Login-User
- NAS-Port-Type = Ethernet
- NAS-Port = 0
- Framed-IP-Address = 192.168.77.2
- Called-Station-Id = "00:0c:29:5c:6c:6d"
- Calling-Station-Id = "18:03:73:ba:95:a4"
- # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/defaultBACKUP0812
- +- entering group authorize {...}
- ++[preprocess] returns ok
- ++[chap] returns noop
- ++[mschap] returns noop
- ++[digest] returns noop
- [suffix] No '@' in User-Name = "test1", looking up realm NULL
- [suffix] No such realm "NULL"
- ++[suffix] returns noop
- [eap] No EAP-Message, not doing EAP
- ++[eap] returns noop
- [sql] expand: %{User-Name} -> test1
- [sql] sql_set_user escaped user --> 'test1'
- rlm_sql (sql): Reserving sql socket id: 4
- [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'test1' ORDER BY id
- [sql] User found in radcheck table
- [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'test1' ORDER BY id
- [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'test1' ORDER BY priority
- rlm_sql (sql): Released sql socket id: 4
- ++[sql] returns ok
- rlm_sqlcounter: Entering module authorize code
- sqlcounter_expand: 'SELECT SUM(AcctOutputOctets+AcctInputOctets) FROM radacct where UserName='%{User-Name}''
- [volumelimitcounter] expand: SELECT SUM(AcctOutputOctets+AcctInputOctets) FROM radacct where UserName='%{User-Name}' -> SELECT SUM(AcctOutputOctets+AcctInputOctets) FROM radacct where UserName='test1'
- WARNING: Please replace '%S' with '${sqlmod-inst}'
- sqlcounter_expand: '%{sql:SELECT SUM(AcctOutputOctets+AcctInputOctets) FROM radacct where UserName='test1'}'
- [volumelimitcounter] sql_xlat
- [volumelimitcounter] expand: %{User-Name} -> test1
- [volumelimitcounter] sql_set_user escaped user --> 'test1'
- [volumelimitcounter] expand: SELECT SUM(AcctOutputOctets+AcctInputOctets) FROM radacct where UserName='test1' -> SELECT SUM(AcctOutputOctets+AcctInputOctets) FROM radacct where UserName='test1'
- rlm_sql (sql): Reserving sql socket id: 3
- [volumelimitcounter] sql_xlat finished
- rlm_sql (sql): Released sql socket id: 3
- [volumelimitcounter] expand: %{sql:SELECT SUM(AcctOutputOctets+AcctInputOctets) FROM radacct where UserName='test1'} -> 25687864955
- rlm_sqlcounter: (Check item - counter) is less than zero
- rlm_sqlcounter: Rejected user test1, check_item=4294967295, counter=4294967295
- ++[volumelimitcounter] returns reject
- Using Post-Auth-Type Reject
- # Executing group from file /usr/local/etc/raddb/sites-enabled/defaultBACKUP0812
- +- entering group REJECT {...}
- [attr_filter.access_reject] expand: %{User-Name} -> test1
- attr_filter: Matched entry DEFAULT at line 11
- ++[attr_filter.access_reject] returns updated
- Delaying reject of request 0 for 1 seconds
- Going to the next request
- Waking up in 0.9 seconds.
- Sending delayed reject for request 0
- Sending Access-Reject of id 43 to 192.168.77.1 port 64714
- Reply-Message = "Your maximum never usage time has been reached"
- Waking up in 4.9 seconds.
- Cleaning up request 0 ID 43 with timestamp +38
- Ready to process requests.
Add Comment
Please, Sign In to add comment