API tools faq
paste
Guest User

Untitled

a guest
Apr 1st, 2016
282
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 48.41 KB | None | 0 0
raw download clone embed print report
  1. Server was built with:
  2. accounting : yes
  3. authentication : yes
  4. ascend-binary-attributes : yes
  5. coa : yes
  6. control-socket : yes
  7. detail : yes
  8. dhcp : yes
  9. dynamic-clients : yes
  10. osfc2 : no
  11. proxy : yes
  12. regex-pcre : no
  13. regex-posix : yes
  14. regex-posix-extended : yes
  15. session-management : yes
  16. stats : yes
  17. tcp : yes
  18. threads : yes
  19. tls : yes
  20. unlang : yes
  21. vmps : yes
  22. developer : no
  23. Server core libs:
  24. freeradius-server : 3.0.11
  25. talloc : 2.0.*
  26. ssl : 1.0.1e release
  27. Endianness:
  28. little
  29. Compilation flags:
  30. cppflags :
  31. cflags : -I/home/abuild/rpmbuild/BUILD/freeradius-server-3.0.11 -I/home/abuild/rpmbuild/BUILD/freeradius-server-3.0.11/src -include /home/abuild/rpmbuild/BUILD/freeradius-server-3.0.11/src/freeradius-devel/autoconf.h -include /home/abuild/rpmbuild/BUILD/freeradius-server-3.0.11/src/freeradius-devel/build.h -include /home/abuild/rpmbuild/BUILD/freeradius-server-3.0.11/src/freeradius-devel/features.h -include /home/abuild/rpmbuild/BUILD/freeradius-server-3.0.11/src/freeradius-devel/radpaths.h -fno-strict-aliasing -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic -fpic -Wall -std=c99 -D_GNU_SOURCE -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -DOPENSSL_NO_KRB5 -DNDEBUG -DIS_MODULE=1
  32. ldflags :
  33. libs : -lcrypto -lssl -ltalloc -lnsl -lresolv -ldl -lpthread -lreadline
  34.  
  35. Copyright (C) 1999-2016 The FreeRADIUS server project and contributors
  36. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
  37. PARTICULAR PURPOSE
  38. You may redistribute copies of FreeRADIUS under the terms of the
  39. GNU General Public License
  40. For more information about these matters, see the file named COPYRIGHT
  41. Starting - reading configuration files ...
  42. including dictionary file /usr/share/freeradius/dictionary
  43. including dictionary file /usr/share/freeradius/dictionary.dhcp
  44. including dictionary file /usr/share/freeradius/dictionary.vqp
  45. including dictionary file raddb//dictionary
  46. including configuration file raddb//auth.conf
  47. including configuration file raddb//radiusd.conf
  48. including configuration file raddb//proxy.conf
  49. including configuration file raddb//proxy.conf.inc
  50. including configuration file raddb//clients.conf
  51. including configuration file raddb//clients.conf.inc
  52. including files in directory raddb//mods-enabled/
  53. including configuration file raddb//mods-enabled/redis
  54. including configuration file raddb//mods-enabled/raw
  55. including configuration file raddb//mods-enabled/rest
  56. including configuration file raddb//mods-enabled/attr_filter
  57. including configuration file raddb//mods-enabled/preprocess
  58. including configuration file raddb//mods-enabled/logintime
  59. including configuration file raddb//mods-enabled/mschap
  60. including configuration file raddb//mods-enabled/dynamic_clients
  61. including configuration file raddb//mods-enabled/echo
  62. including configuration file raddb//mods-enabled/soh
  63. including configuration file raddb//mods-enabled/perl
  64. including configuration file raddb//mods-enabled/detail.log
  65. including configuration file raddb//mods-enabled/files
  66. including configuration file raddb//mods-enabled/expiration
  67. including configuration file raddb//mods-enabled/radutmp
  68. including configuration file raddb//mods-enabled/sradutmp
  69. including configuration file raddb//mods-enabled/passwd
  70. including configuration file raddb//mods-enabled/unpack
  71. including configuration file raddb//mods-enabled/replicate
  72. including configuration file raddb//mods-enabled/pap
  73. including configuration file raddb//mods-enabled/eap
  74. including configuration file raddb//mods-enabled/linelog
  75. including configuration file raddb//mods-enabled/digest
  76. including configuration file raddb//mods-enabled/always
  77. including configuration file raddb//mods-enabled/chap
  78. including configuration file raddb//mods-enabled/exec
  79. including configuration file raddb//mods-enabled/utf8
  80. including configuration file raddb//mods-enabled/detail
  81. including configuration file raddb//mods-enabled/expr
  82. including configuration file raddb//mods-enabled/ntlm_auth
  83. including configuration file raddb//mods-enabled/cache_eap
  84. including configuration file raddb//mods-enabled/realm
  85. including configuration file raddb//mods-enabled/unix
  86. including configuration file raddb//mods-enabled/sql
  87. including configuration file raddb//mods-config/sql/main/mysql/queries.conf
  88. including files in directory raddb//policy.d/
  89. including configuration file raddb//policy.d/control
  90. including configuration file raddb//policy.d/debug
  91. including configuration file raddb//policy.d/canonicalization
  92. including configuration file raddb//policy.d/accounting
  93. including configuration file raddb//policy.d/filter
  94. including configuration file raddb//policy.d/eap
  95. including configuration file raddb//policy.d/abfab-tr
  96. including configuration file raddb//policy.d/packetfence
  97. including configuration file raddb//policy.d/cui
  98. including configuration file raddb//policy.d/operator-name
  99. including configuration file raddb//policy.d/dhcp
  100. including files in directory raddb//sites-enabled/
  101. including configuration file raddb//sites-enabled/packetfence-soh
  102. including configuration file raddb//sites-enabled/packetfence
  103. including configuration file raddb//sites-enabled/dynamic-clients
  104. including configuration file raddb//sites-enabled/packetfence-tunnel
  105. main {
  106. security {
  107. user = "pf"
  108. group = "pf"
  109. allow_core_dumps = no
  110. }
  111. name = "radiusd"
  112. prefix = "/usr"
  113. localstatedir = "/usr/local/pf/var"
  114. logdir = "/usr/local/pf/logs"
  115. run_dir = "/usr/local/pf/var/run"
  116. }
  117. main {
  118. name = "radiusd"
  119. prefix = "/usr"
  120. localstatedir = "/usr/local/pf/var"
  121. sbindir = "/usr/sbin"
  122. logdir = "/usr/local/pf/logs"
  123. run_dir = "/usr/local/pf/var/run"
  124. libdir = "/usr/lib64/freeradius"
  125. radacctdir = "/usr/local/pf/logs/radacct"
  126. hostname_lookups = no
  127. max_request_time = 10
  128. cleanup_delay = 5
  129. max_requests = 20000
  130. pidfile = "/usr/local/pf/var/run/radiusd.pid"
  131. checkrad = "/usr/sbin/checkrad"
  132. debug_level = 0
  133. proxy_requests = yes
  134. log {
  135. stripped_names = no
  136. auth = yes
  137. auth_badpass = no
  138. auth_goodpass = no
  139. colourise = yes
  140. msg_denied = "You are already logged in - access denied"
  141. }
  142. resources {
  143. }
  144. security {
  145. max_attributes = 200
  146. reject_delay = 1.000000
  147. status_server = yes
  148. allow_vulnerable_openssl = "yes"
  149. }
  150. }
  151. auth: #### Loading Realms and Home Servers ####
  152. proxy server {
  153. retry_delay = 5
  154. retry_count = 3
  155. default_fallback = no
  156. dead_time = 120
  157. wake_all_if_all_dead = no
  158. }
  159. home_server localhost {
  160. ipaddr = 127.0.0.1
  161. port = 1812
  162. type = "auth"
  163. secret = <<< secret >>>
  164. response_window = 20.000000
  165. response_timeouts = 1
  166. max_outstanding = 65536
  167. zombie_period = 40
  168. status_check = "status-server"
  169. ping_interval = 30
  170. check_interval = 30
  171. check_timeout = 4
  172. num_answers_to_alive = 3
  173. revive_interval = 120
  174. limit {
  175. max_connections = 16
  176. max_requests = 0
  177. lifetime = 0
  178. idle_timeout = 0
  179. }
  180. coa {
  181. irt = 2
  182. mrt = 16
  183. mrc = 5
  184. mrd = 30
  185. }
  186. }
  187. WARNING: Ignoring "response_window = 20.000000", forcing to "response_window = 10.000000"
  188. home_server_pool my_auth_failover {
  189. type = fail-over
  190. home_server = localhost
  191. }
  192. realm example.com {
  193. auth_pool = my_auth_failover
  194. }
  195. realm LOCAL {
  196. }
  197. realm default {
  198. }
  199. realm inverse {
  200. }
  201. realm inverse.inc {
  202. }
  203. realm null {
  204. }
  205. auth: #### Loading Clients ####
  206. client localhost {
  207. ipaddr = 127.0.0.1
  208. require_message_authenticator = no
  209. secret = <<< secret >>>
  210. nas_type = "other"
  211. proto = "*"
  212. limit {
  213. max_connections = 16
  214. lifetime = 0
  215. idle_timeout = 30
  216. }
  217. }
  218. client localhost_ipv6 {
  219. ipv6addr = ::1
  220. require_message_authenticator = no
  221. secret = <<< secret >>>
  222. limit {
  223. max_connections = 16
  224. lifetime = 0
  225. idle_timeout = 30
  226. }
  227. }
  228. client dynamic {
  229. ipaddr = 0.0.0.0/0
  230. require_message_authenticator = no
  231. limit {
  232. max_connections = 16
  233. lifetime = 0
  234. idle_timeout = 30
  235. }
  236. dynamic_clients = "dynamic_clients"
  237. lifetime = 300
  238. }
  239. Debugger not attached
  240. # Creating Auth-Type = PAP
  241. # Creating Auth-Type = CHAP
  242. # Creating Auth-Type = MS-CHAP
  243. # Creating Auth-Type = eap
  244. auth: #### Instantiating modules ####
  245. modules {
  246. # Loaded module rlm_redis
  247. # Loading module "redis" from file raddb//mods-enabled/redis
  248. redis {
  249. server = "127.0.0.1"
  250. port = 6379
  251. database = 0
  252. }
  253. rlm_redis: libhiredis version: 0.10.1
  254. # Loaded module rlm_raw
  255. # Loading module "raw" from file raddb//mods-enabled/raw
  256. raw {
  257. name = "raw"
  258. }
  259. # Loaded module rlm_rest
  260. # Loading module "rest" from file raddb//mods-enabled/rest
  261. rest {
  262. connect_uri = "http://127.0.0.1:7070/"
  263. connect_timeout = 4.000000
  264. }
  265. # Loaded module rlm_attr_filter
  266. # Loading module "attr_filter.post-proxy" from file raddb//mods-enabled/attr_filter
  267. attr_filter attr_filter.post-proxy {
  268. filename = "raddb//mods-config/attr_filter/post-proxy"
  269. key = "%{Realm}"
  270. relaxed = no
  271. }
  272. # Loading module "attr_filter.pre-proxy" from file raddb//mods-enabled/attr_filter
  273. attr_filter attr_filter.pre-proxy {
  274. filename = "raddb//mods-config/attr_filter/pre-proxy"
  275. key = "%{Realm}"
  276. relaxed = no
  277. }
  278. # Loading module "attr_filter.access_reject" from file raddb//mods-enabled/attr_filter
  279. attr_filter attr_filter.access_reject {
  280. filename = "raddb//mods-config/attr_filter/access_reject"
  281. key = "%{User-Name}"
  282. relaxed = no
  283. }
  284. # Loading module "attr_filter.access_challenge" from file raddb//mods-enabled/attr_filter
  285. attr_filter attr_filter.access_challenge {
  286. filename = "raddb//mods-config/attr_filter/access_challenge"
  287. key = "%{User-Name}"
  288. relaxed = no
  289. }
  290. # Loading module "attr_filter.accounting_response" from file raddb//mods-enabled/attr_filter
  291. attr_filter attr_filter.accounting_response {
  292. filename = "raddb//mods-config/attr_filter/accounting_response"
  293. key = "%{User-Name}"
  294. relaxed = no
  295. }
  296. # Loading module "attr_filter.packetfence_post_auth" from file raddb//mods-enabled/attr_filter
  297. attr_filter attr_filter.packetfence_post_auth {
  298. filename = "raddb//mods-config/attr_filter/packetfence-post-auth"
  299. key = "%{User-Name}"
  300. relaxed = yes
  301. }
  302. # Loaded module rlm_preprocess
  303. # Loading module "preprocess" from file raddb//mods-enabled/preprocess
  304. preprocess {
  305. huntgroups = "raddb//mods-config/preprocess/huntgroups"
  306. hints = "raddb//mods-config/preprocess/hints"
  307. with_ascend_hack = no
  308. ascend_channels_per_line = 23
  309. with_ntdomain_hack = no
  310. with_specialix_jetstream_hack = no
  311. with_cisco_vsa_hack = no
  312. with_alvarion_vsa_hack = no
  313. }
  314. # Loaded module rlm_logintime
  315. # Loading module "logintime" from file raddb//mods-enabled/logintime
  316. logintime {
  317. minimum_timeout = 60
  318. }
  319. # Loaded module rlm_mschap
  320. # Loading module "mschap" from file raddb//mods-enabled/mschap
  321. mschap {
  322. use_mppe = no
  323. require_encryption = yes
  324. require_strong = yes
  325. with_ntdomain_hack = yes
  326. ntlm_auth = "/usr/local/pf/bin/ntlm_auth_wrapper --         --request-nt-key --username=%{%{Stripped-User-Name}:-%{mschap:User-Name:-None}} --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}"
  327. ntlm_auth_timeout = 3
  328. passchange {
  329. }
  330. allow_retry = no
  331. }
  332. # Loading module "chrooted_mschap" from file raddb//mods-enabled/mschap
  333. mschap chrooted_mschap {
  334. use_mppe = no
  335. require_encryption = yes
  336. require_strong = yes
  337. with_ntdomain_hack = yes
  338. ntlm_auth = "/usr/bin/sudo /usr/sbin/chroot /chroots/%{PacketFence-Domain} /usr/local/pf/bin/ntlm_auth_wrapper --         --request-nt-key --username=%{%{Stripped-User-Name}:-%{mschap:User-Name:-None}} --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}"
  339. ntlm_auth_timeout = 3
  340. passchange {
  341. }
  342. allow_retry = no
  343. }
  344. # Loaded module rlm_dynamic_clients
  345. # Loading module "dynamic_clients" from file raddb//mods-enabled/dynamic_clients
  346. # Loaded module rlm_exec
  347. # Loading module "echo" from file raddb//mods-enabled/echo
  348. exec echo {
  349. wait = yes
  350. program = "/bin/echo %{User-Name}"
  351. input_pairs = "request"
  352. output_pairs = "reply"
  353. shell_escape = yes
  354. }
  355. # Loaded module rlm_soh
  356. # Loading module "soh" from file raddb//mods-enabled/soh
  357. soh {
  358. dhcp = yes
  359. }
  360. # Loaded module rlm_perl
  361. # Loading module "perl" from file raddb//mods-enabled/perl
  362. perl {
  363. filename = "raddb//mods-config/perl/example.pl"
  364. func_authorize = "authorize"
  365. func_authenticate = "authenticate"
  366. func_post_auth = "post_auth"
  367. func_accounting = "accounting"
  368. func_preacct = "preacct"
  369. func_checksimul = "checksimul"
  370. func_detach = "detach"
  371. func_xlat = "xlat"
  372. func_pre_proxy = "pre_proxy"
  373. func_post_proxy = "post_proxy"
  374. func_recv_coa = "recv_coa"
  375. func_send_coa = "send_coa"
  376. }
  377. # Loading module "packetfence" from file raddb//mods-enabled/perl
  378. perl packetfence {
  379. filename = "raddb//mods-config/perl/packetfence.pm"
  380. func_authorize = "authorize"
  381. func_authenticate = "authenticate"
  382. func_post_auth = "post_auth"
  383. func_accounting = "accounting"
  384. func_preacct = "preacct"
  385. func_checksimul = "checksimul"
  386. func_detach = "detach"
  387. func_xlat = "xlat"
  388. func_pre_proxy = "pre_proxy"
  389. func_post_proxy = "post_proxy"
  390. func_recv_coa = "recv_coa"
  391. func_send_coa = "send_coa"
  392. }
  393. # Loading module "packetfence-soh" from file raddb//mods-enabled/perl
  394. perl packetfence-soh {
  395. filename = "raddb//mods-config/perl/packetfence-soh.pm"
  396. func_authorize = "authorize"
  397. func_authenticate = "authenticate"
  398. func_post_auth = "post_auth"
  399. func_accounting = "accounting"
  400. func_preacct = "preacct"
  401. func_checksimul = "checksimul"
  402. func_detach = "detach"
  403. func_xlat = "xlat"
  404. func_pre_proxy = "pre_proxy"
  405. func_post_proxy = "post_proxy"
  406. func_recv_coa = "recv_coa"
  407. func_send_coa = "send_coa"
  408. }
  409. # Loading module "packetfence-multi-domain" from file raddb//mods-enabled/perl
  410. perl packetfence-multi-domain {
  411. filename = "raddb//mods-config/perl/packetfence-multi-domain.pm"
  412. func_authorize = "authorize"
  413. func_authenticate = "authenticate"
  414. func_post_auth = "post_auth"
  415. func_accounting = "accounting"
  416. func_preacct = "preacct"
  417. func_checksimul = "checksimul"
  418. func_detach = "detach"
  419. func_xlat = "xlat"
  420. func_pre_proxy = "pre_proxy"
  421. func_post_proxy = "post_proxy"
  422. func_recv_coa = "recv_coa"
  423. func_send_coa = "send_coa"
  424. }
  425. # Loaded module rlm_detail
  426. # Loading module "auth_log" from file raddb//mods-enabled/detail.log
  427. detail auth_log {
  428. filename = "/usr/local/pf/logs/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d"
  429. header = "%t"
  430. permissions = 384
  431. locking = no
  432. escape_filenames = no
  433. log_packet_header = no
  434. }
  435. # Loading module "reply_log" from file raddb//mods-enabled/detail.log
  436. detail reply_log {
  437. filename = "/usr/local/pf/logs/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/reply-detail-%Y%m%d"
  438. header = "%t"
  439. permissions = 384
  440. locking = no
  441. escape_filenames = no
  442. log_packet_header = no
  443. }
  444. # Loading module "pre_proxy_log" from file raddb//mods-enabled/detail.log
  445. detail pre_proxy_log {
  446. filename = "/usr/local/pf/logs/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/pre-proxy-detail-%Y%m%d"
  447. header = "%t"
  448. permissions = 384
  449. locking = no
  450. escape_filenames = no
  451. log_packet_header = no
  452. }
  453. # Loading module "post_proxy_log" from file raddb//mods-enabled/detail.log
  454. detail post_proxy_log {
  455. filename = "/usr/local/pf/logs/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/post-proxy-detail-%Y%m%d"
  456. header = "%t"
  457. permissions = 384
  458. locking = no
  459. escape_filenames = no
  460. log_packet_header = no
  461. }
  462. # Loaded module rlm_files
  463. # Loading module "files" from file raddb//mods-enabled/files
  464. files {
  465. filename = "raddb//mods-config/files/authorize"
  466. acctusersfile = "raddb//mods-config/files/accounting"
  467. preproxy_usersfile = "raddb//mods-config/files/pre-proxy"
  468. }
  469. # Loaded module rlm_expiration
  470. # Loading module "expiration" from file raddb//mods-enabled/expiration
  471. # Loaded module rlm_radutmp
  472. # Loading module "radutmp" from file raddb//mods-enabled/radutmp
  473. radutmp {
  474. filename = "/usr/local/pf/logs/radutmp"
  475. username = "%{User-Name}"
  476. case_sensitive = yes
  477. check_with_nas = yes
  478. permissions = 384
  479. caller_id = yes
  480. }
  481. # Loading module "sradutmp" from file raddb//mods-enabled/sradutmp
  482. radutmp sradutmp {
  483. filename = "/usr/local/pf/logs/sradutmp"
  484. username = "%{User-Name}"
  485. case_sensitive = yes
  486. check_with_nas = yes
  487. permissions = 420
  488. caller_id = no
  489. }
  490. # Loaded module rlm_passwd
  491. # Loading module "etc_passwd" from file raddb//mods-enabled/passwd
  492. passwd etc_passwd {
  493. filename = "/etc/passwd"
  494. format = "*User-Name:Crypt-Password:"
  495. delimiter = ":"
  496. ignore_nislike = no
  497. ignore_empty = yes
  498. allow_multiple_keys = no
  499. hash_size = 100
  500. }
  501. # Loaded module rlm_unpack
  502. # Loading module "unpack" from file raddb//mods-enabled/unpack
  503. # Loaded module rlm_replicate
  504. # Loading module "replicate" from file raddb//mods-enabled/replicate
  505. # Loaded module rlm_pap
  506. # Loading module "pap" from file raddb//mods-enabled/pap
  507. pap {
  508. normalise = yes
  509. }
  510. # Loaded module rlm_eap
  511. # Loading module "eap" from file raddb//mods-enabled/eap
  512. eap {
  513. default_eap_type = "peap"
  514. timer_expire = 60
  515. ignore_unknown_eap_types = no
  516. cisco_accounting_username_bug = no
  517. max_sessions = 20000
  518. }
  519. # Loaded module rlm_linelog
  520. # Loading module "linelog" from file raddb//mods-enabled/linelog
  521. linelog {
  522. filename = "/usr/local/pf/logs/radius.log"
  523. escape_filenames = no
  524. syslog_severity = "info"
  525. permissions = 384
  526. format = "This is a log message for %{User-Name}"
  527. reference = "messages.%{%{reply:Packet-Type}:-default}"
  528. }
  529. # Loading module "log_accounting" from file raddb//mods-enabled/linelog
  530. linelog log_accounting {
  531. filename = "/usr/local/pf/logs/linelog-accounting"
  532. escape_filenames = no
  533. syslog_severity = "info"
  534. permissions = 384
  535. format = ""
  536. reference = "Accounting-Request.%{%{Acct-Status-Type}:-unknown}"
  537. }
  538. # Loaded module rlm_digest
  539. # Loading module "digest" from file raddb//mods-enabled/digest
  540. # Loaded module rlm_always
  541. # Loading module "reject" from file raddb//mods-enabled/always
  542. always reject {
  543. rcode = "reject"
  544. simulcount = 0
  545. mpp = no
  546. }
  547. # Loading module "fail" from file raddb//mods-enabled/always
  548. always fail {
  549. rcode = "fail"
  550. simulcount = 0
  551. mpp = no
  552. }
  553. # Loading module "ok" from file raddb//mods-enabled/always
  554. always ok {
  555. rcode = "ok"
  556. simulcount = 0
  557. mpp = no
  558. }
  559. # Loading module "handled" from file raddb//mods-enabled/always
  560. always handled {
  561. rcode = "handled"
  562. simulcount = 0
  563. mpp = no
  564. }
  565. # Loading module "invalid" from file raddb//mods-enabled/always
  566. always invalid {
  567. rcode = "invalid"
  568. simulcount = 0
  569. mpp = no
  570. }
  571. # Loading module "userlock" from file raddb//mods-enabled/always
  572. always userlock {
  573. rcode = "userlock"
  574. simulcount = 0
  575. mpp = no
  576. }
  577. # Loading module "notfound" from file raddb//mods-enabled/always
  578. always notfound {
  579. rcode = "notfound"
  580. simulcount = 0
  581. mpp = no
  582. }
  583. # Loading module "noop" from file raddb//mods-enabled/always
  584. always noop {
  585. rcode = "noop"
  586. simulcount = 0
  587. mpp = no
  588. }
  589. # Loading module "updated" from file raddb//mods-enabled/always
  590. always updated {
  591. rcode = "updated"
  592. simulcount = 0
  593. mpp = no
  594. }
  595. # Loaded module rlm_chap
  596. # Loading module "chap" from file raddb//mods-enabled/chap
  597. # Loading module "exec" from file raddb//mods-enabled/exec
  598. exec {
  599. wait = no
  600. input_pairs = "request"
  601. shell_escape = yes
  602. timeout = 10
  603. }
  604. # Loaded module rlm_utf8
  605. # Loading module "utf8" from file raddb//mods-enabled/utf8
  606. # Loading module "detail" from file raddb//mods-enabled/detail
  607. detail {
  608. filename = "/usr/local/pf/logs/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d"
  609. header = "%t"
  610. permissions = 384
  611. locking = no
  612. escape_filenames = no
  613. log_packet_header = no
  614. }
  615. # Loaded module rlm_expr
  616. # Loading module "expr" from file raddb//mods-enabled/expr
  617. expr {
  618. safe_characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /äéöüàâæçèéêëîïôœùûüaÿÄÉÖÜßÀÂÆÇÈÉÊËÎÏÔŒÙÛÜŸ"
  619. }
  620. # Loading module "ntlm_auth" from file raddb//mods-enabled/ntlm_auth
  621. exec ntlm_auth {
  622. wait = yes
  623. program = "/path/to/ntlm_auth --request-nt-key --domain=MYDOMAIN --username=%{mschap:User-Name} --password=%{User-Password}"
  624. shell_escape = yes
  625. }
  626. # Loaded module rlm_cache
  627. # Loading module "cache_eap" from file raddb//mods-enabled/cache_eap
  628. cache cache_eap {
  629. driver = "rlm_cache_rbtree"
  630. key = "%{%{control:State}:-%{%{reply:State}:-%{State}}}"
  631. ttl = 15
  632. max_entries = 0
  633. epoch = 0
  634. add_stats = no
  635. }
  636. # Loaded module rlm_realm
  637. # Loading module "IPASS" from file raddb//mods-enabled/realm
  638. realm IPASS {
  639. format = "prefix"
  640. delimiter = "/"
  641. ignore_default = no
  642. ignore_null = no
  643. }
  644. # Loading module "suffix" from file raddb//mods-enabled/realm
  645. realm suffix {
  646. format = "suffix"
  647. delimiter = "@"
  648. ignore_default = no
  649. ignore_null = yes
  650. }
  651. # Loading module "realmpercent" from file raddb//mods-enabled/realm
  652. realm realmpercent {
  653. format = "suffix"
  654. delimiter = "%"
  655. ignore_default = no
  656. ignore_null = no
  657. }
  658. # Loading module "ntdomain" from file raddb//mods-enabled/realm
  659. realm ntdomain {
  660. format = "prefix"
  661. delimiter = "\\"
  662. ignore_default = no
  663. ignore_null = no
  664. }
  665. # Loaded module rlm_unix
  666. # Loading module "unix" from file raddb//mods-enabled/unix
  667. unix {
  668. radwtmp = "/usr/local/pf/logs/radwtmp"
  669. }
  670. Creating attribute Unix-Group
  671. # Loaded module rlm_sql
  672. # Loading module "sql" from file raddb//mods-enabled/sql
  673. sql {
  674. driver = "rlm_sql_mysql"
  675. server = "172.20.20.109"
  676. port = 3306
  677. login = "pf"
  678. password = <<< secret >>>
  679. radius_db = "pf"
  680. read_groups = yes
  681. read_profiles = yes
  682. read_clients = yes
  683. delete_stale_sessions = yes
  684. sql_user_name = "%{User-Name}"
  685. default_user_profile = ""
  686. client_query = "SELECT id, nasname, shortname, type, secret, server FROM radius_nas"
  687. authorize_check_query = "SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id"
  688. authorize_reply_query = "SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id"
  689. authorize_group_check_query = "SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{SQL-Group}' ORDER BY id"
  690. authorize_group_reply_query = "SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{SQL-Group}' ORDER BY id"
  691. group_membership_query = "SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority"
  692. simul_verify_query = "SELECT radacctid, acctsessionid, username, nasipaddress, nasportid, framedipaddress, callingstationid, framedprotocol FROM radacct WHERE username = '%{SQL-User-Name}' AND acctstoptime IS NULL"
  693. safe_characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
  694. accounting {
  695. reference = "%{tolower:type.%{Acct-Status-Type}.query}"
  696. type {
  697. accounting-on {
  698. query = "UPDATE radacct SET acctstoptime = FROM_UNIXTIME(%{integer:Event-Timestamp}), acctsessiontime = '%{integer:Event-Timestamp}' - UNIX_TIMESTAMP(acctstarttime), acctterminatecause = '%{%{Acct-Terminate-Cause}:-NAS-Reboot}' WHERE acctstoptime IS NULL AND nasipaddress = '%{NAS-IP-Address}' AND acctstarttime <= FROM_UNIXTIME(%{integer:Event-Timestamp})"
  699. }
  700. accounting-off {
  701. query = "UPDATE radacct SET acctstoptime = FROM_UNIXTIME(%{integer:Event-Timestamp}), acctsessiontime = '%{integer:Event-Timestamp}' - UNIX_TIMESTAMP(acctstarttime), acctterminatecause = '%{%{Acct-Terminate-Cause}:-NAS-Reboot}' WHERE acctstoptime IS NULL AND nasipaddress = '%{NAS-IP-Address}' AND acctstarttime <= FROM_UNIXTIME(%{integer:Event-Timestamp})"
  702. }
  703. start {
  704. query = "CALL acct_start ( '%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{%{NAS-Port-ID}:-%{NAS-Port}}', '%{NAS-Port-Type}', FROM_UNIXTIME(%{integer:Event-Timestamp}), FROM_UNIXTIME(%{integer:Event-Timestamp}), NULL, '0', '%{Acct-Authentic}', '%{Connect-Info}', '', '0', '0', '%{Called-Station-Id}', '%{Calling-Station-Id}', '', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '%{Acct-Status-Type}')"
  705. }
  706. interim-update {
  707. query = "CALL acct_update ( FROM_UNIXTIME(%{integer:Event-Timestamp}), '%{Framed-IP-Address}', %{%{Acct-Session-Time}:-NULL}, '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}', '%{Acct-Unique-Session-Id}', '%{Acct-Session-Id}', '%{SQL-User-Name}', '%{NAS-IP-Address}', '%{Acct-Status-Type}')"
  708. }
  709. stop {
  710. query = "CALL acct_stop ( FROM_UNIXTIME(%{integer:Event-Timestamp}), %{%{Acct-Session-Time}:-NULL}, '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}', '%{Acct-Terminate-Cause}', '%{Connect-Info}', '%{Acct-Unique-Session-Id}', '%{Acct-Session-Id}', '%{SQL-User-Name}', '%{NAS-IP-Address}', '%{Acct-Status-Type}')"
  711. }
  712. }
  713. }
  714. post-auth {
  715. reference = "type.accept.query"
  716. }
  717. }
  718. rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked
  719. Creating attribute SQL-Group
  720. # Loading module "pfguest" from file raddb//mods-enabled/sql
  721. sql pfguest {
  722. driver = "rlm_sql_mysql"
  723. server = "172.20.20.109"
  724. port = 3306
  725. login = "pf"
  726. password = <<< secret >>>
  727. radius_db = "pf"
  728. read_groups = yes
  729. read_profiles = yes
  730. read_clients = no
  731. delete_stale_sessions = yes
  732. sql_user_name = "%{User-Name}"
  733. default_user_profile = ""
  734. client_query = "SELECT id,nasname,shortname,type,secret FROM nas"
  735. authorize_check_query = "SELECT 1, pid, "Cleartext-Password", password, ":=" FROM password JOIN activation using (pid) WHERE pid = '%{SQL-User-Name}' AND (SELECT type from activation WHERE pid='%{SQL-User-Name}' ORDER BY code_id DESC LIMIT 1) = "guest" AND now() <= password.unregdate LIMIT 1 "
  736. group_membership_query = "select 1"
  737. safe_characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
  738. accounting {
  739. reference = ".query"
  740. type {
  741. accounting-on {
  742. }
  743. accounting-off {
  744. }
  745. start {
  746. }
  747. interim-update {
  748. }
  749. stop {
  750. }
  751. }
  752. }
  753. post-auth {
  754. reference = ".query"
  755. }
  756. }
  757. rlm_sql (pfguest): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked
  758. Creating attribute pfguest-SQL-Group
  759. # Loading module "pfsponsor" from file raddb//mods-enabled/sql
  760. sql pfsponsor {
  761. driver = "rlm_sql_mysql"
  762. server = "172.20.20.109"
  763. port = 3306
  764. login = "pf"
  765. password = <<< secret >>>
  766. radius_db = "pf"
  767. read_groups = yes
  768. read_profiles = yes
  769. read_clients = no
  770. delete_stale_sessions = yes
  771. sql_user_name = "%{User-Name}"
  772. default_user_profile = ""
  773. client_query = "SELECT id,nasname,shortname,type,secret FROM nas"
  774. authorize_check_query = "SELECT 1, pid, "Cleartext-Password", password, ":=" FROM password JOIN activation using (pid) WHERE pid = '%{SQL-User-Name}' AND (SELECT type from activation WHERE pid='%{SQL-User-Name}' ORDER BY code_id DESC LIMIT 1) = "sponsor" AND now() <= password.unregdate LIMIT 1 "
  775. group_membership_query = "select 1"
  776. safe_characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
  777. accounting {
  778. reference = ".query"
  779. type {
  780. accounting-on {
  781. }
  782. accounting-off {
  783. }
  784. start {
  785. }
  786. interim-update {
  787. }
  788. stop {
  789. }
  790. }
  791. }
  792. post-auth {
  793. reference = ".query"
  794. }
  795. }
  796. rlm_sql (pfsponsor): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked
  797. Creating attribute pfsponsor-SQL-Group
  798. # Loading module "pfsms" from file raddb//mods-enabled/sql
  799. sql pfsms {
  800. driver = "rlm_sql_mysql"
  801. server = "172.20.20.109"
  802. port = 3306
  803. login = "pf"
  804. password = <<< secret >>>
  805. radius_db = "pf"
  806. read_groups = yes
  807. read_profiles = yes
  808. read_clients = no
  809. delete_stale_sessions = yes
  810. sql_user_name = "%{User-Name}"
  811. default_user_profile = ""
  812. client_query = "SELECT id,nasname,shortname,type,secret FROM nas"
  813. authorize_check_query = "SELECT 1, pid, "Cleartext-Password", password, ":=" FROM password JOIN activation using (pid) WHERE pid = '%{SQL-User-Name}' AND (SELECT type from activation WHERE pid='%{SQL-User-Name}' ORDER BY code_id DESC LIMIT 1) = "sms" AND now() <= password.unregdate LIMIT 1 "
  814. group_membership_query = "select 1"
  815. safe_characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
  816. accounting {
  817. reference = ".query"
  818. type {
  819. accounting-on {
  820. }
  821. accounting-off {
  822. }
  823. start {
  824. }
  825. interim-update {
  826. }
  827. stop {
  828. }
  829. }
  830. }
  831. post-auth {
  832. reference = ".query"
  833. }
  834. }
  835. rlm_sql (pfsms): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked
  836. Creating attribute pfsms-SQL-Group
  837. # Loading module "pflocal" from file raddb//mods-enabled/sql
  838. sql pflocal {
  839. driver = "rlm_sql_mysql"
  840. server = "172.20.20.109"
  841. port = 3306
  842. login = "pf"
  843. password = <<< secret >>>
  844. radius_db = "pf"
  845. read_groups = yes
  846. read_profiles = yes
  847. read_clients = no
  848. delete_stale_sessions = yes
  849. sql_user_name = "%{User-Name}"
  850. default_user_profile = ""
  851. client_query = "SELECT id,nasname,shortname,type,secret FROM nas"
  852. authorize_check_query = "SELECT 1, pid, "Cleartext-Password", password, ":=" FROM password WHERE pid = '%{SQL-User-Name}' AND NOT EXISTS (SELECT pid FROM activation WHERE pid = '%{SQL-User-Name}') "
  853. group_membership_query = "select 1"
  854. safe_characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
  855. accounting {
  856. reference = ".query"
  857. type {
  858. accounting-on {
  859. }
  860. accounting-off {
  861. }
  862. start {
  863. }
  864. interim-update {
  865. }
  866. stop {
  867. }
  868. }
  869. }
  870. post-auth {
  871. reference = ".query"
  872. }
  873. }
  874. rlm_sql (pflocal): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked
  875. Creating attribute pflocal-SQL-Group
  876. instantiate {
  877. # Instantiating module "redis" from file raddb//mods-enabled/redis
  878. rlm_redis (redis): Initialising connection pool
  879. pool {
  880. start = 5
  881. min = 3
  882. max = 64
  883. spare = 10
  884. uses = 0
  885. lifetime = 86400
  886. cleanup_interval = 300
  887. idle_timeout = 600
  888. retry_delay = 30
  889. spread = no
  890. }
  891. rlm_redis (redis): Opening additional connection (0), 1 of 64 pending slots used
  892. rlm_redis (redis): Opening additional connection (1), 1 of 63 pending slots used
  893. rlm_redis (redis): Opening additional connection (2), 1 of 62 pending slots used
  894. rlm_redis (redis): Opening additional connection (3), 1 of 61 pending slots used
  895. rlm_redis (redis): Opening additional connection (4), 1 of 60 pending slots used
  896. # Instantiating module "sql" from file raddb//mods-enabled/sql
  897. rlm_sql_mysql: libmysql version: 5.1.73
  898. mysql {
  899. tls {
  900. }
  901. warnings = "auto"
  902. }
  903. rlm_sql (sql): Attempting to connect to database "pf"
  904. rlm_sql (sql): Initialising connection pool
  905. pool {
  906. start = 5
  907. min = 3
  908. max = 64
  909. spare = 10
  910. uses = 0
  911. lifetime = 0
  912. cleanup_interval = 30
  913. idle_timeout = 60
  914. retry_delay = 30
  915. spread = no
  916. }
  917. rlm_sql (sql): Opening additional connection (0), 1 of 64 pending slots used
  918. rlm_sql_mysql: Starting connect to MySQL server
  919. rlm_sql_mysql: Connected to database 'pf' on 172.20.20.109 via TCP/IP, server version 5.1.73, protocol version 10
  920. rlm_sql (sql): Opening additional connection (1), 1 of 63 pending slots used
  921. rlm_sql_mysql: Starting connect to MySQL server
  922. rlm_sql_mysql: Connected to database 'pf' on 172.20.20.109 via TCP/IP, server version 5.1.73, protocol version 10
  923. rlm_sql (sql): Opening additional connection (2), 1 of 62 pending slots used
  924. rlm_sql_mysql: Starting connect to MySQL server
  925. rlm_sql_mysql: Connected to database 'pf' on 172.20.20.109 via TCP/IP, server version 5.1.73, protocol version 10
  926. rlm_sql (sql): Opening additional connection (3), 1 of 61 pending slots used
  927. rlm_sql_mysql: Starting connect to MySQL server
  928. rlm_sql_mysql: Connected to database 'pf' on 172.20.20.109 via TCP/IP, server version 5.1.73, protocol version 10
  929. rlm_sql (sql): Opening additional connection (4), 1 of 60 pending slots used
  930. rlm_sql_mysql: Starting connect to MySQL server
  931. rlm_sql_mysql: Connected to database 'pf' on 172.20.20.109 via TCP/IP, server version 5.1.73, protocol version 10
  932. rlm_sql (sql): Processing generate_sql_clients
  933. rlm_sql (sql) in generate_sql_clients: query is SELECT id, nasname, shortname, type, secret, server FROM radius_nas
  934. rlm_sql (sql): Reserved connection (0)
  935. rlm_sql (sql): Executing select query: SELECT id, nasname, shortname, type, secret, server FROM radius_nas
  936. rlm_sql (sql): Released connection (0)
  937. rlm_sql (sql): Need 5 more connections to reach 10 spares
  938. rlm_sql (sql): Opening additional connection (5), 1 of 59 pending slots used
  939. rlm_sql_mysql: Starting connect to MySQL server
  940. rlm_sql_mysql: Connected to database 'pf' on 172.20.20.109 via TCP/IP, server version 5.1.73, protocol version 10
  941. # Instantiating module "rest" from file raddb//mods-enabled/rest
  942. authorize {
  943. uri = "http://127.0.0.1:7070//user/%{User-Name}/mac/%{Called-Station-ID}?action=authorize"
  944. method = "get"
  945. body = "none"
  946. auth = "none"
  947. require_auth = no
  948. timeout = 4.000000
  949. chunk = 0
  950. tls {
  951. check_cert = yes
  952. check_cert_cn = yes
  953. }
  954. }
  955. authenticate {
  956. uri = "http://127.0.0.1:7070//user/%{User-Name}/mac/%{Called-Station-ID}?action=authenticate"
  957. method = "get"
  958. body = "none"
  959. auth = "none"
  960. require_auth = no
  961. timeout = 4.000000
  962. chunk = 0
  963. tls {
  964. check_cert = yes
  965. check_cert_cn = yes
  966. }
  967. }
  968. accounting {
  969. uri = "http://127.0.0.1:7070//user/%{User-Name}/sessions/%{Acct-Unique-Session-ID}"
  970. method = "post"
  971. body = "none"
  972. auth = "none"
  973. require_auth = no
  974. timeout = 4.000000
  975. chunk = 0
  976. tls {
  977. check_cert = yes
  978. check_cert_cn = yes
  979. }
  980. }
  981. post-auth {
  982. uri = "http://127.0.0.1:7070//radius/rest/authorize"
  983. method = "post"
  984. body = "json"
  985. auth = "none"
  986. require_auth = no
  987. timeout = 4.000000
  988. chunk = 0
  989. tls {
  990. check_cert = yes
  991. check_cert_cn = yes
  992. }
  993. }
  994. rlm_rest: libcurl version: libcurl/7.19.7 NSS/3.19.1 Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2
  995. rlm_rest (rest): Initialising connection pool
  996. pool {
  997. start = 5
  998. min = 3
  999. max = 64
  1000. spare = 10
  1001. uses = 0
  1002. lifetime = 0
  1003. cleanup_interval = 30
  1004. idle_timeout = 60
  1005. retry_delay = 30
  1006. spread = no
  1007. }
  1008. rlm_rest (rest): Opening additional connection (0), 1 of 64 pending slots used
  1009. rlm_rest (rest): Connecting to "http://127.0.0.1:7070/"
  1010. rlm_rest (rest): Opening additional connection (1), 1 of 63 pending slots used
  1011. rlm_rest (rest): Connecting to "http://127.0.0.1:7070/"
  1012. rlm_rest (rest): Opening additional connection (2), 1 of 62 pending slots used
  1013. rlm_rest (rest): Connecting to "http://127.0.0.1:7070/"
  1014. rlm_rest (rest): Opening additional connection (3), 1 of 61 pending slots used
  1015. rlm_rest (rest): Connecting to "http://127.0.0.1:7070/"
  1016. rlm_rest (rest): Opening additional connection (4), 1 of 60 pending slots used
  1017. rlm_rest (rest): Connecting to "http://127.0.0.1:7070/"
  1018. # Instantiating module "raw" from file raddb//mods-enabled/raw
  1019. }
  1020. # Instantiating module "attr_filter.post-proxy" from file raddb//mods-enabled/attr_filter
  1021. reading pairlist file raddb//mods-config/attr_filter/post-proxy
  1022. # Instantiating module "attr_filter.pre-proxy" from file raddb//mods-enabled/attr_filter
  1023. reading pairlist file raddb//mods-config/attr_filter/pre-proxy
  1024. # Instantiating module "attr_filter.access_reject" from file raddb//mods-enabled/attr_filter
  1025. reading pairlist file raddb//mods-config/attr_filter/access_reject
  1026. [raddb//mods-config/attr_filter/access_reject]:11 Check item "FreeRADIUS-Response-Delay" found in filter list for realm "DEFAULT".
  1027. [raddb//mods-config/attr_filter/access_reject]:11 Check item "FreeRADIUS-Response-Delay-USec" found in filter list for realm "DEFAULT".
  1028. # Instantiating module "attr_filter.access_challenge" from file raddb//mods-enabled/attr_filter
  1029. reading pairlist file raddb//mods-config/attr_filter/access_challenge
  1030. # Instantiating module "attr_filter.accounting_response" from file raddb//mods-enabled/attr_filter
  1031. reading pairlist file raddb//mods-config/attr_filter/accounting_response
  1032. # Instantiating module "attr_filter.packetfence_post_auth" from file raddb//mods-enabled/attr_filter
  1033. reading pairlist file raddb//mods-config/attr_filter/packetfence-post-auth
  1034. # Instantiating module "preprocess" from file raddb//mods-enabled/preprocess
  1035. reading pairlist file raddb//mods-config/preprocess/huntgroups
  1036. reading pairlist file raddb//mods-config/preprocess/hints
  1037. # Instantiating module "logintime" from file raddb//mods-enabled/logintime
  1038. # Instantiating module "mschap" from file raddb//mods-enabled/mschap
  1039. rlm_mschap (mschap): authenticating by calling 'ntlm_auth'
  1040. # Instantiating module "chrooted_mschap" from file raddb//mods-enabled/mschap
  1041. rlm_mschap (chrooted_mschap): authenticating by calling 'ntlm_auth'
  1042. # Instantiating module "perl" from file raddb//mods-enabled/perl
  1043. # Instantiating module "packetfence" from file raddb//mods-enabled/perl
  1044. # Instantiating module "packetfence-soh" from file raddb//mods-enabled/perl
  1045. # Instantiating module "packetfence-multi-domain" from file raddb//mods-enabled/perl
  1046. # Instantiating module "auth_log" from file raddb//mods-enabled/detail.log
  1047. rlm_detail (auth_log): 'User-Password' suppressed, will not appear in detail output
  1048. # Instantiating module "reply_log" from file raddb//mods-enabled/detail.log
  1049. # Instantiating module "pre_proxy_log" from file raddb//mods-enabled/detail.log
  1050. # Instantiating module "post_proxy_log" from file raddb//mods-enabled/detail.log
  1051. # Instantiating module "files" from file raddb//mods-enabled/files
  1052. reading pairlist file raddb//mods-config/files/authorize
  1053. reading pairlist file raddb//mods-config/files/accounting
  1054. reading pairlist file raddb//mods-config/files/pre-proxy
  1055. # Instantiating module "expiration" from file raddb//mods-enabled/expiration
  1056. # Instantiating module "etc_passwd" from file raddb//mods-enabled/passwd
  1057. rlm_passwd: nfields: 3 keyfield 0(User-Name) listable: no
  1058. # Instantiating module "pap" from file raddb//mods-enabled/pap
  1059. # Instantiating module "eap" from file raddb//mods-enabled/eap
  1060. # Linked to sub-module rlm_eap_md5
  1061. # Linked to sub-module rlm_eap_leap
  1062. # Linked to sub-module rlm_eap_gtc
  1063. gtc {
  1064. challenge = "Password: "
  1065. auth_type = "PAP"
  1066. }
  1067. # Linked to sub-module rlm_eap_tls
  1068. tls {
  1069. tls = "tls-common"
  1070. }
  1071. tls-config tls-common {
  1072. verify_depth = 0
  1073. ca_path = "raddb//certs"
  1074. pem_file_type = yes
  1075. private_key_file = "/usr/local/pf/raddb/certs/server.key"
  1076. certificate_file = "/usr/local/pf/raddb/certs/server.crt"
  1077. ca_file = "/usr/local/pf/raddb/certs/ca.pem"
  1078. dh_file = "raddb//certs/dh"
  1079. fragment_size = 1024
  1080. include_length = yes
  1081. auto_chain = yes
  1082. check_crl = no
  1083. check_all_crl = no
  1084. cipher_list = "DEFAULT"
  1085. ecdh_curve = "prime256v1"
  1086. cache {
  1087. enable = no
  1088. lifetime = 24
  1089. max_entries = 255
  1090. }
  1091. verify {
  1092. skip_if_ocsp_ok = no
  1093. }
  1094. ocsp {
  1095. enable = no
  1096. override_cert_url = yes
  1097. url = "http://127.0.0.1/ocsp/"
  1098. use_nonce = yes
  1099. timeout = 0
  1100. softfail = no
  1101. }
  1102. }
  1103. # Linked to sub-module rlm_eap_ttls
  1104. ttls {
  1105. tls = "tls-common"
  1106. default_eap_type = "md5"
  1107. copy_request_to_tunnel = yes
  1108. use_tunneled_reply = yes
  1109. virtual_server = "packetfence-tunnel"
  1110. include_length = yes
  1111. require_client_cert = no
  1112. }
  1113. tls: Using cached TLS configuration from previous invocation
  1114. # Linked to sub-module rlm_eap_peap
  1115. peap {
  1116. tls = "tls-common"
  1117. default_eap_type = "mschapv2"
  1118. copy_request_to_tunnel = yes
  1119. use_tunneled_reply = yes
  1120. proxy_tunneled_request_as_eap = yes
  1121. virtual_server = "packetfence-tunnel"
  1122. soh = no
  1123. require_client_cert = no
  1124. }
  1125. tls: Using cached TLS configuration from previous invocation
  1126. # Linked to sub-module rlm_eap_mschapv2
  1127. mschapv2 {
  1128. with_ntdomain_hack = no
  1129. send_error = no
  1130. }
  1131. # Instantiating module "linelog" from file raddb//mods-enabled/linelog
  1132. # Instantiating module "log_accounting" from file raddb//mods-enabled/linelog
  1133. # Instantiating module "reject" from file raddb//mods-enabled/always
  1134. # Instantiating module "fail" from file raddb//mods-enabled/always
  1135. # Instantiating module "ok" from file raddb//mods-enabled/always
  1136. # Instantiating module "handled" from file raddb//mods-enabled/always
  1137. # Instantiating module "invalid" from file raddb//mods-enabled/always
  1138. # Instantiating module "userlock" from file raddb//mods-enabled/always
  1139. # Instantiating module "notfound" from file raddb//mods-enabled/always
  1140. # Instantiating module "noop" from file raddb//mods-enabled/always
  1141. # Instantiating module "updated" from file raddb//mods-enabled/always
  1142. # Instantiating module "detail" from file raddb//mods-enabled/detail
  1143. # Instantiating module "cache_eap" from file raddb//mods-enabled/cache_eap
  1144. rlm_cache (cache_eap): Driver rlm_cache_rbtree (module rlm_cache_rbtree) loaded and linked
  1145. # Instantiating module "IPASS" from file raddb//mods-enabled/realm
  1146. # Instantiating module "suffix" from file raddb//mods-enabled/realm
  1147. # Instantiating module "realmpercent" from file raddb//mods-enabled/realm
  1148. # Instantiating module "ntdomain" from file raddb//mods-enabled/realm
  1149. # Instantiating module "pfguest" from file raddb//mods-enabled/sql
  1150. mysql {
  1151. tls {
  1152. }
  1153. warnings = "auto"
  1154. }
  1155. rlm_sql (pfguest): Attempting to connect to database "pf"
  1156. # Instantiating module "pfsponsor" from file raddb//mods-enabled/sql
  1157. mysql {
  1158. tls {
  1159. }
  1160. warnings = "auto"
  1161. }
  1162. rlm_sql (pfsponsor): Attempting to connect to database "pf"
  1163. # Instantiating module "pfsms" from file raddb//mods-enabled/sql
  1164. mysql {
  1165. tls {
  1166. }
  1167. warnings = "auto"
  1168. }
  1169. rlm_sql (pfsms): Attempting to connect to database "pf"
  1170. # Instantiating module "pflocal" from file raddb//mods-enabled/sql
  1171. mysql {
  1172. tls {
  1173. }
  1174. warnings = "auto"
  1175. }
  1176. rlm_sql (pflocal): Attempting to connect to database "pf"
  1177. } # modules
  1178. auth: #### Loading Virtual Servers ####
  1179. server { # from file raddb//auth.conf
  1180. } # server
  1181. server soh-server { # from file raddb//sites-enabled/packetfence-soh
  1182. # Loading authorize {...}
  1183. } # server soh-server
  1184. server packetfence { # from file raddb//sites-enabled/packetfence
  1185. # Loading authenticate {...}
  1186. # Loading authorize {...}
  1187. # Loading preacct {...}
  1188. # Loading accounting {...}
  1189. # Loading post-proxy {...}
  1190. # Loading post-auth {...}
  1191. } # server packetfence
  1192. server dynamic_clients { # from file raddb//sites-enabled/dynamic-clients
  1193. # Loading authorize {...}
  1194. } # server dynamic_clients
  1195. server packetfence-tunnel { # from file raddb//sites-enabled/packetfence-tunnel
  1196. # Loading authenticate {...}
  1197. # Loading authorize {...}
  1198. # Loading session {...}
  1199. # Loading post-proxy {...}
  1200. # Loading post-auth {...}
  1201. } # server packetfence-tunnel
  1202. auth: #### Opening IP addresses and Ports ####
  1203. listen {
  1204. type = "auth"
  1205. virtual_server = "packetfence"
  1206. ipaddr = 127.0.0.1
  1207. port = 18120
  1208. }
  1209. listen {
  1210. type = "auth"
  1211. virtual_server = "packetfence"
  1212. ipaddr = 172.20.20.109
  1213. port = 0
  1214. }
  1215. listen {
  1216. type = "control"
  1217. listen {
  1218. socket = "/usr/local/pf/var/run/radiusd.sock"
  1219. mode = "rw"
  1220. peercred = yes
  1221. }
  1222. }
  1223. Listening on auth address 127.0.0.1 port 18120 bound to server packetfence
  1224. Listening on auth address 172.20.20.109 port 1812 bound to server packetfence
  1225. Listening on command file /usr/local/pf/var/run/radiusd.sock
  1226. Listening on proxy address * port 42211
  1227. Ready to process requests
  1228. (0) server dynamic_clients {
  1229. (0) # Executing section authorize from file raddb//sites-enabled/dynamic-clients
  1230. (0) authorize {
  1231. (0) if ("%{raw:Called-Station-Id}" =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})/) {
  1232. rlm_raw: Called-Station-Id = ?
  1233. (0) EXPAND %{raw:Called-Station-Id}
  1234. (0) --> ?
  1235. (0) if ("%{raw:Called-Station-Id}" =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})/) -> FALSE
  1236. (0) if (! &control:Tmp-String-8) {
  1237. (0) if (! &control:Tmp-String-8) -> TRUE
  1238. (0) if (! &control:Tmp-String-8) {
  1239. (0) update control {
  1240. (0) EXPAND %{User-Name}
  1241. (0) -->
  1242. (0) SQL-User-Name set to ''
  1243. rlm_sql (sql): Reserved connection (1)
  1244. (0) Executing select query: SELECT nasname FROM radius_nas WHERE nasname = '172.20.110.250'
  1245. (0) SQL query returned no results
  1246. rlm_sql (sql): Released connection (1)
  1247. rlm_sql (sql): Need 4 more connections to reach 10 spares
  1248. rlm_sql (sql): Opening additional connection (6), 1 of 58 pending slots used
  1249. rlm_sql_mysql: Starting connect to MySQL server
  1250. rlm_sql_mysql: Connected to database 'pf' on 172.20.20.109 via TCP/IP, server version 5.1.73, protocol version 10
  1251. (0) EXPAND %{sql: SELECT nasname FROM radius_nas WHERE nasname = '%{Packet-Src-IP-Address}'}
  1252. (0) -->
  1253. (0) &Tmp-String-8 :=
  1254. (0) } # update control = noop
  1255. (0) } # if (! &control:Tmp-String-8) = noop
  1256. (0) if (! &control:Tmp-String-8) {
  1257. (0) if (! &control:Tmp-String-8) -> FALSE
  1258. (0) if (&control:Tmp-String-8 ) {
  1259. (0) if (&control:Tmp-String-8 ) -> TRUE
  1260. (0) if (&control:Tmp-String-8 ) {
  1261. (0) update control {
  1262. (0) EXPAND %{Packet-Src-IP-Address}
  1263. (0) --> 172.20.110.250
  1264. (0) &FreeRADIUS-Client-IP-Address = 172.20.110.250
  1265. (0) EXPAND %{User-Name}
  1266. (0) -->
  1267. (0) SQL-User-Name set to ''
  1268. rlm_sql (sql): Reserved connection (2)
  1269. (0) Executing select query: SELECT shortname FROM radius_nas WHERE nasname = ''
  1270. (0) SQL query returned no results
  1271. rlm_sql (sql): Released connection (2)
  1272. (0) EXPAND %{sql: SELECT shortname FROM radius_nas WHERE nasname = '%{control:Tmp-String-8}'}
  1273. (0) -->
  1274. (0) &FreeRADIUS-Client-Shortname =
  1275. (0) EXPAND %{User-Name}
  1276. (0) -->
  1277. (0) SQL-User-Name set to ''
  1278. rlm_sql (sql): Reserved connection (3)
  1279. (0) Executing select query: SELECT secret FROM radius_nas WHERE nasname = ''
  1280. (0) SQL query returned no results
  1281. rlm_sql (sql): Released connection (3)
  1282. (0) EXPAND %{sql: SELECT secret FROM radius_nas WHERE nasname = '%{control:Tmp-String-8}'}
  1283. (0) -->
  1284. (0) &FreeRADIUS-Client-Secret =
  1285. (0) EXPAND %{User-Name}
  1286. (0) -->
  1287. (0) SQL-User-Name set to ''
  1288. rlm_sql (sql): Reserved connection (4)
  1289. (0) Executing select query: SELECT type FROM radius_nas WHERE nasname = ''
  1290. (0) SQL query returned no results
  1291. rlm_sql (sql): Released connection (4)
  1292. (0) EXPAND %{sql: SELECT type FROM radius_nas WHERE nasname = '%{control:Tmp-String-8}'}
  1293. (0) -->
  1294. (0) &FreeRADIUS-Client-NAS-Type =
  1295. (0) } # update control = noop
  1296. (0) [ok] = ok
  1297. (0) } # if (&control:Tmp-String-8 ) = ok
  1298. (0) } # authorize = ok
  1299. (0) } # server dynamic_clients
  1300. (0) Converting control list to client fields
  1301. (0) ipv4addr = 172.20.110.250
  1302. (0) ipv4addr = 172.20.110.250
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!