API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Nov 25th, 2016
97
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 27.92 KB | None | 0 0
raw download clone embed print report
  1. sudo freeradius -X
  2.  
  3. FreeRADIUS Version 3.0.13
  4. Copyright (C) 1999-2016 The FreeRADIUS server project and contributors
  5. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
  6. PARTICULAR PURPOSE
  7. You may redistribute copies of FreeRADIUS under the terms of the
  8. GNU General Public License
  9. For more information about these matters, see the file named COPYRIGHT
  10. Starting - reading configuration files ...
  11. including dictionary file /usr/share/freeradius/dictionary
  12. including dictionary file /usr/share/freeradius/dictionary.dhcp
  13. including dictionary file /usr/share/freeradius/dictionary.vqp
  14. including dictionary file /etc/freeradius/dictionary
  15. including configuration file /etc/freeradius/radiusd.conf
  16. including configuration file /etc/freeradius/proxy.conf
  17. including configuration file /etc/freeradius/clients.conf
  18. including files in directory /etc/freeradius/mods-enabled/
  19. including configuration file /etc/freeradius/mods-enabled/replicate
  20. including configuration file /etc/freeradius/mods-enabled/pap
  21. including configuration file /etc/freeradius/mods-enabled/mschap
  22. including configuration file /etc/freeradius/mods-enabled/soh
  23. including configuration file /etc/freeradius/mods-enabled/dynamic_clients
  24. including configuration file /etc/freeradius/mods-enabled/unpack
  25. including configuration file /etc/freeradius/mods-enabled/preprocess
  26. including configuration file /etc/freeradius/mods-enabled/exec
  27. including configuration file /etc/freeradius/mods-enabled/expr
  28. including configuration file /etc/freeradius/mods-enabled/ntlm_auth
  29. including configuration file /etc/freeradius/mods-enabled/digest
  30. including configuration file /etc/freeradius/mods-enabled/realm
  31. including configuration file /etc/freeradius/mods-enabled/detail
  32. including configuration file /etc/freeradius/mods-enabled/logintime
  33. including configuration file /etc/freeradius/mods-enabled/utf8
  34. including configuration file /etc/freeradius/mods-enabled/files
  35. including configuration file /etc/freeradius/mods-enabled/always
  36. including configuration file /etc/freeradius/mods-enabled/unix
  37. including configuration file /etc/freeradius/mods-enabled/date
  38. including configuration file /etc/freeradius/mods-enabled/expiration
  39. including configuration file /etc/freeradius/mods-enabled/passwd
  40. including configuration file /etc/freeradius/mods-enabled/attr_filter
  41. including configuration file /etc/freeradius/mods-enabled/chap
  42. including configuration file /etc/freeradius/mods-enabled/sradutmp
  43. including configuration file /etc/freeradius/mods-enabled/eap
  44. including configuration file /etc/freeradius/mods-enabled/cache_eap
  45. including configuration file /etc/freeradius/mods-enabled/detail.log
  46. including configuration file /etc/freeradius/mods-enabled/radutmp
  47. including configuration file /etc/freeradius/mods-enabled/echo
  48. including configuration file /etc/freeradius/mods-enabled/linelog
  49. including files in directory /etc/freeradius/policy.d/
  50. including configuration file /etc/freeradius/policy.d/debug
  51. including configuration file /etc/freeradius/policy.d/accounting
  52. including configuration file /etc/freeradius/policy.d/moonshot-targeted-ids
  53. including configuration file /etc/freeradius/policy.d/dhcp
  54. including configuration file /etc/freeradius/policy.d/canonicalization
  55. including configuration file /etc/freeradius/policy.d/abfab-tr
  56. including configuration file /etc/freeradius/policy.d/control
  57. including configuration file /etc/freeradius/policy.d/operator-name
  58. including configuration file /etc/freeradius/policy.d/eap
  59. including configuration file /etc/freeradius/policy.d/filter
  60. including configuration file /etc/freeradius/policy.d/cui
  61. including files in directory /etc/freeradius/sites-enabled/
  62. including configuration file /etc/freeradius/sites-enabled/inner-tunnel
  63. including configuration file /etc/freeradius/sites-enabled/default
  64. main {
  65. security {
  66. user = "freerad"
  67. group = "freerad"
  68. allow_core_dumps = no
  69. }
  70. name = "freeradius"
  71. prefix = "/usr"
  72. localstatedir = "/var"
  73. logdir = "/var/log/freeradius"
  74. run_dir = "/var/run/freeradius"
  75. }
  76. main {
  77. name = "freeradius"
  78. prefix = "/usr"
  79. localstatedir = "/var"
  80. sbindir = "/usr/sbin"
  81. logdir = "/var/log/freeradius"
  82. run_dir = "/var/run/freeradius"
  83. libdir = "/usr/lib/freeradius"
  84. radacctdir = "/var/log/freeradius/radacct"
  85. hostname_lookups = no
  86. max_request_time = 30
  87. cleanup_delay = 5
  88. max_requests = 16384
  89. pidfile = "/var/run/freeradius/freeradius.pid"
  90. checkrad = "/usr/sbin/checkrad"
  91. debug_level = 0
  92. proxy_requests = yes
  93. log {
  94. stripped_names = no
  95. auth = no
  96. auth_badpass = no
  97. auth_goodpass = no
  98. colourise = yes
  99. msg_denied = "You are already logged in - access denied"
  100. }
  101. resources {
  102. }
  103. security {
  104. max_attributes = 200
  105. reject_delay = 1.000000
  106. status_server = yes
  107. }
  108. }
  109. radiusd: #### Loading Realms and Home Servers ####
  110. proxy server {
  111. retry_delay = 5
  112. retry_count = 3
  113. default_fallback = no
  114. dead_time = 120
  115. wake_all_if_all_dead = no
  116. }
  117. home_server localhost {
  118. ipaddr = 127.0.0.1
  119. port = 1812
  120. type = "auth"
  121. secret = <<< secret >>>
  122. response_window = 20.000000
  123. response_timeouts = 1
  124. max_outstanding = 65536
  125. zombie_period = 40
  126. status_check = "status-server"
  127. ping_interval = 30
  128. check_interval = 30
  129. check_timeout = 4
  130. num_answers_to_alive = 3
  131. revive_interval = 120
  132. limit {
  133. max_connections = 16
  134. max_requests = 0
  135. lifetime = 0
  136. idle_timeout = 0
  137. }
  138. coa {
  139. irt = 2
  140. mrt = 16
  141. mrc = 5
  142. mrd = 30
  143. }
  144. }
  145. home_server_pool my_auth_failover {
  146. type = fail-over
  147. home_server = localhost
  148. }
  149. realm example.com {
  150. auth_pool = my_auth_failover
  151. }
  152. realm LOCAL {
  153. }
  154. radiusd: #### Loading Clients ####
  155. client localhost {
  156. ipaddr = 127.0.0.1
  157. require_message_authenticator = no
  158. secret = <<< secret >>>
  159. nas_type = "other"
  160. proto = "*"
  161. limit {
  162. max_connections = 16
  163. lifetime = 0
  164. idle_timeout = 30
  165. }
  166. }
  167. client localhost_ipv6 {
  168. ipv6addr = ::1
  169. require_message_authenticator = no
  170. secret = <<< secret >>>
  171. limit {
  172. max_connections = 16
  173. lifetime = 0
  174. idle_timeout = 30
  175. }
  176. }
  177. client ap29 {
  178. ipaddr = 10.0.0.29/32
  179. require_message_authenticator = no
  180. secret = <<< secret >>>
  181. limit {
  182. max_connections = 16
  183. lifetime = 0
  184. idle_timeout = 30
  185. }
  186. }
  187. Debugger not attached
  188. # Creating Auth-Type = mschap
  189. # Creating Auth-Type = eap
  190. # Creating Auth-Type = PAP
  191. # Creating Auth-Type = CHAP
  192. # Creating Auth-Type = MS-CHAP
  193. # Creating Auth-Type = digest
  194. radiusd: #### Instantiating modules ####
  195. modules {
  196. # Loaded module rlm_replicate
  197. # Loading module "replicate" from file /etc/freeradius/mods-enabled/replicate
  198. # Loaded module rlm_pap
  199. # Loading module "pap" from file /etc/freeradius/mods-enabled/pap
  200. pap {
  201. normalise = yes
  202. }
  203. # Loaded module rlm_mschap
  204. # Loading module "mschap" from file /etc/freeradius/mods-enabled/mschap
  205. mschap {
  206. use_mppe = yes
  207. require_encryption = no
  208. require_strong = no
  209. with_ntdomain_hack = yes
  210. passchange {
  211. }
  212. allow_retry = yes
  213. }
  214. # Loaded module rlm_soh
  215. # Loading module "soh" from file /etc/freeradius/mods-enabled/soh
  216. soh {
  217. dhcp = yes
  218. }
  219. # Loaded module rlm_dynamic_clients
  220. # Loading module "dynamic_clients" from file /etc/freeradius/mods-enabled/dynamic_clients
  221. # Loaded module rlm_unpack
  222. # Loading module "unpack" from file /etc/freeradius/mods-enabled/unpack
  223. # Loaded module rlm_preprocess
  224. # Loading module "preprocess" from file /etc/freeradius/mods-enabled/preprocess
  225. preprocess {
  226. huntgroups = "/etc/freeradius/mods-config/preprocess/huntgroups"
  227. hints = "/etc/freeradius/mods-config/preprocess/hints"
  228. with_ascend_hack = no
  229. ascend_channels_per_line = 23
  230. with_ntdomain_hack = no
  231. with_specialix_jetstream_hack = no
  232. with_cisco_vsa_hack = no
  233. with_alvarion_vsa_hack = no
  234. }
  235. # Loaded module rlm_exec
  236. # Loading module "exec" from file /etc/freeradius/mods-enabled/exec
  237. exec {
  238. wait = no
  239. input_pairs = "request"
  240. shell_escape = yes
  241. timeout = 10
  242. }
  243. # Loaded module rlm_expr
  244. # Loading module "expr" from file /etc/freeradius/mods-enabled/expr
  245. expr {
  246. safe_characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /äéöüàâæçèéêëîïôœùûüaÿÄÉÖÜßÀÂÆÇÈÉÊËÎÏÔŒÙÛÜŸ"
  247. }
  248. # Loading module "ntlm_auth" from file /etc/freeradius/mods-enabled/ntlm_auth
  249. exec ntlm_auth {
  250. wait = yes
  251. program = "/path/to/ntlm_auth --request-nt-key --domain=MYDOMAIN --username=%{mschap:User-Name} --password=%{User-Password}"
  252. shell_escape = yes
  253. }
  254. # Loaded module rlm_digest
  255. # Loading module "digest" from file /etc/freeradius/mods-enabled/digest
  256. # Loaded module rlm_realm
  257. # Loading module "IPASS" from file /etc/freeradius/mods-enabled/realm
  258. realm IPASS {
  259. format = "prefix"
  260. delimiter = "/"
  261. ignore_default = no
  262. ignore_null = no
  263. }
  264. # Loading module "suffix" from file /etc/freeradius/mods-enabled/realm
  265. realm suffix {
  266. format = "suffix"
  267. delimiter = "@"
  268. ignore_default = no
  269. ignore_null = no
  270. }
  271. # Loading module "realmpercent" from file /etc/freeradius/mods-enabled/realm
  272. realm realmpercent {
  273. format = "suffix"
  274. delimiter = "%"
  275. ignore_default = no
  276. ignore_null = no
  277. }
  278. # Loading module "ntdomain" from file /etc/freeradius/mods-enabled/realm
  279. realm ntdomain {
  280. format = "prefix"
  281. delimiter = "\\"
  282. ignore_default = no
  283. ignore_null = no
  284. }
  285. # Loaded module rlm_detail
  286. # Loading module "detail" from file /etc/freeradius/mods-enabled/detail
  287. detail {
  288. filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d"
  289. header = "%t"
  290. permissions = 384
  291. locking = no
  292. escape_filenames = no
  293. log_packet_header = no
  294. }
  295. # Loaded module rlm_logintime
  296. # Loading module "logintime" from file /etc/freeradius/mods-enabled/logintime
  297. logintime {
  298. minimum_timeout = 60
  299. }
  300. # Loaded module rlm_utf8
  301. # Loading module "utf8" from file /etc/freeradius/mods-enabled/utf8
  302. # Loaded module rlm_files
  303. # Loading module "files" from file /etc/freeradius/mods-enabled/files
  304. files {
  305. filename = "/etc/freeradius/mods-config/files/authorize"
  306. acctusersfile = "/etc/freeradius/mods-config/files/accounting"
  307. preproxy_usersfile = "/etc/freeradius/mods-config/files/pre-proxy"
  308. }
  309. # Loaded module rlm_always
  310. # Loading module "reject" from file /etc/freeradius/mods-enabled/always
  311. always reject {
  312. rcode = "reject"
  313. simulcount = 0
  314. mpp = no
  315. }
  316. # Loading module "fail" from file /etc/freeradius/mods-enabled/always
  317. always fail {
  318. rcode = "fail"
  319. simulcount = 0
  320. mpp = no
  321. }
  322. # Loading module "ok" from file /etc/freeradius/mods-enabled/always
  323. always ok {
  324. rcode = "ok"
  325. simulcount = 0
  326. mpp = no
  327. }
  328. # Loading module "handled" from file /etc/freeradius/mods-enabled/always
  329. always handled {
  330. rcode = "handled"
  331. simulcount = 0
  332. mpp = no
  333. }
  334. # Loading module "invalid" from file /etc/freeradius/mods-enabled/always
  335. always invalid {
  336. rcode = "invalid"
  337. simulcount = 0
  338. mpp = no
  339. }
  340. # Loading module "userlock" from file /etc/freeradius/mods-enabled/always
  341. always userlock {
  342. rcode = "userlock"
  343. simulcount = 0
  344. mpp = no
  345. }
  346. # Loading module "notfound" from file /etc/freeradius/mods-enabled/always
  347. always notfound {
  348. rcode = "notfound"
  349. simulcount = 0
  350. mpp = no
  351. }
  352. # Loading module "noop" from file /etc/freeradius/mods-enabled/always
  353. always noop {
  354. rcode = "noop"
  355. simulcount = 0
  356. mpp = no
  357. }
  358. # Loading module "updated" from file /etc/freeradius/mods-enabled/always
  359. always updated {
  360. rcode = "updated"
  361. simulcount = 0
  362. mpp = no
  363. }
  364. # Loaded module rlm_unix
  365. # Loading module "unix" from file /etc/freeradius/mods-enabled/unix
  366. unix {
  367. radwtmp = "/var/log/freeradius/radwtmp"
  368. }
  369. Creating attribute Unix-Group
  370. # Loaded module rlm_date
  371. # Loading module "date" from file /etc/freeradius/mods-enabled/date
  372. date {
  373. format = "%b %e %Y %H:%M:%S %Z"
  374. }
  375. # Loaded module rlm_expiration
  376. # Loading module "expiration" from file /etc/freeradius/mods-enabled/expiration
  377. # Loaded module rlm_passwd
  378. # Loading module "etc_passwd" from file /etc/freeradius/mods-enabled/passwd
  379. passwd etc_passwd {
  380. filename = "/etc/passwd"
  381. format = "*User-Name:Crypt-Password:"
  382. delimiter = ":"
  383. ignore_nislike = no
  384. ignore_empty = yes
  385. allow_multiple_keys = no
  386. hash_size = 100
  387. }
  388. # Loaded module rlm_attr_filter
  389. # Loading module "attr_filter.post-proxy" from file /etc/freeradius/mods-enabled/attr_filter
  390. attr_filter attr_filter.post-proxy {
  391. filename = "/etc/freeradius/mods-config/attr_filter/post-proxy"
  392. key = "%{Realm}"
  393. relaxed = no
  394. }
  395. # Loading module "attr_filter.pre-proxy" from file /etc/freeradius/mods-enabled/attr_filter
  396. attr_filter attr_filter.pre-proxy {
  397. filename = "/etc/freeradius/mods-config/attr_filter/pre-proxy"
  398. key = "%{Realm}"
  399. relaxed = no
  400. }
  401. # Loading module "attr_filter.access_reject" from file /etc/freeradius/mods-enabled/attr_filter
  402. attr_filter attr_filter.access_reject {
  403. filename = "/etc/freeradius/mods-config/attr_filter/access_reject"
  404. key = "%{User-Name}"
  405. relaxed = no
  406. }
  407. # Loading module "attr_filter.access_challenge" from file /etc/freeradius/mods-enabled/attr_filter
  408. attr_filter attr_filter.access_challenge {
  409. filename = "/etc/freeradius/mods-config/attr_filter/access_challenge"
  410. key = "%{User-Name}"
  411. relaxed = no
  412. }
  413. # Loading module "attr_filter.accounting_response" from file /etc/freeradius/mods-enabled/attr_filter
  414. attr_filter attr_filter.accounting_response {
  415. filename = "/etc/freeradius/mods-config/attr_filter/accounting_response"
  416. key = "%{User-Name}"
  417. relaxed = no
  418. }
  419. # Loaded module rlm_chap
  420. # Loading module "chap" from file /etc/freeradius/mods-enabled/chap
  421. # Loaded module rlm_radutmp
  422. # Loading module "sradutmp" from file /etc/freeradius/mods-enabled/sradutmp
  423. radutmp sradutmp {
  424. filename = "/var/log/freeradius/sradutmp"
  425. username = "%{User-Name}"
  426. case_sensitive = yes
  427. check_with_nas = yes
  428. permissions = 420
  429. caller_id = no
  430. }
  431. # Loaded module rlm_eap
  432. # Loading module "eap" from file /etc/freeradius/mods-enabled/eap
  433. eap {
  434. default_eap_type = "md5"
  435. timer_expire = 60
  436. ignore_unknown_eap_types = no
  437. cisco_accounting_username_bug = no
  438. max_sessions = 16384
  439. }
  440. # Loaded module rlm_cache
  441. # Loading module "cache_eap" from file /etc/freeradius/mods-enabled/cache_eap
  442. cache cache_eap {
  443. driver = "rlm_cache_rbtree"
  444. key = "%{%{control:State}:-%{%{reply:State}:-%{State}}}"
  445. ttl = 15
  446. max_entries = 0
  447. epoch = 0
  448. add_stats = no
  449. }
  450. # Loading module "auth_log" from file /etc/freeradius/mods-enabled/detail.log
  451. detail auth_log {
  452. filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d"
  453. header = "%t"
  454. permissions = 384
  455. locking = no
  456. escape_filenames = no
  457. log_packet_header = no
  458. }
  459. # Loading module "reply_log" from file /etc/freeradius/mods-enabled/detail.log
  460. detail reply_log {
  461. filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/reply-detail-%Y%m%d"
  462. header = "%t"
  463. permissions = 384
  464. locking = no
  465. escape_filenames = no
  466. log_packet_header = no
  467. }
  468. # Loading module "pre_proxy_log" from file /etc/freeradius/mods-enabled/detail.log
  469. detail pre_proxy_log {
  470. filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/pre-proxy-detail-%Y%m%d"
  471. header = "%t"
  472. permissions = 384
  473. locking = no
  474. escape_filenames = no
  475. log_packet_header = no
  476. }
  477. # Loading module "post_proxy_log" from file /etc/freeradius/mods-enabled/detail.log
  478. detail post_proxy_log {
  479. filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/post-proxy-detail-%Y%m%d"
  480. header = "%t"
  481. permissions = 384
  482. locking = no
  483. escape_filenames = no
  484. log_packet_header = no
  485. }
  486. # Loading module "radutmp" from file /etc/freeradius/mods-enabled/radutmp
  487. radutmp {
  488. filename = "/var/log/freeradius/radutmp"
  489. username = "%{User-Name}"
  490. case_sensitive = yes
  491. check_with_nas = yes
  492. permissions = 384
  493. caller_id = yes
  494. }
  495. # Loading module "echo" from file /etc/freeradius/mods-enabled/echo
  496. exec echo {
  497. wait = yes
  498. program = "/bin/echo %{User-Name}"
  499. input_pairs = "request"
  500. output_pairs = "reply"
  501. shell_escape = yes
  502. }
  503. # Loaded module rlm_linelog
  504. # Loading module "linelog" from file /etc/freeradius/mods-enabled/linelog
  505. linelog {
  506. filename = "/var/log/freeradius/linelog"
  507. escape_filenames = no
  508. syslog_severity = "info"
  509. permissions = 384
  510. format = "This is a log message for %{User-Name}"
  511. reference = "messages.%{%{reply:Packet-Type}:-default}"
  512. }
  513. # Loading module "log_accounting" from file /etc/freeradius/mods-enabled/linelog
  514. linelog log_accounting {
  515. filename = "/var/log/freeradius/linelog-accounting"
  516. escape_filenames = no
  517. syslog_severity = "info"
  518. permissions = 384
  519. format = ""
  520. reference = "Accounting-Request.%{%{Acct-Status-Type}:-unknown}"
  521. }
  522. instantiate {
  523. }
  524. # Instantiating module "pap" from file /etc/freeradius/mods-enabled/pap
  525. # Instantiating module "mschap" from file /etc/freeradius/mods-enabled/mschap
  526. rlm_mschap (mschap): using internal authentication
  527. # Instantiating module "preprocess" from file /etc/freeradius/mods-enabled/preprocess
  528. reading pairlist file /etc/freeradius/mods-config/preprocess/huntgroups
  529. reading pairlist file /etc/freeradius/mods-config/preprocess/hints
  530. # Instantiating module "IPASS" from file /etc/freeradius/mods-enabled/realm
  531. # Instantiating module "suffix" from file /etc/freeradius/mods-enabled/realm
  532. # Instantiating module "realmpercent" from file /etc/freeradius/mods-enabled/realm
  533. # Instantiating module "ntdomain" from file /etc/freeradius/mods-enabled/realm
  534. # Instantiating module "detail" from file /etc/freeradius/mods-enabled/detail
  535. # Instantiating module "logintime" from file /etc/freeradius/mods-enabled/logintime
  536. # Instantiating module "files" from file /etc/freeradius/mods-enabled/files
  537. reading pairlist file /etc/freeradius/mods-config/files/authorize
  538. reading pairlist file /etc/freeradius/mods-config/files/accounting
  539. reading pairlist file /etc/freeradius/mods-config/files/pre-proxy
  540. # Instantiating module "reject" from file /etc/freeradius/mods-enabled/always
  541. # Instantiating module "fail" from file /etc/freeradius/mods-enabled/always
  542. # Instantiating module "ok" from file /etc/freeradius/mods-enabled/always
  543. # Instantiating module "handled" from file /etc/freeradius/mods-enabled/always
  544. # Instantiating module "invalid" from file /etc/freeradius/mods-enabled/always
  545. # Instantiating module "userlock" from file /etc/freeradius/mods-enabled/always
  546. # Instantiating module "notfound" from file /etc/freeradius/mods-enabled/always
  547. # Instantiating module "noop" from file /etc/freeradius/mods-enabled/always
  548. # Instantiating module "updated" from file /etc/freeradius/mods-enabled/always
  549. # Instantiating module "expiration" from file /etc/freeradius/mods-enabled/expiration
  550. # Instantiating module "etc_passwd" from file /etc/freeradius/mods-enabled/passwd
  551. rlm_passwd: nfields: 3 keyfield 0(User-Name) listable: no
  552. # Instantiating module "attr_filter.post-proxy" from file /etc/freeradius/mods-enabled/attr_filter
  553. reading pairlist file /etc/freeradius/mods-config/attr_filter/post-proxy
  554. # Instantiating module "attr_filter.pre-proxy" from file /etc/freeradius/mods-enabled/attr_filter
  555. reading pairlist file /etc/freeradius/mods-config/attr_filter/pre-proxy
  556. # Instantiating module "attr_filter.access_reject" from file /etc/freeradius/mods-enabled/attr_filter
  557. reading pairlist file /etc/freeradius/mods-config/attr_filter/access_reject
  558. [/etc/freeradius/mods-config/attr_filter/access_reject]:11 Check item "FreeRADIUS-Response-Delay" found in filter list for realm "DEFAULT".
  559. [/etc/freeradius/mods-config/attr_filter/access_reject]:11 Check item "FreeRADIUS-Response-Delay-USec" found in filter list for realm "DEFAULT".
  560. # Instantiating module "attr_filter.access_challenge" from file /etc/freeradius/mods-enabled/attr_filter
  561. reading pairlist file /etc/freeradius/mods-config/attr_filter/access_challenge
  562. # Instantiating module "attr_filter.accounting_response" from file /etc/freeradius/mods-enabled/attr_filter
  563. reading pairlist file /etc/freeradius/mods-config/attr_filter/accounting_response
  564. # Instantiating module "eap" from file /etc/freeradius/mods-enabled/eap
  565. # Linked to sub-module rlm_eap_md5
  566. # Linked to sub-module rlm_eap_leap
  567. # Linked to sub-module rlm_eap_gtc
  568. gtc {
  569. challenge = "Password: "
  570. auth_type = "PAP"
  571. }
  572. # Linked to sub-module rlm_eap_tls
  573. tls {
  574. tls = "tls-common"
  575. }
  576. tls-config tls-common {
  577. verify_depth = 0
  578. ca_path = "/etc/freeradius/certs"
  579. pem_file_type = yes
  580. private_key_file = "/etc/freeradius/certs/server.pem"
  581. certificate_file = "/etc/freeradius/certs/server.pem"
  582. ca_file = "/etc/freeradius/certs/ca.pem"
  583. private_key_password = <<< secret >>>
  584. dh_file = "/etc/freeradius/certs/dh"
  585. fragment_size = 1024
  586. include_length = yes
  587. auto_chain = yes
  588. check_crl = no
  589. check_all_crl = no
  590. cipher_list = "DEFAULT"
  591. ecdh_curve = "prime256v1"
  592. cache {
  593. enable = yes
  594. lifetime = 24
  595. max_entries = 255
  596. }
  597. verify {
  598. skip_if_ocsp_ok = no
  599. }
  600. ocsp {
  601. enable = no
  602. override_cert_url = yes
  603. url = "http://127.0.0.1/ocsp/"
  604. use_nonce = yes
  605. timeout = 0
  606. softfail = no
  607. }
  608. }
  609. # Linked to sub-module rlm_eap_ttls
  610. ttls {
  611. tls = "tls-common"
  612. default_eap_type = "md5"
  613. copy_request_to_tunnel = no
  614. use_tunneled_reply = no
  615. virtual_server = "inner-tunnel"
  616. include_length = yes
  617. require_client_cert = no
  618. }
  619. tls: Using cached TLS configuration from previous invocation
  620. # Linked to sub-module rlm_eap_peap
  621. peap {
  622. tls = "tls-common"
  623. default_eap_type = "mschapv2"
  624. copy_request_to_tunnel = no
  625. use_tunneled_reply = no
  626. proxy_tunneled_request_as_eap = yes
  627. virtual_server = "inner-tunnel"
  628. soh = no
  629. require_client_cert = no
  630. }
  631. tls: Using cached TLS configuration from previous invocation
  632. # Linked to sub-module rlm_eap_mschapv2
  633. mschapv2 {
  634. with_ntdomain_hack = no
  635. send_error = no
  636. }
  637. # Instantiating module "cache_eap" from file /etc/freeradius/mods-enabled/cache_eap
  638. rlm_cache (cache_eap): Driver rlm_cache_rbtree (module rlm_cache_rbtree) loaded and linked
  639. # Instantiating module "auth_log" from file /etc/freeradius/mods-enabled/detail.log
  640. rlm_detail (auth_log): 'User-Password' suppressed, will not appear in detail output
  641. # Instantiating module "reply_log" from file /etc/freeradius/mods-enabled/detail.log
  642. # Instantiating module "pre_proxy_log" from file /etc/freeradius/mods-enabled/detail.log
  643. # Instantiating module "post_proxy_log" from file /etc/freeradius/mods-enabled/detail.log
  644. # Instantiating module "linelog" from file /etc/freeradius/mods-enabled/linelog
  645. # Instantiating module "log_accounting" from file /etc/freeradius/mods-enabled/linelog
  646. } # modules
  647. radiusd: #### Loading Virtual Servers ####
  648. server { # from file /etc/freeradius/radiusd.conf
  649. } # server
  650. server inner-tunnel { # from file /etc/freeradius/sites-enabled/inner-tunnel
  651. # Loading authenticate {...}
  652. # Loading authorize {...}
  653. Ignoring "sql" (see raddb/mods-available/README.rst)
  654. Ignoring "ldap" (see raddb/mods-available/README.rst)
  655. # Loading session {...}
  656. # Loading post-proxy {...}
  657. # Loading post-auth {...}
  658. } # server inner-tunnel
  659. server default { # from file /etc/freeradius/sites-enabled/default
  660. # Loading authenticate {...}
  661. # Loading authorize {...}
  662. # Loading preacct {...}
  663. # Loading accounting {...}
  664. # Loading post-proxy {...}
  665. # Loading post-auth {...}
  666. } # server default
  667. radiusd: #### Opening IP addresses and Ports ####
  668. listen {
  669. type = "auth"
  670. ipaddr = 127.0.0.1
  671. port = 18120
  672. }
  673. listen {
  674. type = "auth"
  675. ipaddr = *
  676. port = 0
  677. limit {
  678. max_connections = 16
  679. lifetime = 0
  680. idle_timeout = 30
  681. }
  682. }
  683. listen {
  684. type = "acct"
  685. ipaddr = *
  686. port = 0
  687. limit {
  688. max_connections = 16
  689. lifetime = 0
  690. idle_timeout = 30
  691. }
  692. }
  693. listen {
  694. type = "auth"
  695. ipv6addr = ::
  696. port = 0
  697. limit {
  698. max_connections = 16
  699. lifetime = 0
  700. idle_timeout = 30
  701. }
  702. }
  703. listen {
  704. type = "acct"
  705. ipv6addr = ::
  706. port = 0
  707. limit {
  708. max_connections = 16
  709. lifetime = 0
  710. idle_timeout = 30
  711. }
  712. }
  713. Listening on auth address 127.0.0.1 port 18120 bound to server inner-tunnel
  714. Listening on auth address * port 1812 bound to server default
  715. Listening on acct address * port 1813 bound to server default
  716. Listening on auth address :: port 1812 bound to server default
  717. Listening on acct address :: port 1813 bound to server default
  718. Listening on proxy address * port 44819
  719. Listening on proxy address :: port 45500
  720. Ready to process requests
  721. (0) Received Access-Request Id 162 from 127.0.0.1:36131 to 127.0.0.1:1812 length 76
  722. (0) User-Name = "ndavis"
  723. (0) User-Password = "testing"
  724. (0) NAS-IP-Address = 10.0.0.15
  725. (0) NAS-Port = 0
  726. (0) Message-Authenticator = 0x8c95aaf84e1ebd0d1b9e20306d19457f
  727. (0) # Executing section authorize from file /etc/freeradius/sites-enabled/default
  728. (0) authorize {
  729. (0) policy filter_username {
  730. (0) if (&User-Name) {
  731. (0) if (&User-Name) -> TRUE
  732. (0) if (&User-Name) {
  733. (0) if (&User-Name =~ / /) {
  734. (0) if (&User-Name =~ / /) -> FALSE
  735. (0) if (&User-Name =~ /@[^@]*@/ ) {
  736. (0) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
  737. (0) if (&User-Name =~ /\.\./ ) {
  738. (0) if (&User-Name =~ /\.\./ ) -> FALSE
  739. (0) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
  740. (0) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
  741. (0) if (&User-Name =~ /\.$/) {
  742. (0) if (&User-Name =~ /\.$/) -> FALSE
  743. (0) if (&User-Name =~ /@\./) {
  744. (0) if (&User-Name =~ /@\./) -> FALSE
  745. (0) } # if (&User-Name) = notfound
  746. (0) } # policy filter_username = notfound
  747. (0) [preprocess] = ok
  748. (0) [chap] = noop
  749. (0) [mschap] = noop
  750. (0) [digest] = noop
  751. (0) suffix: Checking for suffix after "@"
  752. (0) suffix: No '@' in User-Name = "ndavis", looking up realm NULL
  753. (0) suffix: No such realm "NULL"
  754. (0) [suffix] = noop
  755. (0) eap: No EAP-Message, not doing EAP
  756. (0) [eap] = noop
  757. (0) [files] = noop
  758. (0) [expiration] = noop
  759. (0) [logintime] = noop
  760. (0) pap: WARNING: No "known good" password found for the user. Not setting Auth-Type
  761. (0) pap: WARNING: Authentication will fail unless a "known good" password is available
  762. (0) [pap] = noop
  763. (0) } # authorize = ok
  764. (0) ERROR: No Auth-Type found: rejecting the user via Post-Auth-Type = Reject
  765. (0) Failed to authenticate the user
  766. (0) Using Post-Auth-Type Reject
  767. (0) # Executing group from file /etc/freeradius/sites-enabled/default
  768. (0) Post-Auth-Type REJECT {
  769. (0) attr_filter.access_reject: EXPAND %{User-Name}
  770. (0) attr_filter.access_reject: --> ndavis
  771. (0) attr_filter.access_reject: Matched entry DEFAULT at line 11
  772. (0) [attr_filter.access_reject] = updated
  773. (0) [eap] = noop
  774. (0) policy remove_reply_message_if_eap {
  775. (0) if (&reply:EAP-Message && &reply:Reply-Message) {
  776. (0) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
  777. (0) else {
  778. (0) [noop] = noop
  779. (0) } # else = noop
  780. (0) } # policy remove_reply_message_if_eap = noop
  781. (0) } # Post-Auth-Type REJECT = updated
  782. (0) Delaying response for 1.000000 seconds
  783. Waking up in 0.3 seconds.
  784. Waking up in 0.6 seconds.
  785. (0) Sending delayed response
  786. (0) Sent Access-Reject Id 162 from 127.0.0.1:1812 to 127.0.0.1:36131 length 20
  787. Waking up in 3.9 seconds.
  788. (0) Cleaning up request packet ID 162 with timestamp +2
  789. Ready to process requests
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!