API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jul 19th, 2017
233
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 38.45 KB | None | 0 0
raw download clone embed print report
  1. FreeRADIUS Version 3.0.15
  2. Copyright (C) 1999-2017 The FreeRADIUS server project and contributors
  3. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
  4. PARTICULAR PURPOSE
  5. You may redistribute copies of FreeRADIUS under the terms of the
  6. GNU General Public License
  7. For more information about these matters, see the file named COPYRIGHT
  8. Starting - reading configuration files ...
  9. including dictionary file /usr/local/share/freeradius/dictionary
  10. including dictionary file /usr/local/share/freeradius/dictionary.dhcp
  11. including dictionary file /usr/local/share/freeradius/dictionary.vqp
  12. including dictionary file /usr/local/etc/raddb/dictionary
  13. including configuration file /usr/local/etc/raddb/radiusd.conf
  14. including configuration file /usr/local/etc/raddb/proxy.conf
  15. including configuration file /usr/local/etc/raddb/clients.conf
  16. including files in directory /usr/local/etc/raddb/mods-enabled/
  17. including configuration file /usr/local/etc/raddb/mods-enabled/passwd
  18. including configuration file /usr/local/etc/raddb/mods-enabled/detail
  19. including configuration file /usr/local/etc/raddb/mods-enabled/sradutmp
  20. including configuration file /usr/local/etc/raddb/mods-enabled/cache_eap
  21. including configuration file /usr/local/etc/raddb/mods-enabled/expr
  22. including configuration file /usr/local/etc/raddb/mods-enabled/logintime
  23. including configuration file /usr/local/etc/raddb/mods-enabled/radutmp
  24. including configuration file /usr/local/etc/raddb/mods-enabled/detail.log
  25. including configuration file /usr/local/etc/raddb/mods-enabled/unpack
  26. including configuration file /usr/local/etc/raddb/mods-enabled/realm
  27. including configuration file /usr/local/etc/raddb/mods-enabled/expiration
  28. including configuration file /usr/local/etc/raddb/mods-enabled/echo
  29. including configuration file /usr/local/etc/raddb/mods-enabled/pap
  30. including configuration file /usr/local/etc/raddb/mods-enabled/dynamic_clients
  31. including configuration file /usr/local/etc/raddb/mods-enabled/digest
  32. including configuration file /usr/local/etc/raddb/mods-enabled/files
  33. including configuration file /usr/local/etc/raddb/mods-enabled/chap
  34. including configuration file /usr/local/etc/raddb/mods-enabled/utf8
  35. including configuration file /usr/local/etc/raddb/mods-enabled/soh
  36. including configuration file /usr/local/etc/raddb/mods-enabled/linelog
  37. including configuration file /usr/local/etc/raddb/mods-enabled/dhcp
  38. including configuration file /usr/local/etc/raddb/mods-enabled/eap
  39. including configuration file /usr/local/etc/raddb/mods-enabled/unix
  40. including configuration file /usr/local/etc/raddb/mods-enabled/ntlm_auth
  41. including configuration file /usr/local/etc/raddb/mods-enabled/attr_filter
  42. including configuration file /usr/local/etc/raddb/mods-enabled/replicate
  43. including configuration file /usr/local/etc/raddb/mods-enabled/preprocess
  44. including configuration file /usr/local/etc/raddb/mods-enabled/mschap
  45. including configuration file /usr/local/etc/raddb/mods-enabled/exec
  46. including configuration file /usr/local/etc/raddb/mods-enabled/always
  47. including configuration file /usr/local/etc/raddb/mods-enabled/date
  48. including files in directory /usr/local/etc/raddb/policy.d/
  49. including configuration file /usr/local/etc/raddb/policy.d/control
  50. including configuration file /usr/local/etc/raddb/policy.d/moonshot-targeted-ids
  51. including configuration file /usr/local/etc/raddb/policy.d/filter
  52. including configuration file /usr/local/etc/raddb/policy.d/cui
  53. including configuration file /usr/local/etc/raddb/policy.d/abfab-tr
  54. including configuration file /usr/local/etc/raddb/policy.d/canonicalization
  55. including configuration file /usr/local/etc/raddb/policy.d/debug
  56. including configuration file /usr/local/etc/raddb/policy.d/dhcp
  57. including configuration file /usr/local/etc/raddb/policy.d/accounting
  58. including configuration file /usr/local/etc/raddb/policy.d/eap
  59. including configuration file /usr/local/etc/raddb/policy.d/operator-name
  60. including files in directory /usr/local/etc/raddb/sites-enabled/
  61. including configuration file /usr/local/etc/raddb/sites-enabled/inner-tunnel
  62. including configuration file /usr/local/etc/raddb/sites-enabled/default
  63. main {
  64. security {
  65. allow_core_dumps = no
  66. }
  67. name = "radiusd"
  68. prefix = "/usr/local"
  69. localstatedir = "/usr/local/var"
  70. logdir = "/usr/local/var/log/radius"
  71. run_dir = "/usr/local/var/run/radiusd"
  72. }
  73. main {
  74. name = "radiusd"
  75. prefix = "/usr/local"
  76. localstatedir = "/usr/local/var"
  77. sbindir = "/usr/local/sbin"
  78. logdir = "/usr/local/var/log/radius"
  79. run_dir = "/usr/local/var/run/radiusd"
  80. libdir = "/usr/local/lib"
  81. radacctdir = "/usr/local/var/log/radius/radacct"
  82. hostname_lookups = no
  83. max_request_time = 30
  84. cleanup_delay = 5
  85. max_requests = 16384
  86. pidfile = "/usr/local/var/run/radiusd/radiusd.pid"
  87. checkrad = "/usr/local/sbin/checkrad"
  88. debug_level = 0
  89. proxy_requests = yes
  90. log {
  91. stripped_names = no
  92. auth = no
  93. auth_badpass = no
  94. auth_goodpass = no
  95. colourise = yes
  96. msg_denied = "You are already logged in - access denied"
  97. }
  98. resources {
  99. }
  100. security {
  101. max_attributes = 200
  102. reject_delay = 1.000000
  103. status_server = yes
  104. allow_vulnerable_openssl = "CVE-2016-6304"
  105. }
  106. }
  107. radiusd: #### Loading Realms and Home Servers ####
  108. proxy server {
  109. retry_delay = 5
  110. retry_count = 3
  111. default_fallback = no
  112. dead_time = 120
  113. wake_all_if_all_dead = no
  114. }
  115. home_server localhost {
  116. ipaddr = 127.0.0.1
  117. port = 1812
  118. type = "auth"
  119. secret = <<< secret >>>
  120. response_window = 20.000000
  121. response_timeouts = 1
  122. max_outstanding = 65536
  123. zombie_period = 40
  124. status_check = "status-server"
  125. ping_interval = 30
  126. check_interval = 30
  127. check_timeout = 4
  128. num_answers_to_alive = 3
  129. revive_interval = 120
  130. limit {
  131. max_connections = 16
  132. max_requests = 0
  133. lifetime = 0
  134. idle_timeout = 0
  135. }
  136. coa {
  137. irt = 2
  138. mrt = 16
  139. mrc = 5
  140. mrd = 30
  141. }
  142. }
  143. home_server_pool my_auth_failover {
  144. type = fail-over
  145. home_server = localhost
  146. }
  147. realm example.com {
  148. auth_pool = my_auth_failover
  149. }
  150. realm LOCAL {
  151. }
  152. radiusd: #### Loading Clients ####
  153. client localhost {
  154. ipaddr = 127.0.0.1
  155. require_message_authenticator = no
  156. secret = <<< secret >>>
  157. nas_type = "other"
  158. proto = "*"
  159. limit {
  160. max_connections = 16
  161. lifetime = 0
  162. idle_timeout = 30
  163. }
  164. }
  165. client localhost_ipv6 {
  166. ipv6addr = ::1
  167. require_message_authenticator = no
  168. secret = <<< secret >>>
  169. limit {
  170. max_connections = 16
  171. lifetime = 0
  172. idle_timeout = 30
  173. }
  174. }
  175. client meraki-ap {
  176. ipaddr = 10.182.11.108
  177. require_message_authenticator = no
  178. secret = <<< secret >>>
  179. shortname = "meraki-cisco-MR33"
  180. nas_type = "other"
  181. limit {
  182. max_connections = 16
  183. lifetime = 0
  184. idle_timeout = 30
  185. }
  186. }
  187. Debugger not attached
  188. # Creating Auth-Type = mschap
  189. # Creating Auth-Type = eap
  190. # Creating Auth-Type = PAP
  191. # Creating Auth-Type = CHAP
  192. # Creating Auth-Type = MS-CHAP
  193. # Creating Auth-Type = digest
  194. radiusd: #### Instantiating modules ####
  195. modules {
  196. # Loaded module rlm_passwd
  197. # Loading module "etc_passwd" from file /usr/local/etc/raddb/mods-enabled/passwd
  198. passwd etc_passwd {
  199. filename = "/etc/passwd"
  200. format = "*User-Name:Crypt-Password:"
  201. delimiter = ":"
  202. ignore_nislike = no
  203. ignore_empty = yes
  204. allow_multiple_keys = no
  205. hash_size = 100
  206. }
  207. # Loaded module rlm_detail
  208. # Loading module "detail" from file /usr/local/etc/raddb/mods-enabled/detail
  209. detail {
  210. filename = "/usr/local/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d"
  211. header = "%t"
  212. permissions = 384
  213. locking = no
  214. escape_filenames = no
  215. log_packet_header = no
  216. }
  217. # Loaded module rlm_radutmp
  218. # Loading module "sradutmp" from file /usr/local/etc/raddb/mods-enabled/sradutmp
  219. radutmp sradutmp {
  220. filename = "/usr/local/var/log/radius/sradutmp"
  221. username = "%{User-Name}"
  222. case_sensitive = yes
  223. check_with_nas = yes
  224. permissions = 420
  225. caller_id = no
  226. }
  227. # Loaded module rlm_cache
  228. # Loading module "cache_eap" from file /usr/local/etc/raddb/mods-enabled/cache_eap
  229. cache cache_eap {
  230. driver = "rlm_cache_rbtree"
  231. key = "%{%{control:State}:-%{%{reply:State}:-%{State}}}"
  232. ttl = 15
  233. max_entries = 0
  234. epoch = 0
  235. add_stats = no
  236. }
  237. # Loaded module rlm_expr
  238. # Loading module "expr" from file /usr/local/etc/raddb/mods-enabled/expr
  239. expr {
  240. safe_characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /äéöüàâæçèéêëîïôœùûüaÿÄÉÖÜßÀÂÆÇÈÉÊËÎÏÔŒÙÛÜŸ"
  241. }
  242. # Loaded module rlm_logintime
  243. # Loading module "logintime" from file /usr/local/etc/raddb/mods-enabled/logintime
  244. logintime {
  245. minimum_timeout = 60
  246. }
  247. # Loading module "radutmp" from file /usr/local/etc/raddb/mods-enabled/radutmp
  248. radutmp {
  249. filename = "/usr/local/var/log/radius/radutmp"
  250. username = "%{User-Name}"
  251. case_sensitive = yes
  252. check_with_nas = yes
  253. permissions = 384
  254. caller_id = yes
  255. }
  256. # Loading module "auth_log" from file /usr/local/etc/raddb/mods-enabled/detail.log
  257. detail auth_log {
  258. filename = "/usr/local/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d"
  259. header = "%t"
  260. permissions = 384
  261. locking = no
  262. escape_filenames = no
  263. log_packet_header = no
  264. }
  265. # Loading module "reply_log" from file /usr/local/etc/raddb/mods-enabled/detail.log
  266. detail reply_log {
  267. filename = "/usr/local/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/reply-detail-%Y%m%d"
  268. header = "%t"
  269. permissions = 384
  270. locking = no
  271. escape_filenames = no
  272. log_packet_header = no
  273. }
  274. # Loading module "pre_proxy_log" from file /usr/local/etc/raddb/mods-enabled/detail.log
  275. detail pre_proxy_log {
  276. filename = "/usr/local/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/pre-proxy-detail-%Y%m%d"
  277. header = "%t"
  278. permissions = 384
  279. locking = no
  280. escape_filenames = no
  281. log_packet_header = no
  282. }
  283. # Loading module "post_proxy_log" from file /usr/local/etc/raddb/mods-enabled/detail.log
  284. detail post_proxy_log {
  285. filename = "/usr/local/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/post-proxy-detail-%Y%m%d"
  286. header = "%t"
  287. permissions = 384
  288. locking = no
  289. escape_filenames = no
  290. log_packet_header = no
  291. }
  292. # Loaded module rlm_unpack
  293. # Loading module "unpack" from file /usr/local/etc/raddb/mods-enabled/unpack
  294. # Loaded module rlm_realm
  295. # Loading module "IPASS" from file /usr/local/etc/raddb/mods-enabled/realm
  296. realm IPASS {
  297. format = "prefix"
  298. delimiter = "/"
  299. ignore_default = no
  300. ignore_null = no
  301. }
  302. # Loading module "suffix" from file /usr/local/etc/raddb/mods-enabled/realm
  303. realm suffix {
  304. format = "suffix"
  305. delimiter = "@"
  306. ignore_default = no
  307. ignore_null = no
  308. }
  309. # Loading module "realmpercent" from file /usr/local/etc/raddb/mods-enabled/realm
  310. realm realmpercent {
  311. format = "suffix"
  312. delimiter = "%"
  313. ignore_default = no
  314. ignore_null = no
  315. }
  316. # Loading module "ntdomain" from file /usr/local/etc/raddb/mods-enabled/realm
  317. realm ntdomain {
  318. format = "prefix"
  319. delimiter = "\\"
  320. ignore_default = no
  321. ignore_null = no
  322. }
  323. # Loaded module rlm_expiration
  324. # Loading module "expiration" from file /usr/local/etc/raddb/mods-enabled/expiration
  325. # Loaded module rlm_exec
  326. # Loading module "echo" from file /usr/local/etc/raddb/mods-enabled/echo
  327. exec echo {
  328. wait = yes
  329. program = "/bin/echo %{User-Name}"
  330. input_pairs = "request"
  331. output_pairs = "reply"
  332. shell_escape = yes
  333. }
  334. # Loaded module rlm_pap
  335. # Loading module "pap" from file /usr/local/etc/raddb/mods-enabled/pap
  336. pap {
  337. normalise = yes
  338. }
  339. # Loaded module rlm_dynamic_clients
  340. # Loading module "dynamic_clients" from file /usr/local/etc/raddb/mods-enabled/dynamic_clients
  341. # Loaded module rlm_digest
  342. # Loading module "digest" from file /usr/local/etc/raddb/mods-enabled/digest
  343. # Loaded module rlm_files
  344. # Loading module "files" from file /usr/local/etc/raddb/mods-enabled/files
  345. files {
  346. filename = "/usr/local/etc/raddb/mods-config/files/authorize"
  347. acctusersfile = "/usr/local/etc/raddb/mods-config/files/accounting"
  348. preproxy_usersfile = "/usr/local/etc/raddb/mods-config/files/pre-proxy"
  349. }
  350. # Loaded module rlm_chap
  351. # Loading module "chap" from file /usr/local/etc/raddb/mods-enabled/chap
  352. # Loaded module rlm_utf8
  353. # Loading module "utf8" from file /usr/local/etc/raddb/mods-enabled/utf8
  354. # Loaded module rlm_soh
  355. # Loading module "soh" from file /usr/local/etc/raddb/mods-enabled/soh
  356. soh {
  357. dhcp = yes
  358. }
  359. # Loaded module rlm_linelog
  360. # Loading module "linelog" from file /usr/local/etc/raddb/mods-enabled/linelog
  361. linelog {
  362. filename = "/usr/local/var/log/radius/linelog"
  363. escape_filenames = no
  364. syslog_severity = "info"
  365. permissions = 384
  366. format = "This is a log message for %{User-Name}"
  367. reference = "messages.%{%{reply:Packet-Type}:-default}"
  368. }
  369. # Loading module "log_accounting" from file /usr/local/etc/raddb/mods-enabled/linelog
  370. linelog log_accounting {
  371. filename = "/usr/local/var/log/radius/linelog-accounting"
  372. escape_filenames = no
  373. syslog_severity = "info"
  374. permissions = 384
  375. format = ""
  376. reference = "Accounting-Request.%{%{Acct-Status-Type}:-unknown}"
  377. }
  378. # Loaded module rlm_dhcp
  379. # Loading module "dhcp" from file /usr/local/etc/raddb/mods-enabled/dhcp
  380. # Loaded module rlm_eap
  381. # Loading module "eap" from file /usr/local/etc/raddb/mods-enabled/eap
  382. eap {
  383. default_eap_type = "md5"
  384. timer_expire = 60
  385. ignore_unknown_eap_types = no
  386. cisco_accounting_username_bug = no
  387. max_sessions = 16384
  388. }
  389. # Loaded module rlm_unix
  390. # Loading module "unix" from file /usr/local/etc/raddb/mods-enabled/unix
  391. unix {
  392. radwtmp = "/usr/local/var/log/radius/radwtmp"
  393. }
  394. Creating attribute Unix-Group
  395. # Loading module "ntlm_auth" from file /usr/local/etc/raddb/mods-enabled/ntlm_auth
  396. exec ntlm_auth {
  397. wait = yes
  398. program = "/path/to/ntlm_auth --request-nt-key --domain=MYDOMAIN --username=%{mschap:User-Name} --password=%{User-Password}"
  399. shell_escape = yes
  400. }
  401. # Loaded module rlm_attr_filter
  402. # Loading module "attr_filter.post-proxy" from file /usr/local/etc/raddb/mods-enabled/attr_filter
  403. attr_filter attr_filter.post-proxy {
  404. filename = "/usr/local/etc/raddb/mods-config/attr_filter/post-proxy"
  405. key = "%{Realm}"
  406. relaxed = no
  407. }
  408. # Loading module "attr_filter.pre-proxy" from file /usr/local/etc/raddb/mods-enabled/attr_filter
  409. attr_filter attr_filter.pre-proxy {
  410. filename = "/usr/local/etc/raddb/mods-config/attr_filter/pre-proxy"
  411. key = "%{Realm}"
  412. relaxed = no
  413. }
  414. # Loading module "attr_filter.access_reject" from file /usr/local/etc/raddb/mods-enabled/attr_filter
  415. attr_filter attr_filter.access_reject {
  416. filename = "/usr/local/etc/raddb/mods-config/attr_filter/access_reject"
  417. key = "%{User-Name}"
  418. relaxed = no
  419. }
  420. # Loading module "attr_filter.access_challenge" from file /usr/local/etc/raddb/mods-enabled/attr_filter
  421. attr_filter attr_filter.access_challenge {
  422. filename = "/usr/local/etc/raddb/mods-config/attr_filter/access_challenge"
  423. key = "%{User-Name}"
  424. relaxed = no
  425. }
  426. # Loading module "attr_filter.accounting_response" from file /usr/local/etc/raddb/mods-enabled/attr_filter
  427. attr_filter attr_filter.accounting_response {
  428. filename = "/usr/local/etc/raddb/mods-config/attr_filter/accounting_response"
  429. key = "%{User-Name}"
  430. relaxed = no
  431. }
  432. # Loaded module rlm_replicate
  433. # Loading module "replicate" from file /usr/local/etc/raddb/mods-enabled/replicate
  434. # Loaded module rlm_preprocess
  435. # Loading module "preprocess" from file /usr/local/etc/raddb/mods-enabled/preprocess
  436. preprocess {
  437. huntgroups = "/usr/local/etc/raddb/mods-config/preprocess/huntgroups"
  438. hints = "/usr/local/etc/raddb/mods-config/preprocess/hints"
  439. with_ascend_hack = no
  440. ascend_channels_per_line = 23
  441. with_ntdomain_hack = no
  442. with_specialix_jetstream_hack = no
  443. with_cisco_vsa_hack = no
  444. with_alvarion_vsa_hack = no
  445. }
  446. # Loaded module rlm_mschap
  447. # Loading module "mschap" from file /usr/local/etc/raddb/mods-enabled/mschap
  448. mschap {
  449. use_mppe = yes
  450. require_encryption = no
  451. require_strong = no
  452. with_ntdomain_hack = yes
  453. passchange {
  454. }
  455. allow_retry = yes
  456. winbind_retry_with_normalised_username = no
  457. }
  458. # Loading module "exec" from file /usr/local/etc/raddb/mods-enabled/exec
  459. exec {
  460. wait = no
  461. input_pairs = "request"
  462. shell_escape = yes
  463. timeout = 10
  464. }
  465. # Loaded module rlm_always
  466. # Loading module "reject" from file /usr/local/etc/raddb/mods-enabled/always
  467. always reject {
  468. rcode = "reject"
  469. simulcount = 0
  470. mpp = no
  471. }
  472. # Loading module "fail" from file /usr/local/etc/raddb/mods-enabled/always
  473. always fail {
  474. rcode = "fail"
  475. simulcount = 0
  476. mpp = no
  477. }
  478. # Loading module "ok" from file /usr/local/etc/raddb/mods-enabled/always
  479. always ok {
  480. rcode = "ok"
  481. simulcount = 0
  482. mpp = no
  483. }
  484. # Loading module "handled" from file /usr/local/etc/raddb/mods-enabled/always
  485. always handled {
  486. rcode = "handled"
  487. simulcount = 0
  488. mpp = no
  489. }
  490. # Loading module "invalid" from file /usr/local/etc/raddb/mods-enabled/always
  491. always invalid {
  492. rcode = "invalid"
  493. simulcount = 0
  494. mpp = no
  495. }
  496. # Loading module "userlock" from file /usr/local/etc/raddb/mods-enabled/always
  497. always userlock {
  498. rcode = "userlock"
  499. simulcount = 0
  500. mpp = no
  501. }
  502. # Loading module "notfound" from file /usr/local/etc/raddb/mods-enabled/always
  503. always notfound {
  504. rcode = "notfound"
  505. simulcount = 0
  506. mpp = no
  507. }
  508. # Loading module "noop" from file /usr/local/etc/raddb/mods-enabled/always
  509. always noop {
  510. rcode = "noop"
  511. simulcount = 0
  512. mpp = no
  513. }
  514. # Loading module "updated" from file /usr/local/etc/raddb/mods-enabled/always
  515. always updated {
  516. rcode = "updated"
  517. simulcount = 0
  518. mpp = no
  519. }
  520. # Loaded module rlm_date
  521. # Loading module "date" from file /usr/local/etc/raddb/mods-enabled/date
  522. date {
  523. format = "%b %e %Y %H:%M:%S %Z"
  524. utc = no
  525. }
  526. instantiate {
  527. }
  528. # Instantiating module "etc_passwd" from file /usr/local/etc/raddb/mods-enabled/passwd
  529. rlm_passwd: nfields: 3 keyfield 0(User-Name) listable: no
  530. # Instantiating module "detail" from file /usr/local/etc/raddb/mods-enabled/detail
  531. # Instantiating module "cache_eap" from file /usr/local/etc/raddb/mods-enabled/cache_eap
  532. rlm_cache (cache_eap): Driver rlm_cache_rbtree (module rlm_cache_rbtree) loaded and linked
  533. # Instantiating module "logintime" from file /usr/local/etc/raddb/mods-enabled/logintime
  534. # Instantiating module "auth_log" from file /usr/local/etc/raddb/mods-enabled/detail.log
  535. rlm_detail (auth_log): 'User-Password' suppressed, will not appear in detail output
  536. # Instantiating module "reply_log" from file /usr/local/etc/raddb/mods-enabled/detail.log
  537. # Instantiating module "pre_proxy_log" from file /usr/local/etc/raddb/mods-enabled/detail.log
  538. # Instantiating module "post_proxy_log" from file /usr/local/etc/raddb/mods-enabled/detail.log
  539. # Instantiating module "IPASS" from file /usr/local/etc/raddb/mods-enabled/realm
  540. # Instantiating module "suffix" from file /usr/local/etc/raddb/mods-enabled/realm
  541. # Instantiating module "realmpercent" from file /usr/local/etc/raddb/mods-enabled/realm
  542. # Instantiating module "ntdomain" from file /usr/local/etc/raddb/mods-enabled/realm
  543. # Instantiating module "expiration" from file /usr/local/etc/raddb/mods-enabled/expiration
  544. # Instantiating module "pap" from file /usr/local/etc/raddb/mods-enabled/pap
  545. # Instantiating module "files" from file /usr/local/etc/raddb/mods-enabled/files
  546. reading pairlist file /usr/local/etc/raddb/mods-config/files/authorize
  547. reading pairlist file /usr/local/etc/raddb/mods-config/files/accounting
  548. reading pairlist file /usr/local/etc/raddb/mods-config/files/pre-proxy
  549. # Instantiating module "linelog" from file /usr/local/etc/raddb/mods-enabled/linelog
  550. # Instantiating module "log_accounting" from file /usr/local/etc/raddb/mods-enabled/linelog
  551. # Instantiating module "eap" from file /usr/local/etc/raddb/mods-enabled/eap
  552. # Linked to sub-module rlm_eap_md5
  553. # Linked to sub-module rlm_eap_leap
  554. # Linked to sub-module rlm_eap_gtc
  555. gtc {
  556. challenge = "Password: "
  557. auth_type = "PAP"
  558. }
  559. # Linked to sub-module rlm_eap_tls
  560. tls {
  561. tls = "tls-common"
  562. }
  563. tls-config tls-common {
  564. verify_depth = 0
  565. ca_path = "/usr/local/etc/raddb/certs"
  566. pem_file_type = yes
  567. private_key_file = "/usr/local/etc/raddb/certs/server.pem"
  568. certificate_file = "/usr/local/etc/raddb/certs/server.pem"
  569. ca_file = "/usr/local/etc/raddb/certs/ca.pem"
  570. private_key_password = <<< secret >>>
  571. dh_file = "/usr/local/etc/raddb/certs/dh"
  572. fragment_size = 1024
  573. include_length = yes
  574. auto_chain = yes
  575. check_crl = no
  576. check_all_crl = no
  577. cipher_list = "DEFAULT"
  578. cipher_server_preference = no
  579. ecdh_curve = "prime256v1"
  580. cache {
  581. enable = no
  582. lifetime = 24
  583. max_entries = 255
  584. }
  585. verify {
  586. skip_if_ocsp_ok = no
  587. }
  588. ocsp {
  589. enable = no
  590. override_cert_url = yes
  591. url = "http://127.0.0.1/ocsp/"
  592. use_nonce = yes
  593. timeout = 0
  594. softfail = no
  595. }
  596. }
  597. # Linked to sub-module rlm_eap_ttls
  598. ttls {
  599. tls = "tls-common"
  600. default_eap_type = "md5"
  601. copy_request_to_tunnel = no
  602. use_tunneled_reply = no
  603. virtual_server = "inner-tunnel"
  604. include_length = yes
  605. require_client_cert = no
  606. }
  607. tls: Using cached TLS configuration from previous invocation
  608. # Linked to sub-module rlm_eap_peap
  609. peap {
  610. tls = "tls-common"
  611. default_eap_type = "mschapv2"
  612. copy_request_to_tunnel = no
  613. use_tunneled_reply = no
  614. proxy_tunneled_request_as_eap = yes
  615. virtual_server = "inner-tunnel"
  616. soh = no
  617. require_client_cert = no
  618. }
  619. tls: Using cached TLS configuration from previous invocation
  620. # Linked to sub-module rlm_eap_mschapv2
  621. mschapv2 {
  622. with_ntdomain_hack = no
  623. send_error = no
  624. }
  625. # Instantiating module "attr_filter.post-proxy" from file /usr/local/etc/raddb/mods-enabled/attr_filter
  626. reading pairlist file /usr/local/etc/raddb/mods-config/attr_filter/post-proxy
  627. # Instantiating module "attr_filter.pre-proxy" from file /usr/local/etc/raddb/mods-enabled/attr_filter
  628. reading pairlist file /usr/local/etc/raddb/mods-config/attr_filter/pre-proxy
  629. # Instantiating module "attr_filter.access_reject" from file /usr/local/etc/raddb/mods-enabled/attr_filter
  630. reading pairlist file /usr/local/etc/raddb/mods-config/attr_filter/access_reject
  631. [/usr/local/etc/raddb/mods-config/attr_filter/access_reject]:11 Check item "FreeRADIUS-Response-Delay" found in filter list for realm "DEFAULT".
  632. [/usr/local/etc/raddb/mods-config/attr_filter/access_reject]:11 Check item "FreeRADIUS-Response-Delay-USec" found in filter list for realm "DEFAULT".
  633. # Instantiating module "attr_filter.access_challenge" from file /usr/local/etc/raddb/mods-enabled/attr_filter
  634. reading pairlist file /usr/local/etc/raddb/mods-config/attr_filter/access_challenge
  635. # Instantiating module "attr_filter.accounting_response" from file /usr/local/etc/raddb/mods-enabled/attr_filter
  636. reading pairlist file /usr/local/etc/raddb/mods-config/attr_filter/accounting_response
  637. # Instantiating module "preprocess" from file /usr/local/etc/raddb/mods-enabled/preprocess
  638. reading pairlist file /usr/local/etc/raddb/mods-config/preprocess/huntgroups
  639. reading pairlist file /usr/local/etc/raddb/mods-config/preprocess/hints
  640. # Instantiating module "mschap" from file /usr/local/etc/raddb/mods-enabled/mschap
  641. rlm_mschap (mschap): using internal authentication
  642. # Instantiating module "reject" from file /usr/local/etc/raddb/mods-enabled/always
  643. # Instantiating module "fail" from file /usr/local/etc/raddb/mods-enabled/always
  644. # Instantiating module "ok" from file /usr/local/etc/raddb/mods-enabled/always
  645. # Instantiating module "handled" from file /usr/local/etc/raddb/mods-enabled/always
  646. # Instantiating module "invalid" from file /usr/local/etc/raddb/mods-enabled/always
  647. # Instantiating module "userlock" from file /usr/local/etc/raddb/mods-enabled/always
  648. # Instantiating module "notfound" from file /usr/local/etc/raddb/mods-enabled/always
  649. # Instantiating module "noop" from file /usr/local/etc/raddb/mods-enabled/always
  650. # Instantiating module "updated" from file /usr/local/etc/raddb/mods-enabled/always
  651. } # modules
  652. radiusd: #### Loading Virtual Servers ####
  653. server { # from file /usr/local/etc/raddb/radiusd.conf
  654. } # server
  655. server inner-tunnel { # from file /usr/local/etc/raddb/sites-enabled/inner-tunnel
  656. # Loading authenticate {...}
  657. # Loading authorize {...}
  658. Ignoring "sql" (see raddb/mods-available/README.rst)
  659. Ignoring "ldap" (see raddb/mods-available/README.rst)
  660. # Loading session {...}
  661. # Loading post-proxy {...}
  662. # Loading post-auth {...}
  663. # Skipping contents of 'if' as it is always 'false' -- /usr/local/etc/raddb/sites-enabled/inner-tunnel:331
  664. } # server inner-tunnel
  665. server default { # from file /usr/local/etc/raddb/sites-enabled/default
  666. # Loading authenticate {...}
  667. # Loading authorize {...}
  668. # Loading preacct {...}
  669. # Loading accounting {...}
  670. # Loading post-proxy {...}
  671. # Loading post-auth {...}
  672. } # server default
  673. radiusd: #### Opening IP addresses and Ports ####
  674. listen {
  675. type = "auth"
  676. ipaddr = 127.0.0.1
  677. port = 18120
  678. }
  679. listen {
  680. type = "auth"
  681. ipaddr = *
  682. port = 0
  683. limit {
  684. max_connections = 16
  685. lifetime = 0
  686. idle_timeout = 30
  687. }
  688. }
  689. listen {
  690. type = "acct"
  691. ipaddr = *
  692. port = 0
  693. limit {
  694. max_connections = 16
  695. lifetime = 0
  696. idle_timeout = 30
  697. }
  698. }
  699. listen {
  700. type = "auth"
  701. ipv6addr = ::
  702. port = 0
  703. limit {
  704. max_connections = 16
  705. lifetime = 0
  706. idle_timeout = 30
  707. }
  708. }
  709. listen {
  710. type = "acct"
  711. ipv6addr = ::
  712. port = 0
  713. limit {
  714. max_connections = 16
  715. lifetime = 0
  716. idle_timeout = 30
  717. }
  718. }
  719. Listening on auth address 127.0.0.1 port 18120 bound to server inner-tunnel
  720. Listening on auth address * port 1812 bound to server default
  721. Listening on acct address * port 1813 bound to server default
  722. Listening on auth address :: port 1812 bound to server default
  723. Listening on acct address :: port 1813 bound to server default
  724. Listening on proxy address * port 50175
  725. Listening on proxy address :: port 42699
  726. Ready to process requests
  727. (0) Received Access-Request Id 0 from 10.182.11.108:48933 to 10.182.12.46:1812 length 159
  728. (0) User-Name = "alice"
  729. (0) NAS-IP-Address = 6.102.112.27
  730. (0) Calling-Station-Id = "00-00-00-00-00-02"
  731. (0) Called-Station-Id = "0C-8D-DB-66-70-1B:Intopalo internal RAD"
  732. (0) Framed-MTU = 1400
  733. (0) NAS-Port-Type = Wireless-802.11
  734. (0) Connect-Info = "CONNECT 11Mbps 802.11b"
  735. (0) EAP-Message = 0x0200000a01616c696365
  736. (0) Message-Authenticator = 0x780fcbd5352a344cfa3ceb863bdc675e
  737. (0) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
  738. (0) authorize {
  739. (0) policy filter_username {
  740. (0) if (&User-Name) {
  741. (0) if (&User-Name) -> TRUE
  742. (0) if (&User-Name) {
  743. (0) if (&User-Name =~ / /) {
  744. (0) if (&User-Name =~ / /) -> FALSE
  745. (0) if (&User-Name =~ /@[^@]*@/ ) {
  746. (0) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
  747. (0) if (&User-Name =~ /\.\./ ) {
  748. (0) if (&User-Name =~ /\.\./ ) -> FALSE
  749. (0) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
  750. (0) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
  751. (0) if (&User-Name =~ /\.$/) {
  752. (0) if (&User-Name =~ /\.$/) -> FALSE
  753. (0) if (&User-Name =~ /@\./) {
  754. (0) if (&User-Name =~ /@\./) -> FALSE
  755. (0) } # if (&User-Name) = notfound
  756. (0) } # policy filter_username = notfound
  757. (0) [preprocess] = ok
  758. (0) [chap] = noop
  759. (0) [mschap] = noop
  760. (0) [digest] = noop
  761. (0) suffix: Checking for suffix after "@"
  762. (0) suffix: No '@' in User-Name = "alice", looking up realm NULL
  763. (0) suffix: No such realm "NULL"
  764. (0) [suffix] = noop
  765. (0) eap: Peer sent EAP Response (code 2) ID 0 length 10
  766. (0) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
  767. (0) [eap] = ok
  768. (0) } # authorize = ok
  769. (0) Found Auth-Type = eap
  770. (0) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
  771. (0) authenticate {
  772. (0) eap: Peer sent packet with method EAP Identity (1)
  773. (0) eap: Calling submodule eap_md5 to process data
  774. (0) eap_md5: Issuing MD5 Challenge
  775. (0) eap: Sending EAP Request (code 1) ID 1 length 22
  776. (0) eap: EAP session adding &reply:State = 0xb2829526b28391dc
  777. (0) [eap] = handled
  778. (0) } # authenticate = handled
  779. (0) Using Post-Auth-Type Challenge
  780. (0) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
  781. (0) Challenge { ... } # empty sub-section is ignored
  782. (0) Sent Access-Challenge Id 0 from 10.182.12.46:1812 to 10.182.11.108:48933 length 0
  783. (0) EAP-Message = 0x0101001604108eff9906e1bbf8c81d283c3606187eda
  784. (0) Message-Authenticator = 0x00000000000000000000000000000000
  785. (0) State = 0xb2829526b28391dcf180aea8a081cbcf
  786. (0) Finished request
  787. Waking up in 4.9 seconds.
  788. Waking up in 9.3 seconds.
  789. Waking up in 17.3 seconds.
  790. (0) Cleaning up request packet ID 0 with timestamp +17
  791. Ready to process requests
  792. (1) Received Access-Request Id 135 from 10.182.11.108:44118 to 10.182.12.46:1812 length 275
  793. (1) User-Name = "alice"
  794. (1) NAS-IP-Address = 10.182.11.108
  795. (1) Called-Station-Id = "0A-8D-CB-66-70-1B:Intopalo internal RAD"
  796. (1) NAS-Port-Type = Wireless-802.11
  797. (1) Service-Type = Framed-User
  798. (1) Calling-Station-Id = "8C-0D-76-C2-3C-F9"
  799. (1) Connect-Info = "CONNECT 54.00 Mbps, 802.11ac, RSSI: 34, Channel: 112"
  800. (1) Acct-Session-Id = "D144C9C00F8BDE91"
  801. (1) Acct-Multi-Session-Id = "8CC3057A702D43B3"
  802. (1) WLAN-Pairwise-Cipher = 1027076
  803. (1) WLAN-Group-Cipher = 1027074
  804. (1) WLAN-AKM-Suite = 1027073
  805. (1) Meraki-Device-Name = "Intopalo Main MR33"
  806. (1) Framed-MTU = 1400
  807. (1) EAP-Message = 0x02cb000a01616c696365
  808. (1) Message-Authenticator = 0x9b74bfc35aa9561b082feee1d57400bf
  809. (1) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
  810. (1) authorize {
  811. (1) policy filter_username {
  812. (1) if (&User-Name) {
  813. (1) if (&User-Name) -> TRUE
  814. (1) if (&User-Name) {
  815. (1) if (&User-Name =~ / /) {
  816. (1) if (&User-Name =~ / /) -> FALSE
  817. (1) if (&User-Name =~ /@[^@]*@/ ) {
  818. (1) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
  819. (1) if (&User-Name =~ /\.\./ ) {
  820. (1) if (&User-Name =~ /\.\./ ) -> FALSE
  821. (1) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
  822. (1) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
  823. (1) if (&User-Name =~ /\.$/) {
  824. (1) if (&User-Name =~ /\.$/) -> FALSE
  825. (1) if (&User-Name =~ /@\./) {
  826. (1) if (&User-Name =~ /@\./) -> FALSE
  827. (1) } # if (&User-Name) = notfound
  828. (1) } # policy filter_username = notfound
  829. (1) [preprocess] = ok
  830. (1) [chap] = noop
  831. (1) [mschap] = noop
  832. (1) [digest] = noop
  833. (1) suffix: Checking for suffix after "@"
  834. (1) suffix: No '@' in User-Name = "alice", looking up realm NULL
  835. (1) suffix: No such realm "NULL"
  836. (1) [suffix] = noop
  837. (1) eap: Peer sent EAP Response (code 2) ID 203 length 10
  838. (1) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
  839. (1) [eap] = ok
  840. (1) } # authorize = ok
  841. (1) Found Auth-Type = eap
  842. (1) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
  843. (1) authenticate {
  844. (1) eap: Peer sent packet with method EAP Identity (1)
  845. (1) eap: Calling submodule eap_md5 to process data
  846. (1) eap_md5: Issuing MD5 Challenge
  847. (1) eap: Sending EAP Request (code 1) ID 204 length 22
  848. (1) eap: EAP session adding &reply:State = 0x654deac16581ee2a
  849. (1) [eap] = handled
  850. (1) } # authenticate = handled
  851. (1) Using Post-Auth-Type Challenge
  852. (1) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
  853. (1) Challenge { ... } # empty sub-section is ignored
  854. (1) Sent Access-Challenge Id 135 from 10.182.12.46:1812 to 10.182.11.108:44118 length 0
  855. (1) EAP-Message = 0x01cc00160410d12d311ea58638b9e84a45f46befdaef
  856. (1) Message-Authenticator = 0x00000000000000000000000000000000
  857. (1) State = 0x654deac16581ee2af17cd0130e2a273c
  858. (1) Finished request
  859. Waking up in 4.9 seconds.
  860. Waking up in 7.8 seconds.
  861. Waking up in 14.0 seconds.
  862. Waking up in 29.9 seconds.
  863. (2) Received Access-Request Id 136 from 10.182.11.108:59660 to 10.182.12.46:1812 length 275
  864. (2) User-Name = "alice"
  865. (2) NAS-IP-Address = 10.182.11.108
  866. (2) Called-Station-Id = "0A-8D-CB-66-70-1B:Intopalo internal RAD"
  867. (2) NAS-Port-Type = Wireless-802.11
  868. (2) Service-Type = Framed-User
  869. (2) Calling-Station-Id = "8C-0D-76-C2-3C-F9"
  870. (2) Connect-Info = "CONNECT 54.00 Mbps, 802.11ac, RSSI: 33, Channel: 112"
  871. (2) Acct-Session-Id = "D144C9C00F8BDE91"
  872. (2) Acct-Multi-Session-Id = "8CC3057A702D43B3"
  873. (2) WLAN-Pairwise-Cipher = 1027076
  874. (2) WLAN-Group-Cipher = 1027074
  875. (2) WLAN-AKM-Suite = 1027073
  876. (2) Meraki-Device-Name = "Intopalo Main MR33"
  877. (2) Framed-MTU = 1400
  878. (2) EAP-Message = 0x02d0000a01616c696365
  879. (2) Message-Authenticator = 0x01bbc7cad110b73a1661bb7d1478f6ba
  880. (2) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
  881. (2) authorize {
  882. (2) policy filter_username {
  883. (2) if (&User-Name) {
  884. (2) if (&User-Name) -> TRUE
  885. (2) if (&User-Name) {
  886. (2) if (&User-Name =~ / /) {
  887. (2) if (&User-Name =~ / /) -> FALSE
  888. (2) if (&User-Name =~ /@[^@]*@/ ) {
  889. (2) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
  890. (2) if (&User-Name =~ /\.\./ ) {
  891. (2) if (&User-Name =~ /\.\./ ) -> FALSE
  892. (2) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
  893. (2) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
  894. (2) if (&User-Name =~ /\.$/) {
  895. (2) if (&User-Name =~ /\.$/) -> FALSE
  896. (2) if (&User-Name =~ /@\./) {
  897. (2) if (&User-Name =~ /@\./) -> FALSE
  898. (2) } # if (&User-Name) = notfound
  899. (2) } # policy filter_username = notfound
  900. (2) [preprocess] = ok
  901. (2) [chap] = noop
  902. (2) [mschap] = noop
  903. (2) [digest] = noop
  904. (2) suffix: Checking for suffix after "@"
  905. (2) suffix: No '@' in User-Name = "alice", looking up realm NULL
  906. (2) suffix: No such realm "NULL"
  907. (2) [suffix] = noop
  908. (2) eap: Peer sent EAP Response (code 2) ID 208 length 10
  909. (2) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
  910. (2) [eap] = ok
  911. (2) } # authorize = ok
  912. (2) Found Auth-Type = eap
  913. (2) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
  914. (2) authenticate {
  915. (2) eap: Peer sent packet with method EAP Identity (1)
  916. (2) eap: Calling submodule eap_md5 to process data
  917. (2) eap_md5: Issuing MD5 Challenge
  918. (2) eap: Sending EAP Request (code 1) ID 209 length 22
  919. (2) eap: EAP session adding &reply:State = 0xa9ac4aa9a97d4e02
  920. (2) [eap] = handled
  921. (2) } # authenticate = handled
  922. (2) Using Post-Auth-Type Challenge
  923. (2) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
  924. (2) Challenge { ... } # empty sub-section is ignored
  925. (2) Sent Access-Challenge Id 136 from 10.182.12.46:1812 to 10.182.11.108:59660 length 0
  926. (2) EAP-Message = 0x01d100160410c777f57ceb9aa67de1e96ccefa76e158
  927. (2) Message-Authenticator = 0x00000000000000000000000000000000
  928. (2) State = 0xa9ac4aa9a97d4e0277e6d3d66368a06a
  929. (2) Finished request
  930. Waking up in 4.9 seconds.
  931. Waking up in 7.7 seconds.
  932. Waking up in 3.6 seconds.
  933. (1) Cleaning up request packet ID 135 with timestamp +238
  934. Waking up in 10.2 seconds.
  935. Waking up in 29.8 seconds.
  936. (3) Received Access-Request Id 20 from 127.0.0.1:58377 to 127.0.0.1:1812 length 75
  937. (3) User-Name = "alice"
  938. (3) User-Password = "alice"
  939. (3) NAS-IP-Address = 127.0.1.1
  940. (3) NAS-Port = 0
  941. (3) Message-Authenticator = 0x58b504c48a85092497bd202768278bf3
  942. (3) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
  943. (3) authorize {
  944. (3) policy filter_username {
  945. (3) if (&User-Name) {
  946. (3) if (&User-Name) -> TRUE
  947. (3) if (&User-Name) {
  948. (3) if (&User-Name =~ / /) {
  949. (3) if (&User-Name =~ / /) -> FALSE
  950. (3) if (&User-Name =~ /@[^@]*@/ ) {
  951. (3) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
  952. (3) if (&User-Name =~ /\.\./ ) {
  953. (3) if (&User-Name =~ /\.\./ ) -> FALSE
  954. (3) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
  955. (3) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
  956. (3) if (&User-Name =~ /\.$/) {
  957. (3) if (&User-Name =~ /\.$/) -> FALSE
  958. (3) if (&User-Name =~ /@\./) {
  959. (3) if (&User-Name =~ /@\./) -> FALSE
  960. (3) } # if (&User-Name) = notfound
  961. (3) } # policy filter_username = notfound
  962. (3) [preprocess] = ok
  963. (3) [chap] = noop
  964. (3) [mschap] = noop
  965. (3) [digest] = noop
  966. (3) suffix: Checking for suffix after "@"
  967. (3) suffix: No '@' in User-Name = "alice", looking up realm NULL
  968. (3) suffix: No such realm "NULL"
  969. (3) [suffix] = noop
  970. (3) eap: No EAP-Message, not doing EAP
  971. (3) [eap] = noop
  972. (3) files: users: Matched entry alice at line 47
  973. (3) [files] = ok
  974. (3) [expiration] = noop
  975. (3) [logintime] = noop
  976. (3) [pap] = updated
  977. (3) } # authorize = updated
  978. (3) Found Auth-Type = PAP
  979. (3) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
  980. (3) Auth-Type PAP {
  981. (3) pap: Login attempt with password
  982. (3) pap: Comparing with "known good" Cleartext-Password
  983. (3) pap: User authenticated successfully
  984. (3) [pap] = ok
  985. (3) } # Auth-Type PAP = ok
  986. (3) # Executing section post-auth from file /usr/local/etc/raddb/sites-enabled/default
  987. (3) post-auth {
  988. (3) update {
  989. (3) No attributes updated
  990. (3) } # update = noop
  991. (3) [exec] = noop
  992. (3) policy remove_reply_message_if_eap {
  993. (3) if (&reply:EAP-Message && &reply:Reply-Message) {
  994. (3) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
  995. (3) else {
  996. (3) [noop] = noop
  997. (3) } # else = noop
  998. (3) } # policy remove_reply_message_if_eap = noop
  999. (3) } # post-auth = noop
  1000. (3) Sent Access-Accept Id 20 from 127.0.0.1:1812 to 127.0.0.1:58377 length 0
  1001. (3) Finished request
  1002. Waking up in 4.2 seconds.
  1003. (2) Cleaning up request packet ID 136 with timestamp +269
  1004. Waking up in 0.7 seconds.
  1005. (3) Cleaning up request packet ID 20 with timestamp +304
  1006. Ready to process requests
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!