API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Mar 22nd, 2018
127
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 34.49 KB | None | 0 0
raw download clone embed print report
  1. freeradius -X
  2. FreeRADIUS Version 3.0.12
  3. Copyright (C) 1999-2016 The FreeRADIUS server project and contributors
  4. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
  5. PARTICULAR PURPOSE
  6. You may redistribute copies of FreeRADIUS under the terms of the
  7. GNU General Public License
  8. For more information about these matters, see the file named COPYRIGHT
  9. Starting - reading configuration files ...
  10. including dictionary file /usr/share/freeradius/dictionary
  11. including dictionary file /usr/share/freeradius/dictionary.dhcp
  12. including dictionary file /usr/share/freeradius/dictionary.vqp
  13. including dictionary file /etc/freeradius/3.0/dictionary
  14. including configuration file /etc/freeradius/3.0/radiusd.conf
  15. including configuration file /etc/freeradius/3.0/clients.conf
  16. including files in directory /etc/freeradius/3.0/mods-enabled/
  17. including configuration file /etc/freeradius/3.0/mods-enabled/always
  18. including configuration file /etc/freeradius/3.0/mods-enabled/attr_filter
  19. including configuration file /etc/freeradius/3.0/mods-enabled/cache_eap
  20. including configuration file /etc/freeradius/3.0/mods-enabled/chap
  21. including configuration file /etc/freeradius/3.0/mods-enabled/detail
  22. including configuration file /etc/freeradius/3.0/mods-enabled/detail.log
  23. including configuration file /etc/freeradius/3.0/mods-enabled/digest
  24. including configuration file /etc/freeradius/3.0/mods-enabled/dynamic_clients
  25. including configuration file /etc/freeradius/3.0/mods-enabled/echo
  26. including configuration file /etc/freeradius/3.0/mods-enabled/exec
  27. including configuration file /etc/freeradius/3.0/mods-enabled/expiration
  28. including configuration file /etc/freeradius/3.0/mods-enabled/expr
  29. including configuration file /etc/freeradius/3.0/mods-enabled/files
  30. including configuration file /etc/freeradius/3.0/mods-enabled/linelog
  31. including configuration file /etc/freeradius/3.0/mods-enabled/logintime
  32. including configuration file /etc/freeradius/3.0/mods-enabled/mschap
  33. including configuration file /etc/freeradius/3.0/mods-enabled/ntlm_auth
  34. including configuration file /etc/freeradius/3.0/mods-enabled/pap
  35. including configuration file /etc/freeradius/3.0/mods-enabled/passwd
  36. including configuration file /etc/freeradius/3.0/mods-enabled/preprocess
  37. including configuration file /etc/freeradius/3.0/mods-enabled/radutmp
  38. including configuration file /etc/freeradius/3.0/mods-enabled/realm
  39. including configuration file /etc/freeradius/3.0/mods-enabled/replicate
  40. including configuration file /etc/freeradius/3.0/mods-enabled/soh
  41. including configuration file /etc/freeradius/3.0/mods-enabled/sradutmp
  42. including configuration file /etc/freeradius/3.0/mods-enabled/unix
  43. including configuration file /etc/freeradius/3.0/mods-enabled/unpack
  44. including configuration file /etc/freeradius/3.0/mods-enabled/utf8
  45. including configuration file /etc/freeradius/3.0/mods-enabled/sql
  46. including configuration file /etc/freeradius/3.0/mods-config/sql/main/sqlite/queries.conf
  47. including files in directory /etc/freeradius/3.0/policy.d/
  48. including configuration file /etc/freeradius/3.0/policy.d/abfab-tr
  49. including configuration file /etc/freeradius/3.0/policy.d/accounting
  50. including configuration file /etc/freeradius/3.0/policy.d/canonicalization
  51. including configuration file /etc/freeradius/3.0/policy.d/control
  52. including configuration file /etc/freeradius/3.0/policy.d/cui
  53. including configuration file /etc/freeradius/3.0/policy.d/debug
  54. including configuration file /etc/freeradius/3.0/policy.d/dhcp
  55. including configuration file /etc/freeradius/3.0/policy.d/eap
  56. including configuration file /etc/freeradius/3.0/policy.d/filter
  57. including configuration file /etc/freeradius/3.0/policy.d/moonshot-targeted-ids
  58. including configuration file /etc/freeradius/3.0/policy.d/operator-name
  59. including files in directory /etc/freeradius/3.0/sites-enabled/
  60. including configuration file /etc/freeradius/3.0/sites-enabled/default
  61. main {
  62. security {
  63. user = "freerad"
  64. group = "freerad"
  65. allow_core_dumps = no
  66. }
  67. name = "freeradius"
  68. prefix = "/usr"
  69. localstatedir = "/var"
  70. logdir = "/var/log/freeradius"
  71. run_dir = "/var/run/freeradius"
  72. }
  73. main {
  74. name = "freeradius"
  75. prefix = "/usr"
  76. localstatedir = "/var"
  77. sbindir = "/usr/sbin"
  78. logdir = "/var/log/freeradius"
  79. run_dir = "/var/run/freeradius"
  80. libdir = "/usr/lib/freeradius"
  81. radacctdir = "/var/log/freeradius/radacct"
  82. hostname_lookups = no
  83. max_request_time = 120
  84. cleanup_delay = 5
  85. max_requests = 1048576
  86. pidfile = "/var/run/freeradius/freeradius.pid"
  87. checkrad = "/usr/sbin/checkrad"
  88. debug_level = 0
  89. proxy_requests = yes
  90. log {
  91. stripped_names = no
  92. auth = yes
  93. auth_badpass = yes
  94. auth_goodpass = no
  95. msg_badpass = "%{ADSL-Agent-Circuit-Id} %{reply:Reply-Message}"
  96. colourise = yes
  97. msg_denied = "You are already logged in - access denied"
  98. }
  99. resources {
  100. }
  101. security {
  102. max_attributes = 200
  103. reject_delay = 1.000000
  104. status_server = no
  105. }
  106. }
  107. radiusd: #### Loading Realms and Home Servers ####
  108. radiusd: #### Loading Clients ####
  109. client localhost {
  110. ipaddr = 127.0.0.1
  111. require_message_authenticator = no
  112. secret = <<< secret >>>
  113. shortname = "nas104"
  114. nas_type = "other"
  115. proto = "*"
  116. limit {
  117. max_connections = 0
  118. lifetime = 0
  119. idle_timeout = 300
  120. }
  121. }
  122. client localhost_ipv6 {
  123. ipv6addr = ::1
  124. require_message_authenticator = no
  125. secret = <<< secret >>>
  126. limit {
  127. max_connections = 16
  128. lifetime = 0
  129. idle_timeout = 30
  130. }
  131. }
  132. Debugger not attached
  133. # Creating Auth-Type = PAP
  134. # Creating Auth-Type = CHAP
  135. # Creating Auth-Type = MS-CHAP
  136. radiusd: #### Instantiating modules ####
  137. modules {
  138. # Loaded module rlm_always
  139. # Loading module "reject" from file /etc/freeradius/3.0/mods-enabled/always
  140. always reject {
  141. rcode = "reject"
  142. simulcount = 0
  143. mpp = no
  144. }
  145. # Loading module "fail" from file /etc/freeradius/3.0/mods-enabled/always
  146. always fail {
  147. rcode = "fail"
  148. simulcount = 0
  149. mpp = no
  150. }
  151. # Loading module "ok" from file /etc/freeradius/3.0/mods-enabled/always
  152. always ok {
  153. rcode = "ok"
  154. simulcount = 0
  155. mpp = no
  156. }
  157. # Loading module "handled" from file /etc/freeradius/3.0/mods-enabled/always
  158. always handled {
  159. rcode = "handled"
  160. simulcount = 0
  161. mpp = no
  162. }
  163. # Loading module "invalid" from file /etc/freeradius/3.0/mods-enabled/always
  164. always invalid {
  165. rcode = "invalid"
  166. simulcount = 0
  167. mpp = no
  168. }
  169. # Loading module "userlock" from file /etc/freeradius/3.0/mods-enabled/always
  170. always userlock {
  171. rcode = "userlock"
  172. simulcount = 0
  173. mpp = no
  174. }
  175. # Loading module "notfound" from file /etc/freeradius/3.0/mods-enabled/always
  176. always notfound {
  177. rcode = "notfound"
  178. simulcount = 0
  179. mpp = no
  180. }
  181. # Loading module "noop" from file /etc/freeradius/3.0/mods-enabled/always
  182. always noop {
  183. rcode = "noop"
  184. simulcount = 0
  185. mpp = no
  186. }
  187. # Loading module "updated" from file /etc/freeradius/3.0/mods-enabled/always
  188. always updated {
  189. rcode = "updated"
  190. simulcount = 0
  191. mpp = no
  192. }
  193. # Loaded module rlm_attr_filter
  194. # Loading module "attr_filter.post-proxy" from file /etc/freeradius/3.0/mods-enabled/attr_filter
  195. attr_filter attr_filter.post-proxy {
  196. filename = "/etc/freeradius/3.0/mods-config/attr_filter/post-proxy"
  197. key = "%{Realm}"
  198. relaxed = no
  199. }
  200. # Loading module "attr_filter.pre-proxy" from file /etc/freeradius/3.0/mods-enabled/attr_filter
  201. attr_filter attr_filter.pre-proxy {
  202. filename = "/etc/freeradius/3.0/mods-config/attr_filter/pre-proxy"
  203. key = "%{Realm}"
  204. relaxed = no
  205. }
  206. # Loading module "attr_filter.access_reject" from file /etc/freeradius/3.0/mods-enabled/attr_filter
  207. attr_filter attr_filter.access_reject {
  208. filename = "/etc/freeradius/3.0/mods-config/attr_filter/access_reject"
  209. key = "%{User-Name}"
  210. relaxed = no
  211. }
  212. # Loading module "attr_filter.access_challenge" from file /etc/freeradius/3.0/mods-enabled/attr_filter
  213. attr_filter attr_filter.access_challenge {
  214. filename = "/etc/freeradius/3.0/mods-config/attr_filter/access_challenge"
  215. key = "%{User-Name}"
  216. relaxed = no
  217. }
  218. # Loading module "attr_filter.accounting_response" from file /etc/freeradius/3.0/mods-enabled/attr_filter
  219. attr_filter attr_filter.accounting_response {
  220. filename = "/etc/freeradius/3.0/mods-config/attr_filter/accounting_response"
  221. key = "%{User-Name}"
  222. relaxed = no
  223. }
  224. # Loaded module rlm_cache
  225. # Loading module "cache_eap" from file /etc/freeradius/3.0/mods-enabled/cache_eap
  226. cache cache_eap {
  227. driver = "rlm_cache_rbtree"
  228. key = "%{%{control:State}:-%{%{reply:State}:-%{State}}}"
  229. ttl = 15
  230. max_entries = 0
  231. epoch = 0
  232. add_stats = no
  233. }
  234. # Loaded module rlm_chap
  235. # Loading module "chap" from file /etc/freeradius/3.0/mods-enabled/chap
  236. # Loaded module rlm_detail
  237. # Loading module "detail" from file /etc/freeradius/3.0/mods-enabled/detail
  238. detail {
  239. filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d"
  240. header = "%t"
  241. permissions = 384
  242. locking = no
  243. escape_filenames = no
  244. log_packet_header = no
  245. }
  246. # Loading module "auth_log" from file /etc/freeradius/3.0/mods-enabled/detail.log
  247. detail auth_log {
  248. filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d"
  249. header = "%t"
  250. permissions = 384
  251. locking = no
  252. escape_filenames = no
  253. log_packet_header = no
  254. }
  255. # Loading module "reply_log" from file /etc/freeradius/3.0/mods-enabled/detail.log
  256. detail reply_log {
  257. filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/reply-detail-%Y%m%d"
  258. header = "%t"
  259. permissions = 384
  260. locking = no
  261. escape_filenames = no
  262. log_packet_header = no
  263. }
  264. # Loading module "pre_proxy_log" from file /etc/freeradius/3.0/mods-enabled/detail.log
  265. detail pre_proxy_log {
  266. filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/pre-proxy-detail-%Y%m%d"
  267. header = "%t"
  268. permissions = 384
  269. locking = no
  270. escape_filenames = no
  271. log_packet_header = no
  272. }
  273. # Loading module "post_proxy_log" from file /etc/freeradius/3.0/mods-enabled/detail.log
  274. detail post_proxy_log {
  275. filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/post-proxy-detail-%Y%m%d"
  276. header = "%t"
  277. permissions = 384
  278. locking = no
  279. escape_filenames = no
  280. log_packet_header = no
  281. }
  282. # Loaded module rlm_digest
  283. # Loading module "digest" from file /etc/freeradius/3.0/mods-enabled/digest
  284. # Loaded module rlm_dynamic_clients
  285. # Loading module "dynamic_clients" from file /etc/freeradius/3.0/mods-enabled/dynamic_clients
  286. # Loaded module rlm_exec
  287. # Loading module "echo" from file /etc/freeradius/3.0/mods-enabled/echo
  288. exec echo {
  289. wait = yes
  290. program = "/bin/echo %{User-Name}"
  291. input_pairs = "request"
  292. output_pairs = "reply"
  293. shell_escape = yes
  294. }
  295. # Loading module "exec" from file /etc/freeradius/3.0/mods-enabled/exec
  296. exec {
  297. wait = no
  298. input_pairs = "request"
  299. shell_escape = yes
  300. timeout = 10
  301. }
  302. # Loaded module rlm_expiration
  303. # Loading module "expiration" from file /etc/freeradius/3.0/mods-enabled/expiration
  304. # Loaded module rlm_expr
  305. # Loading module "expr" from file /etc/freeradius/3.0/mods-enabled/expr
  306. expr {
  307. safe_characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /äéöüàâæçèéêëîïôœùûüaÿÄÉÖÜßÀÂÆÇÈÉÊËÎÏÔŒÙÛÜŸ"
  308. }
  309. # Loaded module rlm_files
  310. # Loading module "files" from file /etc/freeradius/3.0/mods-enabled/files
  311. files {
  312. filename = "/etc/freeradius/3.0/mods-config/files/authorize"
  313. acctusersfile = "/etc/freeradius/3.0/mods-config/files/accounting"
  314. preproxy_usersfile = "/etc/freeradius/3.0/mods-config/files/pre-proxy"
  315. }
  316. # Loaded module rlm_linelog
  317. # Loading module "linelog" from file /etc/freeradius/3.0/mods-enabled/linelog
  318. linelog {
  319. filename = "/var/log/freeradius/linelog"
  320. escape_filenames = no
  321. syslog_severity = "info"
  322. permissions = 384
  323. format = "This is a log message for %{User-Name}"
  324. reference = "messages.%{%{reply:Packet-Type}:-default}"
  325. }
  326. # Loading module "log_accounting" from file /etc/freeradius/3.0/mods-enabled/linelog
  327. linelog log_accounting {
  328. filename = "/var/log/freeradius/linelog-accounting"
  329. escape_filenames = no
  330. syslog_severity = "info"
  331. permissions = 384
  332. format = ""
  333. reference = "Accounting-Request.%{%{Acct-Status-Type}:-unknown}"
  334. }
  335. # Loaded module rlm_logintime
  336. # Loading module "logintime" from file /etc/freeradius/3.0/mods-enabled/logintime
  337. logintime {
  338. minimum_timeout = 60
  339. }
  340. # Loaded module rlm_mschap
  341. # Loading module "mschap" from file /etc/freeradius/3.0/mods-enabled/mschap
  342. mschap {
  343. use_mppe = yes
  344. require_encryption = no
  345. require_strong = no
  346. with_ntdomain_hack = yes
  347. passchange {
  348. }
  349. allow_retry = yes
  350. }
  351. # Loading module "ntlm_auth" from file /etc/freeradius/3.0/mods-enabled/ntlm_auth
  352. exec ntlm_auth {
  353. wait = yes
  354. program = "/path/to/ntlm_auth --request-nt-key --domain=MYDOMAIN --username=%{mschap:User-Name} --password=%{User-Password}"
  355. shell_escape = yes
  356. }
  357. # Loaded module rlm_pap
  358. # Loading module "pap" from file /etc/freeradius/3.0/mods-enabled/pap
  359. pap {
  360. normalise = yes
  361. }
  362. # Loaded module rlm_passwd
  363. # Loading module "etc_passwd" from file /etc/freeradius/3.0/mods-enabled/passwd
  364. passwd etc_passwd {
  365. filename = "/etc/passwd"
  366. format = "*User-Name:Crypt-Password:"
  367. delimiter = ":"
  368. ignore_nislike = no
  369. ignore_empty = yes
  370. allow_multiple_keys = no
  371. hash_size = 100
  372. }
  373. # Loaded module rlm_preprocess
  374. # Loading module "preprocess" from file /etc/freeradius/3.0/mods-enabled/preprocess
  375. preprocess {
  376. huntgroups = "/etc/freeradius/3.0/mods-config/preprocess/huntgroups"
  377. hints = "/etc/freeradius/3.0/mods-config/preprocess/hints"
  378. with_ascend_hack = no
  379. ascend_channels_per_line = 23
  380. with_ntdomain_hack = no
  381. with_specialix_jetstream_hack = no
  382. with_cisco_vsa_hack = no
  383. with_alvarion_vsa_hack = no
  384. }
  385. # Loaded module rlm_radutmp
  386. # Loading module "radutmp" from file /etc/freeradius/3.0/mods-enabled/radutmp
  387. radutmp {
  388. filename = "/var/log/freeradius/radutmp"
  389. username = "%{User-Name}"
  390. case_sensitive = yes
  391. check_with_nas = yes
  392. permissions = 384
  393. caller_id = yes
  394. }
  395. # Loaded module rlm_realm
  396. # Loading module "IPASS" from file /etc/freeradius/3.0/mods-enabled/realm
  397. realm IPASS {
  398. format = "prefix"
  399. delimiter = "/"
  400. ignore_default = no
  401. ignore_null = no
  402. }
  403. # Loading module "suffix" from file /etc/freeradius/3.0/mods-enabled/realm
  404. realm suffix {
  405. format = "suffix"
  406. delimiter = "@"
  407. ignore_default = no
  408. ignore_null = no
  409. }
  410. # Loading module "realmpercent" from file /etc/freeradius/3.0/mods-enabled/realm
  411. realm realmpercent {
  412. format = "suffix"
  413. delimiter = "%"
  414. ignore_default = no
  415. ignore_null = no
  416. }
  417. # Loading module "ntdomain" from file /etc/freeradius/3.0/mods-enabled/realm
  418. realm ntdomain {
  419. format = "prefix"
  420. delimiter = "\\"
  421. ignore_default = no
  422. ignore_null = no
  423. }
  424. # Loaded module rlm_replicate
  425. # Loading module "replicate" from file /etc/freeradius/3.0/mods-enabled/replicate
  426. # Loaded module rlm_soh
  427. # Loading module "soh" from file /etc/freeradius/3.0/mods-enabled/soh
  428. soh {
  429. dhcp = yes
  430. }
  431. # Loading module "sradutmp" from file /etc/freeradius/3.0/mods-enabled/sradutmp
  432. radutmp sradutmp {
  433. filename = "/var/log/freeradius/sradutmp"
  434. username = "%{User-Name}"
  435. case_sensitive = yes
  436. check_with_nas = yes
  437. permissions = 420
  438. caller_id = no
  439. }
  440. # Loaded module rlm_unix
  441. # Loading module "unix" from file /etc/freeradius/3.0/mods-enabled/unix
  442. unix {
  443. radwtmp = "/var/log/freeradius/radwtmp"
  444. }
  445. Creating attribute Unix-Group
  446. # Loaded module rlm_unpack
  447. # Loading module "unpack" from file /etc/freeradius/3.0/mods-enabled/unpack
  448. # Loaded module rlm_utf8
  449. # Loading module "utf8" from file /etc/freeradius/3.0/mods-enabled/utf8
  450. # Loaded module rlm_sql
  451. # Loading module "sql" from file /etc/freeradius/3.0/mods-enabled/sql
  452. sql {
  453. driver = "rlm_sql_mysql"
  454. server = "192.168.79.3"
  455. port = 3306
  456. login = "rad7918"
  457. password = <<< secret >>>
  458. radius_db = "radius3"
  459. read_groups = yes
  460. read_profiles = yes
  461. read_clients = no
  462. delete_stale_sessions = yes
  463. sql_user_name = "%{User-Name}"
  464. logfile = "/var/log/freeradius/sqllog.sql"
  465. default_user_profile = ""
  466. client_query = "SELECT id, nasname, shortname, type, secret, server FROM nas"
  467. authorize_check_query = "SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id"
  468. authorize_reply_query = "SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id"
  469. authorize_group_check_query = "SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{SQL-Group}' ORDER BY id"
  470. authorize_group_reply_query = "SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{SQL-Group}' ORDER BY id"
  471. group_membership_query = "SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority"
  472. simul_count_query = "SELECT COUNT(*) FROM radacct WHERE username = '%{SQL-User-Name}' AND acctstoptime IS NULL"
  473. simul_verify_query = "SELECT radacctid, acctsessionid, username, nasipaddress, nasportid, framedipaddress, callingstationid, framedprotocol FROM radacct WHERE username = '%{SQL-Group}' AND acctstoptime IS NULL"
  474. safe_characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
  475. accounting {
  476. reference = "%{tolower:type.%{Acct-Status-Type}.query}"
  477. type {
  478. accounting-on {
  479. query = "UPDATE radacct SET acctstoptime = %{%{integer:Event-Timestamp}:-date('now')}, acctsessiontime = (%{%{integer:Event-Timestamp}:-strftime('%%s', 'now')} - strftime('%%s', acctstarttime)), acctterminatecause = '%{Acct-Terminate-Cause}' WHERE acctstoptime IS NULL AND nasipaddress = '%{NAS-IP-Address}' AND acctstarttime <= %{integer:Event-Timestamp}"
  480. }
  481. accounting-off {
  482. query = "UPDATE radacct SET acctstoptime = %{%{integer:Event-Timestamp}:-date('now')}, acctsessiontime = (%{%{integer:Event-Timestamp}:-strftime('%%s', 'now')} - strftime('%%s', acctstarttime)), acctterminatecause = '%{Acct-Terminate-Cause}' WHERE acctstoptime IS NULL AND nasipaddress = '%{NAS-IP-Address}' AND acctstarttime <= %{integer:Event-Timestamp}"
  483. }
  484. start {
  485. query = "INSERT INTO radacct (acctsessionid, acctuniqueid, username, realm, nasipaddress, nasportid, nasporttype, acctstarttime, acctupdatetime, acctstoptime, acctsessiontime, acctauthentic, connectinfo_start, connectinfo_stop, acctinputoctets, acctoutputoctets, calledstationid, callingstationid, acctterminatecause, servicetype, framedprotocol, framedipaddress) VALUES ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{%{NAS-Port-ID}:-%{NAS-Port}}', '%{NAS-Port-Type}', %{%{integer:Event-Timestamp}:-date('now')}, %{%{integer:Event-Timestamp}:-date('now')}, NULL, '0', '%{Acct-Authentic}', '%{Connect-Info}', '', '0', '0', '%{Called-Station-Id}', '%{Calling-Station-Id}', '', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}')"
  486. }
  487. interim-update {
  488. query = "UPDATE radacct SET acctupdatetime = %{%{integer:Event-Timestamp}:-date('now')}, acctinterval = 0, framedipaddress = '%{Framed-IP-Address}', acctsessiontime = %{%{Acct-Session-Time}:-NULL}, acctinputoctets = %{%{Acct-Input-Gigawords}:-0} << 32 | %{%{Acct-Input-Octets}:-0}, acctoutputoctets = %{%{Acct-Output-Gigawords}:-0} << 32 | %{%{Acct-Output-Octets}:-0} WHERE AcctUniqueId = '%{Acct-Unique-Session-Id}'"
  489. }
  490. stop {
  491. query = "UPDATE radacct SET acctstoptime = %{%{integer:Event-Timestamp}:-date('now')}, acctsessiontime = %{%{Acct-Session-Time}:-NULL}, acctinputoctets = %{%{Acct-Input-Gigawords}:-0} << 32 | %{%{Acct-Input-Octets}:-0}, acctoutputoctets = %{%{Acct-Output-Gigawords}:-0} << 32 | %{%{Acct-Output-Octets}:-0}, acctterminatecause = '%{Acct-Terminate-Cause}', connectinfo_stop = '%{Connect-Info}' WHERE AcctUniqueId = '%{Acct-Unique-Session-Id}'"
  492. }
  493. }
  494. }
  495. post-auth {
  496. reference = ".query"
  497. query = "INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{SQL-User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S')"
  498. }
  499. }
  500. rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked
  501. Creating attribute SQL-Group
  502. instantiate {
  503. }
  504. # Instantiating module "reject" from file /etc/freeradius/3.0/mods-enabled/always
  505. # Instantiating module "fail" from file /etc/freeradius/3.0/mods-enabled/always
  506. # Instantiating module "ok" from file /etc/freeradius/3.0/mods-enabled/always
  507. # Instantiating module "handled" from file /etc/freeradius/3.0/mods-enabled/always
  508. # Instantiating module "invalid" from file /etc/freeradius/3.0/mods-enabled/always
  509. # Instantiating module "userlock" from file /etc/freeradius/3.0/mods-enabled/always
  510. # Instantiating module "notfound" from file /etc/freeradius/3.0/mods-enabled/always
  511. # Instantiating module "noop" from file /etc/freeradius/3.0/mods-enabled/always
  512. # Instantiating module "updated" from file /etc/freeradius/3.0/mods-enabled/always
  513. # Instantiating module "attr_filter.post-proxy" from file /etc/freeradius/3.0/mods-enabled/attr_filter
  514. reading pairlist file /etc/freeradius/3.0/mods-config/attr_filter/post-proxy
  515. # Instantiating module "attr_filter.pre-proxy" from file /etc/freeradius/3.0/mods-enabled/attr_filter
  516. reading pairlist file /etc/freeradius/3.0/mods-config/attr_filter/pre-proxy
  517. # Instantiating module "attr_filter.access_reject" from file /etc/freeradius/3.0/mods-enabled/attr_filter
  518. reading pairlist file /etc/freeradius/3.0/mods-config/attr_filter/access_reject
  519. [/etc/freeradius/3.0/mods-config/attr_filter/access_reject]:11 Check item "FreeRADIUS-Response-Delay" found in filter list for realm "DEFAULT".
  520. [/etc/freeradius/3.0/mods-config/attr_filter/access_reject]:11 Check item "FreeRADIUS-Response-Delay-USec" found in filter list for realm "DEFAULT".
  521. # Instantiating module "attr_filter.access_challenge" from file /etc/freeradius/3.0/mods-enabled/attr_filter
  522. reading pairlist file /etc/freeradius/3.0/mods-config/attr_filter/access_challenge
  523. # Instantiating module "attr_filter.accounting_response" from file /etc/freeradius/3.0/mods-enabled/attr_filter
  524. reading pairlist file /etc/freeradius/3.0/mods-config/attr_filter/accounting_response
  525. # Instantiating module "cache_eap" from file /etc/freeradius/3.0/mods-enabled/cache_eap
  526. rlm_cache (cache_eap): Driver rlm_cache_rbtree (module rlm_cache_rbtree) loaded and linked
  527. # Instantiating module "detail" from file /etc/freeradius/3.0/mods-enabled/detail
  528. # Instantiating module "auth_log" from file /etc/freeradius/3.0/mods-enabled/detail.log
  529. rlm_detail (auth_log): 'User-Password' suppressed, will not appear in detail output
  530. # Instantiating module "reply_log" from file /etc/freeradius/3.0/mods-enabled/detail.log
  531. # Instantiating module "pre_proxy_log" from file /etc/freeradius/3.0/mods-enabled/detail.log
  532. # Instantiating module "post_proxy_log" from file /etc/freeradius/3.0/mods-enabled/detail.log
  533. # Instantiating module "expiration" from file /etc/freeradius/3.0/mods-enabled/expiration
  534. # Instantiating module "files" from file /etc/freeradius/3.0/mods-enabled/files
  535. reading pairlist file /etc/freeradius/3.0/mods-config/files/authorize
  536. reading pairlist file /etc/freeradius/3.0/mods-config/files/accounting
  537. reading pairlist file /etc/freeradius/3.0/mods-config/files/pre-proxy
  538. # Instantiating module "linelog" from file /etc/freeradius/3.0/mods-enabled/linelog
  539. # Instantiating module "log_accounting" from file /etc/freeradius/3.0/mods-enabled/linelog
  540. # Instantiating module "logintime" from file /etc/freeradius/3.0/mods-enabled/logintime
  541. # Instantiating module "mschap" from file /etc/freeradius/3.0/mods-enabled/mschap
  542. rlm_mschap (mschap): using internal authentication
  543. # Instantiating module "pap" from file /etc/freeradius/3.0/mods-enabled/pap
  544. # Instantiating module "etc_passwd" from file /etc/freeradius/3.0/mods-enabled/passwd
  545. rlm_passwd: nfields: 3 keyfield 0(User-Name) listable: no
  546. # Instantiating module "preprocess" from file /etc/freeradius/3.0/mods-enabled/preprocess
  547. reading pairlist file /etc/freeradius/3.0/mods-config/preprocess/huntgroups
  548. reading pairlist file /etc/freeradius/3.0/mods-config/preprocess/hints
  549. # Instantiating module "IPASS" from file /etc/freeradius/3.0/mods-enabled/realm
  550. # Instantiating module "suffix" from file /etc/freeradius/3.0/mods-enabled/realm
  551. # Instantiating module "realmpercent" from file /etc/freeradius/3.0/mods-enabled/realm
  552. # Instantiating module "ntdomain" from file /etc/freeradius/3.0/mods-enabled/realm
  553. # Instantiating module "sql" from file /etc/freeradius/3.0/mods-enabled/sql
  554. rlm_sql_mysql: libmysql version: 10.1.26-MariaDB
  555. mysql {
  556. tls {
  557. }
  558. warnings = "auto"
  559. }
  560. rlm_sql (sql): Attempting to connect to database "radius3"
  561. rlm_sql (sql): Initialising connection pool
  562. pool {
  563. start = 5
  564. min = 30
  565. max = 4096
  566. spare = 1024
  567. uses = 0
  568. lifetime = 0
  569. cleanup_interval = 30
  570. idle_timeout = 60
  571. retry_delay = 30
  572. spread = no
  573. }
  574. WARNING: Ignoring "max = 4096", forcing to "max = 1024"
  575. WARNING: Ignoring "spare = 1024", forcing to "spare = 994"
  576. rlm_sql (sql): Opening additional connection (0), 1 of 1024 pending slots used
  577. rlm_sql_mysql: Starting connect to MySQL server
  578. rlm_sql_mysql: Connected to database 'radius3' on 192.168.79.3 via TCP/IP, server version 5.7.21, protocol version 10
  579. rlm_sql (sql): Opening additional connection (1), 1 of 1023 pending slots used
  580. rlm_sql_mysql: Starting connect to MySQL server
  581. rlm_sql_mysql: Connected to database 'radius3' on 192.168.79.3 via TCP/IP, server version 5.7.21, protocol version 10
  582. rlm_sql (sql): Opening additional connection (2), 1 of 1022 pending slots used
  583. rlm_sql_mysql: Starting connect to MySQL server
  584. rlm_sql_mysql: Connected to database 'radius3' on 192.168.79.3 via TCP/IP, server version 5.7.21, protocol version 10
  585. rlm_sql (sql): Opening additional connection (3), 1 of 1021 pending slots used
  586. rlm_sql_mysql: Starting connect to MySQL server
  587. rlm_sql_mysql: Connected to database 'radius3' on 192.168.79.3 via TCP/IP, server version 5.7.21, protocol version 10
  588. rlm_sql (sql): Opening additional connection (4), 1 of 1020 pending slots used
  589. rlm_sql_mysql: Starting connect to MySQL server
  590. rlm_sql_mysql: Connected to database 'radius3' on 192.168.79.3 via TCP/IP, server version 5.7.21, protocol version 10
  591. } # modules
  592. radiusd: #### Loading Virtual Servers ####
  593. server { # from file /etc/freeradius/3.0/radiusd.conf
  594. } # server
  595. server default { # from file /etc/freeradius/3.0/sites-enabled/default
  596. # Loading authenticate {...}
  597. # Loading authorize {...}
  598. Ignoring "ldap" (see raddb/mods-available/README.rst)
  599. # Loading preacct {...}
  600. # Loading accounting {...}
  601. # Loading session {...}
  602. # Loading post-auth {...}
  603. } # server default
  604. radiusd: #### Opening IP addresses and Ports ####
  605. listen {
  606. type = "auth"
  607. ipaddr = 127.0.0.1
  608. port = 0
  609. limit {
  610. max_connections = 0
  611. lifetime = 0
  612. idle_timeout = 300
  613. }
  614. }
  615. listen {
  616. type = "acct"
  617. ipaddr = 127.0.0.1
  618. port = 0
  619. limit {
  620. max_connections = 16
  621. lifetime = 0
  622. idle_timeout = 30
  623. }
  624. }
  625. Listening on auth address 127.0.0.1 port 1812 bound to server default
  626. Listening on acct address 127.0.0.1 port 1813 bound to server default
  627. Ready to process requests
  628.  
  629.  
  630.  
  631.  
  632. (0) Received Access-Request Id 1 from 127.0.0.1:46195 to 127.0.0.1:1812 length 165
  633. (0) User-Name = "c2"
  634. (0) NAS-Identifier = "nas103"
  635. (0) NAS-Port-Type = Virtual
  636. (0) Service-Type = Framed-User
  637. (0) Framed-Protocol = PPP
  638. (0) Calling-Station-Id = "08:00:27:65:FB:22"
  639. (0) Called-Station-Id = "enp1s0f1.106"
  640. (0) MS-CHAP-Challenge = 0xb1f64e950d4ecd746841a0279389ffd3
  641. (0) MS-CHAP2-Response = 0x01007c15c3a8113f1db6def0385154d5cc6300000000000000001898e1acbfa115c7eaceef96f5e3d173d319f5eb3e276892
  642. (0) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/default
  643. (0) authorize {
  644. (0) policy filter_username {
  645. (0) if (&User-Name) {
  646. (0) if (&User-Name) -> TRUE
  647. (0) if (&User-Name) {
  648. (0) if (&User-Name =~ / /) {
  649. (0) if (&User-Name =~ / /) -> FALSE
  650. (0) if (&User-Name =~ /@[^@]*@/ ) {
  651. (0) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
  652. (0) if (&User-Name =~ /\.\./ ) {
  653. (0) if (&User-Name =~ /\.\./ ) -> FALSE
  654. (0) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
  655. (0) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
  656. (0) if (&User-Name =~ /\.$/) {
  657. (0) if (&User-Name =~ /\.$/) -> FALSE
  658. (0) if (&User-Name =~ /@\./) {
  659. (0) if (&User-Name =~ /@\./) -> FALSE
  660. (0) } # if (&User-Name) = notfound
  661. (0) } # policy filter_username = notfound
  662. (0) auth_log: EXPAND /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
  663. (0) auth_log: --> /var/log/freeradius/radacct/127.0.0.1/auth-detail-20180322
  664. (0) auth_log: /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/127.0.0.1/auth-detail-20180322
  665. (0) auth_log: EXPAND %t
  666. (0) auth_log: --> Thu Mar 22 19:05:49 2018
  667. (0) [auth_log] = ok
  668. (0) sql: EXPAND %{User-Name}
  669. (0) sql: --> c2
  670. (0) sql: SQL-User-Name set to 'c2'
  671. rlm_sql (sql): Reserved connection (0)
  672. (0) sql: EXPAND SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id
  673. (0) sql: --> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'c2' ORDER BY id
  674. (0) sql: Executing select query: SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'c2' ORDER BY id
  675. (0) sql: User found in radcheck table
  676. Found User-Password == "..."
  677. Are you sure you don't mean Cleartext-Password?
  678. See "man rlm_pap" for more information
  679. (0) sql: Conditional check items matched, merging assignment check items
  680. (0) sql: Auth-Type := MS-CHAP
  681. (0) sql: EXPAND SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id
  682. (0) sql: --> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'c2' ORDER BY id
  683. (0) sql: Executing select query: SELECT id, username, attribute, value, op FROM radreply WHERE username = 'c2' ORDER BY id
  684. (0) sql: EXPAND SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority
  685. (0) sql: --> SELECT groupname FROM radusergroup WHERE username = 'c2' ORDER BY priority
  686. (0) sql: Executing select query: SELECT groupname FROM radusergroup WHERE username = 'c2' ORDER BY priority
  687. (0) sql: User not found in any groups
  688. rlm_sql (sql): Released connection (0)
  689. rlm_sql (sql): Need 25 more connections to reach 994 spares
  690. rlm_sql (sql): Opening additional connection (5), 1 of 1019 pending slots used
  691. rlm_sql_mysql: Starting connect to MySQL server
  692. rlm_sql_mysql: Connected to database 'radius3' on 192.168.79.3 via TCP/IP, server version 5.7.21, protocol version 10
  693. (0) [sql] = ok
  694. (0) [expiration] = noop
  695. (0) [logintime] = noop
  696. (0) } # authorize = ok
  697. (0) Found Auth-Type = MS-CHAP
  698. (0) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
  699. (0) Auth-Type MS-CHAP {
  700. (0) mschap: WARNING: No Cleartext-Password configured. Cannot create NT-Password
  701. (0) mschap: WARNING: No Cleartext-Password configured. Cannot create LM-Password
  702. (0) mschap: Creating challenge hash with username: c2
  703. (0) mschap: Client is using MS-CHAPv2
  704. (0) mschap: ERROR: FAILED: No NT/LM-Password. Cannot perform authentication
  705. (0) mschap: ERROR: MS-CHAP2-Response is incorrect
  706. (0) [mschap] = reject
  707. (0) } # Auth-Type MS-CHAP = reject
  708. (0) Failed to authenticate the user
  709. (0) EXPAND %{ADSL-Agent-Circuit-Id} %{reply:Reply-Message}
  710. (0) -->
  711. (0) Login incorrect (mschap: FAILED: No NT/LM-Password. Cannot perform authentication): [c2/<via Auth-Type = MS-CHAP>] (from client nas104 port 0 cli 08:00:27:65:FB:22)
  712. (0) Using Post-Auth-Type Reject
  713. (0) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
  714. (0) Post-Auth-Type REJECT {
  715. (0) policy remove_reply_message_if_eap {
  716. (0) if (&reply:EAP-Message && &reply:Reply-Message) {
  717. (0) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
  718. (0) else {
  719. (0) [noop] = noop
  720. (0) } # else = noop
  721. (0) } # policy remove_reply_message_if_eap = noop
  722. (0) } # Post-Auth-Type REJECT = noop
  723. (0) Delaying response for 1.000000 seconds
  724. Waking up in 0.3 seconds.
  725. Waking up in 0.6 seconds.
  726. (0) Sending delayed response
  727. (0) Sent Access-Reject Id 1 from 127.0.0.1:1812 to 127.0.0.1:46195 length 101
  728. (0) MS-CHAP-Error = "\001E=691 R=1 C=0a5f451b1b9e2f37156a30a607376b52 V=3 M=Authentication failed"
  729. Waking up in 3.9 seconds.
  730. (0) Cleaning up request packet ID 1 with timestamp +5
  731. Ready to process requests
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!