API tools faq
paste
Guest User

Untitled

a guest
Jan 23rd, 2020
306
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 41.24 KB | None | 0 0
raw download clone embed print report
  1. FreeRADIUS Version 3.0.16
  2. Copyright (C) 1999-2017 The FreeRADIUS server project and contributors
  3. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
  4. PARTICULAR PURPOSE
  5. You may redistribute copies of FreeRADIUS under the terms of the
  6. GNU General Public License
  7. For more information about these matters, see the file named COPYRIGHT
  8. Starting - reading configuration files ...
  9. including dictionary file /usr/share/freeradius/dictionary
  10. including dictionary file /usr/share/freeradius/dictionary.dhcp
  11. including dictionary file /usr/share/freeradius/dictionary.vqp
  12. including dictionary file /etc/freeradius/3.0/dictionary
  13. including configuration file /etc/freeradius/3.0/radiusd.conf
  14. including configuration file /etc/freeradius/3.0/proxy.conf
  15. including configuration file /etc/freeradius/3.0/clients.conf
  16. including files in directory /etc/freeradius/3.0/mods-enabled/
  17. including configuration file /etc/freeradius/3.0/mods-enabled/radutmp
  18. including configuration file /etc/freeradius/3.0/mods-enabled/eap
  19. including configuration file /etc/freeradius/3.0/mods-enabled/detail.log
  20. including configuration file /etc/freeradius/3.0/mods-enabled/replicate
  21. including configuration file /etc/freeradius/3.0/mods-enabled/ntlm_auth
  22. including configuration file /etc/freeradius/3.0/mods-enabled/sql
  23. including configuration file /etc/freeradius/3.0/mods-config/sql/main/mysql/queries.conf
  24. including configuration file /etc/freeradius/3.0/mods-enabled/logintime
  25. including configuration file /etc/freeradius/3.0/mods-enabled/expiration
  26. including configuration file /etc/freeradius/3.0/mods-enabled/sradutmp
  27. including configuration file /etc/freeradius/3.0/mods-enabled/attr_filter
  28. including configuration file /etc/freeradius/3.0/mods-enabled/soh
  29. including configuration file /etc/freeradius/3.0/mods-enabled/files
  30. including configuration file /etc/freeradius/3.0/mods-enabled/echo
  31. including configuration file /etc/freeradius/3.0/mods-enabled/realm
  32. including configuration file /etc/freeradius/3.0/mods-enabled/utf8
  33. including configuration file /etc/freeradius/3.0/mods-enabled/preprocess
  34. including configuration file /etc/freeradius/3.0/mods-enabled/passwd
  35. including configuration file /etc/freeradius/3.0/mods-enabled/mschap
  36. including configuration file /etc/freeradius/3.0/mods-enabled/sqlcounter
  37. including configuration file /etc/freeradius/3.0/mods-config/sql/counter/mysql/dailycounter.conf
  38. including configuration file /etc/freeradius/3.0/mods-config/sql/counter/mysql/monthlycounter.conf
  39. including configuration file /etc/freeradius/3.0/mods-config/sql/counter/mysql/noresetcounter.conf
  40. including configuration file /etc/freeradius/3.0/mods-config/sql/counter/mysql/expire_on_login.conf
  41. including configuration file /etc/freeradius/3.0/mods-enabled/expr
  42. including configuration file /etc/freeradius/3.0/mods-enabled/cache_eap
  43. including configuration file /etc/freeradius/3.0/mods-enabled/detail
  44. including configuration file /etc/freeradius/3.0/mods-enabled/exec
  45. including configuration file /etc/freeradius/3.0/mods-enabled/dynamic_clients
  46. including configuration file /etc/freeradius/3.0/mods-enabled/unpack
  47. including configuration file /etc/freeradius/3.0/mods-enabled/always
  48. including configuration file /etc/freeradius/3.0/mods-enabled/chap
  49. including configuration file /etc/freeradius/3.0/mods-enabled/linelog
  50. including configuration file /etc/freeradius/3.0/mods-enabled/pap
  51. including configuration file /etc/freeradius/3.0/mods-enabled/digest
  52. including configuration file /etc/freeradius/3.0/mods-enabled/unix
  53. including files in directory /etc/freeradius/3.0/policy.d/
  54. including configuration file /etc/freeradius/3.0/policy.d/canonicalization
  55. including configuration file /etc/freeradius/3.0/policy.d/dhcp
  56. including configuration file /etc/freeradius/3.0/policy.d/cui
  57. including configuration file /etc/freeradius/3.0/policy.d/eap
  58. including configuration file /etc/freeradius/3.0/policy.d/accounting
  59. including configuration file /etc/freeradius/3.0/policy.d/filter
  60. including configuration file /etc/freeradius/3.0/policy.d/debug
  61. including configuration file /etc/freeradius/3.0/policy.d/abfab-tr
  62. including configuration file /etc/freeradius/3.0/policy.d/control
  63. including configuration file /etc/freeradius/3.0/policy.d/moonshot-targeted-ids
  64. including configuration file /etc/freeradius/3.0/policy.d/operator-name
  65. including files in directory /etc/freeradius/3.0/sites-enabled/
  66. including configuration file /etc/freeradius/3.0/sites-enabled/default
  67. including configuration file /etc/freeradius/3.0/sites-enabled/inner-tunnel
  68. main {
  69. name = "freeradius"
  70. prefix = "/usr"
  71. localstatedir = "/var"
  72. sbindir = "/usr/sbin"
  73. logdir = "/var/log/freeradius"
  74. run_dir = "/var/run/freeradius"
  75. libdir = "/usr/lib/freeradius"
  76. radacctdir = "/var/log/freeradius/radacct"
  77. hostname_lookups = no
  78. max_request_time = 30
  79. cleanup_delay = 5
  80. max_requests = 16384
  81. pidfile = "/var/run/freeradius/freeradius.pid"
  82. checkrad = "/usr/sbin/checkrad"
  83. debug_level = 0
  84. proxy_requests = yes
  85. log {
  86. stripped_names = no
  87. auth = no
  88. auth_badpass = no
  89. auth_goodpass = no
  90. colourise = yes
  91. msg_denied = "You are already logged in - access denied"
  92. }
  93. resources {
  94. }
  95. security {
  96. max_attributes = 200
  97. reject_delay = 1.000000
  98. status_server = yes
  99. }
  100. }
  101. radiusd: #### Loading Realms and Home Servers ####
  102. proxy server {
  103. retry_delay = 5
  104. retry_count = 3
  105. default_fallback = no
  106. dead_time = 120
  107. wake_all_if_all_dead = no
  108. }
  109. home_server localhost {
  110. ipaddr = 127.0.0.1
  111. port = 1812
  112. type = "auth"
  113. secret = <<< secret >>>
  114. response_window = 20.000000
  115. response_timeouts = 1
  116. max_outstanding = 65536
  117. zombie_period = 40
  118. status_check = "status-server"
  119. ping_interval = 30
  120. check_interval = 30
  121. check_timeout = 4
  122. num_answers_to_alive = 3
  123. revive_interval = 120
  124. limit {
  125. max_connections = 16
  126. max_requests = 0
  127. lifetime = 0
  128. idle_timeout = 0
  129. }
  130. coa {
  131. irt = 2
  132. mrt = 16
  133. mrc = 5
  134. mrd = 30
  135. }
  136. }
  137. home_server_pool my_auth_failover {
  138. type = fail-over
  139. home_server = localhost
  140. }
  141. realm example.com {
  142. auth_pool = my_auth_failover
  143. }
  144. realm LOCAL {
  145. }
  146. radiusd: #### Loading Clients ####
  147. client localhost {
  148. ipaddr = 127.0.0.1
  149. require_message_authenticator = no
  150. secret = <<< secret >>>
  151. nas_type = "other"
  152. proto = "*"
  153. limit {
  154. max_connections = 16
  155. lifetime = 0
  156. idle_timeout = 30
  157. }
  158. }
  159. client localhost_ipv6 {
  160. ipv6addr = ::1
  161. require_message_authenticator = no
  162. secret = <<< secret >>>
  163. limit {
  164. max_connections = 16
  165. lifetime = 0
  166. idle_timeout = 30
  167. }
  168. }
  169. Debug state unknown (cap_sys_ptrace capability not set)
  170. # Creating Auth-Type = mschap
  171. # Creating Auth-Type = digest
  172. # Creating Auth-Type = eap
  173. # Creating Auth-Type = PAP
  174. # Creating Auth-Type = CHAP
  175. # Creating Auth-Type = MS-CHAP
  176. radiusd: #### Instantiating modules ####
  177. modules {
  178. # Loaded module rlm_radutmp
  179. # Loading module "radutmp" from file /etc/freeradius/3.0/mods-enabled/radutmp
  180. radutmp {
  181. filename = "/var/log/freeradius/radutmp"
  182. username = "%{User-Name}"
  183. case_sensitive = yes
  184. check_with_nas = yes
  185. permissions = 384
  186. caller_id = yes
  187. }
  188. # Loaded module rlm_eap
  189. # Loading module "eap" from file /etc/freeradius/3.0/mods-enabled/eap
  190. eap {
  191. default_eap_type = "md5"
  192. timer_expire = 60
  193. ignore_unknown_eap_types = no
  194. cisco_accounting_username_bug = no
  195. max_sessions = 16384
  196. }
  197. # Loaded module rlm_detail
  198. # Loading module "auth_log" from file /etc/freeradius/3.0/mods-enabled/detail.log
  199. detail auth_log {
  200. filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d"
  201. header = "%t"
  202. permissions = 384
  203. locking = no
  204. escape_filenames = no
  205. log_packet_header = no
  206. }
  207. # Loading module "reply_log" from file /etc/freeradius/3.0/mods-enabled/detail.log
  208. detail reply_log {
  209. filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/reply-detail-%Y%m%d"
  210. header = "%t"
  211. permissions = 384
  212. locking = no
  213. escape_filenames = no
  214. log_packet_header = no
  215. }
  216. # Loading module "pre_proxy_log" from file /etc/freeradius/3.0/mods-enabled/detail.log
  217. detail pre_proxy_log {
  218. filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/pre-proxy-detail-%Y%m%d"
  219. header = "%t"
  220. permissions = 384
  221. locking = no
  222. escape_filenames = no
  223. log_packet_header = no
  224. }
  225. # Loading module "post_proxy_log" from file /etc/freeradius/3.0/mods-enabled/detail.log
  226. detail post_proxy_log {
  227. filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/post-proxy-detail-%Y%m%d"
  228. header = "%t"
  229. permissions = 384
  230. locking = no
  231. escape_filenames = no
  232. log_packet_header = no
  233. }
  234. # Loaded module rlm_replicate
  235. # Loading module "replicate" from file /etc/freeradius/3.0/mods-enabled/replicate
  236. # Loaded module rlm_exec
  237. # Loading module "ntlm_auth" from file /etc/freeradius/3.0/mods-enabled/ntlm_auth
  238. exec ntlm_auth {
  239. wait = yes
  240. program = "/path/to/ntlm_auth --request-nt-key --domain=MYDOMAIN --username=%{mschap:User-Name} --password=%{User-Password}"
  241. shell_escape = yes
  242. }
  243. # Loaded module rlm_sql
  244. # Loading module "sql" from file /etc/freeradius/3.0/mods-enabled/sql
  245. sql {
  246. driver = "rlm_sql_mysql"
  247. server = "localhost"
  248. port = 3306
  249. login = "radius"
  250. password = <<< secret >>>
  251. radius_db = "radius"
  252. read_groups = yes
  253. read_profiles = yes
  254. read_clients = yes
  255. delete_stale_sessions = yes
  256. sql_user_name = "%{User-Name}"
  257. default_user_profile = ""
  258. client_query = "SELECT id, nasname, shortname, type, secret, server FROM nas"
  259. authorize_check_query = "SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id"
  260. authorize_reply_query = "SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id"
  261. authorize_group_check_query = "SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{SQL-Group}' ORDER BY id"
  262. authorize_group_reply_query = "SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{SQL-Group}' ORDER BY id"
  263. group_membership_query = "SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority"
  264. simul_count_query = "SELECT COUNT(*) FROM radacct WHERE username = '%{SQL-User-Name}' AND acctstoptime IS NULL"
  265. simul_verify_query = "SELECT radacctid, acctsessionid, username, nasipaddress, nasportid, framedipaddress, callingstationid, framedprotocol FROM radacct WHERE username = '%{SQL-User-Name}' AND acctstoptime IS NULL"
  266. safe_characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
  267. accounting {
  268. reference = "%{tolower:type.%{Acct-Status-Type}.query}"
  269. type {
  270. accounting-on {
  271. query = "UPDATE radacct SET acctstoptime = FROM_UNIXTIME(%{integer:Event-Timestamp}), acctsessiontime = '%{integer:Event-Timestamp}' - UNIX_TIMESTAMP(acctstarttime), acctterminatecause = '%{%{Acct-Terminate-Cause}:-NAS-Reboot}' WHERE acctstoptime IS NULL AND nasipaddress = '%{NAS-IP-Address}' AND acctstarttime <= FROM_UNIXTIME(%{integer:Event-Timestamp})"
  272. }
  273. accounting-off {
  274. query = "UPDATE radacct SET acctstoptime = FROM_UNIXTIME(%{integer:Event-Timestamp}), acctsessiontime = '%{integer:Event-Timestamp}' - UNIX_TIMESTAMP(acctstarttime), acctterminatecause = '%{%{Acct-Terminate-Cause}:-NAS-Reboot}' WHERE acctstoptime IS NULL AND nasipaddress = '%{NAS-IP-Address}' AND acctstarttime <= FROM_UNIXTIME(%{integer:Event-Timestamp})"
  275. }
  276. start {
  277. query = "INSERT INTO radacct (acctsessionid, acctuniqueid, username, realm, nasipaddress, nasportid, nasporttype, acctstarttime, acctupdatetime, acctstoptime, acctsessiontime, acctauthentic, connectinfo_start, connectinfo_stop, acctinputoctets, acctoutputoctets, calledstationid, callingstationid, acctterminatecause, servicetype, framedprotocol, framedipaddress) VALUES ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{%{NAS-Port-ID}:-%{NAS-Port}}', '%{NAS-Port-Type}', FROM_UNIXTIME(%{integer:Event-Timestamp}), FROM_UNIXTIME(%{integer:Event-Timestamp}), NULL, '0', '%{Acct-Authentic}', '%{Connect-Info}', '', '0', '0', '%{Called-Station-Id}', '%{Calling-Station-Id}', '', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}')"
  278. }
  279. interim-update {
  280. query = "UPDATE radacct SET acctupdatetime = (@acctupdatetime_old:=acctupdatetime), acctupdatetime = FROM_UNIXTIME(%{integer:Event-Timestamp}), acctinterval = %{integer:Event-Timestamp} - UNIX_TIMESTAMP(@acctupdatetime_old), framedipaddress = '%{Framed-IP-Address}', acctsessiontime = %{%{Acct-Session-Time}:-NULL}, acctinputoctets = '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}' WHERE AcctUniqueId = '%{Acct-Unique-Session-Id}'"
  281. }
  282. stop {
  283. query = "UPDATE radacct SET acctstoptime = FROM_UNIXTIME(%{integer:Event-Timestamp}), acctsessiontime = %{%{Acct-Session-Time}:-NULL}, acctinputoctets = '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}', acctterminatecause = '%{Acct-Terminate-Cause}', connectinfo_stop = '%{Connect-Info}' WHERE AcctUniqueId = '%{Acct-Unique-Session-Id}'"
  284. }
  285. }
  286. }
  287. post-auth {
  288. reference = ".query"
  289. query = "INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{SQL-User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S')"
  290. }
  291. }
  292. rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked
  293. Creating attribute SQL-Group
  294. # Loaded module rlm_logintime
  295. # Loading module "logintime" from file /etc/freeradius/3.0/mods-enabled/logintime
  296. logintime {
  297. minimum_timeout = 60
  298. }
  299. # Loaded module rlm_expiration
  300. # Loading module "expiration" from file /etc/freeradius/3.0/mods-enabled/expiration
  301. # Loading module "sradutmp" from file /etc/freeradius/3.0/mods-enabled/sradutmp
  302. radutmp sradutmp {
  303. filename = "/var/log/freeradius/sradutmp"
  304. username = "%{User-Name}"
  305. case_sensitive = yes
  306. check_with_nas = yes
  307. permissions = 420
  308. caller_id = no
  309. }
  310. # Loaded module rlm_attr_filter
  311. # Loading module "attr_filter.post-proxy" from file /etc/freeradius/3.0/mods-enabled/attr_filter
  312. attr_filter attr_filter.post-proxy {
  313. filename = "/etc/freeradius/3.0/mods-config/attr_filter/post-proxy"
  314. key = "%{Realm}"
  315. relaxed = no
  316. }
  317. # Loading module "attr_filter.pre-proxy" from file /etc/freeradius/3.0/mods-enabled/attr_filter
  318. attr_filter attr_filter.pre-proxy {
  319. filename = "/etc/freeradius/3.0/mods-config/attr_filter/pre-proxy"
  320. key = "%{Realm}"
  321. relaxed = no
  322. }
  323. # Loading module "attr_filter.access_reject" from file /etc/freeradius/3.0/mods-enabled/attr_filter
  324. attr_filter attr_filter.access_reject {
  325. filename = "/etc/freeradius/3.0/mods-config/attr_filter/access_reject"
  326. key = "%{User-Name}"
  327. relaxed = no
  328. }
  329. # Loading module "attr_filter.access_challenge" from file /etc/freeradius/3.0/mods-enabled/attr_filter
  330. attr_filter attr_filter.access_challenge {
  331. filename = "/etc/freeradius/3.0/mods-config/attr_filter/access_challenge"
  332. key = "%{User-Name}"
  333. relaxed = no
  334. }
  335. # Loading module "attr_filter.accounting_response" from file /etc/freeradius/3.0/mods-enabled/attr_filter
  336. attr_filter attr_filter.accounting_response {
  337. filename = "/etc/freeradius/3.0/mods-config/attr_filter/accounting_response"
  338. key = "%{User-Name}"
  339. relaxed = no
  340. }
  341. # Loaded module rlm_soh
  342. # Loading module "soh" from file /etc/freeradius/3.0/mods-enabled/soh
  343. soh {
  344. dhcp = yes
  345. }
  346. # Loaded module rlm_files
  347. # Loading module "files" from file /etc/freeradius/3.0/mods-enabled/files
  348. files {
  349. filename = "/etc/freeradius/3.0/mods-config/files/authorize"
  350. acctusersfile = "/etc/freeradius/3.0/mods-config/files/accounting"
  351. preproxy_usersfile = "/etc/freeradius/3.0/mods-config/files/pre-proxy"
  352. }
  353. # Loading module "echo" from file /etc/freeradius/3.0/mods-enabled/echo
  354. exec echo {
  355. wait = yes
  356. program = "/bin/echo %{User-Name}"
  357. input_pairs = "request"
  358. output_pairs = "reply"
  359. shell_escape = yes
  360. }
  361. # Loaded module rlm_realm
  362. # Loading module "IPASS" from file /etc/freeradius/3.0/mods-enabled/realm
  363. realm IPASS {
  364. format = "prefix"
  365. delimiter = "/"
  366. ignore_default = no
  367. ignore_null = no
  368. }
  369. # Loading module "suffix" from file /etc/freeradius/3.0/mods-enabled/realm
  370. realm suffix {
  371. format = "suffix"
  372. delimiter = "@"
  373. ignore_default = no
  374. ignore_null = no
  375. }
  376. # Loading module "realmpercent" from file /etc/freeradius/3.0/mods-enabled/realm
  377. realm realmpercent {
  378. format = "suffix"
  379. delimiter = "%"
  380. ignore_default = no
  381. ignore_null = no
  382. }
  383. # Loading module "ntdomain" from file /etc/freeradius/3.0/mods-enabled/realm
  384. realm ntdomain {
  385. format = "prefix"
  386. delimiter = "\\"
  387. ignore_default = no
  388. ignore_null = no
  389. }
  390. # Loaded module rlm_utf8
  391. # Loading module "utf8" from file /etc/freeradius/3.0/mods-enabled/utf8
  392. # Loaded module rlm_preprocess
  393. # Loading module "preprocess" from file /etc/freeradius/3.0/mods-enabled/preprocess
  394. preprocess {
  395. huntgroups = "/etc/freeradius/3.0/mods-config/preprocess/huntgroups"
  396. hints = "/etc/freeradius/3.0/mods-config/preprocess/hints"
  397. with_ascend_hack = no
  398. ascend_channels_per_line = 23
  399. with_ntdomain_hack = no
  400. with_specialix_jetstream_hack = no
  401. with_cisco_vsa_hack = no
  402. with_alvarion_vsa_hack = no
  403. }
  404. # Loaded module rlm_passwd
  405. # Loading module "etc_passwd" from file /etc/freeradius/3.0/mods-enabled/passwd
  406. passwd etc_passwd {
  407. filename = "/etc/passwd"
  408. format = "*User-Name:Crypt-Password:"
  409. delimiter = ":"
  410. ignore_nislike = no
  411. ignore_empty = yes
  412. allow_multiple_keys = no
  413. hash_size = 100
  414. }
  415. # Loaded module rlm_mschap
  416. # Loading module "mschap" from file /etc/freeradius/3.0/mods-enabled/mschap
  417. mschap {
  418. use_mppe = yes
  419. require_encryption = no
  420. require_strong = no
  421. with_ntdomain_hack = yes
  422. passchange {
  423. }
  424. allow_retry = yes
  425. winbind_retry_with_normalised_username = no
  426. }
  427. # Loaded module rlm_sqlcounter
  428. # Loading module "dailycounter" from file /etc/freeradius/3.0/mods-enabled/sqlcounter
  429. sqlcounter dailycounter {
  430. sql_module_instance = "sql"
  431. key = "User-Name"
  432. query = "SELECT SUM(acctsessiontime - GREATEST((%%b - UNIX_TIMESTAMP(acctstarttime)), 0)) FROM radacct WHERE username = '%{User-Name}' AND UNIX_TIMESTAMP(acctstarttime) + acctsessiontime > '%%b'"
  433. reset = "daily"
  434. counter_name = "Daily-Session-Time"
  435. check_name = "Max-Daily-Session"
  436. reply_name = "Session-Timeout"
  437. }
  438. # Loading module "monthlycounter" from file /etc/freeradius/3.0/mods-enabled/sqlcounter
  439. sqlcounter monthlycounter {
  440. sql_module_instance = "sql"
  441. key = "User-Name"
  442. query = "SELECT SUM(acctsessiontime - GREATEST((%%b - UNIX_TIMESTAMP(acctstarttime)), 0)) FROM radacct WHERE username='%{User-Name}' AND UNIX_TIMESTAMP(acctstarttime) + acctsessiontime > '%%b'"
  443. reset = "monthly"
  444. counter_name = "Monthly-Session-Time"
  445. check_name = "Max-Monthly-Session"
  446. reply_name = "Session-Timeout"
  447. }
  448. # Loading module "noresetcounter" from file /etc/freeradius/3.0/mods-enabled/sqlcounter
  449. sqlcounter noresetcounter {
  450. sql_module_instance = "sql"
  451. key = "User-Name"
  452. query = "SELECT IFNULL(SUM(AcctSessionTime),0) FROM radacct WHERE UserName='%{User-Name}'"
  453. reset = "never"
  454. counter_name = "Max-All-Session-Time"
  455. check_name = "Max-All-Session"
  456. reply_name = "Session-Timeout"
  457. }
  458. # Loading module "expire_on_login" from file /etc/freeradius/3.0/mods-enabled/sqlcounter
  459. sqlcounter expire_on_login {
  460. sql_module_instance = "sql"
  461. key = "User-Name"
  462. query = "SELECT IFNULL( MAX(TIME_TO_SEC(TIMEDIFF(NOW(), acctstarttime))),0) FROM radacct WHERE UserName='%{User-Name}' ORDER BY acctstarttime LIMIT 1;"
  463. reset = "never"
  464. counter_name = "Expire-After-Initial-Login"
  465. check_name = "Expire-After"
  466. reply_name = "Session-Timeout"
  467. }
  468. # Loaded module rlm_expr
  469. # Loading module "expr" from file /etc/freeradius/3.0/mods-enabled/expr
  470. expr {
  471. safe_characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /äéöüàâæçèéêëîïôœùûüaÿÄÉÖÜßÀÂÆÇÈÉÊËÎÏÔŒÙÛÜŸ"
  472. }
  473. # Loaded module rlm_cache
  474. # Loading module "cache_eap" from file /etc/freeradius/3.0/mods-enabled/cache_eap
  475. cache cache_eap {
  476. driver = "rlm_cache_rbtree"
  477. key = "%{%{control:State}:-%{%{reply:State}:-%{State}}}"
  478. ttl = 15
  479. max_entries = 0
  480. epoch = 0
  481. add_stats = no
  482. }
  483. # Loading module "detail" from file /etc/freeradius/3.0/mods-enabled/detail
  484. detail {
  485. filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d"
  486. header = "%t"
  487. permissions = 384
  488. locking = no
  489. escape_filenames = no
  490. log_packet_header = no
  491. }
  492. # Loading module "exec" from file /etc/freeradius/3.0/mods-enabled/exec
  493. exec {
  494. wait = no
  495. input_pairs = "request"
  496. shell_escape = yes
  497. timeout = 10
  498. }
  499. # Loaded module rlm_dynamic_clients
  500. # Loading module "dynamic_clients" from file /etc/freeradius/3.0/mods-enabled/dynamic_clients
  501. # Loaded module rlm_unpack
  502. # Loading module "unpack" from file /etc/freeradius/3.0/mods-enabled/unpack
  503. # Loaded module rlm_always
  504. # Loading module "reject" from file /etc/freeradius/3.0/mods-enabled/always
  505. always reject {
  506. rcode = "reject"
  507. simulcount = 0
  508. mpp = no
  509. }
  510. # Loading module "fail" from file /etc/freeradius/3.0/mods-enabled/always
  511. always fail {
  512. rcode = "fail"
  513. simulcount = 0
  514. mpp = no
  515. }
  516. # Loading module "ok" from file /etc/freeradius/3.0/mods-enabled/always
  517. always ok {
  518. rcode = "ok"
  519. simulcount = 0
  520. mpp = no
  521. }
  522. # Loading module "handled" from file /etc/freeradius/3.0/mods-enabled/always
  523. always handled {
  524. rcode = "handled"
  525. simulcount = 0
  526. mpp = no
  527. }
  528. # Loading module "invalid" from file /etc/freeradius/3.0/mods-enabled/always
  529. always invalid {
  530. rcode = "invalid"
  531. simulcount = 0
  532. mpp = no
  533. }
  534. # Loading module "userlock" from file /etc/freeradius/3.0/mods-enabled/always
  535. always userlock {
  536. rcode = "userlock"
  537. simulcount = 0
  538. mpp = no
  539. }
  540. # Loading module "notfound" from file /etc/freeradius/3.0/mods-enabled/always
  541. always notfound {
  542. rcode = "notfound"
  543. simulcount = 0
  544. mpp = no
  545. }
  546. # Loading module "noop" from file /etc/freeradius/3.0/mods-enabled/always
  547. always noop {
  548. rcode = "noop"
  549. simulcount = 0
  550. mpp = no
  551. }
  552. # Loading module "updated" from file /etc/freeradius/3.0/mods-enabled/always
  553. always updated {
  554. rcode = "updated"
  555. simulcount = 0
  556. mpp = no
  557. }
  558. # Loaded module rlm_chap
  559. # Loading module "chap" from file /etc/freeradius/3.0/mods-enabled/chap
  560. # Loaded module rlm_linelog
  561. # Loading module "linelog" from file /etc/freeradius/3.0/mods-enabled/linelog
  562. linelog {
  563. filename = "/var/log/freeradius/linelog"
  564. escape_filenames = no
  565. syslog_severity = "info"
  566. permissions = 384
  567. format = "This is a log message for %{User-Name}"
  568. reference = "messages.%{%{reply:Packet-Type}:-default}"
  569. }
  570. # Loading module "log_accounting" from file /etc/freeradius/3.0/mods-enabled/linelog
  571. linelog log_accounting {
  572. filename = "/var/log/freeradius/linelog-accounting"
  573. escape_filenames = no
  574. syslog_severity = "info"
  575. permissions = 384
  576. format = ""
  577. reference = "Accounting-Request.%{%{Acct-Status-Type}:-unknown}"
  578. }
  579. # Loaded module rlm_pap
  580. # Loading module "pap" from file /etc/freeradius/3.0/mods-enabled/pap
  581. pap {
  582. normalise = yes
  583. }
  584. # Loaded module rlm_digest
  585. # Loading module "digest" from file /etc/freeradius/3.0/mods-enabled/digest
  586. # Loaded module rlm_unix
  587. # Loading module "unix" from file /etc/freeradius/3.0/mods-enabled/unix
  588. unix {
  589. radwtmp = "/var/log/freeradius/radwtmp"
  590. }
  591. Creating attribute Unix-Group
  592. instantiate {
  593. }
  594. # Instantiating module "eap" from file /etc/freeradius/3.0/mods-enabled/eap
  595. # Linked to sub-module rlm_eap_md5
  596. # Linked to sub-module rlm_eap_leap
  597. # Linked to sub-module rlm_eap_gtc
  598. gtc {
  599. challenge = "Password: "
  600. auth_type = "PAP"
  601. }
  602. # Linked to sub-module rlm_eap_tls
  603. tls {
  604. tls = "tls-common"
  605. }
  606. tls-config tls-common {
  607. verify_depth = 0
  608. ca_path = "/etc/freeradius/3.0/certs"
  609. pem_file_type = yes
  610. private_key_file = "/etc/ssl/private/ssl-cert-snakeoil.key"
  611. certificate_file = "/etc/ssl/certs/ssl-cert-snakeoil.pem"
  612. ca_file = "/etc/ssl/certs/ca-certificates.crt"
  613. private_key_password = <<< secret >>>
  614. dh_file = "/etc/freeradius/3.0/certs/dh"
  615. fragment_size = 1024
  616. include_length = yes
  617. auto_chain = yes
  618. check_crl = no
  619. check_all_crl = no
  620. cipher_list = "DEFAULT"
  621. cipher_server_preference = no
  622. ecdh_curve = "prime256v1"
  623. tls_max_version = ""
  624. tls_min_version = "1.0"
  625. cache {
  626. enable = no
  627. lifetime = 24
  628. max_entries = 255
  629. }
  630. verify {
  631. skip_if_ocsp_ok = no
  632. }
  633. ocsp {
  634. enable = no
  635. override_cert_url = yes
  636. url = "http://127.0.0.1/ocsp/"
  637. use_nonce = yes
  638. timeout = 0
  639. softfail = no
  640. }
  641. }
  642. # Linked to sub-module rlm_eap_ttls
  643. ttls {
  644. tls = "tls-common"
  645. default_eap_type = "md5"
  646. copy_request_to_tunnel = no
  647. use_tunneled_reply = no
  648. virtual_server = "inner-tunnel"
  649. include_length = yes
  650. require_client_cert = no
  651. }
  652. tls: Using cached TLS configuration from previous invocation
  653. # Linked to sub-module rlm_eap_peap
  654. peap {
  655. tls = "tls-common"
  656. default_eap_type = "mschapv2"
  657. copy_request_to_tunnel = no
  658. use_tunneled_reply = no
  659. proxy_tunneled_request_as_eap = yes
  660. virtual_server = "inner-tunnel"
  661. soh = no
  662. require_client_cert = no
  663. }
  664. tls: Using cached TLS configuration from previous invocation
  665. # Linked to sub-module rlm_eap_mschapv2
  666. mschapv2 {
  667. with_ntdomain_hack = no
  668. send_error = no
  669. }
  670. # Instantiating module "auth_log" from file /etc/freeradius/3.0/mods-enabled/detail.log
  671. rlm_detail (auth_log): 'User-Password' suppressed, will not appear in detail output
  672. # Instantiating module "reply_log" from file /etc/freeradius/3.0/mods-enabled/detail.log
  673. # Instantiating module "pre_proxy_log" from file /etc/freeradius/3.0/mods-enabled/detail.log
  674. # Instantiating module "post_proxy_log" from file /etc/freeradius/3.0/mods-enabled/detail.log
  675. # Instantiating module "sql" from file /etc/freeradius/3.0/mods-enabled/sql
  676. rlm_sql_mysql: libmysql version: 5.7.28
  677. mysql {
  678. tls {
  679. }
  680. warnings = "auto"
  681. }
  682. rlm_sql (sql): Attempting to connect to database "radius"
  683. rlm_sql (sql): Initialising connection pool
  684. pool {
  685. start = 5
  686. min = 3
  687. max = 32
  688. spare = 10
  689. uses = 0
  690. lifetime = 0
  691. cleanup_interval = 30
  692. idle_timeout = 60
  693. retry_delay = 30
  694. spread = no
  695. }
  696. rlm_sql (sql): Opening additional connection (0), 1 of 32 pending slots used
  697. rlm_sql_mysql: Starting connect to MySQL server
  698. rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX socket, server version 5.5.5-10.1.43-MariaDB-0ubuntu0.18.04.1, protocol version 10
  699. rlm_sql (sql): Opening additional connection (1), 1 of 31 pending slots used
  700. rlm_sql_mysql: Starting connect to MySQL server
  701. rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX socket, server version 5.5.5-10.1.43-MariaDB-0ubuntu0.18.04.1, protocol version 10
  702. rlm_sql (sql): Opening additional connection (2), 1 of 30 pending slots used
  703. rlm_sql_mysql: Starting connect to MySQL server
  704. rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX socket, server version 5.5.5-10.1.43-MariaDB-0ubuntu0.18.04.1, protocol version 10
  705. rlm_sql (sql): Opening additional connection (3), 1 of 29 pending slots used
  706. rlm_sql_mysql: Starting connect to MySQL server
  707. rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX socket, server version 5.5.5-10.1.43-MariaDB-0ubuntu0.18.04.1, protocol version 10
  708. rlm_sql (sql): Opening additional connection (4), 1 of 28 pending slots used
  709. rlm_sql_mysql: Starting connect to MySQL server
  710. rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX socket, server version 5.5.5-10.1.43-MariaDB-0ubuntu0.18.04.1, protocol version 10
  711. rlm_sql (sql): Processing generate_sql_clients
  712. rlm_sql (sql) in generate_sql_clients: query is SELECT id, nasname, shortname, type, secret, server FROM nas
  713. rlm_sql (sql): Reserved connection (0)
  714. rlm_sql (sql): Executing select query: SELECT id, nasname, shortname, type, secret, server FROM nas
  715. rlm_sql (sql): Adding client 172.16.7.4 (VX9K) to global clients list
  716. rlm_sql (172.16.7.4): Client "VX9K" (sql) added
  717. rlm_sql (sql): Adding client 10.0.0.2 (test) to global clients list
  718. rlm_sql (10.0.0.2): Client "test" (sql) added
  719. rlm_sql (sql): Released connection (0)
  720. Need 5 more connections to reach 10 spares
  721. rlm_sql (sql): Opening additional connection (5), 1 of 27 pending slots used
  722. rlm_sql_mysql: Starting connect to MySQL server
  723. rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX socket, server version 5.5.5-10.1.43-MariaDB-0ubuntu0.18.04.1, protocol version 10
  724. # Instantiating module "logintime" from file /etc/freeradius/3.0/mods-enabled/logintime
  725. # Instantiating module "expiration" from file /etc/freeradius/3.0/mods-enabled/expiration
  726. # Instantiating module "attr_filter.post-proxy" from file /etc/freeradius/3.0/mods-enabled/attr_filter
  727. reading pairlist file /etc/freeradius/3.0/mods-config/attr_filter/post-proxy
  728. # Instantiating module "attr_filter.pre-proxy" from file /etc/freeradius/3.0/mods-enabled/attr_filter
  729. reading pairlist file /etc/freeradius/3.0/mods-config/attr_filter/pre-proxy
  730. # Instantiating module "attr_filter.access_reject" from file /etc/freeradius/3.0/mods-enabled/attr_filter
  731. reading pairlist file /etc/freeradius/3.0/mods-config/attr_filter/access_reject
  732. [/etc/freeradius/3.0/mods-config/attr_filter/access_reject]:11 Check item "FreeRADIUS-Response-Delay" found in filter list for realm "DEFAULT".
  733. [/etc/freeradius/3.0/mods-config/attr_filter/access_reject]:11 Check item "FreeRADIUS-Response-Delay-USec" found in filter list for realm "DEFAULT".
  734. # Instantiating module "attr_filter.access_challenge" from file /etc/freeradius/3.0/mods-enabled/attr_filter
  735. reading pairlist file /etc/freeradius/3.0/mods-config/attr_filter/access_challenge
  736. # Instantiating module "attr_filter.accounting_response" from file /etc/freeradius/3.0/mods-enabled/attr_filter
  737. reading pairlist file /etc/freeradius/3.0/mods-config/attr_filter/accounting_response
  738. # Instantiating module "files" from file /etc/freeradius/3.0/mods-enabled/files
  739. reading pairlist file /etc/freeradius/3.0/mods-config/files/authorize
  740. reading pairlist file /etc/freeradius/3.0/mods-config/files/accounting
  741. reading pairlist file /etc/freeradius/3.0/mods-config/files/pre-proxy
  742. # Instantiating module "IPASS" from file /etc/freeradius/3.0/mods-enabled/realm
  743. # Instantiating module "suffix" from file /etc/freeradius/3.0/mods-enabled/realm
  744. # Instantiating module "realmpercent" from file /etc/freeradius/3.0/mods-enabled/realm
  745. # Instantiating module "ntdomain" from file /etc/freeradius/3.0/mods-enabled/realm
  746. # Instantiating module "preprocess" from file /etc/freeradius/3.0/mods-enabled/preprocess
  747. reading pairlist file /etc/freeradius/3.0/mods-config/preprocess/huntgroups
  748. reading pairlist file /etc/freeradius/3.0/mods-config/preprocess/hints
  749. # Instantiating module "etc_passwd" from file /etc/freeradius/3.0/mods-enabled/passwd
  750. rlm_passwd: nfields: 3 keyfield 0(User-Name) listable: no
  751. # Instantiating module "mschap" from file /etc/freeradius/3.0/mods-enabled/mschap
  752. rlm_mschap (mschap): using internal authentication
  753. # Instantiating module "dailycounter" from file /etc/freeradius/3.0/mods-enabled/sqlcounter
  754. rlm_sqlcounter: Current Time: 1579789497 [2020-01-23 15:24:57], Prev reset 1579734000 [2020-01-23 00:00:00]
  755. # Instantiating module "monthlycounter" from file /etc/freeradius/3.0/mods-enabled/sqlcounter
  756. rlm_sqlcounter: Current Time: 1579789497 [2020-01-23 15:24:57], Prev reset 1577833200 [2020-01-01 00:00:00]
  757. # Instantiating module "noresetcounter" from file /etc/freeradius/3.0/mods-enabled/sqlcounter
  758. rlm_sqlcounter: Current Time: 1579789497 [2020-01-23 15:24:57], Prev reset 0 [2020-01-23 15:00:00]
  759. # Instantiating module "expire_on_login" from file /etc/freeradius/3.0/mods-enabled/sqlcounter
  760. rlm_sqlcounter: Current Time: 1579789497 [2020-01-23 15:24:57], Prev reset 0 [2020-01-23 15:00:00]
  761. # Instantiating module "cache_eap" from file /etc/freeradius/3.0/mods-enabled/cache_eap
  762. rlm_cache (cache_eap): Driver rlm_cache_rbtree (module rlm_cache_rbtree) loaded and linked
  763. # Instantiating module "detail" from file /etc/freeradius/3.0/mods-enabled/detail
  764. # Instantiating module "reject" from file /etc/freeradius/3.0/mods-enabled/always
  765. # Instantiating module "fail" from file /etc/freeradius/3.0/mods-enabled/always
  766. # Instantiating module "ok" from file /etc/freeradius/3.0/mods-enabled/always
  767. # Instantiating module "handled" from file /etc/freeradius/3.0/mods-enabled/always
  768. # Instantiating module "invalid" from file /etc/freeradius/3.0/mods-enabled/always
  769. # Instantiating module "userlock" from file /etc/freeradius/3.0/mods-enabled/always
  770. # Instantiating module "notfound" from file /etc/freeradius/3.0/mods-enabled/always
  771. # Instantiating module "noop" from file /etc/freeradius/3.0/mods-enabled/always
  772. # Instantiating module "updated" from file /etc/freeradius/3.0/mods-enabled/always
  773. # Instantiating module "linelog" from file /etc/freeradius/3.0/mods-enabled/linelog
  774. # Instantiating module "log_accounting" from file /etc/freeradius/3.0/mods-enabled/linelog
  775. # Instantiating module "pap" from file /etc/freeradius/3.0/mods-enabled/pap
  776. } # modules
  777. radiusd: #### Loading Virtual Servers ####
  778. server { # from file /etc/freeradius/3.0/radiusd.conf
  779. } # server
  780. server default { # from file /etc/freeradius/3.0/sites-enabled/default
  781. # Loading authenticate {...}
  782. # Loading authorize {...}
  783. Ignoring "ldap" (see raddb/mods-available/README.rst)
  784. # Loading preacct {...}
  785. # Loading accounting {...}
  786. # Loading session {...}
  787. # Loading post-proxy {...}
  788. # Loading post-auth {...}
  789. } # server default
  790. server inner-tunnel { # from file /etc/freeradius/3.0/sites-enabled/inner-tunnel
  791. # Loading authenticate {...}
  792. # Loading authorize {...}
  793. # Loading session {...}
  794. # Loading post-proxy {...}
  795. # Loading post-auth {...}
  796. # Skipping contents of 'if' as it is always 'false' -- /etc/freeradius/3.0/sites-enabled/inner-tunnel:331
  797. } # server inner-tunnel
  798. radiusd: #### Opening IP addresses and Ports ####
  799. listen {
  800. type = "auth"
  801. ipaddr = *
  802. port = 0
  803. limit {
  804. max_connections = 16
  805. lifetime = 0
  806. idle_timeout = 30
  807. }
  808. }
  809. listen {
  810. type = "acct"
  811. ipaddr = *
  812. port = 0
  813. limit {
  814. max_connections = 16
  815. lifetime = 0
  816. idle_timeout = 30
  817. }
  818. }
  819. listen {
  820. type = "auth"
  821. ipv6addr = ::
  822. port = 0
  823. limit {
  824. max_connections = 16
  825. lifetime = 0
  826. idle_timeout = 30
  827. }
  828. }
  829. listen {
  830. type = "acct"
  831. ipv6addr = ::
  832. port = 0
  833. limit {
  834. max_connections = 16
  835. lifetime = 0
  836. idle_timeout = 30
  837. }
  838. }
  839. listen {
  840. type = "auth"
  841. ipaddr = 127.0.0.1
  842. port = 18120
  843. }
  844. Listening on auth address * port 1812 bound to server default
  845. Listening on acct address * port 1813 bound to server default
  846. Listening on auth address :: port 1812 bound to server default
  847. Listening on acct address :: port 1813 bound to server default
  848. Listening on auth address 127.0.0.1 port 18120 bound to server inner-tunnel
  849. Listening on proxy address * port 39494
  850. Listening on proxy address :: port 59922
  851. Ready to process requests
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!