SHARE
TWEET

Untitled

Spyros Apr 23rd, 2012 55 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. FreeRADIUS Version 2.1.8, for host i686-pc-linux-gnu, built on Apr 23 2012 at 16:32:56
  2. Copyright (C) 1999-2009 The FreeRADIUS server project and contributors.
  3. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
  4. PARTICULAR PURPOSE.
  5. You may redistribute copies of FreeRADIUS under the terms of the
  6. GNU General Public License v2.
  7. Starting - reading configuration files ...
  8. including configuration file /usr/local/etc/raddb/radiusd.conf
  9. including configuration file /usr/local/etc/raddb/proxy.conf
  10. including configuration file /usr/local/etc/raddb/clients.conf
  11. including files in directory /usr/local/etc/raddb/modules/
  12. including configuration file /usr/local/etc/raddb/modules/files
  13. including configuration file /usr/local/etc/raddb/modules/attr_filter
  14. including configuration file /usr/local/etc/raddb/modules/sradutmp
  15. including configuration file /usr/local/etc/raddb/modules/soh
  16. including configuration file /usr/local/etc/raddb/modules/ippool
  17. including configuration file /usr/local/etc/raddb/modules/dynamic_clients
  18. including configuration file /usr/local/etc/raddb/modules/replicate
  19. including configuration file /usr/local/etc/raddb/modules/smsotp
  20. including configuration file /usr/local/etc/raddb/modules/rediswho
  21. including configuration file /usr/local/etc/raddb/modules/otp
  22. including configuration file /usr/local/etc/raddb/modules/unix
  23. including configuration file /usr/local/etc/raddb/modules/exec
  24. including configuration file /usr/local/etc/raddb/modules/preprocess
  25. including configuration file /usr/local/etc/raddb/modules/perl
  26. including configuration file /usr/local/etc/raddb/modules/pap
  27. including configuration file /usr/local/etc/raddb/modules/opendirectory
  28. including configuration file /usr/local/etc/raddb/modules/sqlcounter_expire_on_login
  29. including configuration file /usr/local/etc/raddb/modules/realm
  30. including configuration file /usr/local/etc/raddb/modules/chap
  31. including configuration file /usr/local/etc/raddb/modules/inner-eap
  32. including configuration file /usr/local/etc/raddb/modules/always
  33. including configuration file /usr/local/etc/raddb/modules/digest
  34. including configuration file /usr/local/etc/raddb/modules/etc_group
  35. including configuration file /usr/local/etc/raddb/modules/redis
  36. including configuration file /usr/local/etc/raddb/modules/expr
  37. including configuration file /usr/local/etc/raddb/modules/krb5
  38. including configuration file /usr/local/etc/raddb/modules/cui
  39. including configuration file /usr/local/etc/raddb/modules/acct_unique
  40. including configuration file /usr/local/etc/raddb/modules/detail.example.com
  41. including configuration file /usr/local/etc/raddb/modules/detail.log
  42. including configuration file /usr/local/etc/raddb/modules/counter
  43. including configuration file /usr/local/etc/raddb/modules/logintime
  44. including configuration file /usr/local/etc/raddb/modules/ldap
  45. including configuration file /usr/local/etc/raddb/modules/sql_log
  46. including configuration file /usr/local/etc/raddb/modules/pam
  47. including configuration file /usr/local/etc/raddb/modules/radutmp
  48. including configuration file /usr/local/etc/raddb/modules/expiration
  49. including configuration file /usr/local/etc/raddb/modules/linelog
  50. including configuration file /usr/local/etc/raddb/modules/ntlm_auth
  51. including configuration file /usr/local/etc/raddb/modules/wimax
  52. including configuration file /usr/local/etc/raddb/modules/policy
  53. including configuration file /usr/local/etc/raddb/modules/checkval
  54. including configuration file /usr/local/etc/raddb/modules/detail
  55. including configuration file /usr/local/etc/raddb/modules/mac2vlan
  56. including configuration file /usr/local/etc/raddb/modules/mschap
  57. including configuration file /usr/local/etc/raddb/modules/passwd
  58. including configuration file /usr/local/etc/raddb/modules/attr_rewrite
  59. including configuration file /usr/local/etc/raddb/modules/mac2ip
  60. including configuration file /usr/local/etc/raddb/modules/echo
  61. including configuration file /usr/local/etc/raddb/modules/smbpasswd
  62. including configuration file /usr/local/etc/raddb/eap.conf
  63. including configuration file /usr/local/etc/raddb/policy.conf
  64. including files in directory /usr/local/etc/raddb/sites-enabled/
  65. including configuration file /usr/local/etc/raddb/sites-enabled/control-socket
  66. including configuration file /usr/local/etc/raddb/sites-enabled/default
  67. including configuration file /usr/local/etc/raddb/sites-enabled/inner-tunnel
  68. main {
  69.         allow_core_dumps = no
  70. }
  71. including dictionary file /usr/local/etc/raddb/dictionary
  72. main {
  73.         prefix = "/usr/local"
  74.         localstatedir = "/usr/local/var"
  75.         logdir = "/usr/local/var/log/radius"
  76.         libdir = "/usr/local/lib"
  77.         radacctdir = "/usr/local/var/log/radius/radacct"
  78.         hostname_lookups = no
  79.         max_request_time = 30
  80.         cleanup_delay = 5
  81.         max_requests = 1024
  82.         pidfile = "/usr/local/var/run/radiusd/radiusd.pid"
  83.         checkrad = "/usr/local/sbin/checkrad"
  84.         debug_level = 0
  85.         proxy_requests = yes
  86.  log {
  87.         stripped_names = no
  88.         auth = no
  89.         auth_badpass = no
  90.         auth_goodpass = no
  91.  }
  92.  security {
  93.         max_attributes = 200
  94.         reject_delay = 1
  95.         status_server = yes
  96.  }
  97. }
  98. radiusd: #### Loading Realms and Home Servers ####
  99.  proxy server {
  100.         retry_delay = 5
  101.         retry_count = 3
  102.         default_fallback = no
  103.         dead_time = 120
  104.         wake_all_if_all_dead = no
  105.  }
  106.  home_server localhost {
  107.         ipaddr = 127.0.0.1
  108.         port = 1812
  109.         type = "auth"
  110.         secret = "testing123"
  111.         response_window = 20
  112.         max_outstanding = 65536
  113.         require_message_authenticator = yes
  114.         zombie_period = 40
  115.         status_check = "status-server"
  116.         ping_interval = 30
  117.         check_interval = 30
  118.         num_answers_to_alive = 3
  119.         num_pings_to_alive = 3
  120.         revive_interval = 120
  121.         status_check_timeout = 4
  122.         irt = 2
  123.         mrt = 16
  124.         mrc = 5
  125.         mrd = 30
  126.  }
  127.  home_server_pool my_auth_failover {
  128.         type = fail-over
  129.         home_server = localhost
  130.  }
  131.  realm example.com {
  132.         auth_pool = my_auth_failover
  133.  }
  134.  realm LOCAL {
  135.  }
  136. radiusd: #### Loading Clients ####
  137.  client 127.0.0.1 {
  138.         require_message_authenticator = no
  139.         secret = "testing123"
  140.         shortname = "localhost"
  141.  }
  142.  client 20.20.20.20 {
  143.         require_message_authenticator = no
  144.         secret = "pfsense"
  145.         shortname = "pfsense"
  146.  }
  147. radiusd: #### Instantiating modules ####
  148.  instantiate {
  149.  Module: Linked to module rlm_exec
  150.  Module: Instantiating exec
  151.   exec {
  152.         wait = no
  153.         input_pairs = "request"
  154.         shell_escape = yes
  155.   }
  156.  Module: Linked to module rlm_expr
  157.  Module: Instantiating expr
  158.  Module: Linked to module rlm_expiration
  159.  Module: Instantiating expiration
  160.   expiration {
  161.         reply-message = "Password Has Expired  "
  162.   }
  163.  Module: Linked to module rlm_logintime
  164.  Module: Instantiating logintime
  165.   logintime {
  166.         reply-message = "You are calling outside your allowed timespan  "
  167.         minimum-timeout = 60
  168.   }
  169.  }
  170. radiusd: #### Loading Virtual Servers ####
  171. server inner-tunnel {
  172.  modules {
  173.  Module: Checking authenticate {...} for more modules to load
  174.  Module: Linked to module rlm_pap
  175.  Module: Instantiating pap
  176.   pap {
  177.         encryption_scheme = "auto"
  178.         auto_header = no
  179.   }
  180.  Module: Linked to module rlm_chap
  181.  Module: Instantiating chap
  182.  Module: Linked to module rlm_mschap
  183.  Module: Instantiating mschap
  184.   mschap {
  185.         use_mppe = yes
  186.         require_encryption = no
  187.         require_strong = no
  188.         with_ntdomain_hack = no
  189.   }
  190.  Module: Linked to module rlm_unix
  191.  Module: Instantiating unix
  192.   unix {
  193.         radwtmp = "/usr/local/var/log/radius/radwtmp"
  194.   }
  195.  Module: Linked to module rlm_eap
  196.  Module: Instantiating eap
  197.   eap {
  198.         default_eap_type = "md5"
  199.         timer_expire = 60
  200.         ignore_unknown_eap_types = no
  201.         cisco_accounting_username_bug = no
  202.         max_sessions = 4096
  203.   }
  204.  Module: Linked to sub-module rlm_eap_md5
  205.  Module: Instantiating eap-md5
  206.  Module: Linked to sub-module rlm_eap_leap
  207.  Module: Instantiating eap-leap
  208.  Module: Linked to sub-module rlm_eap_gtc
  209.  Module: Instantiating eap-gtc
  210.    gtc {
  211.         challenge = "Password: "
  212.         auth_type = "PAP"
  213.    }
  214.  Module: Linked to sub-module rlm_eap_tls
  215.  Module: Instantiating eap-tls
  216.    tls {
  217.         rsa_key_exchange = no
  218.         dh_key_exchange = yes
  219.         rsa_key_length = 512
  220.         dh_key_length = 512
  221.         verify_depth = 0
  222.         CA_path = "/usr/local/etc/raddb/certs"
  223.         pem_file_type = yes
  224.         private_key_file = "/usr/local/etc/raddb/certs/server.pem"
  225.         certificate_file = "/usr/local/etc/raddb/certs/server.pem"
  226.         CA_file = "/usr/local/etc/raddb/certs/ca.pem"
  227.         private_key_password = "whatever"
  228.         dh_file = "/usr/local/etc/raddb/certs/dh"
  229.         random_file = "/usr/local/etc/raddb/certs/random"
  230.         fragment_size = 1024
  231.         include_length = yes
  232.         check_crl = no
  233.         cipher_list = "DEFAULT"
  234.         make_cert_command = "/usr/local/etc/raddb/certs/bootstrap"
  235.     cache {
  236.         enable = no
  237.         lifetime = 24
  238.         max_entries = 255
  239.     }
  240.    }
  241.  Module: Linked to sub-module rlm_eap_ttls
  242.  Module: Instantiating eap-ttls
  243.    ttls {
  244.         default_eap_type = "md5"
  245.         copy_request_to_tunnel = no
  246.         use_tunneled_reply = no
  247.         virtual_server = "inner-tunnel"
  248.         include_length = yes
  249.    }
  250.  Module: Linked to sub-module rlm_eap_peap
  251.  Module: Instantiating eap-peap
  252.    peap {
  253.         default_eap_type = "mschapv2"
  254.         copy_request_to_tunnel = no
  255.         use_tunneled_reply = no
  256.         proxy_tunneled_request_as_eap = yes
  257.         virtual_server = "inner-tunnel"
  258.    }
  259.  Module: Linked to sub-module rlm_eap_mschapv2
  260.  Module: Instantiating eap-mschapv2
  261.    mschapv2 {
  262.         with_ntdomain_hack = no
  263.    }
  264.  Module: Checking authorize {...} for more modules to load
  265.  Module: Linked to module rlm_realm
  266.  Module: Instantiating suffix
  267.   realm suffix {
  268.         format = "suffix"
  269.         delimiter = "@"
  270.         ignore_default = no
  271.         ignore_null = no
  272.   }
  273.  Module: Linked to module rlm_files
  274.  Module: Instantiating files
  275.   files {
  276.         usersfile = "/usr/local/etc/raddb/users"
  277.         acctusersfile = "/usr/local/etc/raddb/acct_users"
  278.         preproxy_usersfile = "/usr/local/etc/raddb/preproxy_users"
  279.         compat = "no"
  280.   }
  281.  Module: Checking session {...} for more modules to load
  282.  Module: Linked to module rlm_radutmp
  283.  Module: Instantiating radutmp
  284.   radutmp {
  285.         filename = "/usr/local/var/log/radius/radutmp"
  286.         username = "%{User-Name}"
  287.         case_sensitive = yes
  288.         check_with_nas = yes
  289.         perm = 384
  290.         callerid = yes
  291.   }
  292.  Module: Checking post-proxy {...} for more modules to load
  293.  Module: Checking post-auth {...} for more modules to load
  294.  Module: Linked to module rlm_attr_filter
  295.  Module: Instantiating attr_filter.access_reject
  296.   attr_filter attr_filter.access_reject {
  297.         attrsfile = "/usr/local/etc/raddb/attrs.access_reject"
  298.         key = "%{User-Name}"
  299.   }
  300.  } # modules
  301. } # server
  302. server {
  303.  modules {
  304.  Module: Checking authenticate {...} for more modules to load
  305.  Module: Linked to module rlm_digest
  306.  Module: Instantiating digest
  307.  Module: Checking authorize {...} for more modules to load
  308.  Module: Linked to module rlm_preprocess
  309.  Module: Instantiating preprocess
  310.   preprocess {
  311.         huntgroups = "/usr/local/etc/raddb/huntgroups"
  312.         hints = "/usr/local/etc/raddb/hints"
  313.         with_ascend_hack = no
  314.         ascend_channels_per_line = 23
  315.         with_ntdomain_hack = no
  316.         with_specialix_jetstream_hack = no
  317.         with_cisco_vsa_hack = no
  318.         with_alvarion_vsa_hack = no
  319.   }
  320.  Module: Checking preacct {...} for more modules to load
  321.  Module: Linked to module rlm_acct_unique
  322.  Module: Instantiating acct_unique
  323.   acct_unique {
  324.         key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port"
  325.   }
  326.  Module: Checking accounting {...} for more modules to load
  327.  Module: Linked to module rlm_detail
  328.  Module: Instantiating detail
  329.   detail {
  330.         detailfile = "/usr/local/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d"
  331.         header = "%t"
  332.         detailperm = 384
  333.         dirperm = 493
  334.         locking = no
  335.         log_packet_header = no
  336.   }
  337.  Module: Instantiating attr_filter.accounting_response
  338.   attr_filter attr_filter.accounting_response {
  339.         attrsfile = "/usr/local/etc/raddb/attrs.accounting_response"
  340.         key = "%{User-Name}"
  341.   }
  342.  Module: Checking session {...} for more modules to load
  343.  Module: Checking post-proxy {...} for more modules to load
  344.  Module: Checking post-auth {...} for more modules to load
  345.  } # modules
  346. } # server
  347. radiusd: #### Opening IP addresses and Ports ####
  348. listen {
  349.         type = "auth"
  350.         ipaddr = *
  351.         port = 0
  352. }
  353. listen {
  354.         type = "acct"
  355.         ipaddr = *
  356.         port = 0
  357. }
  358. listen {
  359.         type = "control"
  360.  listen {
  361.         socket = "/usr/local/var/run/radiusd/radiusd.sock"
  362.  }
  363. }
  364. listen {
  365.         type = "auth"
  366.         ipaddr = 127.0.0.1
  367.         port = 18120
  368. }
  369. Listening on authentication address * port 1812
  370. Listening on accounting address * port 1813
  371. Listening on command file /usr/local/var/run/radiusd/radiusd.sock
  372. Listening on authentication address 127.0.0.1 port 18120 as server inner-tunnel
  373. Listening on proxy address * port 1814
  374. Ready to process requests.
  375. rad_recv: Access-Request packet from host 127.0.0.1 port 53725, id=247, length=56
  376.         User-Name = "user"
  377.         User-Password = "1111"
  378.         NAS-IP-Address = 127.0.1.1
  379.         NAS-Port = 1812
  380. +- entering group authorize {...}
  381. ++[preprocess] returns ok
  382. ++[chap] returns noop
  383. ++[mschap] returns noop
  384. ++[digest] returns noop
  385. [suffix] No '@' in User-Name = "user", looking up realm NULL
  386. [suffix] No such realm "NULL"
  387. ++[suffix] returns noop
  388. [eap] No EAP-Message, not doing EAP
  389. ++[eap] returns noop
  390. ++[files] returns noop
  391. ++[expiration] returns noop
  392. ++[logintime] returns noop
  393. [pap] WARNING! No "known good" password found for the user.  Authentication may fail because of this.
  394. ++[pap] returns noop
  395. No authenticate method (Auth-Type) configuration found for the request: Rejecting the user
  396. Failed to authenticate the user.
  397. Using Post-Auth-Type Reject
  398. +- entering group REJECT {...}
  399. [attr_filter.access_reject]     expand: %{User-Name} -> user
  400.  attr_filter: Matched entry DEFAULT at line 11
  401. ++[attr_filter.access_reject] returns updated
  402. Delaying reject of request 0 for 1 seconds
  403. Going to the next request
  404. Waking up in 0.9 seconds.
  405. Sending delayed reject for request 0
  406. Sending Access-Reject of id 247 to 127.0.0.1 port 53725
  407. Waking up in 4.9 seconds.
  408. Cleaning up request 0 ID 247 with timestamp +11
  409. Ready to process requests.
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
Top