API tools faq
paste
Advertisement
yancho_mt

Untitled

yancho_mt
Aug 9th, 2016
119
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 50.01 KB | None | 0 0
raw download clone embed print report
  1. radius@daloradius:/etc/freeradius/modules$ clear
  2. radius@daloradius:/etc/freeradius/modules$ sudo freeradius -X
  3. FreeRADIUS Version 2.1.12, for host x86_64-pc-linux-gnu, built on Feb 27 2015 at 12:38:34
  4. Copyright (C) 1999-2009 The FreeRADIUS server project and contributors.
  5. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
  6. PARTICULAR PURPOSE.
  7. You may redistribute copies of FreeRADIUS under the terms of the
  8. GNU General Public License v2.
  9. Starting - reading configuration files ...
  10. including configuration file /etc/freeradius/radiusd.conf
  11. including configuration file /etc/freeradius/proxy.conf
  12. including configuration file /etc/freeradius/clients.conf
  13. including files in directory /etc/freeradius/modules/
  14. including configuration file /etc/freeradius/modules/mschap
  15. including configuration file /etc/freeradius/modules/opendirectory
  16. including configuration file /etc/freeradius/modules/checkval
  17. including configuration file /etc/freeradius/modules/detail.example.com
  18. including configuration file /etc/freeradius/modules/always
  19. including configuration file /etc/freeradius/modules/krb5
  20. including configuration file /etc/freeradius/modules/acct_unique
  21. including configuration file /etc/freeradius/modules/soh
  22. including configuration file /etc/freeradius/modules/redis
  23. including configuration file /etc/freeradius/modules/inner-eap
  24. including configuration file /etc/freeradius/modules/counter
  25. including configuration file /etc/freeradius/modules/dynamic_clients
  26. including configuration file /etc/freeradius/modules/logintime
  27. including configuration file /etc/freeradius/modules/mschap.bkp
  28. including configuration file /etc/freeradius/modules/smsotp
  29. including configuration file /etc/freeradius/modules/exec
  30. including configuration file /etc/freeradius/modules/mac2ip
  31. including configuration file /etc/freeradius/modules/realm
  32. including configuration file /etc/freeradius/modules/policy
  33. including configuration file /etc/freeradius/modules/echo
  34. including configuration file /etc/freeradius/modules/smbpasswd
  35. including configuration file /etc/freeradius/modules/attr_rewrite
  36. including configuration file /etc/freeradius/modules/unix
  37. including configuration file /etc/freeradius/modules/detail.log
  38. including configuration file /etc/freeradius/modules/ippool
  39. including configuration file /etc/freeradius/modules/expr
  40. including configuration file /etc/freeradius/modules/ntlm_auth
  41. including configuration file /etc/freeradius/modules/pap
  42. including configuration file /etc/freeradius/modules/ldap
  43. including configuration file /etc/freeradius/modules/digest
  44. including configuration file /etc/freeradius/modules/files
  45. including configuration file /etc/freeradius/modules/preprocess
  46. including configuration file /etc/freeradius/modules/perl
  47. including configuration file /etc/freeradius/modules/pam
  48. including configuration file /etc/freeradius/modules/detail
  49. including configuration file /etc/freeradius/modules/wimax
  50. including configuration file /etc/freeradius/modules/rediswho
  51. including configuration file /etc/freeradius/modules/etc_group
  52. including configuration file /etc/freeradius/modules/expiration
  53. including configuration file /etc/freeradius/modules/cui
  54. including configuration file /etc/freeradius/modules/chap
  55. including configuration file /etc/freeradius/modules/sqlcounter_expire_on_login
  56. including configuration file /etc/freeradius/modules/sradutmp
  57. including configuration file /etc/freeradius/modules/radutmp
  58. including configuration file /etc/freeradius/modules/passwd
  59. including configuration file /etc/freeradius/modules/linelog
  60. including configuration file /etc/freeradius/modules/attr_filter
  61. including configuration file /etc/freeradius/modules/mac2vlan
  62. including configuration file /etc/freeradius/modules/otp
  63. including configuration file /etc/freeradius/modules/sql_log
  64. including configuration file /etc/freeradius/modules/replicate
  65. including configuration file /etc/freeradius/eap.conf
  66. including configuration file /etc/freeradius/sql.conf
  67. including configuration file /etc/freeradius/sql/mysql/dialup.conf
  68. including configuration file /etc/freeradius/policy.conf
  69. including files in directory /etc/freeradius/sites-enabled/
  70. including configuration file /etc/freeradius/sites-enabled/inner-tunnel
  71. including configuration file /etc/freeradius/sites-enabled/default
  72. main {
  73. user = "freerad"
  74. group = "freerad"
  75. allow_core_dumps = no
  76. }
  77. including dictionary file /etc/freeradius/dictionary
  78. main {
  79. name = "freeradius"
  80. prefix = "/usr"
  81. localstatedir = "/var"
  82. sbindir = "/usr/sbin"
  83. logdir = "/var/log/freeradius"
  84. run_dir = "/var/run/freeradius"
  85. libdir = "/usr/lib/freeradius"
  86. radacctdir = "/var/log/freeradius/radacct"
  87. hostname_lookups = no
  88. max_request_time = 30
  89. cleanup_delay = 5
  90. max_requests = 1024
  91. pidfile = "/var/run/freeradius/freeradius.pid"
  92. checkrad = "/usr/sbin/checkrad"
  93. debug_level = 0
  94. proxy_requests = yes
  95. log {
  96. stripped_names = no
  97. auth = no
  98. auth_badpass = no
  99. auth_goodpass = no
  100. }
  101. security {
  102. max_attributes = 200
  103. reject_delay = 1
  104. status_server = yes
  105. }
  106. }
  107. radiusd: #### Loading Realms and Home Servers ####
  108. proxy server {
  109. retry_delay = 5
  110. retry_count = 3
  111. default_fallback = no
  112. dead_time = 120
  113. wake_all_if_all_dead = no
  114. }
  115. home_server localhost {
  116. ipaddr = 127.0.0.1
  117. port = 1812
  118. type = "auth"
  119. secret = "testing123"
  120. response_window = 20
  121. max_outstanding = 65536
  122. require_message_authenticator = yes
  123. zombie_period = 40
  124. status_check = "status-server"
  125. ping_interval = 30
  126. check_interval = 30
  127. num_answers_to_alive = 3
  128. num_pings_to_alive = 3
  129. revive_interval = 120
  130. status_check_timeout = 4
  131. coa {
  132. irt = 2
  133. mrt = 16
  134. mrc = 5
  135. mrd = 30
  136. }
  137. }
  138. home_server_pool my_auth_failover {
  139. type = fail-over
  140. home_server = localhost
  141. }
  142. realm example.com {
  143. auth_pool = my_auth_failover
  144. }
  145. realm LOCAL {
  146. }
  147. radiusd: #### Loading Clients ####
  148. client localhost {
  149. ipaddr = 127.0.0.1
  150. require_message_authenticator = no
  151. secret = "testing456"
  152. nastype = "other"
  153. }
  154. client 10.0.0/24 {
  155. require_message_authenticator = no
  156. secret = "testing456"
  157. shortname = "unifi-aps"
  158. nastype = "other"
  159. }
  160. radiusd: #### Instantiating modules ####
  161. instantiate {
  162. Module: Linked to module rlm_exec
  163. Module: Instantiating module "exec" from file /etc/freeradius/modules/exec
  164. exec {
  165. wait = no
  166. input_pairs = "request"
  167. shell_escape = yes
  168. }
  169. Module: Linked to module rlm_expr
  170. Module: Instantiating module "expr" from file /etc/freeradius/modules/expr
  171. Module: Linked to module rlm_expiration
  172. Module: Instantiating module "expiration" from file /etc/freeradius/modules/expiration
  173. expiration {
  174. reply-message = "Password Has Expired "
  175. }
  176. Module: Linked to module rlm_logintime
  177. Module: Instantiating module "logintime" from file /etc/freeradius/modules/logintime
  178. logintime {
  179. reply-message = "You are calling outside your allowed timespan "
  180. minimum-timeout = 60
  181. }
  182. }
  183. radiusd: #### Loading Virtual Servers ####
  184. server { # from file /etc/freeradius/radiusd.conf
  185. modules {
  186. Module: Creating Auth-Type = digest
  187. Module: Creating Post-Auth-Type = REJECT
  188. Module: Checking authenticate {...} for more modules to load
  189. Module: Linked to module rlm_pap
  190. Module: Instantiating module "pap" from file /etc/freeradius/modules/pap
  191. pap {
  192. encryption_scheme = "auto"
  193. auto_header = no
  194. }
  195. Module: Linked to module rlm_chap
  196. Module: Instantiating module "chap" from file /etc/freeradius/modules/chap
  197. Module: Linked to module rlm_mschap
  198. Module: Instantiating module "mschap" from file /etc/freeradius/modules/mschap
  199. mschap {
  200. use_mppe = yes
  201. require_encryption = yes
  202. require_strong = yes
  203. with_ntdomain_hack = no
  204. allow_retry = yes
  205. }
  206. Module: Linked to module rlm_digest
  207. Module: Instantiating module "digest" from file /etc/freeradius/modules/digest
  208. Module: Linked to module rlm_unix
  209. Module: Instantiating module "unix" from file /etc/freeradius/modules/unix
  210. unix {
  211. radwtmp = "/var/log/freeradius/radwtmp"
  212. }
  213. Module: Linked to module rlm_eap
  214. Module: Instantiating module "eap" from file /etc/freeradius/eap.conf
  215. eap {
  216. default_eap_type = "peap"
  217. timer_expire = 60
  218. ignore_unknown_eap_types = no
  219. cisco_accounting_username_bug = no
  220. max_sessions = 4096
  221. }
  222. Module: Linked to sub-module rlm_eap_md5
  223. Module: Instantiating eap-md5
  224. Module: Linked to sub-module rlm_eap_leap
  225. Module: Instantiating eap-leap
  226. Module: Linked to sub-module rlm_eap_gtc
  227. Module: Instantiating eap-gtc
  228. gtc {
  229. challenge = "Password: "
  230. auth_type = "PAP"
  231. }
  232. Module: Linked to sub-module rlm_eap_tls
  233. Module: Instantiating eap-tls
  234. tls {
  235. rsa_key_exchange = no
  236. dh_key_exchange = yes
  237. rsa_key_length = 512
  238. dh_key_length = 512
  239. verify_depth = 0
  240. CA_path = "/etc/freeradius/certs"
  241. pem_file_type = yes
  242. private_key_file = "/etc/freeradius/certs/server.key"
  243. certificate_file = "/etc/freeradius/certs/server.pem"
  244. CA_file = "/etc/freeradius/certs/ca.pem"
  245. private_key_password = "whatever"
  246. dh_file = "/etc/freeradius/certs/dh"
  247. random_file = "/dev/urandom"
  248. fragment_size = 1024
  249. include_length = yes
  250. check_crl = no
  251. cipher_list = "DEFAULT"
  252. make_cert_command = "/etc/freeradius/certs/bootstrap"
  253. ecdh_curve = "prime256v1"
  254. cache {
  255. enable = no
  256. lifetime = 24
  257. max_entries = 255
  258. }
  259. verify {
  260. }
  261. ocsp {
  262. enable = no
  263. override_cert_url = yes
  264. url = "http://127.0.0.1/ocsp/"
  265. }
  266. }
  267. Module: Linked to sub-module rlm_eap_ttls
  268. Module: Instantiating eap-ttls
  269. ttls {
  270. default_eap_type = "md5"
  271. copy_request_to_tunnel = no
  272. use_tunneled_reply = no
  273. virtual_server = "inner-tunnel"
  274. include_length = yes
  275. }
  276. Module: Linked to sub-module rlm_eap_peap
  277. Module: Instantiating eap-peap
  278. peap {
  279. default_eap_type = "mschapv2"
  280. copy_request_to_tunnel = no
  281. use_tunneled_reply = no
  282. proxy_tunneled_request_as_eap = yes
  283. virtual_server = "inner-tunnel"
  284. soh = no
  285. }
  286. Module: Linked to sub-module rlm_eap_mschapv2
  287. Module: Instantiating eap-mschapv2
  288. mschapv2 {
  289. with_ntdomain_hack = no
  290. send_error = no
  291. }
  292. Module: Checking authorize {...} for more modules to load
  293. Module: Linked to module rlm_preprocess
  294. Module: Instantiating module "preprocess" from file /etc/freeradius/modules/preprocess
  295. preprocess {
  296. huntgroups = "/etc/freeradius/huntgroups"
  297. hints = "/etc/freeradius/hints"
  298. with_ascend_hack = no
  299. ascend_channels_per_line = 23
  300. with_ntdomain_hack = no
  301. with_specialix_jetstream_hack = no
  302. with_cisco_vsa_hack = no
  303. with_alvarion_vsa_hack = no
  304. }
  305. Module: Linked to module rlm_realm
  306. Module: Instantiating module "suffix" from file /etc/freeradius/modules/realm
  307. realm suffix {
  308. format = "suffix"
  309. delimiter = "@"
  310. ignore_default = no
  311. ignore_null = no
  312. }
  313. Module: Linked to module rlm_sql
  314. Module: Instantiating module "sql" from file /etc/freeradius/sql.conf
  315. sql {
  316. driver = "rlm_sql_mysql"
  317. server = "localhost"
  318. port = ""
  319. login = "raduser"
  320. password = "radpass"
  321. radius_db = "raddb"
  322. read_groups = yes
  323. sqltrace = no
  324. sqltracefile = "/var/log/freeradius/sqltrace.sql"
  325. readclients = no
  326. deletestalesessions = yes
  327. num_sql_socks = 5
  328. lifetime = 0
  329. max_queries = 0
  330. sql_user_name = "%{User-Name}"
  331. default_user_profile = ""
  332. nas_query = "SELECT id, nasname, shortname, type, secret, server FROM nas"
  333. authorize_check_query = "SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id"
  334. authorize_reply_query = "SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id"
  335. authorize_group_check_query = "SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id"
  336. authorize_group_reply_query = "SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id"
  337. accounting_onoff_query = " UPDATE radacct SET acctstoptime = '%S', acctsessiontime = unix_timestamp('%S') - unix_timestamp(acctstarttime), acctterminatecause = '%{Acct-Terminate-Cause}', acctstopdelay = %{%{Acct-Delay-Time}:-0} WHERE acctstoptime IS NULL AND nasipaddress = '%{NAS-IP-Address}' AND acctstarttime <= '%S'"
  338. accounting_update_query = " UPDATE radacct SET framedipaddress = '%{Framed-IP-Address}', acctsessiontime = '%{Acct-Session-Time}', acctinputoctets = '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}' WHERE acctsessionid = '%{Acct-Session-Id}' AND username = '%{SQL-User-Name}' AND nasipaddress = '%{NAS-IP-Address}'"
  339. accounting_update_query_alt = " INSERT INTO radacct (acctsessionid, acctuniqueid, username, realm, nasipaddress, nasportid, nasporttype, acctstarttime, acctsessiontime, acctauthentic, connectinfo_start, acctinputoctets, acctoutputoctets, calledstationid, callingstationid, servicetype, framedprotocol, framedipaddress, acctstartdelay, xascendsessionsvrkey) VALUES ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', DATE_SUB('%S', INTERVAL (%{%{Acct-Session-Time}:-0} + %{%{Acct-Delay-Time}:-0}) SECOND), '%{Acct-Session-Time}', '%{Acct-Authentic}', '', '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}', '%{Called-Station-Id}', '%{Calling-Station-Id}', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '0', '%{X-Ascend-Session-Svr-Key}')"
  340. accounting_start_query = " INSERT INTO radacct (acctsessionid, acctuniqueid, username, realm, nasipaddress, nasportid, nasporttype, acctstarttime, acctstoptime, acctsessiontime, acctauthentic, connectinfo_start, connectinfo_stop, acctinputoctets, acctoutputoctets, calledstationid, callingstationid, acctterminatecause, servicetype, framedprotocol, framedipaddress, acctstartdelay, acctstopdelay, xascendsessionsvrkey) VALUES ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', '%S', NULL, '0', '%{Acct-Authentic}', '%{Connect-Info}', '', '0', '0', '%{Called-Station-Id}', '%{Calling-Station-Id}', '', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '%{%{Acct-Delay-Time}:-0}', '0', '%{X-Ascend-Session-Svr-Key}')"
  341. accounting_start_query_alt = " UPDATE radacct SET acctstarttime = '%S', acctstartdelay = '%{%{Acct-Delay-Time}:-0}', connectinfo_start = '%{Connect-Info}' WHERE acctsessionid = '%{Acct-Session-Id}' AND username = '%{SQL-User-Name}' AND nasipaddress = '%{NAS-IP-Address}'"
  342. accounting_stop_query = " UPDATE radacct SET acctstoptime = '%S', acctsessiontime = '%{Acct-Session-Time}', acctinputoctets = '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}', acctterminatecause = '%{Acct-Terminate-Cause}', acctstopdelay = '%{%{Acct-Delay-Time}:-0}', connectinfo_stop = '%{Connect-Info}' WHERE acctsessionid = '%{Acct-Session-Id}' AND username = '%{SQL-User-Name}' AND nasipaddress = '%{NAS-IP-Address}'"
  343. accounting_stop_query_alt = " INSERT INTO radacct (acctsessionid, acctuniqueid, username, realm, nasipaddress, nasportid, nasporttype, acctstarttime, acctstoptime, acctsessiontime, acctauthentic, connectinfo_start, connectinfo_stop, acctinputoctets, acctoutputoctets, calledstationid, callingstationid, acctterminatecause, servicetype, framedprotocol, framedipaddress, acctstartdelay, acctstopdelay) VALUES ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', DATE_SUB('%S', INTERVAL (%{%{Acct-Session-Time}:-0} + %{%{Acct-Delay-Time}:-0}) SECOND), '%S', '%{Acct-Session-Time}', '%{Acct-Authentic}', '', '%{Connect-Info}', '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}', '%{Called-Station-Id}', '%{Calling-Station-Id}', '%{Acct-Terminate-Cause}', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '0', '%{%{Acct-Delay-Time}:-0}')"
  344. group_membership_query = "SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority"
  345. connect_failure_retry_delay = 60
  346. simul_count_query = ""
  347. simul_verify_query = "SELECT radacctid, acctsessionid, username, nasipaddress, nasportid, framedipaddress, callingstationid, framedprotocol FROM radacct WHERE username = '%{SQL-User-Name}' AND acctstoptime IS NULL"
  348. postauth_query = "INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S')"
  349. safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
  350. }
  351. rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked
  352. rlm_sql (sql): Attempting to connect to raduser@localhost:/raddb
  353. rlm_sql (sql): starting 0
  354. rlm_sql (sql): Attempting to connect rlm_sql_mysql #0
  355. rlm_sql_mysql: Starting connect to MySQL server for #0
  356. rlm_sql (sql): Connected new DB handle, #0
  357. rlm_sql (sql): starting 1
  358. rlm_sql (sql): Attempting to connect rlm_sql_mysql #1
  359. rlm_sql_mysql: Starting connect to MySQL server for #1
  360. rlm_sql (sql): Connected new DB handle, #1
  361. rlm_sql (sql): starting 2
  362. rlm_sql (sql): Attempting to connect rlm_sql_mysql #2
  363. rlm_sql_mysql: Starting connect to MySQL server for #2
  364. rlm_sql (sql): Connected new DB handle, #2
  365. rlm_sql (sql): starting 3
  366. rlm_sql (sql): Attempting to connect rlm_sql_mysql #3
  367. rlm_sql_mysql: Starting connect to MySQL server for #3
  368. rlm_sql (sql): Connected new DB handle, #3
  369. rlm_sql (sql): starting 4
  370. rlm_sql (sql): Attempting to connect rlm_sql_mysql #4
  371. rlm_sql_mysql: Starting connect to MySQL server for #4
  372. rlm_sql (sql): Connected new DB handle, #4
  373. Module: Checking preacct {...} for more modules to load
  374. Module: Linked to module rlm_acct_unique
  375. Module: Instantiating module "acct_unique" from file /etc/freeradius/modules/acct_unique
  376. acct_unique {
  377. key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port"
  378. }
  379. Module: Linked to module rlm_files
  380. Module: Instantiating module "files" from file /etc/freeradius/modules/files
  381. files {
  382. usersfile = "/etc/freeradius/users"
  383. acctusersfile = "/etc/freeradius/acct_users"
  384. preproxy_usersfile = "/etc/freeradius/preproxy_users"
  385. compat = "no"
  386. }
  387. Module: Checking accounting {...} for more modules to load
  388. Module: Linked to module rlm_detail
  389. Module: Instantiating module "detail" from file /etc/freeradius/modules/detail
  390. detail {
  391. detailfile = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d"
  392. header = "%t"
  393. detailperm = 384
  394. dirperm = 493
  395. locking = no
  396. log_packet_header = no
  397. }
  398. Module: Linked to module rlm_radutmp
  399. Module: Instantiating module "radutmp" from file /etc/freeradius/modules/radutmp
  400. radutmp {
  401. filename = "/var/log/freeradius/radutmp"
  402. username = "%{User-Name}"
  403. case_sensitive = yes
  404. check_with_nas = yes
  405. perm = 384
  406. callerid = yes
  407. }
  408. Module: Linked to module rlm_attr_filter
  409. Module: Instantiating module "attr_filter.accounting_response" from file /etc/freeradius/modules/attr_filter
  410. attr_filter attr_filter.accounting_response {
  411. attrsfile = "/etc/freeradius/attrs.accounting_response"
  412. key = "%{User-Name}"
  413. relaxed = no
  414. }
  415. Module: Checking session {...} for more modules to load
  416. Module: Checking post-proxy {...} for more modules to load
  417. Module: Checking post-auth {...} for more modules to load
  418. Module: Instantiating module "attr_filter.access_reject" from file /etc/freeradius/modules/attr_filter
  419. attr_filter attr_filter.access_reject {
  420. attrsfile = "/etc/freeradius/attrs.access_reject"
  421. key = "%{User-Name}"
  422. relaxed = no
  423. }
  424. } # modules
  425. } # server
  426. server inner-tunnel { # from file /etc/freeradius/sites-enabled/inner-tunnel
  427. modules {
  428. Module: Checking authenticate {...} for more modules to load
  429. Module: Checking authorize {...} for more modules to load
  430. Module: Checking session {...} for more modules to load
  431. Module: Checking post-proxy {...} for more modules to load
  432. Module: Checking post-auth {...} for more modules to load
  433. } # modules
  434. } # server
  435. radiusd: #### Opening IP addresses and Ports ####
  436. listen {
  437. type = "auth"
  438. ipaddr = *
  439. port = 0
  440. }
  441. listen {
  442. type = "acct"
  443. ipaddr = *
  444. port = 0
  445. }
  446. listen {
  447. type = "auth"
  448. ipaddr = 127.0.0.1
  449. port = 18120
  450. }
  451. ... adding new socket proxy address * port 50772
  452. Listening on authentication address * port 1812
  453. Listening on accounting address * port 1813
  454. Listening on authentication address 127.0.0.1 port 18120 as server inner-tunnel
  455. Listening on proxy address * port 1814
  456. Ready to process requests.
  457. rad_recv: Access-Request packet from host 10.0.0.148 port 38010, id=10, length=161
  458. User-Name = "mpulis"
  459. NAS-Identifier = "802aa849cdbe"
  460. NAS-Port = 0
  461. Called-Station-Id = "80-2A-A8-4A-CD-BE:Seminary"
  462. Calling-Station-Id = "FC-64-BA-6F-84-D3"
  463. Framed-MTU = 1400
  464. NAS-Port-Type = Wireless-802.11
  465. Connect-Info = "CONNECT 0Mbps 802.11b"
  466. EAP-Message = 0x02f2000b016d70756c6973
  467. Message-Authenticator = 0xdc575891aac357955d182c4af0158b57
  468. # Executing section authorize from file /etc/freeradius/sites-enabled/default
  469. +- entering group authorize {...}
  470. ++[preprocess] returns ok
  471. ++[chap] returns noop
  472. ++[mschap] returns noop
  473. ++[digest] returns noop
  474. [suffix] No '@' in User-Name = "mpulis", looking up realm NULL
  475. [suffix] No such realm "NULL"
  476. ++[suffix] returns noop
  477. [eap] EAP packet type response id 242 length 11
  478. [eap] No EAP Start, assuming it's an on-going EAP conversation
  479. ++[eap] returns updated
  480. [sql] expand: %{User-Name} -> mpulis
  481. [sql] sql_set_user escaped user --> 'mpulis'
  482. rlm_sql (sql): Reserving sql socket id: 4
  483. [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'mpulis' ORDER BY id
  484. [sql] User found in radcheck table
  485. [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'mpulis' ORDER BY id
  486. [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'mpulis' ORDER BY priority
  487. rlm_sql (sql): Released sql socket id: 4
  488. ++[sql] returns ok
  489. ++[expiration] returns noop
  490. ++[logintime] returns noop
  491. [pap] WARNING: Auth-Type already set. Not setting to PAP
  492. ++[pap] returns noop
  493. Found Auth-Type = EAP
  494. # Executing group from file /etc/freeradius/sites-enabled/default
  495. +- entering group authenticate {...}
  496. [eap] EAP Identity
  497. [eap] processing type tls
  498. [tls] Initiate
  499. [tls] Start returned 1
  500. ++[eap] returns handled
  501. Sending Access-Challenge of id 10 to 10.0.0.148 port 38010
  502. EAP-Message = 0x01f300061920
  503. Message-Authenticator = 0x00000000000000000000000000000000
  504. State = 0x6ef164376e027dce7fc7e3211faadd83
  505. Finished request 0.
  506. Going to the next request
  507. Waking up in 4.9 seconds.
  508. rad_recv: Access-Request packet from host 10.0.0.148 port 38010, id=11, length=376
  509. User-Name = "mpulis"
  510. NAS-Identifier = "802aa849cdbe"
  511. NAS-Port = 0
  512. Called-Station-Id = "80-2A-A8-4A-CD-BE:Seminary"
  513. Calling-Station-Id = "FC-64-BA-6F-84-D3"
  514. Framed-MTU = 1400
  515. NAS-Port-Type = Wireless-802.11
  516. Connect-Info = "CONNECT 0Mbps 802.11b"
  517. EAP-Message = 0x02f300d01980000000c616030100c1010000bd0301d7df24e1a0a56f9ad55169bd0f6e3b48c7a16738358c6e44e7164eda57c232ca000054c014c00ac022c02100390038c00fc0050035c012c008c01cc01b00160013c00dc003000ac013c009c01fc01e00330032c00ec004002fc011c007c00cc002000500040015001200090014001100080006000300ff01000040000b000403000102000a00340032000e000d0019000b000c00180009000a00160017000800060007001400150004000500120013000100020003000f00100011
  518. State = 0x6ef164376e027dce7fc7e3211faadd83
  519. Message-Authenticator = 0x974d4204707d4dd6fabef8fe5a3b0247
  520. # Executing section authorize from file /etc/freeradius/sites-enabled/default
  521. +- entering group authorize {...}
  522. ++[preprocess] returns ok
  523. ++[chap] returns noop
  524. ++[mschap] returns noop
  525. ++[digest] returns noop
  526. [suffix] No '@' in User-Name = "mpulis", looking up realm NULL
  527. [suffix] No such realm "NULL"
  528. ++[suffix] returns noop
  529. [eap] EAP packet type response id 243 length 208
  530. [eap] Continuing tunnel setup.
  531. ++[eap] returns ok
  532. Found Auth-Type = EAP
  533. # Executing group from file /etc/freeradius/sites-enabled/default
  534. +- entering group authenticate {...}
  535. [eap] Request found, released from the list
  536. [eap] EAP/peap
  537. [eap] processing type peap
  538. [peap] processing EAP-TLS
  539. TLS Length 198
  540. [peap] Length Included
  541. [peap] eaptls_verify returned 11
  542. [peap] (other): before/accept initialization
  543. [peap] TLS_accept: before/accept initialization
  544. [peap] <<< TLS 1.0 Handshake [length 00c1], ClientHello
  545. [peap] TLS_accept: SSLv3 read client hello A
  546. [peap] >>> TLS 1.0 Handshake [length 0039], ServerHello
  547. [peap] TLS_accept: SSLv3 write server hello A
  548. [peap] >>> TLS 1.0 Handshake [length 02c8], Certificate
  549. [peap] TLS_accept: SSLv3 write certificate A
  550. [peap] >>> TLS 1.0 Handshake [length 014b], ServerKeyExchange
  551. [peap] TLS_accept: SSLv3 write key exchange A
  552. [peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
  553. [peap] TLS_accept: SSLv3 write server done A
  554. [peap] TLS_accept: SSLv3 flush data
  555. [peap] TLS_accept: Need to read more data: SSLv3 read client certificate A
  556. In SSL Handshake Phase
  557. In SSL Accept mode
  558. [peap] eaptls_process returned 13
  559. [peap] EAPTLS_HANDLED
  560. ++[eap] returns handled
  561. Sending Access-Challenge of id 11 to 10.0.0.148 port 38010
  562. EAP-Message = 0x01f4040019c0000004641603010039020000350301159ede8de37a5b6d95c3d52c5242b1333b4a4865f7c1d85855ac514466a094a600c01400000dff01000100000b00040300010216030102c80b0002c40002c10002be308202ba308201a2a003020102020900c41781cb3c74a97b300d06092a864886f70d01010b05003015311330110603550403130a64616c6f726164697573301e170d3136303830383135323332385a170d3236303830363135323332385a3015311330110603550403130a64616c6f72616469757330820122300d06092a864886f70d01010105000382010f003082010a0282010100abecf3ef9a4b7ec5962f3bf36dd360f7
  563. EAP-Message = 0x007594393f1f8c2454461a6f3085de51a74849b137926fe0281e5055dc5aba47113bb4335ffe007d43c9f9c7fe9f893fea12389f28f7768051fa9e5eb1a9e231d71163ec9f1355d1ac37d33c36fcfb84c7b9140ffb330d81d9637f0c7846ef00a2f4aeaa1dbd8c862dc6844567d7eb9dba53fce67695fd79127d52f876ae10f8f2b7e6cb0d323cec2217d1e45f70f714752c6239eb7431604d7e7dcf70da464a47800b35c89e8c3dd864915ffe3e3ef594a503f135a25ca9398bc86c8bca909470cda763f691dfb98d3403fa0832a7eac918d17eee0f85fc3669bc796933433b64c30b59d7d1961fa8f7564b3e5a5ed30203010001a30d300b30090603
  564. EAP-Message = 0x551d1304023000300d06092a864886f70d01010b050003820101001ba13f1deabd7ed0c72c1b1d314a6661b311b98710a546f9f08db630ee807fcde79453916d8cf928417b951edf1539da33cc2f258f50289a60a0c1821599c95b0c58abc161132e2767ff6912a53676d0198861f54d6bd9e0702b2a1a3278a36759f64b5b4fead818fe38974fca70f899785e7022e2afb5fdca14eb5310ca139d38074c102c8e7a6d4695bcaa5ec9ea64d5380fa3cf954140e37dbe03a2c4d6923d0542737699869ac8b27476eb59683d31f6e80ffd9687902107c1634108d9986ebeef2e71a34e73eb0bda03f35c045ae4a12beddfd49c0ede30082c3588a12f06b9
  565. EAP-Message = 0x10fd9447f57657248dfb3d5719eb5829862dd3f2bf0dd5a127fd3e7f8ed4160301014b0c00014703001741046b95ecef2eaa15f6b6c48122902901cebd4c35c75e21486e67b1840efb9d4befaf1c2069821280d00dcecb21c51c1055cda5006ced5e91d8e0b629a4d743ba3e01009ad9f3e879f1efd0820f6501cec43aa9baac8bbfde80d9b2a58e05449da3005c6d76fe237d1460cd381f9269fba66a8592bdc24d6da8d17c56c0008e6aa660b9c7a442e5aab19f388297fc78483258395e383d64d53b938eb9494581d25e97b5af33b1e44414bf9a3da6f5d45d7d29d32e1915f3c7fa21894664a8eadf02e44f7107ade6e5d95314d1f0572a44376f
  566. EAP-Message = 0x6d46f42f0bcdf943a2950e44
  567. Message-Authenticator = 0x00000000000000000000000000000000
  568. State = 0x6ef164376f057dce7fc7e3211faadd83
  569. Finished request 1.
  570. Going to the next request
  571. Waking up in 4.9 seconds.
  572. rad_recv: Access-Request packet from host 10.0.0.148 port 38010, id=12, length=174
  573. User-Name = "mpulis"
  574. NAS-Identifier = "802aa849cdbe"
  575. NAS-Port = 0
  576. Called-Station-Id = "80-2A-A8-4A-CD-BE:Seminary"
  577. Calling-Station-Id = "FC-64-BA-6F-84-D3"
  578. Framed-MTU = 1400
  579. NAS-Port-Type = Wireless-802.11
  580. Connect-Info = "CONNECT 0Mbps 802.11b"
  581. EAP-Message = 0x02f400061900
  582. State = 0x6ef164376f057dce7fc7e3211faadd83
  583. Message-Authenticator = 0x62a3b4c5aede7bf003cccb1e0a8b07eb
  584. # Executing section authorize from file /etc/freeradius/sites-enabled/default
  585. +- entering group authorize {...}
  586. ++[preprocess] returns ok
  587. ++[chap] returns noop
  588. ++[mschap] returns noop
  589. ++[digest] returns noop
  590. [suffix] No '@' in User-Name = "mpulis", looking up realm NULL
  591. [suffix] No such realm "NULL"
  592. ++[suffix] returns noop
  593. [eap] EAP packet type response id 244 length 6
  594. [eap] Continuing tunnel setup.
  595. ++[eap] returns ok
  596. Found Auth-Type = EAP
  597. # Executing group from file /etc/freeradius/sites-enabled/default
  598. +- entering group authenticate {...}
  599. [eap] Request found, released from the list
  600. [eap] EAP/peap
  601. [eap] processing type peap
  602. [peap] processing EAP-TLS
  603. [peap] Received TLS ACK
  604. [peap] ACK handshake fragment handler
  605. [peap] eaptls_verify returned 1
  606. [peap] eaptls_process returned 13
  607. [peap] EAPTLS_HANDLED
  608. ++[eap] returns handled
  609. Sending Access-Challenge of id 12 to 10.0.0.148 port 38010
  610. EAP-Message = 0x01f500741900d5e48a1f7e66aac0c0fb398fcbde526abb102f5db68f848dca8abf84a59d820846ef52dd5d6a25d86e1a4bf31f89066fad754d8b753bbf029d2d94762be42c43d6be520568134f61e75a181dd2480acf7cde5d0b7c334b66e0a2f921121505e7a460940fda16030100040e000000
  611. Message-Authenticator = 0x00000000000000000000000000000000
  612. State = 0x6ef164376c047dce7fc7e3211faadd83
  613. Finished request 2.
  614. Going to the next request
  615. Waking up in 4.9 seconds.
  616. rad_recv: Access-Request packet from host 10.0.0.148 port 38010, id=13, length=312
  617. User-Name = "mpulis"
  618. NAS-Identifier = "802aa849cdbe"
  619. NAS-Port = 0
  620. Called-Station-Id = "80-2A-A8-4A-CD-BE:Seminary"
  621. Calling-Station-Id = "FC-64-BA-6F-84-D3"
  622. Framed-MTU = 1400
  623. NAS-Port-Type = Wireless-802.11
  624. Connect-Info = "CONNECT 0Mbps 802.11b"
  625. EAP-Message = 0x02f5009019800000008616030100461000004241047fc9e724d774e2ab7f1e39c17cbc5c25fddaa046075c1dcbdc35cf2902e460306bafdf870682372f011c1e11675bef0a5aeca534124fddff6bdcc37f2dd274e014030100010116030100302fe0e3005895a075ff1b6ef61289bd048e3726e3d571199511df7316f7c5ba96a13a30e065bc07936b3dfa66a06c3e57
  626. State = 0x6ef164376c047dce7fc7e3211faadd83
  627. Message-Authenticator = 0xbdc7c8775b819b8a259ea86852773ab9
  628. # Executing section authorize from file /etc/freeradius/sites-enabled/default
  629. +- entering group authorize {...}
  630. ++[preprocess] returns ok
  631. ++[chap] returns noop
  632. ++[mschap] returns noop
  633. ++[digest] returns noop
  634. [suffix] No '@' in User-Name = "mpulis", looking up realm NULL
  635. [suffix] No such realm "NULL"
  636. ++[suffix] returns noop
  637. [eap] EAP packet type response id 245 length 144
  638. [eap] Continuing tunnel setup.
  639. ++[eap] returns ok
  640. Found Auth-Type = EAP
  641. # Executing group from file /etc/freeradius/sites-enabled/default
  642. +- entering group authenticate {...}
  643. [eap] Request found, released from the list
  644. [eap] EAP/peap
  645. [eap] processing type peap
  646. [peap] processing EAP-TLS
  647. TLS Length 134
  648. [peap] Length Included
  649. [peap] eaptls_verify returned 11
  650. [peap] <<< TLS 1.0 Handshake [length 0046], ClientKeyExchange
  651. [peap] TLS_accept: SSLv3 read client key exchange A
  652. [peap] <<< TLS 1.0 ChangeCipherSpec [length 0001]
  653. [peap] <<< TLS 1.0 Handshake [length 0010], Finished
  654. [peap] TLS_accept: SSLv3 read finished A
  655. [peap] >>> TLS 1.0 ChangeCipherSpec [length 0001]
  656. [peap] TLS_accept: SSLv3 write change cipher spec A
  657. [peap] >>> TLS 1.0 Handshake [length 0010], Finished
  658. [peap] TLS_accept: SSLv3 write finished A
  659. [peap] TLS_accept: SSLv3 flush data
  660. [peap] (other): SSL negotiation finished successfully
  661. SSL Connection Established
  662. [peap] eaptls_process returned 13
  663. [peap] EAPTLS_HANDLED
  664. ++[eap] returns handled
  665. Sending Access-Challenge of id 13 to 10.0.0.148 port 38010
  666. EAP-Message = 0x01f6004119001403010001011603010030cedd8b4bba8064fb9d7c489a3ac1ad23120a3b00f412096dde890001cb1d0980106333b684c3dc903ee647f1fdb0e77c
  667. Message-Authenticator = 0x00000000000000000000000000000000
  668. State = 0x6ef164376d077dce7fc7e3211faadd83
  669. Finished request 3.
  670. Going to the next request
  671. Waking up in 4.9 seconds.
  672. rad_recv: Access-Request packet from host 10.0.0.148 port 38010, id=14, length=174
  673. User-Name = "mpulis"
  674. NAS-Identifier = "802aa849cdbe"
  675. NAS-Port = 0
  676. Called-Station-Id = "80-2A-A8-4A-CD-BE:Seminary"
  677. Calling-Station-Id = "FC-64-BA-6F-84-D3"
  678. Framed-MTU = 1400
  679. NAS-Port-Type = Wireless-802.11
  680. Connect-Info = "CONNECT 0Mbps 802.11b"
  681. EAP-Message = 0x02f600061900
  682. State = 0x6ef164376d077dce7fc7e3211faadd83
  683. Message-Authenticator = 0xcc747caaf686edc9e3749a401f6643f9
  684. # Executing section authorize from file /etc/freeradius/sites-enabled/default
  685. +- entering group authorize {...}
  686. ++[preprocess] returns ok
  687. ++[chap] returns noop
  688. ++[mschap] returns noop
  689. ++[digest] returns noop
  690. [suffix] No '@' in User-Name = "mpulis", looking up realm NULL
  691. [suffix] No such realm "NULL"
  692. ++[suffix] returns noop
  693. [eap] EAP packet type response id 246 length 6
  694. [eap] Continuing tunnel setup.
  695. ++[eap] returns ok
  696. Found Auth-Type = EAP
  697. # Executing group from file /etc/freeradius/sites-enabled/default
  698. +- entering group authenticate {...}
  699. [eap] Request found, released from the list
  700. [eap] EAP/peap
  701. [eap] processing type peap
  702. [peap] processing EAP-TLS
  703. [peap] Received TLS ACK
  704. [peap] ACK handshake is finished
  705. [peap] eaptls_verify returned 3
  706. [peap] eaptls_process returned 3
  707. [peap] EAPTLS_SUCCESS
  708. [peap] Session established. Decoding tunneled attributes.
  709. [peap] Peap state TUNNEL ESTABLISHED
  710. ++[eap] returns handled
  711. Sending Access-Challenge of id 14 to 10.0.0.148 port 38010
  712. EAP-Message = 0x01f7002b19001703010020980c7a62f9ec1a9c50a9c66f7bffbdac261cacf010ad31bd05ec24487712be9e
  713. Message-Authenticator = 0x00000000000000000000000000000000
  714. State = 0x6ef164376a067dce7fc7e3211faadd83
  715. Finished request 4.
  716. Going to the next request
  717. Waking up in 4.9 seconds.
  718. rad_recv: Access-Request packet from host 10.0.0.148 port 38010, id=15, length=211
  719. User-Name = "mpulis"
  720. NAS-Identifier = "802aa849cdbe"
  721. NAS-Port = 0
  722. Called-Station-Id = "80-2A-A8-4A-CD-BE:Seminary"
  723. Calling-Station-Id = "FC-64-BA-6F-84-D3"
  724. Framed-MTU = 1400
  725. NAS-Port-Type = Wireless-802.11
  726. Connect-Info = "CONNECT 0Mbps 802.11b"
  727. EAP-Message = 0x02f7002b190017030100202c4c5d188d076a67df3781394306983fc0726938b7ee6cd1aee3949849998819
  728. State = 0x6ef164376a067dce7fc7e3211faadd83
  729. Message-Authenticator = 0x94f68dc55421fc6ed5e78ad052ea5f3f
  730. # Executing section authorize from file /etc/freeradius/sites-enabled/default
  731. +- entering group authorize {...}
  732. ++[preprocess] returns ok
  733. ++[chap] returns noop
  734. ++[mschap] returns noop
  735. ++[digest] returns noop
  736. [suffix] No '@' in User-Name = "mpulis", looking up realm NULL
  737. [suffix] No such realm "NULL"
  738. ++[suffix] returns noop
  739. [eap] EAP packet type response id 247 length 43
  740. [eap] Continuing tunnel setup.
  741. ++[eap] returns ok
  742. Found Auth-Type = EAP
  743. # Executing group from file /etc/freeradius/sites-enabled/default
  744. +- entering group authenticate {...}
  745. [eap] Request found, released from the list
  746. [eap] EAP/peap
  747. [eap] processing type peap
  748. [peap] processing EAP-TLS
  749. [peap] eaptls_verify returned 7
  750. [peap] Done initial handshake
  751. [peap] eaptls_process returned 7
  752. [peap] EAPTLS_OK
  753. [peap] Session established. Decoding tunneled attributes.
  754. [peap] Peap state WAITING FOR INNER IDENTITY
  755. [peap] Identity - mpulis
  756. [peap] Got inner identity 'mpulis'
  757. [peap] Setting default EAP type for tunneled EAP session.
  758. [peap] Got tunneled request
  759. EAP-Message = 0x02f7000b016d70756c6973
  760. server {
  761. [peap] Setting User-Name to mpulis
  762. Sending tunneled request
  763. EAP-Message = 0x02f7000b016d70756c6973
  764. FreeRADIUS-Proxied-To = 127.0.0.1
  765. User-Name = "mpulis"
  766. server inner-tunnel {
  767. # Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel
  768. +- entering group authorize {...}
  769. ++[chap] returns noop
  770. ++[mschap] returns noop
  771. [suffix] No '@' in User-Name = "mpulis", looking up realm NULL
  772. [suffix] No such realm "NULL"
  773. ++[suffix] returns noop
  774. ++[control] returns noop
  775. [eap] EAP packet type response id 247 length 11
  776. [eap] No EAP Start, assuming it's an on-going EAP conversation
  777. ++[eap] returns updated
  778. ++[files] returns noop
  779. ++[expiration] returns noop
  780. ++[logintime] returns noop
  781. ++[pap] returns noop
  782. Found Auth-Type = EAP
  783. # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
  784. +- entering group authenticate {...}
  785. [eap] EAP Identity
  786. [eap] processing type mschapv2
  787. rlm_eap_mschapv2: Issuing Challenge
  788. ++[eap] returns handled
  789. } # server inner-tunnel
  790. [peap] Got tunneled reply code 11
  791. EAP-Message = 0x01f800201a01f8001b10d6a21847760cc141a52a618be2566ad16d70756c6973
  792. Message-Authenticator = 0x00000000000000000000000000000000
  793. State = 0x8061cab68099d075fa393c754cfb8c72
  794. [peap] Got tunneled reply RADIUS code 11
  795. EAP-Message = 0x01f800201a01f8001b10d6a21847760cc141a52a618be2566ad16d70756c6973
  796. Message-Authenticator = 0x00000000000000000000000000000000
  797. State = 0x8061cab68099d075fa393c754cfb8c72
  798. [peap] Got tunneled Access-Challenge
  799. ++[eap] returns handled
  800. Sending Access-Challenge of id 15 to 10.0.0.148 port 38010
  801. EAP-Message = 0x01f8004b19001703010040d9f99058d8fac243a812fec1575a8d0916e77d7daf0de6c372ddc5954f65af760b52f04184de013ee59634a27f651f3bd328789303fa041dcb0a4fa7667c5c44
  802. Message-Authenticator = 0x00000000000000000000000000000000
  803. State = 0x6ef164376b097dce7fc7e3211faadd83
  804. Finished request 5.
  805. Going to the next request
  806. Waking up in 4.9 seconds.
  807. rad_recv: Access-Request packet from host 10.0.0.148 port 38010, id=16, length=275
  808. User-Name = "mpulis"
  809. NAS-Identifier = "802aa849cdbe"
  810. NAS-Port = 0
  811. Called-Station-Id = "80-2A-A8-4A-CD-BE:Seminary"
  812. Calling-Station-Id = "FC-64-BA-6F-84-D3"
  813. Framed-MTU = 1400
  814. NAS-Port-Type = Wireless-802.11
  815. Connect-Info = "CONNECT 0Mbps 802.11b"
  816. EAP-Message = 0x02f8006b190017030100605c829a6bc84a9da0845e64d3c887b7387dbbfd3abd6f41d828f89892921f3e963d66516ff725d243e46ff657515b071724bf292c684344b1780d7ae647dd9bfed7dbcc8b0e1877f52d5bc771c728debe1eca0e1e88737cd878487c512851e07a
  817. State = 0x6ef164376b097dce7fc7e3211faadd83
  818. Message-Authenticator = 0x513117f91e962d5985ff620c89c37955
  819. # Executing section authorize from file /etc/freeradius/sites-enabled/default
  820. +- entering group authorize {...}
  821. ++[preprocess] returns ok
  822. ++[chap] returns noop
  823. ++[mschap] returns noop
  824. ++[digest] returns noop
  825. [suffix] No '@' in User-Name = "mpulis", looking up realm NULL
  826. [suffix] No such realm "NULL"
  827. ++[suffix] returns noop
  828. [eap] EAP packet type response id 248 length 107
  829. [eap] Continuing tunnel setup.
  830. ++[eap] returns ok
  831. Found Auth-Type = EAP
  832. # Executing group from file /etc/freeradius/sites-enabled/default
  833. +- entering group authenticate {...}
  834. [eap] Request found, released from the list
  835. [eap] EAP/peap
  836. [eap] processing type peap
  837. [peap] processing EAP-TLS
  838. [peap] eaptls_verify returned 7
  839. [peap] Done initial handshake
  840. [peap] eaptls_process returned 7
  841. [peap] EAPTLS_OK
  842. [peap] Session established. Decoding tunneled attributes.
  843. [peap] Peap state phase2
  844. [peap] EAP type mschapv2
  845. [peap] Got tunneled request
  846. EAP-Message = 0x02f800411a02f8003c3188fbb21e55bc94a48b7f5e93b5724caf00000000000000007036de056d4798212ef17d1f05e36f361bc40dd2b7dc1f4c006d70756c6973
  847. server {
  848. [peap] Setting User-Name to mpulis
  849. Sending tunneled request
  850. EAP-Message = 0x02f800411a02f8003c3188fbb21e55bc94a48b7f5e93b5724caf00000000000000007036de056d4798212ef17d1f05e36f361bc40dd2b7dc1f4c006d70756c6973
  851. FreeRADIUS-Proxied-To = 127.0.0.1
  852. User-Name = "mpulis"
  853. State = 0x8061cab68099d075fa393c754cfb8c72
  854. server inner-tunnel {
  855. # Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel
  856. +- entering group authorize {...}
  857. ++[chap] returns noop
  858. ++[mschap] returns noop
  859. [suffix] No '@' in User-Name = "mpulis", looking up realm NULL
  860. [suffix] No such realm "NULL"
  861. ++[suffix] returns noop
  862. ++[control] returns noop
  863. [eap] EAP packet type response id 248 length 65
  864. [eap] No EAP Start, assuming it's an on-going EAP conversation
  865. ++[eap] returns updated
  866. ++[files] returns noop
  867. ++[expiration] returns noop
  868. ++[logintime] returns noop
  869. ++[pap] returns noop
  870. Found Auth-Type = EAP
  871. # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
  872. +- entering group authenticate {...}
  873. [eap] Request found, released from the list
  874. [eap] EAP/mschapv2
  875. [eap] processing type mschapv2
  876. [mschapv2] # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
  877. [mschapv2] +- entering group MS-CHAP {...}
  878. [mschap] No Cleartext-Password configured. Cannot create LM-Password.
  879. [mschap] No Cleartext-Password configured. Cannot create NT-Password.
  880. [mschap] Creating challenge hash with username: mpulis
  881. [mschap] Told to do MS-CHAPv2 for mpulis with NT-Password
  882. [mschap] FAILED: No NT/LM-Password. Cannot perform authentication.
  883. [mschap] FAILED: MS-CHAP2-Response is incorrect
  884. ++[mschap] returns reject
  885. [eap] Freeing handler
  886. ++[eap] returns reject
  887. Failed to authenticate the user.
  888. } # server inner-tunnel
  889. [peap] Got tunneled reply code 3
  890. MS-CHAP-Error = "\370E=691 R=1"
  891. EAP-Message = 0x04f80004
  892. Message-Authenticator = 0x00000000000000000000000000000000
  893. [peap] Got tunneled reply RADIUS code 3
  894. MS-CHAP-Error = "\370E=691 R=1"
  895. EAP-Message = 0x04f80004
  896. Message-Authenticator = 0x00000000000000000000000000000000
  897. [peap] Tunneled authentication was rejected.
  898. [peap] FAILURE
  899. ++[eap] returns handled
  900. Sending Access-Challenge of id 16 to 10.0.0.148 port 38010
  901. EAP-Message = 0x01f9002b190017030100200f52a08fd652c4a9fbebbb2cb905b70e2467986283ad506c0780cb9477662f84
  902. Message-Authenticator = 0x00000000000000000000000000000000
  903. State = 0x6ef1643768087dce7fc7e3211faadd83
  904. Finished request 6.
  905. Going to the next request
  906. Waking up in 4.9 seconds.
  907. rad_recv: Access-Request packet from host 10.0.0.148 port 38010, id=17, length=211
  908. User-Name = "mpulis"
  909. NAS-Identifier = "802aa849cdbe"
  910. NAS-Port = 0
  911. Called-Station-Id = "80-2A-A8-4A-CD-BE:Seminary"
  912. Calling-Station-Id = "FC-64-BA-6F-84-D3"
  913. Framed-MTU = 1400
  914. NAS-Port-Type = Wireless-802.11
  915. Connect-Info = "CONNECT 0Mbps 802.11b"
  916. EAP-Message = 0x02f9002b19001703010020b8146776d898d2169bb58ff6b946023085539eddd7a38ec2dde989645cad8d41
  917. State = 0x6ef1643768087dce7fc7e3211faadd83
  918. Message-Authenticator = 0x28f89b3e98662dccbf5b3fe77e1e8f39
  919. # Executing section authorize from file /etc/freeradius/sites-enabled/default
  920. +- entering group authorize {...}
  921. ++[preprocess] returns ok
  922. ++[chap] returns noop
  923. ++[mschap] returns noop
  924. ++[digest] returns noop
  925. [suffix] No '@' in User-Name = "mpulis", looking up realm NULL
  926. [suffix] No such realm "NULL"
  927. ++[suffix] returns noop
  928. [eap] EAP packet type response id 249 length 43
  929. [eap] Continuing tunnel setup.
  930. ++[eap] returns ok
  931. Found Auth-Type = EAP
  932. # Executing group from file /etc/freeradius/sites-enabled/default
  933. +- entering group authenticate {...}
  934. [eap] Request found, released from the list
  935. [eap] EAP/peap
  936. [eap] processing type peap
  937. [peap] processing EAP-TLS
  938. [peap] eaptls_verify returned 7
  939. [peap] Done initial handshake
  940. [peap] eaptls_process returned 7
  941. [peap] EAPTLS_OK
  942. [peap] Session established. Decoding tunneled attributes.
  943. [peap] Peap state send tlv failure
  944. [peap] Received EAP-TLV response.
  945. [peap] The users session was previously rejected: returning reject (again.)
  946. [peap] *** This means you need to read the PREVIOUS messages in the debug output
  947. [peap] *** to find out the reason why the user was rejected.
  948. [peap] *** Look for "reject" or "fail". Those earlier messages will tell you.
  949. [peap] *** what went wrong, and how to fix the problem.
  950. [eap] Handler failed in EAP/peap
  951. [eap] Failed in EAP select
  952. ++[eap] returns invalid
  953. Failed to authenticate the user.
  954. Using Post-Auth-Type Reject
  955. # Executing group from file /etc/freeradius/sites-enabled/default
  956. +- entering group REJECT {...}
  957. [sql] expand: %{User-Name} -> mpulis
  958. [sql] sql_set_user escaped user --> 'mpulis'
  959. [sql] expand: %{User-Password} ->
  960. [sql] ... expanding second conditional
  961. [sql] expand: %{Chap-Password} ->
  962. [sql] expand: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S') -> INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'mpulis', '', 'Access-Reject', '2016-08-09 13:32:03')
  963. rlm_sql (sql) in sql_postauth: query is INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'mpulis', '', 'Access-Reject', '2016-08-09 13:32:03')
  964. rlm_sql (sql): Reserving sql socket id: 3
  965. rlm_sql (sql): Released sql socket id: 3
  966. ++[sql] returns ok
  967. [attr_filter.access_reject] expand: %{User-Name} -> mpulis
  968. attr_filter: Matched entry DEFAULT at line 11
  969. ++[attr_filter.access_reject] returns updated
  970. Delaying reject of request 7 for 1 seconds
  971. Going to the next request
  972. Waking up in 0.9 seconds.
  973. Sending delayed reject for request 7
  974. Sending Access-Reject of id 17 to 10.0.0.148 port 38010
  975. EAP-Message = 0x04f90004
  976. Message-Authenticator = 0x00000000000000000000000000000000
  977. Waking up in 3.8 seconds.
  978. Cleaning up request 0 ID 10 with timestamp +28
  979. Cleaning up request 1 ID 11 with timestamp +28
  980. Cleaning up request 2 ID 12 with timestamp +28
  981. Cleaning up request 3 ID 13 with timestamp +28
  982. Cleaning up request 4 ID 14 with timestamp +28
  983. Cleaning up request 5 ID 15 with timestamp +28
  984. Cleaning up request 6 ID 16 with timestamp +28
  985. Waking up in 1.0 seconds.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!