API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Sep 8th, 2016
191
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 26.38 KB | None | 0 0
raw download clone embed print report
  1. root@tsradius:/etc/freeradius# freeradius -X
  2. Server was built with:
  3. accounting : yes
  4. authentication : yes
  5. ascend-binary-attributes : yes
  6. coa : yes
  7. control-socket : yes
  8. detail : yes
  9. dhcp : yes
  10. dynamic-clients : yes
  11. osfc2 : no
  12. proxy : yes
  13. regex-pcre : no
  14. regex-posix : yes
  15. regex-posix-extended : yes
  16. session-management : yes
  17. stats : yes
  18. tcp : yes
  19. threads : yes
  20. tls : yes
  21. unlang : yes
  22. vmps : yes
  23. developer : no
  24. Server core libs:
  25. freeradius-server : 3.0.11
  26. talloc : 2.0.*
  27. ssl : 1.0.1f release
  28. Endianness:
  29. little
  30. Compilation flags:
  31. cppflags : -D_FORTIFY_SOURCE=2
  32. cflags : -I/build/freeradius-8d5m9K/freeradius-3.0.11 -I/build/freeradius-8d5m9K/freeradius-3.0.11/src -include /build/freeradius-8d5m9K/freeradius-3.0.11/src/freeradius-devel/autoconf.h -include /build/freeradius-8d5m9K/freeradius-3.0.11/src/freeradius-devel/build.h -include /build/freeradius-8d5m9K/freeradius-3.0.11/src/freeradius-devel/features.h -include /build/freeradius-8d5m9K/freeradius-3.0.11/src/freeradius-devel/radpaths.h -fno-strict-aliasing -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -O2 -Wall -std=c99 -D_GNU_SOURCE -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -DOPENSSL_NO_KRB5 -DNDEBUG -DIS_MODULE=1
  33. ldflags : -Wl,-Bsymbolic-functions -Wl,-z,relro
  34. libs : -lcrypto -lssl -ltalloc -lcap -lnsl -lresolv -ldl -lpthread -lreadline
  35.  
  36.  
  37. # Loaded module rlm_chap
  38. # Loading module "chap" from file /etc/freeradius/mods-enabled/chap
  39. # Loaded module rlm_realm
  40. # Loading module "IPASS" from file /etc/freeradius/mods-enabled/realm
  41. realm IPASS {
  42. format = "prefix"
  43. delimiter = "/"
  44. ignore_default = no
  45. ignore_null = no
  46. }
  47. # Loading module "suffix" from file /etc/freeradius/mods-enabled/realm
  48. realm suffix {
  49. format = "suffix"
  50. delimiter = "@"
  51. ignore_default = no
  52. ignore_null = no
  53. }
  54. # Loading module "realmpercent" from file /etc/freeradius/mods-enabled/realm
  55. realm realmpercent {
  56. format = "suffix"
  57. delimiter = "%"
  58. ignore_default = no
  59. ignore_null = no
  60. }
  61. # Loading module "ntdomain" from file /etc/freeradius/mods-enabled/realm
  62. realm ntdomain {
  63. format = "prefix"
  64. delimiter = "\"
  65. ignore_default = no
  66. ignore_null = no
  67. }
  68. # Loaded module rlm_exec
  69. # Loading module "ntlm_auth" from file /etc/freeradius/mods-enabled/ntlm_auth
  70. exec ntlm_auth {
  71. wait = yes
  72. program = "/path/to/ntlm_auth --request-nt-key --domain=MYDOMAIN --username=%{mschap:User-Name} --password=%{User-Password}"
  73. shell_escape = yes
  74. }
  75. # Loading module "echo" from file /etc/freeradius/mods-enabled/echo
  76. exec echo {
  77. wait = yes
  78. program = "/bin/echo %{User-Name}"
  79. input_pairs = "request"
  80. output_pairs = "reply"
  81. shell_escape = yes
  82. }
  83. # Loaded module rlm_linelog
  84. # Loading module "linelog" from file /etc/freeradius/mods-enabled/linelog
  85. linelog {
  86. filename = "/var/log/freeradius/linelog"
  87. escape_filenames = no
  88. syslog_severity = "info"
  89. permissions = 384
  90. format = "This is a log message for %{User-Name}"
  91. reference = "messages.%{%{reply:Packet-Type}:-default}"
  92. }
  93. # Loading module "log_accounting" from file /etc/freeradius/mods-enabled/linelog
  94. linelog log_accounting {
  95. filename = "/var/log/freeradius/linelog-accounting"
  96. escape_filenames = no
  97. syslog_severity = "info"
  98. permissions = 384
  99. format = ""
  100. reference = "Accounting-Request.%{%{Acct-Status-Type}:-unknown}"
  101. }
  102. # Loaded module rlm_attr_filter
  103. # Loading module "attr_filter.post-proxy" from file /etc/freeradius/mods-enabled/attr_filter
  104. attr_filter attr_filter.post-proxy {
  105. filename = "/etc/freeradius/mods-config/attr_filter/post-proxy"
  106. key = "%{Realm}"
  107. relaxed = no
  108. }
  109. # Loading module "attr_filter.pre-proxy" from file /etc/freeradius/mods-enabled/attr_filter
  110. attr_filter attr_filter.pre-proxy {
  111. filename = "/etc/freeradius/mods-config/attr_filter/pre-proxy"
  112. key = "%{Realm}"
  113. relaxed = no
  114. }
  115. # Loading module "attr_filter.access_reject" from file /etc/freeradius/mods-enabled/attr_filter
  116. attr_filter attr_filter.access_reject {
  117. filename = "/etc/freeradius/mods-config/attr_filter/access_reject"
  118. key = "%{User-Name}"
  119. relaxed = no
  120. }
  121. # Loading module "attr_filter.access_challenge" from file /etc/freeradius/mods-enabled/attr_filter
  122. attr_filter attr_filter.access_challenge {
  123. filename = "/etc/freeradius/mods-config/attr_filter/access_challenge"
  124. key = "%{User-Name}"
  125. relaxed = no
  126. }
  127. # Loading module "attr_filter.accounting_response" from file /etc/freeradius/mods-enabled/attr_filter
  128. attr_filter attr_filter.accounting_response {
  129. filename = "/etc/freeradius/mods-config/attr_filter/accounting_response"
  130. key = "%{User-Name}"
  131. relaxed = no
  132. }
  133. # Loaded module rlm_expr
  134. # Loading module "expr" from file /etc/freeradius/mods-enabled/expr
  135. expr {
  136. safe_characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /äéöüàâæçèéêëîïôœùûüaÿÄÉÖÜßÀÂÆÇÈÉÊËÎÏÔŒÙÛÜŸ"
  137. }
  138. # Loading module "radutmp" from file /etc/freeradius/mods-enabled/radutmp
  139. radutmp {
  140. filename = "/var/log/freeradius/radutmp"
  141. username = "%{User-Name}"
  142. case_sensitive = yes
  143. check_with_nas = yes
  144. permissions = 384
  145. caller_id = yes
  146. }
  147. # Loading module "exec" from file /etc/freeradius/mods-enabled/exec
  148. exec {
  149. wait = no
  150. input_pairs = "request"
  151. shell_escape = yes
  152. timeout = 10
  153. }
  154. # Loaded module rlm_eap
  155. # Loading module "eap" from file /etc/freeradius/mods-enabled/eap
  156. eap {
  157. default_eap_type = "peap"
  158. timer_expire = 60
  159. ignore_unknown_eap_types = no
  160. cisco_accounting_username_bug = no
  161. max_sessions = 16384
  162. }
  163. # Loaded module rlm_dynamic_clients
  164. # Loading module "dynamic_clients" from file /etc/freeradius/mods-enabled/dynamic_clients
  165. # Loaded module rlm_files
  166. # Loading module "files" from file /etc/freeradius/mods-enabled/files
  167. files {
  168. filename = "/etc/freeradius/mods-config/files/authorize"
  169. acctusersfile = "/etc/freeradius/mods-config/files/accounting"
  170. preproxy_usersfile = "/etc/freeradius/mods-config/files/pre-proxy"
  171. }
  172. # Loaded module rlm_unix
  173. # Loading module "unix" from file /etc/freeradius/mods-enabled/unix
  174. unix {
  175. radwtmp = "/var/log/freeradius/radwtmp"
  176. }
  177. Creating attribute Unix-Group
  178. # Loaded module rlm_replicate
  179. # Loading module "replicate" from file /etc/freeradius/mods-enabled/replicate
  180. # Loaded module rlm_always
  181. # Loading module "reject" from file /etc/freeradius/mods-enabled/always
  182. always reject {
  183. rcode = "reject"
  184. simulcount = 0
  185. mpp = no
  186. }
  187. # Loading module "fail" from file /etc/freeradius/mods-enabled/always
  188. always fail {
  189. rcode = "fail"
  190. simulcount = 0
  191. mpp = no
  192. }
  193. # Loading module "ok" from file /etc/freeradius/mods-enabled/always
  194. always ok {
  195. rcode = "ok"
  196. simulcount = 0
  197. mpp = no
  198. }
  199. # Loading module "handled" from file /etc/freeradius/mods-enabled/always
  200. always handled {
  201. rcode = "handled"
  202. simulcount = 0
  203. mpp = no
  204. }
  205. # Loading module "invalid" from file /etc/freeradius/mods-enabled/always
  206. always invalid {
  207. rcode = "invalid"
  208. simulcount = 0
  209. mpp = no
  210. }
  211. # Loading module "userlock" from file /etc/freeradius/mods-enabled/always
  212. always userlock {
  213. rcode = "userlock"
  214. simulcount = 0
  215. mpp = no
  216. }
  217. # Loading module "notfound" from file /etc/freeradius/mods-enabled/always
  218. always notfound {
  219. rcode = "notfound"
  220. simulcount = 0
  221. mpp = no
  222. }
  223. # Loading module "noop" from file /etc/freeradius/mods-enabled/always
  224. always noop {
  225. rcode = "noop"
  226. simulcount = 0
  227. mpp = no
  228. }
  229. # Loading module "updated" from file /etc/freeradius/mods-enabled/always
  230. always updated {
  231. rcode = "updated"
  232. simulcount = 0
  233. mpp = no
  234. }
  235. # Loaded module rlm_cache
  236. # Loading module "cache_eap" from file /etc/freeradius/mods-enabled/cache_eap
  237. cache cache_eap {
  238. driver = "rlm_cache_rbtree"
  239. key = "%{%{control:State}:-%{%{reply:State}:-%{State}}}"
  240. ttl = 15
  241. max_entries = 0
  242. epoch = 0
  243. add_stats = no
  244. }
  245. # Loaded module rlm_preprocess
  246. # Loading module "preprocess" from file /etc/freeradius/mods-enabled/preprocess
  247. preprocess {
  248. huntgroups = "/etc/freeradius/mods-config/preprocess/huntgroups"
  249. hints = "/etc/freeradius/mods-config/preprocess/hints"
  250. with_ascend_hack = no
  251. ascend_channels_per_line = 23
  252. with_ntdomain_hack = no
  253. with_specialix_jetstream_hack = no
  254. with_cisco_vsa_hack = no
  255. with_alvarion_vsa_hack = no
  256. }
  257. # Loaded module rlm_ldap
  258. # Loading module "ldap" from file /etc/freeradius/mods-enabled/ldap
  259. ldap {
  260. server = "venus.tetrasoft.in"
  261. identity = "cn=Administrator,cn=Users,dc=tetrasoft,dc=in"
  262. password = >>
  263. sasl {
  264. }
  265. user {
  266. scope = "sub"
  267. access_positive = yes
  268. sasl {
  269. }
  270. }
  271. group {
  272. filter = "(objectClass=posixGroup)"
  273. scope = "sub"
  274. name_attribute = "cn"
  275. membership_attribute = "memberOf"
  276. cacheable_name = no
  277. cacheable_dn = no
  278. }
  279. client {
  280. filter = "(objectClass=radiusClient)"
  281. scope = "sub"
  282. base_dn = "dc=tetrasoft,dc=in"
  283. }
  284. profile {
  285. }
  286. options {
  287. ldap_debug = 40
  288. chase_referrals = yes
  289. rebind = yes
  290. net_timeout = 1
  291. res_timeout = 10
  292. srv_timelimit = 3
  293. idle = 60
  294. probes = 3
  295. interval = 3
  296. }
  297. tls {
  298. start_tls = no
  299. }
  300. }
  301. Creating attribute LDAP-Group
  302. # Loaded module rlm_digest
  303. # Loading module "digest" from file /etc/freeradius/mods-enabled/digest
  304. # Loaded module rlm_utf8
  305. # Loading module "utf8" from file /etc/freeradius/mods-enabled/utf8
  306. # Loaded module rlm_expiration
  307. # Loading module "expiration" from file /etc/freeradius/mods-enabled/expiration
  308. # Loading module "auth_log" from file /etc/freeradius/mods-enabled/detail.log
  309. detail auth_log {
  310. filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d"
  311. header = "%t"
  312. permissions = 384
  313. locking = no
  314. escape_filenames = no
  315. log_packet_header = no
  316. }
  317. # Loading module "reply_log" from file /etc/freeradius/mods-enabled/detail.log
  318. detail reply_log {
  319. filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/reply-detail-%Y%m%d"
  320. header = "%t"
  321. permissions = 384
  322. locking = no
  323. escape_filenames = no
  324. log_packet_header = no
  325. }
  326. # Loading module "pre_proxy_log" from file /etc/freeradius/mods-enabled/detail.log
  327. detail pre_proxy_log {
  328. filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/pre-proxy-detail-%Y%m%d"
  329. header = "%t"
  330. permissions = 384
  331. locking = no
  332. escape_filenames = no
  333. log_packet_header = no
  334. }
  335. # Loading module "post_proxy_log" from file /etc/freeradius/mods-enabled/detail.log
  336. detail post_proxy_log {
  337. filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/post-proxy-detail-%Y%m%d"
  338. header = "%t"
  339. permissions = 384
  340. locking = no
  341. escape_filenames = no
  342. log_packet_header = no
  343. }
  344. # Loaded module rlm_unpack
  345. # Loading module "unpack" from file /etc/freeradius/mods-enabled/unpack
  346. # Loaded module rlm_passwd
  347. # Loading module "etc_passwd" from file /etc/freeradius/mods-enabled/passwd
  348. passwd etc_passwd {
  349. filename = "/etc/passwd"
  350. format = "*User-Name:Crypt-Password:"
  351. delimiter = ":"
  352. ignore_nislike = no
  353. ignore_empty = yes
  354. allow_multiple_keys = no
  355. hash_size = 100
  356. }
  357. # Loaded module rlm_soh
  358. # Loading module "soh" from file /etc/freeradius/mods-enabled/soh
  359. soh {
  360. dhcp = yes
  361. }
  362. # Loaded module rlm_logintime
  363. # Loading module "logintime" from file /etc/freeradius/mods-enabled/logintime
  364. logintime {
  365. minimum_timeout = 60
  366. }
  367. # Loaded module rlm_pap
  368. # Loading module "pap" from file /etc/freeradius/mods-enabled/pap
  369. pap {
  370. normalise = yes
  371. }
  372. instantiate {
  373. }
  374. # Instantiating module "mschap" from file /etc/freeradius/mods-enabled/mschap
  375. rlm_mschap (mschap): authenticating by calling 'ntlm_auth'
  376. # Instantiating module "detail" from file /etc/freeradius/mods-enabled/detail
  377. # Instantiating module "IPASS" from file /etc/freeradius/mods-enabled/realm
  378. # Instantiating module "suffix" from file /etc/freeradius/mods-enabled/realm
  379. # Instantiating module "realmpercent" from file /etc/freeradius/mods-enabled/realm
  380. # Instantiating module "ntdomain" from file /etc/freeradius/mods-enabled/realm
  381. # Instantiating module "linelog" from file /etc/freeradius/mods-enabled/linelog
  382. # Instantiating module "log_accounting" from file /etc/freeradius/mods-enabled/linelog
  383. # Instantiating module "attr_filter.post-proxy" from file /etc/freeradius/mods-enabled/attr_filter
  384. reading pairlist file /etc/freeradius/mods-config/attr_filter/post-proxy
  385. # Instantiating module "attr_filter.pre-proxy" from file /etc/freeradius/mods-enabled/attr_filter
  386. reading pairlist file /etc/freeradius/mods-config/attr_filter/pre-proxy
  387. # Instantiating module "attr_filter.access_reject" from file /etc/freeradius/mods-enabled/attr_filter
  388. reading pairlist file /etc/freeradius/mods-config/attr_filter/access_reject
  389. [/etc/freeradius/mods-config/attr_filter/access_reject]:11 Check item "FreeRADIUS-Response-Delay" found in filter list for realm "DEFAULT".
  390. [/etc/freeradius/mods-config/attr_filter/access_reject]:11 Check item "FreeRADIUS-Response-Delay-USec" found in filter list for realm "DEFAULT".
  391. # Instantiating module "attr_filter.access_challenge" from file /etc/freeradius/mods-enabled/attr_filter
  392. reading pairlist file /etc/freeradius/mods-config/attr_filter/access_challenge
  393. # Instantiating module "attr_filter.accounting_response" from file /etc/freeradius/mods-enabled/attr_filter
  394. reading pairlist file /etc/freeradius/mods-config/attr_filter/accounting_response
  395. # Instantiating module "eap" from file /etc/freeradius/mods-enabled/eap
  396. # Linked to sub-module rlm_eap_md5
  397. # Linked to sub-module rlm_eap_leap
  398. # Linked to sub-module rlm_eap_gtc
  399. gtc {
  400. challenge = "Password: "
  401. auth_type = "PAP"
  402. }
  403. # Linked to sub-module rlm_eap_tls
  404. tls {
  405. tls = "tls-common"
  406. }
  407. tls-config tls-common {
  408. verify_depth = 0
  409. ca_path = "/etc/freeradius/certs"
  410. pem_file_type = yes
  411. private_key_file = "/etc/freeradius/certs/server.pem"
  412. certificate_file = "/etc/freeradius/certs/server.pem"
  413. ca_file = "/etc/freeradius/certs/ca.pem"
  414. private_key_password = >>
  415. dh_file = "/etc/freeradius/certs/dh"
  416. fragment_size = 1024
  417. include_length = yes
  418. auto_chain = yes
  419. check_crl = no
  420. check_all_crl = no
  421. cipher_list = "DEFAULT"
  422. ecdh_curve = "prime256v1"
  423. cache {
  424. enable = yes
  425. lifetime = 24
  426. max_entries = 255
  427. }
  428. verify {
  429. skip_if_ocsp_ok = no
  430. }
  431. ocsp {
  432. enable = no
  433. override_cert_url = yes
  434. url = "http://127.0.0.1/ocsp/"
  435. use_nonce = yes
  436. timeout = 0
  437. softfail = no
  438. }
  439. }
  440. # Linked to sub-module rlm_eap_ttls
  441. ttls {
  442. tls = "tls-common"
  443. default_eap_type = "mschapv2"
  444. copy_request_to_tunnel = yes
  445. use_tunneled_reply = no
  446. virtual_server = "inner-tunnel"
  447. include_length = yes
  448. require_client_cert = no
  449. }
  450. tls: Using cached TLS configuration from previous invocation
  451. # Linked to sub-module rlm_eap_peap
  452. peap {
  453. tls = "tls-common"
  454. default_eap_type = "mschapv2"
  455. copy_request_to_tunnel = yes
  456. use_tunneled_reply = no
  457. proxy_tunneled_request_as_eap = yes
  458. virtual_server = "inner-tunnel"
  459. soh = no
  460. require_client_cert = no
  461. }
  462. tls: Using cached TLS configuration from previous invocation
  463. # Linked to sub-module rlm_eap_mschapv2
  464. mschapv2 {
  465. with_ntdomain_hack = no
  466. send_error = yes
  467. }
  468. # Instantiating module "files" from file /etc/freeradius/mods-enabled/files
  469. reading pairlist file /etc/freeradius/mods-config/files/authorize
  470. reading pairlist file /etc/freeradius/mods-config/files/accounting
  471. reading pairlist file /etc/freeradius/mods-config/files/pre-proxy
  472. # Instantiating module "reject" from file /etc/freeradius/mods-enabled/always
  473. # Instantiating module "fail" from file /etc/freeradius/mods-enabled/always
  474. # Instantiating module "ok" from file /etc/freeradius/mods-enabled/always
  475. # Instantiating module "handled" from file /etc/freeradius/mods-enabled/always
  476. # Instantiating module "invalid" from file /etc/freeradius/mods-enabled/always
  477. # Instantiating module "userlock" from file /etc/freeradius/mods-enabled/always
  478. # Instantiating module "notfound" from file /etc/freeradius/mods-enabled/always
  479. # Instantiating module "noop" from file /etc/freeradius/mods-enabled/always
  480. # Instantiating module "updated" from file /etc/freeradius/mods-enabled/always
  481. # Instantiating module "cache_eap" from file /etc/freeradius/mods-enabled/cache_eap
  482. rlm_cache (cache_eap): Driver rlm_cache_rbtree (module rlm_cache_rbtree) loaded and linked
  483. # Instantiating module "preprocess" from file /etc/freeradius/mods-enabled/preprocess
  484. reading pairlist file /etc/freeradius/mods-config/preprocess/huntgroups
  485. reading pairlist file /etc/freeradius/mods-config/preprocess/hints
  486. # Instantiating module "ldap" from file /etc/freeradius/mods-enabled/ldap
  487. rlm_ldap: libldap vendor: OpenLDAP, version: 20431
  488. accounting {
  489. reference = "%{tolower:type.%{Acct-Status-Type}}"
  490. }
  491. post-auth {
  492. reference = "."
  493. }
  494. rlm_ldap (ldap): Initialising connection pool
  495. pool {
  496. start = 5
  497. min = 3
  498. max = 32
  499. spare = 10
  500. uses = 0
  501. lifetime = 0
  502. cleanup_interval = 30
  503. idle_timeout = 60
  504. retry_delay = 30
  505. spread = no
  506. }
  507. rlm_ldap (ldap): Opening additional connection (0), 1 of 32 pending slots used
  508. rlm_ldap (ldap): Connecting to ldap://venus.tetrasoft.in:389
  509. rlm_ldap (ldap): Waiting for bind result...
  510. rlm_ldap (ldap): Bind successful
  511. rlm_ldap (ldap): Opening additional connection (1), 1 of 31 pending slots used
  512. rlm_ldap (ldap): Connecting to ldap://venus.tetrasoft.in:389
  513. rlm_ldap (ldap): Waiting for bind result...
  514. rlm_ldap (ldap): Bind successful
  515. rlm_ldap (ldap): Opening additional connection (2), 1 of 30 pending slots used
  516. rlm_ldap (ldap): Connecting to ldap://venus.tetrasoft.in:389
  517. rlm_ldap (ldap): Waiting for bind result...
  518. rlm_ldap (ldap): Bind successful
  519. rlm_ldap (ldap): Opening additional connection (3), 1 of 29 pending slots used
  520. rlm_ldap (ldap): Connecting to ldap://venus.tetrasoft.in:389
  521. rlm_ldap (ldap): Waiting for bind result...
  522. rlm_ldap (ldap): Bind successful
  523. rlm_ldap (ldap): Opening additional connection (4), 1 of 28 pending slots used
  524. rlm_ldap (ldap): Connecting to ldap://venus.tetrasoft.in:389
  525. rlm_ldap (ldap): Waiting for bind result...
  526. rlm_ldap (ldap): Bind successful
  527. # Instantiating module "expiration" from file /etc/freeradius/mods-enabled/expiration
  528. # Instantiating module "auth_log" from file /etc/freeradius/mods-enabled/detail.log
  529. rlm_detail (auth_log): 'User-Password' suppressed, will not appear in detail output
  530. # Instantiating module "reply_log" from file /etc/freeradius/mods-enabled/detail.log
  531. # Instantiating module "pre_proxy_log" from file /etc/freeradius/mods-enabled/detail.log
  532. # Instantiating module "post_proxy_log" from file /etc/freeradius/mods-enabled/detail.log
  533. # Instantiating module "etc_passwd" from file /etc/freeradius/mods-enabled/passwd
  534. rlm_passwd: nfields: 3 keyfield 0(User-Name) listable: no
  535. # Instantiating module "logintime" from file /etc/freeradius/mods-enabled/logintime
  536. # Instantiating module "pap" from file /etc/freeradius/mods-enabled/pap
  537. } # modules
  538. radiusd: #### Loading Virtual Servers ####
  539. server { # from file /etc/freeradius/radiusd.conf
  540. } # server
  541. server default { # from file /etc/freeradius/sites-enabled/default
  542. # Loading authenticate {...}
  543. # Loading authorize {...}
  544. Ignoring "sql" (see raddb/mods-available/README.rst)
  545. # Loading preacct {...}
  546. # Loading accounting {...}
  547. # Loading post-proxy {...}
  548. # Loading post-auth {...}
  549. } # server default
  550. server inner-tunnel { # from file /etc/freeradius/sites-enabled/inner-tunnel
  551. # Loading authenticate {...}
  552. # Loading authorize {...}
  553. # Loading session {...}
  554. # Loading post-proxy {...}
  555. # Loading post-auth {...}
  556. } # server inner-tunnel
  557. radiusd: #### Opening IP addresses and Ports ####
  558. listen {
  559. type = "auth"
  560. ipaddr = *
  561. port = 0
  562. limit {
  563. max_connections = 16
  564. lifetime = 0
  565. idle_timeout = 30
  566. }
  567. }
  568. listen {
  569. type = "acct"
  570. ipaddr = *
  571. port = 0
  572. limit {
  573. max_connections = 16
  574. lifetime = 0
  575. idle_timeout = 30
  576. }
  577. }
  578. listen {
  579. type = "auth"
  580. ipv6addr = ::
  581. port = 0
  582. limit {
  583. max_connections = 16
  584. lifetime = 0
  585. idle_timeout = 30
  586. }
  587. }
  588. listen {
  589. type = "acct"
  590. ipv6addr = ::
  591. port = 0
  592. limit {
  593. max_connections = 16
  594. lifetime = 0
  595. idle_timeout = 30
  596. }
  597. }
  598. listen {
  599. type = "auth"
  600. ipaddr = 127.0.0.1
  601. port = 18120
  602. }
  603. Listening on auth address * port 1812 bound to server default
  604. Listening on acct address * port 1813 bound to server default
  605. Listening on auth address :: port 1812 bound to server default
  606. Listening on acct address :: port 1813 bound to server default
  607. Listening on auth address 127.0.0.1 port 18120 bound to server inner-tunnel
  608. Listening on proxy address * port 56080
  609. Listening on proxy address :: port 34479
  610. Ready to process requests
  611. (0) Received Access-Request Id 21 from 192.168.26.10:51085 to 192.168.25.23:1812 length 874
  612. (0) Service-Type = Voice
  613. (0) MS-Identity-Type = Machine-Health-Check
  614. (0) NAS-Port-Type = Ethernet
  615. (0) MS-Network-Access-Server-Type = DHCP-Server
  616. (0) Called-Station-Id = "192.168.25.0"
  617. (0) MS-Service-Class = "Anthem-Network-25"
  618. (0) Calling-Station-Id = "B05ADA5CB134"
  619. (0) MS-Machine-Name = "TETRAONSITE"
  620. (0) MS-Quarantine-SOH = 0x0007028e00000137000202860007001e00000137908c4fe36e4c495ab9fdefc1948c4bb201d209cc134231cd010000020004000137000007006200000137031101000000060000000100001db100010000000005001954455452414f4e534954452e7465747261736f66742e696e0006908c4fe3
  621. (0) MS-Quarantine-SOH = 0x6500770061006c006c000000000b000400000002000a003a530079006d0061006e00740065006300200045006e00640070006f0069006e0074002000500072006f00740065006300740069006f006e000000000b000400000002000a00244d004900430052004f0053004f004600540020005000
  622. (0) MS-Quarantine-SOH = 0x0044005500430054000000000b000400000006000a003a530079006d0061006e00740065006300200045006e00640070006f0069006e0074002000500072006f00740065006300740069006f006e000000000b0004000000030008000103000b0004000001040008000104000b000400ff000500
  623. (0) NAS-Identifier = "TETRADHCP"
  624. (0) Acct-Session-Id = "3187027242"
  625. (0) NAS-IP-Address = 192.168.26.10
  626. (0) Framed-IP-Address = 192.168.25.52
  627. (0) Proxy-State = 0xc0a81a0a0000125c
  628. (0) Message-Authenticator = 0xb9a0587b38407da5107cd07ab7c7a78a
  629. (0) # Executing section authorize from file /etc/freeradius/sites-enabled/default
  630. (0) authorize {
  631. (0) policy filter_username {
  632. (0) if (&User-Name) {
  633. (0) if (&User-Name) -> FALSE
  634. (0) } # policy filter_username = notfound
  635. (0) [preprocess] = ok
  636. (0) [chap] = noop
  637. (0) [mschap] = noop
  638. (0) [digest] = noop
  639. (0) suffix: Proxy reply, or no User-Name. Ignoring
  640. (0) [suffix] = noop
  641. (0) eap: No EAP-Message, not doing EAP
  642. (0) [eap] = noop
  643. rlm_ldap (ldap): Reserved connection (0)
  644. (0) ldap: EXPAND (|(sAMAccountName=%{%{Stripped-User-Name}:-%{User-Name}})(userPrincipalName=%{User-Name}))
  645. (0) ldap: --> (|(sAMAccountName=)(userPrincipalName=))
  646. (0) ldap: Performing search in "dc=tetrasoft,dc=in" with filter "(|(sAMAccountName=)(userPrincipalName=))", scope "sub"
  647. (0) ldap: Waiting for search result...
  648. rlm_ldap (ldap): Rebinding to URL ldap://DomainDnsZones.tetrasoft.in/DC=DomainDnsZones,DC=tetrasoft,DC=in
  649. rlm_ldap (ldap): Waiting for bind result...
  650. rlm_ldap (ldap): Rebinding to URL ldap://ForestDnsZones.tetrasoft.in/DC=ForestDnsZones,DC=tetrasoft,DC=in
  651. rlm_ldap (ldap): Waiting for bind result...
  652. rlm_ldap (ldap): Rebinding to URL ldap://tetrasoft.in/CN=Configuration,DC=tetrasoft,DC=in
  653. rlm_ldap (ldap): Waiting for bind result...
  654. rlm_ldap (ldap): Bind successful
  655. rlm_ldap (ldap): Bind successful
  656. rlm_ldap (ldap): Bind successful
  657. (0) ldap: Search returned no results
  658. rlm_ldap (ldap): Deleting connection (0)
  659. rlm_ldap (ldap): Need 6 more connections to reach 10 spares
  660. rlm_ldap (ldap): Opening additional connection (5), 1 of 28 pending slots used
  661. rlm_ldap (ldap): Connecting to ldap://venus.tetrasoft.in:389
  662. rlm_ldap (ldap): Waiting for bind result...
  663. rlm_ldap (ldap): Bind successful
  664. (0) [ldap] = notfound
  665. (0) [expiration] = noop
  666. (0) [logintime] = noop
  667. (0) pap: WARNING: No "known good" password found for the user. Not setting Auth-Type
  668. (0) pap: WARNING: Authentication will fail unless a "known good" password is available
  669. (0) [pap] = noop
  670. (0) } # authorize = ok
  671. (0) ERROR: No Auth-Type found: rejecting the user via Post-Auth-Type = Reject
  672. (0) Failed to authenticate the user
  673. (0) Using Post-Auth-Type Reject
  674. (0) # Executing group from file /etc/freeradius/sites-enabled/default
  675. (0) Post-Auth-Type REJECT {
  676. (0) attr_filter.access_reject: EXPAND %{User-Name}
  677. (0) attr_filter.access_reject: -->
  678. (0) [attr_filter.access_reject] = noop
  679. (0) [eap] = noop
  680. (0) policy remove_reply_message_if_eap {
  681. (0) if (&reply:EAP-Message && &reply:Reply-Message) {
  682. (0) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
  683. (0) else {
  684. (0) [noop] = noop
  685. (0) } # else = noop
  686. (0) } # policy remove_reply_message_if_eap = noop
  687. (0) } # Post-Auth-Type REJECT = noop
  688. (0) Delaying response for 1.000000 seconds
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!