API tools faq
paste
Advertisement
Guest User

RADIUS-WIFI Error alice

a guest
Jan 18th, 2016
120
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 15.45 KB | None | 0 0
raw download clone embed print report
  1. mohammed@linuxserver:~$ sudo freeradius -X
  2. FreeRADIUS Version 2.1.12, for host i686-pc-linux-gnu, built on Feb 27 2015 at 12:38:42
  3. Copyright (C) 1999-2009 The FreeRADIUS server project and contributors.
  4. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
  5. PARTICULAR PURPOSE.
  6. You may redistribute copies of FreeRADIUS under the terms of the
  7. GNU General Public License v2.
  8. Starting - reading configuration files ...
  9. including configuration file /etc/freeradius/radiusd.conf
  10. including configuration file /etc/freeradius/proxy.conf
  11. including configuration file /etc/freeradius/clients.conf
  12. including files in directory /etc/freeradius/modules/
  13. including configuration file /etc/freeradius/modules/detail
  14. including configuration file /etc/freeradius/modules/cui
  15. including configuration file /etc/freeradius/modules/smsotp
  16. including configuration file /etc/freeradius/modules/expiration
  17. including configuration file /etc/freeradius/modules/unix
  18. including configuration file /etc/freeradius/modules/replicate
  19. including configuration file /etc/freeradius/modules/detail.example.com
  20. including configuration file /etc/freeradius/modules/passwd
  21. including configuration file /etc/freeradius/modules/opendirectory
  22. including configuration file /etc/freeradius/modules/ippool
  23. including configuration file /etc/freeradius/modules/chap
  24. including configuration file /etc/freeradius/modules/mschap
  25. including configuration file /etc/freeradius/modules/soh
  26. including configuration file /etc/freeradius/modules/etc_group
  27. including configuration file /etc/freeradius/modules/logintime
  28. including configuration file /etc/freeradius/modules/radutmp
  29. including configuration file /etc/freeradius/modules/exec
  30. including configuration file /etc/freeradius/modules/counter
  31. including configuration file /etc/freeradius/modules/inner-eap
  32. including configuration file /etc/freeradius/modules/mac2vlan
  33. including configuration file /etc/freeradius/modules/files
  34. including configuration file /etc/freeradius/modules/perl
  35. including configuration file /etc/freeradius/modules/mac2ip
  36. including configuration file /etc/freeradius/modules/krb5
  37. including configuration file /etc/freeradius/modules/ntlm_auth
  38. including configuration file /etc/freeradius/modules/preprocess
  39. including configuration file /etc/freeradius/modules/ldap
  40. including configuration file /etc/freeradius/modules/sql_log
  41. including configuration file /etc/freeradius/modules/dynamic_clients
  42. including configuration file /etc/freeradius/modules/policy
  43. including configuration file /etc/freeradius/modules/smbpasswd
  44. including configuration file /etc/freeradius/modules/linelog
  45. including configuration file /etc/freeradius/modules/pap
  46. including configuration file /etc/freeradius/modules/sradutmp
  47. including configuration file /etc/freeradius/modules/always
  48. including configuration file /etc/freeradius/modules/pam
  49. including configuration file /etc/freeradius/modules/sqlcounter_expire_on_login
  50. including configuration file /etc/freeradius/modules/echo
  51. including configuration file /etc/freeradius/modules/rediswho
  52. including configuration file /etc/freeradius/modules/redis
  53. including configuration file /etc/freeradius/modules/attr_rewrite
  54. including configuration file /etc/freeradius/modules/realm
  55. including configuration file /etc/freeradius/modules/attr_filter
  56. including configuration file /etc/freeradius/modules/expr
  57. including configuration file /etc/freeradius/modules/otp
  58. including configuration file /etc/freeradius/modules/detail.log
  59. including configuration file /etc/freeradius/modules/digest
  60. including configuration file /etc/freeradius/modules/wimax
  61. including configuration file /etc/freeradius/modules/acct_unique
  62. including configuration file /etc/freeradius/modules/checkval
  63. including configuration file /etc/freeradius/policy.conf
  64. including files in directory /etc/freeradius/sites-enabled/
  65. including configuration file /etc/freeradius/sites-enabled/default
  66. including configuration file /etc/freeradius/sites-enabled/inner-tunnel
  67. main {
  68. user = "freerad"
  69. group = "freerad"
  70. allow_core_dumps = no
  71. }
  72. including dictionary file /etc/freeradius/dictionary
  73. main {
  74. name = "freeradius"
  75. prefix = "/usr"
  76. localstatedir = "/var"
  77. sbindir = "/usr/sbin"
  78. logdir = "/var/log/freeradius"
  79. run_dir = "/var/run/freeradius"
  80. libdir = "/usr/lib/freeradius"
  81. radacctdir = "/var/log/freeradius/radacct"
  82. hostname_lookups = no
  83. max_request_time = 30
  84. cleanup_delay = 5
  85. max_requests = 1024
  86. pidfile = "/var/run/freeradius/freeradius.pid"
  87. checkrad = "/usr/sbin/checkrad"
  88. debug_level = 0
  89. proxy_requests = yes
  90. log {
  91. stripped_names = no
  92. auth = no
  93. auth_badpass = no
  94. auth_goodpass = no
  95. }
  96. security {
  97. max_attributes = 200
  98. reject_delay = 1
  99. status_server = yes
  100. }
  101. }
  102. radiusd: #### Loading Realms and Home Servers ####
  103. proxy server {
  104. retry_delay = 5
  105. retry_count = 3
  106. default_fallback = no
  107. dead_time = 120
  108. wake_all_if_all_dead = no
  109. }
  110. home_server localhost {
  111. ipaddr = 127.0.0.1
  112. port = 1812
  113. type = "auth"
  114. secret = "testing123"
  115. response_window = 20
  116. max_outstanding = 65536
  117. require_message_authenticator = yes
  118. zombie_period = 40
  119. status_check = "status-server"
  120. ping_interval = 30
  121. check_interval = 30
  122. num_answers_to_alive = 3
  123. num_pings_to_alive = 3
  124. revive_interval = 120
  125. status_check_timeout = 4
  126. coa {
  127. irt = 2
  128. mrt = 16
  129. mrc = 5
  130. mrd = 30
  131. }
  132. }
  133. home_server_pool my_auth_failover {
  134. type = fail-over
  135. home_server = localhost
  136. }
  137. realm example.com {
  138. auth_pool = my_auth_failover
  139. }
  140. realm LOCAL {
  141. }
  142. radiusd: #### Loading Clients ####
  143. client localhost {
  144. ipaddr = 127.0.0.1
  145. require_message_authenticator = no
  146. secret = "secretkey"
  147. nastype = "other"
  148. }
  149. client 192.168.0.0/16 {
  150. require_message_authenticator = no
  151. secret = "secretkey"
  152. nastype = "other"
  153. }
  154. client 10.0.0.0/8 {
  155. require_message_authenticator = no
  156. secret = "secretkey"
  157. nastype = "other"
  158. }
  159. radiusd: #### Instantiating modules ####
  160. instantiate {
  161. Module: Linked to module rlm_exec
  162. Module: Instantiating module "exec" from file /etc/freeradius/modules/exec
  163. exec {
  164. wait = no
  165. input_pairs = "request"
  166. shell_escape = yes
  167. }
  168. Module: Linked to module rlm_expr
  169. Module: Instantiating module "expr" from file /etc/freeradius/modules/expr
  170. Module: Linked to module rlm_expiration
  171. Module: Instantiating module "expiration" from file /etc/freeradius/modules/expiration
  172. expiration {
  173. reply-message = "Password Has Expired "
  174. }
  175. Module: Linked to module rlm_logintime
  176. Module: Instantiating module "logintime" from file /etc/freeradius/modules/logintime
  177. logintime {
  178. reply-message = "You are calling outside your allowed timespan "
  179. minimum-timeout = 60
  180. }
  181. }
  182. radiusd: #### Loading Virtual Servers ####
  183. server { # from file /etc/freeradius/radiusd.conf
  184. modules {
  185. Module: Creating Auth-Type = LDAP
  186. Module: Creating Post-Auth-Type = REJECT
  187. Module: Checking authenticate {...} for more modules to load
  188. Module: Linked to module rlm_ldap
  189. Module: Instantiating module "ldap" from file /etc/freeradius/modules/ldap
  190. ldap {
  191. server = "127.0.0.1"
  192. port = 389
  193. password = "M13n14e5"
  194. identity = "cn=admin,dc=example,dc=com"
  195. net_timeout = 1
  196. timeout = 4
  197. timelimit = 3
  198. tls_mode = no
  199. start_tls = no
  200. tls_require_cert = "allow"
  201. basedn = "ou=people,dc=example,dc=com"
  202. filter = "(uniqueIdentifier=%{%{Stripped-User-Name}:-%{User-Name}})"
  203. base_filter = "(objectclass=radiusprofile)"
  204. auto_header = no
  205. access_attr_used_for_allow = yes
  206. groupname_attribute = "cn"
  207. groupmembership_filter = "(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))"
  208. dictionary_mapping = "/etc/freeradius/ldap.attrmap"
  209. ldap_debug = 0
  210. ldap_connections_number = 5
  211. compare_check_items = no
  212. do_xlat = yes
  213. edir_account_policy_check = no
  214. set_auth_type = yes
  215. }
  216. rlm_ldap: Registering ldap_groupcmp for Ldap-Group
  217. rlm_ldap: Registering ldap_xlat with xlat_name ldap
  218. rlm_ldap: reading ldap<->radius mappings from file /etc/freeradius/ldap.attrmap
  219. rlm_ldap: LDAP radiusCheckItem mapped to RADIUS $GENERIC$
  220. rlm_ldap: LDAP radiusReplyItem mapped to RADIUS $GENERIC$
  221. rlm_ldap: LDAP radiusAuthType mapped to RADIUS Auth-Type
  222. rlm_ldap: LDAP radiusSimultaneousUse mapped to RADIUS Simultaneous-Use
  223. rlm_ldap: LDAP radiusCalledStationId mapped to RADIUS Called-Station-Id
  224. rlm_ldap: LDAP radiusCallingStationId mapped to RADIUS Calling-Station-Id
  225. rlm_ldap: LDAP lmPassword mapped to RADIUS LM-Password
  226. rlm_ldap: LDAP ntPassword mapped to RADIUS NT-Password
  227. rlm_ldap: LDAP sambaLmPassword mapped to RADIUS LM-Password
  228. rlm_ldap: LDAP sambaNtPassword mapped to RADIUS NT-Password
  229. rlm_ldap: LDAP dBCSPwd mapped to RADIUS LM-Password
  230. rlm_ldap: LDAP userPassword mapped to RADIUS Password-With-Header
  231. rlm_ldap: LDAP acctFlags mapped to RADIUS SMB-Account-CTRL-TEXT
  232. rlm_ldap: LDAP radiusExpiration mapped to RADIUS Expiration
  233. rlm_ldap: LDAP radiusNASIpAddress mapped to RADIUS NAS-IP-Address
  234. rlm_ldap: LDAP radiusServiceType mapped to RADIUS Service-Type
  235. rlm_ldap: LDAP radiusFramedProtocol mapped to RADIUS Framed-Protocol
  236. rlm_ldap: LDAP radiusFramedIPAddress mapped to RADIUS Framed-IP-Address
  237. rlm_ldap: LDAP radiusFramedIPNetmask mapped to RADIUS Framed-IP-Netmask
  238. rlm_ldap: LDAP radiusFramedRoute mapped to RADIUS Framed-Route
  239. rlm_ldap: LDAP radiusFramedRouting mapped to RADIUS Framed-Routing
  240. rlm_ldap: LDAP radiusFilterId mapped to RADIUS Filter-Id
  241. rlm_ldap: LDAP radiusFramedMTU mapped to RADIUS Framed-MTU
  242. rlm_ldap: LDAP radiusFramedCompression mapped to RADIUS Framed-Compression
  243. rlm_ldap: LDAP radiusLoginIPHost mapped to RADIUS Login-IP-Host
  244. rlm_ldap: LDAP radiusLoginService mapped to RADIUS Login-Service
  245. rlm_ldap: LDAP radiusLoginTCPPort mapped to RADIUS Login-TCP-Port
  246. rlm_ldap: LDAP radiusCallbackNumber mapped to RADIUS Callback-Number
  247. rlm_ldap: LDAP radiusCallbackId mapped to RADIUS Callback-Id
  248. rlm_ldap: LDAP radiusFramedIPXNetwork mapped to RADIUS Framed-IPX-Network
  249. rlm_ldap: LDAP radiusClass mapped to RADIUS Class
  250. rlm_ldap: LDAP radiusSessionTimeout mapped to RADIUS Session-Timeout
  251. rlm_ldap: LDAP radiusIdleTimeout mapped to RADIUS Idle-Timeout
  252. rlm_ldap: LDAP radiusTerminationAction mapped to RADIUS Termination-Action
  253. rlm_ldap: LDAP radiusLoginLATService mapped to RADIUS Login-LAT-Service
  254. rlm_ldap: LDAP radiusLoginLATNode mapped to RADIUS Login-LAT-Node
  255. rlm_ldap: LDAP radiusLoginLATGroup mapped to RADIUS Login-LAT-Group
  256. rlm_ldap: LDAP radiusFramedAppleTalkLink mapped to RADIUS Framed-AppleTalk-Link
  257. rlm_ldap: LDAP radiusFramedAppleTalkNetwork mapped to RADIUS Framed-AppleTalk-Network
  258. rlm_ldap: LDAP radiusFramedAppleTalkZone mapped to RADIUS Framed-AppleTalk-Zone
  259. rlm_ldap: LDAP radiusPortLimit mapped to RADIUS Port-Limit
  260. rlm_ldap: LDAP radiusLoginLATPort mapped to RADIUS Login-LAT-Port
  261. rlm_ldap: LDAP radiusReplyMessage mapped to RADIUS Reply-Message
  262. rlm_ldap: LDAP radiusTunnelType mapped to RADIUS Tunnel-Type
  263. rlm_ldap: LDAP radiusTunnelMediumType mapped to RADIUS Tunnel-Medium-Type
  264. rlm_ldap: LDAP radiusTunnelPrivateGroupId mapped to RADIUS Tunnel-Private-Group-Id
  265. conns: 0x880c348
  266. Module: Checking authorize {...} for more modules to load
  267. Module: Checking session {...} for more modules to load
  268. Module: Linked to module rlm_radutmp
  269. Module: Instantiating module "radutmp" from file /etc/freeradius/modules/radutmp
  270. radutmp {
  271. filename = "/var/log/freeradius/radutmp"
  272. username = "%{User-Name}"
  273. case_sensitive = yes
  274. check_with_nas = yes
  275. perm = 384
  276. callerid = yes
  277. }
  278. Module: Checking post-auth {...} for more modules to load
  279. Module: Linked to module rlm_attr_filter
  280. Module: Instantiating module "attr_filter.access_reject" from file /etc/freeradius/modules/attr_filter
  281. attr_filter attr_filter.access_reject {
  282. attrsfile = "/etc/freeradius/attrs.access_reject"
  283. key = "%{User-Name}"
  284. relaxed = no
  285. }
  286. } # modules
  287. } # server
  288. server inner-tunnel { # from file /etc/freeradius/sites-enabled/inner-tunnel
  289. modules {
  290. Module: Checking authenticate {...} for more modules to load
  291. Module: Checking authorize {...} for more modules to load
  292. Module: Checking session {...} for more modules to load
  293. Module: Checking post-auth {...} for more modules to load
  294. } # modules
  295. } # server
  296. radiusd: #### Opening IP addresses and Ports ####
  297. listen {
  298. type = "auth"
  299. ipaddr = *
  300. port = 0
  301. }
  302. listen {
  303. type = "acct"
  304. ipaddr = *
  305. port = 0
  306. }
  307. ... adding new socket proxy address * port 37921
  308. Listening on authentication address * port 1812
  309. Listening on accounting address * port 1813
  310. Listening on proxy address * port 1814
  311. Ready to process requests.
  312. rad_recv: Access-Request packet from host 192.168.1.1 port 35011, id=4, length=154
  313. User-Name = "alice"
  314. NAS-IP-Address = 78.104.81.132
  315. Called-Station-Id = "A2-F3-C1-67-EC-68:dd-wrt_vap"
  316. NAS-Port-Type = Wireless-802.11
  317. NAS-Port = 1
  318. Calling-Station-Id = "48-D2-24-3F-55-D4"
  319. Connect-Info = "CONNECT 54Mbps 802.11g"
  320. Framed-MTU = 1400
  321. EAP-Message = 0x0241000a01616c696365
  322. Message-Authenticator = 0x1c7a60e003d973d3b792e6e77a8dd835
  323. # Executing section authorize from file /etc/freeradius/sites-enabled/default
  324. +- entering group authorize {...}
  325. [ldap] performing user authorization for alice
  326. [ldap] expand: %{Stripped-User-Name} ->
  327. [ldap] ... expanding second conditional
  328. [ldap] expand: %{User-Name} -> alice
  329. [ldap] expand: (uniqueIdentifier=%{%{Stripped-User-Name}:-%{User-Name}}) -> (uniqueIdentifier=alice)
  330. [ldap] expand: ou=people,dc=example,dc=com -> ou=people,dc=example,dc=com
  331. [ldap] ldap_get_conn: Checking Id: 0
  332. [ldap] ldap_get_conn: Got Id: 0
  333. [ldap] attempting LDAP reconnection
  334. [ldap] (re)connect to 127.0.0.1:389, authentication 0
  335. [ldap] bind as cn=admin,dc=example,dc=com/M13n14e5 to 127.0.0.1:389
  336. [ldap] waiting for bind result ...
  337. [ldap] Bind was successful
  338. [ldap] performing search in ou=people,dc=example,dc=com, with filter (uniqueIdentifier=alice)
  339. [ldap] No default NMAS login sequence
  340. [ldap] looking for check items in directory...
  341. [ldap] userPassword -> Password-With-Header == "M13n14e5"
  342. [ldap] looking for reply items in directory...
  343. [ldap] user alice authorized to use remote access
  344. [ldap] ldap_release_conn: Release Id: 0
  345. ++[ldap] returns ok
  346. ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user
  347. Failed to authenticate the user.
  348. Using Post-Auth-Type Reject
  349. # Executing group from file /etc/freeradius/sites-enabled/default
  350. +- entering group REJECT {...}
  351. [attr_filter.access_reject] expand: %{User-Name} -> alice
  352. attr_filter: Matched entry DEFAULT at line 11
  353. ++[attr_filter.access_reject] returns updated
  354. Delaying reject of request 0 for 1 seconds
  355. Going to the next request
  356. Waking up in 0.9 seconds.
  357. Sending delayed reject for request 0
  358. Sending Access-Reject of id 4 to 192.168.1.1 port 35011
  359. Waking up in 4.9 seconds.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!