<html><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; ">
Hi all.<div><br></div><div>Im getting my hands dirty with radius and i really enjoying it to : ). Im totally new at this and im basically trying my way throu, lots of trying and loggreading as you can imagine. I got some things rolling, my firewalls pptp-auths and now my Proxim AP4000 with MAC-addr auth - just to hot.</div><div><br class="webkit-block-placeholder"></div><div>Now i just have to try the 2.0pre-release, to get prepared for the future. I have manually written in my clients and users in the version 2s configs. Everything works except for one small thing; now i can't login. These are the errors;</div><div><br class="webkit-block-placeholder"></div><div><div><i><div>rad_recv: Access-Request packet from host 10.0.5.200 port 6001, id=5, length=151</div><div> User-Name = "00-17-f2-ea-b1-3e"</div><div> User-Password = "00-17-f2-ea-b1-3e"</div><div> NAS-IP-Address = 10.0.5.200</div><div> Called-Station-Id = "00-20-a6-6f-93-bf:My Wireless Network B"</div><div> Calling-Station-Id = "00-17-f2-ea-b1-3e"</div><div> NAS-Port = 9</div><div> NAS-Port-Type = Wireless-802.11</div><div>+- entering group authorize</div><div>++[preprocess] returns ok</div><div>++[chap] returns noop</div><div>++[mschap] returns noop</div><div>++[unix] returns notfound</div><div> rlm_realm: No '@' in User-Name = "00-17-f2-ea-b1-3e", looking up realm NULL</div><div> rlm_realm: No such realm "NULL"</div><div>++[suffix] returns noop</div><div> rlm_eap: No EAP-Message, not doing EAP</div><div>++[eap] returns noop</div><div>++[files] returns noop</div><div>++[expiration] returns noop</div><div>++[logintime] returns noop</div><div>rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this.</div><div>++[pap] returns noop</div><div>auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user</div><div>auth: Failed to validate the user.</div><div>Login incorrect: [00-17-f2-ea-b1-3e/00-17-f2-ea-b1-3e] (from client ap4000-intern port 9 cli 00-17-f2-ea-b1-3e)</div><div> Found Post-Auth-Type Reject</div><div>+- entering group REJECT</div><div> expand: %{User-Name} -> 00-17-f2-ea-b1-3e</div><div> attr_filter: Matched entry DEFAULT at line 11</div><div>++[attr_filter.access_reject] returns updated</div><div>Delaying reject of request 0 for 1 seconds</div><div>Going to the next request</div><div><br class="webkit-block-placeholder"></div><div><span class="Apple-style-span" style="font-style: normal;">So, something is wrong with the default PAP-attributes. I look in the attr.access_reject-file and it guides me to the man-page. Unfortually it doesn't help me much, i tried PAP-Message=* ANY but it was a lame try. I haven't found any info about this either on the net (sorry if i missed something too easy).</span></div><div><span class="Apple-style-span" style="font-style: normal;"><br class="webkit-block-placeholder"></span></div><div><span class="Apple-style-span" style="font-style: normal;">Now im stuck, all help are apreciated.</span></div><div><span class="Apple-style-span" style="font-style: normal;"><br class="webkit-block-placeholder"></span></div><div><span class="Apple-style-span" style="font-style: normal;">Startup-info:</span></div><div><span class="Apple-style-span" style="font-style: normal;"><div><i>debian:~# /usr/local/sbin/radiusd -v</i></div><div><i>radiusd: FreeRADIUS Version 2.0.0-pre2, for host powerpc-unknown-linux-gnu, built on Sep 15 2007 at 06:11:44</i></div><div><i>Copyright (C) 2000-2007 The FreeRADIUS server project.</i></div><div><i>There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A</i></div><div><i>PARTICULAR PURPOSE.</i></div><div><i>You may redistribute copies of FreeRADIUS under the terms of the</i></div><div><i>GNU General Public License.</i></div><div><i>For more information about these matters, see the file named COPYRIGHT.</i></div><div><i>debian:~# /usr/local/sbin/radiusd -X -f -d /usr/local/etc/raddb</i></div><div><i>FreeRADIUS Version 2.0.0-pre2, for host powerpc-unknown-linux-gnu, built on Sep 15 2007 at 06:11:44</i></div><div><i>Copyright (C) 2000-2007 The FreeRADIUS server project. </i></div><div><i>There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A </i></div><div><i>PARTICULAR PURPOSE. </i></div><div><i>You may redistribute copies of FreeRADIUS under the terms of the </i></div><div><i>GNU General Public License. </i></div><div><i>Config: including file: /usr/local/etc/raddb/radiusd.conf</i></div><div><i>Config: including file: //usr/local/etc/raddb/proxy.conf</i></div><div><i>Config: including file: //usr/local/etc/raddb/clients.conf</i></div><div><i>Config: including file: //usr/local/etc/raddb/snmp.conf</i></div><div><i>Config: including file: //usr/local/etc/raddb/eap.conf</i></div><div><i>Config: including file: //usr/local/etc/raddb/sql.conf</i></div><div><i>Config: including file: //usr/local/etc/raddb/sql/mysql/dialup.conf</i></div><div><i>Config: including file: //usr/local/etc/raddb/sql/mysql/counter.conf</i></div><div><i>Config: including files in directory: //usr/local/etc/raddb/sites-enabled/</i></div><div><i>Config: including file: //usr/local/etc/raddb/sites-enabled/default</i></div><div><i>Starting - reading configuration files ...</i></div><div><i>read_config_files: reading dictionary</i></div><div><i>main {</i></div><div><i> prefix = "/usr/local"</i></div><div><i> localstatedir = "/var"</i></div><div><i> logdir = "/var/log/radius"</i></div><div><i> libdir = "/usr/local/lib"</i></div><div><i> radacctdir = "/var/log/radius/radacct"</i></div><div><i> hostname_lookups = yes</i></div><div><i> max_request_time = 30</i></div><div><i> cleanup_delay = 5</i></div><div><i> max_requests = 1024</i></div><div><i> allow_core_dumps = no</i></div><div><i> log_stripped_names = no</i></div><div><i> log_file = "/var/log/radius/radius.log"</i></div><div><i> log_auth = yes</i></div><div><i> log_auth_badpass = yes</i></div><div><i> log_auth_goodpass = yes</i></div><div><i> pidfile = "/var/run/radiusd/radiusd.pid"</i></div><div><i> checkrad = "/usr/local/sbin/checkrad"</i></div><div><i> debug_level = 0</i></div><div><i> proxy_requests = yes</i></div><div><i> log {</i></div><div><i> syslog_facility = "daemon"</i></div><div><i> }</i></div><div><i> proxy server {</i></div><div><i> retry_delay = 5</i></div><div><i> retry_count = 3</i></div><div><i> default_fallback = no</i></div><div><i> dead_time = 120</i></div><div><i> wake_all_if_all_dead = no</i></div><div><i> }</i></div><div><i> security {</i></div><div><i> max_attributes = 200</i></div><div><i> reject_delay = 1</i></div><div><i> status_server = yes</i></div><div><i> }</i></div><div><i>}</i></div><div><i> home_server localhost {</i></div><div><i> ipaddr = 127.0.0.1 IP address [127.0.0.1]</i></div><div><i> port = 1812</i></div><div><i> type = "auth"</i></div><div><i> secret = "testing123"</i></div><div><i> response_window = 20</i></div><div><i> max_outstanding = 65536</i></div><div><i> zombie_period = 40</i></div><div><i> status_check = "status-server"</i></div><div><i> ping_check = "none"</i></div><div><i> ping_interval = 30</i></div><div><i> check_interval = 30</i></div><div><i> num_answers_to_alive = 3</i></div><div><i> num_pings_to_alive = 3</i></div><div><i> revive_interval = 120</i></div><div><i> status_check_timeout = 4</i></div><div><i> }</i></div><div><i> server_pool my_auth_failover {</i></div><div><i> type = fail-over</i></div><div><i> home_server = localhost</i></div><div><i> }</i></div><div><i> realm example.com {</i></div><div><i> auth_pool = my_auth_failover</i></div><div><i> }</i></div><div><i> realm LOCAL {</i></div><div><i> }</i></div><div><i> listen {</i></div><div><i> type = "auth"</i></div><div><i> ipaddr = *</i></div><div><i> port = 0</i></div><div><i> client 127.0.0.1 {</i></div><div><i> secret = "testing123"</i></div><div><i> shortname = "localhost"</i></div><div><i> nastype = "other"</i></div><div><i> }</i></div><div><i> client 82.182.120.201 {</i></div><div><i> secret = "sexy"</i></div><div><i> shortname = "ap4000"</i></div><div><i> }</i></div><div><i> client 10.0.5.200 {</i></div><div><i> secret = "sexy"</i></div><div><i> shortname = "ap4000-intern"</i></div><div><i> }</i></div><div><i> }</i></div><div><i> listen {</i></div><div><i> type = "acct"</i></div><div><i> ipaddr = *</i></div><div><i> port = 1813</i></div><div><i> }</i></div><div><i>radiusd: entering modules setup</i></div><div><i>radiusd: Library search path is /usr/local/lib</i></div><div><i> instantiate {</i></div><div><i> Module: Linked to module rlm_exec</i></div><div><i> Module: Instantiating exec</i></div><div><i> exec {</i></div><div><i> wait = yes</i></div><div><i> input_pairs = "request"</i></div><div><i> shell_escape = yes</i></div><div><i> }</i></div><div><i>rlm_exec: wait=yes but no output defined. Did you mean output=none?</i></div><div><i> Module: Linked to module rlm_expr</i></div><div><i> Module: Instantiating expr</i></div><div><i> Module: Linked to module rlm_expiration</i></div><div><i> Module: Instantiating expiration</i></div><div><i> expiration {</i></div><div><i> reply-message = "Password Has Expired "</i></div><div><i> }</i></div><div><i> Module: Linked to module rlm_logintime</i></div><div><i> Module: Instantiating logintime</i></div><div><i> logintime {</i></div><div><i> reply-message = "You are calling outside your allowed timespan "</i></div><div><i> minimum-timeout = 60</i></div><div><i> }</i></div><div><i> }</i></div><div><i>server {</i></div><div><i> modules {</i></div><div><i> Module: Checking authenticate {...} for more modules to load</i></div><div><i> Module: Linked to module rlm_pap</i></div><div><i> Module: Instantiating pap</i></div><div><i> pap {</i></div><div><i> encryption_scheme = "auto"</i></div><div><i> auto_header = yes</i></div><div><i> }</i></div><div><i> Module: Linked to module rlm_chap</i></div><div><i> Module: Instantiating chap</i></div><div><i> Module: Linked to module rlm_mschap</i></div><div><i> Module: Instantiating mschap</i></div><div><i> mschap {</i></div><div><i> use_mppe = yes</i></div><div><i> require_encryption = no</i></div><div><i> require_strong = no</i></div><div><i> with_ntdomain_hack = no</i></div><div><i> }</i></div><div><i> Module: Linked to module rlm_unix</i></div><div><i> Module: Instantiating unix</i></div><div><i> unix {</i></div><div><i> radwtmp = "/var/log/radius/radwtmp"</i></div><div><i> }</i></div><div><i> Module: Linked to module rlm_eap</i></div><div><i> Module: Instantiating eap</i></div><div><i> eap {</i></div><div><i> default_eap_type = "md5"</i></div><div><i> timer_expire = 60</i></div><div><i> ignore_unknown_eap_types = no</i></div><div><i> cisco_accounting_username_bug = no</i></div><div><i> }</i></div><div><i> eap: Linked to sub-module rlm_eap_md5</i></div><div><i> eap: Instantiating eap-md5</i></div><div><i> eap: Linked to sub-module rlm_eap_leap</i></div><div><i> eap: Instantiating eap-leap</i></div><div><i> eap: Linked to sub-module rlm_eap_gtc</i></div><div><i> eap: Instantiating eap-gtc</i></div><div><i> gtc {</i></div><div><i> challenge = "Password: "</i></div><div><i> auth_type = "PAP"</i></div><div><i> }</i></div><div><i>rlm_eap: Ignoring EAP-Type/tls because we do not have OpenSSL support.</i></div><div><i>rlm_eap: Ignoring EAP-Type/ttls because we do not have OpenSSL support.</i></div><div><i>rlm_eap: Ignoring EAP-Type/peap because we do not have OpenSSL support.</i></div><div><i> eap: Linked to sub-module rlm_eap_mschapv2</i></div><div><i> eap: Instantiating eap-mschapv2</i></div><div><i> mschapv2 {</i></div><div><i> with_ntdomain_hack = no</i></div><div><i> }</i></div><div><i> Module: Checking authorize {...} for more modules to load</i></div><div><i> Module: Linked to module rlm_preprocess</i></div><div><i> Module: Instantiating preprocess</i></div><div><i> preprocess {</i></div><div><i> huntgroups = "//usr/local/etc/raddb/huntgroups"</i></div><div><i> hints = "//usr/local/etc/raddb/hints"</i></div><div><i> with_ascend_hack = no</i></div><div><i> ascend_channels_per_line = 23</i></div><div><i> with_ntdomain_hack = no</i></div><div><i> with_specialix_jetstream_hack = no</i></div><div><i> with_cisco_vsa_hack = no</i></div><div><i> with_alvarion_vsa_hack = no</i></div><div><i> }</i></div><div><i> Module: Linked to module rlm_realm</i></div><div><i> Module: Instantiating suffix</i></div><div><i> realm suffix {</i></div><div><i> format = "suffix"</i></div><div><i> delimiter = "@"</i></div><div><i> ignore_default = no</i></div><div><i> ignore_null = no</i></div><div><i> }</i></div><div><i> Module: Linked to module rlm_files</i></div><div><i> Module: Instantiating files</i></div><div><i> files {</i></div><div><i> usersfile = "//usr/local/etc/raddb/users"</i></div><div><i> acctusersfile = "//usr/local/etc/raddb/acct_users"</i></div><div><i> preproxy_usersfile = "//usr/local/etc/raddb/preproxy_users"</i></div><div><i> compat = "no"</i></div><div><i> }</i></div><div><i> Module: Checking preacct {...} for more modules to load</i></div><div><i> Module: Linked to module rlm_acct_unique</i></div><div><i> Module: Instantiating acct_unique</i></div><div><i> acct_unique {</i></div><div><i> key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port"</i></div><div><i> }</i></div><div><i> Module: Checking accounting {...} for more modules to load</i></div><div><i> Module: Linked to module rlm_detail</i></div><div><i> Module: Instantiating detail</i></div><div><i> detail {</i></div><div><i> detailfile = "/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"</i></div><div><i> header = "%t"</i></div><div><i> detailperm = 384</i></div><div><i> dirperm = 493</i></div><div><i> locking = no</i></div><div><i> log_packet_header = no</i></div><div><i> }</i></div><div><i> Module: Linked to module rlm_radutmp</i></div><div><i> Module: Instantiating radutmp</i></div><div><i> radutmp {</i></div><div><i> filename = "/var/log/radius/radutmp"</i></div><div><i> username = "%{User-Name}"</i></div><div><i> case_sensitive = yes</i></div><div><i> check_with_nas = yes</i></div><div><i> perm = 384</i></div><div><i> callerid = yes</i></div><div><i> }</i></div><div><i> Module: Linked to module rlm_attr_filter</i></div><div><i> Module: Instantiating attr_filter.accounting_response</i></div><div><i> attr_filter attr_filter.accounting_response {</i></div><div><i> attrsfile = "//usr/local/etc/raddb/attrs.accounting_response"</i></div><div><i> key = "%{User-Name}"</i></div><div><i> }</i></div><div><i> Module: Checking session {...} for more modules to load</i></div><div><i> Module: Checking post-proxy {...} for more modules to load</i></div><div><i> Module: Checking post-auth {...} for more modules to load</i></div><div><i> Module: Instantiating attr_filter.access_reject</i></div><div><i> attr_filter attr_filter.access_reject {</i></div><div><i> attrsfile = "//usr/local/etc/raddb/attrs.access_reject"</i></div><div><i> key = "%{User-Name}"</i></div><div><i> }</i></div><div><i> }</i></div><div><i>}</i></div><div><i>Initializing the thread pool...</i></div><div><i>Listening on authentication address * port 1812</i></div><div><i>Listening on accounting address * port 1813</i></div><div><i>Listening on proxy address * port 1814</i></div><div><i>Ready to process requests.</i></div><div><i><br class="webkit-block-placeholder"></i></div><div>When it all works under 1.1.7:</div><div><i><div>rad_recv: Access-Request packet from host 10.0.5.200:6001, id=4, length=151</div><div> User-Name = "00-17-f2-ea-b1-3e"</div><div> User-Password = "00-17-f2-ea-b1-3e"</div><div> NAS-IP-Address = 10.0.5.200</div><div> Called-Station-Id = "00-20-a6-6f-93-bf:My Wireless Network B"</div><div> Calling-Station-Id = "00-17-f2-ea-b1-3e"</div><div> NAS-Port = 9</div><div> NAS-Port-Type = Wireless-802.11</div><div> Processing the authorize section of radiusd.conf</div><div>modcall: entering group authorize for request 0</div><div> modcall[authorize]: module "preprocess" returns ok for request 0</div><div> modcall[authorize]: module "chap" returns noop for request 0</div><div> modcall[authorize]: module "mschap" returns noop for request 0</div><div> rlm_realm: No '@' in User-Name = "00-17-f2-ea-b1-3e", looking up realm NULL</div><div> rlm_realm: No such realm "NULL"</div><div> modcall[authorize]: module "suffix" returns noop for request 0</div><div> rlm_eap: No EAP-Message, not doing EAP</div><div> modcall[authorize]: module "eap" returns noop for request 0</div><div> users: Matched entry 00-17-f2-ea-b1-3e at line 96</div><div> modcall[authorize]: module "files" returns ok for request 0</div><div> modcall[authorize]: module "pap" returns updated for request 0</div><div>modcall: leaving group authorize (returns updated) for request 0</div><div> rad_check_password: Found Auth-Type pap</div><div>auth: type "PAP"</div><div> Processing the authenticate section of radiusd.conf</div><div>modcall: entering group PAP for request 0</div><div>rlm_pap: login attempt with password 00-17-f2-ea-b1-3e</div><div>rlm_pap: Using clear text password "00-17-f2-ea-b1-3e".</div><div>rlm_pap: User authenticated successfully</div><div> modcall[authenticate]: module "pap" returns ok for request 0</div><div>modcall: leaving group PAP (returns ok) for request 0</div><div>Sending Access-Accept of id 4 to 10.0.5.200 port 6001</div><div> Calling-Station-Id == "00-17-f2-ea-b1-3e"</div><div> NAS-IP-Address = 82.182.120.201</div><div> Called-Station-Id = "00-20-a6-6f-93-bf:My Wireless Network B"</div><div> NAS-Port = 9</div><div> NAS-Port-Type = Wireless-802.11</div><div> Service-Type = Framed-User</div><div> Framed-Routing = Broadcast-Listen</div><div>Finished request 0</div><div>Going to the next request</div><div>--- Walking the entire request list ---</div><div>Waking up in 6 seconds..</div><div><br class="webkit-block-placeholder"></div><div><br class="webkit-block-placeholder"></div><div><br class="webkit-block-placeholder"></div><div><br class="webkit-block-placeholder"></div><div><span class="Apple-style-span" style="font-style: normal;">Startup info:</span></div><div><div>debian:~# /usr/sbin/radiusd -v</div><div>radiusd: FreeRADIUS Version 1.1.7, for host powerpc-unknown-linux-gnu, built on Sep 15 2007 at 09:59:30</div><div>Copyright (C) 2000-2007 The FreeRADIUS server project.</div><div>There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A</div><div>PARTICULAR PURPOSE.</div><div>You may redistribute copies of FreeRADIUS under the terms of the</div><div>GNU General Public License.</div><div>For more information about these matters, see the file named COPYRIGHT.</div><div>debian:~# /usr/sbin/radiusd -X -f -d /etc/raddb/</div><div>Starting - reading configuration files ...</div><div>reread_config: reading radiusd.conf</div><div>Config: including file: /etc/raddb/proxy.conf</div><div>Config: including file: /etc/raddb/clients.conf</div><div>Config: including file: /etc/raddb/snmp.conf</div><div>Config: including file: /etc/raddb/eap.conf</div><div>Config: including file: /etc/raddb/sql.conf</div><div> main: prefix = "/usr"</div><div> main: localstatedir = "/var"</div><div> main: logdir = "/var/log/radius"</div><div> main: libdir = "/usr/lib"</div><div> main: radacctdir = "/var/log/radius/radacct"</div><div> main: hostname_lookups = no</div><div> main: max_request_time = 30</div><div> main: cleanup_delay = 5</div><div> main: max_requests = 1024</div><div> main: delete_blocked_requests = 0</div><div> main: port = 0</div><div> main: allow_core_dumps = no</div><div> main: log_stripped_names = no</div><div> main: log_file = "/var/log/radius/radius.log"</div><div> main: log_auth = no</div><div> main: log_auth_badpass = no</div><div> main: log_auth_goodpass = no</div><div> main: pidfile = "/var/run/radiusd/radiusd.pid"</div><div> main: user = "(null)"</div><div> main: group = "(null)"</div><div> main: usercollide = no</div><div> main: lower_user = "no"</div><div> main: lower_pass = "no"</div><div> main: nospace_user = "no"</div><div> main: nospace_pass = "no"</div><div> main: checkrad = "/usr/checkrad"</div><div> main: proxy_requests = yes</div><div> proxy: retry_delay = 5</div><div> proxy: retry_count = 3</div><div> proxy: synchronous = no</div><div> proxy: default_fallback = yes</div><div> proxy: dead_time = 120</div><div> proxy: post_proxy_authorize = no</div><div> proxy: wake_all_if_all_dead = no</div><div> security: max_attributes = 200</div><div> security: reject_delay = 1</div><div> security: status_server = no</div><div> main: debug_level = 0</div><div>read_config_files: reading dictionary</div><div>read_config_files: reading naslist</div><div>Using deprecated naslist file. Support for this will go away soon.</div><div>read_config_files: reading clients</div><div>read_config_files: reading realms</div><div>radiusd: entering modules setup</div><div>Module: Library search path is /usr/lib</div><div>Module: Loaded exec </div><div> exec: wait = yes</div><div> exec: program = "(null)"</div><div> exec: input_pairs = "request"</div><div> exec: output_pairs = "(null)"</div><div> exec: packet_type = "(null)"</div><div>rlm_exec: Wait=yes but no output defined. Did you mean output=none?</div><div>Module: Instantiated exec (exec) </div><div>Module: Loaded expr </div><div>Module: Instantiated expr (expr) </div><div>Module: Loaded PAP </div><div> pap: encryption_scheme = "crypt"</div><div> pap: auto_header = yes</div><div>Module: Instantiated pap (pap) </div><div>Module: Loaded CHAP </div><div>Module: Instantiated chap (chap) </div><div>Module: Loaded MS-CHAP </div><div> mschap: use_mppe = yes</div><div> mschap: require_encryption = no</div><div> mschap: require_strong = no</div><div> mschap: with_ntdomain_hack = no</div><div> mschap: passwd = "(null)"</div><div> mschap: ntlm_auth = "(null)"</div><div>Module: Instantiated mschap (mschap) </div><div>Module: Loaded System </div><div> unix: cache = no</div><div> unix: passwd = "(null)"</div><div> unix: shadow = "(null)"</div><div> unix: group = "(null)"</div><div> unix: radwtmp = "/var/log/radius/radwtmp"</div><div> unix: usegroup = no</div><div> unix: cache_reload = 600</div><div>Module: Instantiated unix (unix) </div><div>Module: Loaded eap </div><div> eap: default_eap_type = "md5"</div><div> eap: timer_expire = 60</div><div> eap: ignore_unknown_eap_types = no</div><div> eap: cisco_accounting_username_bug = no</div><div>rlm_eap: Loaded and initialized type md5</div><div>rlm_eap: Loaded and initialized type leap</div><div> gtc: challenge = "Password: "</div><div> gtc: auth_type = "PAP"</div><div>rlm_eap: Loaded and initialized type gtc</div><div> tls: rsa_key_exchange = no</div><div> tls: dh_key_exchange = yes</div><div> tls: rsa_key_length = 512</div><div> tls: dh_key_length = 512</div><div> tls: verify_depth = 0</div><div> tls: CA_path = "(null)"</div><div> tls: pem_file_type = yes</div><div> tls: private_key_file = "/etc/raddb/certs/cert-srv.pem"</div><div> tls: certificate_file = "/etc/raddb/certs/cert-srv.pem"</div><div> tls: CA_file = "/etc/raddb/certs/demoCA/cacert.pem"</div><div> tls: private_key_password = "whatever"</div><div> tls: dh_file = "/etc/raddb/certs/dh"</div><div> tls: random_file = "/etc/raddb/certs/random"</div><div> tls: fragment_size = 1024</div><div> tls: include_length = yes</div><div> tls: check_crl = no</div><div> tls: check_cert_cn = "(null)"</div><div> tls: cipher_list = "(null)"</div><div> tls: check_cert_issuer = "(null)"</div><div>rlm_eap_tls: Loading the certificate file as a chain</div><div>WARNING: rlm_eap_tls: Unable to set DH parameters. DH cipher suites may not work!</div><div>WARNING: Fix this by running the OpenSSL command listed in eap.conf</div><div>rlm_eap: Loaded and initialized type tls</div><div> mschapv2: with_ntdomain_hack = no</div><div>rlm_eap: Loaded and initialized type mschapv2</div><div>Module: Instantiated eap (eap) </div><div>Module: Loaded preprocess </div><div> preprocess: huntgroups = "/etc/raddb/huntgroups"</div><div> preprocess: hints = "/etc/raddb/hints"</div><div> preprocess: with_ascend_hack = no</div><div> preprocess: ascend_channels_per_line = 23</div><div> preprocess: with_ntdomain_hack = no</div><div> preprocess: with_specialix_jetstream_hack = no</div><div> preprocess: with_cisco_vsa_hack = no</div><div> preprocess: with_alvarion_vsa_hack = no</div><div>Module: Instantiated preprocess (preprocess) </div><div>Module: Loaded realm </div><div> realm: format = "suffix"</div><div> realm: delimiter = "@"</div><div> realm: ignore_default = no</div><div> realm: ignore_null = no</div><div>Module: Instantiated realm (suffix) </div><div>Module: Loaded files </div><div> files: usersfile = "/etc/raddb/users"</div><div> files: acctusersfile = "/etc/raddb/acct_users"</div><div> files: preproxy_usersfile = "/etc/raddb/preproxy_users"</div><div> files: compat = "no"</div><div>Module: Instantiated files (files) </div><div>Module: Loaded Acct-Unique-Session-Id </div><div> acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port"</div><div>Module: Instantiated acct_unique (acct_unique) </div><div>Module: Loaded detail </div><div> detail: detailfile = "/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"</div><div> detail: detailperm = 384</div><div> detail: dirperm = 493</div><div> detail: locking = no</div><div>Module: Instantiated detail (detail) </div><div>Module: Loaded radutmp </div><div> radutmp: filename = "/var/log/radius/radutmp"</div><div> radutmp: username = "%{User-Name}"</div><div> radutmp: case_sensitive = yes</div><div> radutmp: check_with_nas = yes</div><div> radutmp: perm = 384</div><div> radutmp: callerid = yes</div><div>Module: Instantiated radutmp (radutmp) </div><div>Listening on authentication *:1812</div><div>Listening on accounting *:1813</div><div>Listening on proxy 127.0.0.1:1814</div><div>Ready to process requests.</div></div></i></div></span></div></i></div></div></body></html>