<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<meta name="Generator" content="Microsoft Word 14 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:"Matura MT Script Capitals";
panose-1:3 2 8 2 6 6 2 7 2 2;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
@font-face
{font-family:-moz-fixed;
panose-1:0 0 0 0 0 0 0 0 0 0;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";
color:black;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0in;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";
color:black;}
span.moz-txt-tag
{mso-style-name:moz-txt-tag;}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Consolas;
color:black;}
span.EmailStyle20
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body bgcolor="white" lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">>
</span><span style="font-size:10.0pt;font-family:"-moz-fixed","serif"">ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"-moz-fixed","serif""><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"-moz-fixed","serif"">This is probably your culprit. Do you have the SQL module in your authorize and authenticate sections of your config?</span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<div>
<p class="MsoNormal"><span style="font-size:28.0pt;font-family:"Matura MT Script Capitals";color:#1F497D">Jake Sallee<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New";color:#1F497D">Godfather of Bandwidth<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New";color:#1F497D">System Engineer<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Courier New";color:#1F497D">University of Mary Hardin-Baylor<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Courier New";color:#1F497D">900 College St.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Courier New";color:#1F497D">Belton, Texas<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Courier New";color:#1F497D">76513<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Courier New";color:#1F497D">Fone: 254-295-4658<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Courier New";color:#1F497D">Phax: 254-295-4221<o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext"> freeradius-users-bounces+jake.sallee=umhb.edu@lists.freeradius.org
[mailto:freeradius-users-bounces+jake.sallee=umhb.edu@lists.freeradius.org] <b>On Behalf Of
</b>Bastien Semene<br>
<b>Sent:</b> Wednesday, July 06, 2011 8:27 AM<br>
<b>To:</b> freeradius-users@lists.freeradius.org<br>
<b>Subject:</b> Auth-Type fail<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><span style="font-size:10.0pt;font-family:"-moz-fixed","serif"">Hi list,
<br>
<br>
I have problem authenticating users against (My)SQL. <br>
Freeradius is running on a FreeBSD 8.0-STABLE and is on version 2.1.10. <br>
<br>
It is a fresh install that I made work with the default file authentication. <br>
When I connect the SQL backend, it doesn't work. <br>
I followed the instructions on the FreeRADIUS wiki : <a href="http://wiki.freeradius.org/SQl_HOWTO">
http://wiki.freeradius.org/SQl_HOWTO</a> <br>
<br>
The SQL module is correctly loaded and it returns an OK during authentication. <br>
The queries are well formed and the results should be ok <br>
<br>
What I don't understand is why sql module returns OK, and the authentication is rejected. In my mind, an OK from the SQL module at this step means it has authenticated the user.
<br>
Am I misunderstanding ? <br>
<br>
The debug output and relevant configuration directives are below. <br>
<br>
P.S. : 10.1.8.4 is the IP of the server, I'm running radtest commands from this host (I can't use 127.0.0.1 because of how network currently works in jails on FreeBSD).
<br>
<br>
<br>
Here is the output of the radtest command : <br>
<br>
# radtest bsemene test 10.1.8.4 0 "password for jail client" <br>
Sending Access-Request of id 214 to 10.1.8.4 port 1812 <br>
User-Name = "bsemene" <br>
User-Password = "test" <br>
NAS-IP-Address = 10.1.8.4 <br>
NAS-Port = 0 <br>
rad_recv: Access-Reject packet from host 10.1.8.4 port 1812, id=214, length=20 <br>
<br>
<br>
<br>
<br>
Here is the debug output during authentication : <br>
<br>
rad_recv: Access-Request packet from host 10.1.8.4 port 44065, id=138, length=59 <br>
User-Name = "bsemene" <br>
User-Password = "test" <br>
NAS-IP-Address = 10.1.8.4 <br>
NAS-Port = 0 <br>
# Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
<br>
+- entering group authorize {...} <br>
++[preprocess] returns ok <br>
++[chap] returns noop <br>
++[mschap] returns noop <br>
++[digest] returns noop <br>
[suffix] No '@' in User-Name = "bsemene", looking up realm NULL <br>
[suffix] No such realm "NULL" <br>
++[suffix] returns noop <br>
[eap] No EAP-Message, not doing EAP <br>
++[eap] returns noop <br>
++[files] returns noop <br>
[sql] expand: %{Stripped-User-Name} -> <br>
[sql] ... expanding second conditional <br>
[sql] expand: %{User-Name} -> bsemene <br>
[sql] expand: %{%{User-Name}:-DEFAULT} -> bsemene <br>
[sql] expand: %{%{Stripped-User-Name}:-%{%{User-Name}:-DEFAULT}} -> bsemene <br>
[sql] sql_set_user escaped user --> 'bsemene' <br>
rlm_sql (sql): Reserving sql socket id: 4 <br>
[sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = BINARY '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, opFROM radcheck WHERE username = BINARY 'bsemene'
ORDER BY id <br>
[sql] expand: SELECT groupname FROM radusergroup WHERE username = BINARY '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHEe = BINARY 'bsemene' ORDER BY priority
<br>
[sql] expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname
= 'dynamic' ORDER BY id <br>
[sql] User found in group dynamic <br>
[sql] expand: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname
= 'dynamic' ORDER BY id <br>
rlm_sql (sql): Released sql socket id: 4 <br>
++[sql] returns ok <br>
++[expiration] returns noop <br>
++[logintime] returns noop <br>
[pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.
<br>
++[pap] returns noop <br>
ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user
<br>
Failed to authenticate the user. <br>
Using Post-Auth-Type Reject <br>
# Executing group from file /usr/local/etc/raddb/sites-enabled/default <br>
+- entering group REJECT {...} <br>
[attr_filter.access_reject] expand: %{User-Name} -> bsemene <br>
attr_filter: Matched entry DEFAULT at line 11 <br>
++[attr_filter.access_reject] returns updated <br>
Delaying reject of request 0 for 1 seconds <br>
Going to the next request <br>
Waking up in 0.9 seconds. <br>
Sending delayed reject for request 0 <br>
Sending Access-Reject of id 138 to 10.1.8.4 port 44065 <br>
Waking up in 4.9 seconds. <br>
Cleaning up request 0 ID 138 with timestamp +4 <br>
Ready to process requests. <br>
<br>
<br>
<br>
<br>
Here are the (test) DB datas (sorry for the layout) : <br>
<br>
mysql> SELECT * FROM radusergroup; <br>
+----------+-----------+----------+ <br>
| username | groupname | priority | <br>
+----------+-----------+----------+ <br>
| bsemene | dynamic | 1 | <br>
+----------+-----------+----------+ <br>
1 row in set (0.02 sec) <br>
<br>
mysql> SELECT * FROM radcheck; <br>
+----+----------+--------------------+----+-------+ <br>
| id | username | attribute | op | value | <br>
+----+----------+--------------------+----+-------+ <br>
| 1 | bsemene | Cleartext-Password | == | test | <br>
+----+----------+--------------------+----+-------+ <br>
1 row in set (0.00 sec) <br>
<br>
mysql> SELECT * FROM radreply; <br>
Empty set (0.00 sec) <br>
<br>
mysql> SELECT * FROM radgroupreply; <br>
+----+-----------+------------+----+-------+ <br>
| id | groupname | attribute | op | value | <br>
+----+-----------+------------+----+-------+ <br>
| 1 | dynamic | Framed-MTU | := | 1500 | <br>
+----+-----------+------------+----+-------+ <br>
1 row in set (0.02 sec) <br>
<br>
<br>
<br>
<br>
Here is the default site config : <br>
<br>
# cat sites-available/default | grep -v "^[[:space:]]*#" | grep -v "^$" [root@radius]
<br>
authorize { <br>
preprocess <br>
chap <br>
mschap <br>
digest <br>
suffix <br>
eap { <br>
ok = return <br>
} <br>
files <br>
sql <br>
expiration <br>
logintime <br>
pap <br>
} <br>
authenticate { <br>
Auth-Type PAP { <br>
pap <br>
} <br>
Auth-Type CHAP { <br>
chap <br>
} <br>
Auth-Type MS-CHAP { <br>
mschap <br>
} <br>
digest <br>
unix <br>
eap <br>
} <br>
preacct { <br>
preprocess <br>
acct_unique <br>
suffix <br>
files <br>
} <br>
accounting { <br>
detail <br>
unix <br>
radutmp <br>
sql <br>
exec <br>
attr_filter.accounting_response <br>
} <br>
session { <br>
radutmp <br>
} <br>
post-auth { <br>
exec <br>
Post-Auth-Type REJECT { <br>
attr_filter.access_reject <br>
} <br>
} <br>
pre-proxy { <br>
} <br>
post-proxy { <br>
eap <br>
} <br>
<br>
<br>
<br>
And finally the service loading output : <br>
<br>
Starting radiusd. <br>
FreeRADIUS Version 2.1.10, for host i386-portbld-freebsd8.0, built on Jun 28 2011 at 16:08:13
<br>
Copyright (C) 1999-2009 The FreeRADIUS server project and contributors. <br>
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A <br>
PARTICULAR PURPOSE. <br>
You may redistribute copies of FreeRADIUS under the terms of the <br>
GNU General Public License v2. <br>
Starting - reading configuration files ... <br>
including configuration file /usr/local/etc/raddb/radiusd.conf <br>
including configuration file /usr/local/etc/raddb/proxy.conf <br>
including configuration file /usr/local/etc/raddb/clients.conf <br>
including files in directory <span class="moz-txt-tag"><i>/</i></span><i>usr/local/etc/raddb/modules<span class="moz-txt-tag">/</span></i>
<br>
including configuration file /usr/local/etc/raddb/modules/wimax <br>
including configuration file /usr/local/etc/raddb/modules/always <br>
including configuration file /usr/local/etc/raddb/modules/attr_filter <br>
including configuration file /usr/local/etc/raddb/modules/attr_rewrite <br>
including configuration file /usr/local/etc/raddb/modules/chap <br>
including configuration file /usr/local/etc/raddb/modules/checkval <br>
including configuration file /usr/local/etc/raddb/modules/counter <br>
including configuration file /usr/local/etc/raddb/modules/cui <br>
including configuration file /usr/local/etc/raddb/modules/detail <br>
including configuration file /usr/local/etc/raddb/modules/detail.example.com <br>
including configuration file /usr/local/etc/raddb/modules/detail.log <br>
including configuration file /usr/local/etc/raddb/modules/digest <br>
including configuration file /usr/local/etc/raddb/modules/dynamic_clients <br>
including configuration file /usr/local/etc/raddb/modules/echo <br>
including configuration file /usr/local/etc/raddb/modules/etc_group <br>
including configuration file /usr/local/etc/raddb/modules/exec <br>
including configuration file /usr/local/etc/raddb/modules/expiration <br>
including configuration file /usr/local/etc/raddb/modules/expr <br>
including configuration file /usr/local/etc/raddb/modules/files <br>
including configuration file /usr/local/etc/raddb/modules/inner-eap <br>
including configuration file /usr/local/etc/raddb/modules/ippool <br>
including configuration file /usr/local/etc/raddb/modules/krb5 <br>
including configuration file /usr/local/etc/raddb/modules/ldap <br>
including configuration file /usr/local/etc/raddb/modules/linelog <br>
including configuration file /usr/local/etc/raddb/modules/logintime <br>
including configuration file /usr/local/etc/raddb/modules/mac2ip <br>
including configuration file /usr/local/etc/raddb/modules/mschap <br>
including configuration file /usr/local/etc/raddb/modules/mac2vlan <br>
including configuration file /usr/local/etc/raddb/modules/ntlm_auth <br>
including configuration file /usr/local/etc/raddb/modules/opendirectory <br>
including configuration file /usr/local/etc/raddb/modules/otp <br>
including configuration file /usr/local/etc/raddb/modules/pam <br>
including configuration file /usr/local/etc/raddb/modules/pap <br>
including configuration file /usr/local/etc/raddb/modules/passwd <br>
including configuration file /usr/local/etc/raddb/modules/perl <br>
including configuration file /usr/local/etc/raddb/modules/policy <br>
including configuration file /usr/local/etc/raddb/modules/preprocess <br>
including configuration file /usr/local/etc/raddb/modules/radutmp <br>
including configuration file /usr/local/etc/raddb/modules/realm <br>
including configuration file /usr/local/etc/raddb/modules/smbpasswd <br>
including configuration file /usr/local/etc/raddb/modules/smsotp <br>
including configuration file /usr/local/etc/raddb/modules/sql_log <br>
including configuration file /usr/local/etc/raddb/modules/sqlcounter_expire_on_login
<br>
including configuration file /usr/local/etc/raddb/modules/sradutmp <br>
including configuration file /usr/local/etc/raddb/modules/unix <br>
including configuration file /usr/local/etc/raddb/modules/acct_unique <br>
including configuration file /usr/local/etc/raddb/eap.conf <br>
including configuration file /usr/local/etc/raddb/sql.conf <br>
including configuration file /usr/local/etc/raddb/sql/mysql/dialup.conf <br>
including configuration file /usr/local/etc/raddb/policy.conf <br>
including files in directory <span class="moz-txt-tag"><i>/</i></span><i>usr/local/etc/raddb/sites-enabled<span class="moz-txt-tag">/</span></i>
<br>
including configuration file /usr/local/etc/raddb/sites-enabled/default <br>
including configuration file /usr/local/etc/raddb/sites-enabled/inner-tunnel <br>
including configuration file /usr/local/etc/raddb/sites-enabled/control-socket <br>
main { <br>
user = "freeradius" <br>
group = "freeradius" <br>
allow_core_dumps = no <br>
} <br>
including dictionary file /usr/local/etc/raddb/dictionary <br>
main { <br>
prefix = "/usr/local" <br>
localstatedir = "/var" <br>
logdir = "/var/log" <br>
libdir = "/usr/local/lib/freeradius-2.1.10" <br>
radacctdir = "/var/log/radacct" <br>
hostname_lookups = no <br>
max_request_time = 30 <br>
cleanup_delay = 5 <br>
max_requests = 1024 <br>
pidfile = "/var/run/radiusd/radiusd.pid" <br>
checkrad = "/usr/local/sbin/checkrad" <br>
debug_level = 0 <br>
proxy_requests = yes <br>
log { <br>
stripped_names = no <br>
auth = no <br>
auth_badpass = no <br>
auth_goodpass = no <br>
} <br>
security { <br>
max_attributes = 200 <br>
reject_delay = 1 <br>
status_server = yes <br>
} <br>
} <br>
radiusd: #### Loading Realms and Home Servers #### <br>
proxy server { <br>
retry_delay = 5 <br>
retry_count = 3 <br>
default_fallback = no <br>
dead_time = 120 <br>
wake_all_if_all_dead = no <br>
} <br>
home_server localhost { <br>
ipaddr = 127.0.0.1 <br>
port = 1812 <br>
type = "auth" <br>
secret = "testing123" <br>
response_window = 20 <br>
max_outstanding = 65536 <br>
require_message_authenticator = yes <br>
zombie_period = 40 <br>
status_check = "status-server" <br>
ping_interval = 30 <br>
check_interval = 30 <br>
num_answers_to_alive = 3 <br>
num_pings_to_alive = 3 <br>
revive_interval = 120 <br>
status_check_timeout = 4 <br>
irt = 2 <br>
mrt = 16 <br>
mrc = 5 <br>
mrd = 30 <br>
} <br>
home_server_pool my_auth_failover { <br>
type = fail-over <br>
home_server = localhost <br>
} <br>
realm example.com { <br>
auth_pool = my_auth_failover <br>
} <br>
realm LOCAL { <br>
} <br>
radiusd: #### Loading Clients #### <br>
client localhost { <br>
ipaddr = 127.0.0.1 <br>
require_message_authenticator = no <br>
secret = "testing123" <br>
nastype = "other" <br>
} <br>
client jail { <br>
ipaddr = 10.1.8.4 <br>
require_message_authenticator = no <br>
secret = "password for jail client" <br>
nastype = "other" <br>
} <br>
client WAP1 { <br>
ipaddr = 10.1.8.127 <br>
require_message_authenticator = no <br>
secret = "password for remote client" <br>
nastype = "other" <br>
} <br>
radiusd: #### Instantiating modules #### <br>
instantiate { <br>
Module: Linked to module rlm_exec <br>
Module: Instantiating module "exec" from file /usr/local/etc/raddb/modules/exec <br>
exec { <br>
wait = no <br>
input_pairs = "request" <br>
shell_escape = yes <br>
} <br>
Module: Linked to module rlm_expr <br>
Module: Instantiating module "expr" from file /usr/local/etc/raddb/modules/expr <br>
Module: Linked to module rlm_expiration <br>
Module: Instantiating module "expiration" from file /usr/local/etc/raddb/modules/expiration
<br>
expiration { <br>
reply-message = "Password Has Expired " <br>
} <br>
Module: Linked to module rlm_logintime <br>
Module: Instantiating module "logintime" from file /usr/local/etc/raddb/modules/logintime
<br>
logintime { <br>
reply-message = "You are calling outside your allowed timespan " <br>
minimum-timeout = 60 <br>
} <br>
} <br>
radiusd: #### Loading Virtual Servers #### <br>
server inner-tunnel { # from file /usr/local/etc/raddb/sites-enabled/inner-tunnel
<br>
modules { <br>
Module: Checking authenticate {...} for more modules to load <br>
Module: Linked to module rlm_pap <br>
Module: Instantiating module "pap" from file /usr/local/etc/raddb/modules/pap <br>
pap { <br>
encryption_scheme = "auto" <br>
auto_header = no <br>
} <br>
Module: Linked to module rlm_chap <br>
Module: Instantiating module "chap" from file /usr/local/etc/raddb/modules/chap <br>
Module: Linked to module rlm_mschap <br>
Module: Instantiating module "mschap" from file /usr/local/etc/raddb/modules/mschap
<br>
mschap { <br>
use_mppe = yes <br>
require_encryption = no <br>
require_strong = no <br>
with_ntdomain_hack = no <br>
} <br>
Module: Linked to module rlm_unix <br>
Module: Instantiating module "unix" from file /usr/local/etc/raddb/modules/unix <br>
unix { <br>
radwtmp = "/var/log/radwtmp" <br>
} <br>
Module: Linked to module rlm_eap <br>
Module: Instantiating module "eap" from file /usr/local/etc/raddb/eap.conf <br>
eap { <br>
default_eap_type = "md5" <br>
timer_expire = 60 <br>
ignore_unknown_eap_types = no <br>
cisco_accounting_username_bug = no <br>
max_sessions = 4096 <br>
} <br>
Module: Linked to sub-module rlm_eap_md5 <br>
Module: Instantiating eap-md5 <br>
Module: Linked to sub-module rlm_eap_leap <br>
Module: Instantiating eap-leap <br>
Module: Linked to sub-module rlm_eap_gtc <br>
Module: Instantiating eap-gtc <br>
gtc { <br>
challenge = "Password: " <br>
auth_type = "PAP" <br>
} <br>
Module: Linked to sub-module rlm_eap_tls <br>
Module: Instantiating eap-tls <br>
tls { <br>
rsa_key_exchange = no <br>
dh_key_exchange = yes <br>
rsa_key_length = 512 <br>
dh_key_length = 512 <br>
verify_depth = 0 <br>
CA_path = "/etc/ssl/certs" <br>
pem_file_type = yes <br>
private_key_file = "/etc/ssl/certs/server.pem" <br>
certificate_file = "/etc/ssl/certs/server.pem" <br>
CA_file = "/etc/ssl/certs/ca.pem" <br>
private_key_password = "password" <br>
dh_file = "/etc/ssl/certs/dh" <br>
random_file = "/etc/ssl/certs/random" <br>
fragment_size = 1024 <br>
include_length = yes <br>
check_crl = no <br>
cipher_list = "DEFAULT" <br>
make_cert_command = "/etc/ssl/certs/bootstrap" <br>
cache { <br>
enable = no <br>
lifetime = 24 <br>
max_entries = 255 <br>
} <br>
verify { <br>
} <br>
} <br>
Module: Linked to sub-module rlm_eap_ttls <br>
Module: Instantiating eap-ttls <br>
ttls { <br>
default_eap_type = "md5" <br>
copy_request_to_tunnel = no <br>
use_tunneled_reply = no <br>
virtual_server = "inner-tunnel" <br>
include_length = yes <br>
} <br>
Module: Linked to sub-module rlm_eap_peap <br>
Module: Instantiating eap-peap <br>
peap { <br>
default_eap_type = "mschapv2" <br>
copy_request_to_tunnel = no <br>
use_tunneled_reply = no <br>
proxy_tunneled_request_as_eap = yes <br>
virtual_server = "inner-tunnel" <br>
} <br>
Module: Linked to sub-module rlm_eap_mschapv2 <br>
Module: Instantiating eap-mschapv2 <br>
mschapv2 { <br>
with_ntdomain_hack = no <br>
} <br>
Module: Checking authorize {...} for more modules to load <br>
Module: Linked to module rlm_realm <br>
Module: Instantiating module "suffix" from file /usr/local/etc/raddb/modules/realm
<br>
realm suffix { <br>
format = "suffix" <br>
delimiter = "@" <br>
ignore_default = no <br>
ignore_null = no <br>
} <br>
Module: Linked to module rlm_files <br>
Module: Instantiating module "files" from file /usr/local/etc/raddb/modules/files
<br>
files { <br>
usersfile = "/usr/local/etc/raddb/users" <br>
acctusersfile = "/usr/local/etc/raddb/acct_users" <br>
preproxy_usersfile = "/usr/local/etc/raddb/preproxy_users" <br>
compat = "no" <br>
} <br>
Module: Checking session {...} for more modules to load <br>
Module: Linked to module rlm_radutmp <br>
Module: Instantiating module "radutmp" from file /usr/local/etc/raddb/modules/radutmp
<br>
radutmp { <br>
filename = "/var/log/radutmp" <br>
username = "%{User-Name}" <br>
case_sensitive = yes <br>
check_with_nas = yes <br>
perm = 384 <br>
callerid = yes <br>
} <br>
Module: Checking post-proxy {...} for more modules to load <br>
Module: Checking post-auth {...} for more modules to load <br>
Module: Linked to module rlm_attr_filter <br>
Module: Instantiating module "attr_filter.access_reject" from file /usr/local/etc/raddb/modules/attr_filter
<br>
attr_filter attr_filter.access_reject { <br>
attrsfile = "/usr/local/etc/raddb/attrs.access_reject" <br>
key = "%{User-Name}" <br>
} <br>
} # modules <br>
} # server <br>
server { # from file /usr/local/etc/raddb/radiusd.conf <br>
modules { <br>
Module: Checking authenticate {...} for more modules to load <br>
Module: Linked to module rlm_digest <br>
Module: Instantiating module "digest" from file /usr/local/etc/raddb/modules/digest
<br>
Module: Checking authorize {...} for more modules to load <br>
Module: Linked to module rlm_preprocess <br>
Module: Instantiating module "preprocess" from file /usr/local/etc/raddb/modules/preprocess
<br>
preprocess { <br>
huntgroups = "/usr/local/etc/raddb/huntgroups" <br>
hints = "/usr/local/etc/raddb/hints" <br>
with_ascend_hack = no <br>
ascend_channels_per_line = 23 <br>
with_ntdomain_hack = no <br>
with_specialix_jetstream_hack = no <br>
with_cisco_vsa_hack = no <br>
with_alvarion_vsa_hack = no <br>
} <br>
Module: Linked to module rlm_sql <br>
Module: Instantiating module "sql" from file /usr/local/etc/raddb/sql.conf <br>
sql { <br>
driver = "rlm_sql_mysql" <br>
server = "ip.of.SQL.server" <br>
port = "" <br>
login = "username" <br>
password = "password" <br>
radius_db = "dbname" <br>
read_groups = yes <br>
sqltrace = no <br>
sqltracefile = "/var/log/sqltrace.sql" <br>
readclients = no <br>
deletestalesessions = yes <br>
num_sql_socks = 5 <br>
lifetime = 0 <br>
max_queries = 0 <br>
sql_user_name = "%{%{Stripped-User-Name}:-%{%{User-Name}:-DEFAULT}}" <br>
default_user_profile = "" <br>
nas_query = "SELECT id, nasname, shortname, type, secret, server FROM nas"
<br>
authorize_check_query = "SELECT id, username, attribute, value, op FROM radcheck WHERE username = BINARY '%{SQL-User-Name}' ORDER BY id"
<br>
authorize_reply_query = "SELECT id, username, attribute, value, op FROM radreply WHERE username = BINARY '%{SQL-User-Name}' ORDER BY id"
<br>
authorize_group_check_query = "SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id"
<br>
authorize_group_reply_query = "SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id"
<br>
accounting_onoff_query = " UPDATE radacct SET acctstoptime = '%S', acctsessiontime = unix_timestamp('%S') -
<br>
accounting_update_query = " UPDATE radacct SET framedipaddress = '%{Framed-IP-Address}', acctsessiontime = '%{Acct-Session-Time}',
<br>
accounting_update_query_alt = " INSERT INTO radacct (acctsessionid, acctuniqueid, username, realm, nasipaddress, nasportid,
<br>
accounting_start_query = " INSERT INTO radacct (acctsessionid, acctuniqueid, username, realm, nasipaddress, nasportid, n
<br>
accounting_start_query_alt = " UPDATE radacct SET acctstarttime = '%S', acctstartdelay = '%{%{Acct-Delay-Time}:-0}', connectinfo_start
<br>
accounting_stop_query = " UPDATE radacct SET acctstoptime = '%S', acctsessiontime = '%{Acct-Session-Time}', acctinputoctets = '%{
<br>
accounting_stop_query_alt = " INSERT INTO radacct (acctsessionid, acctuniqueid, username, realm, nasipaddress, nasportid, nasporttype, acctsta
<br>
group_membership_query = "SELECT groupname FROM radusergroup WHERE username = BINARY '%{SQL-User-Name}' ORDER BY priority"
<br>
connect_failure_retry_delay = 60 <br>
simul_count_query = "" <br>
simul_verify_query = "SELECT radacctid, acctsessionid, username, nasipaddress, nasportid, framedipaddress, callingstationid, fra
<br>
postauth_query = <a href="mailto:%22INSERT%20INTO%20radpostauth %20(username,%20pass,%20reply,%20authdate) %20VALUES%20( %20'%25%7bUser-Name%7d',%20%0b %20safe-characters%20=%20%22@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_">
"INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{User-Name}',
<br>
safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_</a>: /"
<br>
} <br>
rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked <br>
rlm_sql (sql): Attempting to connect to <a href="mailto:radius@mysql.it.cyanide-studio.com:/radius">
radius@mysql.it.cyanide-studio.com:/radius</a> <br>
rlm_sql (sql): starting 0 <br>
rlm_sql (sql): Attempting to connect rlm_sql_mysql #0 <br>
rlm_sql_mysql: Starting connect to MySQL server for #0 <br>
rlm_sql (sql): Connected new DB handle, #0 <br>
rlm_sql (sql): starting 1 <br>
rlm_sql (sql): Attempting to connect rlm_sql_mysql #1 <br>
rlm_sql_mysql: Starting connect to MySQL server for #1 <br>
rlm_sql (sql): Connected new DB handle, #1 <br>
rlm_sql (sql): starting 2 <br>
rlm_sql (sql): Attempting to connect rlm_sql_mysql #2 <br>
rlm_sql_mysql: Starting connect to MySQL server for #2 <br>
rlm_sql (sql): Connected new DB handle, #2 <br>
rlm_sql (sql): starting 3 <br>
rlm_sql (sql): Attempting to connect rlm_sql_mysql #3 <br>
rlm_sql_mysql: Starting connect to MySQL server for #3 <br>
rlm_sql (sql): Connected new DB handle, #3 <br>
rlm_sql (sql): starting 4 <br>
rlm_sql (sql): Attempting to connect rlm_sql_mysql #4 <br>
rlm_sql_mysql: Starting connect to MySQL server for #4 <br>
rlm_sql (sql): Connected new DB handle, #4 <br>
Module: Checking preacct {...} for more modules to load <br>
Module: Linked to module rlm_acct_unique <br>
Module: Instantiating module "acct_unique" from file /usr/local/etc/raddb/modules/acct_unique
<br>
acct_unique { <br>
key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port"
<br>
} <br>
Module: Checking accounting {...} for more modules to load <br>
Module: Linked to module rlm_detail <br>
Module: Instantiating module "detail" from file /usr/local/etc/raddb/modules/detail
<br>
detail { <br>
detailfile = "<span class="moz-txt-tag"><i>/</i></span><i>var/log/radacct<span class="moz-txt-tag">/</span></i>%{Client-IP-Address}/detail-%Y%m%d"
<br>
header = "%t" <br>
detailperm = 384 <br>
dirperm = 493 <br>
locking = no <br>
log_packet_header = no <br>
} <br>
Module: Instantiating module "attr_filter.accounting_response" from file /usr/local/etc/raddb/modules/attr_filter
<br>
attr_filter attr_filter.accounting_response { <br>
attrsfile = "/usr/local/etc/raddb/attrs.accounting_response" <br>
key = "%{User-Name}" <br>
} <br>
Module: Checking session {...} for more modules to load <br>
Module: Checking post-proxy {...} for more modules to load <br>
Module: Checking post-auth {...} for more modules to load <br>
} # modules <br>
} # server <br>
radiusd: #### Opening IP addresses and Ports #### <br>
listen { <br>
type = "auth" <br>
ipaddr = * <br>
port = 0 <br>
} <br>
listen { <br>
type = "acct" <br>
ipaddr = * <br>
port = 0 <br>
} <br>
listen { <br>
type = "control" <br>
listen { <br>
socket = "/var/run/radiusd/radiusd.sock" <br>
} <br>
} <br>
listen { <br>
type = "auth" <br>
ipaddr = 127.0.0.1 <br>
port = 18120 <br>
} <br>
Listening on authentication address * port 1812 <br>
Listening on accounting address * port 1813 <br>
Listening on command file /var/run/radiusd/radiusd.sock <br>
Listening on authentication address 10.1.8.4 port 18120 as server inner-tunnel <br>
Listening on proxy address * port 1814 <br>
Ready to process requests. <br>
<br>
<o:p></o:p></span></p>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><span class="moz-txt-tag"><span style="font-size:10.0pt;font-family:"-moz-fixed","serif"">-- </span></span><span style="font-size:10.0pt;font-family:"-moz-fixed","serif""><br>
<br>
Bastien Semene <br>
Administrateur Réseau& Système <br>
<br>
Cyanide Studio - FRANCE <o:p></o:p></span></p>
</div>
</div>
<pre>-- <o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre>If you think experts are expensive,<o:p></o:p></pre>
<pre>wait to see what amateurs will cost you<o:p></o:p></pre>
<pre>--<o:p></o:p></pre>
<pre>Bastien Semene<o:p></o:p></pre>
<pre>Administrateur Réseau & Système<o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre>Cyanide Studio - FRANCE<o:p></o:p></pre>
</div>
</body>
</html>