Freeradius-Users
Threads by month
- ----- 2026 -----
- July
- June
- May
- April
- March
- February
- January
- ----- 2025 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2024 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2005 -----
- December
- November
- October
- September
- August
- July
- June
- May
October 2008
- 173 participants
- 253 discussions
I have a working FreeRadius Version 1.1.7 setup and would like to change
over to version 2.
Is there an easy way to do this upgrade?
3
2
After spending two days gettig a suitable virtual machine operational
(!) I have finally managed to get back to what I was actually trying to
do, namely come to grips with FreeRADIUS!
At the moment, a simple user entry in my database works; when I add
attributes, the entry stops working.
I have a feeling I am missing something embarrassingly obvious...
Details below; any ideas appreciated.
Regards, K.
Here is the first attempt, starting from an empty database (no data in
any tables):
mysql> insert into radcheck (username, attribute, op, value) value
("test1", "Cleartext-Password", ":=", "blather") ;
Query OK, 1 row affected (0.00 sec)
mysql> quit
Bye
kauer@ubuntu:/usr/local/etc/raddb$ radtest test1 blather 127.0.0.1 1812
testing123
Sending Access-Request of id 79 to 127.0.0.1 port 1812
User-Name = "test1"
User-Password = "blather"
NAS-IP-Address = 127.0.1.1
NAS-Port = 1812
rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=79,
length=20
******* that worked. Then I added a few reply attributes so that the
user looked like this:
mysql> select * from radcheck ;
+----+----------+--------------------------+----+----------------------+
| id | username | attribute | op | value |
+----+----------+--------------------------+----+----------------------+
| 1 | test1 | Cleartext-Password | := | blather |
| 2 | test1 | Tunnel-Client-Endpoint:0 | = | 2406:a000::6:4 |
| 3 | test1 | Tunnel-Server-Endpoint:0 | = | 2406:a000::6:5 |
| 4 | test1 | Framed-IPv6-Prefix | = | 2406:a000:0:100::/64 |
+----+----------+--------------------------+----+----------------------+
4 rows in set (0.01 sec)
mysql> quit
Bye
kauer@ubuntu:/usr/local/etc/raddb$ radtest test1 blather 127.0.0.1 1812
testing123
Sending Access-Request of id 220 to 127.0.0.1 port 1812
User-Name = "test1"
User-Password = "blather"
NAS-IP-Address = 127.0.1.1
NAS-Port = 1812
rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=220,
length=20
****************** That did not work. Here is the debug output from the
first (successful) attempt:
Ready to process requests.
rad_recv: Access-Request packet from host 127.0.0.1 port 59653, id=79,
length=57
User-Name = "test1"
User-Password = "blather"
NAS-IP-Address = 127.0.1.1
NAS-Port = 1812
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "test1", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns notfound
++[files] returns noop
[sql] expand: %{User-Name} -> test1
[sql] sql_set_user escaped user --> 'test1'
rlm_sql (sql): Reserving sql socket id: 4
[sql] expand: SELECT id, username, attribute, value, op FROM
radcheck WHERE username = '%{SQL-User-Name}' ORDER
BY id -> SELECT id, username, attribute, value, op FROM
radcheck WHERE username = 'test1' ORDER BY id
[sql] User found in radcheck table
[sql] expand: SELECT id, username, attribute, value, op FROM
radreply WHERE username = '%{SQL-User-Name}' ORDER
BY id -> SELECT id, username, attribute, value, op FROM
radreply WHERE username = 'test1' ORDER BY id
[sql] expand: SELECT groupname FROM radusergroup
WHERE username = '%{SQL-User-Name}' ORDER BY priority ->
SELECT groupname FROM radusergroup WHERE username =
'test1' ORDER BY priority
rlm_sql (sql): Released sql socket id: 4
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns updated
Found Auth-Type = PAP
+- entering group PAP {...}
[pap] login attempt with password "blather"
[pap] Using clear text password "blather"
[pap] User authenticated successfully
++[pap] returns ok
+- entering group post-auth {...}
[sql] expand: %{User-Name} -> test1
[sql] sql_set_user escaped user --> 'test1'
[sql] expand: %{User-Password} -> blather
[sql] expand: INSERT INTO radpostauth
(username, pass, reply, authdate) VALUES (
'%{User-Name}',
'%{%{User-Password}:-%{Chap-Password}}',
'%{reply:Packet-Type}', '%S') -> INSERT INTO radpostauth
(username, pass, reply, authdate) VALUES (
'test1', 'blather',
'Access-Accept', '2008-10-06 02:43:41')
rlm_sql (sql) in sql_postauth: query is INSERT INTO radpostauth
(username, pass, reply, authdate) VALUES (
'test1', 'blather',
'Access-Accept', '2008-10-06 02:43:41')
rlm_sql (sql): Reserving sql socket id: 3
rlm_sql (sql): Released sql socket id: 3
++[sql] returns ok
++[exec] returns noop
Sending Access-Accept of id 79 to 127.0.0.1 port 59653
Finished request 3.
************** Here is the debug output from the later (unsuccessful)
attempt:
Ready to process requests.
rad_recv: Access-Request packet from host 127.0.0.1 port 58059, id=220,
length=57
User-Name = "test1"
User-Password = "blather"
NAS-IP-Address = 127.0.1.1
NAS-Port = 1812
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "test1", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns notfound
++[files] returns noop
[sql] expand: %{User-Name} -> test1
[sql] sql_set_user escaped user --> 'test1'
rlm_sql (sql): Reserving sql socket id: 0
[sql] expand: SELECT id, username, attribute, value, op FROM
radcheck WHERE username = '%{SQL-User-Name}' ORDER
BY id -> SELECT id, username, attribute, value, op FROM
radcheck WHERE username = 'test1' ORDER BY id
[sql] expand: SELECT groupname FROM radusergroup
WHERE username = '%{SQL-User-Name}' ORDER BY priority ->
SELECT groupname FROM radusergroup WHERE username =
'test1' ORDER BY priority
rlm_sql (sql): Released sql socket id: 0
[sql] User test1 not found
++[sql] returns notfound
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user.
Authentication may fail because of this.
++[pap] returns noop
No authenticate method (Auth-Type) configuration found for the request:
Rejecting the user
Failed to authenticate the user.
Using Post-Auth-Type Reject
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} -> test1
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 11 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 11
Sending Access-Reject of id 220 to 127.0.0.1 port 58059
Waking up in 4.9 seconds.
Cleaning up request 11 ID 220 with timestamp +6643
Ready to process requests.
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Karl Auer (kauer(a)biplane.com.au) +61-2-64957160 (h)
http://www.biplane.com.au/~kauer/ +61-428-957160 (mob)
GPG fingerprint: DD23 0DF3 2260 3060 7FEC 5CA8 1AF6 D9E3 CFEE 6B28
2
2
Hello Alan,
FR 2.1.1 and Solaris 10 x86
1. ./configure --enable-developer --without-rlm_perl
2. radtest test test localhost 0 testing123
Core dump created when running server with default configuration.
Chris Howley
FreeRADIUS Version 2.1.1, for host i386-pc-solaris2.10, built on Sep 25
2008 at 12:42:55
Copyright (C) 1999-2008 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License v2.
Starting - reading configuration files ...
including configuration file /usr/local/etc/raddb/radiusd.conf
including configuration file /usr/local/etc/raddb/proxy.conf
including configuration file /usr/local/etc/raddb/clients.conf
including files in directory /usr/local/etc/raddb/modules/
including configuration file /usr/local/etc/raddb/modules/acct_unique
including configuration file /usr/local/etc/raddb/modules/always
including configuration file /usr/local/etc/raddb/modules/attr_filter
including configuration file /usr/local/etc/raddb/modules/attr_rewrite
including configuration file /usr/local/etc/raddb/modules/chap
including configuration file /usr/local/etc/raddb/modules/checkval
including configuration file /usr/local/etc/raddb/modules/counter
including configuration file /usr/local/etc/raddb/modules/detail
including configuration file
/usr/local/etc/raddb/modules/detail.example.com
including configuration file /usr/local/etc/raddb/modules/detail.log
including configuration file /usr/local/etc/raddb/modules/digest
including configuration file /usr/local/etc/raddb/modules/echo
including configuration file /usr/local/etc/raddb/modules/etc_group
including configuration file /usr/local/etc/raddb/modules/exec
including configuration file /usr/local/etc/raddb/modules/expiration
including configuration file /usr/local/etc/raddb/modules/expr
including configuration file /usr/local/etc/raddb/modules/files
including configuration file /usr/local/etc/raddb/modules/inner-eap
including configuration file /usr/local/etc/raddb/modules/ippool
including configuration file /usr/local/etc/raddb/modules/krb5
including configuration file /usr/local/etc/raddb/modules/ldap
including configuration file /usr/local/etc/raddb/modules/linelog
including configuration file /usr/local/etc/raddb/modules/logintime
including configuration file /usr/local/etc/raddb/modules/mac2ip
including configuration file /usr/local/etc/raddb/modules/mac2vlan
including configuration file /usr/local/etc/raddb/modules/pam
including configuration file /usr/local/etc/raddb/modules/mschap
including configuration file /usr/local/etc/raddb/modules/pap
including configuration file /usr/local/etc/raddb/modules/passwd
including configuration file /usr/local/etc/raddb/modules/policy
including configuration file /usr/local/etc/raddb/modules/preprocess
including configuration file /usr/local/etc/raddb/modules/radutmp
including configuration file /usr/local/etc/raddb/modules/realm
including configuration file /usr/local/etc/raddb/modules/smbpasswd
including configuration file /usr/local/etc/raddb/modules/sql_log
including configuration file /usr/local/etc/raddb/modules/sradutmp
including configuration file /usr/local/etc/raddb/modules/unix
including configuration file /usr/local/etc/raddb/modules/wimax
including configuration file /usr/local/etc/raddb/eap.conf
including configuration file /usr/local/etc/raddb/sql.conf
including configuration file /usr/local/etc/raddb/sql/mysql/dialup.conf
including configuration file /usr/local/etc/raddb/sql/mysql/counter.conf
including configuration file /usr/local/etc/raddb/policy.conf
including files in directory /usr/local/etc/raddb/sites-enabled/
including configuration file /usr/local/etc/raddb/sites-enabled/default
including configuration file
/usr/local/etc/raddb/sites-enabled/inner-tunnel
including dictionary file /usr/local/etc/raddb/dictionary
main {
prefix = "/usr/local"
localstatedir = "/usr/local/var"
logdir = "/usr/local/var/log/radius"
libdir = "/usr/local/lib"
radacctdir = "/usr/local/var/log/radius/radacct"
hostname_lookups = no
max_request_time = 30
cleanup_delay = 5
max_requests = 1024
allow_core_dumps = no
pidfile = "/usr/local/var/run/radiusd/radiusd.pid"
checkrad = "/usr/local/sbin/checkrad"
debug_level = 0
proxy_requests = yes
log {
stripped_names = no
auth = no
auth_badpass = no
auth_goodpass = no
}
security {
max_attributes = 200
reject_delay = 1
status_server = yes
}
}
client localhost {
ipaddr = 127.0.0.1
require_message_authenticator = no
secret = "testing123"
nastype = "other"
}
radiusd: #### Loading Realms and Home Servers ####
proxy server {
retry_delay = 5
retry_count = 3
default_fallback = no
dead_time = 120
wake_all_if_all_dead = no
}
home_server localhost {
ipaddr = 127.0.0.1
port = 1812
type = "auth"
secret = "testing123"
response_window = 20
max_outstanding = 65536
zombie_period = 40
status_check = "status-server"
ping_interval = 30
check_interval = 30
num_answers_to_alive = 3
num_pings_to_alive = 3
revive_interval = 120
status_check_timeout = 4
}
home_server_pool my_auth_failover {
type = fail-over
home_server = localhost
}
realm example.com {
auth_pool = my_auth_failover
}
realm LOCAL {
}
radiusd: #### Instantiating modules ####
instantiate {
Module: Linked to module rlm_exec
Module: Instantiating exec
exec {
wait = no
input_pairs = "request"
shell_escape = yes
}
Module: Linked to module rlm_expr
Module: Instantiating expr
Module: Linked to module rlm_expiration
Module: Instantiating expiration
expiration {
reply-message = "Password Has Expired "
}
Module: Linked to module rlm_logintime
Module: Instantiating logintime
logintime {
reply-message = "You are calling outside your allowed timespan
"
minimum-timeout = 60
}
}
radiusd: #### Loading Virtual Servers ####
server inner-tunnel {
modules {
Module: Checking authenticate {...} for more modules to load
Module: Linked to module rlm_pap
Module: Instantiating pap
pap {
encryption_scheme = "auto"
auto_header = no
}
Module: Linked to module rlm_chap
Module: Instantiating chap
Module: Linked to module rlm_mschap
Module: Instantiating mschap
mschap {
use_mppe = yes
require_encryption = no
require_strong = no
with_ntdomain_hack = no
}
Module: Linked to module rlm_unix
Module: Instantiating unix
unix {
radwtmp = "/usr/local/var/log/radius/radwtmp"
}
Module: Linked to module rlm_eap
Module: Instantiating eap
eap {
default_eap_type = "md5"
timer_expire = 60
ignore_unknown_eap_types = no
cisco_accounting_username_bug = no
max_sessions = 2048
}
Module: Linked to sub-module rlm_eap_md5
Module: Instantiating eap-md5
Module: Linked to sub-module rlm_eap_leap
Module: Instantiating eap-leap
Module: Linked to sub-module rlm_eap_gtc
Module: Instantiating eap-gtc
gtc {
challenge = "Password: "
auth_type = "PAP"
}
Module: Linked to sub-module rlm_eap_tls
Module: Instantiating eap-tls
tls {
rsa_key_exchange = no
dh_key_exchange = yes
rsa_key_length = 512
dh_key_length = 512
verify_depth = 0
pem_file_type = yes
private_key_file = "/usr/local/etc/raddb/certs/server.pem"
certificate_file = "/usr/local/etc/raddb/certs/server.pem"
CA_file = "/usr/local/etc/raddb/certs/ca.pem"
private_key_password = "whatever"
dh_file = "/usr/local/etc/raddb/certs/dh"
random_file = "/dev/urandom"
fragment_size = 1024
include_length = yes
check_crl = no
cipher_list = "DEFAULT"
make_cert_command = "/usr/local/etc/raddb/certs/bootstrap"
cache {
enable = no
lifetime = 24
max_entries = 255
}
}
Module: Linked to sub-module rlm_eap_ttls
Module: Instantiating eap-ttls
ttls {
default_eap_type = "md5"
copy_request_to_tunnel = no
use_tunneled_reply = no
virtual_server = "inner-tunnel"
}
Module: Linked to sub-module rlm_eap_peap
Module: Instantiating eap-peap
peap {
default_eap_type = "mschapv2"
copy_request_to_tunnel = no
use_tunneled_reply = no
proxy_tunneled_request_as_eap = yes
virtual_server = "inner-tunnel"
}
Module: Linked to sub-module rlm_eap_mschapv2
Module: Instantiating eap-mschapv2
mschapv2 {
with_ntdomain_hack = no
}
Module: Checking authorize {...} for more modules to load
Module: Linked to module rlm_realm
Module: Instantiating suffix
realm suffix {
format = "suffix"
delimiter = "@"
ignore_default = no
ignore_null = no
}
Module: Linked to module rlm_files
Module: Instantiating files
files {
usersfile = "/usr/local/etc/raddb/users"
acctusersfile = "/usr/local/etc/raddb/acct_users"
preproxy_usersfile = "/usr/local/etc/raddb/preproxy_users"
compat = "no"
}
Module: Checking session {...} for more modules to load
Module: Linked to module rlm_radutmp
Module: Instantiating radutmp
radutmp {
filename = "/usr/local/var/log/radius/radutmp"
username = "%{User-Name}"
case_sensitive = yes
check_with_nas = yes
perm = 384
callerid = yes
}
Module: Checking post-proxy {...} for more modules to load
Module: Checking post-auth {...} for more modules to load
Module: Linked to module rlm_attr_filter
Module: Instantiating attr_filter.access_reject
attr_filter attr_filter.access_reject {
attrsfile = "/usr/local/etc/raddb/attrs.access_reject"
key = "%{User-Name}"
}
}
}
modules {
Module: Checking authenticate {...} for more modules to load
Module: Checking authorize {...} for more modules to load
Module: Linked to module rlm_preprocess
Module: Instantiating preprocess
preprocess {
huntgroups = "/usr/local/etc/raddb/huntgroups"
hints = "/usr/local/etc/raddb/hints"
with_ascend_hack = no
ascend_channels_per_line = 23
with_ntdomain_hack = no
with_specialix_jetstream_hack = no
with_cisco_vsa_hack = no
with_alvarion_vsa_hack = no
}
Module: Checking preacct {...} for more modules to load
Module: Linked to module rlm_acct_unique
Module: Instantiating acct_unique
acct_unique {
key = "User-Name, Acct-Session-Id, NAS-IP-Address,
Client-IP-Address, NAS-Port"
}
Module: Checking accounting {...} for more modules to load
Module: Linked to module rlm_detail
Module: Instantiating detail
detail {
detailfile =
"/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
header = "%t"
detailperm = 384
dirperm = 493
locking = no
log_packet_header = no
}
Module: Instantiating attr_filter.accounting_response
attr_filter attr_filter.accounting_response {
attrsfile = "/usr/local/etc/raddb/attrs.accounting_response"
key = "%{User-Name}"
}
Module: Checking session {...} for more modules to load
Module: Checking post-proxy {...} for more modules to load
Module: Checking post-auth {...} for more modules to load
}
radiusd: #### Opening IP addresses and Ports ####
listen {
type = "auth"
ipaddr = *
port = 0
}
listen {
type = "acct"
ipaddr = *
port = 0
}
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on proxy address * port 1814
Ready to process requests.
rad_recv: Access-Request packet from host 127.0.0.1 port 32843, id=73,
length=56
User-Name = "test"
User-Password = "test"
NAS-IP-Address = 129.11.59.97
NAS-Port = 0
+- entering group authorize {...}
Segmentation Fault (core dumped)
<<<<<<<< Output from gdb >>>>>>>>>
* 1 process 77776 0xd0b60d3d in rad_mangle (data=0x818f720,
request=0xd11e0b00) at rlm_preprocess.c:219
Thread 1 (process 77776 ):
#0 0xd0b60d3d in rad_mangle (data=0x818f720, request=0xd11e0b00) at
rlm_preprocess.c:219
namepair = (VALUE_PAIR *) 0x8196238
request_pairs = (VALUE_PAIR *) 0xd13e5f4e
tmp = (VALUE_PAIR *) 0x0
#1 0xd0b61303 in preprocess_authorize (instance=0x818f720,
request=0x8196238) at rlm_preprocess.c:524
r = 135853856
#2 0x08063c44 in modcall (component=1, c=0x0, request=0x8196238) at
modcall.c:285
myresult = 6
stack = {pointer = 1, priority = {0, 0, 1769107551, 134506096,
-784525670, -784850519, -784850519,
134506168, -784399592, -784349160, -784399592, -784852616,
-784857896, -784854152, 134506328, 134506312, 12, 0,
2147483647, 1, 0, 0, -784349160, 0, -784533850, -784339816,
134506168, 0, 0, 12, -784350580, 0}, result = {6, 6,
134506400, 134506396, 1, 1, 0, 1, 0, 0, 134506348, 0, 97, 134506336,
-784843282, 0, 0, 134506356, -784842758, 0,
0, 286553246, 0, 0, 0, 1, 1, 0, 0, -784767474, 134506481,
-784819192}, children = {0x8190b28, 0x8190ae0,
0x8046770, 0x8046770, 0x8046ceb, 0x8046758, 0xd1387665, 0x80467f0,
0x8046788, 0xd1020744, 0xd1396610, 0x1, 0x1,
0xd0ff460b, 0x8046ceb, 0x80467f0, 0x1, 0x80467f0, 0x81966e8,
0xd13a89a0, 0x8046ceb, 0x8046c08, 0xd1389f94,
0x8046ceb, 0x80467f0, 0x3f5, 0x1, 0x80467f0, 0x808f268, 0x80467f0,
0x805ab9b, 0x0}, start = {0xd13ce332,
0x8190ae0, 0x8062163, 0xd13fd010, 0xd0d10308, 0x80470b8, 0xd13a89a0,
0x818f008, 0xd13a9110, 0x8046808,
0xd138ec57, 0x8046840, 0x818e698, 0xd13fc16c, 0xd138ec2e,
0x2e390030, 0x352e3131, 0x37392e39, 0xd13a89a0,
0x8196238, 0x1, 0x8046828, 0xd138ece6, 0x81464c0, 0x8046840,
0xd13f00c0, 0x80468bc, 0xa, 0x808f268, 0x8046858,
0x806289e, 0x81464c0}}
parent = (modcallable *) 0x8190b28
child = (modcallable *) 0x8190ae0
if_taken = 0
was_if = 0
#3 0x0806298f in indexed_modcall (comp=1, idx=0, request=0x8196238) at
modules.c:541
rcode = 0
this = (indexed_modcallable *) 0x0
list = (modcallable *) 0x8190b28
#4 0x080636ec in module_authorize (autz_type=0, request=0x8196238) at
modules.c:1196
No locals.
#5 0x080564c8 in rad_authenticate (request=0x8196238) at auth.c:550
namepair = (VALUE_PAIR *) 0xd13d3a13
check_item = (VALUE_PAIR *) 0x80468f4
auth_item = (VALUE_PAIR *) 0x8196488
module_msg = (VALUE_PAIR *) 0x0
tmp = (VALUE_PAIR *) 0x0
result = 0
autz_retry = 0 '\0'
autz_type = 0
#6 0x0806dfb3 in radius_handle_request (request=0x8196238,
fun=0x80563c4 <rad_authenticate>) at event.c:3027
No locals.
#7 0x080681f8 in thread_pool_addrequest (request=0x8196238,
fun=0x80563c4 <rad_authenticate>) at threads.c:843
now = 1223025080
#8 0x0806f39e in event_socket_handler (xel=0x8191d70, fd=6,
ctx=0x8196238) at event.c:2668
fun = (RAD_REQUEST_FUNP) 0x80563c4 <rad_authenticate>
request = (REQUEST *) 0x8196238
#9 0xd13943de in fr_event_loop (el=0x8191d70) at event.c:400
i = 1
rcode = 135863676
when = {tv_sec = 0, tv_usec = 0}
wake = (struct timeval *) 0x8191d7c
read_fds = {fds_bits = {64, 0 <repeats 31 times>}}
#10 0x0806fb25 in radius_event_process () at event.c:3014
No locals.
#11 0x0806621b in main (argc=2, argv=0x8047458) at radiusd.c:397
rcode = 0
argval = 0
spawn_flag = 0
dont_fork = 1
flag = 0
act = {sa_flags = 0, _funcptr = {_handler = 0x80664bc
<sig_fatal>, _sigaction = 0x80664bc <sig_fatal>},
sa_mask = {__sigbits = {0, 0, 0, 0}}, sa_resv = {0, 0}}
2
1
I am seeing issues with users not authenticating correctly to our
Novell eDirectory server. When some users try to authenticate they
are denied access due to errors with their universal password. We
have other systems that do not have this problem and am not sure why.
Is there a way to configure this to use the NDS password instead of
the universal password?
Thanks.
Jason Brown
Systems Administrator
Enterprise Technology Services
Ferris State University
(231) 591-2687
2
1
Hi,
I noticed that some freeradius.org howtos suggest to specify a "password server" in Samba when using ads security:
http://wiki.freeradius.org/FreeRADIUS_Active_Directory_Integration_HOWTO
http://deployingradius.com/documents/configuration/active_directory.html
Why should one do that, especially if the samba docs say "Use password server option only with security = server"?
Besides, if I comment out "password server =", specify "realm = MYDOMAIN.ORG" and then define the AD servers in krb5.conf one per line:
kdc = server1.MYDOMAIN.ORG:88
kdc = server2.MYDOMAIN.ORG:88
then authentication via AD is as expected.
I'm just curious to know why these howtos suggest to specify a password server when using ads security in Samba.
Thanks,
Vieri
2
1
05 Oct '08
Hi,
I try to compile freeradius with mysql and openldap aned eap-tls.
Mysql and Openssl and Openldap are compiled with sources
I use this configure's command line :
CFLAGS="-I/opt/mysql/include -I/opt/openssl/include"
LDFLAGS="-L/opt/mysql/lib -L/opt/openssl/lib" ./configure
--prefix=/opt/freeradius-server-2.2.11
--localstatedir=/data/freeradius-server --with-threads --with-openssl
--with-openssl-includes=/opt/openssl/includes
--with-openssl-libraries=/opt/openssl/lib --enable-rlm-sql
--enable-rlm-ldap --enable-rlm-eap
--with-rlm-ldap-lib-dir=/opt/openldap/lib
--with-rlm-ldap-include-dir=/opt/openldap/include
--with-mysql-lib-dir=/opt/mysql/lib
--with-mysql-include-dir=/opt/mysql/include
I must have an error (syntax or not) in this line but i don't see.
Could you help me, please, to find the correct command line ?
Philippe
System :
Debian etch
Openldap 2.3.35 or 2.4.11
Mysql 5.0.41
Openssl 0.9.8i
Freeradius 2.1.1
See below the result of the configure :
=== configure: configuring in ./types/rlm_eap_tls
configure: running /bin/sh './configure'
--prefix=/opt/freeradius-server-2.2.11
'--prefix=/opt/freeradius-server-2.2.11'
'--localstatedir=/data/freeradius-server' '--with-threads'
'--with-openssl' '--with-openssl-includes=/opt/openssl/includes'
'--with-openssl-libraries=/opt/openssl/lib' '--enable-rlm-sql'
'--enable-rlm-ldap' '--enable-rlm-eap'
'--with-rlm-ldap-lib-dir=/opt/openldap/lib'
'--with-rlm-ldap-include-dir=/opt/openldap/include'
'--with-mysql-lib-dir=/opt/mysql/lib'
'--with-mysql-include-dir=/opt/mysql/include' '--enable-ltdl-install=no'
'--cache-file=/dev/null' '--srcdir=.' --cache-file=/dev/null --srcdir=.
checking for OpenSSL support... no
configure: WARNING: silently not building rlm_eap_tls.
configure: WARNING: FAILURE: rlm_eap_tls requires: OpenSSL.
configure: creating ./config.status
config.status: creating Makefile
config.status: creating config.h
=== configuring in src/modules/rlm_ldap
(/opt/sources/freeradius-server-2.1.1/src/modules/rlm_ldap)
configure: running /bin/sh ./configure
'--prefix=/opt/freeradius-server-2.2.11'
'--localstatedir=/data/freeradius-server' '--with-threads'
'--with-openssl' '--with-openssl-includes=/opt/openssl/includes'
'--with-openssl-libraries=/opt/openssl/lib' '--enable-rlm-sql'
'--enable-rlm-ldap' '--enable-rlm-eap'
'--with-rlm-ldap-lib-dir=/opt/openldap/lib'
'--with-rlm-ldap-include-dir=/opt/openldap/include'
'--with-mysql-lib-dir=/opt/mysql/lib'
'--with-mysql-include-dir=/opt/mysql/include' '--enable-ltdl-install=no'
--cache-file=/dev/null --srcdir=.
checking for gcc... gcc
checking for C compiler default output file name... a.out
checking whether the C compiler works... yes
checking whether we are cross compiling... no
checking for suffix of executables...
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether gcc accepts -g... yes
checking for gcc option to accept ISO C89... none needed
checking for pthread_create in -lpthread... yes
checking for ldap_init in -lldap_r... yes
checking for ldap.h... yes
checking for ldap_start_tls_s... yes
checking for ldap_initialize... yes
checking for ldap_int_tls_config... yes
configure: creating ./config.status
config.status: creating Makefile
=== configuring in ./drivers/rlm_sql_mysql
(/opt/sources/freeradius-server-2.1.1/src/modules/rlm_sql/./drivers/rlm_sql_mysql)
configure: running /bin/sh ./configure
'--prefix=/opt/freeradius-server-2.2.11'
'--localstatedir=/data/freeradius-server' '--with-threads'
'--with-openssl' '--with-openssl-includes=/opt/openssl/includes'
'--with-openssl-libraries=/opt/openssl/lib' '--enable-rlm-sql'
'--enable-rlm-ldap' '--enable-rlm-eap'
'--with-rlm-ldap-lib-dir=/opt/openldap/lib'
'--with-rlm-ldap-include-dir=/opt/openldap/include'
'--with-mysql-lib-dir=/opt/mysql/lib'
'--with-mysql-include-dir=/opt/mysql/include' '--enable-ltdl-install=no'
--cache-file=/dev/null --srcdir=.
checking for gcc... gcc
checking for C compiler default output file name... a.out
checking whether the C compiler works... yes
checking whether we are cross compiling... no
checking for suffix of executables...
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether gcc accepts -g... yes
checking for gcc option to accept ISO C89... none needed
checking for mysql_config... no
checking for pthread_create in -lpthread... yes
checking for mysql_init in -lmysqlclient_r... no
configure: WARNING: MySQL libraries not found. Use
--with-mysql-lib-dir=<path>.
checking for mysql/mysql.h... yes
configure: WARNING: silently not building rlm_sql_mysql.
configure: WARNING: FAILURE: rlm_sql_mysql requires: libmysqlclient_r.
configure: creating ./config.status
config.status: creating Makefile
config.status: creating config.h
2
1
I set up freeradius 2.1.1 for EAP-TTLS, on Debian Lenny. As client I'm
using Ubuntu. When I try to connect, first user, (on the logs, "heruan")
connect successfully, but subsequent users (e.g. "jamila") won't. If I
restart freeradius, and try to connect first with "jamila" and then with
"heruan", "jamila" connects and "heruan" doesn't. The only error I'm
able to see on the log is:
798:[ttls] FAIL: Forcibly stopping session resumption as it is not allowed.
799-[eap] Freeing handler
800-++[eap] returns reject
801-Failed to authenticate the user.
802-Using Post-Auth-Type Reject
803-+- entering group REJECT {...}
But I really don't know what it means.
rad_recv: Access-Request packet from host 192.168.22.1 port 3073, id=1, length=125
User-Name = "heruan"
NAS-IP-Address = 192.168.22.1
Called-Station-Id = "00c049d3f40e"
Calling-Station-Id = "002268c0eb93"
NAS-Identifier = "00c049d3f40e"
NAS-Port = 184
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x0200000b0168657275616e
Message-Authenticator = 0x4bd473610ad7dcfdcb6b1016a23acb10
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "heruan", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 0 length 11
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
++[files] returns noop
[ldap] performing user authorization for heruan
[ldap] WARNING: Deprecated conditional expansion ":-". See "man unlang" for details
[ldap] WARNING: Deprecated conditional expansion ":-". See "man unlang" for details
[ldap] expand: (|(uid=%{Stripped-User-Name:-%{User-Name}})(cn=%{Stripped-User-Name:-%{User-Name}})) -> (|(uid=heruan)(cn=heruan))
[ldap] expand: dc=aldu,dc=net -> dc=aldu,dc=net
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to ldap.laurelin.aldu.net:389, authentication 0
rlm_ldap: bind as cn=radius,dc=aldu,dc=net/RaD-802.1X to ldap.laurelin.aldu.net:389
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind was successful
rlm_ldap: performing search in dc=aldu,dc=net, with filter (|(uid=heruan)(cn=heruan))
[ldap] No default NMAS login sequence
[ldap] looking for check items in directory...
rlm_ldap: sambaNtPassword -> NT-Password == 0x30...
rlm_ldap: sambaLmPassword -> LM-Password == 0x35...
[ldap] looking for reply items in directory...
WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly?
[ldap] user heruan authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
++[ldap] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Normalizing NT-Password from hex encoding
[pap] Normalizing LM-Password from hex encoding
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type md5
rlm_eap_md5: Issuing Challenge
++[eap] returns handled
Sending Access-Challenge of id 1 to 192.168.22.1 port 3073
EAP-Message = 0x010100160410faf366dabc0e2d2eada92aed8a1beef5
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xf46f03b2f46e07fbc157e3e44121daf3
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.22.1 port 3073, id=1, length=138
Cleaning up request 0 ID 1 with timestamp +11
User-Name = "heruan"
NAS-IP-Address = 192.168.22.1
Called-Station-Id = "00c049d3f40e"
Calling-Station-Id = "002268c0eb93"
NAS-Identifier = "00c049d3f40e"
NAS-Port = 184
Framed-MTU = 1400
State = 0xf46f03b2f46e07fbc157e3e44121daf3
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x020100060315
Message-Authenticator = 0x24f629997ec0167cb1d9418bb69bf17a
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "heruan", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 1 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
++[files] returns noop
[ldap] performing user authorization for heruan
[ldap] WARNING: Deprecated conditional expansion ":-". See "man unlang" for details
[ldap] WARNING: Deprecated conditional expansion ":-". See "man unlang" for details
[ldap] expand: (|(uid=%{Stripped-User-Name:-%{User-Name}})(cn=%{Stripped-User-Name:-%{User-Name}})) -> (|(uid=heruan)(cn=heruan))
[ldap] expand: dc=aldu,dc=net -> dc=aldu,dc=net
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in dc=aldu,dc=net, with filter (|(uid=heruan)(cn=heruan))
[ldap] No default NMAS login sequence
[ldap] looking for check items in directory...
rlm_ldap: sambaNtPassword -> NT-Password == 0x30...
rlm_ldap: sambaLmPassword -> LM-Password == 0x35...
[ldap] looking for reply items in directory...
WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly?
[ldap] user heruan authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
++[ldap] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Normalizing NT-Password from hex encoding
[pap] Normalizing LM-Password from hex encoding
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP NAK
[eap] EAP-NAK asked for EAP-Type/ttls
[eap] processing type tls
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 1 to 192.168.22.1 port 3073
EAP-Message = 0x010200061520
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xf46f03b2f56d16fbc157e3e44121daf3
Finished request 1.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.22.1 port 3073, id=1, length=393
Cleaning up request 1 ID 1 with timestamp +12
User-Name = "heruan"
NAS-IP-Address = 192.168.22.1
Called-Station-Id = "00c049d3f40e"
Calling-Station-Id = "002268c0eb93"
NAS-Identifier = "00c049d3f40e"
NAS-Port = 184
Framed-MTU = 1400
State = 0xf46f03b2f56d16fbc157e3e44121daf3
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x02020103150016030100f8010000f4030148e4e7f928c698fc14284694b68c2ce5e5ad5c04a1d79037c24cd9813e14d02400002600390038003500160013000a00330032002f000500040015001200090014001100080006000302010000a4002300a0f3f755f03310a19873fb5975ca54ee2c19ae8be02615dec2639ee3cc859117d420ddfa88ee933ba72797d57219d2866acb542fa1265c6b02b394ac5cc64d3966bf0734b6513619c825c30980461030e1061454aa062afeb5eeebf04c88d7e5aa76a89c98782c6555301c0f8ade20b29e4e83f7c9e005e07cd2c05173f63f944d065e5000f82e19c313290db58e8cb15f75639d97d17ad3a2da20
EAP-Message = 0x1884e21d7209
Message-Authenticator = 0x5ef1bef4e588c171b000e3c9c399544b
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "heruan", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 2 length 253
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/ttls
[eap] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
[ttls] eaptls_verify returned 7
[ttls] Done initial handshake
[ttls] (other): before/accept initialization
[ttls] TLS_accept: before/accept initialization
[ttls] <<< TLS 1.0 Handshake [length 00f8], ClientHello
[ttls] TLS_accept: SSLv3 read client hello A
[ttls] >>> TLS 1.0 Handshake [length 0030], ServerHello
[ttls] TLS_accept: SSLv3 write server hello A
[ttls] >>> TLS 1.0 Handshake [length 0d44], Certificate
[ttls] TLS_accept: SSLv3 write certificate A
[ttls] >>> TLS 1.0 Handshake [length 030d], ServerKeyExchange
[ttls] TLS_accept: SSLv3 write key exchange A
[ttls] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
[ttls] TLS_accept: SSLv3 write server done A
[ttls] TLS_accept: SSLv3 flush data
[ttls] TLS_accept: Need to read more data: SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
[ttls] eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 1 to 192.168.22.1 port 3073
EAP-Message = 0x0103040015c00000109916030100300200002c030148e4e7f9c882e287b5388f22b083365b35904cc0abea3dea125ea2354b8f4df4000039010004002300001603010d440b000d40000d3d0006d2308206ce308204b6a003020102020114300d06092a864886f70d0101050500308181310b30090603550406130249543110300e06035504081307566963656e7a6131153013060355040a130c416c6475204e6574776f726b312d302b06035504031324416c6475204e6574776f726b2043657274696669636174696f6e20417574686f72697479311a301806092a864886f70d010901160b636140616c64752e6e6574301e170d3038303532353137
EAP-Message = 0x343933375a170d3131303532353137343933375a30818a310b3009060355040613024954310f300d060355040813065665726f6e6131153013060355040a130c416c6475204e6574776f726b3111300f060355040b13084c617572656c696e3121301f060355040313187261646975732e6c617572656c696e2e616c64752e6e6574311d301b06092a864886f70d010901160e61646d696e40616c64752e6e657430820222300d06092a864886f70d01010105000382020f003082020a0282020100e1506dc7d5db924cd5f782f63b4a6e95fbe1fbab0a411397f249f7447e65d266d5fcc166684fd5409a0d2ff5b034972c8b69a7e4fd286b102c7d9a
EAP-Message = 0x9a0bd886919dfd9788b679df6ad937124cde203e89c863f10fe1155e09449ef630bb489fe2ec1aac506107ec5f9ce1bd73100992ff5b7863452a6b73e8274e8d4d8ffe8250ed90f83b0739f66bf47fa8d2c6a23f7fd3413b9bb090762d951e4b873ca983e3aaf2690e92b1b2031765f177eecf6046105b6eea4ea422b130eb338aed9be7126ddff6fca11b398463a3e787c33b33851e231721e312da0b979ee794c48b01dc4f59a5cf79cb294c4dc4102abc8e0c93cdcff7ad4228ee4fe5c7ab2a8f4ba2373d0c86d159a2b43e314281120642a1dbe53c7fc5e77c0c32dc5ab8e8cce23e002480f23c31ee7371b2674205b9e48d62f2153082ae67d061
EAP-Message = 0xc368d86793cf6bf20a5721425d2af0e7ffc1a16ebc5d961a44a8d3e11239282767cf346e4c6205d86fc37be511f70dcb5f5f1cb03c971fd8ab68162146ed68476b2c019d1517397bfb956dead83ba2bc3a04a32c071b8654c6bd5b4f0be5e0a144a79bcbc01c259913808239e5ab6c1af15ae2ae5cb21191432312835ead8a68f7e5cb47c5e9ee5fff4d199d8619ad6ad297003fe2b8df4029872064b60c958bb66e41f45da69d5e80f7bceff2817e562fb3e047952f4f821341d039aee30fe5f5b65989bc14826f0203010001a38201443082014030090603551d1304023000301106096086480186f8420101040403020640302e06096086480186f8
EAP-Message = 0x42010d0421161f416c647520
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xf46f03b2f66c16fbc157e3e44121daf3
Finished request 2.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.22.1 port 3073, id=1, length=138
Cleaning up request 2 ID 1 with timestamp +12
User-Name = "heruan"
NAS-IP-Address = 192.168.22.1
Called-Station-Id = "00c049d3f40e"
Calling-Station-Id = "002268c0eb93"
NAS-Identifier = "00c049d3f40e"
NAS-Port = 184
Framed-MTU = 1400
State = 0xf46f03b2f66c16fbc157e3e44121daf3
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x020300061500
Message-Authenticator = 0x0014a82ba883ba4ae3b8e24f61745d69
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "heruan", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 3 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/ttls
[eap] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
[ttls] Received TLS ACK
[ttls] ACK handshake fragment handler
[ttls] eaptls_verify returned 1
[ttls] eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 1 to 192.168.22.1 port 3073
EAP-Message = 0x0104040015c0000010994e6574776f726b20736572766572206365727469666963617465301d0603551d0e0416041486c2b9b3402bae0cb4ed277cd43364ab5d483ceb3081ae0603551d230481a63081a38014fe54771221d91a1005efa50f6f8f886af9cf6447a18187a48184308181310b30090603550406130249543110300e06035504081307566963656e7a6131153013060355040a130c416c6475204e6574776f726b312d302b06035504031324416c6475204e6574776f726b2043657274696669636174696f6e20417574686f72697479311a301806092a864886f70d010901160b636140616c64752e6e6574820100300b0603551d0f0404
EAP-Message = 0x030205a030130603551d25040c300a06082b06010505070301300d06092a864886f70d0101050500038202010081e6d66dea240cd1b99aa67bf1fc1c33f59c3e28412ca6694b1be9bfe8b475c0954b7bee98ed5779654f98edd32d070761641d0b0977704bf918dc81002f6ac48ba27db0b71bfeed4bc8199af442038c9f4bc15e025fe4f86fb5c1b84663d5f3061bff74fe017f3a2e4706b70a6a809c0178b20d98a8af55a3c2cedeba3842d3d120fbc08727984435fac4d4c0dc56ec5ae8b75412935f70242c3c5ff047f8508104b912a2a36ff6cd8860ce938fbcaee40e0b5efb95875b430479d6d3953258a1b824b294be10bae0cf10f2f2983875
EAP-Message = 0x43cdee650acf20db20609ec9df5ee0c144897eb32fe03e5224fb54478169203af95f81345a1f65f589f8115e24fb3e4a9a51b0504751a85dcc79fed0a515c42f1d0e98d55a69f40f3485b3691d2c8fc2ac458c024f911fecf9f87f1319039e129a8da222a245a7822db409b17bc2feca66ecbcd34ff4ffb7f7fb48f472de6bec8227bc2a8b8626b297c4afc54a7165000fe6d34bc56a5119f4b399fd46b5cd77f36f7cc15b884c54348cfc388d2c510a7ff279bf003760f06eee2be7d14e8aef714a65834748992443d7912e7555ba6c842d47eb34cf2a6d8267c4888eb6920b33e23cf1fe1281da00dfacdad69f88fabbbc1fbd034e17a685f07d02fc
EAP-Message = 0xb3b3164bf7c1c959a72bcf820a3f8cd4d9fd1c72bdbfcc9031a62642dcc2fe447440eb99a571b10c936c35036d46e0ba5cb9b70006653082066130820449a003020102020100300d06092a864886f70d0101050500308181310b30090603550406130249543110300e06035504081307566963656e7a6131153013060355040a130c416c6475204e6574776f726b312d302b06035504031324416c6475204e6574776f726b2043657274696669636174696f6e20417574686f72697479311a301806092a864886f70d010901160b636140616c64752e6e6574301e170d3038303532353137313532335a170d3133303532343137313532335a30818131
EAP-Message = 0x0b3009060355040613024954
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xf46f03b2f76b16fbc157e3e44121daf3
Finished request 3.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.22.1 port 3073, id=1, length=138
Cleaning up request 3 ID 1 with timestamp +12
User-Name = "heruan"
NAS-IP-Address = 192.168.22.1
Called-Station-Id = "00c049d3f40e"
Calling-Station-Id = "002268c0eb93"
NAS-Identifier = "00c049d3f40e"
NAS-Port = 184
Framed-MTU = 1400
State = 0xf46f03b2f76b16fbc157e3e44121daf3
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x020400061500
Message-Authenticator = 0x7d696164144cc750f1bdd7cca30cc641
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "heruan", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 4 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/ttls
[eap] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
[ttls] Received TLS ACK
[ttls] ACK handshake fragment handler
[ttls] eaptls_verify returned 1
[ttls] eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 1 to 192.168.22.1 port 3073
EAP-Message = 0x0105040015c0000010993110300e06035504081307566963656e7a6131153013060355040a130c416c6475204e6574776f726b312d302b06035504031324416c6475204e6574776f726b2043657274696669636174696f6e20417574686f72697479311a301806092a864886f70d010901160b636140616c64752e6e657430820222300d06092a864886f70d01010105000382020f003082020a0282020100e352d800a194047d72504330b65278cf22b0a7211472a77939e369cd5121e27e119f05cb3c660aefda12d90bad75dda2b965f831d5a2e1038bbe7c9f8addb1c5ab1efe5be47d2eac1b3972b68bba4c406916c302c35dfd5ef11d36f1a563
EAP-Message = 0x7ae33661b27f2e9bb8843a5319061eb7167d274bb6942dfc1878b7f638ed9b9ff4ac4b9b5bdf094e275ff5b53a0551f24d1e63f35d7cfa96c2e00a5ca504b62f5f32cfc3d8aa6f589de482bedeb65224d6e425144be81e36eab9844dbb0fc5388a29b55a23f34798a90f534e626e102a0f0df13ae0f72fe99fe9dcf3575bd85a628c06fe8f6cc51f69271b4203ebebfa52b49df5fd0171c36f204bd64c8989d1fa45628140ffa19d8285702462b34ae01721197aefcd87fb79d2417705f8ef205f2b59bafe222a077c91c22e2481dfcc02eb6a0be6fc6317bd52289ef787f1bd9fe34b5b92b7485408ef15ebe685d408d77dcbd9ba07755e4ecf657479
EAP-Message = 0x3855e64291199a5a77440faa0101f2b4c85a3a92c62aa075cd4f535b0b0321d7839c7b59c02d61cc77cbf1ec4425b8726d315a3228fba109abe1ede78e13f5cf82fa216cf0193fcc641cf3a4e97b43dd425b7e95cfd5d3c692332ced3bb96d9b6d5a2fbb3777a951e0cbeee0e23cb7b911c728db165f153c1e4e1c68ba690d7fbcb04fb05e78b0363308ca5a67f4a3ba844407f51d3a4796dbdf3bb01739e33a60720418dd0203010001a381e13081de301d0603551d0e04160414fe54771221d91a1005efa50f6f8f886af9cf64473081ae0603551d230481a63081a38014fe54771221d91a1005efa50f6f8f886af9cf6447a18187a4818430818131
EAP-Message = 0x0b30090603550406130249543110300e06035504081307566963656e7a6131153013060355040a130c416c6475204e6574776f726b312d302b06035504031324416c6475204e6574776f726b2043657274696669636174696f6e20417574686f72697479311a301806092a864886f70d010901160b636140616c64752e6e6574820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382020100a53bd0a1d836628f9e26a6c7267136549f18ca3cb6d234a5d055d43abdbcbe0e825def229bdc0cbf3c9f38997a15da051b0ce615e8941940dccd43fb24dbea1ee66af0942af577240d47b79a20ecf28741253f7caef99281
EAP-Message = 0x6fb6b25244e2b2eac310fef7
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xf46f03b2f06a16fbc157e3e44121daf3
Finished request 4.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.22.1 port 3073, id=1, length=138
Cleaning up request 4 ID 1 with timestamp +12
User-Name = "heruan"
NAS-IP-Address = 192.168.22.1
Called-Station-Id = "00c049d3f40e"
Calling-Station-Id = "002268c0eb93"
NAS-Identifier = "00c049d3f40e"
NAS-Port = 184
Framed-MTU = 1400
State = 0xf46f03b2f06a16fbc157e3e44121daf3
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x020500061500
Message-Authenticator = 0x11fda5dbe435a0608c3a63c5155aa8b1
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "heruan", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 5 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/ttls
[eap] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
[ttls] Received TLS ACK
[ttls] ACK handshake fragment handler
[ttls] eaptls_verify returned 1
[ttls] eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 1 to 192.168.22.1 port 3073
EAP-Message = 0x0106040015c000001099d7a86f60a2b967aa0d28ae7fe86fbf4a029e4a6e8ebedbef1eb7c7a344d87591be5b8bb28140d1faec4c4753fac13fb77dab34db643e84a0cb961f8947fc1fc6b0861993319ac5b28086aa3f5b0847b15bb97d24cf1690a3aab0ccff85403dd201abcb1b8b279b4b9ecb641d70269ebc603614afd6c56cbc44c8e0e9ba67661e63c195e60738ae589ce857a6a9e7a38ff15cc4c17f5872efdd743641ce8bf543883c98c8d468635d8c8801b6c8825cd26537ca4f7e1789d4c3bde7c9d1314a1ac5bb5d1eeb2e12ef7a5bb1c3ddef303a68284cd5a53d58aa612852d92b81911302468572546831641111a81733a42bbe129cf9
EAP-Message = 0x85b42790a5eb675e742364bc2cb449da2955062efeaa1f1a661933e9ef6a2d4a85c2611e6cf3b5c42511555c4fcab1e5ea237f8017f3f38d5f84e9adae7549f05128f89779b28586d38257a9883f71939263b4dce4945c13b3048e5f8d6ac94e8eab4c2742671ae683451cfff0bf5aa169f15edf30a7cad9f02ef7d004df5db2d4a8001e10730cdf3b140bc1251ea71d8332b2ddebf0117d6f52cefdde1ba9b055795c10c57b3e53c2160301030d0c000309008080ce0d83f98bb5b938122f41183619678af4e0164cd24f47cb6c69ecf7313e7ac43d06f6fb34b5325985920c43936299b311d655257ed4cb8d3607967a75527d17da7e84e8390ff18b
EAP-Message = 0xc461727d7da6f39a11b49f86374fec2f331e878965be0d120ad32452a0d9b351b542cde08bc415b8cd80d966ff4ca1371789b1853940e300010200807cc6f6044995fd93a17e053ddf0bbe507d882e3d8f3b27b0603f2353af138687dcfe87cb5cb7501fdcea18cc6cf67355c9896c4b0818a0163b9f3679059dc182902310021277c8ffe55414a8e99619a2a24a5e2cb5662ab30c75ec82133715ad9e06688b2bc6963521c823eefb086bd740e00951447f4e4fefd88e19c3e14aaf0200016f9884de001868763f3384f0a37c2d5e5f2c546e5651124ff7d87876d0c6106454b23e7727ce9dad73013ebfd31fea3c127dec695615e88bae6c78975129
EAP-Message = 0xcc255fec0bd31afdd66675c29fb77401b7ec5937c8fa709aeea8a776c95a0cf89bd71b3bbb464ef8e36a22c544f16ae465f82d56b96bd677ef57a679da1d55ac3854111535781c9d7b9669d1981a2dfabe289903cc5b85385e7b30b66d1f6c5aadb55a62dcda6d73fc9eea9a2018376dc0cfeac620c890a0488e14fe3803b4aea478d8c56f1b7e54fbc4871b3a5ead95dae254ac8928fadd6a8051ec5c930834f2b1b18a4de92835fe8e048d8f2bc33fc3a1873813afef40a8c657847def19ac8d8741ec4e812d2cc704dfce92977bcbe1555bbdedf75e569423eb02001d5771060506e05ea83daccecdc39c81c53c66f2970e018b5ae548b7a49d8c1c
EAP-Message = 0xa6fca7afb134ff1b5e08890f
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xf46f03b2f16916fbc157e3e44121daf3
Finished request 5.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.22.1 port 3073, id=1, length=138
Cleaning up request 5 ID 1 with timestamp +12
User-Name = "heruan"
NAS-IP-Address = 192.168.22.1
Called-Station-Id = "00c049d3f40e"
Calling-Station-Id = "002268c0eb93"
NAS-Identifier = "00c049d3f40e"
NAS-Port = 184
Framed-MTU = 1400
State = 0xf46f03b2f16916fbc157e3e44121daf3
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x020600061500
Message-Authenticator = 0xff6b6c02b603f2c9cc862800ffbc096c
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "heruan", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 6 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/ttls
[eap] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
[ttls] Received TLS ACK
[ttls] ACK handshake fragment handler
[ttls] eaptls_verify returned 1
[ttls] eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 1 to 192.168.22.1 port 3073
EAP-Message = 0x010700cb158000001099c703820dae9f500e0be2f038c86fd40cf924c4f49781eaca0617a4348a94f66f6013842f7a5c4c6734194d13e75aad29a67799ad0847d46ebfa076adf64fbb05b63f74cf48162ca2a4f1f6a693fae9a8306134d36da2bd8acfca12e55cfa1b900130559d56e6d67806ed885cc680d7d1615f75fdbbfcedbfff275d973b76e16a92a6306c6ba48597d24e322daa794d8b5b08232c204de060884e7d87b351ab3b707c586b1f30ac8d1fe689217a0fef590288d2e43eed6d3616030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xf46f03b2f26816fbc157e3e44121daf3
Finished request 6.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.22.1 port 3073, id=1, length=336
Cleaning up request 6 ID 1 with timestamp +12
User-Name = "heruan"
NAS-IP-Address = 192.168.22.1
Called-Station-Id = "00c049d3f40e"
Calling-Station-Id = "002268c0eb93"
NAS-Identifier = "00c049d3f40e"
NAS-Port = 184
Framed-MTU = 1400
State = 0xf46f03b2f26816fbc157e3e44121daf3
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x020700cc15001603010086100000820080673f637cef57b74512a57a131307458ae072e52dfbe740e3cbdec7fea4eb4fd68ad80762590666712aadd701da61f1f89e590be9e4f15d0dfcc7b70736b35ae1467b545d59317ef639995905c98045969583090d2f0f92152b475fcdcaafa228da295afc34ee4d671f41c9b737810956da9ece2877c4bec44d24db7f4c53f354140301000101160301003038789a08b245fc126bbe3a24a5624b34f496185bbefc58f52ba017868c9bcc17a8e50158c370342e857fe3e77b61549f
Message-Authenticator = 0xb9d62831c9c7caefdf69c3b99c4d8957
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "heruan", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 7 length 204
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/ttls
[eap] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
[ttls] eaptls_verify returned 7
[ttls] Done initial handshake
[ttls] <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange
[ttls] TLS_accept: SSLv3 read client key exchange A
[ttls] <<< TLS 1.0 ChangeCipherSpec [length 0001]
[ttls] <<< TLS 1.0 Handshake [length 0010], Finished
[ttls] TLS_accept: SSLv3 read finished A
[ttls] >>> TLS 1.0 Handshake [length 00aa]???
[ttls] TLS_accept: unknown state
[ttls] >>> TLS 1.0 ChangeCipherSpec [length 0001]
[ttls] TLS_accept: SSLv3 write change cipher spec A
[ttls] >>> TLS 1.0 Handshake [length 0010], Finished
[ttls] TLS_accept: SSLv3 write finished A
[ttls] TLS_accept: SSLv3 flush data
[ttls] (other): SSL negotiation finished successfully
SSL Connection Established
[ttls] eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 1 to 192.168.22.1 port 3073
EAP-Message = 0x010800f41580000000ea16030100aa040000a60000000000a060ca7c093b0c08609eda8927d1b01099807479bd89282e811614e29108fea13762dd72c299cdd17f1562f34bf674fc2f08625e4fb6c5538c8505002a70f6343a67f117db650d06a50bcab321e759fcb25d0d64732dada6031d6b5597734f447a9ae20c2f490b02262094c018490ec5489cb437f4c93c328c096a73640dbd921b0930f0f3d7f1885822184235fcd23f2cf7bf739a496de5b4dc6a6480b89d4c5a1403010001011603010030e721d41d48f9ebbf90b0d949e20669215f2fa79c9f55b2a6178276e03b4e1fea4d694027607ef7622edb42291c72ee4a
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xf46f03b2f36716fbc157e3e44121daf3
Finished request 7.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.22.1 port 3073, id=1, length=308
Cleaning up request 7 ID 1 with timestamp +12
User-Name = "heruan"
NAS-IP-Address = 192.168.22.1
Called-Station-Id = "00c049d3f40e"
Calling-Station-Id = "002268c0eb93"
NAS-Identifier = "00c049d3f40e"
NAS-Port = 184
Framed-MTU = 1400
State = 0xf46f03b2f36716fbc157e3e44121daf3
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x020800b015001703010020dcff405e309bcc0a01d21f9df29f7399f13a55b30378b767595bc3b11024b5a91703010080aee67219dc7dcd15dfe508647563e4f24f003113bae2c10d9d6fb8dd023da2d3c81bcff3a18c4a2d07c6e27d1e0e2385e3fd86058abe23a074078053446409d45e7ef65e5a6977899a95604f943fa43fdd9d2b70186f66644a916f0cc7673748bf09837d8cc0c3926cc6920a681fd549bd8061977cdc0e7e6c5ff21c849fb5a3
Message-Authenticator = 0x8486851c6545cab5b42fd05d3a183a04
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "heruan", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 8 length 176
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/ttls
[eap] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
[ttls] eaptls_verify returned 7
[ttls] Done initial handshake
[ttls] eaptls_process returned 7
[ttls] Session established. Proceeding to decode tunneled attributes.
[ttls] Got tunneled request
User-Name = "heruan"
MS-CHAP-Challenge = 0x21baa0943340f88f07f8802a8ac6690f
MS-CHAP2-Response = 0x7e0000000019000000c84e1909b04e190903000000000000000085749071e94c2f3f736d3aba3d7874e3961c739ea28340db
FreeRADIUS-Proxied-To = 127.0.0.1
[ttls] Sending tunneled request
User-Name = "heruan"
MS-CHAP-Challenge = 0x21baa0943340f88f07f8802a8ac6690f
MS-CHAP2-Response = 0x7e0000000019000000c84e1909b04e190903000000000000000085749071e94c2f3f736d3aba3d7874e3961c739ea28340db
FreeRADIUS-Proxied-To = 127.0.0.1
server inner-tunnel {
+- entering group authorize {...}
++[chap] returns noop
[mschap] Found MS-CHAP attributes. Setting 'Auth-Type = mschap'
++[mschap] returns ok
++[unix] returns notfound
[suffix] No '@' in User-Name = "heruan", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[control] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[files] returns noop
[ldap] performing user authorization for heruan
[ldap] WARNING: Deprecated conditional expansion ":-". See "man unlang" for details
[ldap] WARNING: Deprecated conditional expansion ":-". See "man unlang" for details
[ldap] expand: (|(uid=%{Stripped-User-Name:-%{User-Name}})(cn=%{Stripped-User-Name:-%{User-Name}})) -> (|(uid=heruan)(cn=heruan))
[ldap] expand: dc=aldu,dc=net -> dc=aldu,dc=net
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in dc=aldu,dc=net, with filter (|(uid=heruan)(cn=heruan))
[ldap] No default NMAS login sequence
[ldap] looking for check items in directory...
rlm_ldap: sambaNtPassword -> NT-Password == 0x30...
rlm_ldap: sambaLmPassword -> LM-Password == 0x35...
[ldap] looking for reply items in directory...
WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly?
[ldap] user heruan authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
++[ldap] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Normalizing NT-Password from hex encoding
[pap] Normalizing LM-Password from hex encoding
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
Found Auth-Type = MSCHAP
+- entering group MS-CHAP {...}
[mschap] Found LM-Password
[mschap] Found NT-Password
[mschap] Told to do MS-CHAPv2 for heruan with NT-Password
[mschap] adding MS-CHAPv2 MPPE keys
++[mschap] returns ok
} # server inner-tunnel
[ttls] Got tunneled reply code 2
MS-CHAP2-Success = 0x7e533d31324145363332353036363734304334343836353236363239423738453843303538363539334346
MS-MPPE-Recv-Key = 0x90e46fe588c50f30b1fabcf942019be5
MS-MPPE-Send-Key = 0xea3ea373e2e1e279c847a7beb2c5f588
MS-MPPE-Encryption-Policy = 0x00000001
MS-MPPE-Encryption-Types = 0x00000006
[ttls] Got tunneled Access-Accept
[ttls] Got MS-CHAP2-Success, tunneling it to the client in a challenge.
++[eap] returns handled
Sending Access-Challenge of id 1 to 192.168.22.1 port 3073
EAP-Message = 0x0109006f1580000000651703010060616bdc70b991cb3ccc5449f13e93a374a0be21787fc7a91d0195a68017ddc3e1c4bcbbcee2e5aaf6bcae29b09aefd237f693eebc4b3ebcba8068dbe3b71e9d6af3236bee9a2efa8358d594a74f65490319ed9e64ef06f10fe8212068c05844a9
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xf46f03b2fc6616fbc157e3e44121daf3
Finished request 8.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.22.1 port 3073, id=1, length=138
Cleaning up request 8 ID 1 with timestamp +12
User-Name = "heruan"
NAS-IP-Address = 192.168.22.1
Called-Station-Id = "00c049d3f40e"
Calling-Station-Id = "002268c0eb93"
NAS-Identifier = "00c049d3f40e"
NAS-Port = 184
Framed-MTU = 1400
State = 0xf46f03b2fc6616fbc157e3e44121daf3
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x020900061500
Message-Authenticator = 0xa01f486fa472b238ae70656c633e9340
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "heruan", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 9 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/ttls
[eap] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
[ttls] Received TLS ACK
[ttls] ACK handshake is finished
[ttls] eaptls_verify returned 3
[ttls] eaptls_process returned 3
[eap] Freeing handler
++[eap] returns ok
+- entering group post-auth {...}
++[exec] returns noop
Sending Access-Accept of id 1 to 192.168.22.1 port 3073
MS-MPPE-Recv-Key = 0xa7d9381f75ce74495aa1f0e6aa017f40e573239eb999d715d95e9ff50ae10569
MS-MPPE-Send-Key = 0xbcc49edaa0afd7e62cbe97392c3c01dd52267bd6454a24b4b1f335618528ec18
EAP-Message = 0x03090004
Message-Authenticator = 0x00000000000000000000000000000000
User-Name = "heruan"
Finished request 9.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 9 ID 1 with timestamp +12
Ready to process requests.
rad_recv: Access-Request packet from host 192.168.22.1 port 3073, id=1, length=125
User-Name = "jamila"
NAS-IP-Address = 192.168.22.1
Called-Station-Id = "00c049d3f40e"
Calling-Station-Id = "002268c0eb93"
NAS-Identifier = "00c049d3f40e"
NAS-Port = 184
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x0200000b016a616d696c61
Message-Authenticator = 0xcdae13a716b61cabbcb70e726276d665
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "jamila", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 0 length 11
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
++[files] returns noop
[ldap] performing user authorization for jamila
[ldap] WARNING: Deprecated conditional expansion ":-". See "man unlang" for details
[ldap] WARNING: Deprecated conditional expansion ":-". See "man unlang" for details
[ldap] expand: (|(uid=%{Stripped-User-Name:-%{User-Name}})(cn=%{Stripped-User-Name:-%{User-Name}})) -> (|(uid=jamila)(cn=jamila))
[ldap] expand: dc=aldu,dc=net -> dc=aldu,dc=net
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in dc=aldu,dc=net, with filter (|(uid=jamila)(cn=jamila))
[ldap] No default NMAS login sequence
[ldap] looking for check items in directory...
rlm_ldap: sambaNtPassword -> NT-Password == 0x44...
rlm_ldap: sambaLmPassword -> LM-Password == 0x42...
[ldap] looking for reply items in directory...
WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly?
[ldap] user jamila authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
++[ldap] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Normalizing NT-Password from hex encoding
[pap] Normalizing LM-Password from hex encoding
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type md5
rlm_eap_md5: Issuing Challenge
++[eap] returns handled
Sending Access-Challenge of id 1 to 192.168.22.1 port 3073
EAP-Message = 0x01010016041067c2d2ac231b541d1ebb9d5e9aef272e
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x7d75f9417d74fd26c22394ad8dcd0b12
Finished request 10.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.22.1 port 3073, id=1, length=138
Cleaning up request 10 ID 1 with timestamp +25
User-Name = "jamila"
NAS-IP-Address = 192.168.22.1
Called-Station-Id = "00c049d3f40e"
Calling-Station-Id = "002268c0eb93"
NAS-Identifier = "00c049d3f40e"
NAS-Port = 184
Framed-MTU = 1400
State = 0x7d75f9417d74fd26c22394ad8dcd0b12
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x020100060315
Message-Authenticator = 0xa8d0e7d17c0e5240d1bb804c2703807d
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "jamila", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 1 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
++[files] returns noop
[ldap] performing user authorization for jamila
[ldap] WARNING: Deprecated conditional expansion ":-". See "man unlang" for details
[ldap] WARNING: Deprecated conditional expansion ":-". See "man unlang" for details
[ldap] expand: (|(uid=%{Stripped-User-Name:-%{User-Name}})(cn=%{Stripped-User-Name:-%{User-Name}})) -> (|(uid=jamila)(cn=jamila))
[ldap] expand: dc=aldu,dc=net -> dc=aldu,dc=net
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in dc=aldu,dc=net, with filter (|(uid=jamila)(cn=jamila))
[ldap] No default NMAS login sequence
[ldap] looking for check items in directory...
rlm_ldap: sambaNtPassword -> NT-Password == 0x44...
rlm_ldap: sambaLmPassword -> LM-Password == 0x42...
[ldap] looking for reply items in directory...
WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly?
[ldap] user jamila authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
++[ldap] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Normalizing NT-Password from hex encoding
[pap] Normalizing LM-Password from hex encoding
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP NAK
[eap] EAP-NAK asked for EAP-Type/ttls
[eap] processing type tls
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 1 to 192.168.22.1 port 3073
EAP-Message = 0x010200061520
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x7d75f9417c77ec26c22394ad8dcd0b12
Finished request 11.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.22.1 port 3073, id=1, length=393
Cleaning up request 11 ID 1 with timestamp +25
User-Name = "jamila"
NAS-IP-Address = 192.168.22.1
Called-Station-Id = "00c049d3f40e"
Calling-Station-Id = "002268c0eb93"
NAS-Identifier = "00c049d3f40e"
NAS-Port = 184
Framed-MTU = 1400
State = 0x7d75f9417c77ec26c22394ad8dcd0b12
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x02020103150016030100f8010000f4030148e4e806522dfb2b7aec334d620648c3c4485a1e0b6d2b0dc25fdd747efeee4600002600390038003500160013000a00330032002f000500040015001200090014001100080006000302010000a4002300a060ca7c093b0c08609eda8927d1b01099807479bd89282e811614e29108fea13762dd72c299cdd17f1562f34bf674fc2f08625e4fb6c5538c8505002a70f6343a67f117db650d06a50bcab321e759fcb25d0d64732dada6031d6b5597734f447a9ae20c2f490b02262094c018490ec5489cb437f4c93c328c096a73640dbd921b0930f0f3d7f1885822184235fcd23f2cf7bf739a496de5b4dc6a
EAP-Message = 0x6480b89d4c5a
Message-Authenticator = 0x89044f83ea2af62d3bcf0b6260d427df
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "jamila", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 2 length 253
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/ttls
[eap] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
[ttls] eaptls_verify returned 7
[ttls] Done initial handshake
[ttls] (other): before/accept initialization
[ttls] TLS_accept: before/accept initialization
[ttls] <<< TLS 1.0 Handshake [length 00f8], ClientHello
[ttls] TLS_accept: SSLv3 read client hello A
[ttls] >>> TLS 1.0 Handshake [length 002a], ServerHello
[ttls] TLS_accept: SSLv3 write server hello A
[ttls] >>> TLS 1.0 ChangeCipherSpec [length 0001]
[ttls] TLS_accept: SSLv3 write change cipher spec A
[ttls] >>> TLS 1.0 Handshake [length 0010], Finished
[ttls] TLS_accept: SSLv3 write finished A
[ttls] TLS_accept: SSLv3 flush data
[ttls] TLS_accept: Need to read more data: SSLv3 read finished A
In SSL Handshake Phase
In SSL Accept mode
[ttls] eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 1 to 192.168.22.1 port 3073
EAP-Message = 0x0103007415800000006a160301002a02000026030148e4e8063dbbed9ca6725e2645bd72a6173fb03e4cb690ea59de42089734b392000039011403010001011603010030d93ac0e280be40fbe5c37337e666f049168441db2ab2559b2c80603a9f691dfa54793f42b378988c90a4dde60351e7b7
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x7d75f9417f76ec26c22394ad8dcd0b12
Finished request 12.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.22.1 port 3073, id=1, length=197
Cleaning up request 12 ID 1 with timestamp +25
User-Name = "jamila"
NAS-IP-Address = 192.168.22.1
Called-Station-Id = "00c049d3f40e"
Calling-Station-Id = "002268c0eb93"
NAS-Identifier = "00c049d3f40e"
NAS-Port = 184
Framed-MTU = 1400
State = 0x7d75f9417f76ec26c22394ad8dcd0b12
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x020300411500140301000101160301003013ca1053acec332d812ff938d32329665b95b49a397a3b018a5ada0c8f43cac051573f2c7f0e18b21941acd317161ed3
Message-Authenticator = 0x600117a5ce085e9040580d94a1a0becf
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "jamila", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 3 length 65
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/ttls
[eap] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
[ttls] eaptls_verify returned 7
[ttls] Done initial handshake
[ttls] <<< TLS 1.0 ChangeCipherSpec [length 0001]
[ttls] <<< TLS 1.0 Handshake [length 0010], Finished
[ttls] TLS_accept: SSLv3 read finished A
[ttls] (other): SSL negotiation finished successfully
SSL Connection Established
SSL Application Data
[ttls] eaptls_process returned 3
[ttls] Skipping Phase2 due to session resumption
[ttls] FAIL: Forcibly stopping session resumption as it is not allowed.
[eap] Freeing handler
++[eap] returns reject
Failed to authenticate the user.
Using Post-Auth-Type Reject
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} -> jamila
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 13 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 13
Sending Access-Reject of id 1 to 192.168.22.1 port 3073
EAP-Message = 0x04030004
Message-Authenticator = 0x00000000000000000000000000000000
Waking up in 4.9 seconds.
Cleaning up request 13 ID 1 with timestamp +25
Ready to process requests.
giovanni@radius.laurelin.aldu.net:~$ xit
3
5
Dear Alan,Ivan and all,
I have compiled FreeRadius V 2.1.1 on SLES 10 SP2 .And after config and make
steps when I tried the 'make Install' to install the binaries. I got an
libtool error and Installation stopped.
Please help in this regard.
SYED
pc1138:/usr/src/packages/BUILD/freeradius-server-2.1.1 #* make install*
gmake[1]: Entering directory
`/usr/src/packages/BUILD/freeradius-server-2.1.1'
Making install in src...
gmake[2]: Entering directory
`/usr/src/packages/BUILD/freeradius-server-2.1.1/src'
gmake[3]: Entering directory
`/usr/src/packages/BUILD/freeradius-server-2.1.1/src'
Making install in include...
gmake[4]: Entering directory
`/usr/src/packages/BUILD/freeradius-server-2.1.1/src/include'
/usr/src/packages/BUILD/freeradius-server-2.1.1/install-sh -c -d -m 755
/usr/local/include/freeradius
for i in hash.h libradius.h md4.h md5.h missing.h packet.h radius.h
radpaths.h sha1.h token.h udpfromto.h vqp.h ident.h ; do \
sed 's/^#include <freeradius-devel/#include <freeradius/' $i >
.inst.$$ ; \
/usr/src/packages/BUILD/freeradius-server-2.1.1/install-sh -c -m 644
.inst.$$ /usr/local/include/freeradius/$i; \
rm -f .inst.$$ ; \
done
gmake[4]: Leaving directory
`/usr/src/packages/BUILD/freeradius-server-2.1.1/src/include'
Making install in lib...
gmake[4]: Entering directory
`/usr/src/packages/BUILD/freeradius-server-2.1.1/src/lib'
/usr/src/packages/BUILD/freeradius-server-2.1.1/install-sh -c -d -m 755
/usr/local/lib
/usr/src/packages/BUILD/freeradius-server-2.1.1/libtool --mode=install
/usr/src/packages/BUILD/freeradius-server-2.1.1/install-sh -c -c
libfreeradius-radius.la \
/usr/local/lib/libfreeradius-radius.la
/usr/src/packages/BUILD/freeradius-server-2.1.1/install-sh -c -c .libs/
libfreeradius-radius-2.1.1.so /usr/local/lib/libfreeradius-radius-2.1.1.so
(cd /usr/local/lib && { ln -s -f
libfreeradius-radius-2.1.1.solibfreeradius-radius.so || { rm -f
libfreeradius-radius.so && ln -s
libfreeradius-radius-2.1.1.so libfreeradius-radius.so; }; })
/usr/src/packages/BUILD/freeradius-server-2.1.1/install-sh -c -c
.libs/libfreeradius-radius.lai /usr/local/lib/libfreeradius-radius.la
/usr/src/packages/BUILD/freeradius-server-2.1.1/install-sh -c -c
.libs/libfreeradius-radius.a /usr/local/lib/libfreeradius-radius.a
chmod 644 /usr/local/lib/libfreeradius-radius.a
ranlib /usr/local/lib/libfreeradius-radius.a
PATH="$PATH:/sbin" ldconfig -n /usr/local/lib
----------------------------------------------------------------------
Libraries have been installed in:
/usr/local/lib
If you ever happen to want to link against installed libraries
in a given directory, LIBDIR, you must either use libtool, and
specify the full pathname of the library, or use the `-LLIBDIR'
flag during linking and do at least one of the following:
- add LIBDIR to the `LD_LIBRARY_PATH' environment variable
during execution
- add LIBDIR to the `LD_RUN_PATH' environment variable
during linking
- use the `-Wl,--rpath -Wl,LIBDIR' linker flag
- have your system administrator add LIBDIR to `/etc/ld.so.conf'
See any operating system documentation about shared libraries for
more information, such as the ld(1) and ld.so(8) manual pages.
----------------------------------------------------------------------
rm -f /usr/local/lib/libfreeradius-radius-2.1.1.la;
ln -s libfreeradius-radius.la /usr/local/lib/libfreeradius-radius-2.1.1.la
gmake[4]: Leaving directory
`/usr/src/packages/BUILD/freeradius-server-2.1.1/src/lib'
Making install in modules...
gmake[4]: Entering directory
`/usr/src/packages/BUILD/freeradius-server-2.1.1/src/modules'
/usr/src/packages/BUILD/freeradius-server-2.1.1/install-sh -c -d -m 755
/usr/local/lib
gmake[5]: Entering directory
`/usr/src/packages/BUILD/freeradius-server-2.1.1/src/modules'
Making install in rlm_acctlog...
gmake[6]: Entering directory
`/usr/src/packages/BUILD/freeradius-server-2.1.1/src/modules/rlm_acctlog'
if [ "xrlm_acctlog" != "x" ]; then \
/usr/src/packages/BUILD/freeradius-server-2.1.1/libtool --mode=install
/usr/src/packages/BUILD/freeradius-server-2.1.1/install-sh -c -c \
rlm_acctlog.la /usr/local/lib/rlm_acctlog.la || exit $?; \
rm -f /usr/local/lib/rlm_acctlog-2.1.1.la; \
ln -s rlm_acctlog.la /usr/local/lib/rlm_acctlog-2.1.1.la || exit $?; \
fi
li*btool: install: error: cannot install `rlm_acctlog.la' to a directory not
ending in /usr/lib/freeradius
gmake[6]: *** [install] Error 1
gmake[6]: Leaving directory
`/usr/src/packages/BUILD/freeradius-server-2.1.1/src/modules/rlm_acctlog'
gmake[5]: *** [common] Error 2
gmake[5]: Leaving directory
`/usr/src/packages/BUILD/freeradius-server-2.1.1/src/modules'
gmake[4]: *** [install] Error 2
gmake[4]: Leaving directory
`/usr/src/packages/BUILD/freeradius-server-2.1.1/src/modules'
gmake[3]: *** [common] Error 2
gmake[3]: Leaving directory
`/usr/src/packages/BUILD/freeradius-server-2.1.1/src'
gmake[2]: *** [install] Error 2
gmake[2]: Leaving directory
`/usr/src/packages/BUILD/freeradius-server-2.1.1/src'
gmake[1]: *** [common] Error 2
gmake[1]: Leaving directory
`/usr/src/packages/BUILD/freeradius-server-2.1.1'
make: *** [install] Error 2
*
2
3
Has anyone come across this error? This happens when I start freeradius
for the first time.
Platform: RedHat ES 4.0
Version: FreeRadius 2.1.1
I have highlighted the message in read. It doesn't matter if I run this
command as root.
Thanks for you help.
AM
sudo ./radiusd -XXXX
Fri Oct 3 14:34:04 2008 : Info: FreeRADIUS Version 2.1.1, for host
i686-pc-linux-gnu, built on Oct 3 2008 at 14:30:11
Fri Oct 3 14:34:04 2008 : Info: Copyright (C) 1999-2008 The FreeRADIUS
server project and contributors.
Fri Oct 3 14:34:04 2008 : Info: There is NO warranty; not even for
MERCHANTABILITY or FITNESS FOR A
Fri Oct 3 14:34:04 2008 : Info: PARTICULAR PURPOSE.
Fri Oct 3 14:34:04 2008 : Info: You may redistribute copies of
FreeRADIUS under the terms of the
Fri Oct 3 14:34:04 2008 : Info: GNU General Public License v2.
Fri Oct 3 14:34:04 2008 : Info: Starting - reading configuration files ...
Fri Oct 3 14:34:04 2008 : Debug: including configuration file
/usr/local/freeradius-2.1.1/etc/raddb/radiusd.conf
Fri Oct 3 14:34:04 2008 : Debug: including configuration file
/usr/local/freeradius-2.1.1/etc/raddb/proxy.conf
Fri Oct 3 14:34:04 2008 : Debug: including configuration file
/usr/local/freeradius-2.1.1/etc/raddb/clients.conf
Fri Oct 3 14:34:04 2008 : Debug: including files in directory
/usr/local/freeradius-2.1.1/etc/raddb/modules/
Fri Oct 3 14:34:04 2008 : Debug: including configuration file
/usr/local/freeradius-2.1.1/etc/raddb/modules/attr_filter
Fri Oct 3 14:34:04 2008 : Debug: including configuration file
/usr/local/freeradius-2.1.1/etc/raddb/modules/always
Fri Oct 3 14:34:04 2008 : Debug: including configuration file
/usr/local/freeradius-2.1.1/etc/raddb/modules/expiration
Fri Oct 3 14:34:04 2008 : Debug: including configuration file
/usr/local/freeradius-2.1.1/etc/raddb/modules/digest
Fri Oct 3 14:34:04 2008 : Debug: including configuration file
/usr/local/freeradius-2.1.1/etc/raddb/modules/echo
Fri Oct 3 14:34:04 2008 : Debug: including configuration file
/usr/local/freeradius-2.1.1/etc/raddb/modules/exec
Fri Oct 3 14:34:04 2008 : Debug: including configuration file
/usr/local/freeradius-2.1.1/etc/raddb/modules/detail.log
Fri Oct 3 14:34:04 2008 : Debug: including configuration file
/usr/local/freeradius-2.1.1/etc/raddb/modules/sradutmp
Fri Oct 3 14:34:04 2008 : Debug: including configuration file
/usr/local/freeradius-2.1.1/etc/raddb/modules/wimax
Fri Oct 3 14:34:04 2008 : Debug: including configuration file
/usr/local/freeradius-2.1.1/etc/raddb/modules/checkval
Fri Oct 3 14:34:04 2008 : Debug: including configuration file
/usr/local/freeradius-2.1.1/etc/raddb/modules/acct_unique
Fri Oct 3 14:34:04 2008 : Debug: including configuration file
/usr/local/freeradius-2.1.1/etc/raddb/modules/preprocess
Fri Oct 3 14:34:04 2008 : Debug: including configuration file
/usr/local/freeradius-2.1.1/etc/raddb/modules/linelog
Fri Oct 3 14:34:04 2008 : Debug: including configuration file
/usr/local/freeradius-2.1.1/etc/raddb/modules/mac2vlan
Fri Oct 3 14:34:04 2008 : Debug: including configuration file
/usr/local/freeradius-2.1.1/etc/raddb/modules/counter
Fri Oct 3 14:34:04 2008 : Debug: including configuration file
/usr/local/freeradius-2.1.1/etc/raddb/modules/etc_group
Fri Oct 3 14:34:04 2008 : Debug: including configuration file
/usr/local/freeradius-2.1.1/etc/raddb/modules/ippool
Fri Oct 3 14:34:04 2008 : Debug: including configuration file
/usr/local/freeradius-2.1.1/etc/raddb/modules/radutmp
Fri Oct 3 14:34:04 2008 : Debug: including configuration file
/usr/local/freeradius-2.1.1/etc/raddb/modules/pap
Fri Oct 3 14:34:04 2008 : Debug: including configuration file
/usr/local/freeradius-2.1.1/etc/raddb/modules/krb5
Fri Oct 3 14:34:04 2008 : Debug: including configuration file
/usr/local/freeradius-2.1.1/etc/raddb/modules/mac2ip
Fri Oct 3 14:34:04 2008 : Debug: including configuration file
/usr/local/freeradius-2.1.1/etc/raddb/modules/detail.example.com
Fri Oct 3 14:34:04 2008 : Debug: including configuration file
/usr/local/freeradius-2.1.1/etc/raddb/modules/ldap
Fri Oct 3 14:34:04 2008 : Debug: including configuration file
/usr/local/freeradius-2.1.1/etc/raddb/modules/files
Fri Oct 3 14:34:04 2008 : Debug: including configuration file
/usr/local/freeradius-2.1.1/etc/raddb/modules/passwd
Fri Oct 3 14:34:04 2008 : Debug: including configuration file
/usr/local/freeradius-2.1.1/etc/raddb/modules/inner-eap
Fri Oct 3 14:34:04 2008 : Debug: including configuration file
/usr/local/freeradius-2.1.1/etc/raddb/modules/mschap
Fri Oct 3 14:34:04 2008 : Debug: including configuration file
/usr/local/freeradius-2.1.1/etc/raddb/modules/expr
Fri Oct 3 14:34:04 2008 : Debug: including configuration file
/usr/local/freeradius-2.1.1/etc/raddb/modules/detail
Fri Oct 3 14:34:04 2008 : Debug: including configuration file
/usr/local/freeradius-2.1.1/etc/raddb/modules/attr_rewrite
Fri Oct 3 14:34:04 2008 : Debug: including configuration file
/usr/local/freeradius-2.1.1/etc/raddb/modules/unix
Fri Oct 3 14:34:04 2008 : Debug: including configuration file
/usr/local/freeradius-2.1.1/etc/raddb/modules/smbpasswd
Fri Oct 3 14:34:04 2008 : Debug: including configuration file
/usr/local/freeradius-2.1.1/etc/raddb/modules/chap
Fri Oct 3 14:34:04 2008 : Debug: including configuration file
/usr/local/freeradius-2.1.1/etc/raddb/modules/pam
Fri Oct 3 14:34:04 2008 : Debug: including configuration file
/usr/local/freeradius-2.1.1/etc/raddb/modules/realm
Fri Oct 3 14:34:04 2008 : Debug: including configuration file
/usr/local/freeradius-2.1.1/etc/raddb/modules/sql_log
Fri Oct 3 14:34:04 2008 : Debug: including configuration file
/usr/local/freeradius-2.1.1/etc/raddb/modules/policy
Fri Oct 3 14:34:04 2008 : Debug: including configuration file
/usr/local/freeradius-2.1.1/etc/raddb/modules/logintime
Fri Oct 3 14:34:04 2008 : Debug: including configuration file
/usr/local/freeradius-2.1.1/etc/raddb/eap.conf
Fri Oct 3 14:34:04 2008 : Debug: including configuration file
/usr/local/freeradius-2.1.1/etc/raddb/sql.conf
Fri Oct 3 14:34:04 2008 : Debug: including configuration file
/usr/local/freeradius-2.1.1/etc/raddb/sql/mysql/dialup.conf
Fri Oct 3 14:34:04 2008 : Debug: including configuration file
/usr/local/freeradius-2.1.1/etc/raddb/sql/mysql/counter.conf
Fri Oct 3 14:34:04 2008 : Debug: including configuration file
/usr/local/freeradius-2.1.1/etc/raddb/policy.conf
Fri Oct 3 14:34:04 2008 : Debug: including files in directory
/usr/local/freeradius-2.1.1/etc/raddb/sites-enabled/
Fri Oct 3 14:34:04 2008 : Debug: including configuration file
/usr/local/freeradius-2.1.1/etc/raddb/sites-enabled/default
Fri Oct 3 14:34:04 2008 : Debug: including configuration file
/usr/local/freeradius-2.1.1/etc/raddb/sites-enabled/inner-tunnel
Fri Oct 3 14:34:04 2008 : Debug: including dictionary file
/usr/local/freeradius-2.1.1/etc/raddb/dictionary
Fri Oct 3 14:34:05 2008 : Debug: main {
Fri Oct 3 14:34:05 2008 : Debug: prefix = "/usr/local/freeradius-2.1.1"
Fri Oct 3 14:34:05 2008 : Debug: localstatedir =
"/usr/local/freeradius-2.1.1/var"
Fri Oct 3 14:34:05 2008 : Debug: logdir =
"/usr/local/freeradius-2.1.1/var/log/radius"
Fri Oct 3 14:34:05 2008 : Debug: libdir =
"/usr/local/freeradius-2.1.1/lib"
Fri Oct 3 14:34:05 2008 : Debug: radacctdir =
"/usr/local/freeradius-2.1.1/var/log/radius/radacct"
Fri Oct 3 14:34:05 2008 : Debug: hostname_lookups = no
Fri Oct 3 14:34:05 2008 : Debug: max_request_time = 30
Fri Oct 3 14:34:05 2008 : Debug: cleanup_delay = 5
Fri Oct 3 14:34:05 2008 : Debug: max_requests = 1024
Fri Oct 3 14:34:05 2008 : Debug: allow_core_dumps = no
Fri Oct 3 14:34:05 2008 : Debug: pidfile =
"/usr/local/freeradius-2.1.1/var/run/radiusd/radiusd.pid"
Fri Oct 3 14:34:05 2008 : Debug: checkrad =
"/usr/local/freeradius-2.1.1/sbin/checkrad"
Fri Oct 3 14:34:05 2008 : Debug: debug_level = 0
Fri Oct 3 14:34:05 2008 : Debug: proxy_requests = yes
Fri Oct 3 14:34:05 2008 : Debug: log {
Fri Oct 3 14:34:05 2008 : Debug: stripped_names = no
Fri Oct 3 14:34:05 2008 : Debug: auth = no
Fri Oct 3 14:34:05 2008 : Debug: auth_badpass = no
Fri Oct 3 14:34:05 2008 : Debug: auth_goodpass = no
Fri Oct 3 14:34:05 2008 : Debug: }
Fri Oct 3 14:34:05 2008 : Debug: security {
Fri Oct 3 14:34:05 2008 : Debug: max_attributes = 200
Fri Oct 3 14:34:05 2008 : Debug: reject_delay = 1
Fri Oct 3 14:34:05 2008 : Debug: status_server = yes
Fri Oct 3 14:34:05 2008 : Debug: }
Fri Oct 3 14:34:05 2008 : Debug: }
Fri Oct 3 14:34:05 2008 : Debug: client localhost {
Fri Oct 3 14:34:05 2008 : Debug: ipaddr = 127.0.0.1
Fri Oct 3 14:34:05 2008 : Debug: require_message_authenticator = no
Fri Oct 3 14:34:05 2008 : Debug: secret = "testing123"
Fri Oct 3 14:34:05 2008 : Debug: nastype = "other"
Fri Oct 3 14:34:05 2008 : Debug: }
Fri Oct 3 14:34:05 2008 : Debug: radiusd: #### Loading Realms and Home
Servers ####
Fri Oct 3 14:34:05 2008 : Debug: proxy server {
Fri Oct 3 14:34:05 2008 : Debug: retry_delay = 5
Fri Oct 3 14:34:05 2008 : Debug: retry_count = 3
Fri Oct 3 14:34:05 2008 : Debug: default_fallback = no
Fri Oct 3 14:34:05 2008 : Debug: dead_time = 120
Fri Oct 3 14:34:05 2008 : Debug: wake_all_if_all_dead = no
Fri Oct 3 14:34:05 2008 : Debug: }
Fri Oct 3 14:34:05 2008 : Debug: home_server localhost {
Fri Oct 3 14:34:05 2008 : Debug: ipaddr = 127.0.0.1
Fri Oct 3 14:34:05 2008 : Debug: port = 1812
Fri Oct 3 14:34:05 2008 : Debug: type = "auth"
Fri Oct 3 14:34:05 2008 : Debug: secret = "testing123"
Fri Oct 3 14:34:05 2008 : Debug: response_window = 20
Fri Oct 3 14:34:05 2008 : Debug: max_outstanding = 65536
Fri Oct 3 14:34:05 2008 : Debug: zombie_period = 40
Fri Oct 3 14:34:05 2008 : Debug: status_check = "status-server"
Fri Oct 3 14:34:05 2008 : Debug: ping_interval = 30
Fri Oct 3 14:34:05 2008 : Debug: check_interval = 30
Fri Oct 3 14:34:05 2008 : Debug: num_answers_to_alive = 3
Fri Oct 3 14:34:05 2008 : Debug: num_pings_to_alive = 3
Fri Oct 3 14:34:05 2008 : Debug: revive_interval = 120
Fri Oct 3 14:34:05 2008 : Debug: status_check_timeout = 4
Fri Oct 3 14:34:05 2008 : Debug: }
Fri Oct 3 14:34:05 2008 : Debug: home_server_pool my_auth_failover {
Fri Oct 3 14:34:05 2008 : Debug: type = fail-over
Fri Oct 3 14:34:05 2008 : Debug: home_server = localhost
Fri Oct 3 14:34:05 2008 : Debug: }
Fri Oct 3 14:34:05 2008 : Debug: realm example.com {
Fri Oct 3 14:34:05 2008 : Debug: auth_pool = my_auth_failover
Fri Oct 3 14:34:05 2008 : Debug: }
Fri Oct 3 14:34:05 2008 : Debug: realm LOCAL {
Fri Oct 3 14:34:05 2008 : Debug: }
Fri Oct 3 14:34:05 2008 : Debug: radiusd: #### Instantiating modules ####
Fri Oct 3 14:34:05 2008 : Debug: instantiate {
Fri Oct 3 14:34:05 2008 : Debug: (Loaded rlm_exec, checking if it's
valid)
Fri Oct 3 14:34:05 2008 : Debug: Module: Linked to module rlm_exec
Fri Oct 3 14:34:05 2008 : Debug: Module: Instantiating exec
Fri Oct 3 14:34:05 2008 : Debug: exec {
Fri Oct 3 14:34:05 2008 : Debug: wait = no
Fri Oct 3 14:34:05 2008 : Debug: input_pairs = "request"
Fri Oct 3 14:34:05 2008 : Debug: shell_escape = yes
Fri Oct 3 14:34:05 2008 : Debug: }
Fri Oct 3 14:34:05 2008 : Debug: (Loaded rlm_expr, checking if it's
valid)
Fri Oct 3 14:34:05 2008 : Debug: Module: Linked to module rlm_expr
Fri Oct 3 14:34:05 2008 : Debug: Module: Instantiating expr
Fri Oct 3 14:34:05 2008 : Debug: (Loaded rlm_expiration, checking
if it's valid)
Fri Oct 3 14:34:05 2008 : Debug: Module: Linked to module rlm_expiration
Fri Oct 3 14:34:05 2008 : Debug: Module: Instantiating expiration
Fri Oct 3 14:34:05 2008 : Debug: expiration {
Fri Oct 3 14:34:05 2008 : Debug: reply-message = "Password Has
Expired "
Fri Oct 3 14:34:05 2008 : Debug: }
Fri Oct 3 14:34:05 2008 : Debug: (Loaded rlm_logintime, checking if
it's valid)
Fri Oct 3 14:34:05 2008 : Debug: Module: Linked to module rlm_logintime
Fri Oct 3 14:34:05 2008 : Debug: Module: Instantiating logintime
Fri Oct 3 14:34:05 2008 : Debug: logintime {
Fri Oct 3 14:34:05 2008 : Debug: reply-message = "You are calling
outside your allowed timespan "
Fri Oct 3 14:34:05 2008 : Debug: minimum-timeout = 60
Fri Oct 3 14:34:05 2008 : Debug: }
Fri Oct 3 14:34:05 2008 : Debug: }
Fri Oct 3 14:34:05 2008 : Debug: radiusd: #### Loading Virtual Servers ####
Fri Oct 3 14:34:05 2008 : Debug: server inner-tunnel {
Fri Oct 3 14:34:05 2008 : Debug: modules {
Fri Oct 3 14:34:05 2008 : Debug: Module: Checking authenticate {...}
for more modules to load
Fri Oct 3 14:34:05 2008 : Debug: (Loaded rlm_pap, checking if it's
valid)
Fri Oct 3 14:34:05 2008 : Debug: Module: Linked to module rlm_pap
Fri Oct 3 14:34:05 2008 : Debug: Module: Instantiating pap
Fri Oct 3 14:34:05 2008 : Debug: pap {
Fri Oct 3 14:34:05 2008 : Debug: encryption_scheme = "auto"
Fri Oct 3 14:34:05 2008 : Debug: auto_header = no
Fri Oct 3 14:34:05 2008 : Debug: }
Fri Oct 3 14:34:05 2008 : Debug: (Loaded rlm_chap, checking if it's
valid)
Fri Oct 3 14:34:05 2008 : Debug: Module: Linked to module rlm_chap
Fri Oct 3 14:34:05 2008 : Debug: Module: Instantiating chap
Fri Oct 3 14:34:05 2008 : Debug: (Loaded rlm_mschap, checking if
it's valid)
Fri Oct 3 14:34:05 2008 : Debug: Module: Linked to module rlm_mschap
Fri Oct 3 14:34:05 2008 : Debug: Module: Instantiating mschap
Fri Oct 3 14:34:05 2008 : Debug: mschap {
Fri Oct 3 14:34:05 2008 : Debug: use_mppe = yes
Fri Oct 3 14:34:05 2008 : Debug: require_encryption = no
Fri Oct 3 14:34:05 2008 : Debug: require_strong = no
Fri Oct 3 14:34:05 2008 : Debug: with_ntdomain_hack = no
Fri Oct 3 14:34:05 2008 : Debug: }
Fri Oct 3 14:34:05 2008 : Debug: (Loaded rlm_unix, checking if it's
valid)
Fri Oct 3 14:34:05 2008 : Debug: Module: Linked to module rlm_unix
Fri Oct 3 14:34:05 2008 : Debug: Module: Instantiating unix
Fri Oct 3 14:34:05 2008 : Debug: unix {
Fri Oct 3 14:34:05 2008 : Debug: radwtmp =
"/usr/local/freeradius-2.1.1/var/log/radius/radwtmp"
Fri Oct 3 14:34:05 2008 : Debug: }
Fri Oct 3 14:34:05 2008 : Debug: (Loaded rlm_eap, checking if it's
valid)
Fri Oct 3 14:34:05 2008 : Debug: Module: Linked to module rlm_eap
Fri Oct 3 14:34:05 2008 : Debug: Module: Instantiating eap
Fri Oct 3 14:34:05 2008 : Debug: eap {
Fri Oct 3 14:34:05 2008 : Debug: default_eap_type = "md5"
Fri Oct 3 14:34:05 2008 : Debug: timer_expire = 60
Fri Oct 3 14:34:05 2008 : Debug: ignore_unknown_eap_types = no
Fri Oct 3 14:34:05 2008 : Debug: cisco_accounting_username_bug = no
Fri Oct 3 14:34:05 2008 : Debug: max_sessions = 2048
Fri Oct 3 14:34:05 2008 : Debug: }
Fri Oct 3 14:34:05 2008 : Debug: Module: Linked to sub-module rlm_eap_md5
Fri Oct 3 14:34:05 2008 : Debug: Module: Instantiating eap-md5
Fri Oct 3 14:34:05 2008 : Debug: Module: Linked to sub-module rlm_eap_leap
Fri Oct 3 14:34:05 2008 : Debug: Module: Instantiating eap-leap
Fri Oct 3 14:34:05 2008 : Debug: Module: Linked to sub-module rlm_eap_gtc
Fri Oct 3 14:34:05 2008 : Debug: Module: Instantiating eap-gtc
Fri Oct 3 14:34:05 2008 : Debug: gtc {
Fri Oct 3 14:34:05 2008 : Debug: challenge = "Password: "
Fri Oct 3 14:34:05 2008 : Debug: auth_type = "PAP"
Fri Oct 3 14:34:05 2008 : Debug: }
Fri Oct 3 14:34:05 2008 : Debug: Module: Linked to sub-module rlm_eap_tls
Fri Oct 3 14:34:05 2008 : Debug: Module: Instantiating eap-tls
Fri Oct 3 14:34:05 2008 : Debug: tls {
Fri Oct 3 14:34:05 2008 : Debug: rsa_key_exchange = no
Fri Oct 3 14:34:05 2008 : Debug: dh_key_exchange = yes
Fri Oct 3 14:34:05 2008 : Debug: rsa_key_length = 512
Fri Oct 3 14:34:05 2008 : Debug: dh_key_length = 512
Fri Oct 3 14:34:05 2008 : Debug: verify_depth = 0
Fri Oct 3 14:34:05 2008 : Debug: pem_file_type = yes
Fri Oct 3 14:34:05 2008 : Debug: private_key_file =
"/usr/local/freeradius-2.1.1/etc/raddb/certs/server.pem"
Fri Oct 3 14:34:05 2008 : Debug: certificate_file =
"/usr/local/freeradius-2.1.1/etc/raddb/certs/server.pem"
Fri Oct 3 14:34:05 2008 : Debug: CA_file =
"/usr/local/freeradius-2.1.1/etc/raddb/certs/ca.pem"
Fri Oct 3 14:34:05 2008 : Debug: private_key_password = "whatever"
Fri Oct 3 14:34:05 2008 : Debug: dh_file =
"/usr/local/freeradius-2.1.1/etc/raddb/certs/dh"
Fri Oct 3 14:34:05 2008 : Debug: random_file =
"/usr/local/freeradius-2.1.1/etc/raddb/certs/random"
Fri Oct 3 14:34:05 2008 : Debug: fragment_size = 1024
Fri Oct 3 14:34:05 2008 : Debug: include_length = yes
Fri Oct 3 14:34:05 2008 : Debug: check_crl = no
Fri Oct 3 14:34:05 2008 : Debug: cipher_list = "DEFAULT"
Fri Oct 3 14:34:05 2008 : Debug: make_cert_command =
"/usr/local/freeradius-2.1.1/etc/raddb/certs/bootstrap"
Fri Oct 3 14:34:05 2008 : Debug: cache {
Fri Oct 3 14:34:05 2008 : Debug: enable = no
Fri Oct 3 14:34:05 2008 : Debug: lifetime = 24
Fri Oct 3 14:34:05 2008 : Debug: max_entries = 255
Fri Oct 3 14:34:05 2008 : Debug: }
Fri Oct 3 14:34:05 2008 : Debug: }
Generating DH parameters, 1024 bit long safe prime, generator 2
This is going to take a long time
..............................+....................+..............+....+....................................................................+..........................................................................
...................................+..................................................................................+.......+.......................................................................+.................
..............+.....+..+.................+...............................+......+..................................................................................................................................+..
.........................................+.......+.....................................................+...............+.............................................................................................
..................+.........+.............+...................................+...+.......+......+.............+......................+.....................+......+.+..........................................
.............+.........................................+......................+..............+...........................+.............................................................................................
............................................................................................................................+.............................................................+...............................
...................................................................................................................................................................................................+.......................
............+...+.................................................................+
+........................+......................................................++*++*++*
*unable to write 'random state'
Generating a 2048 bit RSA private key*
....................................+++
....................+++
*unable to write 'random state'
writing new private key to 'server.key'*
-----
Generating a 2048 bit RSA private key
..............+++
.*+++
unable to write 'random state'
writing new private key to 'ca.key'*
-----
Using configuration from ./server.cnf
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number: 1 (0x1)
Validity
Not Before: Oct 3 18:34:45 2008 GMT
Not After : Oct 3 18:34:45 2009 GMT
Subject:
countryName = FR
stateOrProvinceName = Radius
organizationName = Example Inc.
commonName = Example Server Certificate
emailAddress = admin(a)example.com
X509v3 extensions:
X509v3 Extended Key Usage:
TLS Web Server Authentication
Certificate is to be certified until Oct 3 18:34:45 2009 GMT (365 days)
*Write out database with 1 new entries
Data Base Updated
unable to write 'random state'
unable to write 'random state'*
MAC verified OK
Fri Oct 3 14:34:45 2008 : Debug: Exec-Program output: openssl dhparam
-out dh 1024 openssl req -new -out server.csr -keyout server.key
-config ./server.cnf openssl req -new -x509 -keyout ca.key -out ca.pem
-config ./ca.cnf openssl ca -batch -keyfile ca.key -cert ca.pem -in
server.csr -key `grep output_password ca.cnf | sed 's/.*=//;s/^ *//'`
-out server.crt -extensions xpserver_ext -extfile xpextensions -config
./server.cnf openssl pkcs12 -export -in server.crt -inkey server.key
-out server.p12 -passin pass:`grep output_password server.cnf | sed
's/.*=//;s/^ *//'` -passout pass:`grep output_password server.cnf | sed
's/.*=//;s/^ *//'` openssl pkcs12 -in server.p12 -out server.pem -passin
pass:`grep output_password server.cnf | sed 's/.*=//;s/^ *//'` -passout
pass:`grep output_password server.cnf | sed 's/.*=//;s/^ *//'` openssl
x509 -inform PEM -outform DER -in ca.pem -out ca.der
Fri Oct 3 14:34:45 2008 : Debug: Exec-Program-Wait: plaintext: openssl
dhparam -out dh 1024 openssl req -new -out server.csr -keyout
server.key -config ./server.cnf openssl req -new -x509 -keyout ca.key
-out ca.pem -config ./ca.cnf openssl ca -batch -keyfile ca.key -cert
ca.pem -in server.csr -key `grep output_password ca.cnf | sed
's/.*=//;s/^ *//'` -out server.crt -extensions xpserver_ext -extfile
xpextensions -config ./server.cnf openssl pkcs12 -export -in server.crt
-inkey server.key -out server.p12 -passin pass:`grep output_password
server.cnf | sed 's/.*=//;s/^ *//'` -passout pass:`grep output_password
server.cnf | sed 's/.*=//;s/^ *//'` openssl pkcs12 -in server.p12 -out
server.pem -passin pass:`grep output_password server.cnf | sed
's/.*=//;s/^ *//'` -passout pass:`grep output_password server.cnf | sed
's/.*=//;s/^ *//'` openssl x509 -inform PEM -outform DER -in ca.pem -out
ca.der
Fri Oct 3 14:34:45 2008 : Debug: Exec-Program: returned: 0
Fri Oct 3 14:34:45 2008 : Debug: Module: Linked to sub-module rlm_eap_ttls
Fri Oct 3 14:34:45 2008 : Debug: Module: Instantiating eap-ttls
Fri Oct 3 14:34:45 2008 : Debug: ttls {
Fri Oct 3 14:34:45 2008 : Debug: default_eap_type = "md5"
Fri Oct 3 14:34:45 2008 : Debug: copy_request_to_tunnel = no
Fri Oct 3 14:34:45 2008 : Debug: use_tunneled_reply = no
Fri Oct 3 14:34:45 2008 : Debug: virtual_server = "inner-tunnel"
Fri Oct 3 14:34:45 2008 : Debug: }
Fri Oct 3 14:34:45 2008 : Debug: Module: Linked to sub-module rlm_eap_peap
Fri Oct 3 14:34:45 2008 : Debug: Module: Instantiating eap-peap
Fri Oct 3 14:34:45 2008 : Debug: peap {
Fri Oct 3 14:34:45 2008 : Debug: default_eap_type = "mschapv2"
Fri Oct 3 14:34:45 2008 : Debug: copy_request_to_tunnel = no
Fri Oct 3 14:34:45 2008 : Debug: use_tunneled_reply = no
Fri Oct 3 14:34:45 2008 : Debug: proxy_tunneled_request_as_eap = yes
Fri Oct 3 14:34:45 2008 : Debug: virtual_server = "inner-tunnel"
Fri Oct 3 14:34:45 2008 : Debug: }
Fri Oct 3 14:34:45 2008 : Debug: Module: Linked to sub-module
rlm_eap_mschapv2
Fri Oct 3 14:34:45 2008 : Debug: Module: Instantiating eap-mschapv2
Fri Oct 3 14:34:45 2008 : Debug: mschapv2 {
Fri Oct 3 14:34:45 2008 : Debug: with_ntdomain_hack = no
Fri Oct 3 14:34:45 2008 : Debug: }
Fri Oct 3 14:34:45 2008 : Debug: Module: Checking authorize {...} for
more modules to load
Fri Oct 3 14:34:45 2008 : Debug: (Loaded rlm_realm, checking if
it's valid)
Fri Oct 3 14:34:45 2008 : Debug: Module: Linked to module rlm_realm
Fri Oct 3 14:34:45 2008 : Debug: Module: Instantiating suffix
Fri Oct 3 14:34:45 2008 : Debug: realm suffix {
Fri Oct 3 14:34:45 2008 : Debug: format = "suffix"
Fri Oct 3 14:34:45 2008 : Debug: delimiter = "@"
Fri Oct 3 14:34:45 2008 : Debug: ignore_default = no
Fri Oct 3 14:34:45 2008 : Debug: ignore_null = no
Fri Oct 3 14:34:45 2008 : Debug: }
Fri Oct 3 14:34:45 2008 : Debug: (Loaded rlm_files, checking if
it's valid)
Fri Oct 3 14:34:45 2008 : Debug: Module: Linked to module rlm_files
Fri Oct 3 14:34:45 2008 : Debug: Module: Instantiating files
Fri Oct 3 14:34:45 2008 : Debug: files {
Fri Oct 3 14:34:45 2008 : Debug: usersfile =
"/usr/local/freeradius-2.1.1/etc/raddb/users"
Fri Oct 3 14:34:45 2008 : Debug: acctusersfile =
"/usr/local/freeradius-2.1.1/etc/raddb/acct_users"
Fri Oct 3 14:34:45 2008 : Debug: preproxy_usersfile =
"/usr/local/freeradius-2.1.1/etc/raddb/preproxy_users"
Fri Oct 3 14:34:45 2008 : Debug: compat = "no"
Fri Oct 3 14:34:45 2008 : Debug: }
Fri Oct 3 14:34:45 2008 : Debug: Module: Checking session {...} for
more modules to load
Fri Oct 3 14:34:45 2008 : Debug: (Loaded rlm_radutmp, checking if
it's valid)
Fri Oct 3 14:34:45 2008 : Debug: Module: Linked to module rlm_radutmp
Fri Oct 3 14:34:45 2008 : Debug: Module: Instantiating radutmp
Fri Oct 3 14:34:45 2008 : Debug: radutmp {
Fri Oct 3 14:34:45 2008 : Debug: filename =
"/usr/local/freeradius-2.1.1/var/log/radius/radutmp"
Fri Oct 3 14:34:45 2008 : Debug: username = "%{User-Name}"
Fri Oct 3 14:34:45 2008 : Debug: case_sensitive = yes
Fri Oct 3 14:34:45 2008 : Debug: check_with_nas = yes
Fri Oct 3 14:34:45 2008 : Debug: perm = 384
Fri Oct 3 14:34:45 2008 : Debug: callerid = yes
Fri Oct 3 14:34:45 2008 : Debug: }
Fri Oct 3 14:34:45 2008 : Debug: Module: Checking post-proxy {...} for
more modules to load
Fri Oct 3 14:34:45 2008 : Debug: Module: Checking post-auth {...} for
more modules to load
Fri Oct 3 14:34:45 2008 : Debug: (Loaded rlm_attr_filter, checking
if it's valid)
Fri Oct 3 14:34:45 2008 : Debug: Module: Linked to module rlm_attr_filter
Fri Oct 3 14:34:45 2008 : Debug: Module: Instantiating
attr_filter.access_reject
Fri Oct 3 14:34:45 2008 : Debug: attr_filter attr_filter.access_reject {
Fri Oct 3 14:34:45 2008 : Debug: attrsfile =
"/usr/local/freeradius-2.1.1/etc/raddb/attrs.access_reject"
Fri Oct 3 14:34:45 2008 : Debug: key = "%{User-Name}"
Fri Oct 3 14:34:45 2008 : Debug: }
Fri Oct 3 14:34:45 2008 : Debug: }
Fri Oct 3 14:34:45 2008 : Debug: }
Fri Oct 3 14:34:45 2008 : Debug: modules {
Fri Oct 3 14:34:45 2008 : Debug: Module: Checking authenticate {...}
for more modules to load
Fri Oct 3 14:34:45 2008 : Debug: Module: Checking authorize {...} for
more modules to load
Fri Oct 3 14:34:45 2008 : Debug: (Loaded rlm_preprocess, checking
if it's valid)
Fri Oct 3 14:34:45 2008 : Debug: Module: Linked to module rlm_preprocess
Fri Oct 3 14:34:45 2008 : Debug: Module: Instantiating preprocess
Fri Oct 3 14:34:45 2008 : Debug: preprocess {
Fri Oct 3 14:34:45 2008 : Debug: huntgroups =
"/usr/local/freeradius-2.1.1/etc/raddb/huntgroups"
Fri Oct 3 14:34:45 2008 : Debug: hints =
"/usr/local/freeradius-2.1.1/etc/raddb/hints"
Fri Oct 3 14:34:45 2008 : Debug: with_ascend_hack = no
Fri Oct 3 14:34:45 2008 : Debug: ascend_channels_per_line = 23
Fri Oct 3 14:34:45 2008 : Debug: with_ntdomain_hack = no
Fri Oct 3 14:34:45 2008 : Debug: with_specialix_jetstream_hack = no
Fri Oct 3 14:34:45 2008 : Debug: with_cisco_vsa_hack = no
Fri Oct 3 14:34:45 2008 : Debug: with_alvarion_vsa_hack = no
Fri Oct 3 14:34:45 2008 : Debug: }
Fri Oct 3 14:34:45 2008 : Debug: Module: Checking preacct {...} for
more modules to load
Fri Oct 3 14:34:45 2008 : Debug: (Loaded rlm_acct_unique, checking
if it's valid)
Fri Oct 3 14:34:45 2008 : Debug: Module: Linked to module rlm_acct_unique
Fri Oct 3 14:34:45 2008 : Debug: Module: Instantiating acct_unique
Fri Oct 3 14:34:45 2008 : Debug: acct_unique {
Fri Oct 3 14:34:45 2008 : Debug: key = "User-Name, Acct-Session-Id,
NAS-IP-Address, Client-IP-Address, NAS-Port"
Fri Oct 3 14:34:45 2008 : Debug: }
Fri Oct 3 14:34:45 2008 : Debug: Module: Checking accounting {...} for
more modules to load
Fri Oct 3 14:34:45 2008 : Debug: (Loaded rlm_detail, checking if
it's valid)
Fri Oct 3 14:34:45 2008 : Debug: Module: Linked to module rlm_detail
Fri Oct 3 14:34:45 2008 : Debug: Module: Instantiating detail
Fri Oct 3 14:34:45 2008 : Debug: detail {
Fri Oct 3 14:34:45 2008 : Debug: detailfile =
"/usr/local/freeradius-2.1.1/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
Fri Oct 3 14:34:45 2008 : Debug: header = "%t"
Fri Oct 3 14:34:45 2008 : Debug: detailperm = 384
Fri Oct 3 14:34:45 2008 : Debug: dirperm = 493
Fri Oct 3 14:34:45 2008 : Debug: locking = no
Fri Oct 3 14:34:45 2008 : Debug: log_packet_header = no
Fri Oct 3 14:34:45 2008 : Debug: }
Fri Oct 3 14:34:45 2008 : Debug: Module: Instantiating
attr_filter.accounting_response
Fri Oct 3 14:34:45 2008 : Debug: attr_filter
attr_filter.accounting_response {
Fri Oct 3 14:34:45 2008 : Debug: attrsfile =
"/usr/local/freeradius-2.1.1/etc/raddb/attrs.accounting_response"
Fri Oct 3 14:34:45 2008 : Debug: key = "%{User-Name}"
Fri Oct 3 14:34:45 2008 : Debug: }
Fri Oct 3 14:34:45 2008 : Debug: Module: Checking session {...} for
more modules to load
Fri Oct 3 14:34:45 2008 : Debug: Module: Checking post-proxy {...} for
more modules to load
Fri Oct 3 14:34:45 2008 : Debug: Module: Checking post-auth {...} for
more modules to load
Fri Oct 3 14:34:45 2008 : Debug: }
Fri Oct 3 14:34:45 2008 : Debug: radiusd: #### Opening IP addresses and
Ports ####
Fri Oct 3 14:34:45 2008 : Debug: listen {
Fri Oct 3 14:34:45 2008 : Debug: type = "auth"
Fri Oct 3 14:34:45 2008 : Debug: ipaddr = *
Fri Oct 3 14:34:45 2008 : Debug: port = 0
Fri Oct 3 14:34:45 2008 : Debug: }
Fri Oct 3 14:34:45 2008 : Debug: listen {
Fri Oct 3 14:34:45 2008 : Debug: type = "acct"
Fri Oct 3 14:34:45 2008 : Debug: ipaddr = *
Fri Oct 3 14:34:45 2008 : Debug: port = 0
Fri Oct 3 14:34:45 2008 : Debug: }
Fri Oct 3 14:34:45 2008 : Debug: Listening on authentication address *
port 1812
Fri Oct 3 14:34:45 2008 : Debug: Listening on accounting address * port
1813
Fri Oct 3 14:34:45 2008 : Debug: Listening on proxy address * port 1814
Fri Oct 3 14:34:45 2008 : Debug: Ready to process requests.
3
3
Has anyone come across this error? This happens when I start freeradius
for the first time.
Platform: RedHat ES 4.0
Version: FreeRadius 2.1.1
I have highlighted the message in read. It doesn't matter if I run this
command as root.
Thanks for you help.
Sorry if this is posted twice.
AM
sudo ./radiusd -XXXX
Fri Oct 3 14:34:04 2008 : Info: FreeRADIUS Version 2.1.1, for host
i686-pc-linux-gnu, built on Oct 3 2008 at 14:30:11
Fri Oct 3 14:34:04 2008 : Info: Copyright (C) 1999-2008 The FreeRADIUS
server project and contributors.
Fri Oct 3 14:34:04 2008 : Info: There is NO warranty; not even for
MERCHANTABILITY or FITNESS FOR A
Fri Oct 3 14:34:04 2008 : Info: PARTICULAR PURPOSE.
Fri Oct 3 14:34:04 2008 : Info: You may redistribute copies of
FreeRADIUS under the terms of the
Fri Oct 3 14:34:04 2008 : Info: GNU General Public License v2.
Fri Oct 3 14:34:04 2008 : Info: Starting - reading configuration files ...
Fri Oct 3 14:34:04 2008 : Debug: including configuration file
/usr/local/freeradius-2.1.1/etc/raddb/radiusd.conf
Fri Oct 3 14:34:04 2008 : Debug: including configuration file
/usr/local/freeradius-2.1.1/etc/raddb/proxy.conf
Fri Oct 3 14:34:04 2008 : Debug: including configuration file
/usr/local/freeradius-2.1.1/etc/raddb/clients.conf
Fri Oct 3 14:34:04 2008 : Debug: including files in directory
/usr/local/freeradius-2.1.1/etc/raddb/modules/
Fri Oct 3 14:34:04 2008 : Debug: including configuration file
/usr/local/freeradius-2.1.1/etc/raddb/modules/attr_filter
Fri Oct 3 14:34:04 2008 : Debug: including configuration file
/usr/local/freeradius-2.1.1/etc/raddb/modules/always
Fri Oct 3 14:34:04 2008 : Debug: including configuration file
/usr/local/freeradius-2.1.1/etc/raddb/modules/expiration
Fri Oct 3 14:34:04 2008 : Debug: including configuration file
/usr/local/freeradius-2.1.1/etc/raddb/modules/digest
Fri Oct 3 14:34:04 2008 : Debug: including configuration file
/usr/local/freeradius-2.1.1/etc/raddb/modules/echo
Fri Oct 3 14:34:04 2008 : Debug: including configuration file
/usr/local/freeradius-2.1.1/etc/raddb/modules/exec
Fri Oct 3 14:34:04 2008 : Debug: including configuration file
/usr/local/freeradius-2.1.1/etc/raddb/modules/detail.log
Fri Oct 3 14:34:04 2008 : Debug: including configuration file
/usr/local/freeradius-2.1.1/etc/raddb/modules/sradutmp
Fri Oct 3 14:34:04 2008 : Debug: including configuration file
/usr/local/freeradius-2.1.1/etc/raddb/modules/wimax
Fri Oct 3 14:34:04 2008 : Debug: including configuration file
/usr/local/freeradius-2.1.1/etc/raddb/modules/checkval
Fri Oct 3 14:34:04 2008 : Debug: including configuration file
/usr/local/freeradius-2.1.1/etc/raddb/modules/acct_unique
Fri Oct 3 14:34:04 2008 : Debug: including configuration file
/usr/local/freeradius-2.1.1/etc/raddb/modules/preprocess
Fri Oct 3 14:34:04 2008 : Debug: including configuration file
/usr/local/freeradius-2.1.1/etc/raddb/modules/linelog
Fri Oct 3 14:34:04 2008 : Debug: including configuration file
/usr/local/freeradius-2.1.1/etc/raddb/modules/mac2vlan
Fri Oct 3 14:34:04 2008 : Debug: including configuration file
/usr/local/freeradius-2.1.1/etc/raddb/modules/counter
Fri Oct 3 14:34:04 2008 : Debug: including configuration file
/usr/local/freeradius-2.1.1/etc/raddb/modules/etc_group
Fri Oct 3 14:34:04 2008 : Debug: including configuration file
/usr/local/freeradius-2.1.1/etc/raddb/modules/ippool
Fri Oct 3 14:34:04 2008 : Debug: including configuration file
/usr/local/freeradius-2.1.1/etc/raddb/modules/radutmp
Fri Oct 3 14:34:04 2008 : Debug: including configuration file
/usr/local/freeradius-2.1.1/etc/raddb/modules/pap
Fri Oct 3 14:34:04 2008 : Debug: including configuration file
/usr/local/freeradius-2.1.1/etc/raddb/modules/krb5
Fri Oct 3 14:34:04 2008 : Debug: including configuration file
/usr/local/freeradius-2.1.1/etc/raddb/modules/mac2ip
Fri Oct 3 14:34:04 2008 : Debug: including configuration file
/usr/local/freeradius-2.1.1/etc/raddb/modules/detail.example.com
Fri Oct 3 14:34:04 2008 : Debug: including configuration file
/usr/local/freeradius-2.1.1/etc/raddb/modules/ldap
Fri Oct 3 14:34:04 2008 : Debug: including configuration file
/usr/local/freeradius-2.1.1/etc/raddb/modules/files
Fri Oct 3 14:34:04 2008 : Debug: including configuration file
/usr/local/freeradius-2.1.1/etc/raddb/modules/passwd
Fri Oct 3 14:34:04 2008 : Debug: including configuration file
/usr/local/freeradius-2.1.1/etc/raddb/modules/inner-eap
Fri Oct 3 14:34:04 2008 : Debug: including configuration file
/usr/local/freeradius-2.1.1/etc/raddb/modules/mschap
Fri Oct 3 14:34:04 2008 : Debug: including configuration file
/usr/local/freeradius-2.1.1/etc/raddb/modules/expr
Fri Oct 3 14:34:04 2008 : Debug: including configuration file
/usr/local/freeradius-2.1.1/etc/raddb/modules/detail
Fri Oct 3 14:34:04 2008 : Debug: including configuration file
/usr/local/freeradius-2.1.1/etc/raddb/modules/attr_rewrite
Fri Oct 3 14:34:04 2008 : Debug: including configuration file
/usr/local/freeradius-2.1.1/etc/raddb/modules/unix
Fri Oct 3 14:34:04 2008 : Debug: including configuration file
/usr/local/freeradius-2.1.1/etc/raddb/modules/smbpasswd
Fri Oct 3 14:34:04 2008 : Debug: including configuration file
/usr/local/freeradius-2.1.1/etc/raddb/modules/chap
Fri Oct 3 14:34:04 2008 : Debug: including configuration file
/usr/local/freeradius-2.1.1/etc/raddb/modules/pam
Fri Oct 3 14:34:04 2008 : Debug: including configuration file
/usr/local/freeradius-2.1.1/etc/raddb/modules/realm
Fri Oct 3 14:34:04 2008 : Debug: including configuration file
/usr/local/freeradius-2.1.1/etc/raddb/modules/sql_log
Fri Oct 3 14:34:04 2008 : Debug: including configuration file
/usr/local/freeradius-2.1.1/etc/raddb/modules/policy
Fri Oct 3 14:34:04 2008 : Debug: including configuration file
/usr/local/freeradius-2.1.1/etc/raddb/modules/logintime
Fri Oct 3 14:34:04 2008 : Debug: including configuration file
/usr/local/freeradius-2.1.1/etc/raddb/eap.conf
Fri Oct 3 14:34:04 2008 : Debug: including configuration file
/usr/local/freeradius-2.1.1/etc/raddb/sql.conf
Fri Oct 3 14:34:04 2008 : Debug: including configuration file
/usr/local/freeradius-2.1.1/etc/raddb/sql/mysql/dialup.conf
Fri Oct 3 14:34:04 2008 : Debug: including configuration file
/usr/local/freeradius-2.1.1/etc/raddb/sql/mysql/counter.conf
Fri Oct 3 14:34:04 2008 : Debug: including configuration file
/usr/local/freeradius-2.1.1/etc/raddb/policy.conf
Fri Oct 3 14:34:04 2008 : Debug: including files in directory
/usr/local/freeradius-2.1.1/etc/raddb/sites-enabled/
Fri Oct 3 14:34:04 2008 : Debug: including configuration file
/usr/local/freeradius-2.1.1/etc/raddb/sites-enabled/default
Fri Oct 3 14:34:04 2008 : Debug: including configuration file
/usr/local/freeradius-2.1.1/etc/raddb/sites-enabled/inner-tunnel
Fri Oct 3 14:34:04 2008 : Debug: including dictionary file
/usr/local/freeradius-2.1.1/etc/raddb/dictionary
Fri Oct 3 14:34:05 2008 : Debug: main {
Fri Oct 3 14:34:05 2008 : Debug: prefix = "/usr/local/freeradius-2.1.1"
Fri Oct 3 14:34:05 2008 : Debug: localstatedir =
"/usr/local/freeradius-2.1.1/var"
Fri Oct 3 14:34:05 2008 : Debug: logdir =
"/usr/local/freeradius-2.1.1/var/log/radius"
Fri Oct 3 14:34:05 2008 : Debug: libdir =
"/usr/local/freeradius-2.1.1/lib"
Fri Oct 3 14:34:05 2008 : Debug: radacctdir =
"/usr/local/freeradius-2.1.1/var/log/radius/radacct"
Fri Oct 3 14:34:05 2008 : Debug: hostname_lookups = no
Fri Oct 3 14:34:05 2008 : Debug: max_request_time = 30
Fri Oct 3 14:34:05 2008 : Debug: cleanup_delay = 5
Fri Oct 3 14:34:05 2008 : Debug: max_requests = 1024
Fri Oct 3 14:34:05 2008 : Debug: allow_core_dumps = no
Fri Oct 3 14:34:05 2008 : Debug: pidfile =
"/usr/local/freeradius-2.1.1/var/run/radiusd/radiusd.pid"
Fri Oct 3 14:34:05 2008 : Debug: checkrad =
"/usr/local/freeradius-2.1.1/sbin/checkrad"
Fri Oct 3 14:34:05 2008 : Debug: debug_level = 0
Fri Oct 3 14:34:05 2008 : Debug: proxy_requests = yes
Fri Oct 3 14:34:05 2008 : Debug: log {
Fri Oct 3 14:34:05 2008 : Debug: stripped_names = no
Fri Oct 3 14:34:05 2008 : Debug: auth = no
Fri Oct 3 14:34:05 2008 : Debug: auth_badpass = no
Fri Oct 3 14:34:05 2008 : Debug: auth_goodpass = no
Fri Oct 3 14:34:05 2008 : Debug: }
Fri Oct 3 14:34:05 2008 : Debug: security {
Fri Oct 3 14:34:05 2008 : Debug: max_attributes = 200
Fri Oct 3 14:34:05 2008 : Debug: reject_delay = 1
Fri Oct 3 14:34:05 2008 : Debug: status_server = yes
Fri Oct 3 14:34:05 2008 : Debug: }
Fri Oct 3 14:34:05 2008 : Debug: }
Fri Oct 3 14:34:05 2008 : Debug: client localhost {
Fri Oct 3 14:34:05 2008 : Debug: ipaddr = 127.0.0.1
Fri Oct 3 14:34:05 2008 : Debug: require_message_authenticator = no
Fri Oct 3 14:34:05 2008 : Debug: secret = "testing123"
Fri Oct 3 14:34:05 2008 : Debug: nastype = "other"
Fri Oct 3 14:34:05 2008 : Debug: }
Fri Oct 3 14:34:05 2008 : Debug: radiusd: #### Loading Realms and Home
Servers ####
Fri Oct 3 14:34:05 2008 : Debug: proxy server {
Fri Oct 3 14:34:05 2008 : Debug: retry_delay = 5
Fri Oct 3 14:34:05 2008 : Debug: retry_count = 3
Fri Oct 3 14:34:05 2008 : Debug: default_fallback = no
Fri Oct 3 14:34:05 2008 : Debug: dead_time = 120
Fri Oct 3 14:34:05 2008 : Debug: wake_all_if_all_dead = no
Fri Oct 3 14:34:05 2008 : Debug: }
Fri Oct 3 14:34:05 2008 : Debug: home_server localhost {
Fri Oct 3 14:34:05 2008 : Debug: ipaddr = 127.0.0.1
Fri Oct 3 14:34:05 2008 : Debug: port = 1812
Fri Oct 3 14:34:05 2008 : Debug: type = "auth"
Fri Oct 3 14:34:05 2008 : Debug: secret = "testing123"
Fri Oct 3 14:34:05 2008 : Debug: response_window = 20
Fri Oct 3 14:34:05 2008 : Debug: max_outstanding = 65536
Fri Oct 3 14:34:05 2008 : Debug: zombie_period = 40
Fri Oct 3 14:34:05 2008 : Debug: status_check = "status-server"
Fri Oct 3 14:34:05 2008 : Debug: ping_interval = 30
Fri Oct 3 14:34:05 2008 : Debug: check_interval = 30
Fri Oct 3 14:34:05 2008 : Debug: num_answers_to_alive = 3
Fri Oct 3 14:34:05 2008 : Debug: num_pings_to_alive = 3
Fri Oct 3 14:34:05 2008 : Debug: revive_interval = 120
Fri Oct 3 14:34:05 2008 : Debug: status_check_timeout = 4
Fri Oct 3 14:34:05 2008 : Debug: }
Fri Oct 3 14:34:05 2008 : Debug: home_server_pool my_auth_failover {
Fri Oct 3 14:34:05 2008 : Debug: type = fail-over
Fri Oct 3 14:34:05 2008 : Debug: home_server = localhost
Fri Oct 3 14:34:05 2008 : Debug: }
Fri Oct 3 14:34:05 2008 : Debug: realm example.com {
Fri Oct 3 14:34:05 2008 : Debug: auth_pool = my_auth_failover
Fri Oct 3 14:34:05 2008 : Debug: }
Fri Oct 3 14:34:05 2008 : Debug: realm LOCAL {
Fri Oct 3 14:34:05 2008 : Debug: }
Fri Oct 3 14:34:05 2008 : Debug: radiusd: #### Instantiating modules ####
Fri Oct 3 14:34:05 2008 : Debug: instantiate {
Fri Oct 3 14:34:05 2008 : Debug: (Loaded rlm_exec, checking if it's
valid)
Fri Oct 3 14:34:05 2008 : Debug: Module: Linked to module rlm_exec
Fri Oct 3 14:34:05 2008 : Debug: Module: Instantiating exec
Fri Oct 3 14:34:05 2008 : Debug: exec {
Fri Oct 3 14:34:05 2008 : Debug: wait = no
Fri Oct 3 14:34:05 2008 : Debug: input_pairs = "request"
Fri Oct 3 14:34:05 2008 : Debug: shell_escape = yes
Fri Oct 3 14:34:05 2008 : Debug: }
Fri Oct 3 14:34:05 2008 : Debug: (Loaded rlm_expr, checking if it's
valid)
Fri Oct 3 14:34:05 2008 : Debug: Module: Linked to module rlm_expr
Fri Oct 3 14:34:05 2008 : Debug: Module: Instantiating expr
Fri Oct 3 14:34:05 2008 : Debug: (Loaded rlm_expiration, checking
if it's valid)
Fri Oct 3 14:34:05 2008 : Debug: Module: Linked to module rlm_expiration
Fri Oct 3 14:34:05 2008 : Debug: Module: Instantiating expiration
Fri Oct 3 14:34:05 2008 : Debug: expiration {
Fri Oct 3 14:34:05 2008 : Debug: reply-message = "Password Has
Expired "
Fri Oct 3 14:34:05 2008 : Debug: }
Fri Oct 3 14:34:05 2008 : Debug: (Loaded rlm_logintime, checking if
it's valid)
Fri Oct 3 14:34:05 2008 : Debug: Module: Linked to module rlm_logintime
Fri Oct 3 14:34:05 2008 : Debug: Module: Instantiating logintime
Fri Oct 3 14:34:05 2008 : Debug: logintime {
Fri Oct 3 14:34:05 2008 : Debug: reply-message = "You are calling
outside your allowed timespan "
Fri Oct 3 14:34:05 2008 : Debug: minimum-timeout = 60
Fri Oct 3 14:34:05 2008 : Debug: }
Fri Oct 3 14:34:05 2008 : Debug: }
Fri Oct 3 14:34:05 2008 : Debug: radiusd: #### Loading Virtual Servers ####
Fri Oct 3 14:34:05 2008 : Debug: server inner-tunnel {
Fri Oct 3 14:34:05 2008 : Debug: modules {
Fri Oct 3 14:34:05 2008 : Debug: Module: Checking authenticate {...}
for more modules to load
Fri Oct 3 14:34:05 2008 : Debug: (Loaded rlm_pap, checking if it's
valid)
Fri Oct 3 14:34:05 2008 : Debug: Module: Linked to module rlm_pap
Fri Oct 3 14:34:05 2008 : Debug: Module: Instantiating pap
Fri Oct 3 14:34:05 2008 : Debug: pap {
Fri Oct 3 14:34:05 2008 : Debug: encryption_scheme = "auto"
Fri Oct 3 14:34:05 2008 : Debug: auto_header = no
Fri Oct 3 14:34:05 2008 : Debug: }
Fri Oct 3 14:34:05 2008 : Debug: (Loaded rlm_chap, checking if it's
valid)
Fri Oct 3 14:34:05 2008 : Debug: Module: Linked to module rlm_chap
Fri Oct 3 14:34:05 2008 : Debug: Module: Instantiating chap
Fri Oct 3 14:34:05 2008 : Debug: (Loaded rlm_mschap, checking if
it's valid)
Fri Oct 3 14:34:05 2008 : Debug: Module: Linked to module rlm_mschap
Fri Oct 3 14:34:05 2008 : Debug: Module: Instantiating mschap
Fri Oct 3 14:34:05 2008 : Debug: mschap {
Fri Oct 3 14:34:05 2008 : Debug: use_mppe = yes
Fri Oct 3 14:34:05 2008 : Debug: require_encryption = no
Fri Oct 3 14:34:05 2008 : Debug: require_strong = no
Fri Oct 3 14:34:05 2008 : Debug: with_ntdomain_hack = no
Fri Oct 3 14:34:05 2008 : Debug: }
Fri Oct 3 14:34:05 2008 : Debug: (Loaded rlm_unix, checking if it's
valid)
Fri Oct 3 14:34:05 2008 : Debug: Module: Linked to module rlm_unix
Fri Oct 3 14:34:05 2008 : Debug: Module: Instantiating unix
Fri Oct 3 14:34:05 2008 : Debug: unix {
Fri Oct 3 14:34:05 2008 : Debug: radwtmp =
"/usr/local/freeradius-2.1.1/var/log/radius/radwtmp"
Fri Oct 3 14:34:05 2008 : Debug: }
Fri Oct 3 14:34:05 2008 : Debug: (Loaded rlm_eap, checking if it's
valid)
Fri Oct 3 14:34:05 2008 : Debug: Module: Linked to module rlm_eap
Fri Oct 3 14:34:05 2008 : Debug: Module: Instantiating eap
Fri Oct 3 14:34:05 2008 : Debug: eap {
Fri Oct 3 14:34:05 2008 : Debug: default_eap_type = "md5"
Fri Oct 3 14:34:05 2008 : Debug: timer_expire = 60
Fri Oct 3 14:34:05 2008 : Debug: ignore_unknown_eap_types = no
Fri Oct 3 14:34:05 2008 : Debug: cisco_accounting_username_bug = no
Fri Oct 3 14:34:05 2008 : Debug: max_sessions = 2048
Fri Oct 3 14:34:05 2008 : Debug: }
Fri Oct 3 14:34:05 2008 : Debug: Module: Linked to sub-module rlm_eap_md5
Fri Oct 3 14:34:05 2008 : Debug: Module: Instantiating eap-md5
Fri Oct 3 14:34:05 2008 : Debug: Module: Linked to sub-module rlm_eap_leap
Fri Oct 3 14:34:05 2008 : Debug: Module: Instantiating eap-leap
Fri Oct 3 14:34:05 2008 : Debug: Module: Linked to sub-module rlm_eap_gtc
Fri Oct 3 14:34:05 2008 : Debug: Module: Instantiating eap-gtc
Fri Oct 3 14:34:05 2008 : Debug: gtc {
Fri Oct 3 14:34:05 2008 : Debug: challenge = "Password: "
Fri Oct 3 14:34:05 2008 : Debug: auth_type = "PAP"
Fri Oct 3 14:34:05 2008 : Debug: }
Fri Oct 3 14:34:05 2008 : Debug: Module: Linked to sub-module rlm_eap_tls
Fri Oct 3 14:34:05 2008 : Debug: Module: Instantiating eap-tls
Fri Oct 3 14:34:05 2008 : Debug: tls {
Fri Oct 3 14:34:05 2008 : Debug: rsa_key_exchange = no
Fri Oct 3 14:34:05 2008 : Debug: dh_key_exchange = yes
Fri Oct 3 14:34:05 2008 : Debug: rsa_key_length = 512
Fri Oct 3 14:34:05 2008 : Debug: dh_key_length = 512
Fri Oct 3 14:34:05 2008 : Debug: verify_depth = 0
Fri Oct 3 14:34:05 2008 : Debug: pem_file_type = yes
Fri Oct 3 14:34:05 2008 : Debug: private_key_file =
"/usr/local/freeradius-2.1.1/etc/raddb/certs/server.pem"
Fri Oct 3 14:34:05 2008 : Debug: certificate_file =
"/usr/local/freeradius-2.1.1/etc/raddb/certs/server.pem"
Fri Oct 3 14:34:05 2008 : Debug: CA_file =
"/usr/local/freeradius-2.1.1/etc/raddb/certs/ca.pem"
Fri Oct 3 14:34:05 2008 : Debug: private_key_password = "whatever"
Fri Oct 3 14:34:05 2008 : Debug: dh_file =
"/usr/local/freeradius-2.1.1/etc/raddb/certs/dh"
Fri Oct 3 14:34:05 2008 : Debug: random_file =
"/usr/local/freeradius-2.1.1/etc/raddb/certs/random"
Fri Oct 3 14:34:05 2008 : Debug: fragment_size = 1024
Fri Oct 3 14:34:05 2008 : Debug: include_length = yes
Fri Oct 3 14:34:05 2008 : Debug: check_crl = no
Fri Oct 3 14:34:05 2008 : Debug: cipher_list = "DEFAULT"
Fri Oct 3 14:34:05 2008 : Debug: make_cert_command =
"/usr/local/freeradius-2.1.1/etc/raddb/certs/bootstrap"
Fri Oct 3 14:34:05 2008 : Debug: cache {
Fri Oct 3 14:34:05 2008 : Debug: enable = no
Fri Oct 3 14:34:05 2008 : Debug: lifetime = 24
Fri Oct 3 14:34:05 2008 : Debug: max_entries = 255
Fri Oct 3 14:34:05 2008 : Debug: }
Fri Oct 3 14:34:05 2008 : Debug: }
Generating DH parameters, 1024 bit long safe prime, generator 2
This is going to take a long time
..............................+....................+..............+....+....................................................................+..........................................................................
...................................+..................................................................................+.......+.......................................................................+.................
..............+.....+..+.................+...............................+......+..................................................................................................................................+..
.........................................+.......+.....................................................+...............+.............................................................................................
..................+.........+.............+...................................+...+.......+......+.............+......................+.....................+......+.+..........................................
.............+.........................................+......................+..............+...........................+.............................................................................................
............................................................................................................................+.............................................................+...............................
...................................................................................................................................................................................................+.......................
............+...+.................................................................+
+........................+......................................................++*++*++*
*unable to write 'random state'
Generating a 2048 bit RSA private key*
....................................+++
....................+++
*unable to write 'random state'
writing new private key to 'server.key'*
-----
Generating a 2048 bit RSA private key
..............+++
.*+++
unable to write 'random state'
writing new private key to 'ca.key'*
-----
Using configuration from ./server.cnf
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number: 1 (0x1)
Validity
Not Before: Oct 3 18:34:45 2008 GMT
Not After : Oct 3 18:34:45 2009 GMT
Subject:
countryName = FR
stateOrProvinceName = Radius
organizationName = Example Inc.
commonName = Example Server Certificate
emailAddress = admin(a)example.com
X509v3 extensions:
X509v3 Extended Key Usage:
TLS Web Server Authentication
Certificate is to be certified until Oct 3 18:34:45 2009 GMT (365 days)
*Write out database with 1 new entries
Data Base Updated
unable to write 'random state'
unable to write 'random state'*
MAC verified OK
Fri Oct 3 14:34:45 2008 : Debug: Exec-Program output: openssl dhparam
-out dh 1024 openssl req -new -out server.csr -keyout server.key
-config ./server.cnf openssl req -new -x509 -keyout ca.key -out ca.pem
-config ./ca.cnf openssl ca -batch -keyfile ca.key -cert ca.pem -in
server.csr -key `grep output_password ca.cnf | sed 's/.*=//;s/^ *//'`
-out server.crt -extensions xpserver_ext -extfile xpextensions -config
./server.cnf openssl pkcs12 -export -in server.crt -inkey server.key
-out server.p12 -passin pass:`grep output_password server.cnf | sed
's/.*=//;s/^ *//'` -passout pass:`grep output_password server.cnf | sed
's/.*=//;s/^ *//'` openssl pkcs12 -in server.p12 -out server.pem -passin
pass:`grep output_password server.cnf | sed 's/.*=//;s/^ *//'` -passout
pass:`grep output_password server.cnf | sed 's/.*=//;s/^ *//'` openssl
x509 -inform PEM -outform DER -in ca.pem -out ca.der
Fri Oct 3 14:34:45 2008 : Debug: Exec-Program-Wait: plaintext: openssl
dhparam -out dh 1024 openssl req -new -out server.csr -keyout
server.key -config ./server.cnf openssl req -new -x509 -keyout ca.key
-out ca.pem -config ./ca.cnf openssl ca -batch -keyfile ca.key -cert
ca.pem -in server.csr -key `grep output_password ca.cnf | sed
's/.*=//;s/^ *//'` -out server.crt -extensions xpserver_ext -extfile
xpextensions -config ./server.cnf openssl pkcs12 -export -in server.crt
-inkey server.key -out server.p12 -passin pass:`grep output_password
server.cnf | sed 's/.*=//;s/^ *//'` -passout pass:`grep output_password
server.cnf | sed 's/.*=//;s/^ *//'` openssl pkcs12 -in server.p12 -out
server.pem -passin pass:`grep output_password server.cnf | sed
's/.*=//;s/^ *//'` -passout pass:`grep output_password server.cnf | sed
's/.*=//;s/^ *//'` openssl x509 -inform PEM -outform DER -in ca.pem -out
ca.der
Fri Oct 3 14:34:45 2008 : Debug: Exec-Program: returned: 0
Fri Oct 3 14:34:45 2008 : Debug: Module: Linked to sub-module rlm_eap_ttls
Fri Oct 3 14:34:45 2008 : Debug: Module: Instantiating eap-ttls
Fri Oct 3 14:34:45 2008 : Debug: ttls {
Fri Oct 3 14:34:45 2008 : Debug: default_eap_type = "md5"
Fri Oct 3 14:34:45 2008 : Debug: copy_request_to_tunnel = no
Fri Oct 3 14:34:45 2008 : Debug: use_tunneled_reply = no
Fri Oct 3 14:34:45 2008 : Debug: virtual_server = "inner-tunnel"
Fri Oct 3 14:34:45 2008 : Debug: }
Fri Oct 3 14:34:45 2008 : Debug: Module: Linked to sub-module rlm_eap_peap
Fri Oct 3 14:34:45 2008 : Debug: Module: Instantiating eap-peap
Fri Oct 3 14:34:45 2008 : Debug: peap {
Fri Oct 3 14:34:45 2008 : Debug: default_eap_type = "mschapv2"
Fri Oct 3 14:34:45 2008 : Debug: copy_request_to_tunnel = no
Fri Oct 3 14:34:45 2008 : Debug: use_tunneled_reply = no
Fri Oct 3 14:34:45 2008 : Debug: proxy_tunneled_request_as_eap = yes
Fri Oct 3 14:34:45 2008 : Debug: virtual_server = "inner-tunnel"
Fri Oct 3 14:34:45 2008 : Debug: }
Fri Oct 3 14:34:45 2008 : Debug: Module: Linked to sub-module
rlm_eap_mschapv2
Fri Oct 3 14:34:45 2008 : Debug: Module: Instantiating eap-mschapv2
Fri Oct 3 14:34:45 2008 : Debug: mschapv2 {
Fri Oct 3 14:34:45 2008 : Debug: with_ntdomain_hack = no
Fri Oct 3 14:34:45 2008 : Debug: }
Fri Oct 3 14:34:45 2008 : Debug: Module: Checking authorize {...} for
more modules to load
Fri Oct 3 14:34:45 2008 : Debug: (Loaded rlm_realm, checking if
it's valid)
Fri Oct 3 14:34:45 2008 : Debug: Module: Linked to module rlm_realm
Fri Oct 3 14:34:45 2008 : Debug: Module: Instantiating suffix
Fri Oct 3 14:34:45 2008 : Debug: realm suffix {
Fri Oct 3 14:34:45 2008 : Debug: format = "suffix"
Fri Oct 3 14:34:45 2008 : Debug: delimiter = "@"
Fri Oct 3 14:34:45 2008 : Debug: ignore_default = no
Fri Oct 3 14:34:45 2008 : Debug: ignore_null = no
Fri Oct 3 14:34:45 2008 : Debug: }
Fri Oct 3 14:34:45 2008 : Debug: (Loaded rlm_files, checking if
it's valid)
Fri Oct 3 14:34:45 2008 : Debug: Module: Linked to module rlm_files
Fri Oct 3 14:34:45 2008 : Debug: Module: Instantiating files
Fri Oct 3 14:34:45 2008 : Debug: files {
Fri Oct 3 14:34:45 2008 : Debug: usersfile =
"/usr/local/freeradius-2.1.1/etc/raddb/users"
Fri Oct 3 14:34:45 2008 : Debug: acctusersfile =
"/usr/local/freeradius-2.1.1/etc/raddb/acct_users"
Fri Oct 3 14:34:45 2008 : Debug: preproxy_usersfile =
"/usr/local/freeradius-2.1.1/etc/raddb/preproxy_users"
Fri Oct 3 14:34:45 2008 : Debug: compat = "no"
Fri Oct 3 14:34:45 2008 : Debug: }
Fri Oct 3 14:34:45 2008 : Debug: Module: Checking session {...} for
more modules to load
Fri Oct 3 14:34:45 2008 : Debug: (Loaded rlm_radutmp, checking if
it's valid)
Fri Oct 3 14:34:45 2008 : Debug: Module: Linked to module rlm_radutmp
Fri Oct 3 14:34:45 2008 : Debug: Module: Instantiating radutmp
Fri Oct 3 14:34:45 2008 : Debug: radutmp {
Fri Oct 3 14:34:45 2008 : Debug: filename =
"/usr/local/freeradius-2.1.1/var/log/radius/radutmp"
Fri Oct 3 14:34:45 2008 : Debug: username = "%{User-Name}"
Fri Oct 3 14:34:45 2008 : Debug: case_sensitive = yes
Fri Oct 3 14:34:45 2008 : Debug: check_with_nas = yes
Fri Oct 3 14:34:45 2008 : Debug: perm = 384
Fri Oct 3 14:34:45 2008 : Debug: callerid = yes
Fri Oct 3 14:34:45 2008 : Debug: }
Fri Oct 3 14:34:45 2008 : Debug: Module: Checking post-proxy {...} for
more modules to load
Fri Oct 3 14:34:45 2008 : Debug: Module: Checking post-auth {...} for
more modules to load
Fri Oct 3 14:34:45 2008 : Debug: (Loaded rlm_attr_filter, checking
if it's valid)
Fri Oct 3 14:34:45 2008 : Debug: Module: Linked to module rlm_attr_filter
Fri Oct 3 14:34:45 2008 : Debug: Module: Instantiating
attr_filter.access_reject
Fri Oct 3 14:34:45 2008 : Debug: attr_filter attr_filter.access_reject {
Fri Oct 3 14:34:45 2008 : Debug: attrsfile =
"/usr/local/freeradius-2.1.1/etc/raddb/attrs.access_reject"
Fri Oct 3 14:34:45 2008 : Debug: key = "%{User-Name}"
Fri Oct 3 14:34:45 2008 : Debug: }
Fri Oct 3 14:34:45 2008 : Debug: }
Fri Oct 3 14:34:45 2008 : Debug: }
Fri Oct 3 14:34:45 2008 : Debug: modules {
Fri Oct 3 14:34:45 2008 : Debug: Module: Checking authenticate {...}
for more modules to load
Fri Oct 3 14:34:45 2008 : Debug: Module: Checking authorize {...} for
more modules to load
Fri Oct 3 14:34:45 2008 : Debug: (Loaded rlm_preprocess, checking
if it's valid)
Fri Oct 3 14:34:45 2008 : Debug: Module: Linked to module rlm_preprocess
Fri Oct 3 14:34:45 2008 : Debug: Module: Instantiating preprocess
Fri Oct 3 14:34:45 2008 : Debug: preprocess {
Fri Oct 3 14:34:45 2008 : Debug: huntgroups =
"/usr/local/freeradius-2.1.1/etc/raddb/huntgroups"
Fri Oct 3 14:34:45 2008 : Debug: hints =
"/usr/local/freeradius-2.1.1/etc/raddb/hints"
Fri Oct 3 14:34:45 2008 : Debug: with_ascend_hack = no
Fri Oct 3 14:34:45 2008 : Debug: ascend_channels_per_line = 23
Fri Oct 3 14:34:45 2008 : Debug: with_ntdomain_hack = no
Fri Oct 3 14:34:45 2008 : Debug: with_specialix_jetstream_hack = no
Fri Oct 3 14:34:45 2008 : Debug: with_cisco_vsa_hack = no
Fri Oct 3 14:34:45 2008 : Debug: with_alvarion_vsa_hack = no
Fri Oct 3 14:34:45 2008 : Debug: }
Fri Oct 3 14:34:45 2008 : Debug: Module: Checking preacct {...} for
more modules to load
Fri Oct 3 14:34:45 2008 : Debug: (Loaded rlm_acct_unique, checking
if it's valid)
Fri Oct 3 14:34:45 2008 : Debug: Module: Linked to module rlm_acct_unique
Fri Oct 3 14:34:45 2008 : Debug: Module: Instantiating acct_unique
Fri Oct 3 14:34:45 2008 : Debug: acct_unique {
Fri Oct 3 14:34:45 2008 : Debug: key = "User-Name, Acct-Session-Id,
NAS-IP-Address, Client-IP-Address, NAS-Port"
Fri Oct 3 14:34:45 2008 : Debug: }
Fri Oct 3 14:34:45 2008 : Debug: Module: Checking accounting {...} for
more modules to load
Fri Oct 3 14:34:45 2008 : Debug: (Loaded rlm_detail, checking if
it's valid)
Fri Oct 3 14:34:45 2008 : Debug: Module: Linked to module rlm_detail
Fri Oct 3 14:34:45 2008 : Debug: Module: Instantiating detail
Fri Oct 3 14:34:45 2008 : Debug: detail {
Fri Oct 3 14:34:45 2008 : Debug: detailfile =
"/usr/local/freeradius-2.1.1/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
Fri Oct 3 14:34:45 2008 : Debug: header = "%t"
Fri Oct 3 14:34:45 2008 : Debug: detailperm = 384
Fri Oct 3 14:34:45 2008 : Debug: dirperm = 493
Fri Oct 3 14:34:45 2008 : Debug: locking = no
Fri Oct 3 14:34:45 2008 : Debug: log_packet_header = no
Fri Oct 3 14:34:45 2008 : Debug: }
Fri Oct 3 14:34:45 2008 : Debug: Module: Instantiating
attr_filter.accounting_response
Fri Oct 3 14:34:45 2008 : Debug: attr_filter
attr_filter.accounting_response {
Fri Oct 3 14:34:45 2008 : Debug: attrsfile =
"/usr/local/freeradius-2.1.1/etc/raddb/attrs.accounting_response"
Fri Oct 3 14:34:45 2008 : Debug: key = "%{User-Name}"
Fri Oct 3 14:34:45 2008 : Debug: }
Fri Oct 3 14:34:45 2008 : Debug: Module: Checking session {...} for
more modules to load
Fri Oct 3 14:34:45 2008 : Debug: Module: Checking post-proxy {...} for
more modules to load
Fri Oct 3 14:34:45 2008 : Debug: Module: Checking post-auth {...} for
more modules to load
Fri Oct 3 14:34:45 2008 : Debug: }
Fri Oct 3 14:34:45 2008 : Debug: radiusd: #### Opening IP addresses and
Ports ####
Fri Oct 3 14:34:45 2008 : Debug: listen {
Fri Oct 3 14:34:45 2008 : Debug: type = "auth"
Fri Oct 3 14:34:45 2008 : Debug: ipaddr = *
Fri Oct 3 14:34:45 2008 : Debug: port = 0
Fri Oct 3 14:34:45 2008 : Debug: }
Fri Oct 3 14:34:45 2008 : Debug: listen {
Fri Oct 3 14:34:45 2008 : Debug: type = "acct"
Fri Oct 3 14:34:45 2008 : Debug: ipaddr = *
Fri Oct 3 14:34:45 2008 : Debug: port = 0
Fri Oct 3 14:34:45 2008 : Debug: }
Fri Oct 3 14:34:45 2008 : Debug: Listening on authentication address *
port 1812
Fri Oct 3 14:34:45 2008 : Debug: Listening on accounting address * port
1813
Fri Oct 3 14:34:45 2008 : Debug: Listening on proxy address * port 1814
Fri Oct 3 14:34:45 2008 : Debug: Ready to process requests.
1
0