Freeradius-Users
Threads by month
- ----- 2026 -----
- July
- June
- May
- April
- March
- February
- January
- ----- 2025 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2024 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2005 -----
- December
- November
- October
- September
- August
- July
- June
- May
July 2018
- 59 participants
- 72 discussions
Hi all,
We are in the process of migrating Freeradius in our production environment. The current version is way too old (running on Red Hat 3! seems like nobody really wanted to do the upgrade). Anyway, I finally managed to make authentication work. But I still have a problem. It looks like the client's device doesn't "receive" the Class attribute on the login process, even though I see it in the logs. You will see in the logs below that all LDAP attributes are passed on login. The only difference is that the Class attribute is in hexadecimal instead of text. From your expertise and knowhow, where could this error come from? Freeradius, Openldap or the client's device?
Thanks in advance. Here are the logs:
[Mon Jul 16 12:53:05 - root@flyers raddb]# radiusd -X
radiusd: FreeRADIUS Version 2.2.6, for host x86_64-redhat-linux-gnu, built on Jul 11 2017 at 04:40:14
Copyright (C) 1999-2013 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License.
For more information about these matters, see the file named COPYRIGHT.
Starting - reading configuration files ...
including configuration file /etc/raddb/radiusd.conf
including configuration file /etc/raddb/proxy.conf
including configuration file /etc/raddb/clients.conf
including files in directory /etc/raddb/modules/
including configuration file /etc/raddb/modules/replicate
including configuration file /etc/raddb/modules/always
including configuration file /etc/raddb/modules/radutmp
including configuration file /etc/raddb/modules/expiration
including configuration file /etc/raddb/modules/perl
including configuration file /etc/raddb/modules/digest
including configuration file /etc/raddb/modules/pam
including configuration file /etc/raddb/modules/attr_filter
including configuration file /etc/raddb/modules/counter
including configuration file /etc/raddb/modules/policy
including configuration file /etc/raddb/modules/sqlcounter_expire_on_login
including configuration file /etc/raddb/modules/wimax
including configuration file /etc/raddb/modules/ldap
including configuration file /etc/raddb/modules/linelog
including configuration file /etc/raddb/modules/cache
including configuration file /etc/raddb/modules/realm
including configuration file /etc/raddb/modules/detail.example.com
including configuration file /etc/raddb/modules/mac2vlan
including configuration file /etc/raddb/modules/sql_log
including configuration file /etc/raddb/modules/passwd
including configuration file /etc/raddb/modules/cui
including configuration file /etc/raddb/modules/preprocess
including configuration file /etc/raddb/modules/inner-eap
including configuration file /etc/raddb/modules/detail.log
including configuration file /etc/raddb/modules/chap
including configuration file /etc/raddb/modules/detail
including configuration file /etc/raddb/modules/exec
including configuration file /etc/raddb/modules/rediswho
including configuration file /etc/raddb/modules/otp
including configuration file /etc/raddb/modules/opendirectory
including configuration file /etc/raddb/modules/ippool
including configuration file /etc/raddb/modules/etc_group
including configuration file /etc/raddb/modules/echo
including configuration file /etc/raddb/modules/redis
including configuration file /etc/raddb/modules/ntlm_auth
including configuration file /etc/raddb/modules/dhcp_sqlippool
including configuration file /etc/raddb/modules/radrelay
including configuration file /etc/raddb/modules/attr_rewrite
including configuration file /etc/raddb/modules/dynamic_clients
including configuration file /etc/raddb/modules/checkval
including configuration file /etc/raddb/modules/smsotp
including configuration file /etc/raddb/modules/expr
including configuration file /etc/raddb/modules/mac2ip
including configuration file /etc/raddb/modules/logintime
including configuration file /etc/raddb/modules/files
including configuration file /etc/raddb/modules/smbpasswd
including configuration file /etc/raddb/modules/mschap
including configuration file /etc/raddb/modules/acct_unique
including configuration file /etc/raddb/modules/unix
including configuration file /etc/raddb/modules/pap
including configuration file /etc/raddb/modules/sradutmp
including configuration file /etc/raddb/modules/soh
including configuration file /etc/raddb/eap.conf
including configuration file /etc/raddb/policy.conf
including files in directory /etc/raddb/sites-enabled/
including configuration file /etc/raddb/sites-enabled/default
including configuration file /etc/raddb/sites-enabled/control-socket
including configuration file /etc/raddb/sites-enabled/inner-tunnel
main {
user = "radiusd"
group = "radiusd"
allow_core_dumps = no
}
including dictionary file /etc/raddb/dictionary
main {
name = "radiusd"
prefix = "/usr"
localstatedir = "/var"
sbindir = "/usr/sbin"
logdir = "/var/log/radius"
run_dir = "/var/run/radiusd"
libdir = "/usr/lib64/freeradius"
radacctdir = "/var/log/radius/radacct"
hostname_lookups = no
max_request_time = 30
cleanup_delay = 5
max_requests = 1024
pidfile = "/var/run/radiusd/radiusd.pid"
checkrad = "/usr/sbin/checkrad"
debug_level = 0
proxy_requests = yes
log {
stripped_names = no
auth = no
auth_badpass = no
auth_goodpass = no
}
security {
max_attributes = 200
reject_delay = 1
status_server = yes
}
}
radiusd: #### Loading Realms and Home Servers ####
proxy server {
retry_delay = 5
retry_count = 3
default_fallback = yes
dead_time = 300
wake_all_if_all_dead = no
}
realm contivity {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm bce-intranetprod.bce {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm bce-mediaprod.bce {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm bce-gestionprod.bce {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm bce-caissesprod.bce {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm bce-appprod.bce {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm bce-privprod.bce {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm bce-pubprod.bce {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm bce-extranetprod.bce {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm bce-stadprod.bce {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm ogr-gestionprod.bce {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm srv-gestionprod.bce {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm stadprod.dsd {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm ssl3050 {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm intranetprod.dsd {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm ssl-teleacces.fcdq {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm ssl-notes.fcdq {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm bce-fidprod.bce {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm isb-intranetprod.fcdq {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm bce-gestionpe.bce {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm mobilite-cfe.fcdq {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm devmobilite-cfe.fcdq {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm ssl-admin.bell {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm intranetprod.fcdq {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm gestionprod.fcdq {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm caissesprod.fcdq {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm appprod.fcdq {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm privprod.fcdq {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm appprod-siebel.fcdq {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm stadprod.fcdq {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm caissesdev.fcdq {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm intranetdev.fcdq {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm privdev.fcdq {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm gestiondev.fcdq {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm fidprod.fcdq {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm devmobilite-caissesuni.fcdq {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm appval-siebel.fcdq {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm appdev.fcdq {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm appprod-crypto.fcdq {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm ssl-oper {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm sniffer {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm mobilite-caisses.fcdq {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm devmobilite-caisses.fcdq {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm intranetprod.ccd {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm appval-releve.fcdq {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm appprod.fcpa {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm appprod.fidvisa {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm appprod.scd {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm appprod01.scd {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm gestionpe.scd {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm gestionprod.ccd {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm intranetcdc.cdc {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm intranetprod.altel {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm intranetprod.ce {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm intranetprod.sped {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm privprod.fcpa {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm privprod.sirius {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm stadprod.cad {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm caissesprod1.fcdq {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm appprod.vmd {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm privprod-google.fcdq {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm supportoracle.fcdq {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm gestionval.fcdq {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm appprod02.fcdq {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm gestionprod-ddcsc.fcdq {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm ibmaccess {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm intranetprod-t.fcdq {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm xentrax-stadprod.bce {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm xentrax-intranetprod.bce {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm bell01-stadprod.bce {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm appprod03.fcdq {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm css.fcdq {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm gestion.hds {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm appprod04.fcdq {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm rr.partenaires {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm privprod.panagon {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm byoc.prod {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm ccc.prod {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm support-ddtcpc.fcdq {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm intranetprod.dcr {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm meplus.ccd {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm campus.jacada {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm support-ddcsc.fcdq {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm support.controles.ac {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm contivity {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm contivity
realm bce-intranetprod.bce {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm bce-intranetprod.bce
realm bce-mediaprod.bce {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm bce-mediaprod.bce
realm bce-gestionprod.bce {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm bce-gestionprod.bce
realm bce-caissesprod.bce {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm bce-caissesprod.bce
realm bce-appprod.bce {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm bce-appprod.bce
realm bce-privprod.bce {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm bce-privprod.bce
realm bce-pubprod.bce {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm bce-pubprod.bce
realm bce-extranetprod.bce {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm bce-extranetprod.bce
realm bce-stadprod.bce {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm bce-stadprod.bce
realm ogr-gestionprod.bce {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm ogr-gestionprod.bce
realm srv-gestionprod.bce {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm srv-gestionprod.bce
realm stadprod.dsd {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm stadprod.dsd
realm intranetprod.dsd {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm intranetprod.dsd
realm ssl3050 {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm ssl3050
realm ssl-teleacces.fcdq {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm ssl-teleacces.fcdq
realm ssl-notes.fcdq {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm ssl-notes.fcdq
realm bce-fidprod.bce {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm bce-fidprod.bce
realm isb-intranetprod.fcdq {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm isb-intranetprod.fcdq
realm bce-gestionpe.bce {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm bce-gestionpe.bce
realm mobilite-cfe.fcdq {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm mobilite-cfe.fcdq
realm devmobilite-cfe.fcdq {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm devmobilite-cfe.fcdq
realm ssl-admin.bell {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm ssl-admin.bell
realm ssl-oper {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm ssl-oper
realm intranetprod.fcdq {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm intranetprod.fcdq
realm gestionprod.fcdq {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm gestionprod.fcdq
realm caissesprod.fcdq {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm caissesprod.fcdq
realm appprod.fcdq {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm appprod.fcdq
realm privprod.fcdq {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm privprod.fcdq
realm appprod-siebel.fcdq {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm appprod-siebel.fcdq
realm stadprod.fcdq {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm stadprod.fcdq
realm caissesdev.fcdq {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm caissesdev.fcdq
realm intranetdev.fcdq {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm intranetdev.fcdq
realm privdev.fcdq {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm privdev.fcdq
realm gestiondev.fcdq {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm gestiondev.fcdq
realm fidprod.fcdq {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm fidprod.fcdq
realm devmobilite-caissesuni.fcdq {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm devmobilite-caissesuni.fcdq
realm appval-siebel.fcdq {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm appval-siebel.fcdq
realm privprod-at.fcdq {
authhost = 10.104.x.x:1645
secret = xxxxxxx
}
realm privprod-at.fcdq {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm privprod-at.fcdq
realm appdev.fcdq {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm appdev.fcdq
realm appprod-crypto.fcdq {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm appprod-crypto.fcdq
realm mobilite-caisses.fcdq {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm mobilite-caisses.fcdq
realm devmobilite-caisses.fcdq {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm devmobilite-caisses.fcdq
realm sniffer {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm sniffer
realm intranetprod.ccd {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm intranetprod.ccd
realm appval-releve.fcdq {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm appval-releve.fcdq
realm appprod.fcpa {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm appprod.fcpa
realm appprod.fidvisa {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm appprod.fidvisa
realm appprod.scd {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm appprod.scd
realm appprod01.scd {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm appprod01.scd
realm gestionpe.scd {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm gestionpe.scd
realm gestionprod.ccd {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm gestionprod.ccd
realm intranetcdc.cdc {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm intranetcdc.cdc
realm intranetprod.altel {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm intranetprod.altel
realm intranetprod.ce {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm intranetprod.ce
realm intranetprod.sped {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm intranetprod.sped
realm privprod.fcpa {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm privprod.fcpa
realm privprod.sirius {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm privprod.sirius
realm stadprod.cad {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm stadprod.cad
realm caissesprod1.fcdq {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm caissesprod1.fcdq
realm appprod.vmd {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm appprod.vmd
realm privprod-google.fcdq {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm privprod-google.fcdq
realm supportoracle.fcdq {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm supportoracle.fcdq
realm gestionval.fcdq {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm gestionval.fcdq
realm appprod02.fcdq {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm appprod02.fcdq
realm gestionprod-ddcsc.fcdq {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm gestionprod-ddcsc.fcdq
realm ibmaccess {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm ibmaccess
realm intranetprod-t.fcdq {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm intranetprod-t.fcdq
realm xentrax-stadprod.bce {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm xentrax-stadprod.bce
realm xentrax-intranetprod.bce {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm xentrax-intranetprod.bce
realm bell01-stadprod.bce {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm bell01-stadprod.bce
realm appprod03.fcdq {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm appprod03.fcdq
realm css.fcdq {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm css.fcdq
realm gestion.hds {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm gestion.hds
realm appprod04.fcdq {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm appprod04.fcdq
realm rr.partenaires {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm rr.partenaires
realm privprod.panagon {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm privprod.panagon
realm byoc.prod {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm byoc.prod
realm ccc.prod {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm ccc.prod
realm support-ddtcpc.fcdq {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm support-ddtcpc.fcdq
realm intranetprod.dcr {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm intranetprod.dcr
realm meplus.ccd {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm meplus.ccd
realm campus.jacada {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm campus.jacada
realm support-ddcsc.fcdq {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm support-ddcsc.fcdq
realm support.controles.ac {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm support.controles.ac
realm contivity {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm contivity
realm bce-intranetprod.bce {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm bce-intranetprod.bce
realm bce-mediaprod.bce {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm bce-mediaprod.bce
realm bce-gestionprod.bce {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm bce-gestionprod.bce
realm bce-caissesprod.bce {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm bce-caissesprod.bce
realm bce-appprod.bce {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm bce-appprod.bce
realm bce-privprod.bce {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm bce-privprod.bce
realm bce-pubprod.bce {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm bce-pubprod.bce
realm bce-extranetprod.bce {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm bce-extranetprod.bce
realm bce-stadprod.bce {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm bce-stadprod.bce
realm ogr-gestionprod.bce {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm ogr-gestionprod.bce
realm srv-gestionprod.bce {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm srv-gestionprod.bce
realm stadprod.dsd {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm stadprod.dsd
realm intranetprod.dsd {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm intranetprod.dsd
realm ssl3050 {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm ssl3050
realm ssl-teleacces.fcdq {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm ssl-teleacces.fcdq
realm ssl-notes.fcdq {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm ssl-notes.fcdq
realm bce-fidprod.bce {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm bce-fidprod.bce
realm isb-intranetprod.fcdq {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm isb-intranetprod.fcdq
realm bce-gestionpe.bce {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm bce-gestionpe.bce
realm mobilite-cfe.fcdq {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm mobilite-cfe.fcdq
realm devmobilite-cfe.fcdq {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm devmobilite-cfe.fcdq
realm ssl-admin.bell {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm ssl-admin.bell
realm intranetprod.fcdq {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm intranetprod.fcdq
realm gestionprod.fcdq {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm gestionprod.fcdq
realm caissesprod.fcdq {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm caissesprod.fcdq
realm appprod.fcdq {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm appprod.fcdq
realm privprod.fcdq {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm privprod.fcdq
realm appprod-siebel.fcdq {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm appprod-siebel.fcdq
realm stadprod.fcdq {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm stadprod.fcdq
realm caissesdev.fcdq {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm caissesdev.fcdq
realm intranetdev.fcdq {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm intranetdev.fcdq
realm privdev.fcdq {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm privdev.fcdq
realm gestiondev.fcdq {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm gestiondev.fcdq
realm fidprod.fcdq {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm fidprod.fcdq
realm devmobilite-caissesuni.fcdq {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm devmobilite-caissesuni.fcdq
realm appval-siebel.fcdq {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm appval-siebel.fcdq
realm appdev.fcdq {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm appdev.fcdq
realm appprod-crypto.fcdq {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm appprod-crypto.fcdq
realm ssl-oper {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm ssl-oper
realm sniffer {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm sniffer
realm mobilite-caisses.fcdq {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm mobilite-caisses.fcdq
realm devmobilite-caisses.fcdq {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm devmobilite-caisses.fcdq
realm intranetprod.ccd {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm intranetprod.ccd
realm appval-releve.fcdq {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm appval-releve.fcdq
realm appprod.fcpa {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm appprod.fcpa
realm appprod.fidvisa {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm appprod.fidvisa
realm appprod.scd {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm appprod.scd
realm appprod01.scd {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm appprod01.scd
realm gestionpe.scd {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm gestionpe.scd
realm gestionprod.ccd {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm gestionprod.ccd
realm intranetcdc.cdc {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm intranetcdc.cdc
realm intranetprod.altel {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm intranetprod.altel
realm intranetprod.ce {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm intranetprod.ce
realm intranetprod.sped {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm intranetprod.sped
realm privprod.fcpa {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm privprod.fcpa
realm privprod.sirius {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm privprod.sirius
realm stadprod.cad {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm stadprod.cad
realm caissesprod1.fcdq {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm caissesprod1.fcdq
realm appprod.vmd {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm appprod.vmd
realm privprod-google.fcdq {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm privprod-google.fcdq
realm supportoracle.fcdq {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm supportoracle.fcdq
realm gestionval.fcdq {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm gestionval.fcdq
realm appprod02.fcdq {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm appprod02.fcdq
realm gestionprod-ddcsc.fcdq {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm gestionprod-ddcsc.fcdq
realm ibmaccess {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm ibmaccess
realm intranetprod-t.fcdq {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm intranetprod-t.fcdq
realm xentrax-stadprod.bce {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm xentrax-stadprod.bce
realm xentrax-intranetprod.bce {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm xentrax-intranetprod.bce
realm bell01-stadprod.bce {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm bell01-stadprod.bce
realm appprod03.fcdq {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm appprod03.fcdq
realm css.fcdq {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm css.fcdq
realm gestion.hds {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm gestion.hds
realm appprod04.fcdq {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm appprod04.fcdq
realm rr.partenaires {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm rr.partenaires
realm privprod.panagon {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm privprod.panagon
realm byoc.prod {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm byoc.prod
realm ccc.prod {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm ccc.prod
realm support-ddtcpc.fcdq {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm support-ddtcpc.fcdq
realm intranetprod.dcr {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm intranetprod.dcr
realm meplus.ccd {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm meplus.ccd
realm campus.jacada {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm campus.jacada
realm support-ddcsc.fcdq {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm support-ddcsc.fcdq
realm support-ddcsc.fcdq {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm support-ddcsc.fcdq
realm bellmarchesaffaires.bma {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm css.dgag {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm css.dsf {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm css.vmd {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm gestionpe.fid {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm gestionprod.dgag {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm gestionprod.dsf {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm gestionprod.fid {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm gestionprod.vmd {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm gestionscd.prod {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm gestionseed.prod {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm gestionseed.uni {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm intranetdev.dgag {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm intranetdev.dsf {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm intranetdev.gmt {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm intranetdev.ib-arm {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm intranetdev-telip.fcdq {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm intranetprod.blackbox {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm intranetprod.dlgl {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm privprod.apisoft {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm prodgestion.ccd {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm bellmarchesaffaires.bma {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm bellmarchesaffaires.bma
realm css.dgag {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm css.dgag
realm css.dsf {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm css.dsf
realm css.vmd {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm css.vmd
realm gestionpe.fid {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm gestionpe.fid
realm gestionprod.dgag {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm gestionprod.dgag
realm gestionprod.dsf {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm gestionprod.dsf
realm gestionprod.fid {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm gestionprod.fid
realm gestionprod.vmd {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm gestionprod.vmd
realm gestionscd.prod {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm gestionscd.prod
realm gestionseed.prod {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm gestionseed.prod
realm gestionseed.uni {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm gestionseed.uni
realm intranetdev.dgag {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm intranetdev.dgag
realm intranetdev.dsf {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm intranetdev.dsf
realm intranetdev.gmt {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm intranetdev.gmt
realm intranetdev.ib-arm {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm intranetdev.ib-arm
realm intranetdev-telip.fcdq {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm intranetdev-telip.fcdq
realm intranetprod.blackbox {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm intranetprod.blackbox
realm intranetprod.dlgl {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm intranetprod.dlgl
realm privprod.apisoft {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm privprod.apisoft
realm prodgestion.ccd {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm prodgestion.ccd
realm IntranetPub.IBM {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm IntranetPub.IBM {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm IntranetPub.IBM
realm IntranetPub.IBM {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm IntranetPub.IBM
realm privappprod.decimal {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm privappprod.decimal {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm privappprod.decimal
realm privappprod.decimal {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm privappprod.decimal
realm intranetprod.Novo {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm intranetprod.Novo {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm intranetprod.Novo
realm intranetprod.Novo {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm intranetprod.Novo
realm intranetprod.LetkoBrosseau {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm intranetprod.LetkoBrosseau {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm intranetprod.LetkoBrosseau
realm intranetprod.LetkoBrosseau {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm intranetprod.LetkoBrosseau
realm intranetprod.fid {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm intranetprod.fid {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm intranetprod.fid
realm intranetprod.fid {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm intranetprod.fid
realm extranetprod.Pirel {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm extranetprod.Pirel {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm extranetprod.Pirel
realm extranetprod.Pirel {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm extranetprod.Pirel
realm mailprod.dcr {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm mailprod.dcr {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm mailprod.dcr
realm mailprod.dcr {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm mailprod.dcr
realm Support.Equisoft {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm Support.Equisoft {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm Support.Equisoft
realm Support.Equisoft {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm Support.Equisoft
realm nsm {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm nsm {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm nsm
realm nsm {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm nsm
realm Nice.FCDQ {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm Nice.FCDQ {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm Nice.FCDQ
realm Nice.FCDQ {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm Nice.FCDQ
realm dmr-intranetprod.fcdq {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm dmr-intranetprod.fcdq {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm dmr-intranetprod.fcdq
realm dmr-intranetprod.fcdq {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm dmr-intranetprod.fcdq
realm 4 {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm 4 {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm 4
realm 4 {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm 4
realm extranetprod.Eximius {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm extranetprod.Eximius {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm extranetprod.Eximius
realm extranetprod.Eximius {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm extranetprod.Eximius
realm espacevd.fcdq {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm espacevd.fcdq {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm espacevd.fcdq
realm espacevd.fcdq {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm espacevd.fcdq
realm privconsomobile.dev {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm privconsomobile.dev {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm privconsomobile.dev
realm privconsomobile.dev {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm privconsomobile.dev
realm unitraxdesj.prod {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm unitraxdesj.prod {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm unitraxdesj.prod
realm unitraxdesj.prod {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm unitraxdesj.prod
realm Nuancegenesysdesj.mvt {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm Nuancegenesysdesj.mvt {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm Nuancegenesysdesj.mvt
realm Nuancegenesysdesj.mvt {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm Nuancegenesysdesj.mvt
realm komutel.prod {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm komutel.prod {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm komutel.prod
realm komutel.prod {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm komutel.prod
realm Intranetdesj.prod {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm Intranetdesj.prod {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm Intranetdesj.prod
realm Intranetdesj.prod {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm Intranetdesj.prod
realm webintranetdesj.prod {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm webintranetdesj.prod {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm webintranetdesj.prod
realm webintranetdesj.prod {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm webintranetdesj.prod
realm caissectoecal.prod {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm caissectoecal.prod {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm caissectoecal.prod
realm caissectoecal.prod {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm caissectoecal.prod
realm cssdesj.prod {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm cssdesj.prod {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm cssdesj.prod
realm cssdesj.prod {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm cssdesj.prod
realm supportdesj.prod {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm supportdesj.prod {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm supportdesj.prod
realm supportdesj.prod {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm supportdesj.prod
realm caissectodesj.prod {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm caissectodesj.prod {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm caissectodesj.prod
realm caissectodesj.prod {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm caissectodesj.prod
realm nuancedesj.prod {
authhost = 10.68.13.6:1645
secret = xxxxxxx
}
realm nuancedesj.prod {
authhost = 10.104.2.12:1645
secret = xxxxxxx
} # realm nuancedesj.prod
realm nuancedesj.prod {
authhost = 10.72.16.30:1645
secret = xxxxxxx
} # realm nuancedesj.prod
realm intranetdev.scd {
authhost = 10.68.13.6:1645
secret = xxxxxxx
}
realm intranetdev.scd {
authhost = 10.104.2.12:1645
secret = xxxxxxx
} # realm intranetdev.scd
realm intranetdev.scd {
authhost = 10.72.16.30:1645
secret = xxxxxxx
} # realm intranetdev.scd
realm rcgt.prod {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm rcgt.prod {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm rcgt.prod
realm rcgt.prod {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm rcgt.prod
realm charybe {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm charybe {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm charybe
realm charybe {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm charybe
realm scylla {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm scylla {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm scylla
realm scylla {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm scylla
realm efront.dev {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm efront.dev {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm efront.dev
realm efront.dev {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm efront.dev
realm privprod.dlgl {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm privprod.dlgl {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm privprod.dlgl
realm privprod.dlgl {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm privprod.dlgl
realm stack.fcdq {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm stack.fcdq {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm stack.fcdq
realm stack.fcdq {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm stack.fcdq
realm intranetprod.arrow {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm intranetprod.arrow {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm intranetprod.arrow
realm intranetprod.arrow {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm intranetprod.arrow
realm intranetprod.ipc {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm intranetprod.ipc {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm intranetprod.ipc
realm intranetprod.ipc {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm intranetprod.ipc
realm intranetprod.modex {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm intranetprod.modex {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm intranetprod.modex
realm intranetprod.modex {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm intranetprod.modex
realm intranetprod.niad {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm intranetprod.niad {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm intranetprod.niad
realm intranetprod.niad {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm intranetprod.niad
realm intranetprod.tradewest {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm intranetprod.tradewest {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm intranetprod.tradewest
realm intranetprod.tradewest {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm intranetprod.tradewest
realm solotech.vpni {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm solotech.vpni {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm solotech.vpni
realm solotech.vpni {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm solotech.vpni
realm dovetail.vpni {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm dovetail.vpni {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm dovetail.vpni
realm dovetail.vpni {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm dovetail.vpni
realm penega.vpni {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm penega.vpni {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm penega.vpni
realm penega.vpni {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm penega.vpni
realm gestionprod.bell.vpni {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm gestionprod.bell.vpni {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm gestionprod.bell.vpni
realm gestionprod.bell.vpni {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm gestionprod.bell.vpni
realm intranetprod.bell.vpni {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm intranetprod.bell.vpni {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm intranetprod.bell.vpni
realm intranetprod.bell.vpni {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm intranetprod.bell.vpni
realm murex.vpni {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm murex.vpni {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm murex.vpni
realm murex.vpni {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm murex.vpni
realm softtarget {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm softtarget {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm softtarget
realm softtarget {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm softtarget
realm mobilesprod.scd {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm mobilesprod.scd {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm mobilesprod.scd
realm mobilesprod.scd {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm mobilesprod.scd
realm fico {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm fico {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm fico
realm fico {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm fico
realm flexcubeccd.vpnz {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm flexcubeccd.vpnz {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm flexcubeccd.vpnz
realm flexcubeccd.vpnz {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm flexcubeccd.vpnz
realm oxilio {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm oxilio {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm oxilio
realm oxilio {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm oxilio
realm mobilesprod.scd.vpni {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm mobilesprod.scd.vpni {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm mobilesprod.scd.vpni
realm mobilesprod.scd.vpni {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm mobilesprod.scd.vpni
realm ccc.prod2 {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm ccc.prod2 {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm ccc.prod2
realm ccc.prod2 {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm ccc.prod2
realm SCDsupjrProd.fcdq.vpnz {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm SCDsupjrProd.fcdq.vpnz {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm SCDsupjrProd.fcdq.vpnz
realm SCDsupjrProd.fcdq.vpnz {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm SCDsupjrProd.fcdq.vpnz
realm archer.fcdq {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm archer.fcdq {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm archer.fcdq
realm archer.fcdq {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm archer.fcdq
realm extranetprod.sfl {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm extranetprod.sfl {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm extranetprod.sfl
realm extranetprod.sfl {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm extranetprod.sfl
realm q {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm q {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm q
realm q {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm q
radiusd: #### Loading Clients ####
client 127.0.0.1 {
require_message_authenticator = no
secret = "testing123"
shortname = "localhost"
nastype = "other"
}
client x.x.x.x {
require_message_authenticator = no
secret = "xxxxxxxxx"
shortname = "contivityicn"
}
client x.x.x.x {
require_message_authenticator = no
secret = "xxxxxxxxx"
shortname = "contivityfcdq"
}
Client x.x.x.x {
require_message_authenticator = no
secret = "xxxxxxxxx"
shortname = "contivityrel"
}
client x.x.x.x {
require_message_authenticator = no
secret = "xxxxxxxxx"
shortname = "shastaprod"
}
client x.x.x.x {
require_message_authenticator = no
secret = "xxxxxxxxx"
shortname = "shastaprod2"
}
client x.x.x.x {
require_message_authenticator = no
secret = "xxxxxxxxx"
shortname = "shastarel"
}
client x.x.x.x {
require_message_authenticator = no
secret = "xxxxxxxxx"
shortname = "shastarel2"
}
client x.x.x.x {
require_message_authenticator = no
secret = "xxxxxxxxx"
shortname = "sslvpnprod"
}
client x.x.x.x {
require_message_authenticator = no
secret = "xxxxxxxxx"
shortname = "contivitydmrprod"
}
client 10.233.x.x {
require_message_authenticator = no
secret = "xxxxxxxxx"
shortname = "contivityfidprod"
}
client x.x.x.x {
require_message_authenticator = no
secret = "xxxxxxxxx"
shortname = "contivityciaprod"
}
client x.x.x.x {
require_message_authenticator = no
secret = "xxxxxxxxx"
shortname = "8600INTRA3"
}
client x.x.x.x {
require_message_authenticator = no
secret = "xxxxxxxxx"
shortname = "8600INTRA"
}
client x.x.x.x {
require_message_authenticator = no
secret = "xxxxxxxxx"
shortname = "8600INTRa4A"
}
client x.x.x.x {
require_message_authenticator = no
secret = "xxxxxxxxx"
shortname = "8600INTRA2"
}
client x.x.x.x {
require_message_authenticator = no
secret = "xxxxxxxxx"
shortname = "8600CSE"
}
client x.x.x.x {
require_message_authenticator = no
secret = "xxxxxxxxx"
shortname = "8600APP"
}
client x.x.x.x {
require_message_authenticator = no
secret = "xxxxxxxxx"
shortname = "8600PUB"
}
client x.x.x.x {
require_message_authenticator = no
secret = "xxxxxxxxx"
shortname = "ssl3050"
}
client x.x.x.x {
require_message_authenticator = no
secret = "xxxxxxxxx"
shortname = "ssl3050"
}
client x.x.x.x {
require_message_authenticator = no
secret = "xxxxxxxxx"
shortname = "ssl3050"
}
client x.x.x.x {
require_message_authenticator = no
secret = "xxxxxxxxx"
shortname = "ssl3050"
}
client x.x.x.x {
require_message_authenticator = no
secret = "xxxxxxxxx"
shortname = "ssl3050"
}
client x.x.x.x {
require_message_authenticator = no
secret = "xxxxxxxxx"
shortname = "ssl3050"
}
client x.x.x.x {
require_message_authenticator = no
secret = "xxxxxxxxx"
shortname = "ssl3050"
}
client x.x.x.x {
require_message_authenticator = no
secret = "xxxxxxxxx"
shortname = "ssl3050"
}
client x.x.x.x {
require_message_authenticator = no
secret = "xxxxxxxxx"
shortname = "ssl3050"
}
client x.x.x.x {
require_message_authenticator = no
secret = "xxxxxxxxx"
shortname = "ssl3050"
}
client x.x.x.x {
require_message_authenticator = no
secret = "xxxxxxxxx"
shortname = "8600GEST"
}
client x.x.x.x {
require_message_authenticator = no
secret = "xxxxxxxxx"
shortname = "8600PRIV"
}
client x.x.x.x {
require_message_authenticator = no
secret = "xxxxxxxxx"
shortname = "8600STAD"
}
client x.x.x.x {
require_message_authenticator = no
secret = "xxxxxxxxx"
shortname = "8600DEV"
}
client x.x.x.xx {
require_message_authenticator = no
secret = "contivitycce4use"
shortname = "contivitycceprod"
}
client x.x.x.x {
require_message_authenticator = no
secret = "xxxxxxxxx"
shortname = "asaprod"
}
client x.x.x.x {
require_message_authenticator = no
secret = "xxxxxxx"
shortname = "SSLVPNMTL"
}
client 10.227.x.x {
require_message_authenticator = no
secret = "xxxxxxx"
shortname = "SSLVPNTOR"
}
client x.x.x.x {
require_message_authenticator = no
secret = "xxxxxxxxx"
shortname = "infiniprod"
}
client x.x.x.x {
require_message_authenticator = no
secret = "xxxxxxxxx"
shortname = "nsmprodmtl"
}
client x.x.x.x {
require_message_authenticator = no
secret = "xxxxxxxxx"
shortname = "nsmprodtor"
}
client x.x.x.x {
require_message_authenticator = no
secret = "xxxxxxxxx"
shortname = "efficientip"
}
client x.x.x.x {
require_message_authenticator = no
secret = "xxxxxxxxx"
shortname = "efficientip"
}
client x.x.x.x {
require_message_authenticator = no
secret = "xxxxxxxxx"
shortname = "efficientip"
}
client x.x.x.x {
require_message_authenticator = no
secret = "xxxxxxxxx"
shortname = "efficientip"
}
client x.x.x.x {
require_message_authenticator = no
secret = "xxxxxxxxx"
shortname = "efficientip"
}
client x.x.x.x {
require_message_authenticator = no
secret = "xxxxxxxxx"
shortname = "efficientip"
}
client x.x.x.x {
require_message_authenticator = no
secret = "xxxxxxxxx"
shortname = "efficientip"
}
client x.x.x.x {
require_message_authenticator = no
secret = "xxxxxxxxx"
shortname = "efficientip"
}
client x.x.x.x {
require_message_authenticator = no
secret = "xxxxxxxxx"
shortname = "efficientip"
}
client x.x.x.x {
require_message_authenticator = no
secret = "xxxxxxxxx"
shortname = "efficientip"
}
client x.x.x.x {
require_message_authenticator = no
secret = "xxxxxxxxx"
shortname = "efficientip"
}
client x.x.x.x {
require_message_authenticator = no
secret = "xxxxxxxxx"
shortname = "efficientip"
}
client x.x.x.x {
require_message_authenticator = no
secret = "xxxxxxxxx"
shortname = "efficientip"
}
client x.x.x.x {
require_message_authenticator = no
secret = "xxxxxxxxx"
shortname = "efficientip"
}
client 10.254.x.x {
require_message_authenticator = no
secret = "xxxxxxxxx"
shortname = "efficientip"
}
client x.x.x.x {
require_message_authenticator = no
secret = "xxxxxxxxx"
shortname = "efficientip"
}
client x.x.x.x {
require_message_authenticator = no
secret = "xxxxxxxxx"
shortname = "efficientip"
}
client x.x.x.x {
require_message_authenticator = no
secret = "xxxxxxxxx"
shortname = "efficientip"
}
client x.x.x.x {
require_message_authenticator = no
secret = "xxxxxxxxx"
shortname = "efficientip"
}
client x.x.x.x {
require_message_authenticator = no
secret = "xxxxxxxxx"
shortname = "efficientip"
}
client x.x.x.x {
require_message_authenticator = no
secret = "xxxxxxxxx"
shortname = "efficientip"
}
client x.x.x.x {
require_message_authenticator = no
secret = "xxxxxxxxx"
shortname = "efficientip"
}
radiusd: #### Instantiating modules ####
instantiate {
Module: Linked to module rlm_exec
Module: Instantiating module "exec" from file /etc/raddb/modules/exec
exec {
wait = no
input_pairs = "request"
shell_escape = yes
timeout = 10
}
Module: Linked to module rlm_expr
Module: Instantiating module "expr" from file /etc/raddb/modules/expr
Module: Linked to module rlm_expiration
Module: Instantiating module "expiration" from file /etc/raddb/modules/expiration
expiration {
reply-message = "Password Has Expired "
}
Module: Linked to module rlm_logintime
Module: Instantiating module "logintime" from file /etc/raddb/modules/logintime
logintime {
reply-message = "You are calling outside your allowed timespan "
minimum-timeout = 60
}
}
radiusd: #### Loading Virtual Servers ####
server { # from file
modules {
Module: Creating Auth-Type = digest
Module: Creating Auth-Type = LDAP
Module: Creating Post-Auth-Type = REJECT
Module: Checking authenticate {...} for more modules to load
Module: Linked to module rlm_pap
Module: Instantiating module "pap" from file /etc/raddb/modules/pap
pap {
encryption_scheme = "auto"
auto_header = no
}
Module: Linked to module rlm_chap
Module: Instantiating module "chap" from file /etc/raddb/modules/chap
Module: Linked to module rlm_mschap
Module: Instantiating module "mschap" from file /etc/raddb/modules/mschap
mschap {
use_mppe = yes
require_encryption = no
require_strong = no
with_ntdomain_hack = no
allow_retry = yes
}
Module: Linked to module rlm_digest
Module: Instantiating module "digest" from file /etc/raddb/modules/digest
Module: Linked to module rlm_unix
Module: Instantiating module "unix" from file /etc/raddb/modules/unix
unix {
radwtmp = "/var/log/radius/radwtmp"
}
Module: Linked to module rlm_ldap
Module: Instantiating module "ldap" from file /etc/raddb/modules/ldap
ldap {
server = "10.234.x.x4.16"
port = 389
password = "laboratoire"
expect_password = yes
identity = "cn=Manager,dc=connexim,dc=com"
net_timeout = 1
timeout = 4
timelimit = 3
max_uses = 0
tls_mode = no
start_tls = no
tls_require_cert = "allow"
tls {
start_tls = no
require_cert = "allow"
}
basedn = "dc=connexim,dc=com"
filter = "(cn=%{User-Name})"
base_filter = "(objectclass=radiusprofile)"
auto_header = no
access_attr_used_for_allow = yes
groupname_attribute = "cn"
groupmembership_filter = "(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))"
dictionary_mapping = "/etc/raddb/ldap.attrmap"
ldap_debug = 0
ldap_connections_number = 5
compare_check_items = no
do_xlat = yes
set_auth_type = yes
keepalive {
idle = 60
probes = 3
interval = 3
}
}
rlm_ldap: Registering ldap_groupcmp for Ldap-Group
rlm_ldap: Registering ldap_xlat with xlat_name ldap
rlm_ldap: reading ldap<->radius mappings from file /etc/raddb/ldap.attrmap
rlm_ldap: LDAP radiusCheckItem mapped to RADIUS $GENERIC$
rlm_ldap: LDAP radiusReplyItem mapped to RADIUS $GENERIC$
rlm_ldap: LDAP radiusAuthType mapped to RADIUS Auth-Type
rlm_ldap: LDAP radiusSimultaneousUse mapped to RADIUS Simultaneous-Use
rlm_ldap: LDAP radiusCalledStationId mapped to RADIUS Called-Station-Id
rlm_ldap: LDAP radiusCallingStationId mapped to RADIUS Calling-Station-Id
rlm_ldap: LDAP lmPassword mapped to RADIUS LM-Password
rlm_ldap: LDAP ntPassword mapped to RADIUS NT-Password
rlm_ldap: LDAP sambaLmPassword mapped to RADIUS LM-Password
rlm_ldap: LDAP sambaNtPassword mapped to RADIUS NT-Password
rlm_ldap: LDAP dBCSPwd mapped to RADIUS LM-Password
rlm_ldap: LDAP userPassword mapped to RADIUS Password-With-Header
rlm_ldap: LDAP acctFlags mapped to RADIUS SMB-Account-CTRL-TEXT
rlm_ldap: LDAP radiusExpiration mapped to RADIUS Expiration
rlm_ldap: LDAP radiusClientIPAddress mapped to RADIUS NAS-IP-Address
rlm_ldap: LDAP radiusServiceType mapped to RADIUS Service-Type
rlm_ldap: LDAP radiusFramedProtocol mapped to RADIUS Framed-Protocol
rlm_ldap: LDAP radiusFramedIPAddress mapped to RADIUS Framed-IP-Address
rlm_ldap: LDAP radiusFramedIPNetmask mapped to RADIUS Framed-IP-Netmask
rlm_ldap: LDAP radiusFramedRoute mapped to RADIUS Framed-Route
rlm_ldap: LDAP radiusFramedRouting mapped to RADIUS Framed-Routing
rlm_ldap: LDAP radiusFilterId mapped to RADIUS Filter-Id
rlm_ldap: LDAP radiusFramedMTU mapped to RADIUS Framed-MTU
rlm_ldap: LDAP radiusFramedCompression mapped to RADIUS Framed-Compression
rlm_ldap: LDAP radiusLoginIPHost mapped to RADIUS Login-IP-Host
rlm_ldap: LDAP radiusLoginService mapped to RADIUS Login-Service
rlm_ldap: LDAP radiusLoginTCPPort mapped to RADIUS Login-TCP-Port
rlm_ldap: LDAP radiusCallbackNumber mapped to RADIUS Callback-Number
rlm_ldap: LDAP radiusCallbackId mapped to RADIUS Callback-Id
rlm_ldap: LDAP radiusFramedIPXNetwork mapped to RADIUS Framed-IPX-Network
rlm_ldap: LDAP radiusClass mapped to RADIUS Class
rlm_ldap: LDAP radiusSessionTimeout mapped to RADIUS Session-Timeout
rlm_ldap: LDAP radiusIdleTimeout mapped to RADIUS Idle-Timeout
rlm_ldap: LDAP radiusTerminationAction mapped to RADIUS Termination-Action
rlm_ldap: LDAP radiusLoginLATService mapped to RADIUS Login-LAT-Service
rlm_ldap: LDAP radiusLoginLATNode mapped to RADIUS Login-LAT-Node
rlm_ldap: LDAP radiusLoginLATGroup mapped to RADIUS Login-LAT-Group
rlm_ldap: LDAP radiusFramedAppleTalkLink mapped to RADIUS Framed-AppleTalk-Link
rlm_ldap: LDAP radiusFramedAppleTalkNetwork mapped to RADIUS Framed-AppleTalk-Network
rlm_ldap: LDAP radiusFramedAppleTalkZone mapped to RADIUS Framed-AppleTalk-Zone
rlm_ldap: LDAP radiusPortLimit mapped to RADIUS Port-Limit
rlm_ldap: LDAP radiusLoginLATPort mapped to RADIUS Login-LAT-Port
rlm_ldap: LDAP radiusLogin-Passport-8600 mapped to RADIUS Login-Passport-8600
rlm_ldap: LDAP radiusLogin-Sniffer-Cisco mapped to RADIUS Cisco-AVPair
rlm_ldap: LDAP radiusLogin-SSL-3050 mapped to RADIUS Login-SSL-3050
rlm_ldap: LDAP efficientip-groups mapped to RADIUS efficientip-groups
rlm_ldap: LDAP efficientip-first-name mapped to RADIUS efficientip-first-name
rlm_ldap: LDAP efficientip-last-name mapped to RADIUS efficientip-last-name
rlm_ldap: LDAP efficientip-pseudonym mapped to RADIUS efficientip-pseudonym
rlm_ldap: LDAP radiusReplyMessage mapped to RADIUS Reply-Message
rlm_ldap: LDAP radiusTunnelType mapped to RADIUS Tunnel-Type
rlm_ldap: LDAP radiusTunnelMediumType mapped to RADIUS Tunnel-Medium-Type
rlm_ldap: LDAP radiusTunnelPrivateGroupId mapped to RADIUS Tunnel-Private-Group-Id
conns: 0x7f3e5a93cbe0
Module: Linked to module rlm_eap
Module: Instantiating module "eap" from file /etc/raddb/eap.conf
eap {
default_eap_type = "md5"
timer_expire = 60
ignore_unknown_eap_types = no
cisco_accounting_username_bug = no
max_sessions = 1024
}
Module: Linked to sub-module rlm_eap_md5
Module: Instantiating eap-md5
Module: Linked to sub-module rlm_eap_leap
Module: Instantiating eap-leap
Module: Linked to sub-module rlm_eap_gtc
Module: Instantiating eap-gtc
gtc {
challenge = "Password: "
auth_type = "PAP"
}
Module: Linked to sub-module rlm_eap_tls
Module: Instantiating eap-tls
tls {
rsa_key_exchange = no
dh_key_exchange = yes
rsa_key_length = 512
dh_key_length = 512
verify_depth = 0
CA_path = "/etc/raddb/certs"
pem_file_type = yes
private_key_file = "/etc/raddb/certs/server.pem"
certificate_file = "/etc/raddb/certs/server.pem"
CA_file = "/etc/raddb/certs/ca.pem"
private_key_password = "whatever"
dh_file = "/etc/raddb/certs/dh"
fragment_size = 1024
include_length = yes
check_crl = no
cipher_list = "DEFAULT"
ecdh_curve = "prime256v1"
cache {
enable = no
lifetime = 24
max_entries = 255
}
verify {
}
ocsp {
enable = no
override_cert_url = yes
url = "http://127.0.0.1/ocsp/"
use_nonce = yes
timeout = 0
softfail = no
}
}
Module: Linked to sub-module rlm_eap_ttls
Module: Instantiating eap-ttls
ttls {
default_eap_type = "md5"
copy_request_to_tunnel = no
use_tunneled_reply = no
virtual_server = "inner-tunnel"
include_length = yes
}
Module: Linked to sub-module rlm_eap_peap
Module: Instantiating eap-peap
peap {
default_eap_type = "mschapv2"
copy_request_to_tunnel = no
use_tunneled_reply = no
proxy_tunneled_request_as_eap = yes
virtual_server = "inner-tunnel"
soh = no
}
Module: Linked to sub-module rlm_eap_mschapv2
Module: Instantiating eap-mschapv2
mschapv2 {
with_ntdomain_hack = no
send_error = no
}
Module: Checking authorize {...} for more modules to load
Module: Linked to module rlm_preprocess
Module: Instantiating module "preprocess" from file /etc/raddb/modules/preprocess
preprocess {
huntgroups = "/etc/raddb/huntgroups"
hints = "/etc/raddb/hints"
with_ascend_hack = no
ascend_channels_per_line = 23
with_ntdomain_hack = no
with_specialix_jetstream_hack = no
with_cisco_vsa_hack = no
with_alvarion_vsa_hack = no
}
reading pairlist file /etc/raddb/huntgroups
reading pairlist file /etc/raddb/hints
Module: Linked to module rlm_realm
Module: Instantiating module "suffix" from file /etc/raddb/modules/realm
realm suffix {
format = "suffix"
delimiter = "@"
ignore_default = no
ignore_null = no
}
Module: Linked to module rlm_files
Module: Instantiating module "files" from file /etc/raddb/modules/files
files {
usersfile = "/etc/raddb/users"
acctusersfile = "/etc/raddb/acct_users"
preproxy_usersfile = "/etc/raddb/preproxy_users"
compat = "no"
}
reading pairlist file /etc/raddb/users
reading pairlist file /etc/raddb/acct_users
reading pairlist file /etc/raddb/preproxy_users
Module: Checking preacct {...} for more modules to load
Module: Linked to module rlm_acct_unique
Module: Instantiating module "acct_unique" from file /etc/raddb/modules/acct_unique
acct_unique {
key = "User-Name, Acct-Session-Id, NAS-IP-Address, NAS-Identifier, NAS-Port"
}
Module: Checking accounting {...} for more modules to load
Module: Linked to module rlm_detail
Module: Instantiating module "detail" from file /etc/raddb/modules/detail
detail {
detailfile = "/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d"
header = "%t"
detailperm = 384
dirperm = 493
locking = no
log_packet_header = no
}
Module: Linked to module rlm_attr_filter
Module: Instantiating module "attr_filter.accounting_response" from file /etc/raddb/modules/attr_filter
attr_filter attr_filter.accounting_response {
attrsfile = "/etc/raddb/attrs.accounting_response"
key = "%{User-Name}"
relaxed = no
}
reading pairlist file /etc/raddb/attrs.accounting_response
Module: Checking session {...} for more modules to load
Module: Linked to module rlm_radutmp
Module: Instantiating module "radutmp" from file /etc/raddb/modules/radutmp
radutmp {
filename = "/var/log/radius/radutmp"
username = "%{User-Name}"
case_sensitive = yes
check_with_nas = yes
perm = 384
callerid = yes
}
Module: Checking post-proxy {...} for more modules to load
Module: Checking post-auth {...} for more modules to load
Module: Instantiating module "attr_filter.access_reject" from file /etc/raddb/modules/attr_filter
attr_filter attr_filter.access_reject {
attrsfile = "/etc/raddb/attrs.access_reject"
key = "%{User-Name}"
relaxed = no
}
reading pairlist file /etc/raddb/attrs.access_reject
} # modules
} # server
server inner-tunnel { # from file /etc/raddb/sites-enabled/inner-tunnel
modules {
Module: Checking authenticate {...} for more modules to load
Module: Checking authorize {...} for more modules to load
Module: Checking session {...} for more modules to load
Module: Checking post-proxy {...} for more modules to load
Module: Checking post-auth {...} for more modules to load
} # modules
} # server
radiusd: #### Opening IP addresses and Ports ####
listen {
type = "auth"
ipaddr = *
port = 1645
}
listen {
type = "acct"
ipaddr = *
port = 1646
}
listen {
type = "control"
listen {
socket = "/var/run/radiusd/radiusd.sock"
}
}
listen {
type = "auth"
ipaddr = 127.0.0.1
port = 18120
}
Listening on authentication address * port 1645
Listening on accounting address * port 1646
Listening on command file /var/run/radiusd/radiusd.sock
Listening on authentication address 127.0.0.1 port 18120 as server inner-tunnel
Listening on proxy address * port 1647
Ready to process requests.
rad_recv: Access-Request packet from host 10.226.x.x port 56055, id=207, length=195
NAS-Identifier = "Juniper IVE"
User-Name = "xxxxxxxxx(a)ssl-admin.bell"
User-Password = "873901936144"
Tunnel-Client-Endpoint:0 = "10.254.x.x"
NAS-IP-Address = 10.226.x.x
NAS-Port = 0
Acct-Session-Id = "baxxx(a)ssl-admin.bell(Admin Users - FreeRadius-Test-New)\"Mon Jul 16 12:55:07 2018\"+/SSGJd2"
# Executing section authorize from file /etc/raddb/sites-enabled/default
+group authorize {
++[preprocess] = ok
++[chap] = noop
++[mschap] = noop
++[digest] = noop
[suffix] Looking up realm "ssl-admin.bell" for User-Name = "xxxxxxxxx(a)ssl-admin.bell"
[suffix] Found realm "ssl-admin.bell"
[suffix] Adding Stripped-User-Name = "xxxxxxxxx"
[suffix] Adding Realm = "ssl-admin.bell"
[suffix] Proxying request from user xxxxxxxxx to realm ssl-admin.bell
[suffix] Preparing to proxy authentication request to realm "ssl-admin.bell"
++[suffix] = updated
[eap] No EAP-Message, not doing EAP
++[eap] = noop
++[files] = noop
[ldap] performing user authorization for xxxxxxxxx
[ldap] expand: (cn=%{User-Name}) -> (cn=xxxxxxxxx(a)ssl-admin.bell)
[ldap] expand: dc=connexim,dc=com -> dc=connexim,dc=com
[ldap] ldap_get_conn: Checking Id: 0
[ldap] ldap_get_conn: Got Id: 0
[ldap] attempting LDAP reconnection
[ldap] (re)connect to 10.234.x.x:389, authentication 0
[ldap] bind as cn=Manager,dc=connexim,dc=com/laboratoire to 10.234.x.x:389
[ldap] waiting for bind result ...
[ldap] Bind was successful
[ldap] performing search in dc=connexim,dc=com, with filter (cn=xxxxxxxxx(a)ssl-admin.bell)
[ldap] looking for check items in directory...
[ldap] radiusClientIPAddress -> NAS-IP-Address == 10.227.x.x
[ldap] radiusClientIPAddress -> NAS-IP-Address == 10.226.x.x
[ldap] radiusClientIPAddress -> NAS-IP-Address == 10.226.x.x
[ldap] radiusClientIPAddress -> NAS-IP-Address == 10.227.x.x
[ldap] radiusClientIPAddress -> NAS-IP-Address == 10.227.x.x
[ldap] radiusClientIPAddress -> NAS-IP-Address == 10.227.x.x
[ldap] radiusClientIPAddress -> NAS-IP-Address == 10.227.x.x
[ldap] radiusClientIPAddress -> NAS-IP-Address == 10.226.x.x
[ldap] radiusClientIPAddress -> NAS-IP-Address == 10.226.x.x
[ldap] radiusClientIPAddress -> NAS-IP-Address == 10.226.x.x
[ldap] looking for reply items in directory...
[ldap] radiusClass -> Class = 0x61646d696e
WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly?
[ldap] Setting Auth-Type = LDAP
[ldap] ldap_release_conn: Release Id: 0
++[ldap] = ok
++[expiration] = noop
++[logintime] = noop
++[pap] = noop
+} # group authorize = updated
WARNING: Empty pre-proxy section. Using default return values.
Sending Access-Request of id 76 to 10.68.x.x port 1645
NAS-Identifier = "Juniper IVE"
User-Name = "xxxxxxxxx"
User-Password = "873901936144"
Tunnel-Client-Endpoint:0 = "10.254.x.x"
NAS-IP-Address = 10.226.x.x
NAS-Port = 0
Acct-Session-Id = "xxxxxxxxx(a)ssl-admin.bell(Admin Users - FreeRadius-Test-New)\"Mon Jul 16 12:55:07 2018\"+/SSGJd2"
Proxy-State = 0x323037
Proxying request 0 to home server 10.68.x.x port 1645
Sending Access-Request of id 76 to 10.68.x.x port 1645
NAS-Identifier = "Juniper IVE"
User-Name = "xxxxxxxxx"
User-Password = "873901936144"
Tunnel-Client-Endpoint:0 = "10.254.x.x"
NAS-IP-Address = 10.226.x.x
NAS-Port = 0
Acct-Session-Id = "xxxxxxxxx(a)ssl-admin.bell(Admin Users - FreeRadius-Test-New)\"Mon Jul 16 12:55:07 2018\"+/SSGJd2"
Proxy-State = 0x323037
Going to the next request
Waking up in 0.9 seconds.
Waking up in 13.0 seconds.
rad_recv: Access-Accept packet from host 10.68.x.x port 1645, id=76, length=83
Class = 0x53425232434c9db383ebde9481cabcc01180250180038198ce8002800881b198a683b1c4eab312800e819db383ebde9481cabcc080cf9af0
Proxy-State = 0x323037
# Executing section post-proxy from file /etc/raddb/sites-enabled/default
+group post-proxy {
[eap] No pre-existing handler found
++[eap] = noop
+} # group post-proxy = noop
Found Auth-Type = LDAP
Found Auth-Type = Accept
Warning: Found 2 auth-types on request for user 'xxxxxxxxx'
Auth-Type = Accept, accepting the user
# Executing section post-auth from file /etc/raddb/sites-enabled/default
+group post-auth {
++[exec] = noop
+} # group post-auth = noop
Sending Access-Accept of id 207 to 10.226.x.x port 56055
Class = 0x53425232434c9db383ebde9481cabcc01180250180038198ce8002800881b198a683b1c4eab312800e819db383ebde9481cabcc080cf9af0
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 0 ID 207 with timestamp +98
Ready to process requests.
---------------------------------------------------------
Last thing: when the user tries to login on his device, he gets the following message in his device's logs:
2018-07-16 12:27:10 - ive - [10.254.x.x] baxxxx(a)ssl-admin.bell(Admin Users - FreeRadius-Test-New)[] - Login failed. Reason: No Roles
2018-07-16 12:27:10 - ive - [10.254.x.x] baxxxx(a)ssl-admin.bell(Admin Users - FreeRadius-Test-New)[] - Primary authentication successful for baxxxx(a)ssl-admin.bell/FreeRadius-Test-New from 10.254.x.x
A test with another user last Friday had the following logs on the device's logs:
2018/07/13 10:10:33 - [10.254.x.x] - baxxxx(a)ssl-admin.bell(Admin Users - FreeRadius-Test-New)[] - Variable userAttr(a)FreeRadius-Test-New.Class = "<Binary Data>"
2018/07/13 10:10:33 - [10.254.x.x] - baxxxx(a)ssl-admin.bell(Admin Users - FreeRadius-Test-New)[] - No match on rule 'userAttr.Class = 'ssl-oper''
2018/07/13 10:10:33 - [10.254.x.x] - baxxxx(a)ssl-admin.bell(Admin Users - FreeRadius-Test-New)[] - No match on rule 'userAttr.Class = 'admin''
2018/07/13 10:10:33 - [10.254.x.x] - baxxxx(a)ssl-admin.bell(Admin Users - FreeRadius-Test-New)[] - Realm Admin Users - FreeRadius-Test-New did not map user baxxxx(a)ssl-admin.bell to any roles
2018/07/13 10:10:33 - [10.254.99.171] - baxxxx(a)ssl-admin.bell(Admin Users - FreeRadius-Test-New)[] - Sign-in rejected. Reason: No Roles
Thanks,
Benoit Petit
Analyste Technique | Technical Analyst
Sécurité et Intelligence Digitale TI | IT Security and Digital Intelligence
1 Carrefour Alexandre-Graham-Bell - Aile E - 3e étage - Verdun - QC - H3E 3B3
514-391-9247
L'utilisation de ce message et régie par notre politique de courriel. www.bell.ca/PolitiqueConfidentialiteCourriel
The use of this message is restricted by our mail policies. www.bell.ca/EmailConfidentialityWarning
3
4
Hi everyone,
I've been searching for documentation about FR to manage hosts Access-Requests of this type :
————
(0) Received Access-Request Id 139 from 10.14.240.106:32773 to 10.14.129.201:1812 length 324
(0) User-Name = "host/C304Z-HP2560.campus.unicaen.fr"
(0) Chargeable-User-Identity = 0x00
(0) Location-Capable = Civix-Location
(0) Calling-Station-Id = "08-11-96-6e-09-5c"
(0) Called-Station-Id = "00-3a-99-91-f1-10:flexi"
(0) NAS-Port = 13
(0) Cisco-AVPair = "audit-session-id=0a0ef06a0008a5df5b4c8983"
(0) Acct-Session-Id = "5b4c8983/08:11:96:6e:09:5c/611634"
(0) NAS-IP-Address = 10.14.240.106
(0) NAS-Identifier = "C1-AC5-A1"
(0) Airespace-Wlan-Id = 10
(0) Service-Type = Framed-User
(0) Framed-MTU = 1300
(0) NAS-Port-Type = Wireless-802.11
(0) Tunnel-Type:0 = VLAN
(0) Tunnel-Medium-Type:0 = IEEE-802
(0) Tunnel-Private-Group-Id:0 = "120"
(0) EAP-Message = 0x0202002801686f73742f433330345a2d4850323536302e63616d7075732e756e696361656e2e6672
(0) Message-Authenticator = 0x6965b96bd6574a69e7b1e88560e90146
What I — normally — need to do is to verify the host certificate against the AD CS.
Did anyone here managed to do that?
It would be nice to share or at least show me the breadcrumbs I need to follow…
Thank you in advance!
--
ૐ — Olivier Le Monnier — ☎ 023156.6209
Pôle Infrastructures — SysAdmin Linux
Direction du Système d'Information
Université de Caen Normandie
2
1
17 Jul '18
Hi there,
I am working for some days now with FreeRADIUS Version 3.0.13. I knew of RADIUS before and have a technical background but not much experience regarding RADOIS, 802.1X or Authentication in particular (PAP, EAP, CHAP…).
However, my question: I have a working RADIUS-Server, I ensured that as I am able to authenticate a Windows 7 Workstation with 802.1X activated on the switch port it is connected to. When I enter the correct user@domain with the correct password, the switch allows traffic on that port and I can also see an Access-Accept in the RADIUS debug output. My next step is to not use a workstation but an IP camera. I uploaded the “test” certificates and key that were created in /etc/raddp/certs to the IP cam and used the same user I used for the windows 7 authentication. It just wont work like that but I cant figure out why. My debug output is attached.
IMHO everything looks good until:
(2) eap: Peer sent packet with method EAP NAK (3)
(2) eap: Peer NAK'd indicating it is not willing to continue
(2) eap: Sending EAP Failure (code 4) ID 3 length 4
(2) eap: Failed in EAP select
But I have no Idea what that means.
Here is the full debug output:
[root@localhost ~]# radiusd -X
FreeRADIUS Version 3.0.13
Copyright (C) 1999-2017 The FreeRADIUS server project and contributors
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License
For more information about these matters, see the file named COPYRIGHT
Starting - reading configuration files ...
including dictionary file /usr/share/freeradius/dictionary
including dictionary file /usr/share/freeradius/dictionary.dhcp
including dictionary file /usr/share/freeradius/dictionary.vqp
including dictionary file /etc/raddb/dictionary
including configuration file /etc/raddb/radiusd.conf
including configuration file /etc/raddb/proxy.conf
including configuration file /etc/raddb/clients.conf
including files in directory /etc/raddb/mods-enabled/
including configuration file /etc/raddb/mods-enabled/always
including configuration file /etc/raddb/mods-enabled/attr_filter
including configuration file /etc/raddb/mods-enabled/cache_eap
including configuration file /etc/raddb/mods-enabled/chap
including configuration file /etc/raddb/mods-enabled/date
including configuration file /etc/raddb/mods-enabled/detail
including configuration file /etc/raddb/mods-enabled/detail.log
including configuration file /etc/raddb/mods-enabled/dhcp
including configuration file /etc/raddb/mods-enabled/digest
including configuration file /etc/raddb/mods-enabled/dynamic_clients
including configuration file /etc/raddb/mods-enabled/eap
including configuration file /etc/raddb/mods-enabled/echo
including configuration file /etc/raddb/mods-enabled/exec
including configuration file /etc/raddb/mods-enabled/expiration
including configuration file /etc/raddb/mods-enabled/expr
including configuration file /etc/raddb/mods-enabled/files
including configuration file /etc/raddb/mods-enabled/linelog
including configuration file /etc/raddb/mods-enabled/logintime
including configuration file /etc/raddb/mods-enabled/mschap
including configuration file /etc/raddb/mods-enabled/ntlm_auth
including configuration file /etc/raddb/mods-enabled/pap
including configuration file /etc/raddb/mods-enabled/passwd
including configuration file /etc/raddb/mods-enabled/preprocess
including configuration file /etc/raddb/mods-enabled/radutmp
including configuration file /etc/raddb/mods-enabled/realm
including configuration file /etc/raddb/mods-enabled/replicate
including configuration file /etc/raddb/mods-enabled/soh
including configuration file /etc/raddb/mods-enabled/sradutmp
including configuration file /etc/raddb/mods-enabled/unix
including configuration file /etc/raddb/mods-enabled/unpack
including configuration file /etc/raddb/mods-enabled/utf8
including configuration file /etc/raddb/mods-enabled/sql
including configuration file /etc/raddb/mods-config/sql/main/mysql/queries.conf
including files in directory /etc/raddb/policy.d/
including configuration file /etc/raddb/policy.d/accounting
including configuration file /etc/raddb/policy.d/canonicalization
including configuration file /etc/raddb/policy.d/control
including configuration file /etc/raddb/policy.d/cui
including configuration file /etc/raddb/policy.d/debug
including configuration file /etc/raddb/policy.d/dhcp
including configuration file /etc/raddb/policy.d/eap
including configuration file /etc/raddb/policy.d/filter
including configuration file /etc/raddb/policy.d/operator-name
including files in directory /etc/raddb/sites-enabled/
including configuration file /etc/raddb/sites-enabled/default
including configuration file /etc/raddb/sites-enabled/inner-tunnel
main {
security {
user = "radiusd"
group = "radiusd"
allow_core_dumps = no
}
name = "radiusd"
prefix = "/usr"
localstatedir = "/var"
logdir = "/var/log/radius"
run_dir = "/var/run/radiusd"
}
main {
name = "radiusd"
prefix = "/usr"
localstatedir = "/var"
sbindir = "/usr/sbin"
logdir = "/var/log/radius"
run_dir = "/var/run/radiusd"
libdir = "/usr/lib64/freeradius"
radacctdir = "/var/log/radius/radacct"
hostname_lookups = no
max_request_time = 30
cleanup_delay = 5
max_requests = 16384
pidfile = "/var/run/radiusd/radiusd.pid"
checkrad = "/usr/sbin/checkrad"
debug_level = 0
proxy_requests = yes
log {
stripped_names = no
auth = no
auth_badpass = no
auth_goodpass = no
colourise = yes
msg_denied = "You are already logged in - access denied"
}
resources {
}
security {
max_attributes = 200
reject_delay = 1.000000
status_server = yes
}
}
radiusd: #### Loading Realms and Home Servers ####
radiusd: #### Loading Clients ####
client localhost {
ipaddr = 127.0.0.1
require_message_authenticator = no
secret = <<< secret >>>
nas_type = "other"
proto = "*"
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
client localhost_ipv6 {
ipv6addr = ::1
require_message_authenticator = no
secret = <<< secret >>>
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
client testclient {
ipaddr = 10.1.100.103
require_message_authenticator = no
secret = <<< secret >>>
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
client switch {
ipaddr = 10.1.17.213
require_message_authenticator = no
secret = <<< secret >>>
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
client 802test {
ipaddr = 10.1.22.136
require_message_authenticator = no
secret = <<< secret >>>
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
Debugger not attached
# Creating Auth-Type = mschap
# Creating Auth-Type = digest
# Creating Auth-Type = eap
# Creating Auth-Type = PAP
# Creating Auth-Type = CHAP
# Creating Auth-Type = MS-CHAP
radiusd: #### Instantiating modules ####
modules {
# Loaded module rlm_always
# Loading module "reject" from file /etc/raddb/mods-enabled/always
always reject {
rcode = "reject"
simulcount = 0
mpp = no
}
# Loading module "fail" from file /etc/raddb/mods-enabled/always
always fail {
rcode = "fail"
simulcount = 0
mpp = no
}
# Loading module "ok" from file /etc/raddb/mods-enabled/always
always ok {
rcode = "ok"
simulcount = 0
mpp = no
}
# Loading module "handled" from file /etc/raddb/mods-enabled/always
always handled {
rcode = "handled"
simulcount = 0
mpp = no
}
# Loading module "invalid" from file /etc/raddb/mods-enabled/always
always invalid {
rcode = "invalid"
simulcount = 0
mpp = no
}
# Loading module "userlock" from file /etc/raddb/mods-enabled/always
always userlock {
rcode = "userlock"
simulcount = 0
mpp = no
}
# Loading module "notfound" from file /etc/raddb/mods-enabled/always
always notfound {
rcode = "notfound"
simulcount = 0
mpp = no
}
# Loading module "noop" from file /etc/raddb/mods-enabled/always
always noop {
rcode = "noop"
simulcount = 0
mpp = no
}
# Loading module "updated" from file /etc/raddb/mods-enabled/always
always updated {
rcode = "updated"
simulcount = 0
mpp = no
}
# Loaded module rlm_attr_filter
# Loading module "attr_filter.post-proxy" from file /etc/raddb/mods-enabled/attr_filter
attr_filter attr_filter.post-proxy {
filename = "/etc/raddb/mods-config/attr_filter/post-proxy"
key = "%{Realm}"
relaxed = no
}
# Loading module "attr_filter.pre-proxy" from file /etc/raddb/mods-enabled/attr_filter
attr_filter attr_filter.pre-proxy {
filename = "/etc/raddb/mods-config/attr_filter/pre-proxy"
key = "%{Realm}"
relaxed = no
}
# Loading module "attr_filter.access_reject" from file /etc/raddb/mods-enabled/attr_filter
attr_filter attr_filter.access_reject {
filename = "/etc/raddb/mods-config/attr_filter/access_reject"
key = "%{User-Name}"
relaxed = no
}
# Loading module "attr_filter.access_challenge" from file /etc/raddb/mods-enabled/attr_filter
attr_filter attr_filter.access_challenge {
filename = "/etc/raddb/mods-config/attr_filter/access_challenge"
key = "%{User-Name}"
relaxed = no
}
# Loading module "attr_filter.accounting_response" from file /etc/raddb/mods-enabled/attr_filter
attr_filter attr_filter.accounting_response {
filename = "/etc/raddb/mods-config/attr_filter/accounting_response"
key = "%{User-Name}"
relaxed = no
}
# Loaded module rlm_cache
# Loading module "cache_eap" from file /etc/raddb/mods-enabled/cache_eap
cache cache_eap {
driver = "rlm_cache_rbtree"
key = "%{%{control:State}:-%{%{reply:State}:-%{State}}}"
ttl = 15
max_entries = 0
epoch = 0
add_stats = no
}
# Loaded module rlm_chap
# Loading module "chap" from file /etc/raddb/mods-enabled/chap
# Loaded module rlm_date
# Loading module "date" from file /etc/raddb/mods-enabled/date
date {
format = "%b %e %Y %H:%M:%S %Z"
}
# Loaded module rlm_detail
# Loading module "detail" from file /etc/raddb/mods-enabled/detail
detail {
filename = "/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d"
header = "%t"
permissions = 384
locking = no
escape_filenames = no
log_packet_header = no
}
# Loading module "auth_log" from file /etc/raddb/mods-enabled/detail.log
detail auth_log {
filename = "/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d"
header = "%t"
permissions = 384
locking = no
escape_filenames = no
log_packet_header = no
}
# Loading module "reply_log" from file /etc/raddb/mods-enabled/detail.log
detail reply_log {
filename = "/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/reply-detail-%Y%m%d"
header = "%t"
permissions = 384
locking = no
escape_filenames = no
log_packet_header = no
}
# Loading module "pre_proxy_log" from file /etc/raddb/mods-enabled/detail.log
detail pre_proxy_log {
filename = "/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/pre-proxy-detail-%Y%m%d"
header = "%t"
permissions = 384
locking = no
escape_filenames = no
log_packet_header = no
}
# Loading module "post_proxy_log" from file /etc/raddb/mods-enabled/detail.log
detail post_proxy_log {
filename = "/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/post-proxy-detail-%Y%m%d"
header = "%t"
permissions = 384
locking = no
escape_filenames = no
log_packet_header = no
}
# Loaded module rlm_dhcp
# Loading module "dhcp" from file /etc/raddb/mods-enabled/dhcp
# Loaded module rlm_digest
# Loading module "digest" from file /etc/raddb/mods-enabled/digest
# Loaded module rlm_dynamic_clients
# Loading module "dynamic_clients" from file /etc/raddb/mods-enabled/dynamic_clients
# Loaded module rlm_eap
# Loading module "eap" from file /etc/raddb/mods-enabled/eap
eap {
default_eap_type = "md5"
timer_expire = 60
ignore_unknown_eap_types = no
cisco_accounting_username_bug = no
max_sessions = 16384
}
# Loaded module rlm_exec
# Loading module "echo" from file /etc/raddb/mods-enabled/echo
exec echo {
wait = yes
program = "/bin/echo %{User-Name}"
input_pairs = "request"
output_pairs = "reply"
shell_escape = yes
}
# Loading module "exec" from file /etc/raddb/mods-enabled/exec
exec {
wait = no
input_pairs = "request"
shell_escape = yes
timeout = 10
}
# Loaded module rlm_expiration
# Loading module "expiration" from file /etc/raddb/mods-enabled/expiration
# Loaded module rlm_expr
# Loading module "expr" from file /etc/raddb/mods-enabled/expr
expr {
safe_characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /äéöüàâæçèéêëîïôœùûüaÿÄÉÖÜßÀÂÆÇÈÉÊËÎÏÔŒÙÛÜŸ"
}
# Loaded module rlm_files
# Loading module "files" from file /etc/raddb/mods-enabled/files
files {
filename = "/etc/raddb/mods-config/files/authorize"
acctusersfile = "/etc/raddb/mods-config/files/accounting"
preproxy_usersfile = "/etc/raddb/mods-config/files/pre-proxy"
}
# Loaded module rlm_linelog
# Loading module "linelog" from file /etc/raddb/mods-enabled/linelog
linelog {
filename = "/var/log/radius/linelog"
escape_filenames = no
syslog_severity = "info"
permissions = 384
format = "This is a log message for %{User-Name}"
reference = "messages.%{%{reply:Packet-Type}:-default}"
}
# Loading module "log_accounting" from file /etc/raddb/mods-enabled/linelog
linelog log_accounting {
filename = "/var/log/radius/linelog-accounting"
escape_filenames = no
syslog_severity = "info"
permissions = 384
format = ""
reference = "Accounting-Request.%{%{Acct-Status-Type}:-unknown}"
}
# Loaded module rlm_logintime
# Loading module "logintime" from file /etc/raddb/mods-enabled/logintime
logintime {
minimum_timeout = 60
}
# Loaded module rlm_mschap
# Loading module "mschap" from file /etc/raddb/mods-enabled/mschap
mschap {
use_mppe = yes
require_encryption = no
require_strong = no
with_ntdomain_hack = yes
passchange {
}
allow_retry = yes
winbind_retry_with_normalised_username = no
}
# Loading module "ntlm_auth" from file /etc/raddb/mods-enabled/ntlm_auth
exec ntlm_auth {
wait = yes
program = "/path/to/ntlm_auth --request-nt-key --domain=MYDOMAIN --username=%{mschap:User-Name} --password=%{User-Password}"
shell_escape = yes
}
# Loaded module rlm_pap
# Loading module "pap" from file /etc/raddb/mods-enabled/pap
pap {
normalise = yes
}
# Loaded module rlm_passwd
# Loading module "etc_passwd" from file /etc/raddb/mods-enabled/passwd
passwd etc_passwd {
filename = "/etc/passwd"
format = "*User-Name:Crypt-Password:"
delimiter = ":"
ignore_nislike = no
ignore_empty = yes
allow_multiple_keys = no
hash_size = 100
}
# Loaded module rlm_preprocess
# Loading module "preprocess" from file /etc/raddb/mods-enabled/preprocess
preprocess {
huntgroups = "/etc/raddb/mods-config/preprocess/huntgroups"
hints = "/etc/raddb/mods-config/preprocess/hints"
with_ascend_hack = no
ascend_channels_per_line = 23
with_ntdomain_hack = no
with_specialix_jetstream_hack = no
with_cisco_vsa_hack = no
with_alvarion_vsa_hack = no
}
# Loaded module rlm_radutmp
# Loading module "radutmp" from file /etc/raddb/mods-enabled/radutmp
radutmp {
filename = "/var/log/radius/radutmp"
username = "%{User-Name}"
case_sensitive = yes
check_with_nas = yes
permissions = 384
caller_id = yes
}
# Loaded module rlm_realm
# Loading module "IPASS" from file /etc/raddb/mods-enabled/realm
realm IPASS {
format = "prefix"
delimiter = "/"
ignore_default = no
ignore_null = no
}
# Loading module "suffix" from file /etc/raddb/mods-enabled/realm
realm suffix {
format = "suffix"
delimiter = "@"
ignore_default = no
ignore_null = no
}
# Loading module "realmpercent" from file /etc/raddb/mods-enabled/realm
realm realmpercent {
format = "suffix"
delimiter = "%"
ignore_default = no
ignore_null = no
}
# Loading module "ntdomain" from file /etc/raddb/mods-enabled/realm
realm ntdomain {
format = "prefix"
delimiter = "\\"
ignore_default = no
ignore_null = no
}
# Loaded module rlm_replicate
# Loading module "replicate" from file /etc/raddb/mods-enabled/replicate
# Loaded module rlm_soh
# Loading module "soh" from file /etc/raddb/mods-enabled/soh
soh {
dhcp = yes
}
# Loading module "sradutmp" from file /etc/raddb/mods-enabled/sradutmp
radutmp sradutmp {
filename = "/var/log/radius/sradutmp"
username = "%{User-Name}"
case_sensitive = yes
check_with_nas = yes
permissions = 420
caller_id = no
}
# Loaded module rlm_unix
# Loading module "unix" from file /etc/raddb/mods-enabled/unix
unix {
radwtmp = "/var/log/radius/radwtmp"
}
Creating attribute Unix-Group
# Loaded module rlm_unpack
# Loading module "unpack" from file /etc/raddb/mods-enabled/unpack
# Loaded module rlm_utf8
# Loading module "utf8" from file /etc/raddb/mods-enabled/utf8
# Loaded module rlm_sql
# Loading module "sql" from file /etc/raddb/mods-enabled/sql
sql {
driver = "rlm_sql_mysql"
server = "localhost"
port = 3306
login = "radius"
password = <<< secret >>>
radius_db = "radius"
read_groups = yes
read_profiles = yes
read_clients = yes
delete_stale_sessions = yes
sql_user_name = "%{User-Name}"
default_user_profile = ""
client_query = "SELECT id, nasname, shortname, type, secret, server FROM nas"
authorize_check_query = "SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id"
authorize_reply_query = "SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id"
authorize_group_check_query = "SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{SQL-Group}' ORDER BY id"
authorize_group_reply_query = "SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{SQL-Group}' ORDER BY id"
group_membership_query = "SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority"
simul_count_query = "SELECT COUNT(*) FROM radacct WHERE username = '%{SQL-User-Name}' AND acctstoptime IS NULL"
simul_verify_query = "SELECT radacctid, acctsessionid, username, nasipaddress, nasportid, framedipaddress, callingstationid, framedprotocol FROM radacct WHERE username = '%{SQL-User-Name}' AND acctstoptime IS NULL"
safe_characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
accounting {
reference = "%{tolower:type.%{Acct-Status-Type}.query}"
type {
accounting-on {
query = "UPDATE radacct SET acctstoptime = FROM_UNIXTIME(%{integer:Event-Timestamp}), acctsessiontime = '%{integer:Event-Timestamp}' - UNIX_TIMESTAMP(acctstarttime), acctterminatecause = '%{%{Acct-Terminate-Cause}:-NAS-Reboot}' WHERE acctstoptime IS NULL AND nasipaddress = '%{NAS-IP-Address}' AND acctstarttime <= FROM_UNIXTIME(%{integer:Event-Timestamp})"
}
accounting-off {
query = "UPDATE radacct SET acctstoptime = FROM_UNIXTIME(%{integer:Event-Timestamp}), acctsessiontime = '%{integer:Event-Timestamp}' - UNIX_TIMESTAMP(acctstarttime), acctterminatecause = '%{%{Acct-Terminate-Cause}:-NAS-Reboot}' WHERE acctstoptime IS NULL AND nasipaddress = '%{NAS-IP-Address}' AND acctstarttime <= FROM_UNIXTIME(%{integer:Event-Timestamp})"
}
start {
query = "INSERT INTO radacct (acctsessionid, acctuniqueid, username, realm, nasipaddress, nasportid, nasporttype, acctstarttime, acctupdatetime, acctstoptime, acctsessiontime, acctauthentic, connectinfo_start, connectinfo_stop, acctinputoctets, acctoutputoctets, calledstationid, callingstationid, acctterminatecause, servicetype, framedprotocol, framedipaddress) VALUES ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{%{NAS-Port-ID}:-%{NAS-Port}}', '%{NAS-Port-Type}', FROM_UNIXTIME(%{integer:Event-Timestamp}), FROM_UNIXTIME(%{integer:Event-Timestamp}), NULL, '0', '%{Acct-Authentic}', '%{Connect-Info}', '', '0', '0', '%{Called-Station-Id}', '%{Calling-Station-Id}', '', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}')"
}
interim-update {
query = "UPDATE radacct SET acctupdatetime = (@acctupdatetime_old:=acctupdatetime), acctupdatetime = FROM_UNIXTIME(%{integer:Event-Timestamp}), acctinterval = %{integer:Event-Timestamp} - UNIX_TIMESTAMP(@acctupdatetime_old), framedipaddress = '%{Framed-IP-Address}', acctsessiontime = %{%{Acct-Session-Time}:-NULL}, acctinputoctets = '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}' WHERE AcctUniqueId = '%{Acct-Unique-Session-Id}'"
}
stop {
query = "UPDATE radacct SET acctstoptime = FROM_UNIXTIME(%{integer:Event-Timestamp}), acctsessiontime = %{%{Acct-Session-Time}:-NULL}, acctinputoctets = '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}', acctterminatecause = '%{Acct-Terminate-Cause}', connectinfo_stop = '%{Connect-Info}' WHERE AcctUniqueId = '%{Acct-Unique-Session-Id}'"
}
}
}
post-auth {
reference = ".query"
query = "INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{SQL-User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S')"
}
}
rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked
Creating attribute SQL-Group
instantiate {
}
# Instantiating module "reject" from file /etc/raddb/mods-enabled/always
# Instantiating module "fail" from file /etc/raddb/mods-enabled/always
# Instantiating module "ok" from file /etc/raddb/mods-enabled/always
# Instantiating module "handled" from file /etc/raddb/mods-enabled/always
# Instantiating module "invalid" from file /etc/raddb/mods-enabled/always
# Instantiating module "userlock" from file /etc/raddb/mods-enabled/always
# Instantiating module "notfound" from file /etc/raddb/mods-enabled/always
# Instantiating module "noop" from file /etc/raddb/mods-enabled/always
# Instantiating module "updated" from file /etc/raddb/mods-enabled/always
# Instantiating module "attr_filter.post-proxy" from file /etc/raddb/mods-enabled/attr_filter
reading pairlist file /etc/raddb/mods-config/attr_filter/post-proxy
# Instantiating module "attr_filter.pre-proxy" from file /etc/raddb/mods-enabled/attr_filter
reading pairlist file /etc/raddb/mods-config/attr_filter/pre-proxy
# Instantiating module "attr_filter.access_reject" from file /etc/raddb/mods-enabled/attr_filter
reading pairlist file /etc/raddb/mods-config/attr_filter/access_reject
[/etc/raddb/mods-config/attr_filter/access_reject]:11 Check item "FreeRADIUS-Response-Delay" found in filter list for realm "DEFAULT".
[/etc/raddb/mods-config/attr_filter/access_reject]:11 Check item "FreeRADIUS-Response-Delay-USec" found in filter list for realm "DEFAULT".
# Instantiating module "attr_filter.access_challenge" from file /etc/raddb/mods-enabled/attr_filter
reading pairlist file /etc/raddb/mods-config/attr_filter/access_challenge
# Instantiating module "attr_filter.accounting_response" from file /etc/raddb/mods-enabled/attr_filter
reading pairlist file /etc/raddb/mods-config/attr_filter/accounting_response
# Instantiating module "cache_eap" from file /etc/raddb/mods-enabled/cache_eap
rlm_cache (cache_eap): Driver rlm_cache_rbtree (module rlm_cache_rbtree) loaded and linked
# Instantiating module "detail" from file /etc/raddb/mods-enabled/detail
# Instantiating module "auth_log" from file /etc/raddb/mods-enabled/detail.log
rlm_detail (auth_log): 'User-Password' suppressed, will not appear in detail output
# Instantiating module "reply_log" from file /etc/raddb/mods-enabled/detail.log
# Instantiating module "pre_proxy_log" from file /etc/raddb/mods-enabled/detail.log
# Instantiating module "post_proxy_log" from file /etc/raddb/mods-enabled/detail.log
# Instantiating module "eap" from file /etc/raddb/mods-enabled/eap
# Linked to sub-module rlm_eap_md5
# Linked to sub-module rlm_eap_leap
# Linked to sub-module rlm_eap_gtc
gtc {
challenge = "Password: "
auth_type = "PAP"
}
# Linked to sub-module rlm_eap_tls
tls {
tls = "tls-common"
}
tls-config tls-common {
verify_depth = 0
ca_path = "/etc/raddb/certs"
pem_file_type = yes
private_key_file = "/etc/raddb/certs/server.pem"
certificate_file = "/etc/raddb/certs/server.pem"
ca_file = "/etc/raddb/certs/ca.pem"
private_key_password = <<< secret >>>
dh_file = "/etc/raddb/certs/dh"
fragment_size = 1024
include_length = yes
auto_chain = yes
check_crl = no
check_all_crl = no
cipher_list = "DEFAULT"
cipher_server_preference = no
ecdh_curve = "prime256v1"
cache {
enable = no
lifetime = 24
max_entries = 255
}
verify {
skip_if_ocsp_ok = no
}
ocsp {
enable = no
override_cert_url = yes
url = "http://127.0.0.1/ocsp/"
use_nonce = yes
timeout = 0
softfail = no
}
}
# Linked to sub-module rlm_eap_ttls
ttls {
tls = "tls-common"
default_eap_type = "md5"
copy_request_to_tunnel = no
use_tunneled_reply = no
virtual_server = "inner-tunnel"
include_length = yes
require_client_cert = no
}
tls: Using cached TLS configuration from previous invocation
# Linked to sub-module rlm_eap_peap
peap {
tls = "tls-common"
default_eap_type = "mschapv2"
copy_request_to_tunnel = no
use_tunneled_reply = no
proxy_tunneled_request_as_eap = yes
virtual_server = "inner-tunnel"
soh = no
require_client_cert = no
}
tls: Using cached TLS configuration from previous invocation
# Linked to sub-module rlm_eap_mschapv2
mschapv2 {
with_ntdomain_hack = no
send_error = no
}
# Instantiating module "expiration" from file /etc/raddb/mods-enabled/expiration
# Instantiating module "files" from file /etc/raddb/mods-enabled/files
reading pairlist file /etc/raddb/mods-config/files/authorize
reading pairlist file /etc/raddb/mods-config/files/accounting
reading pairlist file /etc/raddb/mods-config/files/pre-proxy
# Instantiating module "linelog" from file /etc/raddb/mods-enabled/linelog
# Instantiating module "log_accounting" from file /etc/raddb/mods-enabled/linelog
# Instantiating module "logintime" from file /etc/raddb/mods-enabled/logintime
# Instantiating module "mschap" from file /etc/raddb/mods-enabled/mschap
rlm_mschap (mschap): using internal authentication
# Instantiating module "pap" from file /etc/raddb/mods-enabled/pap
# Instantiating module "etc_passwd" from file /etc/raddb/mods-enabled/passwd
rlm_passwd: nfields: 3 keyfield 0(User-Name) listable: no
# Instantiating module "preprocess" from file /etc/raddb/mods-enabled/preprocess
reading pairlist file /etc/raddb/mods-config/preprocess/huntgroups
reading pairlist file /etc/raddb/mods-config/preprocess/hints
# Instantiating module "IPASS" from file /etc/raddb/mods-enabled/realm
# Instantiating module "suffix" from file /etc/raddb/mods-enabled/realm
# Instantiating module "realmpercent" from file /etc/raddb/mods-enabled/realm
# Instantiating module "ntdomain" from file /etc/raddb/mods-enabled/realm
# Instantiating module "sql" from file /etc/raddb/mods-enabled/sql
rlm_sql_mysql: libmysql version: 10.1.34-MariaDB
mysql {
tls {
}
warnings = "auto"
}
rlm_sql (sql): Attempting to connect to database "radius"
rlm_sql (sql): Initialising connection pool
pool {
start = 5
min = 3
max = 32
spare = 10
uses = 0
lifetime = 0
cleanup_interval = 30
idle_timeout = 60
retry_delay = 30
spread = no
}
rlm_sql (sql): Opening additional connection (0), 1 of 32 pending slots used
rlm_sql_mysql: Starting connect to MySQL server
rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX socket, server version 10.1.34-MariaDB, protocol version 10
rlm_sql (sql): Opening additional connection (1), 1 of 31 pending slots used
rlm_sql_mysql: Starting connect to MySQL server
rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX socket, server version 10.1.34-MariaDB, protocol version 10
rlm_sql (sql): Opening additional connection (2), 1 of 30 pending slots used
rlm_sql_mysql: Starting connect to MySQL server
rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX socket, server version 10.1.34-MariaDB, protocol version 10
rlm_sql (sql): Opening additional connection (3), 1 of 29 pending slots used
rlm_sql_mysql: Starting connect to MySQL server
rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX socket, server version 10.1.34-MariaDB, protocol version 10
rlm_sql (sql): Opening additional connection (4), 1 of 28 pending slots used
rlm_sql_mysql: Starting connect to MySQL server
rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX socket, server version 10.1.34-MariaDB, protocol version 10
rlm_sql (sql): Processing generate_sql_clients
rlm_sql (sql) in generate_sql_clients: query is SELECT id, nasname, shortname, type, secret, server FROM nas
rlm_sql (sql): Reserved connection (0)
rlm_sql (sql): Executing select query: SELECT id, nasname, shortname, type, secret, server FROM nas
rlm_sql (sql): Released connection (0)
Need 5 more connections to reach 10 spares
rlm_sql (sql): Opening additional connection (5), 1 of 27 pending slots used
rlm_sql_mysql: Starting connect to MySQL server
rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX socket, server version 10.1.34-MariaDB, protocol version 10
} # modules
radiusd: #### Loading Virtual Servers ####
server { # from file /etc/raddb/radiusd.conf
} # server
server default { # from file /etc/raddb/sites-enabled/default
# Loading authenticate {...}
# Loading authorize {...}
Ignoring "ldap" (see raddb/mods-available/README.rst)
# Loading preacct {...}
# Loading accounting {...}
# Loading post-proxy {...}
# Loading post-auth {...}
} # server default
server inner-tunnel { # from file /etc/raddb/sites-enabled/inner-tunnel
# Loading authenticate {...}
# Loading authorize {...}
# Loading session {...}
# Loading post-proxy {...}
# Loading post-auth {...}
# Skipping contents of 'if' as it is always 'false' -- /etc/raddb/sites-enabled/inner-tunnel:330
} # server inner-tunnel
radiusd: #### Opening IP addresses and Ports ####
listen {
type = "auth"
ipaddr = *
port = 0
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
listen {
type = "acct"
ipaddr = *
port = 0
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
listen {
type = "auth"
ipv6addr = ::
port = 0
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
listen {
type = "acct"
ipv6addr = ::
port = 0
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
listen {
type = "auth"
ipaddr = 127.0.0.1
port = 18120
}
Listening on auth address * port 1812 bound to server default
Listening on acct address * port 1813 bound to server default
Listening on auth address :: port 1812 bound to server default
Listening on acct address :: port 1813 bound to server default
Listening on auth address 127.0.0.1 port 18120 bound to server inner-tunnel
Ready to process requests
(0) Received Access-Request Id 196 from 10.1.17.213:5001 to 10.1.22.139:1812 length 131
(0) User-Name = "test(a)test.de"
(0) EAP-Message = 0x02010011017465737440746573742e6465
(0) Message-Authenticator = 0xcc6b7f6dcf8ad4f75142527dd9c80de9
(0) NAS-IP-Address = 10.1.17.213
(0) NAS-Identifier = "002257bfc602"
(0) NAS-Port = 16842753
(0) NAS-Port-Type = Ethernet
(0) Service-Type = Framed-User
(0) Framed-Protocol = PPP
(0) Calling-Station-Id = "00d0-8916-a51c"
(0) # Executing section authorize from file /etc/raddb/sites-enabled/default
(0) authorize {
(0) policy filter_username {
(0) if (&User-Name) {
(0) if (&User-Name) -> TRUE
(0) if (&User-Name) {
(0) if (&User-Name =~ / /) {
(0) if (&User-Name =~ / /) -> FALSE
(0) if (&User-Name =~ /@[^@]*@/ ) {
(0) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(0) if (&User-Name =~ /\.\./ ) {
(0) if (&User-Name =~ /\.\./ ) -> FALSE
(0) if ((&User-Name =~ /@/) && (&User-Name !~ /(a)(.+)\.(.+)$/)) {
(0) if ((&User-Name =~ /@/) && (&User-Name !~ /(a)(.+)\.(.+)$/)) -> FALSE
(0) if (&User-Name =~ /\.$/) {
(0) if (&User-Name =~ /\.$/) -> FALSE
(0) if (&User-Name =~ /(a)\./) {
(0) if (&User-Name =~ /(a)\./) -> FALSE
(0) } # if (&User-Name) = notfound
(0) } # policy filter_username = notfound
(0) [preprocess] = ok
(0) [chap] = noop
(0) [mschap] = noop
(0) [digest] = noop
(0) suffix: Checking for suffix after "@"
(0) suffix: Looking up realm "test.de" for User-Name = "test(a)test.de"
(0) suffix: No such realm "test.de"
(0) [suffix] = noop
(0) eap: Peer sent EAP Response (code 2) ID 1 length 17
(0) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
(0) [eap] = ok
(0) } # authorize = ok
(0) Found Auth-Type = eap
(0) # Executing group from file /etc/raddb/sites-enabled/default
(0) authenticate {
(0) eap: Peer sent packet with method EAP Identity (1)
(0) eap: Calling submodule eap_md5 to process data
(0) eap_md5: Issuing MD5 Challenge
(0) eap: Sending EAP Request (code 1) ID 2 length 22
(0) eap: EAP session adding &reply:State = 0x63be32f863bc36b8
(0) [eap] = handled
(0) } # authenticate = handled
(0) Using Post-Auth-Type Challenge
(0) # Executing group from file /etc/raddb/sites-enabled/default
(0) Challenge { ... } # empty sub-section is ignored
(0) Sent Access-Challenge Id 196 from 10.1.22.139:1812 to 10.1.17.213:5001 length 0
(0) EAP-Message = 0x010200160410ba4998d7891473ac7a4379f547fd8835
(0) Message-Authenticator = 0x00000000000000000000000000000000
(0) State = 0x63be32f863bc36b887ed5f2ce5677eca
(0) Finished request
Waking up in 4.9 seconds.
(1) Received Access-Request Id 197 from 10.1.17.213:5001 to 10.1.22.139:1812 length 138
(1) User-Name = "test(a)test.de"
(1) EAP-Message = 0x02020006030d
(1) Message-Authenticator = 0x97fdf8036af545820ec406c229ad06fe
(1) NAS-IP-Address = 10.1.17.213
(1) NAS-Identifier = "002257bfc602"
(1) NAS-Port = 16842753
(1) NAS-Port-Type = Ethernet
(1) Service-Type = Framed-User
(1) Framed-Protocol = PPP
(1) Calling-Station-Id = "00d0-8916-a51c"
(1) State = 0x63be32f863bc36b887ed5f2ce5677eca
(1) session-state: No cached attributes
(1) # Executing section authorize from file /etc/raddb/sites-enabled/default
(1) authorize {
(1) policy filter_username {
(1) if (&User-Name) {
(1) if (&User-Name) -> TRUE
(1) if (&User-Name) {
(1) if (&User-Name =~ / /) {
(1) if (&User-Name =~ / /) -> FALSE
(1) if (&User-Name =~ /@[^@]*@/ ) {
(1) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(1) if (&User-Name =~ /\.\./ ) {
(1) if (&User-Name =~ /\.\./ ) -> FALSE
(1) if ((&User-Name =~ /@/) && (&User-Name !~ /(a)(.+)\.(.+)$/)) {
(1) if ((&User-Name =~ /@/) && (&User-Name !~ /(a)(.+)\.(.+)$/)) -> FALSE
(1) if (&User-Name =~ /\.$/) {
(1) if (&User-Name =~ /\.$/) -> FALSE
(1) if (&User-Name =~ /(a)\./) {
(1) if (&User-Name =~ /(a)\./) -> FALSE
(1) } # if (&User-Name) = notfound
(1) } # policy filter_username = notfound
(1) [preprocess] = ok
(1) [chap] = noop
(1) [mschap] = noop
(1) [digest] = noop
(1) suffix: Checking for suffix after "@"
(1) suffix: Looking up realm "test.de" for User-Name = "test(a)test.de"
(1) suffix: No such realm "test.de"
(1) [suffix] = noop
(1) eap: Peer sent EAP Response (code 2) ID 2 length 6
(1) eap: No EAP Start, assuming it's an on-going EAP conversation
(1) [eap] = updated
(1) files: users: Matched entry DEFAULT at line 181
(1) [files] = ok
(1) sql: EXPAND %{User-Name}
(1) sql: --> test(a)test.de
(1) sql: SQL-User-Name set to 'test(a)test.de'
rlm_sql (sql): Reserved connection (1)
(1) sql: EXPAND SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id
(1) sql: --> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'test(a)test.de' ORDER BY id
(1) sql: Executing select query: SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'test(a)test.de' ORDER BY id
(1) sql: User found in radcheck table
(1) sql: Conditional check items matched, merging assignment check items
(1) sql: Cleartext-Password := "test"
(1) sql: EXPAND SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id
(1) sql: --> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'test(a)test.de' ORDER BY id
(1) sql: Executing select query: SELECT id, username, attribute, value, op FROM radreply WHERE username = 'test(a)test.de' ORDER BY id
(1) sql: EXPAND SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority
(1) sql: --> SELECT groupname FROM radusergroup WHERE username = 'test(a)test.de' ORDER BY priority
(1) sql: Executing select query: SELECT groupname FROM radusergroup WHERE username = 'test(a)test.de' ORDER BY priority
(1) sql: User not found in any groups
rlm_sql (sql): Released connection (1)
Need 4 more connections to reach 10 spares
rlm_sql (sql): Opening additional connection (6), 1 of 26 pending slots used
rlm_sql_mysql: Starting connect to MySQL server
rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX socket, server version 10.1.34-MariaDB, protocol version 10
(1) [sql] = ok
(1) [expiration] = noop
(1) [logintime] = noop
(1) pap: WARNING: Auth-Type already set. Not setting to PAP
(1) [pap] = noop
(1) } # authorize = updated
(1) Found Auth-Type = eap
(1) # Executing group from file /etc/raddb/sites-enabled/default
(1) authenticate {
(1) eap: Expiring EAP session with state 0x63be32f863bc36b8
(1) eap: Finished EAP session with state 0x63be32f863bc36b8
(1) eap: Previous EAP request found for state 0x63be32f863bc36b8, released from the list
(1) eap: Peer sent packet with method EAP NAK (3)
(1) eap: Found mutually acceptable type TLS (13)
(1) eap: Calling submodule eap_tls to process data
(1) eap_tls: Initiating new EAP-TLS session
(1) eap_tls: Setting verify mode to require certificate from client
(1) eap_tls: [eaptls start] = request
(1) eap: Sending EAP Request (code 1) ID 3 length 6
(1) eap: EAP session adding &reply:State = 0x63be32f862bd3fb8
(1) [eap] = handled
(1) } # authenticate = handled
(1) Using Post-Auth-Type Challenge
(1) # Executing group from file /etc/raddb/sites-enabled/default
(1) Challenge { ... } # empty sub-section is ignored
(1) Sent Access-Challenge Id 197 from 10.1.22.139:1812 to 10.1.17.213:5001 length 0
(1) Framed-Protocol = PPP
(1) Framed-Compression = Van-Jacobson-TCP-IP
(1) EAP-Message = 0x010300060d20
(1) Message-Authenticator = 0x00000000000000000000000000000000
(1) State = 0x63be32f862bd3fb887ed5f2ce5677eca
(1) Finished request
Waking up in 4.9 seconds.
(2) Received Access-Request Id 198 from 10.1.17.213:5001 to 10.1.22.139:1812 length 138
(2) User-Name = "test(a)test.de"
(2) EAP-Message = 0x020300060300
(2) Message-Authenticator = 0x0b0a97867abe67deb94d4bb3660e2adb
(2) NAS-IP-Address = 10.1.17.213
(2) NAS-Identifier = "002257bfc602"
(2) NAS-Port = 16842753
(2) NAS-Port-Type = Ethernet
(2) Service-Type = Framed-User
(2) Framed-Protocol = PPP
(2) Calling-Station-Id = "00d0-8916-a51c"
(2) State = 0x63be32f862bd3fb887ed5f2ce5677eca
(2) session-state: No cached attributes
(2) # Executing section authorize from file /etc/raddb/sites-enabled/default
(2) authorize {
(2) policy filter_username {
(2) if (&User-Name) {
(2) if (&User-Name) -> TRUE
(2) if (&User-Name) {
(2) if (&User-Name =~ / /) {
(2) if (&User-Name =~ / /) -> FALSE
(2) if (&User-Name =~ /@[^@]*@/ ) {
(2) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(2) if (&User-Name =~ /\.\./ ) {
(2) if (&User-Name =~ /\.\./ ) -> FALSE
(2) if ((&User-Name =~ /@/) && (&User-Name !~ /(a)(.+)\.(.+)$/)) {
(2) if ((&User-Name =~ /@/) && (&User-Name !~ /(a)(.+)\.(.+)$/)) -> FALSE
(2) if (&User-Name =~ /\.$/) {
(2) if (&User-Name =~ /\.$/) -> FALSE
(2) if (&User-Name =~ /(a)\./) {
(2) if (&User-Name =~ /(a)\./) -> FALSE
(2) } # if (&User-Name) = notfound
(2) } # policy filter_username = notfound
(2) [preprocess] = ok
(2) [chap] = noop
(2) [mschap] = noop
(2) [digest] = noop
(2) suffix: Checking for suffix after "@"
(2) suffix: Looking up realm "test.de" for User-Name = "test(a)test.de"
(2) suffix: No such realm "test.de"
(2) [suffix] = noop
(2) eap: Peer sent EAP Response (code 2) ID 3 length 6
(2) eap: No EAP Start, assuming it's an on-going EAP conversation
(2) [eap] = updated
(2) files: users: Matched entry DEFAULT at line 181
(2) [files] = ok
(2) sql: EXPAND %{User-Name}
(2) sql: --> test(a)test.de
(2) sql: SQL-User-Name set to 'test(a)test.de'
rlm_sql (sql): Reserved connection (2)
(2) sql: EXPAND SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id
(2) sql: --> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'test(a)test.de' ORDER BY id
(2) sql: Executing select query: SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'test(a)test.de' ORDER BY id
(2) sql: User found in radcheck table
(2) sql: Conditional check items matched, merging assignment check items
(2) sql: Cleartext-Password := "test"
(2) sql: EXPAND SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id
(2) sql: --> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'test(a)test.de' ORDER BY id
(2) sql: Executing select query: SELECT id, username, attribute, value, op FROM radreply WHERE username = 'test(a)test.de' ORDER BY id
(2) sql: EXPAND SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority
(2) sql: --> SELECT groupname FROM radusergroup WHERE username = 'test(a)test.de' ORDER BY priority
(2) sql: Executing select query: SELECT groupname FROM radusergroup WHERE username = 'test(a)test.de' ORDER BY priority
(2) sql: User not found in any groups
rlm_sql (sql): Released connection (2)
(2) [sql] = ok
(2) [expiration] = noop
(2) [logintime] = noop
(2) pap: WARNING: Auth-Type already set. Not setting to PAP
(2) [pap] = noop
(2) } # authorize = updated
(2) Found Auth-Type = eap
(2) # Executing group from file /etc/raddb/sites-enabled/default
(2) authenticate {
(2) eap: Expiring EAP session with state 0x63be32f862bd3fb8
(2) eap: Finished EAP session with state 0x63be32f862bd3fb8
(2) eap: Previous EAP request found for state 0x63be32f862bd3fb8, released from the list
(2) eap: Peer sent packet with method EAP NAK (3)
(2) eap: Peer NAK'd indicating it is not willing to continue
(2) eap: Sending EAP Failure (code 4) ID 3 length 4
(2) eap: Failed in EAP select
(2) [eap] = invalid
(2) } # authenticate = invalid
(2) Failed to authenticate the user
(2) Using Post-Auth-Type Reject
(2) # Executing group from file /etc/raddb/sites-enabled/default
(2) Post-Auth-Type REJECT {
(2) sql: EXPAND .query
(2) sql: --> .query
(2) sql: Using query template 'query'
rlm_sql (sql): Reserved connection (3)
(2) sql: EXPAND %{User-Name}
(2) sql: --> test(a)test.de
(2) sql: SQL-User-Name set to 'test(a)test.de'
(2) sql: EXPAND INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{SQL-User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S')
(2) sql: --> INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'test(a)test.de', '', 'Access-Reject', '2018-06-29 15:23:47.268150')
(2) sql: Executing query: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'test(a)test.de', '', 'Access-Reject', '2018-06-29 15:23:47.268150')
(2) sql: SQL query returned: success
(2) sql: 1 record(s) updated
rlm_sql (sql): Released connection (3)
(2) [sql] = ok
(2) attr_filter.access_reject: EXPAND %{User-Name}
(2) attr_filter.access_reject: --> test(a)test.de
(2) attr_filter.access_reject: Matched entry DEFAULT at line 11
(2) [attr_filter.access_reject] = updated
(2) [eap] = noop
(2) policy remove_reply_message_if_eap {
(2) if (&reply:EAP-Message && &reply:Reply-Message) {
(2) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
(2) else {
(2) [noop] = noop
(2) } # else = noop
(2) } # policy remove_reply_message_if_eap = noop
(2) } # Post-Auth-Type REJECT = updated
(2) Delaying response for 1.000000 seconds
Waking up in 0.3 seconds.
Waking up in 0.6 seconds.
(2) Sending delayed response
(2) Sent Access-Reject Id 198 from 10.1.22.139:1812 to 10.1.17.213:5001 length 44
(2) EAP-Message = 0x04030004
(2) Message-Authenticator = 0x00000000000000000000000000000000
Waking up in 3.8 seconds.
(0) Cleaning up request packet ID 196 with timestamp +2
(1) Cleaning up request packet ID 197 with timestamp +2
Waking up in 0.1 seconds.
(2) Cleaning up request packet ID 198 with timestamp +2
Ready to process requests
Mit freundlichen Grüßen I With best regards
Niklas Klein
Testengineer
Research & Development
GEUTEBRÜCK GmbH
Telefon +49 2645 137-722
Fax +49 2645 137-999
Mobil
niklas.klein(a)geutebrueck.com<mailto:niklas.klein@geutebrueck.com><mailto:%20name.nachname@geutebrueck.com>
www.geutebrueck.com<https://www.geutebrueck.com/>
[cid:twitter-with-circle_9a242334-fa02-4a91-996d-312ca4ec2004.png] <https://twitter.com/geutebruck/?ref=MF0814> [cid:youtube-with-circle_e5a3a3bd-2aee-463e-a4a7-0b68323eb775.png] <https://www.youtube.com/channel/UCEhjAeu55-1CZO4SRNgqcNQ/> [cid:linkedin-with-circle_ee6ebcac-cd2e-4ce4-807c-435f6a5e43cc.png] <https://www.linkedin.com/company/geutebr-ck-gmbh?trk=company_logo> [cid:xing-with-circle_ff285450-39be-4390-b2cb-8f86d17d327e.png] <https://www.xing.com/companies/geutebr?¼ckgmbh>
GEUTEBRÜCK GmbH ? Im Nassen 7-9 ? 53578 Windhagen
Geschäftsführer: Katharina Geutebrück, Christoph Hoffmann ? UST-Ident-Nr.: DE813443473 ? Handelsregister: HRB 14475 Montabaur
Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser Mail ist nicht gestattet. Weder die Geutebrück GmbH noch der Absender (Niklas Klein) übernehmen die Haftung für Viren; es obliegt Ihrer Verantwortung, die E-Mail und deren Anhänge auf Viren zu prüfen.
________________________________
GEUTEBRÜCK GmbH ? Im Nassen 7-9 ? 53578 Windhagen ? Germany
CEO: Katharina Geutebrück, Christoph Hoffmann ? VAT No: DE813443473 ? Traderegister: HRB 14475 Montabaur
This e-mail contains confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorised copying, disclosure or distribution of the material in this e-mail is strictly forbidden. Neither the Geutebrück GmbH nor the sender (Niklas Klein) accepts any liability for viruses; it is your responsibility to check the e-mail and their attachments for viruses.
5
9
Recently strongswan folks changed behavior of charon regarding dhcp.
https://lists.strongswan.org/pipermail//dev/2018-June/001918.html
side effect is, that freeradius refuses to start when charon is
working.
According to link SO_REUSEADDR on dhcp server socket should be enough,
I roughly tested it (shamelessly copy
#v+
{
int on = 1;
if (setsockopt(this->fd, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on)) < 0) {
close(this->fd);
ERROR("Failed to reuse address: %s", fr_syserror(errno));
return -1;
}
}
#v-
in listen.c )
and it seem to work, although is rather ugly solution.
I do not know if strongswan people are right but if so, maybe it would
be good idea to put SO_REUSEADDR for dhcp listener?
KJ
--
http://wolnelektury.pl/wesprzyj/teraz/
DYSLEXICS OF THE WORLD, UNTIE!
2
2
Please keep replies on-list.
On 12 July 2018 09:50:10 BST, Mallikarjuna Peddappanavara Karibasappa <mallikarjuna.peddappanavara(a)igrid-td.com> wrote:
>in the both the case shared secret is same.
You're either editing the wrong config files, or using the wrong config setting in the file.
The only way you are getting what you are seeing is because the secret is different.
>radius_server "radius_server1" {
...
>share_secret "testing123"
That doesn't look right. shared?
--
Matthew
4
8
Hello everyone.
I'm using freeradius-3.0.15 on ubuntu 16.04.
I manage one SSID with WPA2-Enterprise based on certificates.
My idea is to issue user certificates signed by different CAs, then user to
vlan based on an user certificate issuer.
I use default server with eap module that requests check-eap-tls site to
check TLS-Client-Cert-Issuer attribute.
Also I changed /etc/freeradius/mods-config/files/authorize to reflect vlan
id depending on issuer.
Tell me please is it right thinking and is it possible at all?
Earlier I tried to create two eap modules but no success yet.
--
Best regards, Alex Morozenko
2
1
Hi
Currently we have a Freeradius server setup for 802.1X auth (against Active
Directory) for our wifi as well as an Internet content filter that does SSL
inspections and so requires an install of the SSL certificate.
As we are predominately BYOD, certificate deployment can become tricky at
best, not so much on the radius wifi side but on the content filter side as
sometimes the user misses the step to install the content filter
certificate.
Apart from MDM solutions or captive portal solutions, could I perhaps
somehow get FreeRadius server to check for the additional certificate and
if it is not there, prompt to install the certificate. My thinking is to
get all the certificates installed during the initial signup to the wifi.
I am open to suggestions if there are alternatives.
- Kind Regards
- Byron Jeffery
2
1
Radius packet proxy to relam by seen the attribute if only that attribute matches
by Nimesha Balasuriya 13 Jul '18
by Nimesha Balasuriya 13 Jul '18
13 Jul '18
Hi all,
I want to proxy only the radius packets which has attribute and value as
Ruckus-SSID = " Broadband" to relam -> test1.
I put below command in acct_user file.
DEFAULT Ruckus-SSID =~ "Broadband", Proxy-To-Realm := test1
But its not working. Kindly assist. If there is another way please mention.
Thank You !
Best Regards,
Nimesha
2
1
13 Jul '18
I've been trialing eap-tls for users for quite a while. Unfortunately
our security people insisted that in addition to eap-tls I had to
check that the associated users AD account was also enabled. In
clearpass ( on site authentication service) this is a simple thing to
do.
So on campus a user can use eap-tls on their client providing their AD
account is enabled. If account enabled Access-Accept, if not
Access-Reject.
However, our external facing RADIUS servers are FR 3.0.17 boxes acting
as our ORPS systems. Inbound from the outside world EAP-TLS requests
get handled by freeradius which then performs an OCSP validation
request.
This all works except for the fact I'm not checking for an enabled AD
account. FR is configured to use winbindd. The TLS cert CN is of the
form <userid>-<4digit hex number>@york.ac.uk
Is there any way of me checking for an enabled AD account? e.g.
ntlm_auth using userid component of the CN and checking a status
response ? or another way ?
Rgs
Alex
3
2
Hello,
is it possible to see what password a module is forwarding to an application?
I have the problem that I run freeradius with an external OTP Software (LinOTP) via a rlm_perl module.
When I try to authenticate from a Cisco ASA with Anyconnect the authentication fails if there is a backslash in the username.
If I try to authenticate directly agauinst the OTP Software it works with the backslash.
In the radius -X log is see the password with escaped backslash:
[pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.
++[pap] = noop
+} # group authorize = ok
Found Auth-Type = perl
# Executing group from file /etc/freeradius/sites-enabled/linotp
+group authenticate {
rlm_perl: Config File /etc/linotp2/rlm_perl.ini found!
rlm_perl: Default URL https://linotpserver/validate/simplecheck
rlm_perl: RAD_REQUEST: Called-Station-Id = y.y.y.y
rlm_perl: RAD_REQUEST: Vendor-3076-Attr-146 = 0x4d55435f48515f53706c6974496e7465726e65745f324641
rlm_perl: RAD_REQUEST: Cisco-AVPair = ARRAY(0x1607ff0)
rlm_perl: RAD_REQUEST: NAS-IP-Address = z.z.z.z
rlm_perl: RAD_REQUEST: Vendor-3076-Attr-150 = 0x00000002
rlm_perl: RAD_REQUEST: Tunnel-Client-Endpoint = x.x.x.x
rlm_perl: RAD_REQUEST: Calling-Station-Id = x.x.x.x
rlm_perl: RAD_REQUEST: User-Name = test-vpn
rlm_perl: RAD_REQUEST: NAS-Port-Type = Virtual
rlm_perl: RAD_REQUEST: User-Password = 123456a\\932684
rlm_perl: RAD_REQUEST: NAS-Port = 19587072
rlm_perl: Auth-Type: perl
rlm_perl: Url: https://172.28.8.190/validate/simplecheck
rlm_perl: User: test-vpn
rlm_perl: urlparam pass = 123456a\\932684
rlm_perl: urlparam realm = check24
rlm_perl: urlparam client = a.a.a.a.a
rlm_perl: urlparam user = test-vpn
rlm_perl: Content :-(
rlm_perl: return RLM_MODULE_REJECT
rlm_perl: Added pair Called-Station-Id = y.y.y.y.
rlm_perl: Added pair Vendor-3076-Attr-146 = 0x4d55435f48515f53706c6974496e7465726e65745f324641
rlm_perl: Added pair Cisco-AVPair = mdm-tlv=device-platform=android
rlm_perl: Added pair Cisco-AVPair = mdm-tlv=device-type=Xiaomi Mi A1
rlm_perl: Added pair Cisco-AVPair = mdm-tlv=device-mac=f4-f5-db-ea-66-e9
rlm_perl: Added pair Cisco-AVPair = mdm-tlv=device-platform-version=8.0.0
rlm_perl: Added pair Cisco-AVPair = mdm-tlv=device-phone-id=GSM:865181033404965
rlm_perl: Added pair Cisco-AVPair = mdm-tlv=ac-user-agent=AnyConnect Android 4.6.00143
rlm_perl: Added pair Cisco-AVPair = mdm-tlv=device-uid=48FE3052979F54499178B9B0CB4F940BFB462365F18920AA5D715718BCAF15E9
rlm_perl: Added pair Cisco-AVPair = audit-session-id=c0a80101012ae0005b4769b5
rlm_perl: Added pair Cisco-AVPair = ip:source-ip=x.x.x.x
rlm_perl: Added pair Cisco-AVPair = coa-push=true
rlm_perl: Added pair NAS-IP-Address = z.z.z.z.
rlm_perl: Added pair Vendor-3076-Attr-150 = 0x00000002
rlm_perl: Added pair Tunnel-Client-Endpoint = x.x.x.x
rlm_perl: Added pair Calling-Station-Id = x.x.x.x
rlm_perl: Added pair User-Name = test-vpn
rlm_perl: Added pair NAS-Port-Type = Virtual
rlm_perl: Added pair User-Password = 123456a\\932684
rlm_perl: Added pair NAS-Port = 19587072
rlm_perl: Added pair Reply-Message = LinOTP server denied access!
rlm_perl: Added pair Auth-Type = perl
++[perl] = reject
+} # group authenticate = reject
Failed to authenticate the user.
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.7 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 142 to z.z.z.z. port 54015
Reply-Message = "LinOTP server denied access!"
Waking up in 4.9 seconds.
Cleaning up request 0 ID 142 with timestamp +46
Ready to process requests.
rlm_perl: Added pair User-Name = test-vpn
rlm_perl: Added pair NAS-Port-Type = Virtual
rlm_perl: Added pair User-Password = 123456a\\932684
rlm_perl: Added pair NAS-Port = 19587072
rlm_perl: Added pair Reply-Message = LinOTP server denied access!
rlm_perl: Added pair Auth-Type = perl
++[perl] = reject
+} # group authenticate = reject
Failed to authenticate the user.
Is there a way to see if freeradius sends the password with 2 backslashes?
Bernhard Knoll
2
2