Freeradius-Users
Threads by month
- ----- 2026 -----
- July
- June
- May
- April
- March
- February
- January
- ----- 2025 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2024 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2005 -----
- December
- November
- October
- September
- August
- July
- June
- May
- 11 participants
- 27047 discussions
Dear All,
I'm authenticating the user in freeradius from nginx webserver, Here I
need to specify the user roles for particular users so that while
authenticating the user I can give either readOnly option or readWrite
option.
I've specified username and password in *users *file of freeradius.
Best Regards,
Logo <http://www.igrid-td.in/>
Mallikarjuna P K
*+91 9535744695*
mallikarjuna.peddappanavara(a)igrid-td.com
<mailto:mallikarjuna.peddappanavara@igrid-td.com>
iGrid India Private Limited
Nagarbhavi 2nd stage, Annapoorneshwari Nagar
No. 243, R.H.C.S Layout, 4th Cross
560091, Bangalore
www.igrid-td.in <http://www.igrid-td.com>
LEGAL NOTICE: This message and any attachments are confidential and are
intended only for the addressee. If you are not the intended recipient,
you are hereby notified that any use, dissemination and / or
unauthorized copying is prohibited by applicable law. If you have
received this email in error, please notify us immediately via email or
phone, described above, and kindly delete it from your system.
PERSONAL DATA PROTECTION INFO
According to the General Data Protection Regulation (UE) 2016/679,
regarding your personal data management, we inform you:
Data Controller: IGRID, S.L., C/ MARIE CURIE, 8-14, 08042, BARCELONA
(BARCELONA).
Purpose: Sending info and answering your questions and inquiries as long
our relationship is going on and we have your consent.
Lawful basis for processing: Performance of a contract or data subject's
consent.
Data disclosure. Your personal data will not be disclosed unless forced
by law.
Rights. You have right of access, right to rectification, right to
erasure and data portability, and right to restriction of processing,
writing a letter accompanied by a copy of an official document
evidencing your identity to the Data Controller. You have also the right
to logde a complaint with a Supervisory Authority (Spanish Supervisory
Authority is Agencia Española de Protección de Datos).
More info. Please visit the legal notice (Aviso Legal) in our website.
INFORMACION SOBRE PROTECCION Y TRATAMIENTO DE DATOS PERSONALES:
Este mensaje y los archivos adjuntos son confidenciales y se dirigen
exclusivamente a su destinatario. Si no es usted el destinatario
indicado, queda notificado de que la utilización, divulgación y/o copia
sin autorización está prohibida en virtud de la legislación vigente. Si
usted ha recibido este correo por error, por favor avísenos
inmediatamente a través de correo electrónico o por teléfono, descritos
en la parte superior, y tenga la amabilidad de eliminarlo de su sistema.
En cumplimiento del REGLAMENTO (UE) 2016/679, y en relación al
tratamiento de sus datos personales, le informamos de lo siguiente:
Responsable: El responsable del tratamiento es IGRID, S.L., C/ MARIE
CURIE, 8-14, 08042, BARCELONA (BARCELONA).
Finalidad: Envío de información, respuesta a sus consultas y peticiones,
mientras dure nuestra relación y tengamos su consentimiento.
Legitimación: Ejecución de contrato o consentimiento del interesado.
Destinatarios: No se cederán datos a terceros salvo obligación legal.
Derechos: Puede ejercer los derechos de acceso, rectificación, supresión
y portabilidad de sus datos, y la limitación u oposición al tratamiento
mediante escrito acompañado de copia de documento oficial que le
identifique, dirigido al Responsable del tratamiento. En caso de
disconformidad con el tratamiento, también tiene derecho a presentar una
reclamación ante la Agencia Española de Protección de Datos.
Más información: Consulte el aviso legal de nuestra web.
2
1
I got the authentication working. I enrolled the radius server in IPA and
created the service. Then on the radius server I got the key tab with the
ipa-getkeytab command and the ticket with kinit. Everything works fine for
24 hours, which is the time when the ticket expires, then I have to reissue
the aforementioned commands to get the service working again. Any ideas on
how to fix this?.
Thanks.-
2
4
19 Jul '18
Dear Alan,
Finally after so much of struggle I've resolved the issue with help of you.
Thank you very much for your great support and for your valuable time.
Thank you,
Best Regards,*Mallikarjuna PK*Email: mallikarjuna.peddappanavara(a)igrid-td.com
Mobile: +91-9535744695
On 18 July 2018 at 12:11, Alan Buxey <alan.buxey(a)gmail.com> wrote:
> hi,
>
> as already said, if the raddb directory was empty, the nginx -t should
> print warning - the plugin needs dictionary files.
>
> your issue is an incorrect shared secret - as said previously, you've
> probably edited the files in a wierd way which has introduced
> interesting characters.
>
> but as your system isnt even behaving normally I would suggest that
> several random, local and unique to you factors are at play.
>
>
> so, start from the beginning (and use standard/correct text editors for
> editing configuration files)
>
>
> alan
>
1
0
Hello,
I've got a standard configuration of FreeRadius + OpenVPN + IPsec .
Everything works good except of traffic accounting for OpenVPN . Some
TCP\UDP sessions has no problems with accounting but some has no any data
about Acct-Input-Octets and Acct-Output-Octets
Example:
/var/log/radius/radacct/IP_address/detail-20180719
Thu Jul 19 12:20:08 2018
User-Name = "******(a)gmail.com"
NAS-IP-Address = ***********
NAS-Port = 2
Service-Type = Outbound-User
Framed-Protocol = PPP
Framed-IP-Address = 10.0.3.10
Calling-Station-Id = "***********"
NAS-Identifier = "OpenVpn"
Acct-Status-Type = Stop
Acct-Input-Octets = 0
Acct-Output-Octets = 0
Acct-Session-Id = "40B889944DEC6DA1C2905D0CC5EE9D08"
Acct-Session-Time = 32
Acct-Input-Gigawords = 0
Acct-Output-Gigawords = 0
NAS-Port-Type = Virtual
Acct-Unique-Session-Id = "6ae1bb07105d7ebb"
Timestamp = 1531995608
There are no errors in logs on OpenVPN server and FreeRadius server. Just
50/50 no traffic information come to freeradius server (looks like).
Maybe someone have any suggestions what to check and how to fix this
problem? I'm ready to provide any logs or configs for further proceedings .
Best regards
2
4
Dear All,
I hope you are doing great.
I am new to Freeradius. I have some questions.
Is it possible to see the current logged in users?
i have used the command radwho but i get the following answer:
radwho: No configuration information in radutmp section of radiusd.conf!
And
Is there a possibility that, suppose a user is authenticated and is logged
in on Mikrotik and the RADIUS gets unreachable - is there any chance that
the radius asks the NAS to give the user's accounting details.
What I want to achieve is,
I logged in and used the total limit and my reset time was 1 day.
Now when the Radius was disconnected, Radius didnt receive the info of my
total usage. What happens is, I am again able to login to and use the data.
This is one scenario. I want to achieve complete accounting data after
reconnecting. Any help on that ?
Regards,
Safiullah Tariq
PRIVILEGED AND CONFIDENTIAL INFORMATION: This e-mail and attachments, if
any, may contain confidential and/or proprietary information. Please be
advised that the unauthorized use or disclosure of the information is
strictly prohibited. The information herein is intended only for use by the
intended recipient(s) named above. If you have received this transmission
in error, please notify the sender immediately and permanently delete the
e-mail and any copies, printouts or attachments thereof.
2
1
* Can I tell the users origin once we get into post-auth, or do I need to use a custom attribute?
If a user comes from the users file, I want to apply some different policy - the only distinguishing feature the users I want to manipulate have is that they're stored in the users file rather than AD.
* Can I prevent a status-server acknowledgment being sent?
I want to run "wbinfo -t", and drop the status-server request if the command does not execute successfully - is that supported?
Adam Bishop
gpg: E75B 1F92 6407 DFDF 9F1C BF10 C993 2504 6609 D460
jisc.ac.uk
Jisc is a registered charity (number 1149740) and a company limited by guarantee which is registered in England under Company No. 5747339, VAT No. GB 197 0632 86. Jisc’s registered office is: One Castlepark, Tower Hill, Bristol, BS2 0JA. T 0203 697 5800.
Jisc Services Limited is a wholly owned Jisc subsidiary and a company limited by guarantee which is registered in England under company number 2881024, VAT number GB 197 0632 86. The registered office is: One Castle Park, Tower Hill, Bristol BS2 0JA. T 0203 697 5800.
2
3
Hi all,
We are in the process of migrating Freeradius in our production environment. The current version is way too old (running on Red Hat 3! seems like nobody really wanted to do the upgrade). Anyway, I finally managed to make authentication work. But I still have a problem. It looks like the client's device doesn't "receive" the Class attribute on the login process, even though I see it in the logs. You will see in the logs below that all LDAP attributes are passed on login. The only difference is that the Class attribute is in hexadecimal instead of text. From your expertise and knowhow, where could this error come from? Freeradius, Openldap or the client's device?
Thanks in advance. Here are the logs:
[Mon Jul 16 12:53:05 - root@flyers raddb]# radiusd -X
radiusd: FreeRADIUS Version 2.2.6, for host x86_64-redhat-linux-gnu, built on Jul 11 2017 at 04:40:14
Copyright (C) 1999-2013 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License.
For more information about these matters, see the file named COPYRIGHT.
Starting - reading configuration files ...
including configuration file /etc/raddb/radiusd.conf
including configuration file /etc/raddb/proxy.conf
including configuration file /etc/raddb/clients.conf
including files in directory /etc/raddb/modules/
including configuration file /etc/raddb/modules/replicate
including configuration file /etc/raddb/modules/always
including configuration file /etc/raddb/modules/radutmp
including configuration file /etc/raddb/modules/expiration
including configuration file /etc/raddb/modules/perl
including configuration file /etc/raddb/modules/digest
including configuration file /etc/raddb/modules/pam
including configuration file /etc/raddb/modules/attr_filter
including configuration file /etc/raddb/modules/counter
including configuration file /etc/raddb/modules/policy
including configuration file /etc/raddb/modules/sqlcounter_expire_on_login
including configuration file /etc/raddb/modules/wimax
including configuration file /etc/raddb/modules/ldap
including configuration file /etc/raddb/modules/linelog
including configuration file /etc/raddb/modules/cache
including configuration file /etc/raddb/modules/realm
including configuration file /etc/raddb/modules/detail.example.com
including configuration file /etc/raddb/modules/mac2vlan
including configuration file /etc/raddb/modules/sql_log
including configuration file /etc/raddb/modules/passwd
including configuration file /etc/raddb/modules/cui
including configuration file /etc/raddb/modules/preprocess
including configuration file /etc/raddb/modules/inner-eap
including configuration file /etc/raddb/modules/detail.log
including configuration file /etc/raddb/modules/chap
including configuration file /etc/raddb/modules/detail
including configuration file /etc/raddb/modules/exec
including configuration file /etc/raddb/modules/rediswho
including configuration file /etc/raddb/modules/otp
including configuration file /etc/raddb/modules/opendirectory
including configuration file /etc/raddb/modules/ippool
including configuration file /etc/raddb/modules/etc_group
including configuration file /etc/raddb/modules/echo
including configuration file /etc/raddb/modules/redis
including configuration file /etc/raddb/modules/ntlm_auth
including configuration file /etc/raddb/modules/dhcp_sqlippool
including configuration file /etc/raddb/modules/radrelay
including configuration file /etc/raddb/modules/attr_rewrite
including configuration file /etc/raddb/modules/dynamic_clients
including configuration file /etc/raddb/modules/checkval
including configuration file /etc/raddb/modules/smsotp
including configuration file /etc/raddb/modules/expr
including configuration file /etc/raddb/modules/mac2ip
including configuration file /etc/raddb/modules/logintime
including configuration file /etc/raddb/modules/files
including configuration file /etc/raddb/modules/smbpasswd
including configuration file /etc/raddb/modules/mschap
including configuration file /etc/raddb/modules/acct_unique
including configuration file /etc/raddb/modules/unix
including configuration file /etc/raddb/modules/pap
including configuration file /etc/raddb/modules/sradutmp
including configuration file /etc/raddb/modules/soh
including configuration file /etc/raddb/eap.conf
including configuration file /etc/raddb/policy.conf
including files in directory /etc/raddb/sites-enabled/
including configuration file /etc/raddb/sites-enabled/default
including configuration file /etc/raddb/sites-enabled/control-socket
including configuration file /etc/raddb/sites-enabled/inner-tunnel
main {
user = "radiusd"
group = "radiusd"
allow_core_dumps = no
}
including dictionary file /etc/raddb/dictionary
main {
name = "radiusd"
prefix = "/usr"
localstatedir = "/var"
sbindir = "/usr/sbin"
logdir = "/var/log/radius"
run_dir = "/var/run/radiusd"
libdir = "/usr/lib64/freeradius"
radacctdir = "/var/log/radius/radacct"
hostname_lookups = no
max_request_time = 30
cleanup_delay = 5
max_requests = 1024
pidfile = "/var/run/radiusd/radiusd.pid"
checkrad = "/usr/sbin/checkrad"
debug_level = 0
proxy_requests = yes
log {
stripped_names = no
auth = no
auth_badpass = no
auth_goodpass = no
}
security {
max_attributes = 200
reject_delay = 1
status_server = yes
}
}
radiusd: #### Loading Realms and Home Servers ####
proxy server {
retry_delay = 5
retry_count = 3
default_fallback = yes
dead_time = 300
wake_all_if_all_dead = no
}
realm contivity {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm bce-intranetprod.bce {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm bce-mediaprod.bce {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm bce-gestionprod.bce {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm bce-caissesprod.bce {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm bce-appprod.bce {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm bce-privprod.bce {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm bce-pubprod.bce {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm bce-extranetprod.bce {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm bce-stadprod.bce {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm ogr-gestionprod.bce {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm srv-gestionprod.bce {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm stadprod.dsd {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm ssl3050 {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm intranetprod.dsd {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm ssl-teleacces.fcdq {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm ssl-notes.fcdq {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm bce-fidprod.bce {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm isb-intranetprod.fcdq {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm bce-gestionpe.bce {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm mobilite-cfe.fcdq {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm devmobilite-cfe.fcdq {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm ssl-admin.bell {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm intranetprod.fcdq {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm gestionprod.fcdq {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm caissesprod.fcdq {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm appprod.fcdq {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm privprod.fcdq {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm appprod-siebel.fcdq {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm stadprod.fcdq {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm caissesdev.fcdq {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm intranetdev.fcdq {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm privdev.fcdq {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm gestiondev.fcdq {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm fidprod.fcdq {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm devmobilite-caissesuni.fcdq {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm appval-siebel.fcdq {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm appdev.fcdq {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm appprod-crypto.fcdq {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm ssl-oper {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm sniffer {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm mobilite-caisses.fcdq {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm devmobilite-caisses.fcdq {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm intranetprod.ccd {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm appval-releve.fcdq {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm appprod.fcpa {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm appprod.fidvisa {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm appprod.scd {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm appprod01.scd {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm gestionpe.scd {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm gestionprod.ccd {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm intranetcdc.cdc {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm intranetprod.altel {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm intranetprod.ce {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm intranetprod.sped {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm privprod.fcpa {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm privprod.sirius {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm stadprod.cad {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm caissesprod1.fcdq {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm appprod.vmd {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm privprod-google.fcdq {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm supportoracle.fcdq {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm gestionval.fcdq {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm appprod02.fcdq {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm gestionprod-ddcsc.fcdq {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm ibmaccess {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm intranetprod-t.fcdq {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm xentrax-stadprod.bce {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm xentrax-intranetprod.bce {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm bell01-stadprod.bce {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm appprod03.fcdq {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm css.fcdq {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm gestion.hds {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm appprod04.fcdq {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm rr.partenaires {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm privprod.panagon {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm byoc.prod {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm ccc.prod {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm support-ddtcpc.fcdq {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm intranetprod.dcr {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm meplus.ccd {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm campus.jacada {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm support-ddcsc.fcdq {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm support.controles.ac {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm contivity {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm contivity
realm bce-intranetprod.bce {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm bce-intranetprod.bce
realm bce-mediaprod.bce {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm bce-mediaprod.bce
realm bce-gestionprod.bce {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm bce-gestionprod.bce
realm bce-caissesprod.bce {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm bce-caissesprod.bce
realm bce-appprod.bce {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm bce-appprod.bce
realm bce-privprod.bce {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm bce-privprod.bce
realm bce-pubprod.bce {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm bce-pubprod.bce
realm bce-extranetprod.bce {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm bce-extranetprod.bce
realm bce-stadprod.bce {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm bce-stadprod.bce
realm ogr-gestionprod.bce {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm ogr-gestionprod.bce
realm srv-gestionprod.bce {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm srv-gestionprod.bce
realm stadprod.dsd {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm stadprod.dsd
realm intranetprod.dsd {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm intranetprod.dsd
realm ssl3050 {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm ssl3050
realm ssl-teleacces.fcdq {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm ssl-teleacces.fcdq
realm ssl-notes.fcdq {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm ssl-notes.fcdq
realm bce-fidprod.bce {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm bce-fidprod.bce
realm isb-intranetprod.fcdq {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm isb-intranetprod.fcdq
realm bce-gestionpe.bce {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm bce-gestionpe.bce
realm mobilite-cfe.fcdq {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm mobilite-cfe.fcdq
realm devmobilite-cfe.fcdq {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm devmobilite-cfe.fcdq
realm ssl-admin.bell {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm ssl-admin.bell
realm ssl-oper {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm ssl-oper
realm intranetprod.fcdq {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm intranetprod.fcdq
realm gestionprod.fcdq {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm gestionprod.fcdq
realm caissesprod.fcdq {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm caissesprod.fcdq
realm appprod.fcdq {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm appprod.fcdq
realm privprod.fcdq {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm privprod.fcdq
realm appprod-siebel.fcdq {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm appprod-siebel.fcdq
realm stadprod.fcdq {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm stadprod.fcdq
realm caissesdev.fcdq {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm caissesdev.fcdq
realm intranetdev.fcdq {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm intranetdev.fcdq
realm privdev.fcdq {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm privdev.fcdq
realm gestiondev.fcdq {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm gestiondev.fcdq
realm fidprod.fcdq {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm fidprod.fcdq
realm devmobilite-caissesuni.fcdq {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm devmobilite-caissesuni.fcdq
realm appval-siebel.fcdq {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm appval-siebel.fcdq
realm privprod-at.fcdq {
authhost = 10.104.x.x:1645
secret = xxxxxxx
}
realm privprod-at.fcdq {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm privprod-at.fcdq
realm appdev.fcdq {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm appdev.fcdq
realm appprod-crypto.fcdq {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm appprod-crypto.fcdq
realm mobilite-caisses.fcdq {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm mobilite-caisses.fcdq
realm devmobilite-caisses.fcdq {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm devmobilite-caisses.fcdq
realm sniffer {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm sniffer
realm intranetprod.ccd {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm intranetprod.ccd
realm appval-releve.fcdq {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm appval-releve.fcdq
realm appprod.fcpa {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm appprod.fcpa
realm appprod.fidvisa {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm appprod.fidvisa
realm appprod.scd {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm appprod.scd
realm appprod01.scd {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm appprod01.scd
realm gestionpe.scd {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm gestionpe.scd
realm gestionprod.ccd {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm gestionprod.ccd
realm intranetcdc.cdc {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm intranetcdc.cdc
realm intranetprod.altel {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm intranetprod.altel
realm intranetprod.ce {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm intranetprod.ce
realm intranetprod.sped {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm intranetprod.sped
realm privprod.fcpa {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm privprod.fcpa
realm privprod.sirius {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm privprod.sirius
realm stadprod.cad {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm stadprod.cad
realm caissesprod1.fcdq {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm caissesprod1.fcdq
realm appprod.vmd {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm appprod.vmd
realm privprod-google.fcdq {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm privprod-google.fcdq
realm supportoracle.fcdq {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm supportoracle.fcdq
realm gestionval.fcdq {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm gestionval.fcdq
realm appprod02.fcdq {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm appprod02.fcdq
realm gestionprod-ddcsc.fcdq {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm gestionprod-ddcsc.fcdq
realm ibmaccess {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm ibmaccess
realm intranetprod-t.fcdq {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm intranetprod-t.fcdq
realm xentrax-stadprod.bce {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm xentrax-stadprod.bce
realm xentrax-intranetprod.bce {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm xentrax-intranetprod.bce
realm bell01-stadprod.bce {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm bell01-stadprod.bce
realm appprod03.fcdq {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm appprod03.fcdq
realm css.fcdq {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm css.fcdq
realm gestion.hds {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm gestion.hds
realm appprod04.fcdq {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm appprod04.fcdq
realm rr.partenaires {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm rr.partenaires
realm privprod.panagon {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm privprod.panagon
realm byoc.prod {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm byoc.prod
realm ccc.prod {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm ccc.prod
realm support-ddtcpc.fcdq {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm support-ddtcpc.fcdq
realm intranetprod.dcr {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm intranetprod.dcr
realm meplus.ccd {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm meplus.ccd
realm campus.jacada {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm campus.jacada
realm support-ddcsc.fcdq {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm support-ddcsc.fcdq
realm support.controles.ac {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm support.controles.ac
realm contivity {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm contivity
realm bce-intranetprod.bce {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm bce-intranetprod.bce
realm bce-mediaprod.bce {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm bce-mediaprod.bce
realm bce-gestionprod.bce {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm bce-gestionprod.bce
realm bce-caissesprod.bce {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm bce-caissesprod.bce
realm bce-appprod.bce {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm bce-appprod.bce
realm bce-privprod.bce {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm bce-privprod.bce
realm bce-pubprod.bce {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm bce-pubprod.bce
realm bce-extranetprod.bce {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm bce-extranetprod.bce
realm bce-stadprod.bce {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm bce-stadprod.bce
realm ogr-gestionprod.bce {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm ogr-gestionprod.bce
realm srv-gestionprod.bce {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm srv-gestionprod.bce
realm stadprod.dsd {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm stadprod.dsd
realm intranetprod.dsd {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm intranetprod.dsd
realm ssl3050 {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm ssl3050
realm ssl-teleacces.fcdq {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm ssl-teleacces.fcdq
realm ssl-notes.fcdq {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm ssl-notes.fcdq
realm bce-fidprod.bce {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm bce-fidprod.bce
realm isb-intranetprod.fcdq {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm isb-intranetprod.fcdq
realm bce-gestionpe.bce {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm bce-gestionpe.bce
realm mobilite-cfe.fcdq {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm mobilite-cfe.fcdq
realm devmobilite-cfe.fcdq {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm devmobilite-cfe.fcdq
realm ssl-admin.bell {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm ssl-admin.bell
realm intranetprod.fcdq {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm intranetprod.fcdq
realm gestionprod.fcdq {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm gestionprod.fcdq
realm caissesprod.fcdq {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm caissesprod.fcdq
realm appprod.fcdq {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm appprod.fcdq
realm privprod.fcdq {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm privprod.fcdq
realm appprod-siebel.fcdq {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm appprod-siebel.fcdq
realm stadprod.fcdq {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm stadprod.fcdq
realm caissesdev.fcdq {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm caissesdev.fcdq
realm intranetdev.fcdq {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm intranetdev.fcdq
realm privdev.fcdq {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm privdev.fcdq
realm gestiondev.fcdq {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm gestiondev.fcdq
realm fidprod.fcdq {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm fidprod.fcdq
realm devmobilite-caissesuni.fcdq {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm devmobilite-caissesuni.fcdq
realm appval-siebel.fcdq {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm appval-siebel.fcdq
realm appdev.fcdq {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm appdev.fcdq
realm appprod-crypto.fcdq {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm appprod-crypto.fcdq
realm ssl-oper {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm ssl-oper
realm sniffer {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm sniffer
realm mobilite-caisses.fcdq {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm mobilite-caisses.fcdq
realm devmobilite-caisses.fcdq {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm devmobilite-caisses.fcdq
realm intranetprod.ccd {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm intranetprod.ccd
realm appval-releve.fcdq {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm appval-releve.fcdq
realm appprod.fcpa {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm appprod.fcpa
realm appprod.fidvisa {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm appprod.fidvisa
realm appprod.scd {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm appprod.scd
realm appprod01.scd {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm appprod01.scd
realm gestionpe.scd {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm gestionpe.scd
realm gestionprod.ccd {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm gestionprod.ccd
realm intranetcdc.cdc {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm intranetcdc.cdc
realm intranetprod.altel {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm intranetprod.altel
realm intranetprod.ce {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm intranetprod.ce
realm intranetprod.sped {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm intranetprod.sped
realm privprod.fcpa {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm privprod.fcpa
realm privprod.sirius {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm privprod.sirius
realm stadprod.cad {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm stadprod.cad
realm caissesprod1.fcdq {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm caissesprod1.fcdq
realm appprod.vmd {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm appprod.vmd
realm privprod-google.fcdq {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm privprod-google.fcdq
realm supportoracle.fcdq {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm supportoracle.fcdq
realm gestionval.fcdq {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm gestionval.fcdq
realm appprod02.fcdq {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm appprod02.fcdq
realm gestionprod-ddcsc.fcdq {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm gestionprod-ddcsc.fcdq
realm ibmaccess {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm ibmaccess
realm intranetprod-t.fcdq {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm intranetprod-t.fcdq
realm xentrax-stadprod.bce {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm xentrax-stadprod.bce
realm xentrax-intranetprod.bce {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm xentrax-intranetprod.bce
realm bell01-stadprod.bce {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm bell01-stadprod.bce
realm appprod03.fcdq {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm appprod03.fcdq
realm css.fcdq {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm css.fcdq
realm gestion.hds {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm gestion.hds
realm appprod04.fcdq {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm appprod04.fcdq
realm rr.partenaires {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm rr.partenaires
realm privprod.panagon {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm privprod.panagon
realm byoc.prod {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm byoc.prod
realm ccc.prod {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm ccc.prod
realm support-ddtcpc.fcdq {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm support-ddtcpc.fcdq
realm intranetprod.dcr {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm intranetprod.dcr
realm meplus.ccd {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm meplus.ccd
realm campus.jacada {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm campus.jacada
realm support-ddcsc.fcdq {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm support-ddcsc.fcdq
realm support-ddcsc.fcdq {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm support-ddcsc.fcdq
realm bellmarchesaffaires.bma {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm css.dgag {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm css.dsf {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm css.vmd {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm gestionpe.fid {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm gestionprod.dgag {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm gestionprod.dsf {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm gestionprod.fid {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm gestionprod.vmd {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm gestionscd.prod {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm gestionseed.prod {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm gestionseed.uni {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm intranetdev.dgag {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm intranetdev.dsf {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm intranetdev.gmt {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm intranetdev.ib-arm {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm intranetdev-telip.fcdq {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm intranetprod.blackbox {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm intranetprod.dlgl {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm privprod.apisoft {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm prodgestion.ccd {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm bellmarchesaffaires.bma {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm bellmarchesaffaires.bma
realm css.dgag {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm css.dgag
realm css.dsf {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm css.dsf
realm css.vmd {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm css.vmd
realm gestionpe.fid {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm gestionpe.fid
realm gestionprod.dgag {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm gestionprod.dgag
realm gestionprod.dsf {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm gestionprod.dsf
realm gestionprod.fid {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm gestionprod.fid
realm gestionprod.vmd {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm gestionprod.vmd
realm gestionscd.prod {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm gestionscd.prod
realm gestionseed.prod {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm gestionseed.prod
realm gestionseed.uni {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm gestionseed.uni
realm intranetdev.dgag {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm intranetdev.dgag
realm intranetdev.dsf {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm intranetdev.dsf
realm intranetdev.gmt {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm intranetdev.gmt
realm intranetdev.ib-arm {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm intranetdev.ib-arm
realm intranetdev-telip.fcdq {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm intranetdev-telip.fcdq
realm intranetprod.blackbox {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm intranetprod.blackbox
realm intranetprod.dlgl {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm intranetprod.dlgl
realm privprod.apisoft {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm privprod.apisoft
realm prodgestion.ccd {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm prodgestion.ccd
realm IntranetPub.IBM {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm IntranetPub.IBM {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm IntranetPub.IBM
realm IntranetPub.IBM {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm IntranetPub.IBM
realm privappprod.decimal {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm privappprod.decimal {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm privappprod.decimal
realm privappprod.decimal {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm privappprod.decimal
realm intranetprod.Novo {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm intranetprod.Novo {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm intranetprod.Novo
realm intranetprod.Novo {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm intranetprod.Novo
realm intranetprod.LetkoBrosseau {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm intranetprod.LetkoBrosseau {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm intranetprod.LetkoBrosseau
realm intranetprod.LetkoBrosseau {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm intranetprod.LetkoBrosseau
realm intranetprod.fid {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm intranetprod.fid {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm intranetprod.fid
realm intranetprod.fid {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm intranetprod.fid
realm extranetprod.Pirel {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm extranetprod.Pirel {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm extranetprod.Pirel
realm extranetprod.Pirel {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm extranetprod.Pirel
realm mailprod.dcr {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm mailprod.dcr {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm mailprod.dcr
realm mailprod.dcr {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm mailprod.dcr
realm Support.Equisoft {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm Support.Equisoft {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm Support.Equisoft
realm Support.Equisoft {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm Support.Equisoft
realm nsm {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm nsm {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm nsm
realm nsm {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm nsm
realm Nice.FCDQ {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm Nice.FCDQ {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm Nice.FCDQ
realm Nice.FCDQ {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm Nice.FCDQ
realm dmr-intranetprod.fcdq {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm dmr-intranetprod.fcdq {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm dmr-intranetprod.fcdq
realm dmr-intranetprod.fcdq {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm dmr-intranetprod.fcdq
realm 4 {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm 4 {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm 4
realm 4 {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm 4
realm extranetprod.Eximius {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm extranetprod.Eximius {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm extranetprod.Eximius
realm extranetprod.Eximius {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm extranetprod.Eximius
realm espacevd.fcdq {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm espacevd.fcdq {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm espacevd.fcdq
realm espacevd.fcdq {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm espacevd.fcdq
realm privconsomobile.dev {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm privconsomobile.dev {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm privconsomobile.dev
realm privconsomobile.dev {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm privconsomobile.dev
realm unitraxdesj.prod {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm unitraxdesj.prod {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm unitraxdesj.prod
realm unitraxdesj.prod {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm unitraxdesj.prod
realm Nuancegenesysdesj.mvt {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm Nuancegenesysdesj.mvt {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm Nuancegenesysdesj.mvt
realm Nuancegenesysdesj.mvt {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm Nuancegenesysdesj.mvt
realm komutel.prod {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm komutel.prod {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm komutel.prod
realm komutel.prod {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm komutel.prod
realm Intranetdesj.prod {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm Intranetdesj.prod {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm Intranetdesj.prod
realm Intranetdesj.prod {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm Intranetdesj.prod
realm webintranetdesj.prod {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm webintranetdesj.prod {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm webintranetdesj.prod
realm webintranetdesj.prod {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm webintranetdesj.prod
realm caissectoecal.prod {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm caissectoecal.prod {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm caissectoecal.prod
realm caissectoecal.prod {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm caissectoecal.prod
realm cssdesj.prod {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm cssdesj.prod {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm cssdesj.prod
realm cssdesj.prod {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm cssdesj.prod
realm supportdesj.prod {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm supportdesj.prod {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm supportdesj.prod
realm supportdesj.prod {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm supportdesj.prod
realm caissectodesj.prod {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm caissectodesj.prod {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm caissectodesj.prod
realm caissectodesj.prod {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm caissectodesj.prod
realm nuancedesj.prod {
authhost = 10.68.13.6:1645
secret = xxxxxxx
}
realm nuancedesj.prod {
authhost = 10.104.2.12:1645
secret = xxxxxxx
} # realm nuancedesj.prod
realm nuancedesj.prod {
authhost = 10.72.16.30:1645
secret = xxxxxxx
} # realm nuancedesj.prod
realm intranetdev.scd {
authhost = 10.68.13.6:1645
secret = xxxxxxx
}
realm intranetdev.scd {
authhost = 10.104.2.12:1645
secret = xxxxxxx
} # realm intranetdev.scd
realm intranetdev.scd {
authhost = 10.72.16.30:1645
secret = xxxxxxx
} # realm intranetdev.scd
realm rcgt.prod {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm rcgt.prod {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm rcgt.prod
realm rcgt.prod {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm rcgt.prod
realm charybe {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm charybe {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm charybe
realm charybe {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm charybe
realm scylla {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm scylla {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm scylla
realm scylla {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm scylla
realm efront.dev {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm efront.dev {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm efront.dev
realm efront.dev {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm efront.dev
realm privprod.dlgl {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm privprod.dlgl {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm privprod.dlgl
realm privprod.dlgl {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm privprod.dlgl
realm stack.fcdq {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm stack.fcdq {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm stack.fcdq
realm stack.fcdq {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm stack.fcdq
realm intranetprod.arrow {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm intranetprod.arrow {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm intranetprod.arrow
realm intranetprod.arrow {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm intranetprod.arrow
realm intranetprod.ipc {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm intranetprod.ipc {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm intranetprod.ipc
realm intranetprod.ipc {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm intranetprod.ipc
realm intranetprod.modex {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm intranetprod.modex {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm intranetprod.modex
realm intranetprod.modex {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm intranetprod.modex
realm intranetprod.niad {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm intranetprod.niad {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm intranetprod.niad
realm intranetprod.niad {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm intranetprod.niad
realm intranetprod.tradewest {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm intranetprod.tradewest {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm intranetprod.tradewest
realm intranetprod.tradewest {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm intranetprod.tradewest
realm solotech.vpni {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm solotech.vpni {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm solotech.vpni
realm solotech.vpni {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm solotech.vpni
realm dovetail.vpni {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm dovetail.vpni {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm dovetail.vpni
realm dovetail.vpni {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm dovetail.vpni
realm penega.vpni {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm penega.vpni {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm penega.vpni
realm penega.vpni {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm penega.vpni
realm gestionprod.bell.vpni {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm gestionprod.bell.vpni {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm gestionprod.bell.vpni
realm gestionprod.bell.vpni {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm gestionprod.bell.vpni
realm intranetprod.bell.vpni {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm intranetprod.bell.vpni {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm intranetprod.bell.vpni
realm intranetprod.bell.vpni {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm intranetprod.bell.vpni
realm murex.vpni {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm murex.vpni {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm murex.vpni
realm murex.vpni {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm murex.vpni
realm softtarget {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm softtarget {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm softtarget
realm softtarget {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm softtarget
realm mobilesprod.scd {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm mobilesprod.scd {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm mobilesprod.scd
realm mobilesprod.scd {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm mobilesprod.scd
realm fico {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm fico {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm fico
realm fico {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm fico
realm flexcubeccd.vpnz {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm flexcubeccd.vpnz {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm flexcubeccd.vpnz
realm flexcubeccd.vpnz {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm flexcubeccd.vpnz
realm oxilio {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm oxilio {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm oxilio
realm oxilio {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm oxilio
realm mobilesprod.scd.vpni {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm mobilesprod.scd.vpni {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm mobilesprod.scd.vpni
realm mobilesprod.scd.vpni {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm mobilesprod.scd.vpni
realm ccc.prod2 {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm ccc.prod2 {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm ccc.prod2
realm ccc.prod2 {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm ccc.prod2
realm SCDsupjrProd.fcdq.vpnz {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm SCDsupjrProd.fcdq.vpnz {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm SCDsupjrProd.fcdq.vpnz
realm SCDsupjrProd.fcdq.vpnz {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm SCDsupjrProd.fcdq.vpnz
realm archer.fcdq {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm archer.fcdq {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm archer.fcdq
realm archer.fcdq {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm archer.fcdq
realm extranetprod.sfl {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm extranetprod.sfl {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm extranetprod.sfl
realm extranetprod.sfl {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm extranetprod.sfl
realm q {
authhost = 10.68.x.x:1645
secret = xxxxxxx
}
realm q {
authhost = 10.104.x.x:1645
secret = xxxxxxx
} # realm q
realm q {
authhost = 10.72.x.x:1645
secret = xxxxxxx
} # realm q
radiusd: #### Loading Clients ####
client 127.0.0.1 {
require_message_authenticator = no
secret = "testing123"
shortname = "localhost"
nastype = "other"
}
client x.x.x.x {
require_message_authenticator = no
secret = "xxxxxxxxx"
shortname = "contivityicn"
}
client x.x.x.x {
require_message_authenticator = no
secret = "xxxxxxxxx"
shortname = "contivityfcdq"
}
Client x.x.x.x {
require_message_authenticator = no
secret = "xxxxxxxxx"
shortname = "contivityrel"
}
client x.x.x.x {
require_message_authenticator = no
secret = "xxxxxxxxx"
shortname = "shastaprod"
}
client x.x.x.x {
require_message_authenticator = no
secret = "xxxxxxxxx"
shortname = "shastaprod2"
}
client x.x.x.x {
require_message_authenticator = no
secret = "xxxxxxxxx"
shortname = "shastarel"
}
client x.x.x.x {
require_message_authenticator = no
secret = "xxxxxxxxx"
shortname = "shastarel2"
}
client x.x.x.x {
require_message_authenticator = no
secret = "xxxxxxxxx"
shortname = "sslvpnprod"
}
client x.x.x.x {
require_message_authenticator = no
secret = "xxxxxxxxx"
shortname = "contivitydmrprod"
}
client 10.233.x.x {
require_message_authenticator = no
secret = "xxxxxxxxx"
shortname = "contivityfidprod"
}
client x.x.x.x {
require_message_authenticator = no
secret = "xxxxxxxxx"
shortname = "contivityciaprod"
}
client x.x.x.x {
require_message_authenticator = no
secret = "xxxxxxxxx"
shortname = "8600INTRA3"
}
client x.x.x.x {
require_message_authenticator = no
secret = "xxxxxxxxx"
shortname = "8600INTRA"
}
client x.x.x.x {
require_message_authenticator = no
secret = "xxxxxxxxx"
shortname = "8600INTRa4A"
}
client x.x.x.x {
require_message_authenticator = no
secret = "xxxxxxxxx"
shortname = "8600INTRA2"
}
client x.x.x.x {
require_message_authenticator = no
secret = "xxxxxxxxx"
shortname = "8600CSE"
}
client x.x.x.x {
require_message_authenticator = no
secret = "xxxxxxxxx"
shortname = "8600APP"
}
client x.x.x.x {
require_message_authenticator = no
secret = "xxxxxxxxx"
shortname = "8600PUB"
}
client x.x.x.x {
require_message_authenticator = no
secret = "xxxxxxxxx"
shortname = "ssl3050"
}
client x.x.x.x {
require_message_authenticator = no
secret = "xxxxxxxxx"
shortname = "ssl3050"
}
client x.x.x.x {
require_message_authenticator = no
secret = "xxxxxxxxx"
shortname = "ssl3050"
}
client x.x.x.x {
require_message_authenticator = no
secret = "xxxxxxxxx"
shortname = "ssl3050"
}
client x.x.x.x {
require_message_authenticator = no
secret = "xxxxxxxxx"
shortname = "ssl3050"
}
client x.x.x.x {
require_message_authenticator = no
secret = "xxxxxxxxx"
shortname = "ssl3050"
}
client x.x.x.x {
require_message_authenticator = no
secret = "xxxxxxxxx"
shortname = "ssl3050"
}
client x.x.x.x {
require_message_authenticator = no
secret = "xxxxxxxxx"
shortname = "ssl3050"
}
client x.x.x.x {
require_message_authenticator = no
secret = "xxxxxxxxx"
shortname = "ssl3050"
}
client x.x.x.x {
require_message_authenticator = no
secret = "xxxxxxxxx"
shortname = "ssl3050"
}
client x.x.x.x {
require_message_authenticator = no
secret = "xxxxxxxxx"
shortname = "8600GEST"
}
client x.x.x.x {
require_message_authenticator = no
secret = "xxxxxxxxx"
shortname = "8600PRIV"
}
client x.x.x.x {
require_message_authenticator = no
secret = "xxxxxxxxx"
shortname = "8600STAD"
}
client x.x.x.x {
require_message_authenticator = no
secret = "xxxxxxxxx"
shortname = "8600DEV"
}
client x.x.x.xx {
require_message_authenticator = no
secret = "contivitycce4use"
shortname = "contivitycceprod"
}
client x.x.x.x {
require_message_authenticator = no
secret = "xxxxxxxxx"
shortname = "asaprod"
}
client x.x.x.x {
require_message_authenticator = no
secret = "xxxxxxx"
shortname = "SSLVPNMTL"
}
client 10.227.x.x {
require_message_authenticator = no
secret = "xxxxxxx"
shortname = "SSLVPNTOR"
}
client x.x.x.x {
require_message_authenticator = no
secret = "xxxxxxxxx"
shortname = "infiniprod"
}
client x.x.x.x {
require_message_authenticator = no
secret = "xxxxxxxxx"
shortname = "nsmprodmtl"
}
client x.x.x.x {
require_message_authenticator = no
secret = "xxxxxxxxx"
shortname = "nsmprodtor"
}
client x.x.x.x {
require_message_authenticator = no
secret = "xxxxxxxxx"
shortname = "efficientip"
}
client x.x.x.x {
require_message_authenticator = no
secret = "xxxxxxxxx"
shortname = "efficientip"
}
client x.x.x.x {
require_message_authenticator = no
secret = "xxxxxxxxx"
shortname = "efficientip"
}
client x.x.x.x {
require_message_authenticator = no
secret = "xxxxxxxxx"
shortname = "efficientip"
}
client x.x.x.x {
require_message_authenticator = no
secret = "xxxxxxxxx"
shortname = "efficientip"
}
client x.x.x.x {
require_message_authenticator = no
secret = "xxxxxxxxx"
shortname = "efficientip"
}
client x.x.x.x {
require_message_authenticator = no
secret = "xxxxxxxxx"
shortname = "efficientip"
}
client x.x.x.x {
require_message_authenticator = no
secret = "xxxxxxxxx"
shortname = "efficientip"
}
client x.x.x.x {
require_message_authenticator = no
secret = "xxxxxxxxx"
shortname = "efficientip"
}
client x.x.x.x {
require_message_authenticator = no
secret = "xxxxxxxxx"
shortname = "efficientip"
}
client x.x.x.x {
require_message_authenticator = no
secret = "xxxxxxxxx"
shortname = "efficientip"
}
client x.x.x.x {
require_message_authenticator = no
secret = "xxxxxxxxx"
shortname = "efficientip"
}
client x.x.x.x {
require_message_authenticator = no
secret = "xxxxxxxxx"
shortname = "efficientip"
}
client x.x.x.x {
require_message_authenticator = no
secret = "xxxxxxxxx"
shortname = "efficientip"
}
client 10.254.x.x {
require_message_authenticator = no
secret = "xxxxxxxxx"
shortname = "efficientip"
}
client x.x.x.x {
require_message_authenticator = no
secret = "xxxxxxxxx"
shortname = "efficientip"
}
client x.x.x.x {
require_message_authenticator = no
secret = "xxxxxxxxx"
shortname = "efficientip"
}
client x.x.x.x {
require_message_authenticator = no
secret = "xxxxxxxxx"
shortname = "efficientip"
}
client x.x.x.x {
require_message_authenticator = no
secret = "xxxxxxxxx"
shortname = "efficientip"
}
client x.x.x.x {
require_message_authenticator = no
secret = "xxxxxxxxx"
shortname = "efficientip"
}
client x.x.x.x {
require_message_authenticator = no
secret = "xxxxxxxxx"
shortname = "efficientip"
}
client x.x.x.x {
require_message_authenticator = no
secret = "xxxxxxxxx"
shortname = "efficientip"
}
radiusd: #### Instantiating modules ####
instantiate {
Module: Linked to module rlm_exec
Module: Instantiating module "exec" from file /etc/raddb/modules/exec
exec {
wait = no
input_pairs = "request"
shell_escape = yes
timeout = 10
}
Module: Linked to module rlm_expr
Module: Instantiating module "expr" from file /etc/raddb/modules/expr
Module: Linked to module rlm_expiration
Module: Instantiating module "expiration" from file /etc/raddb/modules/expiration
expiration {
reply-message = "Password Has Expired "
}
Module: Linked to module rlm_logintime
Module: Instantiating module "logintime" from file /etc/raddb/modules/logintime
logintime {
reply-message = "You are calling outside your allowed timespan "
minimum-timeout = 60
}
}
radiusd: #### Loading Virtual Servers ####
server { # from file
modules {
Module: Creating Auth-Type = digest
Module: Creating Auth-Type = LDAP
Module: Creating Post-Auth-Type = REJECT
Module: Checking authenticate {...} for more modules to load
Module: Linked to module rlm_pap
Module: Instantiating module "pap" from file /etc/raddb/modules/pap
pap {
encryption_scheme = "auto"
auto_header = no
}
Module: Linked to module rlm_chap
Module: Instantiating module "chap" from file /etc/raddb/modules/chap
Module: Linked to module rlm_mschap
Module: Instantiating module "mschap" from file /etc/raddb/modules/mschap
mschap {
use_mppe = yes
require_encryption = no
require_strong = no
with_ntdomain_hack = no
allow_retry = yes
}
Module: Linked to module rlm_digest
Module: Instantiating module "digest" from file /etc/raddb/modules/digest
Module: Linked to module rlm_unix
Module: Instantiating module "unix" from file /etc/raddb/modules/unix
unix {
radwtmp = "/var/log/radius/radwtmp"
}
Module: Linked to module rlm_ldap
Module: Instantiating module "ldap" from file /etc/raddb/modules/ldap
ldap {
server = "10.234.x.x4.16"
port = 389
password = "laboratoire"
expect_password = yes
identity = "cn=Manager,dc=connexim,dc=com"
net_timeout = 1
timeout = 4
timelimit = 3
max_uses = 0
tls_mode = no
start_tls = no
tls_require_cert = "allow"
tls {
start_tls = no
require_cert = "allow"
}
basedn = "dc=connexim,dc=com"
filter = "(cn=%{User-Name})"
base_filter = "(objectclass=radiusprofile)"
auto_header = no
access_attr_used_for_allow = yes
groupname_attribute = "cn"
groupmembership_filter = "(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))"
dictionary_mapping = "/etc/raddb/ldap.attrmap"
ldap_debug = 0
ldap_connections_number = 5
compare_check_items = no
do_xlat = yes
set_auth_type = yes
keepalive {
idle = 60
probes = 3
interval = 3
}
}
rlm_ldap: Registering ldap_groupcmp for Ldap-Group
rlm_ldap: Registering ldap_xlat with xlat_name ldap
rlm_ldap: reading ldap<->radius mappings from file /etc/raddb/ldap.attrmap
rlm_ldap: LDAP radiusCheckItem mapped to RADIUS $GENERIC$
rlm_ldap: LDAP radiusReplyItem mapped to RADIUS $GENERIC$
rlm_ldap: LDAP radiusAuthType mapped to RADIUS Auth-Type
rlm_ldap: LDAP radiusSimultaneousUse mapped to RADIUS Simultaneous-Use
rlm_ldap: LDAP radiusCalledStationId mapped to RADIUS Called-Station-Id
rlm_ldap: LDAP radiusCallingStationId mapped to RADIUS Calling-Station-Id
rlm_ldap: LDAP lmPassword mapped to RADIUS LM-Password
rlm_ldap: LDAP ntPassword mapped to RADIUS NT-Password
rlm_ldap: LDAP sambaLmPassword mapped to RADIUS LM-Password
rlm_ldap: LDAP sambaNtPassword mapped to RADIUS NT-Password
rlm_ldap: LDAP dBCSPwd mapped to RADIUS LM-Password
rlm_ldap: LDAP userPassword mapped to RADIUS Password-With-Header
rlm_ldap: LDAP acctFlags mapped to RADIUS SMB-Account-CTRL-TEXT
rlm_ldap: LDAP radiusExpiration mapped to RADIUS Expiration
rlm_ldap: LDAP radiusClientIPAddress mapped to RADIUS NAS-IP-Address
rlm_ldap: LDAP radiusServiceType mapped to RADIUS Service-Type
rlm_ldap: LDAP radiusFramedProtocol mapped to RADIUS Framed-Protocol
rlm_ldap: LDAP radiusFramedIPAddress mapped to RADIUS Framed-IP-Address
rlm_ldap: LDAP radiusFramedIPNetmask mapped to RADIUS Framed-IP-Netmask
rlm_ldap: LDAP radiusFramedRoute mapped to RADIUS Framed-Route
rlm_ldap: LDAP radiusFramedRouting mapped to RADIUS Framed-Routing
rlm_ldap: LDAP radiusFilterId mapped to RADIUS Filter-Id
rlm_ldap: LDAP radiusFramedMTU mapped to RADIUS Framed-MTU
rlm_ldap: LDAP radiusFramedCompression mapped to RADIUS Framed-Compression
rlm_ldap: LDAP radiusLoginIPHost mapped to RADIUS Login-IP-Host
rlm_ldap: LDAP radiusLoginService mapped to RADIUS Login-Service
rlm_ldap: LDAP radiusLoginTCPPort mapped to RADIUS Login-TCP-Port
rlm_ldap: LDAP radiusCallbackNumber mapped to RADIUS Callback-Number
rlm_ldap: LDAP radiusCallbackId mapped to RADIUS Callback-Id
rlm_ldap: LDAP radiusFramedIPXNetwork mapped to RADIUS Framed-IPX-Network
rlm_ldap: LDAP radiusClass mapped to RADIUS Class
rlm_ldap: LDAP radiusSessionTimeout mapped to RADIUS Session-Timeout
rlm_ldap: LDAP radiusIdleTimeout mapped to RADIUS Idle-Timeout
rlm_ldap: LDAP radiusTerminationAction mapped to RADIUS Termination-Action
rlm_ldap: LDAP radiusLoginLATService mapped to RADIUS Login-LAT-Service
rlm_ldap: LDAP radiusLoginLATNode mapped to RADIUS Login-LAT-Node
rlm_ldap: LDAP radiusLoginLATGroup mapped to RADIUS Login-LAT-Group
rlm_ldap: LDAP radiusFramedAppleTalkLink mapped to RADIUS Framed-AppleTalk-Link
rlm_ldap: LDAP radiusFramedAppleTalkNetwork mapped to RADIUS Framed-AppleTalk-Network
rlm_ldap: LDAP radiusFramedAppleTalkZone mapped to RADIUS Framed-AppleTalk-Zone
rlm_ldap: LDAP radiusPortLimit mapped to RADIUS Port-Limit
rlm_ldap: LDAP radiusLoginLATPort mapped to RADIUS Login-LAT-Port
rlm_ldap: LDAP radiusLogin-Passport-8600 mapped to RADIUS Login-Passport-8600
rlm_ldap: LDAP radiusLogin-Sniffer-Cisco mapped to RADIUS Cisco-AVPair
rlm_ldap: LDAP radiusLogin-SSL-3050 mapped to RADIUS Login-SSL-3050
rlm_ldap: LDAP efficientip-groups mapped to RADIUS efficientip-groups
rlm_ldap: LDAP efficientip-first-name mapped to RADIUS efficientip-first-name
rlm_ldap: LDAP efficientip-last-name mapped to RADIUS efficientip-last-name
rlm_ldap: LDAP efficientip-pseudonym mapped to RADIUS efficientip-pseudonym
rlm_ldap: LDAP radiusReplyMessage mapped to RADIUS Reply-Message
rlm_ldap: LDAP radiusTunnelType mapped to RADIUS Tunnel-Type
rlm_ldap: LDAP radiusTunnelMediumType mapped to RADIUS Tunnel-Medium-Type
rlm_ldap: LDAP radiusTunnelPrivateGroupId mapped to RADIUS Tunnel-Private-Group-Id
conns: 0x7f3e5a93cbe0
Module: Linked to module rlm_eap
Module: Instantiating module "eap" from file /etc/raddb/eap.conf
eap {
default_eap_type = "md5"
timer_expire = 60
ignore_unknown_eap_types = no
cisco_accounting_username_bug = no
max_sessions = 1024
}
Module: Linked to sub-module rlm_eap_md5
Module: Instantiating eap-md5
Module: Linked to sub-module rlm_eap_leap
Module: Instantiating eap-leap
Module: Linked to sub-module rlm_eap_gtc
Module: Instantiating eap-gtc
gtc {
challenge = "Password: "
auth_type = "PAP"
}
Module: Linked to sub-module rlm_eap_tls
Module: Instantiating eap-tls
tls {
rsa_key_exchange = no
dh_key_exchange = yes
rsa_key_length = 512
dh_key_length = 512
verify_depth = 0
CA_path = "/etc/raddb/certs"
pem_file_type = yes
private_key_file = "/etc/raddb/certs/server.pem"
certificate_file = "/etc/raddb/certs/server.pem"
CA_file = "/etc/raddb/certs/ca.pem"
private_key_password = "whatever"
dh_file = "/etc/raddb/certs/dh"
fragment_size = 1024
include_length = yes
check_crl = no
cipher_list = "DEFAULT"
ecdh_curve = "prime256v1"
cache {
enable = no
lifetime = 24
max_entries = 255
}
verify {
}
ocsp {
enable = no
override_cert_url = yes
url = "http://127.0.0.1/ocsp/"
use_nonce = yes
timeout = 0
softfail = no
}
}
Module: Linked to sub-module rlm_eap_ttls
Module: Instantiating eap-ttls
ttls {
default_eap_type = "md5"
copy_request_to_tunnel = no
use_tunneled_reply = no
virtual_server = "inner-tunnel"
include_length = yes
}
Module: Linked to sub-module rlm_eap_peap
Module: Instantiating eap-peap
peap {
default_eap_type = "mschapv2"
copy_request_to_tunnel = no
use_tunneled_reply = no
proxy_tunneled_request_as_eap = yes
virtual_server = "inner-tunnel"
soh = no
}
Module: Linked to sub-module rlm_eap_mschapv2
Module: Instantiating eap-mschapv2
mschapv2 {
with_ntdomain_hack = no
send_error = no
}
Module: Checking authorize {...} for more modules to load
Module: Linked to module rlm_preprocess
Module: Instantiating module "preprocess" from file /etc/raddb/modules/preprocess
preprocess {
huntgroups = "/etc/raddb/huntgroups"
hints = "/etc/raddb/hints"
with_ascend_hack = no
ascend_channels_per_line = 23
with_ntdomain_hack = no
with_specialix_jetstream_hack = no
with_cisco_vsa_hack = no
with_alvarion_vsa_hack = no
}
reading pairlist file /etc/raddb/huntgroups
reading pairlist file /etc/raddb/hints
Module: Linked to module rlm_realm
Module: Instantiating module "suffix" from file /etc/raddb/modules/realm
realm suffix {
format = "suffix"
delimiter = "@"
ignore_default = no
ignore_null = no
}
Module: Linked to module rlm_files
Module: Instantiating module "files" from file /etc/raddb/modules/files
files {
usersfile = "/etc/raddb/users"
acctusersfile = "/etc/raddb/acct_users"
preproxy_usersfile = "/etc/raddb/preproxy_users"
compat = "no"
}
reading pairlist file /etc/raddb/users
reading pairlist file /etc/raddb/acct_users
reading pairlist file /etc/raddb/preproxy_users
Module: Checking preacct {...} for more modules to load
Module: Linked to module rlm_acct_unique
Module: Instantiating module "acct_unique" from file /etc/raddb/modules/acct_unique
acct_unique {
key = "User-Name, Acct-Session-Id, NAS-IP-Address, NAS-Identifier, NAS-Port"
}
Module: Checking accounting {...} for more modules to load
Module: Linked to module rlm_detail
Module: Instantiating module "detail" from file /etc/raddb/modules/detail
detail {
detailfile = "/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d"
header = "%t"
detailperm = 384
dirperm = 493
locking = no
log_packet_header = no
}
Module: Linked to module rlm_attr_filter
Module: Instantiating module "attr_filter.accounting_response" from file /etc/raddb/modules/attr_filter
attr_filter attr_filter.accounting_response {
attrsfile = "/etc/raddb/attrs.accounting_response"
key = "%{User-Name}"
relaxed = no
}
reading pairlist file /etc/raddb/attrs.accounting_response
Module: Checking session {...} for more modules to load
Module: Linked to module rlm_radutmp
Module: Instantiating module "radutmp" from file /etc/raddb/modules/radutmp
radutmp {
filename = "/var/log/radius/radutmp"
username = "%{User-Name}"
case_sensitive = yes
check_with_nas = yes
perm = 384
callerid = yes
}
Module: Checking post-proxy {...} for more modules to load
Module: Checking post-auth {...} for more modules to load
Module: Instantiating module "attr_filter.access_reject" from file /etc/raddb/modules/attr_filter
attr_filter attr_filter.access_reject {
attrsfile = "/etc/raddb/attrs.access_reject"
key = "%{User-Name}"
relaxed = no
}
reading pairlist file /etc/raddb/attrs.access_reject
} # modules
} # server
server inner-tunnel { # from file /etc/raddb/sites-enabled/inner-tunnel
modules {
Module: Checking authenticate {...} for more modules to load
Module: Checking authorize {...} for more modules to load
Module: Checking session {...} for more modules to load
Module: Checking post-proxy {...} for more modules to load
Module: Checking post-auth {...} for more modules to load
} # modules
} # server
radiusd: #### Opening IP addresses and Ports ####
listen {
type = "auth"
ipaddr = *
port = 1645
}
listen {
type = "acct"
ipaddr = *
port = 1646
}
listen {
type = "control"
listen {
socket = "/var/run/radiusd/radiusd.sock"
}
}
listen {
type = "auth"
ipaddr = 127.0.0.1
port = 18120
}
Listening on authentication address * port 1645
Listening on accounting address * port 1646
Listening on command file /var/run/radiusd/radiusd.sock
Listening on authentication address 127.0.0.1 port 18120 as server inner-tunnel
Listening on proxy address * port 1647
Ready to process requests.
rad_recv: Access-Request packet from host 10.226.x.x port 56055, id=207, length=195
NAS-Identifier = "Juniper IVE"
User-Name = "xxxxxxxxx(a)ssl-admin.bell"
User-Password = "873901936144"
Tunnel-Client-Endpoint:0 = "10.254.x.x"
NAS-IP-Address = 10.226.x.x
NAS-Port = 0
Acct-Session-Id = "baxxx(a)ssl-admin.bell(Admin Users - FreeRadius-Test-New)\"Mon Jul 16 12:55:07 2018\"+/SSGJd2"
# Executing section authorize from file /etc/raddb/sites-enabled/default
+group authorize {
++[preprocess] = ok
++[chap] = noop
++[mschap] = noop
++[digest] = noop
[suffix] Looking up realm "ssl-admin.bell" for User-Name = "xxxxxxxxx(a)ssl-admin.bell"
[suffix] Found realm "ssl-admin.bell"
[suffix] Adding Stripped-User-Name = "xxxxxxxxx"
[suffix] Adding Realm = "ssl-admin.bell"
[suffix] Proxying request from user xxxxxxxxx to realm ssl-admin.bell
[suffix] Preparing to proxy authentication request to realm "ssl-admin.bell"
++[suffix] = updated
[eap] No EAP-Message, not doing EAP
++[eap] = noop
++[files] = noop
[ldap] performing user authorization for xxxxxxxxx
[ldap] expand: (cn=%{User-Name}) -> (cn=xxxxxxxxx(a)ssl-admin.bell)
[ldap] expand: dc=connexim,dc=com -> dc=connexim,dc=com
[ldap] ldap_get_conn: Checking Id: 0
[ldap] ldap_get_conn: Got Id: 0
[ldap] attempting LDAP reconnection
[ldap] (re)connect to 10.234.x.x:389, authentication 0
[ldap] bind as cn=Manager,dc=connexim,dc=com/laboratoire to 10.234.x.x:389
[ldap] waiting for bind result ...
[ldap] Bind was successful
[ldap] performing search in dc=connexim,dc=com, with filter (cn=xxxxxxxxx(a)ssl-admin.bell)
[ldap] looking for check items in directory...
[ldap] radiusClientIPAddress -> NAS-IP-Address == 10.227.x.x
[ldap] radiusClientIPAddress -> NAS-IP-Address == 10.226.x.x
[ldap] radiusClientIPAddress -> NAS-IP-Address == 10.226.x.x
[ldap] radiusClientIPAddress -> NAS-IP-Address == 10.227.x.x
[ldap] radiusClientIPAddress -> NAS-IP-Address == 10.227.x.x
[ldap] radiusClientIPAddress -> NAS-IP-Address == 10.227.x.x
[ldap] radiusClientIPAddress -> NAS-IP-Address == 10.227.x.x
[ldap] radiusClientIPAddress -> NAS-IP-Address == 10.226.x.x
[ldap] radiusClientIPAddress -> NAS-IP-Address == 10.226.x.x
[ldap] radiusClientIPAddress -> NAS-IP-Address == 10.226.x.x
[ldap] looking for reply items in directory...
[ldap] radiusClass -> Class = 0x61646d696e
WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly?
[ldap] Setting Auth-Type = LDAP
[ldap] ldap_release_conn: Release Id: 0
++[ldap] = ok
++[expiration] = noop
++[logintime] = noop
++[pap] = noop
+} # group authorize = updated
WARNING: Empty pre-proxy section. Using default return values.
Sending Access-Request of id 76 to 10.68.x.x port 1645
NAS-Identifier = "Juniper IVE"
User-Name = "xxxxxxxxx"
User-Password = "873901936144"
Tunnel-Client-Endpoint:0 = "10.254.x.x"
NAS-IP-Address = 10.226.x.x
NAS-Port = 0
Acct-Session-Id = "xxxxxxxxx(a)ssl-admin.bell(Admin Users - FreeRadius-Test-New)\"Mon Jul 16 12:55:07 2018\"+/SSGJd2"
Proxy-State = 0x323037
Proxying request 0 to home server 10.68.x.x port 1645
Sending Access-Request of id 76 to 10.68.x.x port 1645
NAS-Identifier = "Juniper IVE"
User-Name = "xxxxxxxxx"
User-Password = "873901936144"
Tunnel-Client-Endpoint:0 = "10.254.x.x"
NAS-IP-Address = 10.226.x.x
NAS-Port = 0
Acct-Session-Id = "xxxxxxxxx(a)ssl-admin.bell(Admin Users - FreeRadius-Test-New)\"Mon Jul 16 12:55:07 2018\"+/SSGJd2"
Proxy-State = 0x323037
Going to the next request
Waking up in 0.9 seconds.
Waking up in 13.0 seconds.
rad_recv: Access-Accept packet from host 10.68.x.x port 1645, id=76, length=83
Class = 0x53425232434c9db383ebde9481cabcc01180250180038198ce8002800881b198a683b1c4eab312800e819db383ebde9481cabcc080cf9af0
Proxy-State = 0x323037
# Executing section post-proxy from file /etc/raddb/sites-enabled/default
+group post-proxy {
[eap] No pre-existing handler found
++[eap] = noop
+} # group post-proxy = noop
Found Auth-Type = LDAP
Found Auth-Type = Accept
Warning: Found 2 auth-types on request for user 'xxxxxxxxx'
Auth-Type = Accept, accepting the user
# Executing section post-auth from file /etc/raddb/sites-enabled/default
+group post-auth {
++[exec] = noop
+} # group post-auth = noop
Sending Access-Accept of id 207 to 10.226.x.x port 56055
Class = 0x53425232434c9db383ebde9481cabcc01180250180038198ce8002800881b198a683b1c4eab312800e819db383ebde9481cabcc080cf9af0
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 0 ID 207 with timestamp +98
Ready to process requests.
---------------------------------------------------------
Last thing: when the user tries to login on his device, he gets the following message in his device's logs:
2018-07-16 12:27:10 - ive - [10.254.x.x] baxxxx(a)ssl-admin.bell(Admin Users - FreeRadius-Test-New)[] - Login failed. Reason: No Roles
2018-07-16 12:27:10 - ive - [10.254.x.x] baxxxx(a)ssl-admin.bell(Admin Users - FreeRadius-Test-New)[] - Primary authentication successful for baxxxx(a)ssl-admin.bell/FreeRadius-Test-New from 10.254.x.x
A test with another user last Friday had the following logs on the device's logs:
2018/07/13 10:10:33 - [10.254.x.x] - baxxxx(a)ssl-admin.bell(Admin Users - FreeRadius-Test-New)[] - Variable userAttr(a)FreeRadius-Test-New.Class = "<Binary Data>"
2018/07/13 10:10:33 - [10.254.x.x] - baxxxx(a)ssl-admin.bell(Admin Users - FreeRadius-Test-New)[] - No match on rule 'userAttr.Class = 'ssl-oper''
2018/07/13 10:10:33 - [10.254.x.x] - baxxxx(a)ssl-admin.bell(Admin Users - FreeRadius-Test-New)[] - No match on rule 'userAttr.Class = 'admin''
2018/07/13 10:10:33 - [10.254.x.x] - baxxxx(a)ssl-admin.bell(Admin Users - FreeRadius-Test-New)[] - Realm Admin Users - FreeRadius-Test-New did not map user baxxxx(a)ssl-admin.bell to any roles
2018/07/13 10:10:33 - [10.254.99.171] - baxxxx(a)ssl-admin.bell(Admin Users - FreeRadius-Test-New)[] - Sign-in rejected. Reason: No Roles
Thanks,
Benoit Petit
Analyste Technique | Technical Analyst
Sécurité et Intelligence Digitale TI | IT Security and Digital Intelligence
1 Carrefour Alexandre-Graham-Bell - Aile E - 3e étage - Verdun - QC - H3E 3B3
514-391-9247
L'utilisation de ce message et régie par notre politique de courriel. www.bell.ca/PolitiqueConfidentialiteCourriel
The use of this message is restricted by our mail policies. www.bell.ca/EmailConfidentialityWarning
3
4
Hi everyone,
I've been searching for documentation about FR to manage hosts Access-Requests of this type :
————
(0) Received Access-Request Id 139 from 10.14.240.106:32773 to 10.14.129.201:1812 length 324
(0) User-Name = "host/C304Z-HP2560.campus.unicaen.fr"
(0) Chargeable-User-Identity = 0x00
(0) Location-Capable = Civix-Location
(0) Calling-Station-Id = "08-11-96-6e-09-5c"
(0) Called-Station-Id = "00-3a-99-91-f1-10:flexi"
(0) NAS-Port = 13
(0) Cisco-AVPair = "audit-session-id=0a0ef06a0008a5df5b4c8983"
(0) Acct-Session-Id = "5b4c8983/08:11:96:6e:09:5c/611634"
(0) NAS-IP-Address = 10.14.240.106
(0) NAS-Identifier = "C1-AC5-A1"
(0) Airespace-Wlan-Id = 10
(0) Service-Type = Framed-User
(0) Framed-MTU = 1300
(0) NAS-Port-Type = Wireless-802.11
(0) Tunnel-Type:0 = VLAN
(0) Tunnel-Medium-Type:0 = IEEE-802
(0) Tunnel-Private-Group-Id:0 = "120"
(0) EAP-Message = 0x0202002801686f73742f433330345a2d4850323536302e63616d7075732e756e696361656e2e6672
(0) Message-Authenticator = 0x6965b96bd6574a69e7b1e88560e90146
What I — normally — need to do is to verify the host certificate against the AD CS.
Did anyone here managed to do that?
It would be nice to share or at least show me the breadcrumbs I need to follow…
Thank you in advance!
--
ૐ — Olivier Le Monnier — ☎ 023156.6209
Pôle Infrastructures — SysAdmin Linux
Direction du Système d'Information
Université de Caen Normandie
2
1
17 Jul '18
Hi there,
I am working for some days now with FreeRADIUS Version 3.0.13. I knew of RADIUS before and have a technical background but not much experience regarding RADOIS, 802.1X or Authentication in particular (PAP, EAP, CHAP…).
However, my question: I have a working RADIUS-Server, I ensured that as I am able to authenticate a Windows 7 Workstation with 802.1X activated on the switch port it is connected to. When I enter the correct user@domain with the correct password, the switch allows traffic on that port and I can also see an Access-Accept in the RADIUS debug output. My next step is to not use a workstation but an IP camera. I uploaded the “test” certificates and key that were created in /etc/raddp/certs to the IP cam and used the same user I used for the windows 7 authentication. It just wont work like that but I cant figure out why. My debug output is attached.
IMHO everything looks good until:
(2) eap: Peer sent packet with method EAP NAK (3)
(2) eap: Peer NAK'd indicating it is not willing to continue
(2) eap: Sending EAP Failure (code 4) ID 3 length 4
(2) eap: Failed in EAP select
But I have no Idea what that means.
Here is the full debug output:
[root@localhost ~]# radiusd -X
FreeRADIUS Version 3.0.13
Copyright (C) 1999-2017 The FreeRADIUS server project and contributors
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License
For more information about these matters, see the file named COPYRIGHT
Starting - reading configuration files ...
including dictionary file /usr/share/freeradius/dictionary
including dictionary file /usr/share/freeradius/dictionary.dhcp
including dictionary file /usr/share/freeradius/dictionary.vqp
including dictionary file /etc/raddb/dictionary
including configuration file /etc/raddb/radiusd.conf
including configuration file /etc/raddb/proxy.conf
including configuration file /etc/raddb/clients.conf
including files in directory /etc/raddb/mods-enabled/
including configuration file /etc/raddb/mods-enabled/always
including configuration file /etc/raddb/mods-enabled/attr_filter
including configuration file /etc/raddb/mods-enabled/cache_eap
including configuration file /etc/raddb/mods-enabled/chap
including configuration file /etc/raddb/mods-enabled/date
including configuration file /etc/raddb/mods-enabled/detail
including configuration file /etc/raddb/mods-enabled/detail.log
including configuration file /etc/raddb/mods-enabled/dhcp
including configuration file /etc/raddb/mods-enabled/digest
including configuration file /etc/raddb/mods-enabled/dynamic_clients
including configuration file /etc/raddb/mods-enabled/eap
including configuration file /etc/raddb/mods-enabled/echo
including configuration file /etc/raddb/mods-enabled/exec
including configuration file /etc/raddb/mods-enabled/expiration
including configuration file /etc/raddb/mods-enabled/expr
including configuration file /etc/raddb/mods-enabled/files
including configuration file /etc/raddb/mods-enabled/linelog
including configuration file /etc/raddb/mods-enabled/logintime
including configuration file /etc/raddb/mods-enabled/mschap
including configuration file /etc/raddb/mods-enabled/ntlm_auth
including configuration file /etc/raddb/mods-enabled/pap
including configuration file /etc/raddb/mods-enabled/passwd
including configuration file /etc/raddb/mods-enabled/preprocess
including configuration file /etc/raddb/mods-enabled/radutmp
including configuration file /etc/raddb/mods-enabled/realm
including configuration file /etc/raddb/mods-enabled/replicate
including configuration file /etc/raddb/mods-enabled/soh
including configuration file /etc/raddb/mods-enabled/sradutmp
including configuration file /etc/raddb/mods-enabled/unix
including configuration file /etc/raddb/mods-enabled/unpack
including configuration file /etc/raddb/mods-enabled/utf8
including configuration file /etc/raddb/mods-enabled/sql
including configuration file /etc/raddb/mods-config/sql/main/mysql/queries.conf
including files in directory /etc/raddb/policy.d/
including configuration file /etc/raddb/policy.d/accounting
including configuration file /etc/raddb/policy.d/canonicalization
including configuration file /etc/raddb/policy.d/control
including configuration file /etc/raddb/policy.d/cui
including configuration file /etc/raddb/policy.d/debug
including configuration file /etc/raddb/policy.d/dhcp
including configuration file /etc/raddb/policy.d/eap
including configuration file /etc/raddb/policy.d/filter
including configuration file /etc/raddb/policy.d/operator-name
including files in directory /etc/raddb/sites-enabled/
including configuration file /etc/raddb/sites-enabled/default
including configuration file /etc/raddb/sites-enabled/inner-tunnel
main {
security {
user = "radiusd"
group = "radiusd"
allow_core_dumps = no
}
name = "radiusd"
prefix = "/usr"
localstatedir = "/var"
logdir = "/var/log/radius"
run_dir = "/var/run/radiusd"
}
main {
name = "radiusd"
prefix = "/usr"
localstatedir = "/var"
sbindir = "/usr/sbin"
logdir = "/var/log/radius"
run_dir = "/var/run/radiusd"
libdir = "/usr/lib64/freeradius"
radacctdir = "/var/log/radius/radacct"
hostname_lookups = no
max_request_time = 30
cleanup_delay = 5
max_requests = 16384
pidfile = "/var/run/radiusd/radiusd.pid"
checkrad = "/usr/sbin/checkrad"
debug_level = 0
proxy_requests = yes
log {
stripped_names = no
auth = no
auth_badpass = no
auth_goodpass = no
colourise = yes
msg_denied = "You are already logged in - access denied"
}
resources {
}
security {
max_attributes = 200
reject_delay = 1.000000
status_server = yes
}
}
radiusd: #### Loading Realms and Home Servers ####
radiusd: #### Loading Clients ####
client localhost {
ipaddr = 127.0.0.1
require_message_authenticator = no
secret = <<< secret >>>
nas_type = "other"
proto = "*"
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
client localhost_ipv6 {
ipv6addr = ::1
require_message_authenticator = no
secret = <<< secret >>>
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
client testclient {
ipaddr = 10.1.100.103
require_message_authenticator = no
secret = <<< secret >>>
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
client switch {
ipaddr = 10.1.17.213
require_message_authenticator = no
secret = <<< secret >>>
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
client 802test {
ipaddr = 10.1.22.136
require_message_authenticator = no
secret = <<< secret >>>
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
Debugger not attached
# Creating Auth-Type = mschap
# Creating Auth-Type = digest
# Creating Auth-Type = eap
# Creating Auth-Type = PAP
# Creating Auth-Type = CHAP
# Creating Auth-Type = MS-CHAP
radiusd: #### Instantiating modules ####
modules {
# Loaded module rlm_always
# Loading module "reject" from file /etc/raddb/mods-enabled/always
always reject {
rcode = "reject"
simulcount = 0
mpp = no
}
# Loading module "fail" from file /etc/raddb/mods-enabled/always
always fail {
rcode = "fail"
simulcount = 0
mpp = no
}
# Loading module "ok" from file /etc/raddb/mods-enabled/always
always ok {
rcode = "ok"
simulcount = 0
mpp = no
}
# Loading module "handled" from file /etc/raddb/mods-enabled/always
always handled {
rcode = "handled"
simulcount = 0
mpp = no
}
# Loading module "invalid" from file /etc/raddb/mods-enabled/always
always invalid {
rcode = "invalid"
simulcount = 0
mpp = no
}
# Loading module "userlock" from file /etc/raddb/mods-enabled/always
always userlock {
rcode = "userlock"
simulcount = 0
mpp = no
}
# Loading module "notfound" from file /etc/raddb/mods-enabled/always
always notfound {
rcode = "notfound"
simulcount = 0
mpp = no
}
# Loading module "noop" from file /etc/raddb/mods-enabled/always
always noop {
rcode = "noop"
simulcount = 0
mpp = no
}
# Loading module "updated" from file /etc/raddb/mods-enabled/always
always updated {
rcode = "updated"
simulcount = 0
mpp = no
}
# Loaded module rlm_attr_filter
# Loading module "attr_filter.post-proxy" from file /etc/raddb/mods-enabled/attr_filter
attr_filter attr_filter.post-proxy {
filename = "/etc/raddb/mods-config/attr_filter/post-proxy"
key = "%{Realm}"
relaxed = no
}
# Loading module "attr_filter.pre-proxy" from file /etc/raddb/mods-enabled/attr_filter
attr_filter attr_filter.pre-proxy {
filename = "/etc/raddb/mods-config/attr_filter/pre-proxy"
key = "%{Realm}"
relaxed = no
}
# Loading module "attr_filter.access_reject" from file /etc/raddb/mods-enabled/attr_filter
attr_filter attr_filter.access_reject {
filename = "/etc/raddb/mods-config/attr_filter/access_reject"
key = "%{User-Name}"
relaxed = no
}
# Loading module "attr_filter.access_challenge" from file /etc/raddb/mods-enabled/attr_filter
attr_filter attr_filter.access_challenge {
filename = "/etc/raddb/mods-config/attr_filter/access_challenge"
key = "%{User-Name}"
relaxed = no
}
# Loading module "attr_filter.accounting_response" from file /etc/raddb/mods-enabled/attr_filter
attr_filter attr_filter.accounting_response {
filename = "/etc/raddb/mods-config/attr_filter/accounting_response"
key = "%{User-Name}"
relaxed = no
}
# Loaded module rlm_cache
# Loading module "cache_eap" from file /etc/raddb/mods-enabled/cache_eap
cache cache_eap {
driver = "rlm_cache_rbtree"
key = "%{%{control:State}:-%{%{reply:State}:-%{State}}}"
ttl = 15
max_entries = 0
epoch = 0
add_stats = no
}
# Loaded module rlm_chap
# Loading module "chap" from file /etc/raddb/mods-enabled/chap
# Loaded module rlm_date
# Loading module "date" from file /etc/raddb/mods-enabled/date
date {
format = "%b %e %Y %H:%M:%S %Z"
}
# Loaded module rlm_detail
# Loading module "detail" from file /etc/raddb/mods-enabled/detail
detail {
filename = "/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d"
header = "%t"
permissions = 384
locking = no
escape_filenames = no
log_packet_header = no
}
# Loading module "auth_log" from file /etc/raddb/mods-enabled/detail.log
detail auth_log {
filename = "/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d"
header = "%t"
permissions = 384
locking = no
escape_filenames = no
log_packet_header = no
}
# Loading module "reply_log" from file /etc/raddb/mods-enabled/detail.log
detail reply_log {
filename = "/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/reply-detail-%Y%m%d"
header = "%t"
permissions = 384
locking = no
escape_filenames = no
log_packet_header = no
}
# Loading module "pre_proxy_log" from file /etc/raddb/mods-enabled/detail.log
detail pre_proxy_log {
filename = "/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/pre-proxy-detail-%Y%m%d"
header = "%t"
permissions = 384
locking = no
escape_filenames = no
log_packet_header = no
}
# Loading module "post_proxy_log" from file /etc/raddb/mods-enabled/detail.log
detail post_proxy_log {
filename = "/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/post-proxy-detail-%Y%m%d"
header = "%t"
permissions = 384
locking = no
escape_filenames = no
log_packet_header = no
}
# Loaded module rlm_dhcp
# Loading module "dhcp" from file /etc/raddb/mods-enabled/dhcp
# Loaded module rlm_digest
# Loading module "digest" from file /etc/raddb/mods-enabled/digest
# Loaded module rlm_dynamic_clients
# Loading module "dynamic_clients" from file /etc/raddb/mods-enabled/dynamic_clients
# Loaded module rlm_eap
# Loading module "eap" from file /etc/raddb/mods-enabled/eap
eap {
default_eap_type = "md5"
timer_expire = 60
ignore_unknown_eap_types = no
cisco_accounting_username_bug = no
max_sessions = 16384
}
# Loaded module rlm_exec
# Loading module "echo" from file /etc/raddb/mods-enabled/echo
exec echo {
wait = yes
program = "/bin/echo %{User-Name}"
input_pairs = "request"
output_pairs = "reply"
shell_escape = yes
}
# Loading module "exec" from file /etc/raddb/mods-enabled/exec
exec {
wait = no
input_pairs = "request"
shell_escape = yes
timeout = 10
}
# Loaded module rlm_expiration
# Loading module "expiration" from file /etc/raddb/mods-enabled/expiration
# Loaded module rlm_expr
# Loading module "expr" from file /etc/raddb/mods-enabled/expr
expr {
safe_characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /äéöüàâæçèéêëîïôœùûüaÿÄÉÖÜßÀÂÆÇÈÉÊËÎÏÔŒÙÛÜŸ"
}
# Loaded module rlm_files
# Loading module "files" from file /etc/raddb/mods-enabled/files
files {
filename = "/etc/raddb/mods-config/files/authorize"
acctusersfile = "/etc/raddb/mods-config/files/accounting"
preproxy_usersfile = "/etc/raddb/mods-config/files/pre-proxy"
}
# Loaded module rlm_linelog
# Loading module "linelog" from file /etc/raddb/mods-enabled/linelog
linelog {
filename = "/var/log/radius/linelog"
escape_filenames = no
syslog_severity = "info"
permissions = 384
format = "This is a log message for %{User-Name}"
reference = "messages.%{%{reply:Packet-Type}:-default}"
}
# Loading module "log_accounting" from file /etc/raddb/mods-enabled/linelog
linelog log_accounting {
filename = "/var/log/radius/linelog-accounting"
escape_filenames = no
syslog_severity = "info"
permissions = 384
format = ""
reference = "Accounting-Request.%{%{Acct-Status-Type}:-unknown}"
}
# Loaded module rlm_logintime
# Loading module "logintime" from file /etc/raddb/mods-enabled/logintime
logintime {
minimum_timeout = 60
}
# Loaded module rlm_mschap
# Loading module "mschap" from file /etc/raddb/mods-enabled/mschap
mschap {
use_mppe = yes
require_encryption = no
require_strong = no
with_ntdomain_hack = yes
passchange {
}
allow_retry = yes
winbind_retry_with_normalised_username = no
}
# Loading module "ntlm_auth" from file /etc/raddb/mods-enabled/ntlm_auth
exec ntlm_auth {
wait = yes
program = "/path/to/ntlm_auth --request-nt-key --domain=MYDOMAIN --username=%{mschap:User-Name} --password=%{User-Password}"
shell_escape = yes
}
# Loaded module rlm_pap
# Loading module "pap" from file /etc/raddb/mods-enabled/pap
pap {
normalise = yes
}
# Loaded module rlm_passwd
# Loading module "etc_passwd" from file /etc/raddb/mods-enabled/passwd
passwd etc_passwd {
filename = "/etc/passwd"
format = "*User-Name:Crypt-Password:"
delimiter = ":"
ignore_nislike = no
ignore_empty = yes
allow_multiple_keys = no
hash_size = 100
}
# Loaded module rlm_preprocess
# Loading module "preprocess" from file /etc/raddb/mods-enabled/preprocess
preprocess {
huntgroups = "/etc/raddb/mods-config/preprocess/huntgroups"
hints = "/etc/raddb/mods-config/preprocess/hints"
with_ascend_hack = no
ascend_channels_per_line = 23
with_ntdomain_hack = no
with_specialix_jetstream_hack = no
with_cisco_vsa_hack = no
with_alvarion_vsa_hack = no
}
# Loaded module rlm_radutmp
# Loading module "radutmp" from file /etc/raddb/mods-enabled/radutmp
radutmp {
filename = "/var/log/radius/radutmp"
username = "%{User-Name}"
case_sensitive = yes
check_with_nas = yes
permissions = 384
caller_id = yes
}
# Loaded module rlm_realm
# Loading module "IPASS" from file /etc/raddb/mods-enabled/realm
realm IPASS {
format = "prefix"
delimiter = "/"
ignore_default = no
ignore_null = no
}
# Loading module "suffix" from file /etc/raddb/mods-enabled/realm
realm suffix {
format = "suffix"
delimiter = "@"
ignore_default = no
ignore_null = no
}
# Loading module "realmpercent" from file /etc/raddb/mods-enabled/realm
realm realmpercent {
format = "suffix"
delimiter = "%"
ignore_default = no
ignore_null = no
}
# Loading module "ntdomain" from file /etc/raddb/mods-enabled/realm
realm ntdomain {
format = "prefix"
delimiter = "\\"
ignore_default = no
ignore_null = no
}
# Loaded module rlm_replicate
# Loading module "replicate" from file /etc/raddb/mods-enabled/replicate
# Loaded module rlm_soh
# Loading module "soh" from file /etc/raddb/mods-enabled/soh
soh {
dhcp = yes
}
# Loading module "sradutmp" from file /etc/raddb/mods-enabled/sradutmp
radutmp sradutmp {
filename = "/var/log/radius/sradutmp"
username = "%{User-Name}"
case_sensitive = yes
check_with_nas = yes
permissions = 420
caller_id = no
}
# Loaded module rlm_unix
# Loading module "unix" from file /etc/raddb/mods-enabled/unix
unix {
radwtmp = "/var/log/radius/radwtmp"
}
Creating attribute Unix-Group
# Loaded module rlm_unpack
# Loading module "unpack" from file /etc/raddb/mods-enabled/unpack
# Loaded module rlm_utf8
# Loading module "utf8" from file /etc/raddb/mods-enabled/utf8
# Loaded module rlm_sql
# Loading module "sql" from file /etc/raddb/mods-enabled/sql
sql {
driver = "rlm_sql_mysql"
server = "localhost"
port = 3306
login = "radius"
password = <<< secret >>>
radius_db = "radius"
read_groups = yes
read_profiles = yes
read_clients = yes
delete_stale_sessions = yes
sql_user_name = "%{User-Name}"
default_user_profile = ""
client_query = "SELECT id, nasname, shortname, type, secret, server FROM nas"
authorize_check_query = "SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id"
authorize_reply_query = "SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id"
authorize_group_check_query = "SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{SQL-Group}' ORDER BY id"
authorize_group_reply_query = "SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{SQL-Group}' ORDER BY id"
group_membership_query = "SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority"
simul_count_query = "SELECT COUNT(*) FROM radacct WHERE username = '%{SQL-User-Name}' AND acctstoptime IS NULL"
simul_verify_query = "SELECT radacctid, acctsessionid, username, nasipaddress, nasportid, framedipaddress, callingstationid, framedprotocol FROM radacct WHERE username = '%{SQL-User-Name}' AND acctstoptime IS NULL"
safe_characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
accounting {
reference = "%{tolower:type.%{Acct-Status-Type}.query}"
type {
accounting-on {
query = "UPDATE radacct SET acctstoptime = FROM_UNIXTIME(%{integer:Event-Timestamp}), acctsessiontime = '%{integer:Event-Timestamp}' - UNIX_TIMESTAMP(acctstarttime), acctterminatecause = '%{%{Acct-Terminate-Cause}:-NAS-Reboot}' WHERE acctstoptime IS NULL AND nasipaddress = '%{NAS-IP-Address}' AND acctstarttime <= FROM_UNIXTIME(%{integer:Event-Timestamp})"
}
accounting-off {
query = "UPDATE radacct SET acctstoptime = FROM_UNIXTIME(%{integer:Event-Timestamp}), acctsessiontime = '%{integer:Event-Timestamp}' - UNIX_TIMESTAMP(acctstarttime), acctterminatecause = '%{%{Acct-Terminate-Cause}:-NAS-Reboot}' WHERE acctstoptime IS NULL AND nasipaddress = '%{NAS-IP-Address}' AND acctstarttime <= FROM_UNIXTIME(%{integer:Event-Timestamp})"
}
start {
query = "INSERT INTO radacct (acctsessionid, acctuniqueid, username, realm, nasipaddress, nasportid, nasporttype, acctstarttime, acctupdatetime, acctstoptime, acctsessiontime, acctauthentic, connectinfo_start, connectinfo_stop, acctinputoctets, acctoutputoctets, calledstationid, callingstationid, acctterminatecause, servicetype, framedprotocol, framedipaddress) VALUES ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{%{NAS-Port-ID}:-%{NAS-Port}}', '%{NAS-Port-Type}', FROM_UNIXTIME(%{integer:Event-Timestamp}), FROM_UNIXTIME(%{integer:Event-Timestamp}), NULL, '0', '%{Acct-Authentic}', '%{Connect-Info}', '', '0', '0', '%{Called-Station-Id}', '%{Calling-Station-Id}', '', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}')"
}
interim-update {
query = "UPDATE radacct SET acctupdatetime = (@acctupdatetime_old:=acctupdatetime), acctupdatetime = FROM_UNIXTIME(%{integer:Event-Timestamp}), acctinterval = %{integer:Event-Timestamp} - UNIX_TIMESTAMP(@acctupdatetime_old), framedipaddress = '%{Framed-IP-Address}', acctsessiontime = %{%{Acct-Session-Time}:-NULL}, acctinputoctets = '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}' WHERE AcctUniqueId = '%{Acct-Unique-Session-Id}'"
}
stop {
query = "UPDATE radacct SET acctstoptime = FROM_UNIXTIME(%{integer:Event-Timestamp}), acctsessiontime = %{%{Acct-Session-Time}:-NULL}, acctinputoctets = '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}', acctterminatecause = '%{Acct-Terminate-Cause}', connectinfo_stop = '%{Connect-Info}' WHERE AcctUniqueId = '%{Acct-Unique-Session-Id}'"
}
}
}
post-auth {
reference = ".query"
query = "INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{SQL-User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S')"
}
}
rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked
Creating attribute SQL-Group
instantiate {
}
# Instantiating module "reject" from file /etc/raddb/mods-enabled/always
# Instantiating module "fail" from file /etc/raddb/mods-enabled/always
# Instantiating module "ok" from file /etc/raddb/mods-enabled/always
# Instantiating module "handled" from file /etc/raddb/mods-enabled/always
# Instantiating module "invalid" from file /etc/raddb/mods-enabled/always
# Instantiating module "userlock" from file /etc/raddb/mods-enabled/always
# Instantiating module "notfound" from file /etc/raddb/mods-enabled/always
# Instantiating module "noop" from file /etc/raddb/mods-enabled/always
# Instantiating module "updated" from file /etc/raddb/mods-enabled/always
# Instantiating module "attr_filter.post-proxy" from file /etc/raddb/mods-enabled/attr_filter
reading pairlist file /etc/raddb/mods-config/attr_filter/post-proxy
# Instantiating module "attr_filter.pre-proxy" from file /etc/raddb/mods-enabled/attr_filter
reading pairlist file /etc/raddb/mods-config/attr_filter/pre-proxy
# Instantiating module "attr_filter.access_reject" from file /etc/raddb/mods-enabled/attr_filter
reading pairlist file /etc/raddb/mods-config/attr_filter/access_reject
[/etc/raddb/mods-config/attr_filter/access_reject]:11 Check item "FreeRADIUS-Response-Delay" found in filter list for realm "DEFAULT".
[/etc/raddb/mods-config/attr_filter/access_reject]:11 Check item "FreeRADIUS-Response-Delay-USec" found in filter list for realm "DEFAULT".
# Instantiating module "attr_filter.access_challenge" from file /etc/raddb/mods-enabled/attr_filter
reading pairlist file /etc/raddb/mods-config/attr_filter/access_challenge
# Instantiating module "attr_filter.accounting_response" from file /etc/raddb/mods-enabled/attr_filter
reading pairlist file /etc/raddb/mods-config/attr_filter/accounting_response
# Instantiating module "cache_eap" from file /etc/raddb/mods-enabled/cache_eap
rlm_cache (cache_eap): Driver rlm_cache_rbtree (module rlm_cache_rbtree) loaded and linked
# Instantiating module "detail" from file /etc/raddb/mods-enabled/detail
# Instantiating module "auth_log" from file /etc/raddb/mods-enabled/detail.log
rlm_detail (auth_log): 'User-Password' suppressed, will not appear in detail output
# Instantiating module "reply_log" from file /etc/raddb/mods-enabled/detail.log
# Instantiating module "pre_proxy_log" from file /etc/raddb/mods-enabled/detail.log
# Instantiating module "post_proxy_log" from file /etc/raddb/mods-enabled/detail.log
# Instantiating module "eap" from file /etc/raddb/mods-enabled/eap
# Linked to sub-module rlm_eap_md5
# Linked to sub-module rlm_eap_leap
# Linked to sub-module rlm_eap_gtc
gtc {
challenge = "Password: "
auth_type = "PAP"
}
# Linked to sub-module rlm_eap_tls
tls {
tls = "tls-common"
}
tls-config tls-common {
verify_depth = 0
ca_path = "/etc/raddb/certs"
pem_file_type = yes
private_key_file = "/etc/raddb/certs/server.pem"
certificate_file = "/etc/raddb/certs/server.pem"
ca_file = "/etc/raddb/certs/ca.pem"
private_key_password = <<< secret >>>
dh_file = "/etc/raddb/certs/dh"
fragment_size = 1024
include_length = yes
auto_chain = yes
check_crl = no
check_all_crl = no
cipher_list = "DEFAULT"
cipher_server_preference = no
ecdh_curve = "prime256v1"
cache {
enable = no
lifetime = 24
max_entries = 255
}
verify {
skip_if_ocsp_ok = no
}
ocsp {
enable = no
override_cert_url = yes
url = "http://127.0.0.1/ocsp/"
use_nonce = yes
timeout = 0
softfail = no
}
}
# Linked to sub-module rlm_eap_ttls
ttls {
tls = "tls-common"
default_eap_type = "md5"
copy_request_to_tunnel = no
use_tunneled_reply = no
virtual_server = "inner-tunnel"
include_length = yes
require_client_cert = no
}
tls: Using cached TLS configuration from previous invocation
# Linked to sub-module rlm_eap_peap
peap {
tls = "tls-common"
default_eap_type = "mschapv2"
copy_request_to_tunnel = no
use_tunneled_reply = no
proxy_tunneled_request_as_eap = yes
virtual_server = "inner-tunnel"
soh = no
require_client_cert = no
}
tls: Using cached TLS configuration from previous invocation
# Linked to sub-module rlm_eap_mschapv2
mschapv2 {
with_ntdomain_hack = no
send_error = no
}
# Instantiating module "expiration" from file /etc/raddb/mods-enabled/expiration
# Instantiating module "files" from file /etc/raddb/mods-enabled/files
reading pairlist file /etc/raddb/mods-config/files/authorize
reading pairlist file /etc/raddb/mods-config/files/accounting
reading pairlist file /etc/raddb/mods-config/files/pre-proxy
# Instantiating module "linelog" from file /etc/raddb/mods-enabled/linelog
# Instantiating module "log_accounting" from file /etc/raddb/mods-enabled/linelog
# Instantiating module "logintime" from file /etc/raddb/mods-enabled/logintime
# Instantiating module "mschap" from file /etc/raddb/mods-enabled/mschap
rlm_mschap (mschap): using internal authentication
# Instantiating module "pap" from file /etc/raddb/mods-enabled/pap
# Instantiating module "etc_passwd" from file /etc/raddb/mods-enabled/passwd
rlm_passwd: nfields: 3 keyfield 0(User-Name) listable: no
# Instantiating module "preprocess" from file /etc/raddb/mods-enabled/preprocess
reading pairlist file /etc/raddb/mods-config/preprocess/huntgroups
reading pairlist file /etc/raddb/mods-config/preprocess/hints
# Instantiating module "IPASS" from file /etc/raddb/mods-enabled/realm
# Instantiating module "suffix" from file /etc/raddb/mods-enabled/realm
# Instantiating module "realmpercent" from file /etc/raddb/mods-enabled/realm
# Instantiating module "ntdomain" from file /etc/raddb/mods-enabled/realm
# Instantiating module "sql" from file /etc/raddb/mods-enabled/sql
rlm_sql_mysql: libmysql version: 10.1.34-MariaDB
mysql {
tls {
}
warnings = "auto"
}
rlm_sql (sql): Attempting to connect to database "radius"
rlm_sql (sql): Initialising connection pool
pool {
start = 5
min = 3
max = 32
spare = 10
uses = 0
lifetime = 0
cleanup_interval = 30
idle_timeout = 60
retry_delay = 30
spread = no
}
rlm_sql (sql): Opening additional connection (0), 1 of 32 pending slots used
rlm_sql_mysql: Starting connect to MySQL server
rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX socket, server version 10.1.34-MariaDB, protocol version 10
rlm_sql (sql): Opening additional connection (1), 1 of 31 pending slots used
rlm_sql_mysql: Starting connect to MySQL server
rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX socket, server version 10.1.34-MariaDB, protocol version 10
rlm_sql (sql): Opening additional connection (2), 1 of 30 pending slots used
rlm_sql_mysql: Starting connect to MySQL server
rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX socket, server version 10.1.34-MariaDB, protocol version 10
rlm_sql (sql): Opening additional connection (3), 1 of 29 pending slots used
rlm_sql_mysql: Starting connect to MySQL server
rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX socket, server version 10.1.34-MariaDB, protocol version 10
rlm_sql (sql): Opening additional connection (4), 1 of 28 pending slots used
rlm_sql_mysql: Starting connect to MySQL server
rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX socket, server version 10.1.34-MariaDB, protocol version 10
rlm_sql (sql): Processing generate_sql_clients
rlm_sql (sql) in generate_sql_clients: query is SELECT id, nasname, shortname, type, secret, server FROM nas
rlm_sql (sql): Reserved connection (0)
rlm_sql (sql): Executing select query: SELECT id, nasname, shortname, type, secret, server FROM nas
rlm_sql (sql): Released connection (0)
Need 5 more connections to reach 10 spares
rlm_sql (sql): Opening additional connection (5), 1 of 27 pending slots used
rlm_sql_mysql: Starting connect to MySQL server
rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX socket, server version 10.1.34-MariaDB, protocol version 10
} # modules
radiusd: #### Loading Virtual Servers ####
server { # from file /etc/raddb/radiusd.conf
} # server
server default { # from file /etc/raddb/sites-enabled/default
# Loading authenticate {...}
# Loading authorize {...}
Ignoring "ldap" (see raddb/mods-available/README.rst)
# Loading preacct {...}
# Loading accounting {...}
# Loading post-proxy {...}
# Loading post-auth {...}
} # server default
server inner-tunnel { # from file /etc/raddb/sites-enabled/inner-tunnel
# Loading authenticate {...}
# Loading authorize {...}
# Loading session {...}
# Loading post-proxy {...}
# Loading post-auth {...}
# Skipping contents of 'if' as it is always 'false' -- /etc/raddb/sites-enabled/inner-tunnel:330
} # server inner-tunnel
radiusd: #### Opening IP addresses and Ports ####
listen {
type = "auth"
ipaddr = *
port = 0
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
listen {
type = "acct"
ipaddr = *
port = 0
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
listen {
type = "auth"
ipv6addr = ::
port = 0
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
listen {
type = "acct"
ipv6addr = ::
port = 0
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
listen {
type = "auth"
ipaddr = 127.0.0.1
port = 18120
}
Listening on auth address * port 1812 bound to server default
Listening on acct address * port 1813 bound to server default
Listening on auth address :: port 1812 bound to server default
Listening on acct address :: port 1813 bound to server default
Listening on auth address 127.0.0.1 port 18120 bound to server inner-tunnel
Ready to process requests
(0) Received Access-Request Id 196 from 10.1.17.213:5001 to 10.1.22.139:1812 length 131
(0) User-Name = "test(a)test.de"
(0) EAP-Message = 0x02010011017465737440746573742e6465
(0) Message-Authenticator = 0xcc6b7f6dcf8ad4f75142527dd9c80de9
(0) NAS-IP-Address = 10.1.17.213
(0) NAS-Identifier = "002257bfc602"
(0) NAS-Port = 16842753
(0) NAS-Port-Type = Ethernet
(0) Service-Type = Framed-User
(0) Framed-Protocol = PPP
(0) Calling-Station-Id = "00d0-8916-a51c"
(0) # Executing section authorize from file /etc/raddb/sites-enabled/default
(0) authorize {
(0) policy filter_username {
(0) if (&User-Name) {
(0) if (&User-Name) -> TRUE
(0) if (&User-Name) {
(0) if (&User-Name =~ / /) {
(0) if (&User-Name =~ / /) -> FALSE
(0) if (&User-Name =~ /@[^@]*@/ ) {
(0) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(0) if (&User-Name =~ /\.\./ ) {
(0) if (&User-Name =~ /\.\./ ) -> FALSE
(0) if ((&User-Name =~ /@/) && (&User-Name !~ /(a)(.+)\.(.+)$/)) {
(0) if ((&User-Name =~ /@/) && (&User-Name !~ /(a)(.+)\.(.+)$/)) -> FALSE
(0) if (&User-Name =~ /\.$/) {
(0) if (&User-Name =~ /\.$/) -> FALSE
(0) if (&User-Name =~ /(a)\./) {
(0) if (&User-Name =~ /(a)\./) -> FALSE
(0) } # if (&User-Name) = notfound
(0) } # policy filter_username = notfound
(0) [preprocess] = ok
(0) [chap] = noop
(0) [mschap] = noop
(0) [digest] = noop
(0) suffix: Checking for suffix after "@"
(0) suffix: Looking up realm "test.de" for User-Name = "test(a)test.de"
(0) suffix: No such realm "test.de"
(0) [suffix] = noop
(0) eap: Peer sent EAP Response (code 2) ID 1 length 17
(0) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
(0) [eap] = ok
(0) } # authorize = ok
(0) Found Auth-Type = eap
(0) # Executing group from file /etc/raddb/sites-enabled/default
(0) authenticate {
(0) eap: Peer sent packet with method EAP Identity (1)
(0) eap: Calling submodule eap_md5 to process data
(0) eap_md5: Issuing MD5 Challenge
(0) eap: Sending EAP Request (code 1) ID 2 length 22
(0) eap: EAP session adding &reply:State = 0x63be32f863bc36b8
(0) [eap] = handled
(0) } # authenticate = handled
(0) Using Post-Auth-Type Challenge
(0) # Executing group from file /etc/raddb/sites-enabled/default
(0) Challenge { ... } # empty sub-section is ignored
(0) Sent Access-Challenge Id 196 from 10.1.22.139:1812 to 10.1.17.213:5001 length 0
(0) EAP-Message = 0x010200160410ba4998d7891473ac7a4379f547fd8835
(0) Message-Authenticator = 0x00000000000000000000000000000000
(0) State = 0x63be32f863bc36b887ed5f2ce5677eca
(0) Finished request
Waking up in 4.9 seconds.
(1) Received Access-Request Id 197 from 10.1.17.213:5001 to 10.1.22.139:1812 length 138
(1) User-Name = "test(a)test.de"
(1) EAP-Message = 0x02020006030d
(1) Message-Authenticator = 0x97fdf8036af545820ec406c229ad06fe
(1) NAS-IP-Address = 10.1.17.213
(1) NAS-Identifier = "002257bfc602"
(1) NAS-Port = 16842753
(1) NAS-Port-Type = Ethernet
(1) Service-Type = Framed-User
(1) Framed-Protocol = PPP
(1) Calling-Station-Id = "00d0-8916-a51c"
(1) State = 0x63be32f863bc36b887ed5f2ce5677eca
(1) session-state: No cached attributes
(1) # Executing section authorize from file /etc/raddb/sites-enabled/default
(1) authorize {
(1) policy filter_username {
(1) if (&User-Name) {
(1) if (&User-Name) -> TRUE
(1) if (&User-Name) {
(1) if (&User-Name =~ / /) {
(1) if (&User-Name =~ / /) -> FALSE
(1) if (&User-Name =~ /@[^@]*@/ ) {
(1) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(1) if (&User-Name =~ /\.\./ ) {
(1) if (&User-Name =~ /\.\./ ) -> FALSE
(1) if ((&User-Name =~ /@/) && (&User-Name !~ /(a)(.+)\.(.+)$/)) {
(1) if ((&User-Name =~ /@/) && (&User-Name !~ /(a)(.+)\.(.+)$/)) -> FALSE
(1) if (&User-Name =~ /\.$/) {
(1) if (&User-Name =~ /\.$/) -> FALSE
(1) if (&User-Name =~ /(a)\./) {
(1) if (&User-Name =~ /(a)\./) -> FALSE
(1) } # if (&User-Name) = notfound
(1) } # policy filter_username = notfound
(1) [preprocess] = ok
(1) [chap] = noop
(1) [mschap] = noop
(1) [digest] = noop
(1) suffix: Checking for suffix after "@"
(1) suffix: Looking up realm "test.de" for User-Name = "test(a)test.de"
(1) suffix: No such realm "test.de"
(1) [suffix] = noop
(1) eap: Peer sent EAP Response (code 2) ID 2 length 6
(1) eap: No EAP Start, assuming it's an on-going EAP conversation
(1) [eap] = updated
(1) files: users: Matched entry DEFAULT at line 181
(1) [files] = ok
(1) sql: EXPAND %{User-Name}
(1) sql: --> test(a)test.de
(1) sql: SQL-User-Name set to 'test(a)test.de'
rlm_sql (sql): Reserved connection (1)
(1) sql: EXPAND SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id
(1) sql: --> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'test(a)test.de' ORDER BY id
(1) sql: Executing select query: SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'test(a)test.de' ORDER BY id
(1) sql: User found in radcheck table
(1) sql: Conditional check items matched, merging assignment check items
(1) sql: Cleartext-Password := "test"
(1) sql: EXPAND SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id
(1) sql: --> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'test(a)test.de' ORDER BY id
(1) sql: Executing select query: SELECT id, username, attribute, value, op FROM radreply WHERE username = 'test(a)test.de' ORDER BY id
(1) sql: EXPAND SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority
(1) sql: --> SELECT groupname FROM radusergroup WHERE username = 'test(a)test.de' ORDER BY priority
(1) sql: Executing select query: SELECT groupname FROM radusergroup WHERE username = 'test(a)test.de' ORDER BY priority
(1) sql: User not found in any groups
rlm_sql (sql): Released connection (1)
Need 4 more connections to reach 10 spares
rlm_sql (sql): Opening additional connection (6), 1 of 26 pending slots used
rlm_sql_mysql: Starting connect to MySQL server
rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX socket, server version 10.1.34-MariaDB, protocol version 10
(1) [sql] = ok
(1) [expiration] = noop
(1) [logintime] = noop
(1) pap: WARNING: Auth-Type already set. Not setting to PAP
(1) [pap] = noop
(1) } # authorize = updated
(1) Found Auth-Type = eap
(1) # Executing group from file /etc/raddb/sites-enabled/default
(1) authenticate {
(1) eap: Expiring EAP session with state 0x63be32f863bc36b8
(1) eap: Finished EAP session with state 0x63be32f863bc36b8
(1) eap: Previous EAP request found for state 0x63be32f863bc36b8, released from the list
(1) eap: Peer sent packet with method EAP NAK (3)
(1) eap: Found mutually acceptable type TLS (13)
(1) eap: Calling submodule eap_tls to process data
(1) eap_tls: Initiating new EAP-TLS session
(1) eap_tls: Setting verify mode to require certificate from client
(1) eap_tls: [eaptls start] = request
(1) eap: Sending EAP Request (code 1) ID 3 length 6
(1) eap: EAP session adding &reply:State = 0x63be32f862bd3fb8
(1) [eap] = handled
(1) } # authenticate = handled
(1) Using Post-Auth-Type Challenge
(1) # Executing group from file /etc/raddb/sites-enabled/default
(1) Challenge { ... } # empty sub-section is ignored
(1) Sent Access-Challenge Id 197 from 10.1.22.139:1812 to 10.1.17.213:5001 length 0
(1) Framed-Protocol = PPP
(1) Framed-Compression = Van-Jacobson-TCP-IP
(1) EAP-Message = 0x010300060d20
(1) Message-Authenticator = 0x00000000000000000000000000000000
(1) State = 0x63be32f862bd3fb887ed5f2ce5677eca
(1) Finished request
Waking up in 4.9 seconds.
(2) Received Access-Request Id 198 from 10.1.17.213:5001 to 10.1.22.139:1812 length 138
(2) User-Name = "test(a)test.de"
(2) EAP-Message = 0x020300060300
(2) Message-Authenticator = 0x0b0a97867abe67deb94d4bb3660e2adb
(2) NAS-IP-Address = 10.1.17.213
(2) NAS-Identifier = "002257bfc602"
(2) NAS-Port = 16842753
(2) NAS-Port-Type = Ethernet
(2) Service-Type = Framed-User
(2) Framed-Protocol = PPP
(2) Calling-Station-Id = "00d0-8916-a51c"
(2) State = 0x63be32f862bd3fb887ed5f2ce5677eca
(2) session-state: No cached attributes
(2) # Executing section authorize from file /etc/raddb/sites-enabled/default
(2) authorize {
(2) policy filter_username {
(2) if (&User-Name) {
(2) if (&User-Name) -> TRUE
(2) if (&User-Name) {
(2) if (&User-Name =~ / /) {
(2) if (&User-Name =~ / /) -> FALSE
(2) if (&User-Name =~ /@[^@]*@/ ) {
(2) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(2) if (&User-Name =~ /\.\./ ) {
(2) if (&User-Name =~ /\.\./ ) -> FALSE
(2) if ((&User-Name =~ /@/) && (&User-Name !~ /(a)(.+)\.(.+)$/)) {
(2) if ((&User-Name =~ /@/) && (&User-Name !~ /(a)(.+)\.(.+)$/)) -> FALSE
(2) if (&User-Name =~ /\.$/) {
(2) if (&User-Name =~ /\.$/) -> FALSE
(2) if (&User-Name =~ /(a)\./) {
(2) if (&User-Name =~ /(a)\./) -> FALSE
(2) } # if (&User-Name) = notfound
(2) } # policy filter_username = notfound
(2) [preprocess] = ok
(2) [chap] = noop
(2) [mschap] = noop
(2) [digest] = noop
(2) suffix: Checking for suffix after "@"
(2) suffix: Looking up realm "test.de" for User-Name = "test(a)test.de"
(2) suffix: No such realm "test.de"
(2) [suffix] = noop
(2) eap: Peer sent EAP Response (code 2) ID 3 length 6
(2) eap: No EAP Start, assuming it's an on-going EAP conversation
(2) [eap] = updated
(2) files: users: Matched entry DEFAULT at line 181
(2) [files] = ok
(2) sql: EXPAND %{User-Name}
(2) sql: --> test(a)test.de
(2) sql: SQL-User-Name set to 'test(a)test.de'
rlm_sql (sql): Reserved connection (2)
(2) sql: EXPAND SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id
(2) sql: --> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'test(a)test.de' ORDER BY id
(2) sql: Executing select query: SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'test(a)test.de' ORDER BY id
(2) sql: User found in radcheck table
(2) sql: Conditional check items matched, merging assignment check items
(2) sql: Cleartext-Password := "test"
(2) sql: EXPAND SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id
(2) sql: --> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'test(a)test.de' ORDER BY id
(2) sql: Executing select query: SELECT id, username, attribute, value, op FROM radreply WHERE username = 'test(a)test.de' ORDER BY id
(2) sql: EXPAND SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority
(2) sql: --> SELECT groupname FROM radusergroup WHERE username = 'test(a)test.de' ORDER BY priority
(2) sql: Executing select query: SELECT groupname FROM radusergroup WHERE username = 'test(a)test.de' ORDER BY priority
(2) sql: User not found in any groups
rlm_sql (sql): Released connection (2)
(2) [sql] = ok
(2) [expiration] = noop
(2) [logintime] = noop
(2) pap: WARNING: Auth-Type already set. Not setting to PAP
(2) [pap] = noop
(2) } # authorize = updated
(2) Found Auth-Type = eap
(2) # Executing group from file /etc/raddb/sites-enabled/default
(2) authenticate {
(2) eap: Expiring EAP session with state 0x63be32f862bd3fb8
(2) eap: Finished EAP session with state 0x63be32f862bd3fb8
(2) eap: Previous EAP request found for state 0x63be32f862bd3fb8, released from the list
(2) eap: Peer sent packet with method EAP NAK (3)
(2) eap: Peer NAK'd indicating it is not willing to continue
(2) eap: Sending EAP Failure (code 4) ID 3 length 4
(2) eap: Failed in EAP select
(2) [eap] = invalid
(2) } # authenticate = invalid
(2) Failed to authenticate the user
(2) Using Post-Auth-Type Reject
(2) # Executing group from file /etc/raddb/sites-enabled/default
(2) Post-Auth-Type REJECT {
(2) sql: EXPAND .query
(2) sql: --> .query
(2) sql: Using query template 'query'
rlm_sql (sql): Reserved connection (3)
(2) sql: EXPAND %{User-Name}
(2) sql: --> test(a)test.de
(2) sql: SQL-User-Name set to 'test(a)test.de'
(2) sql: EXPAND INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{SQL-User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S')
(2) sql: --> INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'test(a)test.de', '', 'Access-Reject', '2018-06-29 15:23:47.268150')
(2) sql: Executing query: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'test(a)test.de', '', 'Access-Reject', '2018-06-29 15:23:47.268150')
(2) sql: SQL query returned: success
(2) sql: 1 record(s) updated
rlm_sql (sql): Released connection (3)
(2) [sql] = ok
(2) attr_filter.access_reject: EXPAND %{User-Name}
(2) attr_filter.access_reject: --> test(a)test.de
(2) attr_filter.access_reject: Matched entry DEFAULT at line 11
(2) [attr_filter.access_reject] = updated
(2) [eap] = noop
(2) policy remove_reply_message_if_eap {
(2) if (&reply:EAP-Message && &reply:Reply-Message) {
(2) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
(2) else {
(2) [noop] = noop
(2) } # else = noop
(2) } # policy remove_reply_message_if_eap = noop
(2) } # Post-Auth-Type REJECT = updated
(2) Delaying response for 1.000000 seconds
Waking up in 0.3 seconds.
Waking up in 0.6 seconds.
(2) Sending delayed response
(2) Sent Access-Reject Id 198 from 10.1.22.139:1812 to 10.1.17.213:5001 length 44
(2) EAP-Message = 0x04030004
(2) Message-Authenticator = 0x00000000000000000000000000000000
Waking up in 3.8 seconds.
(0) Cleaning up request packet ID 196 with timestamp +2
(1) Cleaning up request packet ID 197 with timestamp +2
Waking up in 0.1 seconds.
(2) Cleaning up request packet ID 198 with timestamp +2
Ready to process requests
Mit freundlichen Grüßen I With best regards
Niklas Klein
Testengineer
Research & Development
GEUTEBRÜCK GmbH
Telefon +49 2645 137-722
Fax +49 2645 137-999
Mobil
niklas.klein(a)geutebrueck.com<mailto:niklas.klein@geutebrueck.com><mailto:%20name.nachname@geutebrueck.com>
www.geutebrueck.com<https://www.geutebrueck.com/>
[cid:twitter-with-circle_9a242334-fa02-4a91-996d-312ca4ec2004.png] <https://twitter.com/geutebruck/?ref=MF0814> [cid:youtube-with-circle_e5a3a3bd-2aee-463e-a4a7-0b68323eb775.png] <https://www.youtube.com/channel/UCEhjAeu55-1CZO4SRNgqcNQ/> [cid:linkedin-with-circle_ee6ebcac-cd2e-4ce4-807c-435f6a5e43cc.png] <https://www.linkedin.com/company/geutebr-ck-gmbh?trk=company_logo> [cid:xing-with-circle_ff285450-39be-4390-b2cb-8f86d17d327e.png] <https://www.xing.com/companies/geutebr?¼ckgmbh>
GEUTEBRÜCK GmbH ? Im Nassen 7-9 ? 53578 Windhagen
Geschäftsführer: Katharina Geutebrück, Christoph Hoffmann ? UST-Ident-Nr.: DE813443473 ? Handelsregister: HRB 14475 Montabaur
Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser Mail ist nicht gestattet. Weder die Geutebrück GmbH noch der Absender (Niklas Klein) übernehmen die Haftung für Viren; es obliegt Ihrer Verantwortung, die E-Mail und deren Anhänge auf Viren zu prüfen.
________________________________
GEUTEBRÜCK GmbH ? Im Nassen 7-9 ? 53578 Windhagen ? Germany
CEO: Katharina Geutebrück, Christoph Hoffmann ? VAT No: DE813443473 ? Traderegister: HRB 14475 Montabaur
This e-mail contains confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorised copying, disclosure or distribution of the material in this e-mail is strictly forbidden. Neither the Geutebrück GmbH nor the sender (Niklas Klein) accepts any liability for viruses; it is your responsibility to check the e-mail and their attachments for viruses.
5
9
Recently strongswan folks changed behavior of charon regarding dhcp.
https://lists.strongswan.org/pipermail//dev/2018-June/001918.html
side effect is, that freeradius refuses to start when charon is
working.
According to link SO_REUSEADDR on dhcp server socket should be enough,
I roughly tested it (shamelessly copy
#v+
{
int on = 1;
if (setsockopt(this->fd, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on)) < 0) {
close(this->fd);
ERROR("Failed to reuse address: %s", fr_syserror(errno));
return -1;
}
}
#v-
in listen.c )
and it seem to work, although is rather ugly solution.
I do not know if strongswan people are right but if so, maybe it would
be good idea to put SO_REUSEADDR for dhcp listener?
KJ
--
http://wolnelektury.pl/wesprzyj/teraz/
DYSLEXICS OF THE WORLD, UNTIE!
2
2