Background: Originally I was using CentoOS 7 with Samba 4.2.10 and FreeRadius 3.0.4 on a Windows network that was on Server 2003 and Forest Functional Level. We were using certificate base authentications for tablets and username and password for certain users. We upgraded the functional level to 2012R2 Native and it broke everything. Neither certificates or username and passwords would get any Accepts, only Rejects. I changed the config from sites-enabled/default post-auth { if (!(Ldap-Group == "WiFi")) { reject } to where the certificates authenticate and any Active Directory user can authenticate by using: sites-enabled/default post-auth { # if (Ldap-Group == "WiFi") { # noop # } Just to get people working again. This was confirmed with two test users using radtest -t mschap mcyrus Password1 localhost 0 XXXXXX and watching the radiusd -X debug. Test user mcyrus is not in the WiFi group, test user nlegend is. Currently: I built another server on CentOS 7 but built Samba 4.5.0 and FreeRadius 4.0.x from source to see if newer versions were more compatible, again closely following the deployingfreeradius.com guides. I edited the config files to try and get authorization working again. I can get it doing the same thing where certificates and all AD users can get logged in or only users in the WiFi group get Accepts but none of the certificates get Accepts. The odd thing, or least what I don't understand is: Why the certificates stop working even though the computer accounts are also in the WiFi security group. Wrapping up: I guess what it comes down to is a few of questions: 1. Is Samba 4.5.0/FreeRadius 4.0.x even compatible with a 2012R2 forest functional level (schema 69) as a member server? I've seen some posts stating that it's experimental as a DC but not whether a member server is working/stable. 2. Is it compatible with a Windows Server 2016 forest functional level as we will be heading down that road soon? 3. Should it be possible to have certificate based authorizations AND LDAP group authorizations working on the same server. If yes, I would greatly appreciate any tips or help in figuring out how to get it configured correctly and working again. Thank you for any guidance you can provide, Travis radiusd -X [root@radius ~]# systemctl stop radiusd && radiusd -X Info : FreeRADIUS Version 4.0.0 Info : Copyright (C) 1999-2016 The FreeRADIUS server project and contributors Info : There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A Info : PARTICULAR PURPOSE Info : You may redistribute copies of FreeRADIUS under the terms of the Info : GNU General Public License Info : For more information about these matters, see the file named COPYRIGHT Info : Starting - reading configuration files ... Debug : including dictionary file /opt/freeradius/share/freeradius/dictionary Debug : including dictionary file /opt/freeradius/etc/raddb/dictionary Debug : including configuration file /opt/freeradius/etc/raddb/radiusd.conf Debug : including configuration file /opt/freeradius/etc/raddb/proxy.conf Debug : including configuration file /opt/freeradius/etc/raddb/clients.conf Debug : including files in directory /opt/freeradius/etc/raddb/mods-enabled/ Debug : including configuration file /opt/freeradius/etc/raddb/mods-enabled/always Debug : including configuration file /opt/freeradius/etc/raddb/mods-enabled/attr_filter Debug : including configuration file /opt/freeradius/etc/raddb/mods-enabled/cache_eap Debug : including configuration file /opt/freeradius/etc/raddb/mods-enabled/chap Debug : including configuration file /opt/freeradius/etc/raddb/mods-enabled/detail Debug : including configuration file /opt/freeradius/etc/raddb/mods-enabled/detail.log Debug : including configuration file /opt/freeradius/etc/raddb/mods-enabled/digest Debug : including configuration file /opt/freeradius/etc/raddb/mods-enabled/dhcp Debug : including configuration file /opt/freeradius/etc/raddb/mods-enabled/dynamic_clients Debug : including configuration file /opt/freeradius/etc/raddb/mods-enabled/eap Debug : including configuration file /opt/freeradius/etc/raddb/mods-enabled/eap_inner Debug : including configuration file /opt/freeradius/etc/raddb/mods-enabled/echo Debug : including configuration file /opt/freeradius/etc/raddb/mods-enabled/exec Debug : including configuration file /opt/freeradius/etc/raddb/mods-enabled/expiration Debug : including configuration file /opt/freeradius/etc/raddb/mods-enabled/expr Debug : including configuration file /opt/freeradius/etc/raddb/mods-enabled/files Debug : including configuration file /opt/freeradius/etc/raddb/mods-enabled/linelog Debug : including configuration file /opt/freeradius/etc/raddb/mods-enabled/logintime Debug : including configuration file /opt/freeradius/etc/raddb/mods-enabled/mschap Debug : including configuration file /opt/freeradius/etc/raddb/mods-enabled/ntlm_auth Debug : including configuration file /opt/freeradius/etc/raddb/mods-enabled/pap Debug : including configuration file /opt/freeradius/etc/raddb/mods-enabled/passwd Debug : including configuration file /opt/freeradius/etc/raddb/mods-enabled/preprocess Debug : including configuration file /opt/freeradius/etc/raddb/mods-enabled/radutmp Debug : including configuration file /opt/freeradius/etc/raddb/mods-enabled/realm Debug : including configuration file /opt/freeradius/etc/raddb/mods-enabled/replicate Debug : including configuration file /opt/freeradius/etc/raddb/mods-enabled/soh Debug : including configuration file /opt/freeradius/etc/raddb/mods-enabled/sradutmp Debug : including configuration file /opt/freeradius/etc/raddb/mods-enabled/unix Debug : including configuration file /opt/freeradius/etc/raddb/mods-enabled/unpack Debug : including configuration file /opt/freeradius/etc/raddb/mods-enabled/utf8 Debug : including configuration file /opt/freeradius/etc/raddb/mods-enabled/ldap Debug : including files in directory /opt/freeradius/etc/raddb/policy.d/ Debug : including configuration file /opt/freeradius/etc/raddb/policy.d/abfab-tr Debug : including configuration file /opt/freeradius/etc/raddb/policy.d/accounting Debug : including configuration file /opt/freeradius/etc/raddb/policy.d/canonicalization Debug : including configuration file /opt/freeradius/etc/raddb/policy.d/control Debug : including configuration file /opt/freeradius/etc/raddb/policy.d/cui Debug : including configuration file /opt/freeradius/etc/raddb/policy.d/debug Debug : including configuration file /opt/freeradius/etc/raddb/policy.d/dhcp Debug : including configuration file /opt/freeradius/etc/raddb/policy.d/eap Debug : including configuration file /opt/freeradius/etc/raddb/policy.d/filter Debug : including configuration file /opt/freeradius/etc/raddb/policy.d/operator-name Debug : including configuration file /opt/freeradius/etc/raddb/policy.d/vendor Debug : including files in directory /opt/freeradius/etc/raddb/sites-enabled/ Debug : including configuration file /opt/freeradius/etc/raddb/sites-enabled/default Debug : including configuration file /opt/freeradius/etc/raddb/sites-enabled/inner-tunnel Debug : main { Debug : security { Debug : allow_core_dumps = no Debug : } Debug : name = "radiusd" Debug : prefix = "/opt/freeradius" Debug : localstatedir = "/opt/freeradius/var" Debug : logdir = "/opt/freeradius/var/log/radius" Debug : run_dir = "/opt/freeradius/var/run/radiusd" Debug : } Debug : main { Debug : name = "radiusd" Debug : prefix = "/opt/freeradius" Debug : localstatedir = "/opt/freeradius/var" Debug : sbindir = "/opt/freeradius/sbin" Debug : logdir = "/opt/freeradius/var/log/radius" Debug : run_dir = "/opt/freeradius/var/run/radiusd" Debug : libdir = "/opt/freeradius/lib" Debug : radacctdir = "/opt/freeradius/var/log/radius/radacct" Debug : hostname_lookups = no Debug : max_request_time = 30 Debug : cleanup_delay = 5 Debug : continuation_timeout = 15 Debug : max_requests = 16384 Debug : pidfile = "/opt/freeradius/var/run/radiusd/radiusd.pid" Debug : checkrad = "/opt/freeradius/sbin/checkrad" Debug : debug_level = 0 Debug : proxy_requests = yes Debug : log { Debug : stripped_names = no Debug : auth = no Debug : auth_badpass = no Debug : auth_goodpass = no Debug : colourise = yes Debug : msg_denied = "You are already logged in - access denied" Debug : } Debug : resources { Debug : } Debug : security { Debug : max_attributes = 200 Debug : reject_delay = 1.000000 Debug : status_server = yes Debug : allow_vulnerable_openssl = "no" Debug : } Debug : } Switching to configured log settings radiusd: #### Loading Realms and Home Servers #### proxy server { retry_delay = 5 retry_count = 3 default_fallback = no dynamic = no dead_time = 120 wake_all_if_all_dead = no } home_server localhost { ipaddr = 127.0.0.1 port = 1812 type = "auth" secret = <<< secret >>> response_window = 20.000000 response_timeouts = 1 max_outstanding = 65536 zombie_period = 40 status_check = "status-server" ping_interval = 30 check_interval = 30 check_timeout = 4 num_answers_to_alive = 3 revive_interval = 120 limit { max_connections = 16 max_requests = 0 lifetime = 0 idle_timeout = 0 } coa { irt = 2 mrt = 16 mrc = 5 mrd = 30 } } home_server_pool my_auth_failover { type = fail-over home_server = localhost } realm example.com { auth_pool = my_auth_failover } realm LOCAL { } radiusd: #### Loading Clients #### client localhost { ipaddr = 127.0.0.1 require_message_authenticator = no secret = <<< secret >>> nas_type = "other" proto = "*" limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client Tracmor { ipaddr = 10.10.0.151 require_message_authenticator = no secret = <<< secret >>> limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client LAK-Branch { ipaddr = 10.10.2.131 require_message_authenticator = no secret = <<< secret >>> limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client LAK-IT { ipaddr = 10.10.2.130 require_message_authenticator = no secret = <<< secret >>> limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client LAK-TC { ipaddr = 10.10.2.4 require_message_authenticator = no secret = <<< secret >>> limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client LAK-TC-RF { ipaddr = 10.10.2.65 require_message_authenticator = no secret = <<< secret >>> limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client LAK-Training { ipaddr = 10.10.2.6 require_message_authenticator = no secret = <<< secret >>> limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client LAK-Upstairs { ipaddr = 10.10.2.5 require_message_authenticator = no secret = <<< secret >>> limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client 01-MPK { ipaddr = 192.168.1.250 require_message_authenticator = no secret = <<< secret >>> limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client 03-ELC { ipaddr = 192.168.3.250 require_message_authenticator = no secret = <<< secret >>> limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client 04-BKF { ipaddr = 192.168.4.250 require_message_authenticator = no secret = <<< secret >>> limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client 05-LAS { ipaddr = 192.168.5.250 require_message_authenticator = no secret = <<< secret >>> limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client 05-Training { ipaddr = 192.168.5.251 require_message_authenticator = no secret = <<< secret >>> limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client 06-RIV { ipaddr = 192.168.6.250 require_message_authenticator = no secret = <<< secret >>> limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client 07-PHX { ipaddr = 192.168.7.250 require_message_authenticator = no secret = <<< secret >>> limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client 08-FRN { ipaddr = 192.168.8.250 require_message_authenticator = no secret = <<< secret >>> limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client 09-ANA { ipaddr = 192.168.9.250 require_message_authenticator = no secret = <<< secret >>> limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client 10-SAC { ipaddr = 192.168.10.250 require_message_authenticator = no secret = <<< secret >>> limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client 11-OAK { ipaddr = 192.168.11.250 require_message_authenticator = no secret = <<< secret >>> limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client 12-BUR { ipaddr = 192.168.12.250 require_message_authenticator = no secret = <<< secret >>> limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client 13-RNO { ipaddr = 192.168.13.250 require_message_authenticator = no secret = <<< secret >>> limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client 14-PRT { ipaddr = 192.168.14.250 require_message_authenticator = no secret = <<< secret >>> limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client 14-PRT-2 { ipaddr = 192.168.14.251 require_message_authenticator = no secret = <<< secret >>> limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client 15-SEA { ipaddr = 192.168.15.250 require_message_authenticator = no secret = <<< secret >>> limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client 16-SPK { ipaddr = 192.168.16.250 require_message_authenticator = no secret = <<< secret >>> limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client 17-EUG { ipaddr = 192.168.17.250 require_message_authenticator = no secret = <<< secret >>> limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client 17-EUG-2 { ipaddr = 192.168.17.251 require_message_authenticator = no secret = <<< secret >>> limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client 18-BOI { ipaddr = 192.168.18.250 require_message_authenticator = no secret = <<< secret >>> limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client 19-SLC { ipaddr = 192.168.19.250 require_message_authenticator = no secret = <<< secret >>> limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client 20-ORM { ipaddr = 192.168.20.250 require_message_authenticator = no secret = <<< secret >>> limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client 21-OGD { ipaddr = 192.168.21.250 require_message_authenticator = no secret = <<< secret >>> limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client 22-RED { ipaddr = 192.168.22.250 require_message_authenticator = no secret = <<< secret >>> limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client 24-POC { ipaddr = 192.168.24.250 require_message_authenticator = no secret = <<< secret >>> limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client 25-DGO { ipaddr = 192.168.25.250 require_message_authenticator = no secret = <<< secret >>> limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client 26-TAC { ipaddr = 192.168.26.250 require_message_authenticator = no secret = <<< secret >>> limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client 27-ANC { ipaddr = 192.168.27.250 require_message_authenticator = no secret = <<< secret >>> limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client 28-NOG { ipaddr = 192.168.28.250 require_message_authenticator = no secret = <<< secret >>> limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client 30-TUC { ipaddr = 192.168.30.250 require_message_authenticator = no secret = <<< secret >>> limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client 31-MES { ipaddr = 192.168.31.250 require_message_authenticator = no secret = <<< secret >>> limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client 32-PHO { ipaddr = 192.168.32.251 require_message_authenticator = no secret = <<< secret >>> limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client 33-BEL { ipaddr = 192.168.33.250 require_message_authenticator = no secret = <<< secret >>> limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client 34-MED { ipaddr = 192.168.34.250 require_message_authenticator = no secret = <<< secret >>> limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client 35-VIS { ipaddr = 192.168.35.250 require_message_authenticator = no secret = <<< secret >>> limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client 35-VIS-WH1 { ipaddr = 192.168.35.251 require_message_authenticator = no secret = <<< secret >>> limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client 35-VIS-WH2 { ipaddr = 192.168.35.252 require_message_authenticator = no secret = <<< secret >>> limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client 36-YUM { ipaddr = 192.168.36.250 require_message_authenticator = no secret = <<< secret >>> limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client 37-SLE { ipaddr = 192.168.37.250 require_message_authenticator = no secret = <<< secret >>> limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client 38-SJC { ipaddr = 192.168.38.250 require_message_authenticator = no secret = <<< secret >>> limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client 39-SFO { ipaddr = 192.168.39.250 require_message_authenticator = no secret = <<< secret >>> limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client 40-CCR { ipaddr = 192.168.40.250 require_message_authenticator = no secret = <<< secret >>> limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client 41-VNY { ipaddr = 192.168.41.250 require_message_authenticator = no secret = <<< secret >>> limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client 42-MOD { ipaddr = 192.168.42.250 require_message_authenticator = no secret = <<< secret >>> limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client 43-TLV { ipaddr = 192.168.43.250 require_message_authenticator = no secret = <<< secret >>> limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client 44-SNA { ipaddr = 192.168.44.250 require_message_authenticator = no secret = <<< secret >>> limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client 45-STS { ipaddr = 192.168.45.250 require_message_authenticator = no secret = <<< secret >>> limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client 46-POM { ipaddr = 192.168.46.250 require_message_authenticator = no secret = <<< secret >>> limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client 48-GAR { ipaddr = 192.168.48.250 require_message_authenticator = no secret = <<< secret >>> limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client 49-BPK { ipaddr = 192.168.49.250 require_message_authenticator = no secret = <<< secret >>> limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client 51-LVK { ipaddr = 192.168.51.250 require_message_authenticator = no secret = <<< secret >>> limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client 52-RSV { ipaddr = 192.168.52.250 require_message_authenticator = no secret = <<< secret >>> limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client 53-SAL { ipaddr = 192.168.53.250 require_message_authenticator = no secret = <<< secret >>> limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client 54-PHN { ipaddr = 192.168.54.250 require_message_authenticator = no secret = <<< secret >>> limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client 55-ONT { ipaddr = 192.168.55.250 require_message_authenticator = no secret = <<< secret >>> limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client 55-ONT-2 { ipaddr = 192.168.55.251 require_message_authenticator = no secret = <<< secret >>> limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client 56-WLA { ipaddr = 192.168.56.250 require_message_authenticator = no secret = <<< secret >>> limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client 57-BIL { ipaddr = 192.168.57.250 require_message_authenticator = no secret = <<< secret >>> limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client 58-GTF { ipaddr = 192.168.58.250 require_message_authenticator = no secret = <<< secret >>> limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client 59-RAN { ipaddr = 192.168.59.250 require_message_authenticator = no secret = <<< secret >>> limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client 60-TEM { ipaddr = 192.168.60.250 require_message_authenticator = no secret = <<< secret >>> limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client 61-NTL { ipaddr = 192.168.61.250 require_message_authenticator = no secret = <<< secret >>> limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client 62-PSP { ipaddr = 192.168.62.250 require_message_authenticator = no secret = <<< secret >>> limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client 63-STK { ipaddr = 192.168.63.250 require_message_authenticator = no secret = <<< secret >>> limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client 64-KRK { ipaddr = 192.168.64.250 require_message_authenticator = no secret = <<< secret >>> limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client 65-PEO { ipaddr = 192.168.65.250 require_message_authenticator = no secret = <<< secret >>> limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client 66-VIC { ipaddr = 192.168.66.250 require_message_authenticator = no secret = <<< secret >>> limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client 67-YAK { ipaddr = 192.168.67.250 require_message_authenticator = no secret = <<< secret >>> limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client 68-DRA { ipaddr = 192.168.68.250 require_message_authenticator = no secret = <<< secret >>> limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client 69-CHA { ipaddr = 192.168.69.250 require_message_authenticator = no secret = <<< secret >>> limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client 70-TIG { ipaddr = 192.168.70.250 require_message_authenticator = no secret = <<< secret >>> limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client 71-FRE { ipaddr = 192.168.71.250 require_message_authenticator = no secret = <<< secret >>> limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client 72-DEN { ipaddr = 192.168.72.250 require_message_authenticator = no secret = <<< secret >>> limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client 73-SIG { ipaddr = 192.168.73.250 require_message_authenticator = no secret = <<< secret >>> limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client 74-CEN { ipaddr = 192.168.74.250 require_message_authenticator = no secret = <<< secret >>> limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client 75-COR { ipaddr = 192.168.75.250 require_message_authenticator = no secret = <<< secret >>> limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client 82-PNS { ipaddr = 192.168.82.250 require_message_authenticator = no secret = <<< secret >>> limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client 183-PNS { ipaddr = 192.168.183.250 require_message_authenticator = no secret = <<< secret >>> limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } Debugger not attached systemd watchdog is disabled. thread pool { start_servers = 5 max_servers = 32 min_spare_servers = 3 max_spare_servers = 10 max_requests_per_server = 0 cleanup_delay = 5 max_queue_size = 65536 queue_priority = "default" auto_limit_acct = no } listen { type = "auth" ipaddr = * port = 0 recv_buff = 0 limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } listen { type = "acct" ipaddr = * port = 0 recv_buff = 0 limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } listen { type = "auth" ipv6addr = :: port = 0 recv_buff = 0 limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } listen { type = "acct" ipv6addr = :: port = 0 recv_buff = 0 limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } # Creating Auth-Type = PAP # Creating Auth-Type = CHAP # Creating Auth-Type = MS-CHAP # Creating Auth-Type = eap # Creating Auth-Type = ntlm_auth # Creating Auth-Type = digest listen { type = "auth" ipaddr = 127.0.0.1 port = 18120 recv_buff = 0 } radiusd: #### Loading modules #### modules { # Loaded module "rlm_always" # Loading module "reject" from file /opt/freeradius/etc/raddb/mods-enabled/always always reject { rcode = "reject" simulcount = 0 mpp = no } # Loading module "fail" from file /opt/freeradius/etc/raddb/mods-enabled/always always fail { rcode = "fail" simulcount = 0 mpp = no } # Loading module "ok" from file /opt/freeradius/etc/raddb/mods-enabled/always always ok { rcode = "ok" simulcount = 0 mpp = no } # Loading module "handled" from file /opt/freeradius/etc/raddb/mods-enabled/always always handled { rcode = "handled" simulcount = 0 mpp = no } # Loading module "invalid" from file /opt/freeradius/etc/raddb/mods-enabled/always always invalid { rcode = "invalid" simulcount = 0 mpp = no } # Loading module "userlock" from file /opt/freeradius/etc/raddb/mods-enabled/always always userlock { rcode = "userlock" simulcount = 0 mpp = no } # Loading module "notfound" from file /opt/freeradius/etc/raddb/mods-enabled/always always notfound { rcode = "notfound" simulcount = 0 mpp = no } # Loading module "noop" from file /opt/freeradius/etc/raddb/mods-enabled/always always noop { rcode = "noop" simulcount = 0 mpp = no } # Loading module "updated" from file /opt/freeradius/etc/raddb/mods-enabled/always always updated { rcode = "updated" simulcount = 0 mpp = no } # Loaded module "rlm_attr_filter" # Loading module "attr_filter.post-proxy" from file /opt/freeradius/etc/raddb/mods-enabled/attr_filter attr_filter attr_filter.post-proxy { filename = "/opt/freeradius/etc/raddb/mods-config/attr_filter/post-proxy" relaxed = no } # Loading module "attr_filter.pre-proxy" from file /opt/freeradius/etc/raddb/mods-enabled/attr_filter attr_filter attr_filter.pre-proxy { filename = "/opt/freeradius/etc/raddb/mods-config/attr_filter/pre-proxy" relaxed = no } # Loading module "attr_filter.access_reject" from file /opt/freeradius/etc/raddb/mods-enabled/attr_filter attr_filter attr_filter.access_reject { filename = "/opt/freeradius/etc/raddb/mods-config/attr_filter/access_reject" relaxed = no } # Loading module "attr_filter.access_challenge" from file /opt/freeradius/etc/raddb/mods-enabled/attr_filter attr_filter attr_filter.access_challenge { filename = "/opt/freeradius/etc/raddb/mods-config/attr_filter/access_challenge" relaxed = no } # Loading module "attr_filter.accounting_response" from file /opt/freeradius/etc/raddb/mods-enabled/attr_filter attr_filter attr_filter.accounting_response { filename = "/opt/freeradius/etc/raddb/mods-config/attr_filter/accounting_response" relaxed = no } # Loaded module "rlm_cache" # Loading module "cache_eap" from file /opt/freeradius/etc/raddb/mods-enabled/cache_eap cache cache_eap { driver = "rlm_cache_rbtree" ttl = 15 max_entries = 0 epoch = 0 add_stats = no } # Loaded module "rlm_chap" # Loading module "chap" from file /opt/freeradius/etc/raddb/mods-enabled/chap # Loaded module "rlm_detail" # Loading module "detail" from file /opt/freeradius/etc/raddb/mods-enabled/detail detail { filename = "/opt/freeradius/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d" header = "%t" permissions = 384 locking = no escape_filenames = no log_packet_header = no } # Loading module "auth_log" from file /opt/freeradius/etc/raddb/mods-enabled/detail.log detail auth_log { filename = "/opt/freeradius/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d" header = "%t" permissions = 384 locking = no escape_filenames = no log_packet_header = no } # Loading module "reply_log" from file /opt/freeradius/etc/raddb/mods-enabled/detail.log detail reply_log { filename = "/opt/freeradius/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/reply-detail-%Y%m%d" header = "%t" permissions = 384 locking = no escape_filenames = no log_packet_header = no } # Loading module "pre_proxy_log" from file /opt/freeradius/etc/raddb/mods-enabled/detail.log detail pre_proxy_log { filename = "/opt/freeradius/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/pre-proxy-detail-%Y%m%d" header = "%t" permissions = 384 locking = no escape_filenames = no log_packet_header = no } # Loading module "post_proxy_log" from file /opt/freeradius/etc/raddb/mods-enabled/detail.log detail post_proxy_log { filename = "/opt/freeradius/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/post-proxy-detail-%Y%m%d" header = "%t" permissions = 384 locking = no escape_filenames = no log_packet_header = no } # Loaded module "rlm_digest" # Loading module "digest" from file /opt/freeradius/etc/raddb/mods-enabled/digest # Loaded module "rlm_dhcp" # Loading module "dhcp" from file /opt/freeradius/etc/raddb/mods-enabled/dhcp # Loaded module "rlm_dynamic_clients" # Loading module "dynamic_clients" from file /opt/freeradius/etc/raddb/mods-enabled/dynamic_clients # Loaded module "rlm_eap" # Loading module "eap" from file /opt/freeradius/etc/raddb/mods-enabled/eap eap { default_eap_type = "tls" ignore_unknown_eap_types = no cisco_accounting_username_bug = no } # Loaded module "rlm_eap_md5" # Loaded module "rlm_eap_leap" # Loaded module "rlm_eap_gtc" gtc { challenge = "Password: " auth_type = "PAP" } # Loaded module "rlm_eap_tls" tls { tls = "tls-common" require_client_cert = yes include_length = yes } tls-config tls-common { verify_depth = 0 ca_path = "/opt/freeradius/etc/raddb/certs" pem_file_type = yes private_key_file = "/opt/freeradius/etc/raddb/certs/server.pem" certificate_file = "/opt/freeradius/etc/raddb/certs/server.pem" ca_file = "/opt/freeradius/etc/raddb/certs/ca_and_crl.pem" private_key_password = <<< secret >>> dh_file = "/opt/freeradius/etc/raddb/certs/dh" fragment_size = 1024 auto_chain = yes check_crl = yes cipher_list = "DEFAULT" allow_renegotiation = no ecdh_curve = "prime256v1" disable_tlsv1_2 = no cache { lifetime = 86400 verify = no } verify { } ocsp { enable = no override_cert_url = yes url = "http://127.0.0.1/ocsp/" use_nonce = yes timeout = 0 softfail = no } staple { enable = no override_cert_url = yes url = "http://127.0.0.1/ocsp/" use_nonce = yes timeout = 0 softfail = no } } # Loaded module "rlm_eap_ttls" ttls { tls = "tls-common" virtual_server = "inner-tunnel" include_length = yes require_client_cert = no } tls - Using cached TLS configuration from previous invocation # Loaded module "rlm_eap_peap" peap { tls = "tls-common" proxy_tunneled_request_as_eap = yes virtual_server = "inner-tunnel" soh = no require_client_cert = no } tls - Using cached TLS configuration from previous invocation # Loaded module "rlm_eap_mschapv2" mschapv2 { with_ntdomain_hack = no send_error = no identity = "radius" } # Loading module "inner-eap" from file /opt/freeradius/etc/raddb/mods-enabled/eap_inner eap inner-eap { default_eap_type = "mschapv2" ignore_unknown_eap_types = no cisco_accounting_username_bug = no } gtc { challenge = "Password: " auth_type = "PAP" } mschapv2 { with_ntdomain_hack = no send_error = no } tls { tls = "tls-peer" require_client_cert = yes include_length = yes } tls-config tls-peer { verify_depth = 0 ca_path = "/opt/freeradius/etc/raddb/certs" pem_file_type = yes private_key_file = "/opt/freeradius/etc/raddb/certs/server.key" certificate_file = "/opt/freeradius/etc/raddb/certs/server.pem" ca_file = "/opt/freeradius/etc/raddb/certs/ca.pem" private_key_password = <<< secret >>> dh_file = "/opt/freeradius/etc/raddb/certs/dh" fragment_size = 16384 auto_chain = yes check_crl = yes allow_renegotiation = no ecdh_curve = "prime256v1" cache { lifetime = 86400 verify = no } verify { } ocsp { enable = no override_cert_url = no use_nonce = yes timeout = 0 softfail = no } staple { enable = no override_cert_url = no use_nonce = yes timeout = 0 softfail = no } } # Loaded module "rlm_exec" # Loading module "echo" from file /opt/freeradius/etc/raddb/mods-enabled/echo exec echo { wait = yes program = "/bin/echo %{User-Name}" input_pairs = "request" output_pairs = "reply" shell_escape = yes } # Loading module "exec" from file /opt/freeradius/etc/raddb/mods-enabled/exec exec { wait = no input_pairs = "request" shell_escape = yes timeout = 10 } # Loaded module "rlm_expiration" # Loading module "expiration" from file /opt/freeradius/etc/raddb/mods-enabled/expiration # Loaded module "rlm_expr" # Loading module "expr" from file /opt/freeradius/etc/raddb/mods-enabled/expr expr { safe_characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /äéöüàâæçèéêëîïôœùûüaÿÄÉÖÜßÀÂÆÇÈÉÊËÎÏÔŒÙÛÜŸ" } # Loaded module "rlm_files" # Loading module "files" from file /opt/freeradius/etc/raddb/mods-enabled/files files { filename = "/opt/freeradius/etc/raddb/mods-config/files/authorize" acctusersfile = "/opt/freeradius/etc/raddb/mods-config/files/accounting" preproxy_usersfile = "/opt/freeradius/etc/raddb/mods-config/files/pre-proxy" } # Loaded module "rlm_linelog" # Loading module "linelog" from file /opt/freeradius/etc/raddb/mods-enabled/linelog linelog { destination = "file" delimiter = " " file { filename = "/opt/freeradius/var/log/radius/linelog" permissions = 384 escape_filenames = no } syslog { severity = "info" } unix { } tcp { port = 514 timeout = 2.000000 } udp { port = 514 timeout = 2.000000 } } # Loading module "log_accounting" from file /opt/freeradius/etc/raddb/mods-enabled/linelog linelog log_accounting { destination = "file" delimiter = " " file { filename = "/opt/freeradius/var/log/radius/linelog-accounting" permissions = 384 escape_filenames = no } syslog { severity = "info" } unix { } tcp { timeout = 1000.000000 } udp { timeout = 1000.000000 } } # Loaded module "rlm_logintime" # Loading module "logintime" from file /opt/freeradius/etc/raddb/mods-enabled/logintime logintime { minimum_timeout = 60 } # Loaded module "rlm_mschap" # Loading module "mschap" from file /opt/freeradius/etc/raddb/mods-enabled/mschap mschap { use_mppe = no require_encryption = yes require_strong = yes with_ntdomain_hack = yes ntlm_auth = "/opt/samba/bin/ntlm_auth --request-nt-key --username=%{mschap:User-Name:-None} --domain=%{%{mschap:NT-Domain}:-RSDNET} --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}" ntlm_auth_timeout = 10 passchange { } allow_retry = yes } # Loading module "ntlm_auth" from file /opt/freeradius/etc/raddb/mods-enabled/ntlm_auth exec ntlm_auth { wait = yes program = "/opt/samba/bin/ntlm_auth --request-nt-key --domain=RSDNET --username=%{mschap:User-Name} --password=%{User-Password}" shell_escape = yes } # Loaded module "rlm_pap" # Loading module "pap" from file /opt/freeradius/etc/raddb/mods-enabled/pap pap { normalise = yes } # Loaded module "rlm_passwd" # Loading module "etc_passwd" from file /opt/freeradius/etc/raddb/mods-enabled/passwd passwd etc_passwd { filename = "/etc/passwd" format = "*User-Name:Crypt-Password:" delimiter = ":" ignore_nislike = no ignore_empty = yes allow_multiple_keys = no hash_size = 100 } # Loaded module "rlm_preprocess" # Loading module "preprocess" from file /opt/freeradius/etc/raddb/mods-enabled/preprocess preprocess { huntgroups = "/opt/freeradius/etc/raddb/mods-config/preprocess/huntgroups" hints = "/opt/freeradius/etc/raddb/mods-config/preprocess/hints" with_ascend_hack = no ascend_channels_per_line = 23 with_ntdomain_hack = no with_specialix_jetstream_hack = no with_cisco_vsa_hack = no with_alvarion_vsa_hack = no } # Loaded module "rlm_radutmp" # Loading module "radutmp" from file /opt/freeradius/etc/raddb/mods-enabled/radutmp radutmp { filename = "/opt/freeradius/var/log/radius/radutmp" username = "%{User-Name}" case_sensitive = yes check_with_nas = yes permissions = 384 caller_id = yes } # Loaded module "rlm_realm" # Loading module "IPASS" from file /opt/freeradius/etc/raddb/mods-enabled/realm realm IPASS { format = "prefix" delimiter = "/" ignore_default = no ignore_null = no } # Loading module "suffix" from file /opt/freeradius/etc/raddb/mods-enabled/realm realm suffix { format = "suffix" delimiter = "@" ignore_default = no ignore_null = no } # Loading module "realmpercent" from file /opt/freeradius/etc/raddb/mods-enabled/realm realm realmpercent { format = "suffix" delimiter = "%" ignore_default = no ignore_null = no } # Loading module "ntdomain" from file /opt/freeradius/etc/raddb/mods-enabled/realm realm ntdomain { format = "prefix" delimiter = "\\" ignore_default = no ignore_null = no } # Loaded module "rlm_replicate" # Loading module "replicate" from file /opt/freeradius/etc/raddb/mods-enabled/replicate # Loaded module "rlm_soh" # Loading module "soh" from file /opt/freeradius/etc/raddb/mods-enabled/soh soh { dhcp = yes } # Loading module "sradutmp" from file /opt/freeradius/etc/raddb/mods-enabled/sradutmp radutmp sradutmp { filename = "/opt/freeradius/var/log/radius/sradutmp" username = "%{User-Name}" case_sensitive = yes check_with_nas = yes permissions = 420 caller_id = no } # Loaded module "rlm_unix" # Loading module "unix" from file /opt/freeradius/etc/raddb/mods-enabled/unix unix { radwtmp = "/opt/freeradius/var/log/radius/radwtmp" } Creating attribute Unix-Group # Loaded module "rlm_unpack" # Loading module "unpack" from file /opt/freeradius/etc/raddb/mods-enabled/unpack # Loaded module "rlm_utf8" # Loading module "utf8" from file /opt/freeradius/etc/raddb/mods-enabled/utf8 rlm_ldap - libldap vendor: OpenLDAP, version: 20440 # Loaded module "rlm_ldap" # Loading module "ldap" from file /opt/freeradius/etc/raddb/mods-enabled/ldap ldap { server = "dc12vm.rsdtc.com" identity = "cn=radius,cn=users,dc=rsdtc,dc=com" password = <<< secret >>> sasl { } user { scope = "sub" access_attribute = "WiFi" access_positive = yes sasl { } } group { filter = "(objectClass=posixGroup)" scope = "sub" name_attribute = "cn" membership_attribute = "memberOf" membership_filter = "(&(objectClass=group)(member=%{control:Ldap-UserDn}))" cacheable_name = no cacheable_dn = no } client { filter = "(objectClass=radiusClient)" scope = "sub" base_dn = "dc=rsdtc,dc=com" } profile { } options { ldap_debug = 40 chase_referrals = yes use_referral_credentials = no rebind = yes session_tracking = no res_timeout = 10 srv_timelimit = 3 idle = 60 probes = 3 interval = 3 } tls { start_tls = no } } Creating attribute LDAP-Group instantiate { } } # modules # Instantiating module "reject" from file /opt/freeradius/etc/raddb/mods-enabled/always # Instantiating module "fail" from file /opt/freeradius/etc/raddb/mods-enabled/always # Instantiating module "ok" from file /opt/freeradius/etc/raddb/mods-enabled/always # Instantiating module "handled" from file /opt/freeradius/etc/raddb/mods-enabled/always # Instantiating module "invalid" from file /opt/freeradius/etc/raddb/mods-enabled/always # Instantiating module "userlock" from file /opt/freeradius/etc/raddb/mods-enabled/always # Instantiating module "notfound" from file /opt/freeradius/etc/raddb/mods-enabled/always # Instantiating module "noop" from file /opt/freeradius/etc/raddb/mods-enabled/always # Instantiating module "updated" from file /opt/freeradius/etc/raddb/mods-enabled/always # Instantiating module "attr_filter.post-proxy" from file /opt/freeradius/etc/raddb/mods-enabled/attr_filter reading file /opt/freeradius/etc/raddb/mods-config/attr_filter/post-proxy # Instantiating module "attr_filter.pre-proxy" from file /opt/freeradius/etc/raddb/mods-enabled/attr_filter reading file /opt/freeradius/etc/raddb/mods-config/attr_filter/pre-proxy # Instantiating module "attr_filter.access_reject" from file /opt/freeradius/etc/raddb/mods-enabled/attr_filter reading file /opt/freeradius/etc/raddb/mods-config/attr_filter/access_reject [/opt/freeradius/etc/raddb/mods-config/attr_filter/access_reject]:11 Check item "FreeRADIUS-Response-Delay" found in filter list for realm "DEFAULT". [/opt/freeradius/etc/raddb/mods-config/attr_filter/access_reject]:11 Check item "FreeRADIUS-Response-Delay-USec" found in filter list for realm "DEFAULT". # Instantiating module "attr_filter.access_challenge" from file /opt/freeradius/etc/raddb/mods-enabled/attr_filter reading file /opt/freeradius/etc/raddb/mods-config/attr_filter/access_challenge # Instantiating module "attr_filter.accounting_response" from file /opt/freeradius/etc/raddb/mods-enabled/attr_filter reading file /opt/freeradius/etc/raddb/mods-config/attr_filter/accounting_response # Instantiating module "cache_eap" from file /opt/freeradius/etc/raddb/mods-enabled/cache_eap # Loaded module "rlm_cache_rbtree" # Instantiating module "detail" from file /opt/freeradius/etc/raddb/mods-enabled/detail # Instantiating module "auth_log" from file /opt/freeradius/etc/raddb/mods-enabled/detail.log rlm_detail (auth_log) - 'User-Password' suppressed, will not appear in detail output # Instantiating module "reply_log" from file /opt/freeradius/etc/raddb/mods-enabled/detail.log # Instantiating module "pre_proxy_log" from file /opt/freeradius/etc/raddb/mods-enabled/detail.log # Instantiating module "post_proxy_log" from file /opt/freeradius/etc/raddb/mods-enabled/detail.log # Instantiating module "expiration" from file /opt/freeradius/etc/raddb/mods-enabled/expiration # Instantiating module "files" from file /opt/freeradius/etc/raddb/mods-enabled/files reading file /opt/freeradius/etc/raddb/mods-config/files/authorize reading file /opt/freeradius/etc/raddb/mods-config/files/accounting reading file /opt/freeradius/etc/raddb/mods-config/files/pre-proxy # Instantiating module "linelog" from file /opt/freeradius/etc/raddb/mods-enabled/linelog # Instantiating module "log_accounting" from file /opt/freeradius/etc/raddb/mods-enabled/linelog # Instantiating module "logintime" from file /opt/freeradius/etc/raddb/mods-enabled/logintime # Instantiating module "mschap" from file /opt/freeradius/etc/raddb/mods-enabled/mschap mschap : authenticating by calling 'ntlm_auth' # Instantiating module "pap" from file /opt/freeradius/etc/raddb/mods-enabled/pap # Instantiating module "etc_passwd" from file /opt/freeradius/etc/raddb/mods-enabled/passwd # Instantiating module "preprocess" from file /opt/freeradius/etc/raddb/mods-enabled/preprocess reading file /opt/freeradius/etc/raddb/mods-config/preprocess/huntgroups reading file /opt/freeradius/etc/raddb/mods-config/preprocess/hints # Instantiating module "IPASS" from file /opt/freeradius/etc/raddb/mods-enabled/realm # Instantiating module "suffix" from file /opt/freeradius/etc/raddb/mods-enabled/realm # Instantiating module "realmpercent" from file /opt/freeradius/etc/raddb/mods-enabled/realm # Instantiating module "ntdomain" from file /opt/freeradius/etc/raddb/mods-enabled/realm # Instantiating module "ldap" from file /opt/freeradius/etc/raddb/mods-enabled/ldap accounting { reference = "%{tolower:type.%{Acct-Status-Type}}" } post-auth { reference = "." } rlm_ldap (ldap) - Initialising connection pool pool { start = 5 min = 3 max = 32 spare = 10 uses = 0 lifetime = 0 cleanup_interval = 30 idle_timeout = 60 connect_timeout = 3.000000 held_trigger_min = 0.000000 held_trigger_max = 0.500000 retry_delay = 30 spread = no } rlm_ldap (ldap) - Opening additional connection (0), 1 of 32 pending slots used rlm_ldap (ldap) - Connecting to ldap://dc12vm.rsdtc.com:389 rlm_ldap (ldap) - Waiting for bind result... rlm_ldap (ldap) - Bind successful rlm_ldap (ldap) - Performing search in "" with filter "(objectclass=*)", scope "base" rlm_ldap (ldap) - Waiting for search result... rlm_ldap (ldap) - Directory type: Active Directory rlm_ldap (ldap) - Opening additional connection (1), 1 of 31 pending slots used rlm_ldap (ldap) - Connecting to ldap://dc12vm.rsdtc.com:389 rlm_ldap (ldap) - Waiting for bind result... rlm_ldap (ldap) - Bind successful rlm_ldap (ldap) - Opening additional connection (2), 1 of 30 pending slots used rlm_ldap (ldap) - Connecting to ldap://dc12vm.rsdtc.com:389 rlm_ldap (ldap) - Waiting for bind result... rlm_ldap (ldap) - Bind successful rlm_ldap (ldap) - Opening additional connection (3), 1 of 29 pending slots used rlm_ldap (ldap) - Connecting to ldap://dc12vm.rsdtc.com:389 rlm_ldap (ldap) - Waiting for bind result... rlm_ldap (ldap) - Bind successful rlm_ldap (ldap) - Opening additional connection (4), 1 of 28 pending slots used rlm_ldap (ldap) - Connecting to ldap://dc12vm.rsdtc.com:389 rlm_ldap (ldap) - Waiting for bind result... rlm_ldap (ldap) - Bind successful radiusd: #### Loading Virtual Servers #### server default { # from file /opt/freeradius/etc/raddb/sites-enabled/default } # server default server inner-tunnel { # from file /opt/freeradius/etc/raddb/sites-enabled/inner-tunnel } # server inner-tunnel radiusd: #### Opening IP addresses and Ports #### Listening on auth address * port 1812 bound to server default Listening on acct address * port 1813 bound to server default Listening on auth address :: port 1812 bound to server default Listening on acct address :: port 1813 bound to server default Listening on auth address 127.0.0.1 port 18120 bound to server inner-tunnel Listening on proxy address * port 58700 Listening on proxy address :: port 53027 Ready to process requests