Help with freeradius upgrade
Hello, I’m in the process of upgrading Freeradius in our production environment. Long story short : nobody wanted to do the task and I have to jump from Red Hat 3 to Red Hat 6 which includes a totally new version of Openldap (2.4.40 with it’s own database in its structure) and Freeradius 2.2.6. Openldap is completed. The users have been transported and I can see them all. When I do a test with a current user, he gets an error message (“host is unreachable”). I see a REJECT message in the radius logs. Attached is the logs while running in debug mode (radiusd –X). Can anyone see something missing in my config? Tks for your time, ----------------output of radiusd -X-------- radiusd: FreeRADIUS Version 2.2.6, for host x86_64-redhat-linux-gnu, built on Jul 11 2017 at 04:40:14 Copyright (C) 1999-2013 The FreeRADIUS server project and contributors. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License. For more information about these matters, see the file named COPYRIGHT. Starting - reading configuration files ... including configuration file /etc/raddb/radiusd.conf including configuration file /etc/raddb/proxy.conf including configuration file /etc/raddb/clients.conf including files in directory /etc/raddb/modules/ including configuration file /etc/raddb/modules/replicate including configuration file /etc/raddb/modules/always including configuration file /etc/raddb/modules/radutmp including configuration file /etc/raddb/modules/expiration including configuration file /etc/raddb/modules/perl including configuration file /etc/raddb/modules/digest including configuration file /etc/raddb/modules/pam including configuration file /etc/raddb/modules/attr_filter including configuration file /etc/raddb/modules/counter including configuration file /etc/raddb/modules/policy including configuration file /etc/raddb/modules/sqlcounter_expire_on_login including configuration file /etc/raddb/modules/wimax including configuration file /etc/raddb/modules/ldap including configuration file /etc/raddb/modules/linelog including configuration file /etc/raddb/modules/cache including configuration file /etc/raddb/modules/realm including configuration file /etc/raddb/modules/detail.example.com including configuration file /etc/raddb/modules/mac2vlan including configuration file /etc/raddb/modules/sql_log including configuration file /etc/raddb/modules/passwd including configuration file /etc/raddb/modules/cui including configuration file /etc/raddb/modules/preprocess including configuration file /etc/raddb/modules/inner-eap including configuration file /etc/raddb/modules/detail.log including configuration file /etc/raddb/modules/chap including configuration file /etc/raddb/modules/detail including configuration file /etc/raddb/modules/exec including configuration file /etc/raddb/modules/rediswho including configuration file /etc/raddb/modules/otp including configuration file /etc/raddb/modules/opendirectory including configuration file /etc/raddb/modules/ippool including configuration file /etc/raddb/modules/etc_group including configuration file /etc/raddb/modules/echo including configuration file /etc/raddb/modules/redis including configuration file /etc/raddb/modules/ntlm_auth including configuration file /etc/raddb/modules/dhcp_sqlippool including configuration file /etc/raddb/modules/radrelay including configuration file /etc/raddb/modules/attr_rewrite including configuration file /etc/raddb/modules/dynamic_clients including configuration file /etc/raddb/modules/checkval including configuration file /etc/raddb/modules/smsotp including configuration file /etc/raddb/modules/expr including configuration file /etc/raddb/modules/mac2ip including configuration file /etc/raddb/modules/logintime including configuration file /etc/raddb/modules/files including configuration file /etc/raddb/modules/smbpasswd including configuration file /etc/raddb/modules/mschap including configuration file /etc/raddb/modules/acct_unique including configuration file /etc/raddb/modules/unix including configuration file /etc/raddb/modules/pap including configuration file /etc/raddb/modules/sradutmp including configuration file /etc/raddb/modules/soh including configuration file /etc/raddb/eap.conf including configuration file /etc/raddb/policy.conf including files in directory /etc/raddb/sites-enabled/ including configuration file /etc/raddb/sites-enabled/default including configuration file /etc/raddb/sites-enabled/control-socket including configuration file /etc/raddb/sites-enabled/inner-tunnel main { user = "radiusd" group = "radiusd" allow_core_dumps = no } including dictionary file /etc/raddb/dictionary main { name = "radiusd" prefix = "/usr" localstatedir = "/var" sbindir = "/usr/sbin" logdir = "/var/log/radius" run_dir = "/var/run/radiusd" libdir = "/usr/lib64/freeradius" radacctdir = "/var/log/radius/radacct" hostname_lookups = no max_request_time = 30 cleanup_delay = 5 max_requests = 1024 pidfile = "/var/run/radiusd/radiusd.pid" checkrad = "/usr/sbin/checkrad" debug_level = 0 proxy_requests = yes log { stripped_names = no auth = no auth_badpass = no auth_goodpass = no } security { max_attributes = 200 reject_delay = 1 status_server = yes } } radiusd: #### Loading Realms and Home Servers #### proxy server { retry_delay = 5 retry_count = 3 default_fallback = yes dead_time = 300 wake_all_if_all_dead = no } realm contivity { authhost = x.x.x.x:1645 secret = secret } realm bce-intranetprod.bce { authhost = x.x.x.x:1645 secret = secret } realm bce-mediaprod.bce { authhost = x.x.x.x:1645 secret = secret } realm bce-gestionprod.bce { authhost = x.x.x.x:1645 secret = secret } realm bce-caissesprod.bce { authhost = x.x.x.x:1645 secret = secret } realm bce-appprod.bce { authhost = x.x.x.x:1645 secret = secret } realm bce-privprod.bce { authhost = x.x.x.x:1645 secret = secret } realm bce-pubprod.bce { authhost = x.x.x.x:1645 secret = secret } realm bce-extranetprod.bce { authhost = x.x.x.x:1645 secret = secret } realm bce-stadprod.bce { authhost = x.x.x.x:1645 secret = secret } realm ogr-gestionprod.bce { authhost = x.x.x.x:1645 secret = secret } realm srv-gestionprod.bce { authhost = x.x.x.x:1645 secret = secret } realm stadprod.dsd { authhost = x.x.x.x:1645 secret = secret } realm ssl3050 { authhost = x.x.x.x:1645 secret = secret } realm intranetprod.dsd { authhost = x.x.x.x:1645 secret = secret } realm ssl-teleacces.fcdq { authhost = x.x.x.x:1645 secret = secret } realm ssl-notes.fcdq { authhost = x.x.x.x:1645 secret = secret } realm bce-fidprod.bce { authhost = x.x.x.x:1645 secret = secret } realm isb-intranetprod.fcdq { authhost = x.x.x.x:1645 secret = secret } realm bce-gestionpe.bce { authhost = x.x.x.x:1645 secret = secret } realm mobilite-cfe.fcdq { authhost = x.x.x.x:1645 secret = secret } realm devmobilite-cfe.fcdq { authhost = x.x.x.x:1645 secret = secret } realm ssl-admin.bell { authhost = x.x.x.x:1645 secret = secret } realm intranetprod.fcdq { authhost = x.x.x.x:1645 secret = secret } realm gestionprod.fcdq { authhost = x.x.x.x:1645 secret = secret } realm caissesprod.fcdq { authhost = x.x.x.x:1645 secret = secret } realm appprod.fcdq { authhost = x.x.x.x:1645 secret = secret } realm privprod.fcdq { authhost = x.x.x.x:1645 secret = secret } realm appprod-siebel.fcdq { authhost = x.x.x.x:1645 secret = secret } realm stadprod.fcdq { authhost = x.x.x.x:1645 secret = secret } realm caissesdev.fcdq { authhost = x.x.x.x:1645 secret = secret } realm intranetdev.fcdq { authhost = x.x.x.x:1645 secret = secret } realm privdev.fcdq { authhost = x.x.x.x:1645 secret = secret } realm gestiondev.fcdq { authhost = x.x.x.x:1645 secret = secret } realm fidprod.fcdq { authhost = x.x.x.x:1645 secret = secret } realm devmobilite-caissesuni.fcdq { authhost = x.x.x.x:1645 secret = secret } realm appval-siebel.fcdq { authhost = x.x.x.x:1645 secret = secret } realm appdev.fcdq { authhost = x.x.x.x:1645 secret = secret } realm appprod-crypto.fcdq { authhost = x.x.x.x:1645 secret = secret } realm ssl-oper { authhost = x.x.x.x:1645 secret = secret } realm sniffer { authhost = x.x.x.x:1645 secret = secret } realm mobilite-caisses.fcdq { authhost = x.x.x.x:1645 secret = secret } realm devmobilite-caisses.fcdq { authhost = x.x.x.x:1645 secret = secret } realm intranetprod.ccd { authhost = x.x.x.x:1645 secret = secret } realm appval-releve.fcdq { authhost = x.x.x.x:1645 secret = secret } realm appprod.fcpa { authhost = x.x.x.x:1645 secret = secret } realm appprod.fidvisa { authhost = x.x.x.x:1645 secret = secret } realm appprod.scd { authhost = x.x.x.x:1645 secret = secret } realm appprod01.scd { authhost = x.x.x.x:1645 secret = secret } realm gestionpe.scd { authhost = x.x.x.x:1645 secret = secret } realm gestionprod.ccd { authhost = x.x.x.x:1645 secret = secret } realm intranetcdc.cdc { authhost = x.x.x.x:1645 secret = secret } realm intranetprod.altel { authhost = x.x.x.x:1645 secret = secret } realm intranetprod.ce { authhost = x.x.x.x:1645 secret = secret } realm intranetprod.sped { authhost = x.x.x.x:1645 secret = secret } realm privprod.fcpa { authhost = x.x.x.x:1645 secret = secret } realm privprod.sirius { authhost = x.x.x.x:1645 secret = secret } realm stadprod.cad { authhost = x.x.x.x:1645 secret = secret } realm caissesprod1.fcdq { authhost = x.x.x.x:1645 secret = secret } realm appprod.vmd { authhost = x.x.x.x:1645 secret = secret } realm privprod-google.fcdq { authhost = x.x.x.x:1645 secret = secret } realm supportoracle.fcdq { authhost = x.x.x.x:1645 secret = secret } realm gestionval.fcdq { authhost = x.x.x.x:1645 secret = secret } realm appprod02.fcdq { authhost = x.x.x.x:1645 secret = secret } realm gestionprod-ddcsc.fcdq { authhost = x.x.x.x:1645 secret = secret } realm ibmaccess { authhost = x.x.x.x:1645 secret = secret } realm intranetprod-t.fcdq { authhost = x.x.x.x:1645 secret = secret } realm xentrax-stadprod.bce { authhost = x.x.x.x:1645 secret = secret } realm xentrax-intranetprod.bce { authhost = x.x.x.x:1645 secret = secret } realm bell01-stadprod.bce { authhost = x.x.x.x:1645 secret = secret } realm appprod03.fcdq { authhost = x.x.x.x:1645 secret = secret } realm css.fcdq { authhost = x.x.x.x:1645 secret = secret } realm gestion.hds { authhost = x.x.x.x:1645 secret = secret } realm appprod04.fcdq { authhost = x.x.x.x:1645 secret = secret } realm rr.partenaires { authhost = x.x.x.x:1645 secret = secret } realm privprod.panagon { authhost = x.x.x.x:1645 secret = secret } realm byoc.prod { authhost = x.x.x.x:1645 secret = secret } realm ccc.prod { authhost = x.x.x.x:1645 secret = secret } realm support-ddtcpc.fcdq { authhost = x.x.x.x:1645 secret = secret } realm intranetprod.dcr { authhost = x.x.x.x:1645 secret = secret } realm meplus.ccd { authhost = x.x.x.x:1645 secret = secret } realm campus.jacada { authhost = x.x.x.x:1645 secret = secret } realm support-ddcsc.fcdq { authhost = x.x.x.x:1645 secret = secret } realm support.controles.ac { authhost = x.x.x.x:1645 secret = secret } realm contivity { authhost = x.x.x.x:1645 secret = secret } # realm contivity realm bce-intranetprod.bce { authhost = x.x.x.x:1645 secret = secret } # realm bce-intranetprod.bce realm bce-mediaprod.bce { authhost = x.x.x.x:1645 secret = secret } # realm bce-mediaprod.bce realm bce-gestionprod.bce { authhost = x.x.x.x:1645 secret = secret } # realm bce-gestionprod.bce realm bce-caissesprod.bce { authhost = x.x.x.x:1645 secret = secret } # realm bce-caissesprod.bce realm bce-appprod.bce { authhost = x.x.x.x:1645 secret = secret } # realm bce-appprod.bce realm bce-privprod.bce { authhost = x.x.x.x:1645 secret = secret } # realm bce-privprod.bce realm bce-pubprod.bce { authhost = x.x.x.x:1645 secret = secret } # realm bce-pubprod.bce realm bce-extranetprod.bce { authhost = x.x.x.x:1645 secret = secret } # realm bce-extranetprod.bce realm bce-stadprod.bce { authhost = x.x.x.x:1645 secret = secret } # realm bce-stadprod.bce realm ogr-gestionprod.bce { authhost = x.x.x.x:1645 secret = secret } # realm ogr-gestionprod.bce realm srv-gestionprod.bce { authhost = x.x.x.x:1645 secret = secret } # realm srv-gestionprod.bce realm stadprod.dsd { authhost = x.x.x.x:1645 secret = secret } # realm stadprod.dsd realm intranetprod.dsd { authhost = x.x.x.x:1645 secret = secret } # realm intranetprod.dsd realm ssl3050 { authhost = x.x.x.x:1645 secret = secret } # realm ssl3050 realm ssl-teleacces.fcdq { authhost = x.x.x.x:1645 secret = secret } # realm ssl-teleacces.fcdq realm ssl-notes.fcdq { authhost = x.x.x.x:1645 secret = secret } # realm ssl-notes.fcdq realm bce-fidprod.bce { authhost = x.x.x.x:1645 secret = secret } # realm bce-fidprod.bce realm isb-intranetprod.fcdq { authhost = x.x.x.x:1645 secret = secret } # realm isb-intranetprod.fcdq realm bce-gestionpe.bce { authhost = x.x.x.x:1645 secret = secret } # realm bce-gestionpe.bce realm mobilite-cfe.fcdq { authhost = x.x.x.x:1645 secret = secret } # realm mobilite-cfe.fcdq realm devmobilite-cfe.fcdq { authhost = x.x.x.x:1645 secret = secret } # realm devmobilite-cfe.fcdq realm ssl-admin.bell { authhost = x.x.x.x:1645 secret = secret } # realm ssl-admin.bell realm ssl-oper { authhost = x.x.x.x:1645 secret = secret } # realm ssl-oper realm intranetprod.fcdq { authhost = x.x.x.x:1645 secret = secret } # realm intranetprod.fcdq realm gestionprod.fcdq { authhost = x.x.x.x:1645 secret = secret } # realm gestionprod.fcdq realm caissesprod.fcdq { authhost = x.x.x.x:1645 secret = secret } # realm caissesprod.fcdq realm appprod.fcdq { authhost = x.x.x.x:1645 secret = secret } # realm appprod.fcdq realm privprod.fcdq { authhost = x.x.x.x:1645 secret = secret } # realm privprod.fcdq realm appprod-siebel.fcdq { authhost = x.x.x.x:1645 secret = secret } # realm appprod-siebel.fcdq realm stadprod.fcdq { authhost = x.x.x.x:1645 secret = secret } # realm stadprod.fcdq realm caissesdev.fcdq { authhost = x.x.x.x:1645 secret = secret } # realm caissesdev.fcdq realm intranetdev.fcdq { authhost = x.x.x.x:1645 secret = secret } # realm intranetdev.fcdq realm privdev.fcdq { authhost = x.x.x.x:1645 secret = secret } # realm privdev.fcdq realm gestiondev.fcdq { authhost = x.x.x.x:1645 secret = secret } # realm gestiondev.fcdq realm fidprod.fcdq { authhost = x.x.x.x:1645 secret = secret } # realm fidprod.fcdq realm devmobilite-caissesuni.fcdq { authhost = x.x.x.x:1645 secret = secret } # realm devmobilite-caissesuni.fcdq realm appval-siebel.fcdq { authhost = x.x.x.x:1645 secret = secret } # realm appval-siebel.fcdq realm privprod-at.fcdq { authhost = x.x.x.x:1645 secret = secret } realm privprod-at.fcdq { authhost = x.x.x.x:1645 secret = secret } # realm privprod-at.fcdq realm appdev.fcdq { authhost = x.x.x.x:1645 secret = secret } # realm appdev.fcdq realm appprod-crypto.fcdq { authhost = x.x.x.x:1645 secret = secret } # realm appprod-crypto.fcdq realm mobilite-caisses.fcdq { authhost = x.x.x.x:1645 secret = secret } # realm mobilite-caisses.fcdq realm devmobilite-caisses.fcdq { authhost = x.x.x.x:1645 secret = secret } # realm devmobilite-caisses.fcdq realm sniffer { authhost = x.x.x.x:1645 secret = secret } # realm sniffer realm intranetprod.ccd { authhost = x.x.x.x:1645 secret = secret } # realm intranetprod.ccd realm appval-releve.fcdq { authhost = x.x.x.x:1645 secret = secret } # realm appval-releve.fcdq realm appprod.fcpa { authhost = x.x.x.x:1645 secret = secret } # realm appprod.fcpa realm appprod.fidvisa { authhost = x.x.x.x:1645 secret = secret } # realm appprod.fidvisa realm appprod.scd { authhost = x.x.x.x:1645 secret = secret } # realm appprod.scd realm appprod01.scd { authhost = x.x.x.x:1645 secret = secret } # realm appprod01.scd realm gestionpe.scd { authhost = x.x.x.x:1645 secret = secret } # realm gestionpe.scd realm gestionprod.ccd { authhost = x.x.x.x:1645 secret = secret } # realm gestionprod.ccd realm intranetcdc.cdc { authhost = x.x.x.x:1645 secret = secret } # realm intranetcdc.cdc realm intranetprod.altel { authhost = x.x.x.x:1645 secret = secret } # realm intranetprod.altel realm intranetprod.ce { authhost = x.x.x.x:1645 secret = secret } # realm intranetprod.ce realm intranetprod.sped { authhost = x.x.x.x:1645 secret = secret } # realm intranetprod.sped realm privprod.fcpa { authhost = x.x.x.x:1645 secret = secret } # realm privprod.fcpa realm privprod.sirius { authhost = x.x.x.x:1645 secret = secret } # realm privprod.sirius realm stadprod.cad { authhost = x.x.x.x:1645 secret = secret } # realm stadprod.cad realm caissesprod1.fcdq { authhost = x.x.x.x:1645 secret = secret } # realm caissesprod1.fcdq realm appprod.vmd { authhost = x.x.x.x:1645 secret = secret } # realm appprod.vmd realm privprod-google.fcdq { authhost = x.x.x.x:1645 secret = secret } # realm privprod-google.fcdq realm supportoracle.fcdq { authhost = x.x.x.x:1645 secret = secret } # realm supportoracle.fcdq realm gestionval.fcdq { authhost = x.x.x.x:1645 secret = secret } # realm gestionval.fcdq realm appprod02.fcdq { authhost = x.x.x.x:1645 secret = secret } # realm appprod02.fcdq realm gestionprod-ddcsc.fcdq { authhost = x.x.x.x:1645 secret = secret } # realm gestionprod-ddcsc.fcdq realm ibmaccess { authhost = x.x.x.x:1645 secret = secret } # realm ibmaccess realm intranetprod-t.fcdq { authhost = x.x.x.x:1645 secret = secret } # realm intranetprod-t.fcdq realm xentrax-stadprod.bce { authhost = x.x.x.x:1645 secret = secret } # realm xentrax-stadprod.bce realm xentrax-intranetprod.bce { authhost = x.x.x.x:1645 secret = secret } # realm xentrax-intranetprod.bce realm bell01-stadprod.bce { authhost = x.x.x.x:1645 secret = secret } # realm bell01-stadprod.bce realm appprod03.fcdq { authhost = x.x.x.x:1645 secret = secret } # realm appprod03.fcdq realm css.fcdq { authhost = x.x.x.x:1645 secret = secret } # realm css.fcdq realm gestion.hds { authhost = x.x.x.x:1645 secret = secret } # realm gestion.hds realm appprod04.fcdq { authhost = x.x.x.x:1645 secret = secret } # realm appprod04.fcdq realm rr.partenaires { authhost = x.x.x.x:1645 secret = secret } # realm rr.partenaires realm privprod.panagon { authhost = x.x.x.x:1645 secret = secret } # realm privprod.panagon realm byoc.prod { authhost = x.x.x.x:1645 secret = secret } # realm byoc.prod realm ccc.prod { authhost = x.x.x.x:1645 secret = secret } # realm ccc.prod realm support-ddtcpc.fcdq { authhost = x.x.x.x:1645 secret = secret } # realm support-ddtcpc.fcdq realm intranetprod.dcr { authhost = x.x.x.x:1645 secret = secret } # realm intranetprod.dcr realm meplus.ccd { authhost = x.x.x.x:1645 secret = secret } # realm meplus.ccd realm campus.jacada { authhost = x.x.x.x:1645 secret = secret } # realm campus.jacada realm support-ddcsc.fcdq { authhost = x.x.x.x:1645 secret = secret } # realm support-ddcsc.fcdq realm support.controles.ac { authhost = x.x.x.x:1645 secret = secret } # realm support.controles.ac realm contivity { authhost = x.x.x.x:1645 secret = secret } # realm contivity realm bce-intranetprod.bce { authhost = x.x.x.x:1645 secret = secret } # realm bce-intranetprod.bce realm bce-mediaprod.bce { authhost = x.x.x.x:1645 secret = secret } # realm bce-mediaprod.bce realm bce-gestionprod.bce { authhost = x.x.x.x:1645 secret = secret } # realm bce-gestionprod.bce realm bce-caissesprod.bce { authhost = x.x.x.x:1645 secret = secret } # realm bce-caissesprod.bce realm bce-appprod.bce { authhost = x.x.x.x:1645 secret = secret } # realm bce-appprod.bce realm bce-privprod.bce { authhost = x.x.x.x:1645 secret = secret } # realm bce-privprod.bce realm bce-pubprod.bce { authhost = x.x.x.x:1645 secret = secret } # realm bce-pubprod.bce realm bce-extranetprod.bce { authhost = x.x.x.x:1645 secret = secret } # realm bce-extranetprod.bce realm bce-stadprod.bce { authhost = x.x.x.x:1645 secret = secret } # realm bce-stadprod.bce realm ogr-gestionprod.bce { authhost = x.x.x.x:1645 secret = secret } # realm ogr-gestionprod.bce realm srv-gestionprod.bce { authhost = x.x.x.x:1645 secret = secret } # realm srv-gestionprod.bce realm stadprod.dsd { authhost = x.x.x.x:1645 secret = secret } # realm stadprod.dsd realm intranetprod.dsd { authhost = x.x.x.x:1645 secret = secret } # realm intranetprod.dsd realm ssl3050 { authhost = x.x.x.x:1645 secret = secret } # realm ssl3050 realm ssl-teleacces.fcdq { authhost = x.x.x.x:1645 secret = secret } # realm ssl-teleacces.fcdq realm ssl-notes.fcdq { authhost = x.x.x.x:1645 secret = secret } # realm ssl-notes.fcdq realm bce-fidprod.bce { authhost = x.x.x.x:1645 secret = secret } # realm bce-fidprod.bce realm isb-intranetprod.fcdq { authhost = x.x.x.x:1645 secret = secret } # realm isb-intranetprod.fcdq realm bce-gestionpe.bce { authhost = x.x.x.x:1645 secret = secret } # realm bce-gestionpe.bce realm mobilite-cfe.fcdq { authhost = x.x.x.x:1645 secret = secret } # realm mobilite-cfe.fcdq realm devmobilite-cfe.fcdq { authhost = x.x.x.x:1645 secret = secret } # realm devmobilite-cfe.fcdq realm ssl-admin.bell { authhost = x.x.x.x:1645 secret = secret } # realm ssl-admin.bell realm intranetprod.fcdq { authhost = x.x.x.x:1645 secret = secret } # realm intranetprod.fcdq realm gestionprod.fcdq { authhost = x.x.x.x:1645 secret = secret } # realm gestionprod.fcdq realm caissesprod.fcdq { authhost = x.x.x.x:1645 secret = secret } # realm caissesprod.fcdq realm appprod.fcdq { authhost = x.x.x.x:1645 secret = secret } # realm appprod.fcdq realm privprod.fcdq { authhost = x.x.x.x:1645 secret = secret } # realm privprod.fcdq realm appprod-siebel.fcdq { authhost = x.x.x.x:1645 secret = secret } # realm appprod-siebel.fcdq realm stadprod.fcdq { authhost = x.x.x.x:1645 secret = secret } # realm stadprod.fcdq realm caissesdev.fcdq { authhost = x.x.x.x:1645 secret = secret } # realm caissesdev.fcdq realm intranetdev.fcdq { authhost = x.x.x.x:1645 secret = secret } # realm intranetdev.fcdq realm privdev.fcdq { authhost = x.x.x.x:1645 secret = secret } # realm privdev.fcdq realm gestiondev.fcdq { authhost = x.x.x.x:1645 secret = secret } # realm gestiondev.fcdq realm fidprod.fcdq { authhost = x.x.x.x:1645 secret = secret } # realm fidprod.fcdq realm devmobilite-caissesuni.fcdq { authhost = x.x.x.x:1645 secret = secret } # realm devmobilite-caissesuni.fcdq realm appval-siebel.fcdq { authhost = x.x.x.x:1645 secret = secret } # realm appval-siebel.fcdq realm appdev.fcdq { authhost = x.x.x.x:1645 secret = secret } # realm appdev.fcdq realm appprod-crypto.fcdq { authhost = x.x.x.x:1645 secret = secret } # realm appprod-crypto.fcdq realm ssl-oper { authhost = x.x.x.x:1645 secret = secret } # realm ssl-oper realm sniffer { authhost = x.x.x.x:1645 secret = secret } # realm sniffer realm mobilite-caisses.fcdq { authhost = x.x.x.x:1645 secret = secret } # realm mobilite-caisses.fcdq realm devmobilite-caisses.fcdq { authhost = x.x.x.x:1645 secret = secret } # realm devmobilite-caisses.fcdq realm intranetprod.ccd { authhost = x.x.x.x:1645 secret = secret } # realm intranetprod.ccd realm appval-releve.fcdq { authhost = x.x.x.x:1645 secret = secret } # realm appval-releve.fcdq realm appprod.fcpa { authhost = x.x.x.x:1645 secret = secret } # realm appprod.fcpa realm appprod.fidvisa { authhost = x.x.x.x:1645 secret = secret } # realm appprod.fidvisa realm appprod.scd { authhost = x.x.x.x:1645 secret = secret } # realm appprod.scd realm appprod01.scd { authhost = x.x.x.x:1645 secret = secret } # realm appprod01.scd realm gestionpe.scd { authhost = x.x.x.x:1645 secret = secret } # realm gestionpe.scd realm gestionprod.ccd { authhost = x.x.x.x:1645 secret = secret } # realm gestionprod.ccd realm intranetcdc.cdc { authhost = x.x.x.x:1645 secret = secret } # realm intranetcdc.cdc realm intranetprod.altel { authhost = x.x.x.x:1645 secret = secret } # realm intranetprod.altel realm intranetprod.ce { authhost = x.x.x.x:1645 secret = secret } # realm intranetprod.ce realm intranetprod.sped { authhost = x.x.x.x:1645 secret = secret } # realm intranetprod.sped realm privprod.fcpa { authhost = x.x.x.x:1645 secret = secret } # realm privprod.fcpa realm privprod.sirius { authhost = x.x.x.x:1645 secret = secret } # realm privprod.sirius realm stadprod.cad { authhost = x.x.x.x:1645 secret = secret } # realm stadprod.cad realm caissesprod1.fcdq { authhost = x.x.x.x:1645 secret = secret } # realm caissesprod1.fcdq realm appprod.vmd { authhost = x.x.x.x:1645 secret = secret } # realm appprod.vmd realm privprod-google.fcdq { authhost = x.x.x.x:1645 secret = secret } # realm privprod-google.fcdq realm supportoracle.fcdq { authhost = x.x.x.x:1645 secret = secret } # realm supportoracle.fcdq realm gestionval.fcdq { authhost = x.x.x.x:1645 secret = secret } # realm gestionval.fcdq realm appprod02.fcdq { authhost = x.x.x.x:1645 secret = secret } # realm appprod02.fcdq realm gestionprod-ddcsc.fcdq { authhost = x.x.x.x:1645 secret = secret } # realm gestionprod-ddcsc.fcdq realm ibmaccess { authhost = x.x.x.x:1645 secret = secret } # realm ibmaccess realm intranetprod-t.fcdq { authhost = x.x.x.x:1645 secret = secret } # realm intranetprod-t.fcdq realm xentrax-stadprod.bce { authhost = x.x.x.x:1645 secret = secret } # realm xentrax-stadprod.bce realm xentrax-intranetprod.bce { authhost = x.x.x.x:1645 secret = secret } # realm xentrax-intranetprod.bce realm bell01-stadprod.bce { authhost = x.x.x.x:1645 secret = secret } # realm bell01-stadprod.bce realm appprod03.fcdq { authhost = x.x.x.x:1645 secret = secret } # realm appprod03.fcdq realm css.fcdq { authhost = x.x.x.x:1645 secret = secret } # realm css.fcdq realm gestion.hds { authhost = x.x.x.x:1645 secret = secret } # realm gestion.hds realm appprod04.fcdq { authhost = x.x.x.x:1645 secret = secret } # realm appprod04.fcdq realm rr.partenaires { authhost = x.x.x.x:1645 secret = secret } # realm rr.partenaires realm privprod.panagon { authhost = x.x.x.x:1645 secret = secret } # realm privprod.panagon realm byoc.prod { authhost = x.x.x.x:1645 secret = secret } # realm byoc.prod realm ccc.prod { authhost = x.x.x.x:1645 secret = secret } # realm ccc.prod realm support-ddtcpc.fcdq { authhost = x.x.x.x:1645 secret = secret } # realm support-ddtcpc.fcdq realm intranetprod.dcr { authhost = x.x.x.x:1645 secret = secret } # realm intranetprod.dcr realm meplus.ccd { authhost = x.x.x.x:1645 secret = secret } # realm meplus.ccd realm campus.jacada { authhost = x.x.x.x:1645 secret = secret } # realm campus.jacada realm support-ddcsc.fcdq { authhost = x.x.x.x:1645 secret = secret } # realm support-ddcsc.fcdq realm support-ddcsc.fcdq { authhost = x.x.x.x:1645 secret = secret } # realm support-ddcsc.fcdq realm bellmarchesaffaires.bma { authhost = x.x.x.x:1645 secret = secret } realm css.dgag { authhost = x.x.x.x:1645 secret = secret } realm css.dsf { authhost = x.x.x.x:1645 secret = secret } realm css.vmd { authhost = x.x.x.x:1645 secret = secret } realm gestionpe.fid { authhost = x.x.x.x:1645 secret = secret } realm gestionprod.dgag { authhost = x.x.x.x:1645 secret = secret } realm gestionprod.dsf { authhost = x.x.x.x:1645 secret = secret } realm gestionprod.fid { authhost = x.x.x.x:1645 secret = secret } realm gestionprod.vmd { authhost = x.x.x.x:1645 secret = secret } realm gestionscd.prod { authhost = x.x.x.x:1645 secret = secret } realm gestionseed.prod { authhost = x.x.x.x:1645 secret = secret } realm gestionseed.uni { authhost = x.x.x.x:1645 secret = secret } realm intranetdev.dgag { authhost = x.x.x.x:1645 secret = secret } realm intranetdev.dsf { authhost = x.x.x.x:1645 secret = secret } realm intranetdev.gmt { authhost = x.x.x.x:1645 secret = secret } realm intranetdev.ib-arm { authhost = x.x.x.x:1645 secret = secret } realm intranetdev-telip.fcdq { authhost = x.x.x.x:1645 secret = secret } realm intranetprod.blackbox { authhost = x.x.x.x:1645 secret = secret } realm intranetprod.dlgl { authhost = x.x.x.x:1645 secret = secret } realm privprod.apisoft { authhost = x.x.x.x:1645 secret = secret } realm prodgestion.ccd { authhost = x.x.x.x:1645 secret = secret } realm bellmarchesaffaires.bma { authhost = x.x.x.x:1645 secret = secret } # realm bellmarchesaffaires.bma realm css.dgag { authhost = x.x.x.x:1645 secret = secret } # realm css.dgag realm css.dsf { authhost = x.x.x.x:1645 secret = secret } # realm css.dsf realm css.vmd { authhost = x.x.x.x:1645 secret = secret } # realm css.vmd realm gestionpe.fid { authhost = x.x.x.x:1645 secret = secret } # realm gestionpe.fid realm gestionprod.dgag { authhost = x.x.x.x:1645 secret = secret } # realm gestionprod.dgag realm gestionprod.dsf { authhost = x.x.x.x:1645 secret = secret } # realm gestionprod.dsf realm gestionprod.fid { authhost = x.x.x.x:1645 secret = secret } # realm gestionprod.fid realm gestionprod.vmd { authhost = x.x.x.x:1645 secret = secret } # realm gestionprod.vmd realm gestionscd.prod { authhost = x.x.x.x:1645 secret = secret } # realm gestionscd.prod realm gestionseed.prod { authhost = x.x.x.x:1645 secret = secret } # realm gestionseed.prod realm gestionseed.uni { authhost = x.x.x.x:1645 secret = secret } # realm gestionseed.uni realm intranetdev.dgag { authhost = x.x.x.x:1645 secret = secret } # realm intranetdev.dgag realm intranetdev.dsf { authhost = x.x.x.x:1645 secret = secret } # realm intranetdev.dsf realm intranetdev.gmt { authhost = x.x.x.x:1645 secret = secret } # realm intranetdev.gmt realm intranetdev.ib-arm { authhost = x.x.x.x:1645 secret = secret } # realm intranetdev.ib-arm realm intranetdev-telip.fcdq { authhost = x.x.x.x:1645 secret = secret } # realm intranetdev-telip.fcdq realm intranetprod.blackbox { authhost = x.x.x.x:1645 secret = secret } # realm intranetprod.blackbox realm intranetprod.dlgl { authhost = x.x.x.x:1645 secret = secret } # realm intranetprod.dlgl realm privprod.apisoft { authhost = x.x.x.x:1645 secret = secret } # realm privprod.apisoft realm prodgestion.ccd { authhost = x.x.x.x:1645 secret = secret } # realm prodgestion.ccd realm IntranetPub.IBM { authhost = x.x.x.x:1645 secret = secret } realm IntranetPub.IBM { authhost = x.x.x.x:1645 secret = secret } # realm IntranetPub.IBM realm IntranetPub.IBM { authhost = x.x.x.x:1645 secret = secret } # realm IntranetPub.IBM realm privappprod.decimal { authhost = x.x.x.x:1645 secret = secret } realm privappprod.decimal { authhost = x.x.x.x:1645 secret = secret } # realm privappprod.decimal realm privappprod.decimal { authhost = x.x.x.x:1645 secret = secret } # realm privappprod.decimal realm intranetprod.Novo { authhost = x.x.x.x:1645 secret = secret } realm intranetprod.Novo { authhost = x.x.x.x:1645 secret = secret } # realm intranetprod.Novo realm intranetprod.Novo { authhost = x.x.x.x:1645 secret = secret } # realm intranetprod.Novo realm intranetprod.LetkoBrosseau { authhost = x.x.x.x:1645 secret = secret } realm intranetprod.LetkoBrosseau { authhost = x.x.x.x:1645 secret = secret } # realm intranetprod.LetkoBrosseau realm intranetprod.LetkoBrosseau { authhost = x.x.x.x:1645 secret = secret } # realm intranetprod.LetkoBrosseau realm intranetprod.fid { authhost = x.x.x.x:1645 secret = secret } realm intranetprod.fid { authhost = x.x.x.x:1645 secret = secret } # realm intranetprod.fid realm intranetprod.fid { authhost = x.x.x.x:1645 secret = secret } # realm intranetprod.fid realm extranetprod.Pirel { authhost = x.x.x.x:1645 secret = secret } realm extranetprod.Pirel { authhost = x.x.x.x:1645 secret = secret } # realm extranetprod.Pirel realm extranetprod.Pirel { authhost = x.x.x.x:1645 secret = secret } # realm extranetprod.Pirel realm mailprod.dcr { authhost = x.x.x.x:1645 secret = secret } realm mailprod.dcr { authhost = x.x.x.x:1645 secret = secret } # realm mailprod.dcr realm mailprod.dcr { authhost = x.x.x.x:1645 secret = secret } # realm mailprod.dcr realm Support.Equisoft { authhost = x.x.x.x:1645 secret = secret } realm Support.Equisoft { authhost = x.x.x.x:1645 secret = secret } # realm Support.Equisoft realm Support.Equisoft { authhost = x.x.x.x:1645 secret = secret } # realm Support.Equisoft realm nsm { authhost = x.x.x.x:1645 secret = secret } realm nsm { authhost = x.x.x.x:1645 secret = secret } # realm nsm realm nsm { authhost = x.x.x.x:1645 secret = secret } # realm nsm realm Nice.FCDQ { authhost = x.x.x.x:1645 secret = secret } realm Nice.FCDQ { authhost = x.x.x.x:1645 secret = secret } # realm Nice.FCDQ realm Nice.FCDQ { authhost = x.x.x.x:1645 secret = secret } # realm Nice.FCDQ realm dmr-intranetprod.fcdq { authhost = x.x.x.x:1645 secret = secret } realm dmr-intranetprod.fcdq { authhost = x.x.x.x:1645 secret = secret } # realm dmr-intranetprod.fcdq realm dmr-intranetprod.fcdq { authhost = x.x.x.x:1645 secret = secret } # realm dmr-intranetprod.fcdq realm 4 { authhost = x.x.x.x:1645 secret = secret } realm 4 { authhost = x.x.x.x:1645 secret = secret } # realm 4 realm 4 { authhost = x.x.x.x:1645 secret = secret } # realm 4 realm extranetprod.Eximius { authhost = x.x.x.x:1645 secret = secret } realm extranetprod.Eximius { authhost = x.x.x.x:1645 secret = secret } # realm extranetprod.Eximius realm extranetprod.Eximius { authhost = x.x.x.x:1645 secret = secret } # realm extranetprod.Eximius realm espacevd.fcdq { authhost = x.x.x.x:1645 secret = secret } realm espacevd.fcdq { authhost = x.x.x.x:1645 secret = secret } # realm espacevd.fcdq realm espacevd.fcdq { authhost = x.x.x.x:1645 secret = secret } # realm espacevd.fcdq realm privconsomobile.dev { authhost = x.x.x.x:1645 secret = secret } realm privconsomobile.dev { authhost = x.x.x.x:1645 secret = secret } # realm privconsomobile.dev realm privconsomobile.dev { authhost = x.x.x.x:1645 secret = secret } # realm privconsomobile.dev realm unitraxdesj.prod { authhost = x.x.x.x:1645 secret = secret } realm unitraxdesj.prod { authhost = x.x.x.x:1645 secret = secret } # realm unitraxdesj.prod realm unitraxdesj.prod { authhost = x.x.x.x:1645 secret = secret } # realm unitraxdesj.prod realm Nuancegenesysdesj.mvt { authhost = x.x.x.x:1645 secret = secret } realm Nuancegenesysdesj.mvt { authhost = x.x.x.x:1645 secret = secret } # realm Nuancegenesysdesj.mvt realm Nuancegenesysdesj.mvt { authhost = x.x.x.x:1645 secret = secret } # realm Nuancegenesysdesj.mvt realm komutel.prod { authhost = x.x.x.x:1645 secret = secret } realm komutel.prod { authhost = x.x.x.x:1645 secret = secret } # realm komutel.prod realm komutel.prod { authhost = x.x.x.x:1645 secret = secret } # realm komutel.prod realm Intranetdesj.prod { authhost = x.x.x.x:1645 secret = secret } realm Intranetdesj.prod { authhost = x.x.x.x:1645 secret = secret } # realm Intranetdesj.prod realm Intranetdesj.prod { authhost = x.x.x.x:1645 secret = secret } # realm Intranetdesj.prod realm webintranetdesj.prod { authhost = x.x.x.x:1645 secret = secret } realm webintranetdesj.prod { authhost = x.x.x.x:1645 secret = secret } # realm webintranetdesj.prod realm webintranetdesj.prod { authhost = x.x.x.x:1645 secret = secret } # realm webintranetdesj.prod realm caissectoecal.prod { authhost = x.x.x.x:1645 secret = secret } realm caissectoecal.prod { authhost = x.x.x.x:1645 secret = secret } # realm caissectoecal.prod realm caissectoecal.prod { authhost = x.x.x.x:1645 secret = secret } # realm caissectoecal.prod realm cssdesj.prod { authhost = x.x.x.x:1645 secret = secret } realm cssdesj.prod { authhost = x.x.x.x:1645 secret = secret } # realm cssdesj.prod realm cssdesj.prod { authhost = x.x.x.x:1645 secret = secret } # realm cssdesj.prod realm supportdesj.prod { authhost = x.x.x.x:1645 secret = secret } realm supportdesj.prod { authhost = x.x.x.x:1645 secret = secret } # realm supportdesj.prod realm supportdesj.prod { authhost = x.x.x.x:1645 secret = secret } # realm supportdesj.prod realm caissectodesj.prod { authhost = x.x.x.x:1645 secret = secret } realm caissectodesj.prod { authhost = x.x.x.x:1645 secret = secret } # realm caissectodesj.prod realm caissectodesj.prod { authhost = x.x.x.x:1645 secret = secret } # realm caissectodesj.prod realm nuancedesj.prod { authhost = x.x.13.6:1645 secret = secret } realm nuancedesj.prod { authhost = x.x04.2.12:1645 secret = secret } # realm nuancedesj.prod realm nuancedesj.prod { authhost = x.x.16.30:1645 secret = secret } # realm nuancedesj.prod realm intranetdev.scd { authhost = x.x.13.6:1645 secret = secret } realm intranetdev.scd { authhost = x.x04.2.12:1645 secret = secret } # realm intranetdev.scd realm intranetdev.scd { authhost = x.x.16.30:1645 secret = secret } # realm intranetdev.scd realm rcgt.prod { authhost = x.x.x.x:1645 secret = secret } realm rcgt.prod { authhost = x.x.x.x:1645 secret = secret } # realm rcgt.prod realm rcgt.prod { authhost = x.x.x.x:1645 secret = secret } # realm rcgt.prod realm charybe { authhost = x.x.x.x:1645 secret = secret } realm charybe { authhost = x.x.x.x:1645 secret = secret } # realm charybe realm charybe { authhost = x.x.x.x:1645 secret = secret } # realm charybe realm scylla { authhost = x.x.x.x:1645 secret = secret } realm scylla { authhost = x.x.x.x:1645 secret = secret } # realm scylla realm scylla { authhost = x.x.x.x:1645 secret = secret } # realm scylla realm efront.dev { authhost = x.x.x.x:1645 secret = secret } realm efront.dev { authhost = x.x.x.x:1645 secret = secret } # realm efront.dev realm efront.dev { authhost = x.x.x.x:1645 secret = secret } # realm efront.dev realm privprod.dlgl { authhost = x.x.x.x:1645 secret = secret } realm privprod.dlgl { authhost = x.x.x.x:1645 secret = secret } # realm privprod.dlgl realm privprod.dlgl { authhost = x.x.x.x:1645 secret = secret } # realm privprod.dlgl realm stack.fcdq { authhost = x.x.x.x:1645 secret = secret } realm stack.fcdq { authhost = x.x.x.x:1645 secret = secret } # realm stack.fcdq realm stack.fcdq { authhost = x.x.x.x:1645 secret = secret } # realm stack.fcdq realm intranetprod.arrow { authhost = x.x.x.x:1645 secret = secret } realm intranetprod.arrow { authhost = x.x.x.x:1645 secret = secret } # realm intranetprod.arrow realm intranetprod.arrow { authhost = x.x.x.x:1645 secret = secret } # realm intranetprod.arrow realm intranetprod.ipc { authhost = x.x.x.x:1645 secret = secret } realm intranetprod.ipc { authhost = x.x.x.x:1645 secret = secret } # realm intranetprod.ipc realm intranetprod.ipc { authhost = x.x.x.x:1645 secret = secret } # realm intranetprod.ipc realm intranetprod.modex { authhost = x.x.x.x:1645 secret = secret } realm intranetprod.modex { authhost = x.x.x.x:1645 secret = secret } # realm intranetprod.modex realm intranetprod.modex { authhost = x.x.x.x:1645 secret = secret } # realm intranetprod.modex realm intranetprod.niad { authhost = x.x.x.x:1645 secret = secret } realm intranetprod.niad { authhost = x.x.x.x:1645 secret = secret } # realm intranetprod.niad realm intranetprod.niad { authhost = x.x.x.x:1645 secret = secret } # realm intranetprod.niad realm intranetprod.tradewest { authhost = x.x.x.x:1645 secret = secret } realm intranetprod.tradewest { authhost = x.x.x.x:1645 secret = secret } # realm intranetprod.tradewest realm intranetprod.tradewest { authhost = x.x.x.x:1645 secret = secret } # realm intranetprod.tradewest realm solotech.vpni { authhost = x.x.x.x:1645 secret = secret } realm solotech.vpni { authhost = x.x.x.x:1645 secret = secret } # realm solotech.vpni realm solotech.vpni { authhost = x.x.x.x:1645 secret = secret } # realm solotech.vpni realm dovetail.vpni { authhost = x.x.x.x:1645 secret = secret } realm dovetail.vpni { authhost = x.x.x.x:1645 secret = secret } # realm dovetail.vpni realm dovetail.vpni { authhost = x.x.x.x:1645 secret = secret } # realm dovetail.vpni realm penega.vpni { authhost = x.x.x.x:1645 secret = secret } realm penega.vpni { authhost = x.x.x.x:1645 secret = secret } # realm penega.vpni realm penega.vpni { authhost = x.x.x.x:1645 secret = secret } # realm penega.vpni realm gestionprod.bell.vpni { authhost = x.x.x.x:1645 secret = secret } realm gestionprod.bell.vpni { authhost = x.x.x.x:1645 secret = secret } # realm gestionprod.bell.vpni realm gestionprod.bell.vpni { authhost = x.x.x.x:1645 secret = secret } # realm gestionprod.bell.vpni realm intranetprod.bell.vpni { authhost = x.x.x.x:1645 secret = secret } realm intranetprod.bell.vpni { authhost = x.x.x.x:1645 secret = secret } # realm intranetprod.bell.vpni realm intranetprod.bell.vpni { authhost = x.x.x.x:1645 secret = secret } # realm intranetprod.bell.vpni realm murex.vpni { authhost = x.x.x.x:1645 secret = secret } realm murex.vpni { authhost = x.x.x.x:1645 secret = secret } # realm murex.vpni realm murex.vpni { authhost = x.x.x.x:1645 secret = secret } # realm murex.vpni realm softtarget { authhost = x.x.x.x:1645 secret = secret } realm softtarget { authhost = x.x.x.x:1645 secret = secret } # realm softtarget realm softtarget { authhost = x.x.x.x:1645 secret = secret } # realm softtarget realm mobilesprod.scd { authhost = x.x.x.x:1645 secret = secret } realm mobilesprod.scd { authhost = x.x.x.x:1645 secret = secret } # realm mobilesprod.scd realm mobilesprod.scd { authhost = x.x.x.x:1645 secret = secret } # realm mobilesprod.scd realm fico { authhost = x.x.x.x:1645 secret = secret } realm fico { authhost = x.x.x.x:1645 secret = secret } # realm fico realm fico { authhost = x.x.x.x:1645 secret = secret } # realm fico realm flexcubeccd.vpnz { authhost = x.x.x.x:1645 secret = secret } realm flexcubeccd.vpnz { authhost = x.x.x.x:1645 secret = secret } # realm flexcubeccd.vpnz realm flexcubeccd.vpnz { authhost = x.x.x.x:1645 secret = secret } # realm flexcubeccd.vpnz realm oxilio { authhost = x.x.x.x:1645 secret = secret } realm oxilio { authhost = x.x.x.x:1645 secret = secret } # realm oxilio realm oxilio { authhost = x.x.x.x:1645 secret = secret } # realm oxilio realm mobilesprod.scd.vpni { authhost = x.x.x.x:1645 secret = secret } realm mobilesprod.scd.vpni { authhost = x.x.x.x:1645 secret = secret } # realm mobilesprod.scd.vpni realm mobilesprod.scd.vpni { authhost = x.x.x.x:1645 secret = secret } # realm mobilesprod.scd.vpni realm ccc.prod2 { authhost = x.x.x.x:1645 secret = secret } realm ccc.prod2 { authhost = x.x.x.x:1645 secret = secret } # realm ccc.prod2 realm ccc.prod2 { authhost = x.x.x.x:1645 secret = secret } # realm ccc.prod2 realm SCDsupjrProd.fcdq.vpnz { authhost = x.x.x.x:1645 secret = secret } realm SCDsupjrProd.fcdq.vpnz { authhost = x.x.x.x:1645 secret = secret } # realm SCDsupjrProd.fcdq.vpnz realm SCDsupjrProd.fcdq.vpnz { authhost = x.x.x.x:1645 secret = secret } # realm SCDsupjrProd.fcdq.vpnz realm archer.fcdq { authhost = x.x.x.x:1645 secret = secret } realm archer.fcdq { authhost = x.x.x.x:1645 secret = secret } # realm archer.fcdq realm archer.fcdq { authhost = x.x.x.x:1645 secret = secret } # realm archer.fcdq realm extranetprod.sfl { authhost = x.x.x.x:1645 secret = secret } realm extranetprod.sfl { authhost = x.x.x.x:1645 secret = secret } # realm extranetprod.sfl realm extranetprod.sfl { authhost = x.x.x.x:1645 secret = secret } # realm extranetprod.sfl realm q { authhost = x.x.x.x:1645 secret = secret } realm q { authhost = x.x.x.x:1645 secret = secret } # realm q realm q { authhost = x.x.x.x:1645 secret = secret } # realm q radiusd: #### Loading Clients #### client 127.0.0.1 { require_message_authenticator = no secret = "testing123" shortname = "localhost" nastype = "other" } client x.x.50.66 { require_message_authenticator = no secret = "contivity4use" shortname = "contivityicn" } client x.x.50.61 { require_message_authenticator = no secret = "contivity4use" shortname = "contivityfcdq" } client x.x.150.0/24 { require_message_authenticator = no secret = "contivity4use" shortname = "contivityrel" } client x.x.50.0/24 { require_message_authenticator = no secret = "shasta4use" shortname = "shastaprod" } client x.x.50.0/24 { require_message_authenticator = no secret = "shasta4use" shortname = "shastaprod2" } client x.x.150.0/24 { require_message_authenticator = no secret = "shasta4use" shortname = "shastarel" } client x.x.150.0/24 { require_message_authenticator = no secret = "shasta4use" shortname = "shastarel2" } client x.x.100.0/24 { require_message_authenticator = no secret = "sslvpn4use" shortname = "sslvpnprod" } client x.x.157.0/24 { require_message_authenticator = no secret = "contivitydmr4use" shortname = "contivitydmrprod" } client x.x.1.0/24 { require_message_authenticator = no secret = "contivityfid4use" shortname = "contivityfidprod" } client x.x.159.0/24 { require_message_authenticator = no secret = "contivitycia4use" shortname = "contivityciaprod" } client x.x.240.0/24 { require_message_authenticator = no secret = "86004use" shortname = "8600INTRA3" } client x.x.122.0/24 { require_message_authenticator = no secret = "86004use" shortname = "8600INTRA" } client x.x.250.0/24 { require_message_authenticator = no secret = "86004use" shortname = "8600INTRa4A" } client x.x.254.0/24 { require_message_authenticator = no secret = "86004use" shortname = "8600INTRA2" } client x.x.254.0/24 { require_message_authenticator = no secret = "86004use" shortname = "8600CSE" } client x.x.254.0/24 { require_message_authenticator = no secret = "86004use" shortname = "8600APP" } client x.x.254.0/24 { require_message_authenticator = no secret = "86004use" shortname = "8600PUB" } client x.x.125.163 { require_message_authenticator = no secret = "SSL3050tls1" shortname = "ssl3050" } client x.x.146.69 { require_message_authenticator = no secret = "SSL3050tls1" shortname = "ssl3050" } client x.x.41.130 { require_message_authenticator = no secret = "SSL3050tls1" shortname = "ssl3050" } client x.x.41.131 { require_message_authenticator = no secret = "SSL3050tls1" shortname = "ssl3050" } client x.x.41.132 { require_message_authenticator = no secret = "SSL3050tls1" shortname = "ssl3050" } client x.x.125.164 { require_message_authenticator = no secret = "SSL3050tls1" shortname = "ssl3050" } client x.x.146.70 { require_message_authenticator = no secret = "SSL3050tls1" shortname = "ssl3050" } client x.x.169.130 { require_message_authenticator = no secret = "SSL3050tls1" shortname = "ssl3050" } client x.x.169.131 { require_message_authenticator = no secret = "SSL3050tls1" shortname = "ssl3050" } client x.x.169.132 { require_message_authenticator = no secret = "SSL3050tls1" shortname = "ssl3050" } client x.x.254.0/24 { require_message_authenticator = no secret = "86004use" shortname = "8600GEST" } client x.x.254.0/24 { require_message_authenticator = no secret = "86004use" shortname = "8600PRIV" } client x.x.254.0/24 { require_message_authenticator = no secret = "86004use" shortname = "8600STAD" } client x.x.0.0/8 { require_message_authenticator = no secret = "86004use" shortname = "8600DEV" } client x.x.164.0/24 { require_message_authenticator = no secret = "contivitycce4use" shortname = "contivitycceprod" } client x.x.127.2 { require_message_authenticator = no secret = "asa4use" shortname = "asaprod" } client x.x.127.0/24 { require_message_authenticator = no secret = "ssljunipervpni" shortname = "SSLVPNMTL" } client x.x.127.0/24 { require_message_authenticator = no secret = "ssljunipervpni" shortname = "SSLVPNTOR" } client x.x.0.170 { require_message_authenticator = no secret = "infini4use" shortname = "infiniprod" } client x.x.0.35 { require_message_authenticator = no secret = "4nsm2use" shortname = "nsmprodmtl" } client x.x.0.35 { require_message_authenticator = no secret = "4nsm2use" shortname = "nsmprodtor" } client x.x.122.101 { require_message_authenticator = no secret = "4efficientip2use" shortname = "efficientip" } client x.x.122.101 { require_message_authenticator = no secret = "4efficientip2use" shortname = "efficientip" } client x.x.122.102 { require_message_authenticator = no secret = "4efficientip2use" shortname = "efficientip" } client x.x.122.102 { require_message_authenticator = no secret = "4efficientip2use" shortname = "efficientip" } client x.x.122.103 { require_message_authenticator = no secret = "4efficientip2use" shortname = "efficientip" } client x.x.122.103 { require_message_authenticator = no secret = "4efficientip2use" shortname = "efficientip" } client x.x.122.104 { require_message_authenticator = no secret = "4efficientip2use" shortname = "efficientip" } client x.x.122.104 { require_message_authenticator = no secret = "4efficientip2use" shortname = "efficientip" } client x.x.122.105 { require_message_authenticator = no secret = "4efficientip2use" shortname = "efficientip" } client x.x.122.105 { require_message_authenticator = no secret = "4efficientip2use" shortname = "efficientip" } client x.x.122.106 { require_message_authenticator = no secret = "4efficientip2use" shortname = "efficientip" } client x.x.122.106 { require_message_authenticator = no secret = "4efficientip2use" shortname = "efficientip" } client x.x.122.107 { require_message_authenticator = no secret = "4efficientip2use" shortname = "efficientip" } client x.x.122.107 { require_message_authenticator = no secret = "4efficientip2use" shortname = "efficientip" } client x.x.122.108 { require_message_authenticator = no secret = "4efficientip2use" shortname = "efficientip" } client x.x.122.108 { require_message_authenticator = no secret = "4efficientip2use" shortname = "efficientip" } client x.x.122.106 { require_message_authenticator = no secret = "4efficientip2use" shortname = "efficientip" } WARNING: Ignoring duplicate client x.x.122.106 client x.x.122.106 { require_message_authenticator = no secret = "4efficientip2use" shortname = "efficientip" } WARNING: Ignoring duplicate client x.x.122.106 client x.x.122.107 { require_message_authenticator = no secret = "4efficientip2use" shortname = "efficientip" } WARNING: Ignoring duplicate client x.x.122.107 client x.x.122.107 { require_message_authenticator = no secret = "4efficientip2use" shortname = "efficientip" } WARNING: Ignoring duplicate client x.x.122.107 client x.x.122.108 { require_message_authenticator = no secret = "4efficientip2use" shortname = "efficientip" } WARNING: Ignoring duplicate client x.x.122.108 client x.x.122.108 { require_message_authenticator = no secret = "4efficientip2use" shortname = "efficientip" } WARNING: Ignoring duplicate client x.x.122.108 client x.x.122.109 { require_message_authenticator = no secret = "4efficientip2use" shortname = "efficientip" } client x.x.122.109 { require_message_authenticator = no secret = "4efficientip2use" shortname = "efficientip" } client x.x.122.110 { require_message_authenticator = no secret = "4efficientip2use" shortname = "efficientip" } client x.x.122.110 { require_message_authenticator = no secret = "4efficientip2use" shortname = "efficientip" } client x.x.139.8 { require_message_authenticator = no secret = "4efficientip2use" shortname = "efficientip" } client x.x.139.9 { require_message_authenticator = no secret = "4efficientip2use" shortname = "efficientip" } radiusd: #### Instantiating modules #### instantiate { Module: Linked to module rlm_exec Module: Instantiating module "exec" from file /etc/raddb/modules/exec exec { wait = no input_pairs = "request" shell_escape = yes timeout = 10 } Module: Linked to module rlm_expr Module: Instantiating module "expr" from file /etc/raddb/modules/expr Module: Linked to module rlm_expiration Module: Instantiating module "expiration" from file /etc/raddb/modules/expiration expiration { reply-message = "Password Has Expired " } Module: Linked to module rlm_logintime Module: Instantiating module "logintime" from file /etc/raddb/modules/logintime logintime { reply-message = "You are calling outside your allowed timespan " minimum-timeout = 60 } } radiusd: #### Loading Virtual Servers #### server { # from file modules { Module: Creating Auth-Type = digest Module: Creating Auth-Type = LDAP Module: Creating Post-Auth-Type = REJECT Module: Checking authenticate {...} for more modules to load Module: Linked to module rlm_pap Module: Instantiating module "pap" from file /etc/raddb/modules/pap pap { encryption_scheme = "auto" auto_header = no } Module: Linked to module rlm_chap Module: Instantiating module "chap" from file /etc/raddb/modules/chap Module: Linked to module rlm_mschap Module: Instantiating module "mschap" from file /etc/raddb/modules/mschap mschap { use_mppe = yes require_encryption = no require_strong = no with_ntdomain_hack = no allow_retry = yes } Module: Linked to module rlm_digest Module: Instantiating module "digest" from file /etc/raddb/modules/digest Module: Linked to module rlm_unix Module: Instantiating module "unix" from file /etc/raddb/modules/unix unix { radwtmp = "/var/log/radius/radwtmp" } Module: Linked to module rlm_ldap Module: Instantiating module "ldap" from file /etc/raddb/modules/ldap ldap { server = "x.x.4.16" port = 389 password = "password" expect_password = yes identity = "cn=Manager,dc=connexim,dc=com" net_timeout = 1 timeout = 4 timelimit = 3 max_uses = 0 tls_mode = no start_tls = no tls_require_cert = "allow" tls { start_tls = no require_cert = "allow" } basedn = "dc=connexim,dc=com" filter = "(cn=%{User-Name})" base_filter = "(objectclass=radiusprofile)" auto_header = no access_attr_used_for_allow = yes groupname_attribute = "cn" groupmembership_filter = "(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))" dictionary_mapping = "/etc/raddb/ldap.attrmap" ldap_debug = 0 ldap_connections_number = 5 compare_check_items = no do_xlat = yes set_auth_type = yes keepalive { idle = 60 probes = 3 interval = 3 } } rlm_ldap: Registering ldap_groupcmp for Ldap-Group rlm_ldap: Registering ldap_xlat with xlat_name ldap rlm_ldap: reading ldap<->radius mappings from file /etc/raddb/ldap.attrmap rlm_ldap: LDAP radiusCheckItem mapped to RADIUS $GENERIC$ rlm_ldap: LDAP radiusReplyItem mapped to RADIUS $GENERIC$ rlm_ldap: LDAP radiusAuthType mapped to RADIUS Auth-Type rlm_ldap: LDAP radiusSimultaneousUse mapped to RADIUS Simultaneous-Use rlm_ldap: LDAP radiusCalledStationId mapped to RADIUS Called-Station-Id rlm_ldap: LDAP radiusCallingStationId mapped to RADIUS Calling-Station-Id rlm_ldap: LDAP lmPassword mapped to RADIUS LM-Password rlm_ldap: LDAP ntPassword mapped to RADIUS NT-Password rlm_ldap: LDAP sambaLmPassword mapped to RADIUS LM-Password rlm_ldap: LDAP sambaNtPassword mapped to RADIUS NT-Password rlm_ldap: LDAP dBCSPwd mapped to RADIUS LM-Password rlm_ldap: LDAP userPassword mapped to RADIUS Password-With-Header rlm_ldap: LDAP acctFlags mapped to RADIUS SMB-Account-CTRL-TEXT rlm_ldap: LDAP radiusExpiration mapped to RADIUS Expiration rlm_ldap: LDAP radiusClientIPAddress mapped to RADIUS NAS-IP-Address rlm_ldap: LDAP radiusServiceType mapped to RADIUS Service-Type rlm_ldap: LDAP radiusFramedProtocol mapped to RADIUS Framed-Protocol rlm_ldap: LDAP radiusFramedIPAddress mapped to RADIUS Framed-IP-Address rlm_ldap: LDAP radiusFramedIPNetmask mapped to RADIUS Framed-IP-Netmask rlm_ldap: LDAP radiusFramedRoute mapped to RADIUS Framed-Route rlm_ldap: LDAP radiusFramedRouting mapped to RADIUS Framed-Routing rlm_ldap: LDAP radiusFilterId mapped to RADIUS Filter-Id rlm_ldap: LDAP radiusFramedMTU mapped to RADIUS Framed-MTU rlm_ldap: LDAP radiusFramedCompression mapped to RADIUS Framed-Compression rlm_ldap: LDAP radiusLoginIPHost mapped to RADIUS Login-IP-Host rlm_ldap: LDAP radiusLoginService mapped to RADIUS Login-Service rlm_ldap: LDAP radiusLoginTCPPort mapped to RADIUS Login-TCP-Port rlm_ldap: LDAP radiusCallbackNumber mapped to RADIUS Callback-Number rlm_ldap: LDAP radiusCallbackId mapped to RADIUS Callback-Id rlm_ldap: LDAP radiusFramedIPXNetwork mapped to RADIUS Framed-IPX-Network rlm_ldap: LDAP radiusClass mapped to RADIUS Class rlm_ldap: LDAP radiusSessionTimeout mapped to RADIUS Session-Timeout rlm_ldap: LDAP radiusIdleTimeout mapped to RADIUS Idle-Timeout rlm_ldap: LDAP radiusTerminationAction mapped to RADIUS Termination-Action rlm_ldap: LDAP radiusLoginLATService mapped to RADIUS Login-LAT-Service rlm_ldap: LDAP radiusLoginLATNode mapped to RADIUS Login-LAT-Node rlm_ldap: LDAP radiusLoginLATGroup mapped to RADIUS Login-LAT-Group rlm_ldap: LDAP radiusFramedAppleTalkLink mapped to RADIUS Framed-AppleTalk-Link rlm_ldap: LDAP radiusFramedAppleTalkNetwork mapped to RADIUS Framed-AppleTalk-Network rlm_ldap: LDAP radiusFramedAppleTalkZone mapped to RADIUS Framed-AppleTalk-Zone rlm_ldap: LDAP radiusPortLimit mapped to RADIUS Port-Limit rlm_ldap: LDAP radiusLoginLATPort mapped to RADIUS Login-LAT-Port rlm_ldap: LDAP radiusLogin-Passport-8600 mapped to RADIUS Login-Passport-8600 rlm_ldap: LDAP radiusLogin-Sniffer-Cisco mapped to RADIUS Cisco-AVPair rlm_ldap: LDAP radiusLogin-SSL-3050 mapped to RADIUS Login-SSL-3050 rlm_ldap: LDAP efficientip-groups mapped to RADIUS efficientip-groups rlm_ldap: LDAP efficientip-first-name mapped to RADIUS efficientip-first-name rlm_ldap: LDAP efficientip-last-name mapped to RADIUS efficientip-last-name rlm_ldap: LDAP efficientip-pseudonym mapped to RADIUS efficientip-pseudonym rlm_ldap: LDAP radiusReplyMessage mapped to RADIUS Reply-Message rlm_ldap: LDAP radiusTunnelType mapped to RADIUS Tunnel-Type rlm_ldap: LDAP radiusTunnelMediumType mapped to RADIUS Tunnel-Medium-Type rlm_ldap: LDAP radiusTunnelPrivateGroupId mapped to RADIUS Tunnel-Private-Group-Id conns: 0x7f62eefc2c70 Module: Linked to module rlm_eap Module: Instantiating module "eap" from file /etc/raddb/eap.conf eap { default_eap_type = "md5" timer_expire = 60 ignore_unknown_eap_types = no cisco_accounting_username_bug = no max_sessions = 1024 } Module: Linked to sub-module rlm_eap_md5 Module: Instantiating eap-md5 Module: Linked to sub-module rlm_eap_leap Module: Instantiating eap-leap Module: Linked to sub-module rlm_eap_gtc Module: Instantiating eap-gtc gtc { challenge = "Password: " auth_type = "PAP" } Module: Linked to sub-module rlm_eap_tls Module: Instantiating eap-tls tls { rsa_key_exchange = no dh_key_exchange = yes rsa_key_length = 512 dh_key_length = 512 verify_depth = 0 CA_path = "/etc/raddb/certs" pem_file_type = yes private_key_file = "/etc/raddb/certs/server.pem" certificate_file = "/etc/raddb/certs/server.pem" CA_file = "/etc/raddb/certs/ca.pem" private_key_password = "whatever" dh_file = "/etc/raddb/certs/dh" fragment_size = 1024 include_length = yes check_crl = no cipher_list = "DEFAULT" ecdh_curve = "prime256v1" cache { enable = no lifetime = 24 max_entries = 255 } verify { } ocsp { enable = no override_cert_url = yes url = "http://127.0.0.1/ocsp/" use_nonce = yes timeout = 0 softfail = no } } Module: Linked to sub-module rlm_eap_ttls Module: Instantiating eap-ttls ttls { default_eap_type = "md5" copy_request_to_tunnel = no use_tunneled_reply = no virtual_server = "inner-tunnel" include_length = yes } Module: Linked to sub-module rlm_eap_peap Module: Instantiating eap-peap peap { default_eap_type = "mschapv2" copy_request_to_tunnel = no use_tunneled_reply = no proxy_tunneled_request_as_eap = yes virtual_server = "inner-tunnel" soh = no } Module: Linked to sub-module rlm_eap_mschapv2 Module: Instantiating eap-mschapv2 mschapv2 { with_ntdomain_hack = no send_error = no } Module: Checking authorize {...} for more modules to load Module: Linked to module rlm_preprocess Module: Instantiating module "preprocess" from file /etc/raddb/modules/preprocess preprocess { huntgroups = "/etc/raddb/huntgroups" hints = "/etc/raddb/hints" with_ascend_hack = no ascend_channels_per_line = 23 with_ntdomain_hack = no with_specialix_jetstream_hack = no with_cisco_vsa_hack = no with_alvarion_vsa_hack = no } reading pairlist file /etc/raddb/huntgroups reading pairlist file /etc/raddb/hints Module: Linked to module rlm_realm Module: Instantiating module "suffix" from file /etc/raddb/modules/realm realm suffix { format = "suffix" delimiter = "@" ignore_default = no ignore_null = no } Module: Linked to module rlm_files Module: Instantiating module "files" from file /etc/raddb/modules/files files { usersfile = "/etc/raddb/users" acctusersfile = "/etc/raddb/acct_users" preproxy_usersfile = "/etc/raddb/preproxy_users" compat = "no" } reading pairlist file /etc/raddb/users reading pairlist file /etc/raddb/acct_users reading pairlist file /etc/raddb/preproxy_users Module: Checking preacct {...} for more modules to load Module: Linked to module rlm_acct_unique Module: Instantiating module "acct_unique" from file /etc/raddb/modules/acct_unique acct_unique { key = "User-Name, Acct-Session-Id, NAS-IP-Address, NAS-Identifier, NAS-Port" } Module: Checking accounting {...} for more modules to load Module: Linked to module rlm_detail Module: Instantiating module "detail" from file /etc/raddb/modules/detail detail { detailfile = "/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d" header = "%t" detailperm = 384 dirperm = 493 locking = no log_packet_header = no } Module: Linked to module rlm_attr_filter Module: Instantiating module "attr_filter.accounting_response" from file /etc/raddb/modules/attr_filter attr_filter attr_filter.accounting_response { attrsfile = "/etc/raddb/attrs.accounting_response" key = "%{User-Name}" relaxed = no } reading pairlist file /etc/raddb/attrs.accounting_response Module: Checking session {...} for more modules to load Module: Linked to module rlm_radutmp Module: Instantiating module "radutmp" from file /etc/raddb/modules/radutmp radutmp { filename = "/var/log/radius/radutmp" username = "%{User-Name}" case_sensitive = yes check_with_nas = yes perm = 384 callerid = yes } Module: Checking post-proxy {...} for more modules to load Module: Checking post-auth {...} for more modules to load Module: Instantiating module "attr_filter.access_reject" from file /etc/raddb/modules/attr_filter attr_filter attr_filter.access_reject { attrsfile = "/etc/raddb/attrs.access_reject" key = "%{User-Name}" relaxed = no } reading pairlist file /etc/raddb/attrs.access_reject } # modules } # server server inner-tunnel { # from file /etc/raddb/sites-enabled/inner-tunnel modules { Module: Checking authenticate {...} for more modules to load Module: Checking authorize {...} for more modules to load Module: Checking session {...} for more modules to load Module: Checking post-proxy {...} for more modules to load Module: Checking post-auth {...} for more modules to load } # modules } # server radiusd: #### Opening IP addresses and Ports #### listen { type = "auth" ipaddr = * port = 1645 } listen { type = "acct" ipaddr = * port = 1646 } listen { type = "control" listen { socket = "/var/run/radiusd/radiusd.sock" } } listen { type = "auth" ipaddr = 127.0.0.1 port = 18120 } Listening on authentication address * port 1645 Listening on accounting address * port 1646 Listening on command file /var/run/radiusd/radiusd.sock Listening on authentication address 127.0.0.1 port 18120 as server inner-tunnel Listening on proxy address * port 1647 Ready to process requests. rad_recv: Access-Request packet from host x.x.127.152 port 44165, id=125, length=195 NAS-Identifier = "Juniper IVE" User-Name = "ba0ccxq@ssl-admin.bell" User-Password = "\017S\313\315@ü‡¸€+\212j\226+" Tunnel-Client-Endpoint:0 = "x.x.99.171" NAS-IP-Address = x.x.127.152 NAS-Port = 0 Acct-Session-Id = "ba0ccxq@ssl-admin.bell(Admin Users - FreeRadius-Test-New)\"Wed Jun 13 13:19:40 2018\"sF2ZSnqZ" # Executing section authorize from file /etc/raddb/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop ++[digest] = noop [suffix] Looking up realm "ssl-admin.bell" for User-Name = "ba0ccxq@ssl-admin.bell" [suffix] Found realm "ssl-admin.bell" [suffix] Adding Stripped-User-Name = "ba0ccxq" [suffix] Adding Realm = "ssl-admin.bell" [suffix] Proxying request from user ba0ccxq to realm ssl-admin.bell [suffix] Preparing to proxy authentication request to realm "ssl-admin.bell" ++[suffix] = updated [eap] No EAP-Message, not doing EAP ++[eap] = noop ++[files] = noop [ldap] performing user authorization for ba0ccxq [ldap] expand: (cn=%{User-Name}) -> (cn=ba0ccxq@ssl-admin.bell) [ldap] expand: dc=connexim,dc=com -> dc=connexim,dc=com [ldap] ldap_get_conn: Checking Id: 0 [ldap] ldap_get_conn: Got Id: 0 [ldap] attempting LDAP reconnection [ldap] (re)connect to x.x.4.16:389, authentication 0 [ldap] bind as cn=Manager,dc=connexim,dc=com/password to x.x.4.16:389 [ldap] waiting for bind result ... [ldap] Bind was successful [ldap] performing search in dc=connexim,dc=com, with filter (cn=ba0ccxq@ssl-admin.bell) [ldap] looking for check items in directory... [ldap] radiusClientIPAddress -> NAS-IP-Address == x.x.127.150 [ldap] radiusClientIPAddress -> NAS-IP-Address == x.x.127.150 [ldap] radiusClientIPAddress -> NAS-IP-Address == x.x.127.149 [ldap] radiusClientIPAddress -> NAS-IP-Address == x.x.127.149 [ldap] radiusClientIPAddress -> NAS-IP-Address == x.x.127.19 [ldap] radiusClientIPAddress -> NAS-IP-Address == x.x.127.18 [ldap] radiusClientIPAddress -> NAS-IP-Address == x.x.127.151 [ldap] radiusClientIPAddress -> NAS-IP-Address == x.x.127.151 [ldap] radiusClientIPAddress -> NAS-IP-Address == x.x.127.154 [ldap] radiusClientIPAddress -> NAS-IP-Address == x.x.127.152 [ldap] looking for reply items in directory... [ldap] radiusClass -> Class = 0x61646d696e WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly? [ldap] Setting Auth-Type = LDAP [ldap] ldap_release_conn: Release Id: 0 ++[ldap] = ok ++[expiration] = noop ++[logintime] = noop ++[pap] = noop +} # group authorize = updated WARNING: Empty pre-proxy section. Using default return values. Sending Access-Request of id 27 to x.x.x.x port 1645 NAS-Identifier = "Juniper IVE" User-Name = "ba0ccxq" User-Password = "\017S\313\315@ü‡¸€+\212j\226+" Tunnel-Client-Endpoint:0 = "x.x.99.171" NAS-IP-Address = x.x.127.152 NAS-Port = 0 Acct-Session-Id = "ba0ccxq@ssl-admin.bell(Admin Users - FreeRadius-Test-New)\"Wed Jun 13 13:19:40 2018\"sF2ZSnqZ" Proxy-State = 0x313235 Proxying request 0 to home server x.x.x.x port 1645 Sending Access-Request of id 27 to x.x.x.x port 1645 NAS-Identifier = "Juniper IVE" User-Name = "ba0ccxq" User-Password = "\017S\313\315@ü‡¸€+\212j\226+" Tunnel-Client-Endpoint:0 = "x.x.99.171" NAS-IP-Address = x.x.127.152 NAS-Port = 0 Acct-Session-Id = "ba0ccxq@ssl-admin.bell(Admin Users - FreeRadius-Test-New)\"Wed Jun 13 13:19:40 2018\"sF2ZSnqZ" Proxy-State = 0x313235 Going to the next request Waking up in 0.9 seconds. Waking up in 13.0 seconds. rad_recv: Access-Reject packet from host x.x.x.x port 1645, id=27, length=25 Proxy-State = 0x313235 # Executing section post-proxy from file /etc/raddb/sites-enabled/default +group post-proxy { [eap] No pre-existing handler found ++[eap] = noop +} # group post-proxy = noop Using Post-Auth-Type REJECT # Executing group from file /etc/raddb/sites-enabled/default +group REJECT { [attr_filter.access_reject] expand: %{User-Name} -> ba0ccxq@ssl-admin.bell attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] = updated +} # group REJECT = updated Sending Access-Reject of id 125 to x.x.127.152 port 44165 Finished request 0. Going to the next request Waking up in 4.9 seconds. Cleaning up request 0 ID 125 with timestamp +2395 Ready to process requests. -------------------------------------- Benoit Petit Analyste Technique | Technical Analyst Sécurité et Intelligence Digitale TI | IT Security and Digital Intelligence 1 Carrefour Alexandre-Graham-Bell - Aile E - 3e étage - Verdun - QC - H3E 3B3 514-391-9247 L'utilisation de ce message et régie par notre politique de courriel. www.bell.ca/PolitiqueConfidentialiteCourriel The use of this message is restricted by our mail policies. www.bell.ca/EmailConfidentialityWarning
On Jun 13, 2018, at 3:20 PM, Petit, Benoit <b.petit@bell.ca> wrote:
I’m in the process of upgrading Freeradius in our production environment. Long story short : nobody wanted to do the task and I have to jump from Red Hat 3 to Red Hat 6 which includes a totally new version of Openldap (2.4.40 with it’s own database in its structure) and Freeradius 2.2.6.
You should really upgrade to 2.2.10. There aren't many good reasons for running 2.2.6.
Openldap is completed. The users have been transported and I can see them all. When I do a test with a current user, he gets an error message (“host is unreachable”). I see a REJECT message in the radius logs. Attached is the logs while running in debug mode (radiusd –X). Can anyone see something missing in my config?
See the logs...
Ready to process requests. rad_recv: Access-Request packet from host x.x.127.152 port 44165, id=125, length=195 NAS-Identifier = "Juniper IVE" User-Name = "ba0ccxq@ssl-admin.bell" User-Password = "\017S\313\315@ü‡¸€+\212j\226+"
The shared secret is wrong. Fix that.
Proxying request 0 to home server x.x.x.x port 1645 Sending Access-Request of id 27 to x.x.x.x port 1645 NAS-Identifier = "Juniper IVE" User-Name = "ba0ccxq" User-Password = "\017S\313\315@ü‡¸€+\212j\226+" Tunnel-Client-Endpoint:0 = "x.x.99.171" NAS-IP-Address = x.x.127.152 NAS-Port = 0 Acct-Session-Id = "ba0ccxq@ssl-admin.bell(Admin Users - FreeRadius-Test-New)\"Wed Jun 13 13:19:40 2018\"sF2ZSnqZ" Proxy-State = 0x313235
Ok...
Going to the next request Waking up in 0.9 seconds. Waking up in 13.0 seconds. rad_recv: Access-Reject packet from host x.x.x.x port 1645, id=27, length=25 Proxy-State = 0x313235
<sigh> The home server is rejecting the user. That should be *very* clear from reading the logs. Why is the home server rejecting the user? Because the shared secret is wrong, and the User-Password is garbage. That should ALSO be clear from reading the logs. Alan DeKok.
participants (2)
-
Alan DeKok -
Petit, Benoit