Hi, I've been struggling getting the DHCP server to work. I have the configuration correct. The server starts fine, it listens on the port. When a client sends a request, the request is received correctly. it's then processed as expected, and it supposedly sends out the reply. However I DO NOT see the reply on the interface when i do a tcpdump. I've tried changing multiple settings including setting broadcast off/on, I've changed the IP address bindings and that doesn't help. I've also tried using different versions of freeradius, from 2.2.x through 3.0.1 and 3.1.0 (the git repository). I know the wireless card will support it, because when i try using the regular ISC DHCPD daemon, it gets an IP address and I can see the request/reply packets. One thing I did notice though in the debug logs of freeradius, is when it supposedly sends the reply packet the source/from address is 0.0.0.0:67 however when ISC DHCPD sends it's response it comes from the IP address of the interface itself e.g. 10.199.100.1:67. I've been fighting with this for days now. I've also tried using ISC-DHCP-relay server to relay the requests from the client WLAN0 interface directly to the DHCP server. It sends the request to the server, which supposedly sends the reply back to it, however again, the response is never seen by the relay server. I'm wondering if somehow the dhcp part of the radius server isn't able to send the packets back, whether it's set up to use a gateway DHCP relay or not. Not sure how to troubleshoot this further. Has anyone else had this issue? For my tests i've been using a raspberry Pi running raspian OS. I'm going to try to do this on a regular VM tomorrow to see if it's related to the OS/hardware. Hugh
Hi, On Wed, Mar 12, 2014 at 01:39:56AM -0500, Hugh McLenaghan wrote:
I've been struggling getting the DHCP server to work. I have the configuration correct.
That's an interesting statement - there really isn't any sort of "correct" at the moment :)
The server starts fine, it listens on the port. When a client sends a request, the request is received correctly. it's then processed as expected, and it supposedly sends out the reply. However I DO NOT see the reply on the interface when i do a tcpdump.
OK, I had that working fine last night. Machine on network serving DHCP to tablet (over wireless). Can you post full debug logs from "radiusd -X" please.
I've tried changing multiple settings including setting broadcast off/on, I've changed the IP address bindings and that doesn't help.
This worked here (you probably want eth0 not br0): listen { ipaddr = 0.0.0.0 port = 67 type = dhcp interface = br0 broadcast = yes }
I've also tried using different versions of freeradius, from 2.2.x through 3.0.1 and 3.1.0 (the git repository).
Use 3.0.x HEAD. DHCP is new enough that you always want to be running the latest code.
I know the wireless card will support it, because when i try using the regular ISC DHCPD daemon, it gets an IP address and I can see the request/reply packets.
One thing I did notice though in the debug logs of freeradius, is when it supposedly sends the reply packet the source/from address is 0.0.0.0:67 however when ISC DHCPD sends it's response it comes from the IP address of the interface itself e.g. 10.199.100.1:67.
Where was it sending _to_? If 0.0.0.0:68, then it won't actually send anything, and means that something has gone wrong. I've got a patch that makes that clearer in the debug, as I hit that as well.
For my tests i've been using a raspberry Pi running raspian OS. I'm going to try to do this on a regular VM tomorrow to see if it's related to the OS/hardware.
Haven't tried it on my Pi, but I doubt that is the issue. System here is Debian, so similar. Cheers Matthew -- Matthew Newton, Ph.D. <mcn4@le.ac.uk> Systems Specialist, Infrastructure Services, I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom For IT help contact helpdesk extn. 2253, <ithelp@le.ac.uk>
Starting FreeRADIUS:Wed Mar 12 11:10:22 2014 : Info: radiusd: FreeRADIUS Version 3.1.0 (git #b71e353), for host armv6l-unknown-linux-gnu, built on Mar 12 2014 at 01:50:59 Wed Mar 12 11:10:22 2014 : Debug: Server was built with: Wed Mar 12 11:10:22 2014 : Debug: accounting Wed Mar 12 11:10:22 2014 : Debug: authentication Wed Mar 12 11:10:22 2014 : Debug: ascend binary attributes Wed Mar 12 11:10:22 2014 : Debug: coa Wed Mar 12 11:10:22 2014 : Debug: control-socket Wed Mar 12 11:10:22 2014 : Debug: detail Wed Mar 12 11:10:22 2014 : Debug: dhcp Wed Mar 12 11:10:22 2014 : Debug: dynamic clients Wed Mar 12 11:10:22 2014 : Debug: proxy Wed Mar 12 11:10:22 2014 : Debug: regex-posix Wed Mar 12 11:10:22 2014 : Debug: session-management Wed Mar 12 11:10:22 2014 : Debug: stats Wed Mar 12 11:10:22 2014 : Debug: tcp Wed Mar 12 11:10:22 2014 : Debug: threads Wed Mar 12 11:10:22 2014 : Debug: tls Wed Mar 12 11:10:22 2014 : Debug: unlang Wed Mar 12 11:10:22 2014 : Debug: vmps Wed Mar 12 11:10:22 2014 : Debug: Server core libs: Wed Mar 12 11:10:22 2014 : Debug: talloc : 2.0.* Wed Mar 12 11:10:22 2014 : Debug: ssl : OpenSSL 1.0.1e 11 Feb 2013 Wed Mar 12 11:10:22 2014 : Debug: Library magic number: Wed Mar 12 11:10:22 2014 : Debug: 0xf4030100b71e3530 Wed Mar 12 11:10:22 2014 : Debug: Endianess: Wed Mar 12 11:10:22 2014 : Debug: little Wed Mar 12 11:10:22 2014 : Info: Copyright (C) 1999-2014 The FreeRADIUS server project and contributors Wed Mar 12 11:10:22 2014 : Info: There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A Wed Mar 12 11:10:22 2014 : Info: PARTICULAR PURPOSE Wed Mar 12 11:10:22 2014 : Info: You may redistribute copies of FreeRADIUS under the terms of the Wed Mar 12 11:10:22 2014 : Info: GNU General Public License Wed Mar 12 11:10:22 2014 : Info: For more information about these matters, see the file named COPYRIGHT Wed Mar 12 11:10:22 2014 : Info: Starting - reading configuration files ... Wed Mar 12 11:10:22 2014 : Debug: including dictionary file /usr/local/share/freeradius/dictionary Wed Mar 12 11:10:22 2014 : Debug: including dictionary file /usr/local/etc/raddb/dictionary Wed Mar 12 11:10:22 2014 : Debug: including configuration file /usr/local/etc/raddb/radiusd.conf Wed Mar 12 11:10:22 2014 : Debug: including configuration file /usr/local/etc/raddb/proxy.conf Wed Mar 12 11:10:22 2014 : Debug: including configuration file /usr/local/etc/raddb/clients.conf Wed Mar 12 11:10:22 2014 : Debug: including files in directory /usr/local/etc/raddb/mods-enabled/ Wed Mar 12 11:10:22 2014 : Debug: including configuration file /usr/local/etc/raddb/mods-enabled/dynamic_clients Wed Mar 12 11:10:22 2014 : Debug: including configuration file /usr/local/etc/raddb/mods-enabled/logintime Wed Mar 12 11:10:22 2014 : Debug: including configuration file /usr/local/etc/raddb/mods-enabled/preprocess Wed Mar 12 11:10:22 2014 : Debug: including configuration file /usr/local/etc/raddb/mods-enabled/soh Wed Mar 12 11:10:22 2014 : Debug: including configuration file /usr/local/etc/raddb/mods-enabled/dhcp Wed Mar 12 11:10:22 2014 : Debug: including configuration file /usr/local/etc/raddb/mods-enabled/expr Wed Mar 12 11:10:22 2014 : Debug: including configuration file /usr/local/etc/raddb/mods-enabled/files Wed Mar 12 11:10:22 2014 : Debug: including configuration file /usr/local/etc/raddb/mods-enabled/always Wed Mar 12 11:10:22 2014 : Debug: including configuration file /usr/local/etc/raddb/mods-enabled/replicate Wed Mar 12 11:10:22 2014 : Debug: including configuration file /usr/local/etc/raddb/mods-enabled/sradutmp Wed Mar 12 11:10:22 2014 : Debug: including configuration file /usr/local/etc/raddb/mods-enabled/ntlm_auth Wed Mar 12 11:10:22 2014 : Debug: including configuration file /usr/local/etc/raddb/mods-enabled/detail Wed Mar 12 11:10:22 2014 : Debug: including configuration file /usr/local/etc/raddb/mods-enabled/mschap Wed Mar 12 11:10:22 2014 : Debug: including configuration file /usr/local/etc/raddb/mods-enabled/radutmp Wed Mar 12 11:10:22 2014 : Debug: including configuration file /usr/local/etc/raddb/mods-enabled/exec Wed Mar 12 11:10:22 2014 : Debug: including configuration file /usr/local/etc/raddb/mods-enabled/cache_eap Wed Mar 12 11:10:22 2014 : Debug: including configuration file /usr/local/etc/raddb/mods-enabled/pap Wed Mar 12 11:10:22 2014 : Debug: including configuration file /usr/local/etc/raddb/mods-enabled/utf8 Wed Mar 12 11:10:22 2014 : Debug: including configuration file /usr/local/etc/raddb/mods-enabled/chap Wed Mar 12 11:10:22 2014 : Debug: including configuration file /usr/local/etc/raddb/mods-enabled/realm Wed Mar 12 11:10:22 2014 : Debug: including configuration file /usr/local/etc/raddb/mods-enabled/digest Wed Mar 12 11:10:22 2014 : Debug: including configuration file /usr/local/etc/raddb/mods-enabled/attr_filter Wed Mar 12 11:10:22 2014 : Debug: including configuration file /usr/local/etc/raddb/mods-enabled/expiration Wed Mar 12 11:10:22 2014 : Debug: including configuration file /usr/local/etc/raddb/mods-enabled/passwd Wed Mar 12 11:10:22 2014 : Debug: including configuration file /usr/local/etc/raddb/mods-enabled/echo Wed Mar 12 11:10:22 2014 : Debug: including configuration file /usr/local/etc/raddb/mods-enabled/detail.log Wed Mar 12 11:10:22 2014 : Debug: including configuration file /usr/local/etc/raddb/mods-enabled/unix Wed Mar 12 11:10:22 2014 : Debug: including configuration file /usr/local/etc/raddb/mods-enabled/eap Wed Mar 12 11:10:22 2014 : Debug: including configuration file /usr/local/etc/raddb/mods-enabled/linelog Wed Mar 12 11:10:22 2014 : Debug: including files in directory /usr/local/etc/raddb/policy.d/ Wed Mar 12 11:10:22 2014 : Debug: including configuration file /usr/local/etc/raddb/policy.d/control Wed Mar 12 11:10:22 2014 : Debug: including configuration file /usr/local/etc/raddb/policy.d/dhcp Wed Mar 12 11:10:22 2014 : Debug: including configuration file /usr/local/etc/raddb/policy.d/canonicalization Wed Mar 12 11:10:22 2014 : Debug: including configuration file /usr/local/etc/raddb/policy.d/cui Wed Mar 12 11:10:22 2014 : Debug: including configuration file /usr/local/etc/raddb/policy.d/operator-name Wed Mar 12 11:10:22 2014 : Debug: including configuration file /usr/local/etc/raddb/policy.d/accounting Wed Mar 12 11:10:22 2014 : Debug: including configuration file /usr/local/etc/raddb/policy.d/filter Wed Mar 12 11:10:22 2014 : Debug: including configuration file /usr/local/etc/raddb/policy.d/eap Wed Mar 12 11:10:22 2014 : Debug: including files in directory /usr/local/etc/raddb/sites-enabled/ Wed Mar 12 11:10:22 2014 : Debug: including configuration file /usr/local/etc/raddb/sites-enabled/default Wed Mar 12 11:10:22 2014 : Debug: including configuration file /usr/local/etc/raddb/sites-enabled/dhcp_static Wed Mar 12 11:10:22 2014 : Debug: including configuration file /usr/local/etc/raddb/sites-enabled/inner-tunnel Wed Mar 12 11:10:22 2014 : Debug: main { Wed Mar 12 11:10:22 2014 : Debug: security { Wed Mar 12 11:10:22 2014 : Debug: allow_core_dumps = no Wed Mar 12 11:10:22 2014 : Debug: } Wed Mar 12 11:10:22 2014 : Debug: } Wed Mar 12 11:10:22 2014 : Debug: main { Wed Mar 12 11:10:22 2014 : Debug: name = "radiusd" Wed Mar 12 11:10:22 2014 : Debug: prefix = "/usr/local" Wed Mar 12 11:10:22 2014 : Debug: localstatedir = "/usr/local/var" Wed Mar 12 11:10:22 2014 : Debug: sbindir = "/usr/local/sbin" Wed Mar 12 11:10:22 2014 : Debug: logdir = "/usr/local/var/log/radius" Wed Mar 12 11:10:22 2014 : Debug: run_dir = "/usr/local/var/run/radiusd" Wed Mar 12 11:10:22 2014 : Debug: libdir = "/usr/local/lib" Wed Mar 12 11:10:22 2014 : Debug: radacctdir = "/usr/local/var/log/radius/radacct" Wed Mar 12 11:10:22 2014 : Debug: hostname_lookups = no Wed Mar 12 11:10:22 2014 : Debug: max_request_time = 30 Wed Mar 12 11:10:22 2014 : Debug: cleanup_delay = 5 Wed Mar 12 11:10:22 2014 : Debug: max_requests = 1024 Wed Mar 12 11:10:22 2014 : Debug: pidfile = "/usr/local/var/run/radiusd/radiusd.pid" Wed Mar 12 11:10:22 2014 : Debug: checkrad = "/usr/local/sbin/checkrad" Wed Mar 12 11:10:22 2014 : Debug: debug_level = 0 Wed Mar 12 11:10:22 2014 : Debug: proxy_requests = yes Wed Mar 12 11:10:22 2014 : Debug: log { Wed Mar 12 11:10:22 2014 : Debug: stripped_names = no Wed Mar 12 11:10:22 2014 : Debug: auth = no Wed Mar 12 11:10:22 2014 : Debug: auth_badpass = no Wed Mar 12 11:10:22 2014 : Debug: auth_goodpass = no Wed Mar 12 11:10:22 2014 : Debug: colourise = yes Wed Mar 12 11:10:22 2014 : Debug: } Wed Mar 12 11:10:22 2014 : Debug: security { Wed Mar 12 11:10:22 2014 : Debug: max_attributes = 200 Wed Mar 12 11:10:22 2014 : Debug: reject_delay = 1 Wed Mar 12 11:10:22 2014 : Debug: status_server = yes Wed Mar 12 11:10:22 2014 : Debug: } Wed Mar 12 11:10:22 2014 : Debug: } Wed Mar 12 11:10:22 2014 : Debug: radiusd: #### Loading Realms and Home Servers #### Wed Mar 12 11:10:22 2014 : Debug: proxy server { Wed Mar 12 11:10:22 2014 : Debug: retry_delay = 5 Wed Mar 12 11:10:22 2014 : Debug: retry_count = 3 Wed Mar 12 11:10:22 2014 : Debug: default_fallback = no Wed Mar 12 11:10:22 2014 : Debug: dead_time = 120 Wed Mar 12 11:10:22 2014 : Debug: wake_all_if_all_dead = no Wed Mar 12 11:10:22 2014 : Debug: } Wed Mar 12 11:10:22 2014 : Debug: home_server localhost { Wed Mar 12 11:10:22 2014 : Debug: ipaddr = 127.0.0.1 Wed Mar 12 11:10:22 2014 : Debug: port = 1812 Wed Mar 12 11:10:22 2014 : Debug: type = "auth" Wed Mar 12 11:10:22 2014 : Debug: secret = "testing123" Wed Mar 12 11:10:22 2014 : Debug: response_window = 20 Wed Mar 12 11:10:22 2014 : Debug: max_outstanding = 65536 Wed Mar 12 11:10:22 2014 : Debug: zombie_period = 40 Wed Mar 12 11:10:22 2014 : Debug: status_check = "status-server" Wed Mar 12 11:10:22 2014 : Debug: ping_interval = 30 Wed Mar 12 11:10:22 2014 : Debug: check_interval = 30 Wed Mar 12 11:10:22 2014 : Debug: num_answers_to_alive = 3 Wed Mar 12 11:10:22 2014 : Debug: revive_interval = 120 Wed Mar 12 11:10:22 2014 : Debug: status_check_timeout = 4 Wed Mar 12 11:10:22 2014 : Debug: coa { Wed Mar 12 11:10:22 2014 : Debug: irt = 2 Wed Mar 12 11:10:22 2014 : Debug: mrt = 16 Wed Mar 12 11:10:22 2014 : Debug: mrc = 5 Wed Mar 12 11:10:22 2014 : Debug: mrd = 30 Wed Mar 12 11:10:22 2014 : Debug: } Wed Mar 12 11:10:22 2014 : Debug: limit { Wed Mar 12 11:10:22 2014 : Debug: max_connections = 16 Wed Mar 12 11:10:22 2014 : Debug: max_requests = 0 Wed Mar 12 11:10:22 2014 : Debug: lifetime = 0 Wed Mar 12 11:10:22 2014 : Debug: idle_timeout = 0 Wed Mar 12 11:10:22 2014 : Debug: } Wed Mar 12 11:10:22 2014 : Debug: } Wed Mar 12 11:10:22 2014 : Debug: home_server_pool my_auth_failover { Wed Mar 12 11:10:22 2014 : Debug: type = fail-over Wed Mar 12 11:10:22 2014 : Debug: home_server = localhost Wed Mar 12 11:10:22 2014 : Debug: } Wed Mar 12 11:10:22 2014 : Debug: realm example.com { Wed Mar 12 11:10:22 2014 : Debug: auth_pool = my_auth_failover Wed Mar 12 11:10:22 2014 : Debug: } Wed Mar 12 11:10:22 2014 : Debug: realm LOCAL { Wed Mar 12 11:10:22 2014 : Debug: } Wed Mar 12 11:10:22 2014 : Debug: radiusd: #### Loading Clients #### Wed Mar 12 11:10:22 2014 : Debug: client localhost { Wed Mar 12 11:10:22 2014 : Debug: ipaddr = 127.0.0.1 Wed Mar 12 11:10:22 2014 : Debug: require_message_authenticator = no Wed Mar 12 11:10:22 2014 : Debug: secret = "testing123" Wed Mar 12 11:10:22 2014 : Debug: nas_type = "other" Wed Mar 12 11:10:22 2014 : Debug: proto = "*" Wed Mar 12 11:10:22 2014 : Debug: limit { Wed Mar 12 11:10:22 2014 : Debug: max_connections = 16 Wed Mar 12 11:10:22 2014 : Debug: lifetime = 0 Wed Mar 12 11:10:22 2014 : Debug: idle_timeout = 30 Wed Mar 12 11:10:22 2014 : Debug: } Wed Mar 12 11:10:22 2014 : Debug: } Wed Mar 12 11:10:22 2014 : Debug: # Loading dictionary.dhcp Wed Mar 12 11:10:22 2014 : Debug: radiusd: #### Instantiating modules #### Wed Mar 12 11:10:22 2014 : Debug: instantiate { Wed Mar 12 11:10:22 2014 : Debug: } Wed Mar 12 11:10:22 2014 : Debug: modules { Wed Mar 12 11:10:22 2014 : Debug: Loading library using absolute path Wed Mar 12 11:10:22 2014 : Debug: (Loaded rlm_dynamic_clients, checking if it's valid) Wed Mar 12 11:10:22 2014 : Debug: # Loaded module rlm_dynamic_clients Wed Mar 12 11:10:22 2014 : Debug: # Instantiating module "dynamic_clients" from file /usr/local/etc/raddb/mods-enabled/dynamic_clients Wed Mar 12 11:10:22 2014 : Debug: Loading library using absolute path Wed Mar 12 11:10:22 2014 : Debug: (Loaded rlm_logintime, checking if it's valid) Wed Mar 12 11:10:22 2014 : Debug: # Loaded module rlm_logintime Wed Mar 12 11:10:22 2014 : Debug: # Instantiating module "logintime" from file /usr/local/etc/raddb/mods-enabled/logintime Wed Mar 12 11:10:22 2014 : Debug: logintime { Wed Mar 12 11:10:22 2014 : Debug: minimum_timeout = 60 Wed Mar 12 11:10:22 2014 : Debug: } Wed Mar 12 11:10:22 2014 : Debug: Loading library using absolute path Wed Mar 12 11:10:22 2014 : Debug: (Loaded rlm_preprocess, checking if it's valid) Wed Mar 12 11:10:22 2014 : Debug: # Loaded module rlm_preprocess Wed Mar 12 11:10:22 2014 : Debug: # Instantiating module "preprocess" from file /usr/local/etc/raddb/mods-enabled/preprocess Wed Mar 12 11:10:22 2014 : Debug: preprocess { Wed Mar 12 11:10:22 2014 : Debug: huntgroups = "/usr/local/etc/raddb/mods-config/preprocess/huntgroups" Wed Mar 12 11:10:22 2014 : Debug: hints = "/usr/local/etc/raddb/mods-config/preprocess/hints" Wed Mar 12 11:10:22 2014 : Debug: with_ascend_hack = no Wed Mar 12 11:10:22 2014 : Debug: ascend_channels_per_line = 23 Wed Mar 12 11:10:22 2014 : Debug: with_ntdomain_hack = no Wed Mar 12 11:10:22 2014 : Debug: with_specialix_jetstream_hack = no Wed Mar 12 11:10:22 2014 : Debug: with_cisco_vsa_hack = no Wed Mar 12 11:10:22 2014 : Debug: with_alvarion_vsa_hack = no Wed Mar 12 11:10:22 2014 : Debug: } Wed Mar 12 11:10:22 2014 : Debug: reading pairlist file /usr/local/etc/raddb/mods-config/preprocess/huntgroups Wed Mar 12 11:10:22 2014 : Debug: reading pairlist file /usr/local/etc/raddb/mods-config/preprocess/hints Wed Mar 12 11:10:22 2014 : Debug: Loading library using absolute path Wed Mar 12 11:10:22 2014 : Debug: (Loaded rlm_soh, checking if it's valid) Wed Mar 12 11:10:22 2014 : Debug: # Loaded module rlm_soh Wed Mar 12 11:10:22 2014 : Debug: # Instantiating module "soh" from file /usr/local/etc/raddb/mods-enabled/soh Wed Mar 12 11:10:22 2014 : Debug: soh { Wed Mar 12 11:10:22 2014 : Debug: dhcp = yes Wed Mar 12 11:10:22 2014 : Debug: } Wed Mar 12 11:10:22 2014 : Debug: Loading library using absolute path Wed Mar 12 11:10:22 2014 : Debug: (Loaded rlm_dhcp, checking if it's valid) Wed Mar 12 11:10:22 2014 : Debug: # Loaded module rlm_dhcp Wed Mar 12 11:10:22 2014 : Debug: # Instantiating module "dhcp" from file /usr/local/etc/raddb/mods-enabled/dhcp Wed Mar 12 11:10:22 2014 : Debug: Loading library using absolute path Wed Mar 12 11:10:22 2014 : Debug: (Loaded rlm_expr, checking if it's valid) Wed Mar 12 11:10:22 2014 : Debug: # Loaded module rlm_expr Wed Mar 12 11:10:22 2014 : Debug: # Instantiating module "expr" from file /usr/local/etc/raddb/mods-enabled/expr Wed Mar 12 11:10:22 2014 : Debug: expr { Wed Mar 12 11:10:22 2014 : Debug: safe_characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /" Wed Mar 12 11:10:22 2014 : Debug: } Wed Mar 12 11:10:22 2014 : Debug: Loading library using absolute path Wed Mar 12 11:10:22 2014 : Debug: (Loaded rlm_files, checking if it's valid) Wed Mar 12 11:10:22 2014 : Debug: # Loaded module rlm_files Wed Mar 12 11:10:22 2014 : Debug: # Instantiating module "files" from file /usr/local/etc/raddb/mods-enabled/files Wed Mar 12 11:10:22 2014 : Debug: files { Wed Mar 12 11:10:22 2014 : Debug: filename = "/usr/local/etc/raddb/mods-config/files/authorize" Wed Mar 12 11:10:23 2014 : Debug: usersfile = "/usr/local/etc/raddb/mods-config/files/authorize" Wed Mar 12 11:10:23 2014 : Debug: acctusersfile = "/usr/local/etc/raddb/mods-config/files/accounting" Wed Mar 12 11:10:23 2014 : Debug: preproxy_usersfile = "/usr/local/etc/raddb/mods-config/files/pre-proxy" Wed Mar 12 11:10:23 2014 : Debug: compat = "no" Wed Mar 12 11:10:23 2014 : Debug: } Wed Mar 12 11:10:23 2014 : Debug: reading pairlist file /usr/local/etc/raddb/mods-config/files/authorize Wed Mar 12 11:10:23 2014 : Debug: reading pairlist file /usr/local/etc/raddb/mods-config/files/authorize Wed Mar 12 11:10:23 2014 : Debug: reading pairlist file /usr/local/etc/raddb/mods-config/files/accounting Wed Mar 12 11:10:23 2014 : Debug: reading pairlist file /usr/local/etc/raddb/mods-config/files/pre-proxy Wed Mar 12 11:10:23 2014 : Debug: Loading library using absolute path Wed Mar 12 11:10:23 2014 : Debug: (Loaded rlm_always, checking if it's valid) Wed Mar 12 11:10:23 2014 : Debug: # Loaded module rlm_always Wed Mar 12 11:10:23 2014 : Debug: # Instantiating module "reject" from file /usr/local/etc/raddb/mods-enabled/always Wed Mar 12 11:10:23 2014 : Debug: always reject { Wed Mar 12 11:10:23 2014 : Debug: rcode = "reject" Wed Mar 12 11:10:23 2014 : Debug: simulcount = 0 Wed Mar 12 11:10:23 2014 : Debug: mpp = no Wed Mar 12 11:10:23 2014 : Debug: } Wed Mar 12 11:10:23 2014 : Debug: # Instantiating module "fail" from file /usr/local/etc/raddb/mods-enabled/always Wed Mar 12 11:10:23 2014 : Debug: always fail { Wed Mar 12 11:10:23 2014 : Debug: rcode = "fail" Wed Mar 12 11:10:23 2014 : Debug: simulcount = 0 Wed Mar 12 11:10:23 2014 : Debug: mpp = no Wed Mar 12 11:10:23 2014 : Debug: } Wed Mar 12 11:10:23 2014 : Debug: # Instantiating module "ok" from file /usr/local/etc/raddb/mods-enabled/always Wed Mar 12 11:10:23 2014 : Debug: always ok { Wed Mar 12 11:10:23 2014 : Debug: rcode = "ok" Wed Mar 12 11:10:23 2014 : Debug: simulcount = 0 Wed Mar 12 11:10:23 2014 : Debug: mpp = no Wed Mar 12 11:10:23 2014 : Debug: } Wed Mar 12 11:10:23 2014 : Debug: # Instantiating module "handled" from file /usr/local/etc/raddb/mods-enabled/always Wed Mar 12 11:10:23 2014 : Debug: always handled { Wed Mar 12 11:10:23 2014 : Debug: rcode = "handled" Wed Mar 12 11:10:23 2014 : Debug: simulcount = 0 Wed Mar 12 11:10:23 2014 : Debug: mpp = no Wed Mar 12 11:10:23 2014 : Debug: } Wed Mar 12 11:10:23 2014 : Debug: # Instantiating module "invalid" from file /usr/local/etc/raddb/mods-enabled/always Wed Mar 12 11:10:23 2014 : Debug: always invalid { Wed Mar 12 11:10:23 2014 : Debug: rcode = "invalid" Wed Mar 12 11:10:23 2014 : Debug: simulcount = 0 Wed Mar 12 11:10:23 2014 : Debug: mpp = no Wed Mar 12 11:10:23 2014 : Debug: } Wed Mar 12 11:10:23 2014 : Debug: # Instantiating module "userlock" from file /usr/local/etc/raddb/mods-enabled/always Wed Mar 12 11:10:23 2014 : Debug: always userlock { Wed Mar 12 11:10:23 2014 : Debug: rcode = "userlock" Wed Mar 12 11:10:23 2014 : Debug: simulcount = 0 Wed Mar 12 11:10:23 2014 : Debug: mpp = no Wed Mar 12 11:10:23 2014 : Debug: } Wed Mar 12 11:10:23 2014 : Debug: # Instantiating module "notfound" from file /usr/local/etc/raddb/mods-enabled/always Wed Mar 12 11:10:23 2014 : Debug: always notfound { Wed Mar 12 11:10:23 2014 : Debug: rcode = "notfound" Wed Mar 12 11:10:23 2014 : Debug: simulcount = 0 Wed Mar 12 11:10:23 2014 : Debug: mpp = no Wed Mar 12 11:10:23 2014 : Debug: } Wed Mar 12 11:10:23 2014 : Debug: # Instantiating module "noop" from file /usr/local/etc/raddb/mods-enabled/always Wed Mar 12 11:10:23 2014 : Debug: always noop { Wed Mar 12 11:10:23 2014 : Debug: rcode = "noop" Wed Mar 12 11:10:23 2014 : Debug: simulcount = 0 Wed Mar 12 11:10:23 2014 : Debug: mpp = no Wed Mar 12 11:10:23 2014 : Debug: } Wed Mar 12 11:10:23 2014 : Debug: # Instantiating module "updated" from file /usr/local/etc/raddb/mods-enabled/always Wed Mar 12 11:10:23 2014 : Debug: always updated { Wed Mar 12 11:10:23 2014 : Debug: rcode = "updated" Wed Mar 12 11:10:23 2014 : Debug: simulcount = 0 Wed Mar 12 11:10:23 2014 : Debug: mpp = no Wed Mar 12 11:10:23 2014 : Debug: } Wed Mar 12 11:10:23 2014 : Debug: Loading library using absolute path Wed Mar 12 11:10:23 2014 : Debug: (Loaded rlm_replicate, checking if it's valid) Wed Mar 12 11:10:23 2014 : Debug: # Loaded module rlm_replicate Wed Mar 12 11:10:23 2014 : Debug: # Instantiating module "replicate" from file /usr/local/etc/raddb/mods-enabled/replicate Wed Mar 12 11:10:23 2014 : Debug: Loading library using absolute path Wed Mar 12 11:10:23 2014 : Debug: (Loaded rlm_radutmp, checking if it's valid) Wed Mar 12 11:10:23 2014 : Debug: # Loaded module rlm_radutmp Wed Mar 12 11:10:23 2014 : Debug: # Instantiating module "sradutmp" from file /usr/local/etc/raddb/mods-enabled/sradutmp Wed Mar 12 11:10:23 2014 : Debug: radutmp sradutmp { Wed Mar 12 11:10:23 2014 : Debug: filename = "/usr/local/var/log/radius/sradutmp" Wed Mar 12 11:10:23 2014 : Debug: username = "%{User-Name}" Wed Mar 12 11:10:23 2014 : Debug: case_sensitive = yes Wed Mar 12 11:10:23 2014 : Debug: check_with_nas = yes Wed Mar 12 11:10:23 2014 : Debug: permissions = 420 Wed Mar 12 11:10:23 2014 : Debug: caller_id = no Wed Mar 12 11:10:23 2014 : Debug: } Wed Mar 12 11:10:23 2014 : Debug: Loading library using absolute path Wed Mar 12 11:10:23 2014 : Debug: (Loaded rlm_exec, checking if it's valid) Wed Mar 12 11:10:23 2014 : Debug: # Loaded module rlm_exec Wed Mar 12 11:10:23 2014 : Debug: # Instantiating module "ntlm_auth" from file /usr/local/etc/raddb/mods-enabled/ntlm_auth Wed Mar 12 11:10:23 2014 : Debug: exec ntlm_auth { Wed Mar 12 11:10:23 2014 : Debug: wait = yes Wed Mar 12 11:10:23 2014 : Debug: program = "/path/to/ntlm_auth --request-nt-key --domain=MYDOMAIN --username=%{mschap:User-Name} --password=%{User-Password}" Wed Mar 12 11:10:23 2014 : Debug: shell_escape = yes Wed Mar 12 11:10:23 2014 : Debug: } Wed Mar 12 11:10:23 2014 : Debug: Loading library using absolute path Wed Mar 12 11:10:23 2014 : Debug: (Loaded rlm_detail, checking if it's valid) Wed Mar 12 11:10:23 2014 : Debug: # Loaded module rlm_detail Wed Mar 12 11:10:23 2014 : Debug: # Instantiating module "detail" from file /usr/local/etc/raddb/mods-enabled/detail Wed Mar 12 11:10:23 2014 : Debug: detail { Wed Mar 12 11:10:23 2014 : Debug: filename = "/usr/local/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d" Wed Mar 12 11:10:23 2014 : Debug: header = "%t" Wed Mar 12 11:10:23 2014 : Debug: permissions = 384 Wed Mar 12 11:10:23 2014 : Debug: dir_permissions = 493 Wed Mar 12 11:10:23 2014 : Debug: locking = no Wed Mar 12 11:10:23 2014 : Debug: log_packet_header = no Wed Mar 12 11:10:23 2014 : Debug: } Wed Mar 12 11:10:23 2014 : Debug: Loading library using absolute path Wed Mar 12 11:10:23 2014 : Debug: (Loaded rlm_mschap, checking if it's valid) Wed Mar 12 11:10:23 2014 : Debug: # Loaded module rlm_mschap Wed Mar 12 11:10:23 2014 : Debug: # Instantiating module "mschap" from file /usr/local/etc/raddb/mods-enabled/mschap Wed Mar 12 11:10:23 2014 : Debug: mschap { Wed Mar 12 11:10:23 2014 : Debug: use_mppe = yes Wed Mar 12 11:10:23 2014 : Debug: require_encryption = no Wed Mar 12 11:10:23 2014 : Debug: require_strong = no Wed Mar 12 11:10:23 2014 : Debug: with_ntdomain_hack = yes Wed Mar 12 11:10:23 2014 : Debug: passchange { Wed Mar 12 11:10:23 2014 : Debug: } Wed Mar 12 11:10:23 2014 : Debug: allow_retry = yes Wed Mar 12 11:10:23 2014 : Debug: } Wed Mar 12 11:10:23 2014 : Debug: # Instantiating module "radutmp" from file /usr/local/etc/raddb/mods-enabled/radutmp Wed Mar 12 11:10:23 2014 : Debug: radutmp { Wed Mar 12 11:10:23 2014 : Debug: filename = "/usr/local/var/log/radius/radutmp" Wed Mar 12 11:10:23 2014 : Debug: username = "%{User-Name}" Wed Mar 12 11:10:23 2014 : Debug: case_sensitive = yes Wed Mar 12 11:10:23 2014 : Debug: check_with_nas = yes Wed Mar 12 11:10:23 2014 : Debug: permissions = 384 Wed Mar 12 11:10:23 2014 : Debug: caller_id = yes Wed Mar 12 11:10:23 2014 : Debug: } Wed Mar 12 11:10:23 2014 : Debug: # Instantiating module "exec" from file /usr/local/etc/raddb/mods-enabled/exec Wed Mar 12 11:10:23 2014 : Debug: exec { Wed Mar 12 11:10:23 2014 : Debug: wait = no Wed Mar 12 11:10:23 2014 : Debug: input_pairs = "request" Wed Mar 12 11:10:23 2014 : Debug: shell_escape = yes Wed Mar 12 11:10:23 2014 : Debug: timeout = 10 Wed Mar 12 11:10:23 2014 : Debug: } Wed Mar 12 11:10:23 2014 : Debug: Loading library using absolute path Wed Mar 12 11:10:23 2014 : Debug: (Loaded rlm_cache, checking if it's valid) Wed Mar 12 11:10:23 2014 : Debug: # Loaded module rlm_cache Wed Mar 12 11:10:23 2014 : Debug: # Instantiating module "cache_eap" from file /usr/local/etc/raddb/mods-enabled/cache_eap Wed Mar 12 11:10:23 2014 : Debug: cache cache_eap { Wed Mar 12 11:10:23 2014 : Debug: key = "%{%{control:State}:-%{%{reply:State}:-%{State}}}" Wed Mar 12 11:10:23 2014 : Debug: ttl = 15 Wed Mar 12 11:10:23 2014 : Debug: max_entries = 16384 Wed Mar 12 11:10:23 2014 : Debug: epoch = 0 Wed Mar 12 11:10:23 2014 : Debug: add_stats = no Wed Mar 12 11:10:23 2014 : Debug: } Wed Mar 12 11:10:23 2014 : Debug: Loading library using absolute path Wed Mar 12 11:10:23 2014 : Debug: (Loaded rlm_pap, checking if it's valid) Wed Mar 12 11:10:23 2014 : Debug: # Loaded module rlm_pap Wed Mar 12 11:10:23 2014 : Debug: # Instantiating module "pap" from file /usr/local/etc/raddb/mods-enabled/pap Wed Mar 12 11:10:23 2014 : Debug: pap { Wed Mar 12 11:10:23 2014 : Debug: auto_header = no Wed Mar 12 11:10:23 2014 : Debug: normalise = yes Wed Mar 12 11:10:23 2014 : Debug: } Wed Mar 12 11:10:23 2014 : Debug: Loading library using absolute path Wed Mar 12 11:10:23 2014 : Debug: (Loaded rlm_utf8, checking if it's valid) Wed Mar 12 11:10:23 2014 : Debug: # Loaded module rlm_utf8 Wed Mar 12 11:10:23 2014 : Debug: # Instantiating module "utf8" from file /usr/local/etc/raddb/mods-enabled/utf8 Wed Mar 12 11:10:23 2014 : Debug: Loading library using absolute path Wed Mar 12 11:10:23 2014 : Debug: (Loaded rlm_chap, checking if it's valid) Wed Mar 12 11:10:23 2014 : Debug: # Loaded module rlm_chap Wed Mar 12 11:10:23 2014 : Debug: # Instantiating module "chap" from file /usr/local/etc/raddb/mods-enabled/chap Wed Mar 12 11:10:23 2014 : Debug: Loading library using absolute path Wed Mar 12 11:10:23 2014 : Debug: (Loaded rlm_realm, checking if it's valid) Wed Mar 12 11:10:23 2014 : Debug: # Loaded module rlm_realm Wed Mar 12 11:10:23 2014 : Debug: # Instantiating module "IPASS" from file /usr/local/etc/raddb/mods-enabled/realm Wed Mar 12 11:10:23 2014 : Debug: realm IPASS { Wed Mar 12 11:10:23 2014 : Debug: format = "prefix" Wed Mar 12 11:10:23 2014 : Debug: delimiter = "/" Wed Mar 12 11:10:23 2014 : Debug: ignore_default = no Wed Mar 12 11:10:23 2014 : Debug: ignore_null = no Wed Mar 12 11:10:23 2014 : Debug: } Wed Mar 12 11:10:23 2014 : Debug: # Instantiating module "suffix" from file /usr/local/etc/raddb/mods-enabled/realm Wed Mar 12 11:10:23 2014 : Debug: realm suffix { Wed Mar 12 11:10:23 2014 : Debug: format = "suffix" Wed Mar 12 11:10:23 2014 : Debug: delimiter = "@" Wed Mar 12 11:10:23 2014 : Debug: ignore_default = no Wed Mar 12 11:10:23 2014 : Debug: ignore_null = no Wed Mar 12 11:10:23 2014 : Debug: } Wed Mar 12 11:10:23 2014 : Debug: # Instantiating module "realmpercent" from file /usr/local/etc/raddb/mods-enabled/realm Wed Mar 12 11:10:23 2014 : Debug: realm realmpercent { Wed Mar 12 11:10:23 2014 : Debug: format = "suffix" Wed Mar 12 11:10:23 2014 : Debug: delimiter = "%" Wed Mar 12 11:10:23 2014 : Debug: ignore_default = no Wed Mar 12 11:10:23 2014 : Debug: ignore_null = no Wed Mar 12 11:10:23 2014 : Debug: } Wed Mar 12 11:10:23 2014 : Debug: # Instantiating module "ntdomain" from file /usr/local/etc/raddb/mods-enabled/realm Wed Mar 12 11:10:23 2014 : Debug: realm ntdomain { Wed Mar 12 11:10:23 2014 : Debug: format = "prefix" Wed Mar 12 11:10:23 2014 : Debug: delimiter = "\" Wed Mar 12 11:10:23 2014 : Debug: ignore_default = no Wed Mar 12 11:10:23 2014 : Debug: ignore_null = no Wed Mar 12 11:10:23 2014 : Debug: } Wed Mar 12 11:10:23 2014 : Debug: Loading library using absolute path Wed Mar 12 11:10:23 2014 : Debug: (Loaded rlm_digest, checking if it's valid) Wed Mar 12 11:10:23 2014 : Debug: # Loaded module rlm_digest Wed Mar 12 11:10:23 2014 : Debug: # Instantiating module "digest" from file /usr/local/etc/raddb/mods-enabled/digest Wed Mar 12 11:10:23 2014 : Debug: Loading library using absolute path Wed Mar 12 11:10:23 2014 : Debug: (Loaded rlm_attr_filter, checking if it's valid) Wed Mar 12 11:10:23 2014 : Debug: # Loaded module rlm_attr_filter Wed Mar 12 11:10:23 2014 : Debug: # Instantiating module "attr_filter.post-proxy" from file /usr/local/etc/raddb/mods-enabled/attr_filter Wed Mar 12 11:10:23 2014 : Debug: attr_filter attr_filter.post-proxy { Wed Mar 12 11:10:23 2014 : Debug: filename = "/usr/local/etc/raddb/mods-config/attr_filter/post-proxy" Wed Mar 12 11:10:23 2014 : Debug: key = "%{Realm}" Wed Mar 12 11:10:23 2014 : Debug: relaxed = no Wed Mar 12 11:10:23 2014 : Debug: } Wed Mar 12 11:10:23 2014 : Debug: reading pairlist file /usr/local/etc/raddb/mods-config/attr_filter/post-proxy Wed Mar 12 11:10:23 2014 : Debug: # Instantiating module "attr_filter.pre-proxy" from file /usr/local/etc/raddb/mods-enabled/attr_filter Wed Mar 12 11:10:23 2014 : Debug: attr_filter attr_filter.pre-proxy { Wed Mar 12 11:10:23 2014 : Debug: filename = "/usr/local/etc/raddb/mods-config/attr_filter/pre-proxy" Wed Mar 12 11:10:23 2014 : Debug: key = "%{Realm}" Wed Mar 12 11:10:23 2014 : Debug: relaxed = no Wed Mar 12 11:10:23 2014 : Debug: } Wed Mar 12 11:10:23 2014 : Debug: reading pairlist file /usr/local/etc/raddb/mods-config/attr_filter/pre-proxy Wed Mar 12 11:10:23 2014 : Debug: # Instantiating module "attr_filter.access_reject" from file /usr/local/etc/raddb/mods-enabled/attr_filter Wed Mar 12 11:10:23 2014 : Debug: attr_filter attr_filter.access_reject { Wed Mar 12 11:10:23 2014 : Debug: filename = "/usr/local/etc/raddb/mods-config/attr_filter/access_reject" Wed Mar 12 11:10:23 2014 : Debug: key = "%{User-Name}" Wed Mar 12 11:10:23 2014 : Debug: relaxed = no Wed Mar 12 11:10:23 2014 : Debug: } Wed Mar 12 11:10:23 2014 : Debug: reading pairlist file /usr/local/etc/raddb/mods-config/attr_filter/access_reject Wed Mar 12 11:10:23 2014 : Debug: # Instantiating module "attr_filter.access_challenge" from file /usr/local/etc/raddb/mods-enabled/attr_filter Wed Mar 12 11:10:23 2014 : Debug: attr_filter attr_filter.access_challenge { Wed Mar 12 11:10:23 2014 : Debug: filename = "/usr/local/etc/raddb/mods-config/attr_filter/access_challenge" Wed Mar 12 11:10:23 2014 : Debug: key = "%{User-Name}" Wed Mar 12 11:10:23 2014 : Debug: relaxed = no Wed Mar 12 11:10:23 2014 : Debug: } Wed Mar 12 11:10:23 2014 : Debug: reading pairlist file /usr/local/etc/raddb/mods-config/attr_filter/access_challenge Wed Mar 12 11:10:23 2014 : Debug: # Instantiating module "attr_filter.accounting_response" from file /usr/local/etc/raddb/mods-enabled/attr_filter Wed Mar 12 11:10:23 2014 : Debug: attr_filter attr_filter.accounting_response { Wed Mar 12 11:10:23 2014 : Debug: filename = "/usr/local/etc/raddb/mods-config/attr_filter/accounting_response" Wed Mar 12 11:10:23 2014 : Debug: key = "%{User-Name}" Wed Mar 12 11:10:23 2014 : Debug: relaxed = no Wed Mar 12 11:10:23 2014 : Debug: } Wed Mar 12 11:10:23 2014 : Debug: reading pairlist file /usr/local/etc/raddb/mods-config/attr_filter/accounting_response Wed Mar 12 11:10:23 2014 : Debug: Loading library using absolute path Wed Mar 12 11:10:23 2014 : Debug: (Loaded rlm_expiration, checking if it's valid) Wed Mar 12 11:10:23 2014 : Debug: # Loaded module rlm_expiration Wed Mar 12 11:10:23 2014 : Debug: # Instantiating module "expiration" from file /usr/local/etc/raddb/mods-enabled/expiration Wed Mar 12 11:10:23 2014 : Debug: Loading library using absolute path Wed Mar 12 11:10:23 2014 : Debug: (Loaded rlm_passwd, checking if it's valid) Wed Mar 12 11:10:23 2014 : Debug: # Loaded module rlm_passwd Wed Mar 12 11:10:23 2014 : Debug: # Instantiating module "etc_passwd" from file /usr/local/etc/raddb/mods-enabled/passwd Wed Mar 12 11:10:23 2014 : Debug: passwd etc_passwd { Wed Mar 12 11:10:23 2014 : Debug: filename = "/etc/passwd" Wed Mar 12 11:10:23 2014 : Debug: format = "*User-Name:Crypt-Password:" Wed Mar 12 11:10:23 2014 : Debug: delimiter = ":" Wed Mar 12 11:10:23 2014 : Debug: ignore_nislike = no Wed Mar 12 11:10:23 2014 : Debug: ignore_empty = yes Wed Mar 12 11:10:23 2014 : Debug: allow_multiple_keys = no Wed Mar 12 11:10:23 2014 : Debug: hash_size = 100 Wed Mar 12 11:10:23 2014 : Debug: } Wed Mar 12 11:10:23 2014 : Debug: rlm_passwd: nfields: 3 keyfield 0(User-Name) listable: no Wed Mar 12 11:10:23 2014 : Debug: # Instantiating module "echo" from file /usr/local/etc/raddb/mods-enabled/echo Wed Mar 12 11:10:23 2014 : Debug: exec echo { Wed Mar 12 11:10:23 2014 : Debug: wait = yes Wed Mar 12 11:10:23 2014 : Debug: program = "/bin/echo %{User-Name}" Wed Mar 12 11:10:23 2014 : Debug: input_pairs = "request" Wed Mar 12 11:10:23 2014 : Debug: output_pairs = "reply" Wed Mar 12 11:10:23 2014 : Debug: shell_escape = yes Wed Mar 12 11:10:23 2014 : Debug: } Wed Mar 12 11:10:23 2014 : Debug: # Instantiating module "auth_log" from file /usr/local/etc/raddb/mods-enabled/detail.log Wed Mar 12 11:10:23 2014 : Debug: detail auth_log { Wed Mar 12 11:10:23 2014 : Debug: filename = "/usr/local/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d" Wed Mar 12 11:10:23 2014 : Debug: header = "%t" Wed Mar 12 11:10:23 2014 : Debug: permissions = 384 Wed Mar 12 11:10:23 2014 : Debug: dir_permissions = 493 Wed Mar 12 11:10:23 2014 : Debug: locking = no Wed Mar 12 11:10:23 2014 : Debug: log_packet_header = no Wed Mar 12 11:10:23 2014 : Debug: } Wed Mar 12 11:10:23 2014 : Debug: rlm_detail (auth_log): 'User-Password' suppressed, will not appear in detail output Wed Mar 12 11:10:23 2014 : Debug: # Instantiating module "reply_log" from file /usr/local/etc/raddb/mods-enabled/detail.log Wed Mar 12 11:10:23 2014 : Debug: detail reply_log { Wed Mar 12 11:10:23 2014 : Debug: filename = "/usr/local/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/reply-detail-%Y%m%d" Wed Mar 12 11:10:23 2014 : Debug: header = "%t" Wed Mar 12 11:10:23 2014 : Debug: permissions = 384 Wed Mar 12 11:10:23 2014 : Debug: dir_permissions = 493 Wed Mar 12 11:10:23 2014 : Debug: locking = no Wed Mar 12 11:10:23 2014 : Debug: log_packet_header = no Wed Mar 12 11:10:23 2014 : Debug: } Wed Mar 12 11:10:23 2014 : Debug: # Instantiating module "pre_proxy_log" from file /usr/local/etc/raddb/mods-enabled/detail.log Wed Mar 12 11:10:23 2014 : Debug: detail pre_proxy_log { Wed Mar 12 11:10:23 2014 : Debug: filename = "/usr/local/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/pre-proxy-detail-%Y%m%d" Wed Mar 12 11:10:23 2014 : Debug: header = "%t" Wed Mar 12 11:10:23 2014 : Debug: permissions = 384 Wed Mar 12 11:10:23 2014 : Debug: dir_permissions = 493 Wed Mar 12 11:10:23 2014 : Debug: locking = no Wed Mar 12 11:10:23 2014 : Debug: log_packet_header = no Wed Mar 12 11:10:23 2014 : Debug: } Wed Mar 12 11:10:23 2014 : Debug: # Instantiating module "post_proxy_log" from file /usr/local/etc/raddb/mods-enabled/detail.log Wed Mar 12 11:10:23 2014 : Debug: detail post_proxy_log { Wed Mar 12 11:10:23 2014 : Debug: filename = "/usr/local/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/post-proxy-detail-%Y%m%d" Wed Mar 12 11:10:23 2014 : Debug: header = "%t" Wed Mar 12 11:10:23 2014 : Debug: permissions = 384 Wed Mar 12 11:10:23 2014 : Debug: dir_permissions = 493 Wed Mar 12 11:10:23 2014 : Debug: locking = no Wed Mar 12 11:10:23 2014 : Debug: log_packet_header = no Wed Mar 12 11:10:23 2014 : Debug: } Wed Mar 12 11:10:23 2014 : Debug: Loading library using absolute path Wed Mar 12 11:10:23 2014 : Debug: (Loaded rlm_unix, checking if it's valid) Wed Mar 12 11:10:23 2014 : Debug: # Loaded module rlm_unix Wed Mar 12 11:10:23 2014 : Debug: # Instantiating module "unix" from file /usr/local/etc/raddb/mods-enabled/unix Wed Mar 12 11:10:23 2014 : Debug: unix { Wed Mar 12 11:10:23 2014 : Debug: radwtmp = "/usr/local/var/log/radius/radwtmp" Wed Mar 12 11:10:23 2014 : Debug: } Wed Mar 12 11:10:23 2014 : Debug: Loading library using absolute path Wed Mar 12 11:10:23 2014 : Debug: (Loaded rlm_eap, checking if it's valid) Wed Mar 12 11:10:23 2014 : Debug: # Loaded module rlm_eap Wed Mar 12 11:10:23 2014 : Debug: # Instantiating module "eap" from file /usr/local/etc/raddb/mods-enabled/eap Wed Mar 12 11:10:23 2014 : Debug: eap { Wed Mar 12 11:10:23 2014 : Debug: default_eap_type = "md5" Wed Mar 12 11:10:23 2014 : Debug: timer_expire = 60 Wed Mar 12 11:10:23 2014 : Debug: ignore_unknown_eap_types = no Wed Mar 12 11:10:23 2014 : Debug: mod_accounting_username_bug = no Wed Mar 12 11:10:23 2014 : Debug: max_sessions = 4096 Wed Mar 12 11:10:23 2014 : Debug: } Wed Mar 12 11:10:23 2014 : Debug: Loading library using absolute path Wed Mar 12 11:10:23 2014 : Debug: # Linked to sub-module rlm_eap_md5 Wed Mar 12 11:10:23 2014 : Debug: Loading library using absolute path Wed Mar 12 11:10:23 2014 : Debug: # Linked to sub-module rlm_eap_leap Wed Mar 12 11:10:23 2014 : Debug: Loading library using absolute path Wed Mar 12 11:10:23 2014 : Debug: # Linked to sub-module rlm_eap_gtc Wed Mar 12 11:10:23 2014 : Debug: gtc { Wed Mar 12 11:10:23 2014 : Debug: challenge = "Password: " Wed Mar 12 11:10:23 2014 : Debug: auth_type = "PAP" Wed Mar 12 11:10:23 2014 : Debug: } Wed Mar 12 11:10:23 2014 : Debug: Loading library using absolute path Wed Mar 12 11:10:23 2014 : Debug: # Linked to sub-module rlm_eap_tls Wed Mar 12 11:10:23 2014 : Debug: tls { Wed Mar 12 11:10:23 2014 : Debug: tls = "tls-common" Wed Mar 12 11:10:23 2014 : Debug: } Wed Mar 12 11:10:23 2014 : Debug: tls-config tls-common { Wed Mar 12 11:10:23 2014 : Debug: rsa_key_exchange = no Wed Mar 12 11:10:23 2014 : Debug: dh_key_exchange = yes Wed Mar 12 11:10:23 2014 : Debug: rsa_key_length = 512 Wed Mar 12 11:10:23 2014 : Debug: dh_key_length = 512 Wed Mar 12 11:10:23 2014 : Debug: verify_depth = 0 Wed Mar 12 11:10:23 2014 : Debug: ca_path = "/usr/local/etc/raddb/certs" Wed Mar 12 11:10:23 2014 : Debug: pem_file_type = yes Wed Mar 12 11:10:23 2014 : Debug: private_key_file = "/usr/local/etc/raddb/certs/server.pem" Wed Mar 12 11:10:23 2014 : Debug: certificate_file = "/usr/local/etc/raddb/certs/server.pem" Wed Mar 12 11:10:23 2014 : Debug: ca_file = "/usr/local/etc/raddb/certs/ca.pem" Wed Mar 12 11:10:23 2014 : Debug: private_key_password = "whatever" Wed Mar 12 11:10:23 2014 : Debug: dh_file = "/usr/local/etc/raddb/certs/dh" Wed Mar 12 11:10:23 2014 : Debug: fragment_size = 1024 Wed Mar 12 11:10:23 2014 : Debug: include_length = yes Wed Mar 12 11:10:23 2014 : Debug: check_crl = no Wed Mar 12 11:10:23 2014 : Debug: cipher_list = "DEFAULT" Wed Mar 12 11:10:23 2014 : Debug: ecdh_curve = "prime256v1" Wed Mar 12 11:10:23 2014 : Debug: cache { Wed Mar 12 11:10:23 2014 : Debug: enable = yes Wed Mar 12 11:10:23 2014 : Debug: lifetime = 24 Wed Mar 12 11:10:23 2014 : Debug: max_entries = 255 Wed Mar 12 11:10:23 2014 : Debug: } Wed Mar 12 11:10:23 2014 : Debug: verify { Wed Mar 12 11:10:23 2014 : Debug: } Wed Mar 12 11:10:23 2014 : Debug: ocsp { Wed Mar 12 11:10:23 2014 : Debug: enable = no Wed Mar 12 11:10:23 2014 : Debug: override_cert_url = yes Wed Mar 12 11:10:23 2014 : Debug: url = "http://127.0.0.1/ocsp/" Wed Mar 12 11:10:23 2014 : Debug: use_nonce = yes Wed Mar 12 11:10:23 2014 : Debug: timeout = 0 Wed Mar 12 11:10:23 2014 : Debug: softfail = yes Wed Mar 12 11:10:23 2014 : Debug: } Wed Mar 12 11:10:23 2014 : Debug: } Wed Mar 12 11:10:23 2014 : Debug: Loading library using absolute path Wed Mar 12 11:10:23 2014 : Debug: # Linked to sub-module rlm_eap_ttls Wed Mar 12 11:10:23 2014 : Debug: ttls { Wed Mar 12 11:10:23 2014 : Debug: tls = "tls-common" Wed Mar 12 11:10:23 2014 : Debug: default_eap_type = "md5" Wed Mar 12 11:10:23 2014 : Debug: copy_request_to_tunnel = no Wed Mar 12 11:10:23 2014 : Debug: use_tunneled_reply = no Wed Mar 12 11:10:23 2014 : Debug: virtual_server = "inner-tunnel" Wed Mar 12 11:10:23 2014 : Debug: include_length = yes Wed Mar 12 11:10:23 2014 : Debug: require_client_cert = no Wed Mar 12 11:10:23 2014 : Debug: } Wed Mar 12 11:10:23 2014 : Debug: Using cached TLS configuration from previous invocation Wed Mar 12 11:10:23 2014 : Debug: Loading library using absolute path Wed Mar 12 11:10:23 2014 : Debug: # Linked to sub-module rlm_eap_peap Wed Mar 12 11:10:23 2014 : Debug: peap { Wed Mar 12 11:10:23 2014 : Debug: tls = "tls-common" Wed Mar 12 11:10:23 2014 : Debug: default_method = "mschapv2" Wed Mar 12 11:10:23 2014 : Debug: copy_request_to_tunnel = no Wed Mar 12 11:10:23 2014 : Debug: use_tunneled_reply = no Wed Mar 12 11:10:23 2014 : Debug: proxy_tunneled_request_as_eap = yes Wed Mar 12 11:10:23 2014 : Debug: virtual_server = "inner-tunnel" Wed Mar 12 11:10:23 2014 : Debug: soh = no Wed Mar 12 11:10:23 2014 : Debug: require_client_cert = no Wed Mar 12 11:10:23 2014 : Debug: } Wed Mar 12 11:10:23 2014 : Debug: Using cached TLS configuration from previous invocation Wed Mar 12 11:10:23 2014 : Debug: Loading library using absolute path Wed Mar 12 11:10:23 2014 : Debug: # Linked to sub-module rlm_eap_mschapv2 Wed Mar 12 11:10:23 2014 : Debug: mschapv2 { Wed Mar 12 11:10:23 2014 : Debug: with_ntdomain_hack = no Wed Mar 12 11:10:23 2014 : Debug: send_error = no Wed Mar 12 11:10:23 2014 : Debug: } Wed Mar 12 11:10:23 2014 : Debug: Loading library using absolute path Wed Mar 12 11:10:23 2014 : Debug: (Loaded rlm_linelog, checking if it's valid) Wed Mar 12 11:10:23 2014 : Debug: # Loaded module rlm_linelog Wed Mar 12 11:10:23 2014 : Debug: # Instantiating module "linelog" from file /usr/local/etc/raddb/mods-enabled/linelog Wed Mar 12 11:10:23 2014 : Debug: linelog { Wed Mar 12 11:10:23 2014 : Debug: filename = "/usr/local/var/log/radius/linelog" Wed Mar 12 11:10:23 2014 : Debug: permissions = 384 Wed Mar 12 11:10:23 2014 : Debug: format = "This is a log message for %{User-Name}" Wed Mar 12 11:10:23 2014 : Debug: reference = "%{%{Packet-Type}:-format}" Wed Mar 12 11:10:23 2014 : Debug: } Wed Mar 12 11:10:23 2014 : Debug: } # modules Wed Mar 12 11:10:23 2014 : Debug: radiusd: #### Loading Virtual Servers #### Wed Mar 12 11:10:23 2014 : Debug: server { # from file /usr/local/etc/raddb/radiusd.conf Wed Mar 12 11:10:23 2014 : Debug: } # server Wed Mar 12 11:10:23 2014 : Debug: server default { # from file /usr/local/etc/raddb/sites-enabled/default Wed Mar 12 11:10:23 2014 : Debug: # Creating Auth-Type = digest Wed Mar 12 11:10:23 2014 : Debug: # Loading authenticate {...} Wed Mar 12 11:10:23 2014 : Debug: # Loading authorize {...} Wed Mar 12 11:10:23 2014 : WARNING: Ignoring "sql" (see raddb/mods-available/README.rst) Wed Mar 12 11:10:23 2014 : WARNING: Ignoring "ldap" (see raddb/mods-available/README.rst) Wed Mar 12 11:10:23 2014 : Debug: # Loading preacct {...} Wed Mar 12 11:10:23 2014 : Debug: # Loading accounting {...} Wed Mar 12 11:10:23 2014 : Debug: # Loading post-proxy {...} Wed Mar 12 11:10:23 2014 : Debug: # Loading post-auth {...} Wed Mar 12 11:10:23 2014 : Debug: } # server default Wed Mar 12 11:10:23 2014 : Debug: server dhcp { # from file /usr/local/etc/raddb/sites-enabled/dhcp_static Wed Mar 12 11:10:23 2014 : Debug: # Loading dhcp DHCP-Discover {...} Wed Mar 12 11:10:23 2014 : Debug: # Loading dhcp DHCP-Request {...} Wed Mar 12 11:10:23 2014 : Debug: # Loading dhcp {...} Wed Mar 12 11:10:23 2014 : Debug: } # server dhcp Wed Mar 12 11:10:23 2014 : Debug: server inner-tunnel { # from file /usr/local/etc/raddb/sites-enabled/inner-tunnel Wed Mar 12 11:10:23 2014 : Debug: # Loading authenticate {...} Wed Mar 12 11:10:23 2014 : Debug: # Loading authorize {...} Wed Mar 12 11:10:23 2014 : Debug: # Loading session {...} Wed Mar 12 11:10:23 2014 : Debug: # Loading post-proxy {...} Wed Mar 12 11:10:23 2014 : Debug: # Loading post-auth {...} Wed Mar 12 11:10:23 2014 : Debug: } # server inner-tunnel Wed Mar 12 11:10:23 2014 : Debug: radiusd: #### Opening IP addresses and Ports #### Wed Mar 12 11:10:23 2014 : Debug: Loading library using absolute path Wed Mar 12 11:10:23 2014 : Debug: Library not found at path "/usr/local/lib/proto_auth.so" Wed Mar 12 11:10:23 2014 : Debug: Falling back to linker search path(s) Wed Mar 12 11:10:23 2014 : Debug: Defaults : /lib:/usr/lib Wed Mar 12 11:10:23 2014 : Debug: listen { Wed Mar 12 11:10:23 2014 : Debug: type = "auth" Wed Mar 12 11:10:23 2014 : Debug: ipaddr = * Wed Mar 12 11:10:23 2014 : Debug: port = 0 Wed Mar 12 11:10:23 2014 : Debug: limit { Wed Mar 12 11:10:23 2014 : Debug: max_connections = 16 Wed Mar 12 11:10:23 2014 : Debug: lifetime = 0 Wed Mar 12 11:10:23 2014 : Debug: idle_timeout = 30 Wed Mar 12 11:10:23 2014 : Debug: } Wed Mar 12 11:10:23 2014 : Debug: } Wed Mar 12 11:10:23 2014 : Debug: Loading library using absolute path Wed Mar 12 11:10:23 2014 : Debug: Library not found at path "/usr/local/lib/proto_acct.so" Wed Mar 12 11:10:23 2014 : Debug: Falling back to linker search path(s) Wed Mar 12 11:10:23 2014 : Debug: Defaults : /lib:/usr/lib Wed Mar 12 11:10:23 2014 : Debug: listen { Wed Mar 12 11:10:23 2014 : Debug: type = "acct" Wed Mar 12 11:10:23 2014 : Debug: ipaddr = * Wed Mar 12 11:10:23 2014 : Debug: port = 0 Wed Mar 12 11:10:23 2014 : Debug: limit { Wed Mar 12 11:10:23 2014 : Debug: max_connections = 16 Wed Mar 12 11:10:23 2014 : Debug: lifetime = 0 Wed Mar 12 11:10:23 2014 : Debug: idle_timeout = 30 Wed Mar 12 11:10:23 2014 : Debug: } Wed Mar 12 11:10:23 2014 : Debug: } Wed Mar 12 11:10:23 2014 : Debug: Loading library using absolute path Wed Mar 12 11:10:23 2014 : Debug: listen { Wed Mar 12 11:10:23 2014 : Debug: type = "dhcp" Wed Mar 12 11:10:23 2014 : Debug: ipaddr = * Wed Mar 12 11:10:23 2014 : Debug: port = 67 Wed Mar 12 11:10:23 2014 : Debug: } Wed Mar 12 11:10:23 2014 : Debug: Loading library using absolute path Wed Mar 12 11:10:23 2014 : Debug: Library not found at path "/usr/local/lib/proto_auth.so" Wed Mar 12 11:10:23 2014 : Debug: Falling back to linker search path(s) Wed Mar 12 11:10:23 2014 : Debug: Defaults : /lib:/usr/lib Wed Mar 12 11:10:23 2014 : Debug: listen { Wed Mar 12 11:10:23 2014 : Debug: type = "auth" Wed Mar 12 11:10:23 2014 : Debug: ipaddr = 127.0.0.1 Wed Mar 12 11:10:23 2014 : Debug: port = 18120 Wed Mar 12 11:10:23 2014 : Debug: } Wed Mar 12 11:10:23 2014 : Debug: Listening on auth address * port 1812 as server default Wed Mar 12 11:10:23 2014 : Debug: Listening on acct address * port 1813 as server default Wed Mar 12 11:10:23 2014 : Debug: Listening on dhcp interface wlan0 address * port 67 as server dhcp Wed Mar 12 11:10:23 2014 : Debug: Listening on auth address 127.0.0.1 port 18120 as server inner-tunnel Wed Mar 12 11:10:23 2014 : Debug: Opening new proxy socket 'proxy address * port 1814' Wed Mar 12 11:10:23 2014 : Debug: Listening on proxy address * port 1814 Wed Mar 12 11:10:23 2014 : Info: Ready to process requests Received DHCP-Discover of id 86d2e342 from 0.0.0.0:68 to 255.255.255.255:67 0: 01 01 06 00 86 d2 e3 42 00 07 00 00 00 00 00 00 16: 00 00 00 00 00 00 00 00 00 00 00 00 00 0f 55 a6 32: 16 e2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 48: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 64: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 96: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 112: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 128: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 144: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 176: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 192: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 208: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 224: 00 00 00 00 00 00 00 00 00 00 00 00 63 82 53 63 240: 35 01 01 0c 08 68 75 67 68 2d 70 69 32 37 0d 01 256: 1c 02 03 0f 06 77 0c 2c 2f 1a 79 2a ff 00 00 00 272: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 288: 00 00 00 00 00 00 00 00 00 00 00 00 DHCP-Opcode = Client-Message DHCP-Hardware-Type = Ethernet DHCP-Hardware-Address-Length = 6 DHCP-Hop-Count = 0 DHCP-Transaction-Id = 2261967682 DHCP-Number-of-Seconds = 7 DHCP-Flags = 0 DHCP-Client-IP-Address = 0.0.0.0 DHCP-Your-IP-Address = 0.0.0.0 DHCP-Server-IP-Address = 0.0.0.0 DHCP-Gateway-IP-Address = 0.0.0.0 DHCP-Client-Hardware-Address = 00:0f:55:a6:16:e2 DHCP-Message-Type += DHCP-Discover DHCP-Hostname += 'hugh-pi2' DHCP-Parameter-Request-List += DHCP-Subnet-Mask DHCP-Parameter-Request-List += DHCP-Broadcast-Address DHCP-Parameter-Request-List += DHCP-Time-Offset DHCP-Parameter-Request-List += DHCP-Router-Address DHCP-Parameter-Request-List += DHCP-Domain-Name DHCP-Parameter-Request-List += DHCP-Domain-Name-Server DHCP-Parameter-Request-List += DHCP-Domain-Search DHCP-Parameter-Request-List += DHCP-Hostname DHCP-Parameter-Request-List += DHCP-NETBIOS-Name-Servers DHCP-Parameter-Request-List += DHCP-NETBIOS DHCP-Parameter-Request-List += DHCP-Interface-MTU-Size DHCP-Parameter-Request-List += DHCP-Classless-Static-Route DHCP-Parameter-Request-List += DHCP-NTP-Servers Wed Mar 12 11:10:42 2014 : Debug: Trying sub-section dhcp DHCP-Discover {...} Wed Mar 12 11:10:42 2014 : Debug: (0) dhcp DHCP-Discover { Wed Mar 12 11:10:42 2014 : Debug: (0) update reply { Wed Mar 12 11:10:42 2014 : Debug: (0) DHCP-Message-Type = DHCP-Offer Wed Mar 12 11:10:42 2014 : Debug: (0) ::: FROM 1 TO 0 MAX 1 Wed Mar 12 11:10:42 2014 : Debug: (0) ::: Examining DHCP-Message-Type Wed Mar 12 11:10:42 2014 : Debug: (0) ::: APPENDING DHCP-Message-Type FROM 0 TO 0 Wed Mar 12 11:10:42 2014 : Debug: (0) ::: TO in 0 out 1 Wed Mar 12 11:10:42 2014 : Debug: (0) ::: to[0] = DHCP-Message-Type Wed Mar 12 11:10:42 2014 : Debug: (0) } # update reply = noop Wed Mar 12 11:10:42 2014 : Debug: (0) update reply { Wed Mar 12 11:10:42 2014 : Debug: (0) DHCP-DHCP-Server-Identifier = 10.199.100.1 Wed Mar 12 11:10:42 2014 : Debug: (0) ::: FROM 1 TO 1 MAX 2 Wed Mar 12 11:10:42 2014 : Debug: (0) ::: Examining DHCP-DHCP-Server-Identifier Wed Mar 12 11:10:42 2014 : Debug: (0) ::: APPENDING DHCP-DHCP-Server-Identifier FROM 0 TO 1 Wed Mar 12 11:10:42 2014 : Debug: (0) ::: TO in 1 out 2 Wed Mar 12 11:10:42 2014 : Debug: (0) ::: to[0] = DHCP-Message-Type Wed Mar 12 11:10:42 2014 : Debug: (0) ::: to[1] = DHCP-DHCP-Server-Identifier Wed Mar 12 11:10:42 2014 : Debug: (0) DHCP-IP-Address-Lease-Time = 600 Wed Mar 12 11:10:42 2014 : Debug: (0) ::: FROM 1 TO 2 MAX 3 Wed Mar 12 11:10:42 2014 : Debug: (0) ::: Examining DHCP-IP-Address-Lease-Time Wed Mar 12 11:10:42 2014 : Debug: (0) ::: APPENDING DHCP-IP-Address-Lease-Time FROM 0 TO 2 Wed Mar 12 11:10:42 2014 : Debug: (0) ::: TO in 2 out 3 Wed Mar 12 11:10:42 2014 : Debug: (0) ::: to[0] = DHCP-Message-Type Wed Mar 12 11:10:42 2014 : Debug: (0) ::: to[1] = DHCP-DHCP-Server-Identifier Wed Mar 12 11:10:42 2014 : Debug: (0) ::: to[2] = DHCP-IP-Address-Lease-Time Wed Mar 12 11:10:42 2014 : Debug: (0) DHCP-Subnet-Mask = 255.255.255.240 Wed Mar 12 11:10:42 2014 : Debug: (0) ::: FROM 1 TO 3 MAX 4 Wed Mar 12 11:10:42 2014 : Debug: (0) ::: Examining DHCP-Subnet-Mask Wed Mar 12 11:10:42 2014 : Debug: (0) ::: APPENDING DHCP-Subnet-Mask FROM 0 TO 3 Wed Mar 12 11:10:42 2014 : Debug: (0) ::: TO in 3 out 4 Wed Mar 12 11:10:42 2014 : Debug: (0) ::: to[0] = DHCP-Message-Type Wed Mar 12 11:10:42 2014 : Debug: (0) ::: to[1] = DHCP-DHCP-Server-Identifier Wed Mar 12 11:10:42 2014 : Debug: (0) ::: to[2] = DHCP-IP-Address-Lease-Time Wed Mar 12 11:10:42 2014 : Debug: (0) ::: to[3] = DHCP-Subnet-Mask Wed Mar 12 11:10:42 2014 : Debug: (0) DHCP-Router-Address = 10.199.100.1 Wed Mar 12 11:10:42 2014 : Debug: (0) ::: FROM 1 TO 4 MAX 5 Wed Mar 12 11:10:42 2014 : Debug: (0) ::: Examining DHCP-Router-Address Wed Mar 12 11:10:42 2014 : Debug: (0) ::: APPENDING DHCP-Router-Address FROM 0 TO 4 Wed Mar 12 11:10:42 2014 : Debug: (0) ::: TO in 4 out 5 Wed Mar 12 11:10:42 2014 : Debug: (0) ::: to[0] = DHCP-Message-Type Wed Mar 12 11:10:42 2014 : Debug: (0) ::: to[1] = DHCP-DHCP-Server-Identifier Wed Mar 12 11:10:42 2014 : Debug: (0) ::: to[2] = DHCP-IP-Address-Lease-Time Wed Mar 12 11:10:42 2014 : Debug: (0) ::: to[3] = DHCP-Subnet-Mask Wed Mar 12 11:10:42 2014 : Debug: (0) ::: to[4] = DHCP-Router-Address Wed Mar 12 11:10:42 2014 : Debug: (0) DHCP-Domain-Name-Server = 10.1.30.170 Wed Mar 12 11:10:42 2014 : Debug: (0) ::: FROM 1 TO 5 MAX 6 Wed Mar 12 11:10:42 2014 : Debug: (0) ::: Examining DHCP-Domain-Name-Server Wed Mar 12 11:10:42 2014 : Debug: (0) ::: APPENDING DHCP-Domain-Name-Server FROM 0 TO 5 Wed Mar 12 11:10:42 2014 : Debug: (0) ::: TO in 5 out 6 Wed Mar 12 11:10:42 2014 : Debug: (0) ::: to[0] = DHCP-Message-Type Wed Mar 12 11:10:42 2014 : Debug: (0) ::: to[1] = DHCP-DHCP-Server-Identifier Wed Mar 12 11:10:42 2014 : Debug: (0) ::: to[2] = DHCP-IP-Address-Lease-Time Wed Mar 12 11:10:42 2014 : Debug: (0) ::: to[3] = DHCP-Subnet-Mask Wed Mar 12 11:10:42 2014 : Debug: (0) ::: to[4] = DHCP-Router-Address Wed Mar 12 11:10:42 2014 : Debug: (0) ::: to[5] = DHCP-Domain-Name-Server Wed Mar 12 11:10:42 2014 : Debug: (0) DHCP-Domain-Name = 'mclenaghan.local' Wed Mar 12 11:10:42 2014 : Debug: (0) ::: FROM 1 TO 6 MAX 7 Wed Mar 12 11:10:42 2014 : Debug: (0) ::: Examining DHCP-Domain-Name Wed Mar 12 11:10:42 2014 : Debug: (0) ::: APPENDING DHCP-Domain-Name FROM 0 TO 6 Wed Mar 12 11:10:42 2014 : Debug: (0) ::: TO in 6 out 7 Wed Mar 12 11:10:42 2014 : Debug: (0) ::: to[0] = DHCP-Message-Type Wed Mar 12 11:10:42 2014 : Debug: (0) ::: to[1] = DHCP-DHCP-Server-Identifier Wed Mar 12 11:10:42 2014 : Debug: (0) ::: to[2] = DHCP-IP-Address-Lease-Time Wed Mar 12 11:10:42 2014 : Debug: (0) ::: to[3] = DHCP-Subnet-Mask Wed Mar 12 11:10:42 2014 : Debug: (0) ::: to[4] = DHCP-Router-Address Wed Mar 12 11:10:42 2014 : Debug: (0) ::: to[5] = DHCP-Domain-Name-Server Wed Mar 12 11:10:42 2014 : Debug: (0) ::: to[6] = DHCP-Domain-Name Wed Mar 12 11:10:42 2014 : Debug: (0) DHCP-Broadcast-Address = 10.199.100.15 Wed Mar 12 11:10:42 2014 : Debug: (0) ::: FROM 1 TO 7 MAX 8 Wed Mar 12 11:10:42 2014 : Debug: (0) ::: Examining DHCP-Broadcast-Address Wed Mar 12 11:10:42 2014 : Debug: (0) ::: APPENDING DHCP-Broadcast-Address FROM 0 TO 7 Wed Mar 12 11:10:42 2014 : Debug: (0) ::: TO in 7 out 8 Wed Mar 12 11:10:42 2014 : Debug: (0) ::: to[0] = DHCP-Message-Type Wed Mar 12 11:10:42 2014 : Debug: (0) ::: to[1] = DHCP-DHCP-Server-Identifier Wed Mar 12 11:10:42 2014 : Debug: (0) ::: to[2] = DHCP-IP-Address-Lease-Time Wed Mar 12 11:10:42 2014 : Debug: (0) ::: to[3] = DHCP-Subnet-Mask Wed Mar 12 11:10:42 2014 : Debug: (0) ::: to[4] = DHCP-Router-Address Wed Mar 12 11:10:42 2014 : Debug: (0) ::: to[5] = DHCP-Domain-Name-Server Wed Mar 12 11:10:42 2014 : Debug: (0) ::: to[6] = DHCP-Domain-Name Wed Mar 12 11:10:42 2014 : Debug: (0) ::: to[7] = DHCP-Broadcast-Address Wed Mar 12 11:10:42 2014 : Debug: (0) DHCP-Server-IP-Address = 10.199.100.1 Wed Mar 12 11:10:42 2014 : Debug: (0) ::: FROM 1 TO 8 MAX 9 Wed Mar 12 11:10:42 2014 : Debug: (0) ::: Examining DHCP-Server-IP-Address Wed Mar 12 11:10:42 2014 : Debug: (0) ::: APPENDING DHCP-Server-IP-Address FROM 0 TO 8 Wed Mar 12 11:10:42 2014 : Debug: (0) ::: TO in 8 out 9 Wed Mar 12 11:10:42 2014 : Debug: (0) ::: to[0] = DHCP-Message-Type Wed Mar 12 11:10:42 2014 : Debug: (0) ::: to[1] = DHCP-DHCP-Server-Identifier Wed Mar 12 11:10:42 2014 : Debug: (0) ::: to[2] = DHCP-IP-Address-Lease-Time Wed Mar 12 11:10:42 2014 : Debug: (0) ::: to[3] = DHCP-Subnet-Mask Wed Mar 12 11:10:42 2014 : Debug: (0) ::: to[4] = DHCP-Router-Address Wed Mar 12 11:10:42 2014 : Debug: (0) ::: to[5] = DHCP-Domain-Name-Server Wed Mar 12 11:10:42 2014 : Debug: (0) ::: to[6] = DHCP-Domain-Name Wed Mar 12 11:10:42 2014 : Debug: (0) ::: to[7] = DHCP-Broadcast-Address Wed Mar 12 11:10:42 2014 : Debug: (0) ::: to[8] = DHCP-Server-IP-Address Wed Mar 12 11:10:42 2014 : Debug: (0) DHCP-Your-IP-Address = 10.199.100.5 Wed Mar 12 11:10:42 2014 : Debug: (0) ::: FROM 1 TO 9 MAX 10 Wed Mar 12 11:10:42 2014 : Debug: (0) ::: Examining DHCP-Your-IP-Address Wed Mar 12 11:10:42 2014 : Debug: (0) ::: APPENDING DHCP-Your-IP-Address FROM 0 TO 9 Wed Mar 12 11:10:42 2014 : Debug: (0) ::: TO in 9 out 10 Wed Mar 12 11:10:42 2014 : Debug: (0) ::: to[0] = DHCP-Message-Type Wed Mar 12 11:10:42 2014 : Debug: (0) ::: to[1] = DHCP-DHCP-Server-Identifier Wed Mar 12 11:10:42 2014 : Debug: (0) ::: to[2] = DHCP-IP-Address-Lease-Time Wed Mar 12 11:10:42 2014 : Debug: (0) ::: to[3] = DHCP-Subnet-Mask Wed Mar 12 11:10:42 2014 : Debug: (0) ::: to[4] = DHCP-Router-Address Wed Mar 12 11:10:42 2014 : Debug: (0) ::: to[5] = DHCP-Domain-Name-Server Wed Mar 12 11:10:42 2014 : Debug: (0) ::: to[6] = DHCP-Domain-Name Wed Mar 12 11:10:42 2014 : Debug: (0) ::: to[7] = DHCP-Broadcast-Address Wed Mar 12 11:10:42 2014 : Debug: (0) ::: to[8] = DHCP-Server-IP-Address Wed Mar 12 11:10:42 2014 : Debug: (0) ::: to[9] = DHCP-Your-IP-Address Wed Mar 12 11:10:42 2014 : Debug: (0) DHCP-Server-Host-Name = 'wipi_2' Wed Mar 12 11:10:42 2014 : Debug: (0) ::: FROM 1 TO 10 MAX 11 Wed Mar 12 11:10:42 2014 : Debug: (0) ::: Examining DHCP-Server-Host-Name Wed Mar 12 11:10:42 2014 : Debug: (0) ::: APPENDING DHCP-Server-Host-Name FROM 0 TO 10 Wed Mar 12 11:10:42 2014 : Debug: (0) ::: TO in 10 out 11 Wed Mar 12 11:10:42 2014 : Debug: (0) ::: to[0] = DHCP-Message-Type Wed Mar 12 11:10:42 2014 : Debug: (0) ::: to[1] = DHCP-DHCP-Server-Identifier Wed Mar 12 11:10:42 2014 : Debug: (0) ::: to[2] = DHCP-IP-Address-Lease-Time Wed Mar 12 11:10:42 2014 : Debug: (0) ::: to[3] = DHCP-Subnet-Mask Wed Mar 12 11:10:42 2014 : Debug: (0) ::: to[4] = DHCP-Router-Address Wed Mar 12 11:10:42 2014 : Debug: (0) ::: to[5] = DHCP-Domain-Name-Server Wed Mar 12 11:10:42 2014 : Debug: (0) ::: to[6] = DHCP-Domain-Name Wed Mar 12 11:10:42 2014 : Debug: (0) ::: to[7] = DHCP-Broadcast-Address Wed Mar 12 11:10:42 2014 : Debug: (0) ::: to[8] = DHCP-Server-IP-Address Wed Mar 12 11:10:42 2014 : Debug: (0) ::: to[9] = DHCP-Your-IP-Address Wed Mar 12 11:10:42 2014 : Debug: (0) ::: to[10] = DHCP-Server-Host-Name Wed Mar 12 11:10:42 2014 : Debug: (0) } # update reply = noop Wed Mar 12 11:10:42 2014 : Debug: (0) modsingle[post-auth]: calling ok (rlm_always) for request 0 Wed Mar 12 11:10:42 2014 : Debug: (0) modsingle[post-auth]: returned from ok (rlm_always) for request 0 Wed Mar 12 11:10:42 2014 : Debug: (0) [ok] = ok Wed Mar 12 11:10:42 2014 : Debug: (0) } # dhcp DHCP-Discover = ok Wed Mar 12 11:10:42 2014 : Debug: (0) DHCP: Reply will be unicast to your-ip-address DHCP-Opcode = Server-Message DHCP-Hardware-Type = Ethernet DHCP-Hardware-Address-Length = 6 DHCP-Hop-Count = 0 DHCP-Transaction-Id = 2261967682 DHCP-Number-of-Seconds = 0 DHCP-Flags = 0 DHCP-Client-IP-Address = 0.0.0.0 DHCP-Your-IP-Address = 10.199.100.5 DHCP-Server-IP-Address = 0.0.0.0 DHCP-Gateway-IP-Address = 0.0.0.0 DHCP-Client-Hardware-Address = 00:0f:55:a6:16:e2 DHCP-Server-Host-Name = 'wipi_2' DHCP-Boot-Filename = '' DHCP-Subnet-Mask = 255.255.255.240 DHCP-Router-Address = 10.199.100.1 DHCP-Domain-Name-Server = 10.1.30.170 DHCP-Domain-Name = 'mclenaghan.local' DHCP-Broadcast-Address = 10.199.100.15 DHCP-IP-Address-Lease-Time = 600 DHCP-DHCP-Server-Identifier = 10.199.100.1 DHCP Sending 300 bytes 0: 02 01 06 00 86 d2 e3 42 00 00 00 00 00 00 00 00 16: 0a c7 64 05 00 00 00 00 00 00 00 00 00 0f 55 a6 32: 16 e2 00 00 00 00 00 00 00 00 00 00 77 69 70 69 48: 5f 32 00 00 00 00 00 00 00 00 00 00 00 00 00 00 64: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 96: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 112: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 128: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 144: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 176: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 192: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 208: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 224: 00 00 00 00 00 00 00 00 00 00 00 00 63 82 53 63 240: 35 01 02 01 04 ff ff ff f0 03 04 0a c7 64 01 06 256: 04 0a 01 1e aa 0f 10 6d 63 6c 65 6e 61 67 68 61 272: 6e 2e 6c 6f 63 61 6c 1c 04 0a c7 64 0f 33 04 00 288: 00 02 58 36 04 0a c7 64 01 ff 00 00 Sending DHCP-Offer of id 86d2e342 from 0.0.0.0:67 to 10.199.100.5:68 Wed Mar 12 11:10:42 2014 : Debug: (0) Finished request 0. Wed Mar 12 11:10:42 2014 : Debug: Waking up in 0.2 seconds. Wed Mar 12 11:10:42 2014 : Debug: Waking up in 4.7 seconds. Wed Mar 12 11:10:47 2014 : Debug: (0) Cleaning up request packet ID 2261967682 with timestamp +19 Wed Mar 12 11:10:47 2014 : Info: Ready to process requests Received DHCP-Discover of id 86d2e342 from 0.0.0.0:68 to 255.255.255.255:67 0: 01 01 06 00 86 d2 e3 42 00 13 00 00 00 00 00 00 16: 00 00 00 00 00 00 00 00 00 00 00 00 00 0f 55 a6 32: 16 e2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 48: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 64: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 96: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 112: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 128: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 144: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 176: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 192: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 208: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 224: 00 00 00 00 00 00 00 00 00 00 00 00 63 82 53 63 240: 35 01 01 0c 08 68 75 67 68 2d 70 69 32 37 0d 01 256: 1c 02 03 0f 06 77 0c 2c 2f 1a 79 2a ff 00 00 00 272: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 288: 00 00 00 00 00 00 00 00 00 00 00 00 DHCP-Opcode = Client-Message DHCP-Hardware-Type = Ethernet DHCP-Hardware-Address-Length = 6 DHCP-Hop-Count = 0 DHCP-Transaction-Id = 2261967682 DHCP-Number-of-Seconds = 19 DHCP-Flags = 0 DHCP-Client-IP-Address = 0.0.0.0 DHCP-Your-IP-Address = 0.0.0.0 DHCP-Server-IP-Address = 0.0.0.0 DHCP-Gateway-IP-Address = 0.0.0.0 DHCP-Client-Hardware-Address = 00:0f:55:a6:16:e2 DHCP-Message-Type += DHCP-Discover DHCP-Hostname += 'hugh-pi2' DHCP-Parameter-Request-List += DHCP-Subnet-Mask DHCP-Parameter-Request-List += DHCP-Broadcast-Address DHCP-Parameter-Request-List += DHCP-Time-Offset DHCP-Parameter-Request-List += DHCP-Router-Address DHCP-Parameter-Request-List += DHCP-Domain-Name DHCP-Parameter-Request-List += DHCP-Domain-Name-Server DHCP-Parameter-Request-List += DHCP-Domain-Search DHCP-Parameter-Request-List += DHCP-Hostname DHCP-Parameter-Request-List += DHCP-NETBIOS-Name-Servers DHCP-Parameter-Request-List += DHCP-NETBIOS DHCP-Parameter-Request-List += DHCP-Interface-MTU-Size DHCP-Parameter-Request-List += DHCP-Classless-Static-Route DHCP-Parameter-Request-List += DHCP-NTP-Servers Wed Mar 12 11:10:54 2014 : Debug: Trying sub-section dhcp DHCP-Discover {...} Wed Mar 12 11:10:54 2014 : Debug: (1) dhcp DHCP-Discover { Wed Mar 12 11:10:54 2014 : Debug: (1) update reply { Wed Mar 12 11:10:54 2014 : Debug: (1) DHCP-Message-Type = DHCP-Offer Wed Mar 12 11:10:54 2014 : Debug: (1) ::: FROM 1 TO 0 MAX 1 Wed Mar 12 11:10:54 2014 : Debug: (1) ::: Examining DHCP-Message-Type Wed Mar 12 11:10:54 2014 : Debug: (1) ::: APPENDING DHCP-Message-Type FROM 0 TO 0 Wed Mar 12 11:10:54 2014 : Debug: (1) ::: TO in 0 out 1 Wed Mar 12 11:10:54 2014 : Debug: (1) ::: to[0] = DHCP-Message-Type Wed Mar 12 11:10:54 2014 : Debug: (1) } # update reply = noop Wed Mar 12 11:10:54 2014 : Debug: (1) update reply { Wed Mar 12 11:10:54 2014 : Debug: (1) DHCP-DHCP-Server-Identifier = 10.199.100.1 Wed Mar 12 11:10:54 2014 : Debug: (1) ::: FROM 1 TO 1 MAX 2 Wed Mar 12 11:10:54 2014 : Debug: (1) ::: Examining DHCP-DHCP-Server-Identifier Wed Mar 12 11:10:54 2014 : Debug: (1) ::: APPENDING DHCP-DHCP-Server-Identifier FROM 0 TO 1 Wed Mar 12 11:10:54 2014 : Debug: (1) ::: TO in 1 out 2 Wed Mar 12 11:10:54 2014 : Debug: (1) ::: to[0] = DHCP-Message-Type Wed Mar 12 11:10:54 2014 : Debug: (1) ::: to[1] = DHCP-DHCP-Server-Identifier Wed Mar 12 11:10:54 2014 : Debug: (1) DHCP-IP-Address-Lease-Time = 600 Wed Mar 12 11:10:54 2014 : Debug: (1) ::: FROM 1 TO 2 MAX 3 Wed Mar 12 11:10:54 2014 : Debug: (1) ::: Examining DHCP-IP-Address-Lease-Time Wed Mar 12 11:10:54 2014 : Debug: (1) ::: APPENDING DHCP-IP-Address-Lease-Time FROM 0 TO 2 Wed Mar 12 11:10:54 2014 : Debug: (1) ::: TO in 2 out 3 Wed Mar 12 11:10:54 2014 : Debug: (1) ::: to[0] = DHCP-Message-Type Wed Mar 12 11:10:54 2014 : Debug: (1) ::: to[1] = DHCP-DHCP-Server-Identifier Wed Mar 12 11:10:54 2014 : Debug: (1) ::: to[2] = DHCP-IP-Address-Lease-Time Wed Mar 12 11:10:54 2014 : Debug: (1) DHCP-Subnet-Mask = 255.255.255.240 Wed Mar 12 11:10:54 2014 : Debug: (1) ::: FROM 1 TO 3 MAX 4 Wed Mar 12 11:10:54 2014 : Debug: (1) ::: Examining DHCP-Subnet-Mask Wed Mar 12 11:10:54 2014 : Debug: (1) ::: APPENDING DHCP-Subnet-Mask FROM 0 TO 3 Wed Mar 12 11:10:54 2014 : Debug: (1) ::: TO in 3 out 4 Wed Mar 12 11:10:54 2014 : Debug: (1) ::: to[0] = DHCP-Message-Type Wed Mar 12 11:10:54 2014 : Debug: (1) ::: to[1] = DHCP-DHCP-Server-Identifier Wed Mar 12 11:10:54 2014 : Debug: (1) ::: to[2] = DHCP-IP-Address-Lease-Time Wed Mar 12 11:10:54 2014 : Debug: (1) ::: to[3] = DHCP-Subnet-Mask Wed Mar 12 11:10:54 2014 : Debug: (1) DHCP-Router-Address = 10.199.100.1 Wed Mar 12 11:10:54 2014 : Debug: (1) ::: FROM 1 TO 4 MAX 5 Wed Mar 12 11:10:54 2014 : Debug: (1) ::: Examining DHCP-Router-Address Wed Mar 12 11:10:54 2014 : Debug: (1) ::: APPENDING DHCP-Router-Address FROM 0 TO 4 Wed Mar 12 11:10:54 2014 : Debug: (1) ::: TO in 4 out 5 Wed Mar 12 11:10:54 2014 : Debug: (1) ::: to[0] = DHCP-Message-Type Wed Mar 12 11:10:54 2014 : Debug: (1) ::: to[1] = DHCP-DHCP-Server-Identifier Wed Mar 12 11:10:54 2014 : Debug: (1) ::: to[2] = DHCP-IP-Address-Lease-Time Wed Mar 12 11:10:54 2014 : Debug: (1) ::: to[3] = DHCP-Subnet-Mask Wed Mar 12 11:10:54 2014 : Debug: (1) ::: to[4] = DHCP-Router-Address Wed Mar 12 11:10:54 2014 : Debug: (1) DHCP-Domain-Name-Server = 10.1.30.170 Wed Mar 12 11:10:54 2014 : Debug: (1) ::: FROM 1 TO 5 MAX 6 Wed Mar 12 11:10:54 2014 : Debug: (1) ::: Examining DHCP-Domain-Name-Server Wed Mar 12 11:10:54 2014 : Debug: (1) ::: APPENDING DHCP-Domain-Name-Server FROM 0 TO 5 Wed Mar 12 11:10:54 2014 : Debug: (1) ::: TO in 5 out 6 Wed Mar 12 11:10:54 2014 : Debug: (1) ::: to[0] = DHCP-Message-Type Wed Mar 12 11:10:54 2014 : Debug: (1) ::: to[1] = DHCP-DHCP-Server-Identifier Wed Mar 12 11:10:54 2014 : Debug: (1) ::: to[2] = DHCP-IP-Address-Lease-Time Wed Mar 12 11:10:54 2014 : Debug: (1) ::: to[3] = DHCP-Subnet-Mask Wed Mar 12 11:10:54 2014 : Debug: (1) ::: to[4] = DHCP-Router-Address Wed Mar 12 11:10:54 2014 : Debug: (1) ::: to[5] = DHCP-Domain-Name-Server Wed Mar 12 11:10:54 2014 : Debug: (1) DHCP-Domain-Name = 'mclenaghan.local' Wed Mar 12 11:10:54 2014 : Debug: (1) ::: FROM 1 TO 6 MAX 7 Wed Mar 12 11:10:54 2014 : Debug: (1) ::: Examining DHCP-Domain-Name Wed Mar 12 11:10:54 2014 : Debug: (1) ::: APPENDING DHCP-Domain-Name FROM 0 TO 6 Wed Mar 12 11:10:54 2014 : Debug: (1) ::: TO in 6 out 7 Wed Mar 12 11:10:54 2014 : Debug: (1) ::: to[0] = DHCP-Message-Type Wed Mar 12 11:10:54 2014 : Debug: (1) ::: to[1] = DHCP-DHCP-Server-Identifier Wed Mar 12 11:10:54 2014 : Debug: (1) ::: to[2] = DHCP-IP-Address-Lease-Time Wed Mar 12 11:10:54 2014 : Debug: (1) ::: to[3] = DHCP-Subnet-Mask Wed Mar 12 11:10:54 2014 : Debug: (1) ::: to[4] = DHCP-Router-Address Wed Mar 12 11:10:54 2014 : Debug: (1) ::: to[5] = DHCP-Domain-Name-Server Wed Mar 12 11:10:54 2014 : Debug: (1) ::: to[6] = DHCP-Domain-Name Wed Mar 12 11:10:54 2014 : Debug: (1) DHCP-Broadcast-Address = 10.199.100.15 Wed Mar 12 11:10:54 2014 : Debug: (1) ::: FROM 1 TO 7 MAX 8 Wed Mar 12 11:10:54 2014 : Debug: (1) ::: Examining DHCP-Broadcast-Address Wed Mar 12 11:10:54 2014 : Debug: (1) ::: APPENDING DHCP-Broadcast-Address FROM 0 TO 7 Wed Mar 12 11:10:54 2014 : Debug: (1) ::: TO in 7 out 8 Wed Mar 12 11:10:54 2014 : Debug: (1) ::: to[0] = DHCP-Message-Type Wed Mar 12 11:10:54 2014 : Debug: (1) ::: to[1] = DHCP-DHCP-Server-Identifier Wed Mar 12 11:10:54 2014 : Debug: (1) ::: to[2] = DHCP-IP-Address-Lease-Time Wed Mar 12 11:10:54 2014 : Debug: (1) ::: to[3] = DHCP-Subnet-Mask Wed Mar 12 11:10:54 2014 : Debug: (1) ::: to[4] = DHCP-Router-Address Wed Mar 12 11:10:54 2014 : Debug: (1) ::: to[5] = DHCP-Domain-Name-Server Wed Mar 12 11:10:54 2014 : Debug: (1) ::: to[6] = DHCP-Domain-Name Wed Mar 12 11:10:54 2014 : Debug: (1) ::: to[7] = DHCP-Broadcast-Address Wed Mar 12 11:10:54 2014 : Debug: (1) DHCP-Server-IP-Address = 10.199.100.1 Wed Mar 12 11:10:54 2014 : Debug: (1) ::: FROM 1 TO 8 MAX 9 Wed Mar 12 11:10:54 2014 : Debug: (1) ::: Examining DHCP-Server-IP-Address Wed Mar 12 11:10:54 2014 : Debug: (1) ::: APPENDING DHCP-Server-IP-Address FROM 0 TO 8 Wed Mar 12 11:10:54 2014 : Debug: (1) ::: TO in 8 out 9 Wed Mar 12 11:10:54 2014 : Debug: (1) ::: to[0] = DHCP-Message-Type Wed Mar 12 11:10:54 2014 : Debug: (1) ::: to[1] = DHCP-DHCP-Server-Identifier Wed Mar 12 11:10:54 2014 : Debug: (1) ::: to[2] = DHCP-IP-Address-Lease-Time Wed Mar 12 11:10:54 2014 : Debug: (1) ::: to[3] = DHCP-Subnet-Mask Wed Mar 12 11:10:54 2014 : Debug: (1) ::: to[4] = DHCP-Router-Address Wed Mar 12 11:10:54 2014 : Debug: (1) ::: to[5] = DHCP-Domain-Name-Server Wed Mar 12 11:10:54 2014 : Debug: (1) ::: to[6] = DHCP-Domain-Name Wed Mar 12 11:10:54 2014 : Debug: (1) ::: to[7] = DHCP-Broadcast-Address Wed Mar 12 11:10:54 2014 : Debug: (1) ::: to[8] = DHCP-Server-IP-Address Wed Mar 12 11:10:54 2014 : Debug: (1) DHCP-Your-IP-Address = 10.199.100.5 Wed Mar 12 11:10:54 2014 : Debug: (1) ::: FROM 1 TO 9 MAX 10 Wed Mar 12 11:10:54 2014 : Debug: (1) ::: Examining DHCP-Your-IP-Address Wed Mar 12 11:10:54 2014 : Debug: (1) ::: APPENDING DHCP-Your-IP-Address FROM 0 TO 9 Wed Mar 12 11:10:54 2014 : Debug: (1) ::: TO in 9 out 10 Wed Mar 12 11:10:54 2014 : Debug: (1) ::: to[0] = DHCP-Message-Type Wed Mar 12 11:10:54 2014 : Debug: (1) ::: to[1] = DHCP-DHCP-Server-Identifier Wed Mar 12 11:10:54 2014 : Debug: (1) ::: to[2] = DHCP-IP-Address-Lease-Time Wed Mar 12 11:10:54 2014 : Debug: (1) ::: to[3] = DHCP-Subnet-Mask Wed Mar 12 11:10:54 2014 : Debug: (1) ::: to[4] = DHCP-Router-Address Wed Mar 12 11:10:54 2014 : Debug: (1) ::: to[5] = DHCP-Domain-Name-Server Wed Mar 12 11:10:54 2014 : Debug: (1) ::: to[6] = DHCP-Domain-Name Wed Mar 12 11:10:54 2014 : Debug: (1) ::: to[7] = DHCP-Broadcast-Address Wed Mar 12 11:10:54 2014 : Debug: (1) ::: to[8] = DHCP-Server-IP-Address Wed Mar 12 11:10:54 2014 : Debug: (1) ::: to[9] = DHCP-Your-IP-Address Wed Mar 12 11:10:54 2014 : Debug: (1) DHCP-Server-Host-Name = 'wipi_2' Wed Mar 12 11:10:54 2014 : Debug: (1) ::: FROM 1 TO 10 MAX 11 Wed Mar 12 11:10:54 2014 : Debug: (1) ::: Examining DHCP-Server-Host-Name Wed Mar 12 11:10:54 2014 : Debug: (1) ::: APPENDING DHCP-Server-Host-Name FROM 0 TO 10 Wed Mar 12 11:10:54 2014 : Debug: (1) ::: TO in 10 out 11 Wed Mar 12 11:10:54 2014 : Debug: (1) ::: to[0] = DHCP-Message-Type Wed Mar 12 11:10:54 2014 : Debug: (1) ::: to[1] = DHCP-DHCP-Server-Identifier Wed Mar 12 11:10:54 2014 : Debug: (1) ::: to[2] = DHCP-IP-Address-Lease-Time Wed Mar 12 11:10:54 2014 : Debug: (1) ::: to[3] = DHCP-Subnet-Mask Wed Mar 12 11:10:54 2014 : Debug: (1) ::: to[4] = DHCP-Router-Address Wed Mar 12 11:10:54 2014 : Debug: (1) ::: to[5] = DHCP-Domain-Name-Server Wed Mar 12 11:10:54 2014 : Debug: (1) ::: to[6] = DHCP-Domain-Name Wed Mar 12 11:10:54 2014 : Debug: (1) ::: to[7] = DHCP-Broadcast-Address Wed Mar 12 11:10:54 2014 : Debug: (1) ::: to[8] = DHCP-Server-IP-Address Wed Mar 12 11:10:54 2014 : Debug: (1) ::: to[9] = DHCP-Your-IP-Address Wed Mar 12 11:10:54 2014 : Debug: (1) ::: to[10] = DHCP-Server-Host-Name Wed Mar 12 11:10:54 2014 : Debug: (1) } # update reply = noop Wed Mar 12 11:10:54 2014 : Debug: (1) modsingle[post-auth]: calling ok (rlm_always) for request 1 Wed Mar 12 11:10:54 2014 : Debug: (1) modsingle[post-auth]: returned from ok (rlm_always) for request 1 Wed Mar 12 11:10:54 2014 : Debug: (1) [ok] = ok Wed Mar 12 11:10:54 2014 : Debug: (1) } # dhcp DHCP-Discover = ok Wed Mar 12 11:10:54 2014 : Debug: (1) DHCP: Reply will be unicast to your-ip-address DHCP-Opcode = Server-Message DHCP-Hardware-Type = Ethernet DHCP-Hardware-Address-Length = 6 DHCP-Hop-Count = 0 DHCP-Transaction-Id = 2261967682 DHCP-Number-of-Seconds = 0 DHCP-Flags = 0 DHCP-Client-IP-Address = 0.0.0.0 DHCP-Your-IP-Address = 10.199.100.5 DHCP-Server-IP-Address = 0.0.0.0 DHCP-Gateway-IP-Address = 0.0.0.0 DHCP-Client-Hardware-Address = 00:0f:55:a6:16:e2 DHCP-Server-Host-Name = 'wipi_2' DHCP-Boot-Filename = '' DHCP-Subnet-Mask = 255.255.255.240 DHCP-Router-Address = 10.199.100.1 DHCP-Domain-Name-Server = 10.1.30.170 DHCP-Domain-Name = 'mclenaghan.local' DHCP-Broadcast-Address = 10.199.100.15 DHCP-IP-Address-Lease-Time = 600 DHCP-DHCP-Server-Identifier = 10.199.100.1 DHCP Sending 300 bytes 0: 02 01 06 00 86 d2 e3 42 00 00 00 00 00 00 00 00 16: 0a c7 64 05 00 00 00 00 00 00 00 00 00 0f 55 a6 32: 16 e2 00 00 00 00 00 00 00 00 00 00 77 69 70 69 48: 5f 32 00 00 00 00 00 00 00 00 00 00 00 00 00 00 64: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 96: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 112: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 128: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 144: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 176: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 192: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 208: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 224: 00 00 00 00 00 00 00 00 00 00 00 00 63 82 53 63 240: 35 01 02 01 04 ff ff ff f0 03 04 0a c7 64 01 06 256: 04 0a 01 1e aa 0f 10 6d 63 6c 65 6e 61 67 68 61 272: 6e 2e 6c 6f 63 61 6c 1c 04 0a c7 64 0f 33 04 00 288: 00 02 58 36 04 0a c7 64 01 ff 00 00 Sending DHCP-Offer of id 86d2e342 from 0.0.0.0:67 to 10.199.100.5:68 Wed Mar 12 11:10:54 2014 : Debug: (1) Finished request 1. Wed Mar 12 11:10:54 2014 : Debug: Waking up in 0.2 seconds. Wed Mar 12 11:10:54 2014 : Debug: Waking up in 4.7 seconds.
Hugh McLenaghan wrote:
Starting FreeRADIUS:Wed Mar 12 11:10:22 2014 : Info: radiusd: FreeRADIUS Version 3.1.0 (git #b71e353), for host armv6l-unknown-linux-gnu, built on Mar 12 2014 at 01:50:59
Please use v3.0.2 branch. The "master" branch is undergoing heavy development. And also use "radiusd -X". Using "-Xx" doesn't help. Are you running this as root? The DHCP code requires that for proper operation. You should also set the "interface" entry in the listen section for dhcp. That will tell it to receive / send packets on the correct interface. Alan DeKok.
Used 3.0.1 Starting FreeRADIUS:radiusd: FreeRADIUS Version 3.0.1, for host armv6l-unknown-linux-gnu, built on Mar 12 2014 at 13:46:39 Copyright (C) 1999-2014 The FreeRADIUS server project and contributors There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License For more information about these matters, see the file named COPYRIGHT Starting - reading configuration files ... including dictionary file /usr/local/etc/raddb/dictionary including configuration file /usr/local/etc/raddb/radiusd.conf including configuration file /usr/local/etc/raddb/proxy.conf including configuration file /usr/local/etc/raddb/clients.conf including files in directory /usr/local/etc/raddb/mods-enabled/ including configuration file /usr/local/etc/raddb/mods-enabled/dynamic_clients including configuration file /usr/local/etc/raddb/mods-enabled/logintime including configuration file /usr/local/etc/raddb/mods-enabled/preprocess including configuration file /usr/local/etc/raddb/mods-enabled/soh including configuration file /usr/local/etc/raddb/mods-enabled/dhcp including configuration file /usr/local/etc/raddb/mods-enabled/expr including configuration file /usr/local/etc/raddb/mods-enabled/files including configuration file /usr/local/etc/raddb/mods-enabled/always including configuration file /usr/local/etc/raddb/mods-enabled/replicate including configuration file /usr/local/etc/raddb/mods-enabled/sradutmp including configuration file /usr/local/etc/raddb/mods-enabled/ntlm_auth including configuration file /usr/local/etc/raddb/mods-enabled/detail including configuration file /usr/local/etc/raddb/mods-enabled/mschap including configuration file /usr/local/etc/raddb/mods-enabled/radutmp including configuration file /usr/local/etc/raddb/mods-enabled/exec including configuration file /usr/local/etc/raddb/mods-enabled/cache_eap including configuration file /usr/local/etc/raddb/mods-enabled/pap including configuration file /usr/local/etc/raddb/mods-enabled/utf8 including configuration file /usr/local/etc/raddb/mods-enabled/chap including configuration file /usr/local/etc/raddb/mods-enabled/realm including configuration file /usr/local/etc/raddb/mods-enabled/digest including configuration file /usr/local/etc/raddb/mods-enabled/attr_filter including configuration file /usr/local/etc/raddb/mods-enabled/expiration including configuration file /usr/local/etc/raddb/mods-enabled/passwd including configuration file /usr/local/etc/raddb/mods-enabled/echo including configuration file /usr/local/etc/raddb/mods-enabled/detail.log including configuration file /usr/local/etc/raddb/mods-enabled/unix including configuration file /usr/local/etc/raddb/mods-enabled/eap including configuration file /usr/local/etc/raddb/mods-enabled/linelog including files in directory /usr/local/etc/raddb/policy.d/ including configuration file /usr/local/etc/raddb/policy.d/control including configuration file /usr/local/etc/raddb/policy.d/dhcp including configuration file /usr/local/etc/raddb/policy.d/canonicalization including configuration file /usr/local/etc/raddb/policy.d/cui including configuration file /usr/local/etc/raddb/policy.d/operator-name including configuration file /usr/local/etc/raddb/policy.d/accounting including configuration file /usr/local/etc/raddb/policy.d/filter including configuration file /usr/local/etc/raddb/policy.d/eap including files in directory /usr/local/etc/raddb/sites-enabled/ including configuration file /usr/local/etc/raddb/sites-enabled/default including configuration file /usr/local/etc/raddb/sites-enabled/dhcp_static including configuration file /usr/local/etc/raddb/sites-enabled/inner-tunnel main { security { allow_core_dumps = no } } main { name = "radiusd" prefix = "/usr/local" localstatedir = "/usr/local/var" sbindir = "/usr/local/sbin" logdir = "/usr/local/var/log/radius" run_dir = "/usr/local/var/run/radiusd" libdir = "/usr/local/lib" radacctdir = "/usr/local/var/log/radius/radacct" hostname_lookups = no max_request_time = 30 cleanup_delay = 5 max_requests = 1024 pidfile = "/usr/local/var/run/radiusd/radiusd.pid" checkrad = "/usr/local/sbin/checkrad" debug_level = 0 proxy_requests = yes log { stripped_names = no auth = no auth_badpass = no auth_goodpass = no colourise = yes } security { max_attributes = 200 reject_delay = 1 status_server = yes } } radiusd: #### Loading Realms and Home Servers #### proxy server { retry_delay = 5 retry_count = 3 default_fallback = no dead_time = 120 wake_all_if_all_dead = no } home_server localhost { ipaddr = 127.0.0.1 port = 1812 type = "auth" secret = "testing123" response_window = 20 max_outstanding = 65536 zombie_period = 40 status_check = "status-server" ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 revive_interval = 120 status_check_timeout = 4 coa { irt = 2 mrt = 16 mrc = 5 mrd = 30 } limit { max_connections = 16 max_requests = 0 lifetime = 0 idle_timeout = 0 } } home_server_pool my_auth_failover { type = fail-over home_server = localhost } realm example.com { auth_pool = my_auth_failover } realm LOCAL { } radiusd: #### Loading Clients #### client localhost { ipaddr = 127.0.0.1 require_message_authenticator = no secret = "testing123" nas_type = "other" proto = "*" limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } radiusd: #### Instantiating modules #### instantiate { } modules { # Loaded module rlm_dynamic_clients # Instantiating module "dynamic_clients" from file /usr/local/etc/raddb/mods-enabled/dynamic_clients # Loaded module rlm_logintime # Instantiating module "logintime" from file /usr/local/etc/raddb/mods-enabled/logintime logintime { minimum_timeout = 60 } # Loaded module rlm_preprocess # Instantiating module "preprocess" from file /usr/local/etc/raddb/mods-enabled/preprocess preprocess { huntgroups = "/usr/local/etc/raddb/mods-config/preprocess/huntgroups" hints = "/usr/local/etc/raddb/mods-config/preprocess/hints" with_ascend_hack = no ascend_channels_per_line = 23 with_ntdomain_hack = no with_specialix_jetstream_hack = no with_cisco_vsa_hack = no with_alvarion_vsa_hack = no } reading pairlist file /usr/local/etc/raddb/mods-config/preprocess/huntgroups reading pairlist file /usr/local/etc/raddb/mods-config/preprocess/hints # Loaded module rlm_soh # Instantiating module "soh" from file /usr/local/etc/raddb/mods-enabled/soh soh { dhcp = yes } # Loaded module rlm_dhcp # Instantiating module "dhcp" from file /usr/local/etc/raddb/mods-enabled/dhcp # Loaded module rlm_expr # Instantiating module "expr" from file /usr/local/etc/raddb/mods-enabled/expr expr { safe_characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /" } # Loaded module rlm_files # Instantiating module "files" from file /usr/local/etc/raddb/mods-enabled/files files { filename = "/usr/local/etc/raddb/mods-config/files/authorize" usersfile = "/usr/local/etc/raddb/mods-config/files/authorize" acctusersfile = "/usr/local/etc/raddb/mods-config/files/accounting" preproxy_usersfile = "/usr/local/etc/raddb/mods-config/files/pre-proxy" compat = "no" } reading pairlist file /usr/local/etc/raddb/mods-config/files/authorize reading pairlist file /usr/local/etc/raddb/mods-config/files/authorize reading pairlist file /usr/local/etc/raddb/mods-config/files/accounting reading pairlist file /usr/local/etc/raddb/mods-config/files/pre-proxy # Loaded module rlm_always # Instantiating module "fail" from file /usr/local/etc/raddb/mods-enabled/always always fail { rcode = "fail" simulcount = 0 mpp = no } # Instantiating module "reject" from file /usr/local/etc/raddb/mods-enabled/always always reject { rcode = "reject" simulcount = 0 mpp = no } # Instantiating module "noop" from file /usr/local/etc/raddb/mods-enabled/always always noop { rcode = "noop" simulcount = 0 mpp = no } # Instantiating module "handled" from file /usr/local/etc/raddb/mods-enabled/always always handled { rcode = "handled" simulcount = 0 mpp = no } # Instantiating module "updated" from file /usr/local/etc/raddb/mods-enabled/always always updated { rcode = "updated" simulcount = 0 mpp = no } # Instantiating module "notfound" from file /usr/local/etc/raddb/mods-enabled/always always notfound { rcode = "notfound" simulcount = 0 mpp = no } # Instantiating module "ok" from file /usr/local/etc/raddb/mods-enabled/always always ok { rcode = "ok" simulcount = 0 mpp = no } # Loaded module rlm_replicate # Instantiating module "replicate" from file /usr/local/etc/raddb/mods-enabled/replicate # Loaded module rlm_radutmp # Instantiating module "sradutmp" from file /usr/local/etc/raddb/mods-enabled/sradutmp radutmp sradutmp { filename = "/usr/local/var/log/radius/sradutmp" username = "%{User-Name}" case_sensitive = yes check_with_nas = yes permissions = 420 caller_id = no } # Loaded module rlm_exec # Instantiating module "ntlm_auth" from file /usr/local/etc/raddb/mods-enabled/ntlm_auth exec ntlm_auth { wait = yes program = "/path/to/ntlm_auth --request-nt-key --domain=MYDOMAIN --username=%{mschap:User-Name} --password=%{User-Password}" shell_escape = yes } # Loaded module rlm_detail # Instantiating module "detail" from file /usr/local/etc/raddb/mods-enabled/detail detail { filename = "/usr/local/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d" header = "%t" permissions = 384 dir_permissions = 493 locking = no log_packet_header = no } # Loaded module rlm_mschap # Instantiating module "mschap" from file /usr/local/etc/raddb/mods-enabled/mschap mschap { use_mppe = yes require_encryption = no require_strong = no with_ntdomain_hack = yes passchange { } allow_retry = yes } # Instantiating module "radutmp" from file /usr/local/etc/raddb/mods-enabled/radutmp radutmp { filename = "/usr/local/var/log/radius/radutmp" username = "%{User-Name}" case_sensitive = yes check_with_nas = yes permissions = 384 caller_id = yes } # Instantiating module "exec" from file /usr/local/etc/raddb/mods-enabled/exec exec { wait = no input_pairs = "request" shell_escape = yes timeout = 10 } # Loaded module rlm_cache # Instantiating module "cache_eap" from file /usr/local/etc/raddb/mods-enabled/cache_eap cache cache_eap { key = "%{%{control:State}:-%{%{reply:State}:-%{State}}}" ttl = 15 max_entries = 16384 epoch = 0 add_stats = no } # Loaded module rlm_pap # Instantiating module "pap" from file /usr/local/etc/raddb/mods-enabled/pap pap { auto_header = no normalise = yes } # Loaded module rlm_utf8 # Instantiating module "utf8" from file /usr/local/etc/raddb/mods-enabled/utf8 # Loaded module rlm_chap # Instantiating module "chap" from file /usr/local/etc/raddb/mods-enabled/chap # Loaded module rlm_realm # Instantiating module "IPASS" from file /usr/local/etc/raddb/mods-enabled/realm realm IPASS { format = "prefix" delimiter = "/" ignore_default = no ignore_null = no } # Instantiating module "suffix" from file /usr/local/etc/raddb/mods-enabled/realm realm suffix { format = "suffix" delimiter = "@" ignore_default = no ignore_null = no } # Instantiating module "realmpercent" from file /usr/local/etc/raddb/mods-enabled/realm realm realmpercent { format = "suffix" delimiter = "%" ignore_default = no ignore_null = no } # Instantiating module "ntdomain" from file /usr/local/etc/raddb/mods-enabled/realm realm ntdomain { format = "prefix" delimiter = "\" ignore_default = no ignore_null = no } # Loaded module rlm_digest # Instantiating module "digest" from file /usr/local/etc/raddb/mods-enabled/digest # Loaded module rlm_attr_filter # Instantiating module "attr_filter.post-proxy" from file /usr/local/etc/raddb/mods-enabled/attr_filter attr_filter attr_filter.post-proxy { filename = "/usr/local/etc/raddb/mods-config/attr_filter/post-proxy" key = "%{Realm}" relaxed = no } reading pairlist file /usr/local/etc/raddb/mods-config/attr_filter/post-proxy # Instantiating module "attr_filter.pre-proxy" from file /usr/local/etc/raddb/mods-enabled/attr_filter attr_filter attr_filter.pre-proxy { filename = "/usr/local/etc/raddb/mods-config/attr_filter/pre-proxy" key = "%{Realm}" relaxed = no } reading pairlist file /usr/local/etc/raddb/mods-config/attr_filter/pre-proxy # Instantiating module "attr_filter.access_reject" from file /usr/local/etc/raddb/mods-enabled/attr_filter attr_filter attr_filter.access_reject { filename = "/usr/local/etc/raddb/mods-config/attr_filter/access_reject" key = "%{User-Name}" relaxed = no } reading pairlist file /usr/local/etc/raddb/mods-config/attr_filter/access_reject # Instantiating module "attr_filter.access_challenge" from file /usr/local/etc/raddb/mods-enabled/attr_filter attr_filter attr_filter.access_challenge { filename = "/usr/local/etc/raddb/mods-config/attr_filter/access_challenge" key = "%{User-Name}" relaxed = no } reading pairlist file /usr/local/etc/raddb/mods-config/attr_filter/access_challenge # Instantiating module "attr_filter.accounting_response" from file /usr/local/etc/raddb/mods-enabled/attr_filter attr_filter attr_filter.accounting_response { filename = "/usr/local/etc/raddb/mods-config/attr_filter/accounting_response" key = "%{User-Name}" relaxed = no } reading pairlist file /usr/local/etc/raddb/mods-config/attr_filter/accounting_response # Loaded module rlm_expiration # Instantiating module "expiration" from file /usr/local/etc/raddb/mods-enabled/expiration # Loaded module rlm_passwd # Instantiating module "etc_passwd" from file /usr/local/etc/raddb/mods-enabled/passwd passwd etc_passwd { filename = "/etc/passwd" format = "*User-Name:Crypt-Password:" delimiter = ":" ignore_nislike = no ignore_empty = yes allow_multiple_keys = no hash_size = 100 } rlm_passwd: nfields: 3 keyfield 0(User-Name) listable: no # Instantiating module "echo" from file /usr/local/etc/raddb/mods-enabled/echo exec echo { wait = yes program = "/bin/echo %{User-Name}" input_pairs = "request" output_pairs = "reply" shell_escape = yes } # Instantiating module "auth_log" from file /usr/local/etc/raddb/mods-enabled/detail.log detail auth_log { filename = "/usr/local/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d" header = "%t" permissions = 384 dir_permissions = 493 locking = no log_packet_header = no } rlm_detail (auth_log): 'User-Password' suppressed, will not appear in detail output # Instantiating module "reply_log" from file /usr/local/etc/raddb/mods-enabled/detail.log detail reply_log { filename = "/usr/local/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/reply-detail-%Y%m%d" header = "%t" permissions = 384 dir_permissions = 493 locking = no log_packet_header = no } # Instantiating module "pre_proxy_log" from file /usr/local/etc/raddb/mods-enabled/detail.log detail pre_proxy_log { filename = "/usr/local/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/pre-proxy-detail-%Y%m%d" header = "%t" permissions = 384 dir_permissions = 493 locking = no log_packet_header = no } # Instantiating module "post_proxy_log" from file /usr/local/etc/raddb/mods-enabled/detail.log detail post_proxy_log { filename = "/usr/local/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/post-proxy-detail-%Y%m%d" header = "%t" permissions = 384 dir_permissions = 493 locking = no log_packet_header = no } # Loaded module rlm_unix # Instantiating module "unix" from file /usr/local/etc/raddb/mods-enabled/unix unix { radwtmp = "/usr/local/var/log/radius/radwtmp" } # Loaded module rlm_eap # Instantiating module "eap" from file /usr/local/etc/raddb/mods-enabled/eap eap { default_eap_type = "md5" timer_expire = 60 ignore_unknown_eap_types = no mod_accounting_username_bug = no max_sessions = 4096 } # Linked to sub-module rlm_eap_md5 # Linked to sub-module rlm_eap_leap # Linked to sub-module rlm_eap_gtc gtc { challenge = "Password: " auth_type = "PAP" } # Linked to sub-module rlm_eap_tls tls { tls = "tls-common" } tls-config tls-common { rsa_key_exchange = no dh_key_exchange = yes rsa_key_length = 512 dh_key_length = 512 verify_depth = 0 ca_path = "/usr/local/etc/raddb/certs" pem_file_type = yes private_key_file = "/usr/local/etc/raddb/certs/server.pem" certificate_file = "/usr/local/etc/raddb/certs/server.pem" ca_file = "/usr/local/etc/raddb/certs/ca.pem" private_key_password = "whatever" dh_file = "/usr/local/etc/raddb/certs/dh" fragment_size = 1024 include_length = yes check_crl = no cipher_list = "DEFAULT" ecdh_curve = "prime256v1" cache { enable = yes lifetime = 24 max_entries = 255 } verify { } ocsp { enable = no override_cert_url = yes url = "http://127.0.0.1/ocsp/" use_nonce = yes timeout = 0 softfail = yes } } # Linked to sub-module rlm_eap_ttls ttls { tls = "tls-common" default_eap_type = "md5" copy_request_to_tunnel = no use_tunneled_reply = no virtual_server = "inner-tunnel" include_length = yes require_client_cert = no } Using cached TLS configuration from previous invocation # Linked to sub-module rlm_eap_peap peap { tls = "tls-common" default_method = "mschapv2" copy_request_to_tunnel = no use_tunneled_reply = no proxy_tunneled_request_as_eap = yes virtual_server = "inner-tunnel" soh = no require_client_cert = no } Using cached TLS configuration from previous invocation # Linked to sub-module rlm_eap_mschapv2 mschapv2 { with_ntdomain_hack = no send_error = no } # Loaded module rlm_linelog # Instantiating module "linelog" from file /usr/local/etc/raddb/mods-enabled/linelog linelog { filename = "/usr/local/var/log/radius/linelog" permissions = 384 format = "This is a log message for %{User-Name}" reference = "%{%{Packet-Type}:-format}" } } # modules radiusd: #### Loading Virtual Servers #### server { # from file /usr/local/etc/raddb/radiusd.conf } # server server default { # from file /usr/local/etc/raddb/sites-enabled/default # Creating Auth-Type = digest # Loading authenticate {...} # Loading authorize {...} # Loading virtual module filter_username WARNING: Ignoring "sql" (see raddb/mods-available/README.rst) WARNING: Ignoring "ldap" (see raddb/mods-available/README.rst) # Loading preacct {...} # Loading virtual module acct_unique # Loading accounting {...} WARNING: Ignoring "sql" (see raddb/mods-available/README.rst) # Loading post-proxy {...} # Loading post-auth {...} WARNING: Ignoring "sql" (see raddb/mods-available/README.rst) # Loading virtual module remove_reply_message_if_eap # Loading virtual module remove_reply_message_if_eap } # server default server dhcp { # from file /usr/local/etc/raddb/sites-enabled/dhcp_static Module: Checking dhcp DHCP-Discover {...} for more modules to load Module: Checking dhcp DHCP-Request {...} for more modules to load Module: Checking dhcp (null) {...} for more modules to load } # server dhcp server inner-tunnel { # from file /usr/local/etc/raddb/sites-enabled/inner-tunnel # Loading authenticate {...} # Loading authorize {...} WARNING: Ignoring "sql" (see raddb/mods-available/README.rst) WARNING: Ignoring "ldap" (see raddb/mods-available/README.rst) # Loading session {...} # Loading post-proxy {...} # Loading post-auth {...} WARNING: Ignoring "sql" (see raddb/mods-available/README.rst) } # server inner-tunnel radiusd: #### Opening IP addresses and Ports #### listen { type = "auth" ipaddr = * port = 0 limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } listen { type = "acct" ipaddr = * port = 0 limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } listen { type = "dhcp" ipaddr = * port = 67 } listen { type = "auth" ipaddr = 127.0.0.1 port = 18120 } Listening on auth address * port 1812 as server default Listening on acct address * port 1813 as server default Listening on dhcp interface wlan0 address * port 67 as server dhcp Listening on auth address 127.0.0.1 port 18120 as server inner-tunnel Opening new proxy address * port 1814 Listening on proxy address * port 1814 Ready to process requests. Received DHCP-Discover of id d3fe2513 from 0.0.0.0:68 to 255.255.255.255:67 DHCP-Opcode = Client-Message DHCP-Hardware-Type = Ethernet DHCP-Hardware-Address-Length = 6 DHCP-Hop-Count = 0 DHCP-Transaction-Id = 3556648211 DHCP-Number-of-Seconds = 7 DHCP-Flags = 0 DHCP-Client-IP-Address = 0.0.0.0 DHCP-Your-IP-Address = 0.0.0.0 DHCP-Server-IP-Address = 0.0.0.0 DHCP-Gateway-IP-Address = 0.0.0.0 DHCP-Client-Hardware-Address = 00:0f:55:a6:16:e2 DHCP-Message-Type += DHCP-Discover DHCP-Hostname += 'hugh-pi2' DHCP-Parameter-Request-List += DHCP-Subnet-Mask DHCP-Parameter-Request-List += DHCP-Broadcast-Address DHCP-Parameter-Request-List += DHCP-Time-Offset DHCP-Parameter-Request-List += DHCP-Router-Address DHCP-Parameter-Request-List += DHCP-Domain-Name DHCP-Parameter-Request-List += DHCP-Domain-Name-Server DHCP-Parameter-Request-List += DHCP-Domain-Search DHCP-Parameter-Request-List += DHCP-Hostname DHCP-Parameter-Request-List += DHCP-NETBIOS-Name-Servers DHCP-Parameter-Request-List += DHCP-NETBIOS DHCP-Parameter-Request-List += DHCP-Interface-MTU-Size DHCP-Parameter-Request-List += DHCP-Classless-Static-Route DHCP-Parameter-Request-List += DHCP-NTP-Servers Trying sub-section dhcp DHCP-Discover {...} (0) dhcp DHCP-Discover { (0) update reply { (0) DHCP-Message-Type = DHCP-Offer (0) } # update reply = noop (0) update reply { (0) DHCP-DHCP-Server-Identifier = 10.199.100.1 (0) DHCP-IP-Address-Lease-Time = 600 (0) DHCP-Subnet-Mask = 255.255.255.240 (0) DHCP-Router-Address = 10.199.100.1 (0) DHCP-Domain-Name-Server = 10.1.30.170 (0) DHCP-Domain-Name = 'mclenaghan.local' (0) DHCP-Broadcast-Address = 10.199.100.15 (0) DHCP-Server-IP-Address = 10.199.100.1 (0) DHCP-Your-IP-Address = 10.199.100.5 (0) DHCP-Server-Host-Name = 'wipi_2' (0) } # update reply = noop (0) [ok] = ok (0) } # dhcp DHCP-Discover = ok (0) DHCP: Reply will be unicast to your-ip-address DHCP-Opcode = Server-Message DHCP-Hardware-Type = Ethernet DHCP-Hardware-Address-Length = 6 DHCP-Hop-Count = 0 DHCP-Transaction-Id = 3556648211 DHCP-Number-of-Seconds = 0 DHCP-Flags = 0 DHCP-Client-IP-Address = 0.0.0.0 DHCP-Your-IP-Address = 10.199.100.5 DHCP-Server-IP-Address = 0.0.0.0 DHCP-Gateway-IP-Address = 0.0.0.0 DHCP-Client-Hardware-Address = 00:0f:55:a6:16:e2 DHCP-Server-Host-Name = 'wipi_2' DHCP-Boot-Filename = '' DHCP-Subnet-Mask = 255.255.255.240 DHCP-Router-Address = 10.199.100.1 DHCP-Domain-Name-Server = 10.1.30.170 DHCP-Domain-Name = 'mclenaghan.local' DHCP-Broadcast-Address = 10.199.100.15 DHCP-IP-Address-Lease-Time = 600 DHCP-DHCP-Server-Identifier = 10.199.100.1 Sending DHCP-Offer of id d3fe2513 from 0.0.0.0:67 to 10.199.100.5:68 (0) Finished request 0. Waking up in 0.3 seconds. Waking up in 4.6 seconds. (0) Cleaning up request packet ID 3556648211 with timestamp +51 Ready to process requests. Received DHCP-Discover of id d3fe2513 from 0.0.0.0:68 to 255.255.255.255:67 DHCP-Opcode = Client-Message DHCP-Hardware-Type = Ethernet DHCP-Hardware-Address-Length = 6 DHCP-Hop-Count = 0 DHCP-Transaction-Id = 3556648211 DHCP-Number-of-Seconds = 21 DHCP-Flags = 0 DHCP-Client-IP-Address = 0.0.0.0 DHCP-Your-IP-Address = 0.0.0.0 DHCP-Server-IP-Address = 0.0.0.0 DHCP-Gateway-IP-Address = 0.0.0.0 DHCP-Client-Hardware-Address = 00:0f:55:a6:16:e2 DHCP-Message-Type += DHCP-Discover DHCP-Hostname += 'hugh-pi2' DHCP-Parameter-Request-List += DHCP-Subnet-Mask DHCP-Parameter-Request-List += DHCP-Broadcast-Address DHCP-Parameter-Request-List += DHCP-Time-Offset DHCP-Parameter-Request-List += DHCP-Router-Address DHCP-Parameter-Request-List += DHCP-Domain-Name DHCP-Parameter-Request-List += DHCP-Domain-Name-Server DHCP-Parameter-Request-List += DHCP-Domain-Search DHCP-Parameter-Request-List += DHCP-Hostname DHCP-Parameter-Request-List += DHCP-NETBIOS-Name-Servers DHCP-Parameter-Request-List += DHCP-NETBIOS DHCP-Parameter-Request-List += DHCP-Interface-MTU-Size DHCP-Parameter-Request-List += DHCP-Classless-Static-Route DHCP-Parameter-Request-List += DHCP-NTP-Servers Trying sub-section dhcp DHCP-Discover {...} (1) dhcp DHCP-Discover { (1) update reply { (1) DHCP-Message-Type = DHCP-Offer (1) } # update reply = noop (1) update reply { (1) DHCP-DHCP-Server-Identifier = 10.199.100.1 (1) DHCP-IP-Address-Lease-Time = 600 (1) DHCP-Subnet-Mask = 255.255.255.240 (1) DHCP-Router-Address = 10.199.100.1 (1) DHCP-Domain-Name-Server = 10.1.30.170 (1) DHCP-Domain-Name = 'mclenaghan.local' (1) DHCP-Broadcast-Address = 10.199.100.15 (1) DHCP-Server-IP-Address = 10.199.100.1 (1) DHCP-Your-IP-Address = 10.199.100.5 (1) DHCP-Server-Host-Name = 'wipi_2' (1) } # update reply = noop (1) [ok] = ok (1) } # dhcp DHCP-Discover = ok (1) DHCP: Reply will be unicast to your-ip-address DHCP-Opcode = Server-Message DHCP-Hardware-Type = Ethernet DHCP-Hardware-Address-Length = 6 DHCP-Hop-Count = 0 DHCP-Transaction-Id = 3556648211 DHCP-Number-of-Seconds = 0 DHCP-Flags = 0 DHCP-Client-IP-Address = 0.0.0.0 DHCP-Your-IP-Address = 10.199.100.5 DHCP-Server-IP-Address = 0.0.0.0 DHCP-Gateway-IP-Address = 0.0.0.0 DHCP-Client-Hardware-Address = 00:0f:55:a6:16:e2 DHCP-Server-Host-Name = 'wipi_2' DHCP-Boot-Filename = '' DHCP-Subnet-Mask = 255.255.255.240 DHCP-Router-Address = 10.199.100.1 DHCP-Domain-Name-Server = 10.1.30.170 DHCP-Domain-Name = 'mclenaghan.local' DHCP-Broadcast-Address = 10.199.100.15 DHCP-IP-Address-Lease-Time = 600 DHCP-DHCP-Server-Identifier = 10.199.100.1 Sending DHCP-Offer of id d3fe2513 from 0.0.0.0:67 to 10.199.100.5:68 (1) Finished request 1. Waking up in 0.3 seconds. Waking up in 4.6 seconds. (1) Cleaning up request packet ID 3556648211 with timestamp +65 Ready to process requests. ----------------------------------------
Date: Wed, 12 Mar 2014 14:00:07 -0400 From: aland@deployingradius.com To: freeradius-users@lists.freeradius.org Subject: Re: Issue with DHCP with Wireless card
Hugh McLenaghan wrote:
Starting FreeRADIUS:Wed Mar 12 11:10:22 2014 : Info: radiusd: FreeRADIUS Version 3.1.0 (git #b71e353), for host armv6l-unknown-linux-gnu, built on Mar 12 2014 at 01:50:59
Please use v3.0.2 branch. The "master" branch is undergoing heavy development. And also use "radiusd -X". Using "-Xx" doesn't help.
Are you running this as root? The DHCP code requires that for proper operation. You should also set the "interface" entry in the listen section for dhcp. That will tell it to receive / send packets on the correct interface.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Same result with: 0.0.0.0 instead of * Starting FreeRADIUS:radiusd: FreeRADIUS Version 3.0.1, for host armv6l-unknown-linux-gnu, built on Mar 12 2014 at 13:46:39 Copyright (C) 1999-2014 The FreeRADIUS server project and contributors There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License For more information about these matters, see the file named COPYRIGHT Starting - reading configuration files ... including dictionary file /usr/local/etc/raddb/dictionary including configuration file /usr/local/etc/raddb/radiusd.conf including configuration file /usr/local/etc/raddb/proxy.conf including configuration file /usr/local/etc/raddb/clients.conf including files in directory /usr/local/etc/raddb/mods-enabled/ including configuration file /usr/local/etc/raddb/mods-enabled/dynamic_clients including configuration file /usr/local/etc/raddb/mods-enabled/logintime including configuration file /usr/local/etc/raddb/mods-enabled/preprocess including configuration file /usr/local/etc/raddb/mods-enabled/soh including configuration file /usr/local/etc/raddb/mods-enabled/dhcp including configuration file /usr/local/etc/raddb/mods-enabled/expr including configuration file /usr/local/etc/raddb/mods-enabled/files including configuration file /usr/local/etc/raddb/mods-enabled/always including configuration file /usr/local/etc/raddb/mods-enabled/replicate including configuration file /usr/local/etc/raddb/mods-enabled/sradutmp including configuration file /usr/local/etc/raddb/mods-enabled/ntlm_auth including configuration file /usr/local/etc/raddb/mods-enabled/detail including configuration file /usr/local/etc/raddb/mods-enabled/mschap including configuration file /usr/local/etc/raddb/mods-enabled/radutmp including configuration file /usr/local/etc/raddb/mods-enabled/exec including configuration file /usr/local/etc/raddb/mods-enabled/cache_eap including configuration file /usr/local/etc/raddb/mods-enabled/pap including configuration file /usr/local/etc/raddb/mods-enabled/utf8 including configuration file /usr/local/etc/raddb/mods-enabled/chap including configuration file /usr/local/etc/raddb/mods-enabled/realm including configuration file /usr/local/etc/raddb/mods-enabled/digest including configuration file /usr/local/etc/raddb/mods-enabled/attr_filter including configuration file /usr/local/etc/raddb/mods-enabled/expiration including configuration file /usr/local/etc/raddb/mods-enabled/passwd including configuration file /usr/local/etc/raddb/mods-enabled/echo including configuration file /usr/local/etc/raddb/mods-enabled/detail.log including configuration file /usr/local/etc/raddb/mods-enabled/unix including configuration file /usr/local/etc/raddb/mods-enabled/eap including configuration file /usr/local/etc/raddb/mods-enabled/linelog including files in directory /usr/local/etc/raddb/policy.d/ including configuration file /usr/local/etc/raddb/policy.d/control including configuration file /usr/local/etc/raddb/policy.d/dhcp including configuration file /usr/local/etc/raddb/policy.d/canonicalization including configuration file /usr/local/etc/raddb/policy.d/cui including configuration file /usr/local/etc/raddb/policy.d/operator-name including configuration file /usr/local/etc/raddb/policy.d/accounting including configuration file /usr/local/etc/raddb/policy.d/filter including configuration file /usr/local/etc/raddb/policy.d/eap including files in directory /usr/local/etc/raddb/sites-enabled/ including configuration file /usr/local/etc/raddb/sites-enabled/default including configuration file /usr/local/etc/raddb/sites-enabled/dhcp_static including configuration file /usr/local/etc/raddb/sites-enabled/inner-tunnel main { security { allow_core_dumps = no } } main { name = "radiusd" prefix = "/usr/local" localstatedir = "/usr/local/var" sbindir = "/usr/local/sbin" logdir = "/usr/local/var/log/radius" run_dir = "/usr/local/var/run/radiusd" libdir = "/usr/local/lib" radacctdir = "/usr/local/var/log/radius/radacct" hostname_lookups = no max_request_time = 30 cleanup_delay = 5 max_requests = 1024 pidfile = "/usr/local/var/run/radiusd/radiusd.pid" checkrad = "/usr/local/sbin/checkrad" debug_level = 0 proxy_requests = yes log { stripped_names = no auth = no auth_badpass = no auth_goodpass = no colourise = yes } security { max_attributes = 200 reject_delay = 1 status_server = yes } } radiusd: #### Loading Realms and Home Servers #### proxy server { retry_delay = 5 retry_count = 3 default_fallback = no dead_time = 120 wake_all_if_all_dead = no } home_server localhost { ipaddr = 127.0.0.1 port = 1812 type = "auth" secret = "testing123" response_window = 20 max_outstanding = 65536 zombie_period = 40 status_check = "status-server" ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 revive_interval = 120 status_check_timeout = 4 coa { irt = 2 mrt = 16 mrc = 5 mrd = 30 } limit { max_connections = 16 max_requests = 0 lifetime = 0 idle_timeout = 0 } } home_server_pool my_auth_failover { type = fail-over home_server = localhost } realm example.com { auth_pool = my_auth_failover } realm LOCAL { } radiusd: #### Loading Clients #### client localhost { ipaddr = 127.0.0.1 require_message_authenticator = no secret = "testing123" nas_type = "other" proto = "*" limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } radiusd: #### Instantiating modules #### instantiate { } modules { # Loaded module rlm_dynamic_clients # Instantiating module "dynamic_clients" from file /usr/local/etc/raddb/mods-enabled/dynamic_clients # Loaded module rlm_logintime # Instantiating module "logintime" from file /usr/local/etc/raddb/mods-enabled/logintime logintime { minimum_timeout = 60 } # Loaded module rlm_preprocess # Instantiating module "preprocess" from file /usr/local/etc/raddb/mods-enabled/preprocess preprocess { huntgroups = "/usr/local/etc/raddb/mods-config/preprocess/huntgroups" hints = "/usr/local/etc/raddb/mods-config/preprocess/hints" with_ascend_hack = no ascend_channels_per_line = 23 with_ntdomain_hack = no with_specialix_jetstream_hack = no with_cisco_vsa_hack = no with_alvarion_vsa_hack = no } reading pairlist file /usr/local/etc/raddb/mods-config/preprocess/huntgroups reading pairlist file /usr/local/etc/raddb/mods-config/preprocess/hints # Loaded module rlm_soh # Instantiating module "soh" from file /usr/local/etc/raddb/mods-enabled/soh soh { dhcp = yes } # Loaded module rlm_dhcp # Instantiating module "dhcp" from file /usr/local/etc/raddb/mods-enabled/dhcp # Loaded module rlm_expr # Instantiating module "expr" from file /usr/local/etc/raddb/mods-enabled/expr expr { safe_characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /" } # Loaded module rlm_files # Instantiating module "files" from file /usr/local/etc/raddb/mods-enabled/files files { filename = "/usr/local/etc/raddb/mods-config/files/authorize" usersfile = "/usr/local/etc/raddb/mods-config/files/authorize" acctusersfile = "/usr/local/etc/raddb/mods-config/files/accounting" preproxy_usersfile = "/usr/local/etc/raddb/mods-config/files/pre-proxy" compat = "no" } reading pairlist file /usr/local/etc/raddb/mods-config/files/authorize reading pairlist file /usr/local/etc/raddb/mods-config/files/authorize reading pairlist file /usr/local/etc/raddb/mods-config/files/accounting reading pairlist file /usr/local/etc/raddb/mods-config/files/pre-proxy # Loaded module rlm_always # Instantiating module "fail" from file /usr/local/etc/raddb/mods-enabled/always always fail { rcode = "fail" simulcount = 0 mpp = no } # Instantiating module "reject" from file /usr/local/etc/raddb/mods-enabled/always always reject { rcode = "reject" simulcount = 0 mpp = no } # Instantiating module "noop" from file /usr/local/etc/raddb/mods-enabled/always always noop { rcode = "noop" simulcount = 0 mpp = no } # Instantiating module "handled" from file /usr/local/etc/raddb/mods-enabled/always always handled { rcode = "handled" simulcount = 0 mpp = no } # Instantiating module "updated" from file /usr/local/etc/raddb/mods-enabled/always always updated { rcode = "updated" simulcount = 0 mpp = no } # Instantiating module "notfound" from file /usr/local/etc/raddb/mods-enabled/always always notfound { rcode = "notfound" simulcount = 0 mpp = no } # Instantiating module "ok" from file /usr/local/etc/raddb/mods-enabled/always always ok { rcode = "ok" simulcount = 0 mpp = no } # Loaded module rlm_replicate # Instantiating module "replicate" from file /usr/local/etc/raddb/mods-enabled/replicate # Loaded module rlm_radutmp # Instantiating module "sradutmp" from file /usr/local/etc/raddb/mods-enabled/sradutmp radutmp sradutmp { filename = "/usr/local/var/log/radius/sradutmp" username = "%{User-Name}" case_sensitive = yes check_with_nas = yes permissions = 420 caller_id = no } # Loaded module rlm_exec # Instantiating module "ntlm_auth" from file /usr/local/etc/raddb/mods-enabled/ntlm_auth exec ntlm_auth { wait = yes program = "/path/to/ntlm_auth --request-nt-key --domain=MYDOMAIN --username=%{mschap:User-Name} --password=%{User-Password}" shell_escape = yes } # Loaded module rlm_detail # Instantiating module "detail" from file /usr/local/etc/raddb/mods-enabled/detail detail { filename = "/usr/local/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d" header = "%t" permissions = 384 dir_permissions = 493 locking = no log_packet_header = no } # Loaded module rlm_mschap # Instantiating module "mschap" from file /usr/local/etc/raddb/mods-enabled/mschap mschap { use_mppe = yes require_encryption = no require_strong = no with_ntdomain_hack = yes passchange { } allow_retry = yes } # Instantiating module "radutmp" from file /usr/local/etc/raddb/mods-enabled/radutmp radutmp { filename = "/usr/local/var/log/radius/radutmp" username = "%{User-Name}" case_sensitive = yes check_with_nas = yes permissions = 384 caller_id = yes } # Instantiating module "exec" from file /usr/local/etc/raddb/mods-enabled/exec exec { wait = no input_pairs = "request" shell_escape = yes timeout = 10 } # Loaded module rlm_cache # Instantiating module "cache_eap" from file /usr/local/etc/raddb/mods-enabled/cache_eap cache cache_eap { key = "%{%{control:State}:-%{%{reply:State}:-%{State}}}" ttl = 15 max_entries = 16384 epoch = 0 add_stats = no } # Loaded module rlm_pap # Instantiating module "pap" from file /usr/local/etc/raddb/mods-enabled/pap pap { auto_header = no normalise = yes } # Loaded module rlm_utf8 # Instantiating module "utf8" from file /usr/local/etc/raddb/mods-enabled/utf8 # Loaded module rlm_chap # Instantiating module "chap" from file /usr/local/etc/raddb/mods-enabled/chap # Loaded module rlm_realm # Instantiating module "IPASS" from file /usr/local/etc/raddb/mods-enabled/realm realm IPASS { format = "prefix" delimiter = "/" ignore_default = no ignore_null = no } # Instantiating module "suffix" from file /usr/local/etc/raddb/mods-enabled/realm realm suffix { format = "suffix" delimiter = "@" ignore_default = no ignore_null = no } # Instantiating module "realmpercent" from file /usr/local/etc/raddb/mods-enabled/realm realm realmpercent { format = "suffix" delimiter = "%" ignore_default = no ignore_null = no } # Instantiating module "ntdomain" from file /usr/local/etc/raddb/mods-enabled/realm realm ntdomain { format = "prefix" delimiter = "\" ignore_default = no ignore_null = no } # Loaded module rlm_digest # Instantiating module "digest" from file /usr/local/etc/raddb/mods-enabled/digest # Loaded module rlm_attr_filter # Instantiating module "attr_filter.post-proxy" from file /usr/local/etc/raddb/mods-enabled/attr_filter attr_filter attr_filter.post-proxy { filename = "/usr/local/etc/raddb/mods-config/attr_filter/post-proxy" key = "%{Realm}" relaxed = no } reading pairlist file /usr/local/etc/raddb/mods-config/attr_filter/post-proxy # Instantiating module "attr_filter.pre-proxy" from file /usr/local/etc/raddb/mods-enabled/attr_filter attr_filter attr_filter.pre-proxy { filename = "/usr/local/etc/raddb/mods-config/attr_filter/pre-proxy" key = "%{Realm}" relaxed = no } reading pairlist file /usr/local/etc/raddb/mods-config/attr_filter/pre-proxy # Instantiating module "attr_filter.access_reject" from file /usr/local/etc/raddb/mods-enabled/attr_filter attr_filter attr_filter.access_reject { filename = "/usr/local/etc/raddb/mods-config/attr_filter/access_reject" key = "%{User-Name}" relaxed = no } reading pairlist file /usr/local/etc/raddb/mods-config/attr_filter/access_reject # Instantiating module "attr_filter.access_challenge" from file /usr/local/etc/raddb/mods-enabled/attr_filter attr_filter attr_filter.access_challenge { filename = "/usr/local/etc/raddb/mods-config/attr_filter/access_challenge" key = "%{User-Name}" relaxed = no } reading pairlist file /usr/local/etc/raddb/mods-config/attr_filter/access_challenge # Instantiating module "attr_filter.accounting_response" from file /usr/local/etc/raddb/mods-enabled/attr_filter attr_filter attr_filter.accounting_response { filename = "/usr/local/etc/raddb/mods-config/attr_filter/accounting_response" key = "%{User-Name}" relaxed = no } reading pairlist file /usr/local/etc/raddb/mods-config/attr_filter/accounting_response # Loaded module rlm_expiration # Instantiating module "expiration" from file /usr/local/etc/raddb/mods-enabled/expiration # Loaded module rlm_passwd # Instantiating module "etc_passwd" from file /usr/local/etc/raddb/mods-enabled/passwd passwd etc_passwd { filename = "/etc/passwd" format = "*User-Name:Crypt-Password:" delimiter = ":" ignore_nislike = no ignore_empty = yes allow_multiple_keys = no hash_size = 100 } rlm_passwd: nfields: 3 keyfield 0(User-Name) listable: no # Instantiating module "echo" from file /usr/local/etc/raddb/mods-enabled/echo exec echo { wait = yes program = "/bin/echo %{User-Name}" input_pairs = "request" output_pairs = "reply" shell_escape = yes } # Instantiating module "auth_log" from file /usr/local/etc/raddb/mods-enabled/detail.log detail auth_log { filename = "/usr/local/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d" header = "%t" permissions = 384 dir_permissions = 493 locking = no log_packet_header = no } rlm_detail (auth_log): 'User-Password' suppressed, will not appear in detail output # Instantiating module "reply_log" from file /usr/local/etc/raddb/mods-enabled/detail.log detail reply_log { filename = "/usr/local/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/reply-detail-%Y%m%d" header = "%t" permissions = 384 dir_permissions = 493 locking = no log_packet_header = no } # Instantiating module "pre_proxy_log" from file /usr/local/etc/raddb/mods-enabled/detail.log detail pre_proxy_log { filename = "/usr/local/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/pre-proxy-detail-%Y%m%d" header = "%t" permissions = 384 dir_permissions = 493 locking = no log_packet_header = no } # Instantiating module "post_proxy_log" from file /usr/local/etc/raddb/mods-enabled/detail.log detail post_proxy_log { filename = "/usr/local/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/post-proxy-detail-%Y%m%d" header = "%t" permissions = 384 dir_permissions = 493 locking = no log_packet_header = no } # Loaded module rlm_unix # Instantiating module "unix" from file /usr/local/etc/raddb/mods-enabled/unix unix { radwtmp = "/usr/local/var/log/radius/radwtmp" } # Loaded module rlm_eap # Instantiating module "eap" from file /usr/local/etc/raddb/mods-enabled/eap eap { default_eap_type = "md5" timer_expire = 60 ignore_unknown_eap_types = no mod_accounting_username_bug = no max_sessions = 4096 } # Linked to sub-module rlm_eap_md5 # Linked to sub-module rlm_eap_leap # Linked to sub-module rlm_eap_gtc gtc { challenge = "Password: " auth_type = "PAP" } # Linked to sub-module rlm_eap_tls tls { tls = "tls-common" } tls-config tls-common { rsa_key_exchange = no dh_key_exchange = yes rsa_key_length = 512 dh_key_length = 512 verify_depth = 0 ca_path = "/usr/local/etc/raddb/certs" pem_file_type = yes private_key_file = "/usr/local/etc/raddb/certs/server.pem" certificate_file = "/usr/local/etc/raddb/certs/server.pem" ca_file = "/usr/local/etc/raddb/certs/ca.pem" private_key_password = "whatever" dh_file = "/usr/local/etc/raddb/certs/dh" fragment_size = 1024 include_length = yes check_crl = no cipher_list = "DEFAULT" ecdh_curve = "prime256v1" cache { enable = yes lifetime = 24 max_entries = 255 } verify { } ocsp { enable = no override_cert_url = yes url = "http://127.0.0.1/ocsp/" use_nonce = yes timeout = 0 softfail = yes } } # Linked to sub-module rlm_eap_ttls ttls { tls = "tls-common" default_eap_type = "md5" copy_request_to_tunnel = no use_tunneled_reply = no virtual_server = "inner-tunnel" include_length = yes require_client_cert = no } Using cached TLS configuration from previous invocation # Linked to sub-module rlm_eap_peap peap { tls = "tls-common" default_method = "mschapv2" copy_request_to_tunnel = no use_tunneled_reply = no proxy_tunneled_request_as_eap = yes virtual_server = "inner-tunnel" soh = no require_client_cert = no } Using cached TLS configuration from previous invocation # Linked to sub-module rlm_eap_mschapv2 mschapv2 { with_ntdomain_hack = no send_error = no } # Loaded module rlm_linelog # Instantiating module "linelog" from file /usr/local/etc/raddb/mods-enabled/linelog linelog { filename = "/usr/local/var/log/radius/linelog" permissions = 384 format = "This is a log message for %{User-Name}" reference = "%{%{Packet-Type}:-format}" } } # modules radiusd: #### Loading Virtual Servers #### server { # from file /usr/local/etc/raddb/radiusd.conf } # server server default { # from file /usr/local/etc/raddb/sites-enabled/default # Creating Auth-Type = digest # Loading authenticate {...} # Loading authorize {...} # Loading virtual module filter_username WARNING: Ignoring "sql" (see raddb/mods-available/README.rst) WARNING: Ignoring "ldap" (see raddb/mods-available/README.rst) # Loading preacct {...} # Loading virtual module acct_unique # Loading accounting {...} WARNING: Ignoring "sql" (see raddb/mods-available/README.rst) # Loading post-proxy {...} # Loading post-auth {...} WARNING: Ignoring "sql" (see raddb/mods-available/README.rst) # Loading virtual module remove_reply_message_if_eap # Loading virtual module remove_reply_message_if_eap } # server default server dhcp { # from file /usr/local/etc/raddb/sites-enabled/dhcp_static Module: Checking dhcp DHCP-Discover {...} for more modules to load Module: Checking dhcp DHCP-Request {...} for more modules to load Module: Checking dhcp (null) {...} for more modules to load } # server dhcp server inner-tunnel { # from file /usr/local/etc/raddb/sites-enabled/inner-tunnel # Loading authenticate {...} # Loading authorize {...} WARNING: Ignoring "sql" (see raddb/mods-available/README.rst) WARNING: Ignoring "ldap" (see raddb/mods-available/README.rst) # Loading session {...} # Loading post-proxy {...} # Loading post-auth {...} WARNING: Ignoring "sql" (see raddb/mods-available/README.rst) } # server inner-tunnel radiusd: #### Opening IP addresses and Ports #### listen { type = "auth" ipaddr = * port = 0 limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } listen { type = "acct" ipaddr = * port = 0 limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } listen { type = "dhcp" ipaddr = 0.0.0.0 port = 67 } listen { type = "auth" ipaddr = 127.0.0.1 port = 18120 } Listening on auth address * port 1812 as server default Listening on acct address * port 1813 as server default Listening on dhcp interface wlan0 address * port 67 as server dhcp Listening on auth address 127.0.0.1 port 18120 as server inner-tunnel Opening new proxy address * port 1814 Listening on proxy address * port 1814 Ready to process requests. Received DHCP-Discover of id 623ba931 from 0.0.0.0:68 to 255.255.255.255:67 DHCP-Opcode = Client-Message DHCP-Hardware-Type = Ethernet DHCP-Hardware-Address-Length = 6 DHCP-Hop-Count = 0 DHCP-Transaction-Id = 1648077105 DHCP-Number-of-Seconds = 4 DHCP-Flags = 0 DHCP-Client-IP-Address = 0.0.0.0 DHCP-Your-IP-Address = 0.0.0.0 DHCP-Server-IP-Address = 0.0.0.0 DHCP-Gateway-IP-Address = 0.0.0.0 DHCP-Client-Hardware-Address = 00:0f:55:a6:16:e2 DHCP-Message-Type += DHCP-Discover DHCP-Hostname += 'hugh-pi2' DHCP-Parameter-Request-List += DHCP-Subnet-Mask DHCP-Parameter-Request-List += DHCP-Broadcast-Address DHCP-Parameter-Request-List += DHCP-Time-Offset DHCP-Parameter-Request-List += DHCP-Router-Address DHCP-Parameter-Request-List += DHCP-Domain-Name DHCP-Parameter-Request-List += DHCP-Domain-Name-Server DHCP-Parameter-Request-List += DHCP-Domain-Search DHCP-Parameter-Request-List += DHCP-Hostname DHCP-Parameter-Request-List += DHCP-NETBIOS-Name-Servers DHCP-Parameter-Request-List += DHCP-NETBIOS DHCP-Parameter-Request-List += DHCP-Interface-MTU-Size DHCP-Parameter-Request-List += DHCP-Classless-Static-Route DHCP-Parameter-Request-List += DHCP-NTP-Servers Trying sub-section dhcp DHCP-Discover {...} (0) dhcp DHCP-Discover { (0) update reply { (0) DHCP-Message-Type = DHCP-Offer (0) } # update reply = noop (0) update reply { (0) DHCP-DHCP-Server-Identifier = 10.199.100.1 (0) DHCP-IP-Address-Lease-Time = 600 (0) DHCP-Subnet-Mask = 255.255.255.240 (0) DHCP-Router-Address = 10.199.100.1 (0) DHCP-Domain-Name-Server = 10.1.30.170 (0) DHCP-Domain-Name = 'mclenaghan.local' (0) DHCP-Broadcast-Address = 10.199.100.15 (0) DHCP-Server-IP-Address = 10.199.100.1 (0) DHCP-Your-IP-Address = 10.199.100.5 (0) DHCP-Server-Host-Name = 'wipi_2' (0) } # update reply = noop (0) [ok] = ok (0) } # dhcp DHCP-Discover = ok (0) DHCP: Reply will be unicast to your-ip-address DHCP-Opcode = Server-Message DHCP-Hardware-Type = Ethernet DHCP-Hardware-Address-Length = 6 DHCP-Hop-Count = 0 DHCP-Transaction-Id = 1648077105 DHCP-Number-of-Seconds = 0 DHCP-Flags = 0 DHCP-Client-IP-Address = 0.0.0.0 DHCP-Your-IP-Address = 10.199.100.5 DHCP-Server-IP-Address = 0.0.0.0 DHCP-Gateway-IP-Address = 0.0.0.0 DHCP-Client-Hardware-Address = 00:0f:55:a6:16:e2 DHCP-Server-Host-Name = 'wipi_2' DHCP-Boot-Filename = '' DHCP-Subnet-Mask = 255.255.255.240 DHCP-Router-Address = 10.199.100.1 DHCP-Domain-Name-Server = 10.1.30.170 DHCP-Domain-Name = 'mclenaghan.local' DHCP-Broadcast-Address = 10.199.100.15 DHCP-IP-Address-Lease-Time = 600 DHCP-DHCP-Server-Identifier = 10.199.100.1 Sending DHCP-Offer of id 623ba931 from 0.0.0.0:67 to 10.199.100.5:68 (0) Finished request 0. Waking up in 0.3 seconds. Waking up in 4.6 seconds. (0) Cleaning up request packet ID 1648077105 with timestamp +17 Ready to process requests. Received DHCP-Discover of id 623ba931 from 0.0.0.0:68 to 255.255.255.255:67 DHCP-Opcode = Client-Message DHCP-Hardware-Type = Ethernet DHCP-Hardware-Address-Length = 6 DHCP-Hop-Count = 0 DHCP-Transaction-Id = 1648077105 DHCP-Number-of-Seconds = 14 DHCP-Flags = 0 DHCP-Client-IP-Address = 0.0.0.0 DHCP-Your-IP-Address = 0.0.0.0 DHCP-Server-IP-Address = 0.0.0.0 DHCP-Gateway-IP-Address = 0.0.0.0 DHCP-Client-Hardware-Address = 00:0f:55:a6:16:e2 DHCP-Message-Type += DHCP-Discover DHCP-Hostname += 'hugh-pi2' DHCP-Parameter-Request-List += DHCP-Subnet-Mask DHCP-Parameter-Request-List += DHCP-Broadcast-Address DHCP-Parameter-Request-List += DHCP-Time-Offset DHCP-Parameter-Request-List += DHCP-Router-Address DHCP-Parameter-Request-List += DHCP-Domain-Name DHCP-Parameter-Request-List += DHCP-Domain-Name-Server DHCP-Parameter-Request-List += DHCP-Domain-Search DHCP-Parameter-Request-List += DHCP-Hostname DHCP-Parameter-Request-List += DHCP-NETBIOS-Name-Servers DHCP-Parameter-Request-List += DHCP-NETBIOS DHCP-Parameter-Request-List += DHCP-Interface-MTU-Size DHCP-Parameter-Request-List += DHCP-Classless-Static-Route DHCP-Parameter-Request-List += DHCP-NTP-Servers Trying sub-section dhcp DHCP-Discover {...} (1) dhcp DHCP-Discover { (1) update reply { (1) DHCP-Message-Type = DHCP-Offer (1) } # update reply = noop (1) update reply { (1) DHCP-DHCP-Server-Identifier = 10.199.100.1 (1) DHCP-IP-Address-Lease-Time = 600 (1) DHCP-Subnet-Mask = 255.255.255.240 (1) DHCP-Router-Address = 10.199.100.1 (1) DHCP-Domain-Name-Server = 10.1.30.170 (1) DHCP-Domain-Name = 'mclenaghan.local' (1) DHCP-Broadcast-Address = 10.199.100.15 (1) DHCP-Server-IP-Address = 10.199.100.1 (1) DHCP-Your-IP-Address = 10.199.100.5 (1) DHCP-Server-Host-Name = 'wipi_2' (1) } # update reply = noop (1) [ok] = ok (1) } # dhcp DHCP-Discover = ok (1) DHCP: Reply will be unicast to your-ip-address DHCP-Opcode = Server-Message DHCP-Hardware-Type = Ethernet DHCP-Hardware-Address-Length = 6 DHCP-Hop-Count = 0 DHCP-Transaction-Id = 1648077105 DHCP-Number-of-Seconds = 0 DHCP-Flags = 0 DHCP-Client-IP-Address = 0.0.0.0 DHCP-Your-IP-Address = 10.199.100.5 DHCP-Server-IP-Address = 0.0.0.0 DHCP-Gateway-IP-Address = 0.0.0.0 DHCP-Client-Hardware-Address = 00:0f:55:a6:16:e2 DHCP-Server-Host-Name = 'wipi_2' DHCP-Boot-Filename = '' DHCP-Subnet-Mask = 255.255.255.240 DHCP-Router-Address = 10.199.100.1 DHCP-Domain-Name-Server = 10.1.30.170 DHCP-Domain-Name = 'mclenaghan.local' DHCP-Broadcast-Address = 10.199.100.15 DHCP-IP-Address-Lease-Time = 600 DHCP-DHCP-Server-Identifier = 10.199.100.1 Sending DHCP-Offer of id 623ba931 from 0.0.0.0:67 to 10.199.100.5:68 (1) Finished request 1. Waking up in 0.3 seconds. Waking up in 4.6 seconds. ----------------------------------------
Date: Wed, 12 Mar 2014 14:00:07 -0400 From: aland@deployingradius.com To: freeradius-users@lists.freeradius.org Subject: Re: Issue with DHCP with Wireless card
Hugh McLenaghan wrote:
Starting FreeRADIUS:Wed Mar 12 11:10:22 2014 : Info: radiusd: FreeRADIUS Version 3.1.0 (git #b71e353), for host armv6l-unknown-linux-gnu, built on Mar 12 2014 at 01:50:59
Please use v3.0.2 branch. The "master" branch is undergoing heavy development. And also use "radiusd -X". Using "-Xx" doesn't help.
Are you running this as root? The DHCP code requires that for proper operation. You should also set the "interface" entry in the listen section for dhcp. That will tell it to receive / send packets on the correct interface.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I'm hoping that the issue is something simple I've done wrong or missing. Hugh ----------------------------------------
Date: Wed, 12 Mar 2014 14:00:07 -0400 From: aland@deployingradius.com To: freeradius-users@lists.freeradius.org Subject: Re: Issue with DHCP with Wireless card
Hugh McLenaghan wrote:
Starting FreeRADIUS:Wed Mar 12 11:10:22 2014 : Info: radiusd: FreeRADIUS Version 3.1.0 (git #b71e353), for host armv6l-unknown-linux-gnu, built on Mar 12 2014 at 01:50:59
Please use v3.0.2 branch. The "master" branch is undergoing heavy development. And also use "radiusd -X". Using "-Xx" doesn't help.
Are you running this as root? The DHCP code requires that for proper operation. You should also set the "interface" entry in the listen section for dhcp. That will tell it to receive / send packets on the correct interface.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On Wed, Mar 12, 2014 at 02:44:37PM -0500, Hugh McLenaghan wrote:
I'm hoping that the issue is something simple I've done wrong or missing.
Doesn't help much, but I just tested with a WLAN card in my Linux desktop (TP-LINK TL-WN772N, Atheros AR9271) and it worked straight away; assigned an IP to my tablet, and saw the packets in tcpdump. It also worked on a Netgear WLAN card, also supposedly the same chipset, though it's not a good card. When a DHCP Discover got through, though, the Offer was successfully sent. I'll see if I can dig out the Pi to test, but this may take a while as I've not fired it up for a bit. So it doesn't look like a problem with DHCP over a wireless interface in general. Matthew
Date: Wed, 12 Mar 2014 14:00:07 -0400 From: aland@deployingradius.com To: freeradius-users@lists.freeradius.org Subject: Re: Issue with DHCP with Wireless card
Hugh McLenaghan wrote:
Starting FreeRADIUS:Wed Mar 12 11:10:22 2014 : Info: radiusd: FreeRADIUS Version 3.1.0 (git #b71e353), for host armv6l-unknown-linux-gnu, built on Mar 12 2014 at 01:50:59
Please use v3.0.2 branch. The "master" branch is undergoing heavy development. And also use "radiusd -X". Using "-Xx" doesn't help.
Are you running this as root? The DHCP code requires that for proper operation. You should also set the "interface" entry in the listen section for dhcp. That will tell it to receive / send packets on the correct interface.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
---------------------------------------- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- Matthew Newton, Ph.D. <mcn4@le.ac.uk> Systems Specialist, Infrastructure Services, I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom For IT help contact helpdesk extn. 2253, <ithelp@le.ac.uk>
Yeah. Strange thing is that I'm sure I had it working at one point. Doesn't really make sense to me. It appears to be doing what it's supposed to be, but for some reason the packet isn't being sent out by the card or being seen on the card/interface. Going to try it on another Pi to see if somehow some library somewhere got mixed up. Hugh ----------------------------------------
Date: Wed, 12 Mar 2014 21:14:22 +0000 From: mcn4@leicester.ac.uk To: freeradius-users@lists.freeradius.org Subject: Re: Issue with DHCP with Wireless card
On Wed, Mar 12, 2014 at 02:44:37PM -0500, Hugh McLenaghan wrote:
I'm hoping that the issue is something simple I've done wrong or missing.
Doesn't help much, but I just tested with a WLAN card in my Linux desktop (TP-LINK TL-WN772N, Atheros AR9271) and it worked straight away; assigned an IP to my tablet, and saw the packets in tcpdump.
It also worked on a Netgear WLAN card, also supposedly the same chipset, though it's not a good card. When a DHCP Discover got through, though, the Offer was successfully sent.
I'll see if I can dig out the Pi to test, but this may take a while as I've not fired it up for a bit.
So it doesn't look like a problem with DHCP over a wireless interface in general.
Matthew
Date: Wed, 12 Mar 2014 14:00:07 -0400 From: aland@deployingradius.com To: freeradius-users@lists.freeradius.org Subject: Re: Issue with DHCP with Wireless card
Hugh McLenaghan wrote:
Starting FreeRADIUS:Wed Mar 12 11:10:22 2014 : Info: radiusd: FreeRADIUS Version 3.1.0 (git #b71e353), for host armv6l-unknown-linux-gnu, built on Mar 12 2014 at 01:50:59
Please use v3.0.2 branch. The "master" branch is undergoing heavy development. And also use "radiusd -X". Using "-Xx" doesn't help.
Are you running this as root? The DHCP code requires that for proper operation. You should also set the "interface" entry in the listen section for dhcp. That will tell it to receive / send packets on the correct interface.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
---------------------------------------- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- Matthew Newton, Ph.D. <mcn4@le.ac.uk>
Systems Specialist, Infrastructure Services, I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, <ithelp@le.ac.uk> - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On Wed, Mar 12, 2014 at 04:42:44PM -0500, Hugh McLenaghan wrote:
Yeah. Strange thing is that I'm sure I had it working at one point. Doesn't really make sense to me. It appears to be doing what it's supposed to be, but for some reason the packet isn't being sent out by the card or being seen on the card/interface.
Going to try it on another Pi to see if somehow some library somewhere got mixed up.
OK, that was a long build - about 45 minutes from configure to installed...! Unfortunately, it proves nothing. FreeRADIUS will quite happily serving DHCP on either eth0 or wlan0 on the Pi. O/S here is a slightly not up to date raspbian (Linux raspberrypi 3.6.11+ #456 PREEMPT Mon May 20 17:42:15 BST 2013 armv6l GNU/Linux, Debian 7.1) Same wlan card that worked on the desktop PC. I assume you have no firewall running? Apart from that, I'm not sure there's much more I can check, with it working fine here :( Cheers, Matthew
----------------------------------------
Date: Wed, 12 Mar 2014 21:14:22 +0000 From: mcn4@leicester.ac.uk To: freeradius-users@lists.freeradius.org Subject: Re: Issue with DHCP with Wireless card
On Wed, Mar 12, 2014 at 02:44:37PM -0500, Hugh McLenaghan wrote:
I'm hoping that the issue is something simple I've done wrong or missing.
Doesn't help much, but I just tested with a WLAN card in my Linux desktop (TP-LINK TL-WN772N, Atheros AR9271) and it worked straight away; assigned an IP to my tablet, and saw the packets in tcpdump.
It also worked on a Netgear WLAN card, also supposedly the same chipset, though it's not a good card. When a DHCP Discover got through, though, the Offer was successfully sent.
I'll see if I can dig out the Pi to test, but this may take a while as I've not fired it up for a bit.
So it doesn't look like a problem with DHCP over a wireless interface in general.
Matthew
----------------------------------------
Date: Wed, 12 Mar 2014 14:00:07 -0400 From: aland@deployingradius.com To: freeradius-users@lists.freeradius.org Subject: Re: Issue with DHCP with Wireless card
Hugh McLenaghan wrote:
Starting FreeRADIUS:Wed Mar 12 11:10:22 2014 : Info: radiusd: FreeRADIUS Version 3.1.0 (git #b71e353), for host armv6l-unknown-linux-gnu, built on Mar 12 2014 at 01:50:59
Please use v3.0.2 branch. The "master" branch is undergoing heavy development. And also use "radiusd -X". Using "-Xx" doesn't help.
Are you running this as root? The DHCP code requires that for proper operation. You should also set the "interface" entry in the listen section for dhcp. That will tell it to receive / send packets on the correct interface.
-- Matthew Newton, Ph.D. <mcn4@le.ac.uk> Systems Specialist, Infrastructure Services, I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom For IT help contact helpdesk extn. 2253, <ithelp@le.ac.uk>
Thanks. I'm wondering if it's something wrong with my build. I can't think of what else it could be. Going to try another dhcp config file just in case something is wrong with mine. I tried it on another Pi and I'm seeing the same results. No DHCP response. So it's got to be something on my end, just not sure what yet. It's driving me crazy :) Thanks for all your testing though. Nice to know this is a very active group. Hugh ----------------------------------------
Date: Wed, 12 Mar 2014 22:57:32 +0000 From: mcn4@leicester.ac.uk To: freeradius-users@lists.freeradius.org Subject: Re: Issue with DHCP with Wireless card
On Wed, Mar 12, 2014 at 04:42:44PM -0500, Hugh McLenaghan wrote:
Yeah. Strange thing is that I'm sure I had it working at one point. Doesn't really make sense to me. It appears to be doing what it's supposed to be, but for some reason the packet isn't being sent out by the card or being seen on the card/interface.
Going to try it on another Pi to see if somehow some library somewhere got mixed up.
OK, that was a long build - about 45 minutes from configure to installed...!
Unfortunately, it proves nothing. FreeRADIUS will quite happily serving DHCP on either eth0 or wlan0 on the Pi.
O/S here is a slightly not up to date raspbian (Linux raspberrypi 3.6.11+ #456 PREEMPT Mon May 20 17:42:15 BST 2013 armv6l GNU/Linux, Debian 7.1) Same wlan card that worked on the desktop PC.
I assume you have no firewall running?
Apart from that, I'm not sure there's much more I can check, with it working fine here :(
Cheers,
Matthew
----------------------------------------
Date: Wed, 12 Mar 2014 21:14:22 +0000 From: mcn4@leicester.ac.uk To: freeradius-users@lists.freeradius.org Subject: Re: Issue with DHCP with Wireless card
On Wed, Mar 12, 2014 at 02:44:37PM -0500, Hugh McLenaghan wrote:
I'm hoping that the issue is something simple I've done wrong or missing.
Doesn't help much, but I just tested with a WLAN card in my Linux desktop (TP-LINK TL-WN772N, Atheros AR9271) and it worked straight away; assigned an IP to my tablet, and saw the packets in tcpdump.
It also worked on a Netgear WLAN card, also supposedly the same chipset, though it's not a good card. When a DHCP Discover got through, though, the Offer was successfully sent.
I'll see if I can dig out the Pi to test, but this may take a while as I've not fired it up for a bit.
So it doesn't look like a problem with DHCP over a wireless interface in general.
Matthew
----------------------------------------
Date: Wed, 12 Mar 2014 14:00:07 -0400 From: aland@deployingradius.com To: freeradius-users@lists.freeradius.org Subject: Re: Issue with DHCP with Wireless card
Hugh McLenaghan wrote:
Starting FreeRADIUS:Wed Mar 12 11:10:22 2014 : Info: radiusd: FreeRADIUS Version 3.1.0 (git #b71e353), for host armv6l-unknown-linux-gnu, built on Mar 12 2014 at 01:50:59
Please use v3.0.2 branch. The "master" branch is undergoing heavy development. And also use "radiusd -X". Using "-Xx" doesn't help.
Are you running this as root? The DHCP code requires that for proper operation. You should also set the "interface" entry in the listen section for dhcp. That will tell it to receive / send packets on the correct interface.
-- Matthew Newton, Ph.D. <mcn4@le.ac.uk>
Systems Specialist, Infrastructure Services, I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, <ithelp@le.ac.uk> - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I think i've got it. Ok, I now know what the problem is. When i set this up before I didn't have an IPSEC VPN set up and I got it working. When I came back to work on it, I had set up an IPSEC VPN in the meantime. Now freeradius wasn't working for DHCP, however ISC DHCPD WAS working. So i was assuming it was completely an issue with freeradius. It does have an issue causing the problem, however it has at least identified WHY things are broken for me! Here's what I've got. The Pi is set up with an IPSEC VPN to a remote server. A client connects to the Pi's wireless network (getting an IP Address). ALL traffic from that client needs to go across the VPN (since the network at the other side will control internet access for the clients). So i have 2 rules in my ipsec-tools.conf file:- spdadd 10.199.100.0/28 0.0.0.0/0 any -P out ipsec esp/tunnel/yy.yy.yy.yy-xx.xx.xx.xx/require; spdadd 0.0.0.0/0 10.199.100.0/28 any -P in ipsec esp/tunnel/xx.xx.xx.xx-yy.yy.yy.yy/require; So all traffic from the WLAN (10.199.100.0/28) needs to go across the VPN, hence the above rules. NOW, what's happening is that the freeradius DHCP server is sending the reply packets FROM 0.0.0.0 to the 10.199.100.x network. Now since 0.0.0.0 -> 10.199.100.x fits in the 2nd rule above, what is happening is that it's trying to process the packet as an encrypted esp packet and dropping it. So the packets NEVER reach the interface. Ok, the reason that the ISC DHCP server works is that the reply packets are being sent from the IP address of the WLAN0 interface: 10.199.100.1, so the reply would be: 10.199.100.1 -> 10.199.100.x. since it's the same network, the above rules aren't being implemented. So I guess to fully fix the freeradius DHCP we need to try to get the SRC address of the reply packets coming from the Interface IP and not from 0.0.0.0 If I can help in any way, PLEASE let me know. I'd like to get this resolved, since the features in freeradius are worth it :) Well done on all the features, it's a great product. Hugh ----------------------------------------
From: hughmcl@hotmail.com To: freeradius-users@lists.freeradius.org Subject: RE: Issue with DHCP with Wireless card Date: Wed, 12 Mar 2014 19:02:30 -0500
Thanks. I'm wondering if it's something wrong with my build. I can't think of what else it could be. Going to try another dhcp config file just in case something is wrong with mine.
I tried it on another Pi and I'm seeing the same results. No DHCP response. So it's got to be something on my end, just not sure what yet. It's driving me crazy :)
Thanks for all your testing though. Nice to know this is a very active group.
Hugh
Date: Wed, 12 Mar 2014 22:57:32 +0000 From: mcn4@leicester.ac.uk To: freeradius-users@lists.freeradius.org Subject: Re: Issue with DHCP with Wireless card
On Wed, Mar 12, 2014 at 04:42:44PM -0500, Hugh McLenaghan wrote:
Yeah. Strange thing is that I'm sure I had it working at one point. Doesn't really make sense to me. It appears to be doing what it's supposed to be, but for some reason the packet isn't being sent out by the card or being seen on the card/interface.
Going to try it on another Pi to see if somehow some library somewhere got mixed up.
OK, that was a long build - about 45 minutes from configure to installed...!
Unfortunately, it proves nothing. FreeRADIUS will quite happily serving DHCP on either eth0 or wlan0 on the Pi.
O/S here is a slightly not up to date raspbian (Linux raspberrypi 3.6.11+ #456 PREEMPT Mon May 20 17:42:15 BST 2013 armv6l GNU/Linux, Debian 7.1) Same wlan card that worked on the desktop PC.
I assume you have no firewall running?
Apart from that, I'm not sure there's much more I can check, with it working fine here :(
Cheers,
Matthew
----------------------------------------
Date: Wed, 12 Mar 2014 21:14:22 +0000 From: mcn4@leicester.ac.uk To: freeradius-users@lists.freeradius.org Subject: Re: Issue with DHCP with Wireless card
On Wed, Mar 12, 2014 at 02:44:37PM -0500, Hugh McLenaghan wrote:
I'm hoping that the issue is something simple I've done wrong or missing.
Doesn't help much, but I just tested with a WLAN card in my Linux desktop (TP-LINK TL-WN772N, Atheros AR9271) and it worked straight away; assigned an IP to my tablet, and saw the packets in tcpdump.
It also worked on a Netgear WLAN card, also supposedly the same chipset, though it's not a good card. When a DHCP Discover got through, though, the Offer was successfully sent.
I'll see if I can dig out the Pi to test, but this may take a while as I've not fired it up for a bit.
So it doesn't look like a problem with DHCP over a wireless interface in general.
Matthew
----------------------------------------
Date: Wed, 12 Mar 2014 14:00:07 -0400 From: aland@deployingradius.com To: freeradius-users@lists.freeradius.org Subject: Re: Issue with DHCP with Wireless card
Hugh McLenaghan wrote: > Starting FreeRADIUS:Wed Mar 12 11:10:22 2014 : Info: radiusd: FreeRADIUS Version 3.1.0 (git #b71e353), for host armv6l-unknown-linux-gnu, built on Mar 12 2014 at 01:50:59
Please use v3.0.2 branch. The "master" branch is undergoing heavy development. And also use "radiusd -X". Using "-Xx" doesn't help.
Are you running this as root? The DHCP code requires that for proper operation. You should also set the "interface" entry in the listen section for dhcp. That will tell it to receive / send packets on the correct interface.
-- Matthew Newton, Ph.D. <mcn4@le.ac.uk>
Systems Specialist, Infrastructure Services, I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, <ithelp@le.ac.uk> - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
---------------------------------------- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 13 Mar 2014, at 01:08, Hugh McLenaghan <hughmcl@hotmail.com> wrote:
I think i've got it.
Ok, I now know what the problem is.
When i set this up before I didn't have an IPSEC VPN set up and I got it working. When I came back to work on it, I had set up an IPSEC VPN in the meantime. Now freeradius wasn't working for DHCP, however ISC DHCPD WAS working. So i was assuming it was completely an issue with freeradius. It does have an issue causing the problem, however it has at least identified WHY things are broken for me!
Here's what I've got.
The Pi is set up with an IPSEC VPN to a remote server. A client connects to the Pi's wireless network (getting an IP Address). ALL traffic from that client needs to go across the VPN (since the network at the other side will control internet access for the clients).
So i have 2 rules in my ipsec-tools.conf file:-
spdadd 10.199.100.0/28 0.0.0.0/0 any -P out ipsec esp/tunnel/yy.yy.yy.yy-xx.xx.xx.xx/require; spdadd 0.0.0.0/0 10.199.100.0/28 any -P in ipsec esp/tunnel/xx.xx.xx.xx-yy.yy.yy.yy/require;
So all traffic from the WLAN (10.199.100.0/28) needs to go across the VPN, hence the above rules.
NOW, what's happening is that the freeradius DHCP server is sending the reply packets FROM 0.0.0.0 to the 10.199.100.x network. Now since 0.0.0.0 -> 10.199.100.x fits in the 2nd rule above, what is happening is that it's trying to process the packet as an encrypted esp packet and dropping it. So the packets NEVER reach the interface.
Ok, the reason that the ISC DHCP server works is that the reply packets are being sent from the IP address of the WLAN0 interface: 10.199.100.1, so the reply would be: 10.199.100.1 -> 10.199.100.x. since it's the same network, the above rules aren't being implemented.
So I guess to fully fix the freeradius DHCP we need to try to get the SRC address of the reply packets coming from the Interface IP and not from 0.0.0.0
If I can help in any way, PLEASE let me know. I'd like to get this resolved, since the features in freeradius are worth it :) Well done on all the features, it's a great product.
Out of interest have you tried setting: listen { type = dhcp broadcast = no } ? Arran Cudbard-Bell <a.cudbardb@freeradius.org> FreeRADIUS Development Team FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
On 13.03.2014 15:34, Arran Cudbard-Bell wrote:
Out of interest have you tried setting:
listen { type = dhcp broadcast = no }
I think server must use broadcast when sending DHCPOFFER to directly connected client. What happens when you send DHCPOFFER to directly connected client using unicast? DHCPOFFER is sent to destination IP address your-ip-address. Unicast packet should be sent to specific destination MAC address. To determine this destination MAC address server host uses ARP table to resolve your-ip-address to MAC address. ARP entry for your-ip-address is missing and server host have to send ARP request for your-ip-address. But client host is not yet received DHCPOFFER and cannot respond to this ARP request. ARP request timeout leads to DHCPOFFER dropped by the server host with destination unreachable error.
If you do a packet trace you will see that it does send to the destination MAC address. Remember MAC addresses are layer 2, and IP addresses are layer 3. IP addresses just get the packet to the desired network. Once on the desired network, the packets are actually sent to the destination MAC (after arp to decode destination IP to destination MAC). So once the DHCP server assigns the IP address it sends it from itself using the IP address of the interface, and sends it to the device that requested the DHCP address using a unicast to the MAC address also supplying it's IP address. But before it sends it, the DHCP server adds the MAC -> IP address to the ARP table. Hope that helps :) Hugh ----------------------------------------
Date: Fri, 14 Mar 2014 17:47:02 +0400 From: iperegudov@cboss.ru To: freeradius-users@lists.freeradius.org Subject: Re: Issue with DHCP with Wireless card
On 13.03.2014 15:34, Arran Cudbard-Bell wrote:
Out of interest have you tried setting:
listen { type = dhcp broadcast = no }
I think server must use broadcast when sending DHCPOFFER to directly connected client.
What happens when you send DHCPOFFER to directly connected client using unicast? DHCPOFFER is sent to destination IP address your-ip-address. Unicast packet should be sent to specific destination MAC address. To determine this destination MAC address server host uses ARP table to resolve your-ip-address to MAC address. ARP entry for your-ip-address is missing and server host have to send ARP request for your-ip-address. But client host is not yet received DHCPOFFER and cannot respond to this ARP request. ARP request timeout leads to DHCPOFFER dropped by the server host with destination unreachable error.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hugh McLenaghan wrote:
When i set this up before I didn't have an IPSEC VPN set up and I got it working. When I came back to work on it, I had set up an IPSEC VPN in the meantime. Now freeradius wasn't working for DHCP, however ISC DHCPD WAS working. So i was assuming it was completely an issue with freeradius. It does have an issue causing the problem, however it has at least identified WHY things are broken for me!
OK. DHCP gets tricky with multiple interfaces.
So i have 2 rules in my ipsec-tools.conf file:-
spdadd 10.199.100.0/28 0.0.0.0/0 any -P out ipsec esp/tunnel/yy.yy.yy.yy-xx.xx.xx.xx/require; spdadd 0.0.0.0/0 10.199.100.0/28 any -P in ipsec esp/tunnel/xx.xx.xx.xx-yy.yy.yy.yy/require;
Hmm... DHCP works via broadcast on the local network, and broadcast traffic isn't routed.
NOW, what's happening is that the freeradius DHCP server is sending the reply packets FROM 0.0.0.0 to the 10.199.100.x network.
It's not supposed to do that. The should be sending a reply FROM it's own IP address, not 0.0.0.0. However... if it can't discover the interfaces IP address, it just uses 0.0.0.0. ISC DHCP has code to troll through all of the addresses for an interface, and then uses that.
So I guess to fully fix the freeradius DHCP we need to try to get the SRC address of the reply packets coming from the Interface IP and not from 0.0.0.0
Done. There's more it can do, but that can wait until after 3.0.2.
If I can help in any way, PLEASE let me know.
This helps enormously. I've pushed a fix. You can either grab the "v3.0.x" branch from git && re-build, or you can edit your current configuration, and do: listen { type = dhcp ipaddr = * src_ipaddr = 10.199.100.1 # add this } I've also added documentation for the src_ipaddr configuration ite,
I'd like to get this resolved, since the features in freeradius are worth it :) Well done on all the features, it's a great product.
Thanks. We try hard to make FreeRADIUS crush ISC DHCPd. :) Alan DeKok.
Now, the source address looks ok, but the destination address is wrong :) Sending DHCP-Offer of id 81b0fb8a from 10.199.100.1:67 to 2.0.0.0:68 Getting closer :) Hugh ----------------------------------------
Date: Thu, 13 Mar 2014 10:27:25 -0400 From: aland@deployingradius.com To: freeradius-users@lists.freeradius.org Subject: Re: Issue with DHCP with Wireless card
Hugh McLenaghan wrote:
When i set this up before I didn't have an IPSEC VPN set up and I got it working. When I came back to work on it, I had set up an IPSEC VPN in the meantime. Now freeradius wasn't working for DHCP, however ISC DHCPD WAS working. So i was assuming it was completely an issue with freeradius. It does have an issue causing the problem, however it has at least identified WHY things are broken for me!
OK. DHCP gets tricky with multiple interfaces.
So i have 2 rules in my ipsec-tools.conf file:-
spdadd 10.199.100.0/28 0.0.0.0/0 any -P out ipsec esp/tunnel/yy.yy.yy.yy-xx.xx.xx.xx/require; spdadd 0.0.0.0/0 10.199.100.0/28 any -P in ipsec esp/tunnel/xx.xx.xx.xx-yy.yy.yy.yy/require;
Hmm... DHCP works via broadcast on the local network, and broadcast traffic isn't routed.
NOW, what's happening is that the freeradius DHCP server is sending the reply packets FROM 0.0.0.0 to the 10.199.100.x network.
It's not supposed to do that. The should be sending a reply FROM it's own IP address, not 0.0.0.0. However... if it can't discover the interfaces IP address, it just uses 0.0.0.0. ISC DHCP has code to troll through all of the addresses for an interface, and then uses that.
So I guess to fully fix the freeradius DHCP we need to try to get the SRC address of the reply packets coming from the Interface IP and not from 0.0.0.0
Done. There's more it can do, but that can wait until after 3.0.2.
If I can help in any way, PLEASE let me know.
This helps enormously. I've pushed a fix. You can either grab the "v3.0.x" branch from git && re-build, or you can edit your current configuration, and do:
listen { type = dhcp ipaddr = * src_ipaddr = 10.199.100.1 # add this }
I've also added documentation for the src_ipaddr configuration ite,
I'd like to get this resolved, since the features in freeradius are worth it :) Well done on all the features, it's a great product.
Thanks. We try hard to make FreeRADIUS crush ISC DHCPd. :)
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hugh McLenaghan wrote:
Now, the source address looks ok, but the destination address is wrong :)
Sending DHCP-Offer of id 81b0fb8a from 10.199.100.1:67 to 2.0.0.0:68
Which version are you using? Did you pull from the v3.0.x branch, or just set "src_ipaddr" ? And please post the debug output... that helps figure out what's going on. Alan DeKok.
I Had checked out 3.1.0 (accidentally), now checking out 3.0.2 and starting re-build. Here's the debug from the 3.1.0:- Starting FreeRADIUS:radiusd: FreeRADIUS Version 3.1.0 (git #b71e353), for host armv6l-unknown-linux-gnu, built on Mar 13 2014 at 10:26:08 Copyright (C) 1999-2014 The FreeRADIUS server project and contributors There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License For more information about these matters, see the file named COPYRIGHT Starting - reading configuration files ... including dictionary file /usr/local/share/freeradius/dictionary including dictionary file /usr/local/etc/raddb/dictionary including configuration file /usr/local/etc/raddb/radiusd.conf including configuration file /usr/local/etc/raddb/proxy.conf including configuration file /usr/local/etc/raddb/clients.conf including files in directory /usr/local/etc/raddb/mods-enabled/ including configuration file /usr/local/etc/raddb/mods-enabled/dynamic_clients including configuration file /usr/local/etc/raddb/mods-enabled/logintime including configuration file /usr/local/etc/raddb/mods-enabled/phptestauth including configuration file /usr/local/etc/raddb/mods-enabled/preprocess including configuration file /usr/local/etc/raddb/mods-enabled/soh including configuration file /usr/local/etc/raddb/mods-enabled/dhcp including configuration file /usr/local/etc/raddb/mods-enabled/expr including configuration file /usr/local/etc/raddb/mods-enabled/files including configuration file /usr/local/etc/raddb/mods-enabled/always including configuration file /usr/local/etc/raddb/mods-enabled/replicate including configuration file /usr/local/etc/raddb/mods-enabled/sradutmp including configuration file /usr/local/etc/raddb/mods-enabled/ntlm_auth including configuration file /usr/local/etc/raddb/mods-enabled/detail including configuration file /usr/local/etc/raddb/mods-enabled/mschap including configuration file /usr/local/etc/raddb/mods-enabled/radutmp including configuration file /usr/local/etc/raddb/mods-enabled/exec including configuration file /usr/local/etc/raddb/mods-enabled/cache_eap including configuration file /usr/local/etc/raddb/mods-enabled/pap including configuration file /usr/local/etc/raddb/mods-enabled/utf8 including configuration file /usr/local/etc/raddb/mods-enabled/chap including configuration file /usr/local/etc/raddb/mods-enabled/realm including configuration file /usr/local/etc/raddb/mods-enabled/digest including configuration file /usr/local/etc/raddb/mods-enabled/attr_filter including configuration file /usr/local/etc/raddb/mods-enabled/expiration including configuration file /usr/local/etc/raddb/mods-enabled/passwd including configuration file /usr/local/etc/raddb/mods-enabled/echo including configuration file /usr/local/etc/raddb/mods-enabled/detail.log including configuration file /usr/local/etc/raddb/mods-enabled/unix including configuration file /usr/local/etc/raddb/mods-enabled/eap including configuration file /usr/local/etc/raddb/mods-enabled/linelog including files in directory /usr/local/etc/raddb/policy.d/ including configuration file /usr/local/etc/raddb/policy.d/control including configuration file /usr/local/etc/raddb/policy.d/dhcp including configuration file /usr/local/etc/raddb/policy.d/canonicalization including configuration file /usr/local/etc/raddb/policy.d/cui including configuration file /usr/local/etc/raddb/policy.d/operator-name including configuration file /usr/local/etc/raddb/policy.d/accounting including configuration file /usr/local/etc/raddb/policy.d/filter including configuration file /usr/local/etc/raddb/policy.d/eap including files in directory /usr/local/etc/raddb/sites-enabled/ including configuration file /usr/local/etc/raddb/sites-enabled/dhcp including configuration file /usr/local/etc/raddb/sites-enabled/default including configuration file /usr/local/etc/raddb/sites-enabled/inner-tunnel main { security { allow_core_dumps = no } } main { name = "radiusd" prefix = "/usr/local" localstatedir = "/usr/local/var" sbindir = "/usr/local/sbin" logdir = "/usr/local/var/log/radius" run_dir = "/usr/local/var/run/radiusd" libdir = "/usr/local/lib" radacctdir = "/usr/local/var/log/radius/radacct" hostname_lookups = no max_request_time = 30 cleanup_delay = 5 max_requests = 1024 pidfile = "/usr/local/var/run/radiusd/radiusd.pid" checkrad = "/usr/local/sbin/checkrad" debug_level = 0 proxy_requests = yes log { stripped_names = no auth = no auth_badpass = no auth_goodpass = no colourise = yes } security { max_attributes = 200 reject_delay = 1 status_server = yes } } radiusd: #### Loading Realms and Home Servers #### proxy server { retry_delay = 5 retry_count = 3 default_fallback = no dead_time = 120 wake_all_if_all_dead = no } home_server localhost { ipaddr = 127.0.0.1 port = 1812 type = "auth" secret = <<< secret>>> response_window = 20 max_outstanding = 65536 zombie_period = 40 status_check = "status-server" ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 revive_interval = 120 status_check_timeout = 4 coa { irt = 2 mrt = 16 mrc = 5 mrd = 30 } limit { max_connections = 16 max_requests = 0 lifetime = 0 idle_timeout = 0 } } home_server_pool my_auth_failover { type = fail-over home_server = localhost } realm example.com { auth_pool = my_auth_failover } realm LOCAL { } radiusd: #### Loading Clients #### client localhost { ipaddr = 127.0.0.1 require_message_authenticator = no secret = <<< secret>>> nas_type = "other" proto = "*" limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } radiusd: #### Instantiating modules #### instantiate { } modules { # Loaded module rlm_dynamic_clients # Instantiating module "dynamic_clients" from file /usr/local/etc/raddb/mods-enabled/dynamic_clients # Loaded module rlm_logintime # Instantiating module "logintime" from file /usr/local/etc/raddb/mods-enabled/logintime logintime { minimum_timeout = 60 } # Loaded module rlm_exec # Instantiating module "phptestauth" from file /usr/local/etc/raddb/mods-enabled/phptestauth exec phptestauth { wait = yes program = "/usr/bin/php -f /usr/local/etc/raddb/scripts/hugh-test.php %{DHCP-Client-Hardware-Address}" input_pairs = "request" output_pairs = "reply" shell_escape = yes } # Loaded module rlm_preprocess # Instantiating module "preprocess" from file /usr/local/etc/raddb/mods-enabled/preprocess preprocess { huntgroups = "/usr/local/etc/raddb/mods-config/preprocess/huntgroups" hints = "/usr/local/etc/raddb/mods-config/preprocess/hints" with_ascend_hack = no ascend_channels_per_line = 23 with_ntdomain_hack = no with_specialix_jetstream_hack = no with_cisco_vsa_hack = no with_alvarion_vsa_hack = no } reading pairlist file /usr/local/etc/raddb/mods-config/preprocess/huntgroups reading pairlist file /usr/local/etc/raddb/mods-config/preprocess/hints # Loaded module rlm_soh # Instantiating module "soh" from file /usr/local/etc/raddb/mods-enabled/soh soh { dhcp = yes } # Loaded module rlm_dhcp # Instantiating module "dhcp" from file /usr/local/etc/raddb/mods-enabled/dhcp # Loaded module rlm_expr # Instantiating module "expr" from file /usr/local/etc/raddb/mods-enabled/expr expr { safe_characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /" } # Loaded module rlm_files # Instantiating module "files" from file /usr/local/etc/raddb/mods-enabled/files files { filename = "/usr/local/etc/raddb/mods-config/files/authorize" usersfile = "/usr/local/etc/raddb/mods-config/files/authorize" acctusersfile = "/usr/local/etc/raddb/mods-config/files/accounting" preproxy_usersfile = "/usr/local/etc/raddb/mods-config/files/pre-proxy" compat = "no" } reading pairlist file /usr/local/etc/raddb/mods-config/files/authorize reading pairlist file /usr/local/etc/raddb/mods-config/files/authorize reading pairlist file /usr/local/etc/raddb/mods-config/files/accounting reading pairlist file /usr/local/etc/raddb/mods-config/files/pre-proxy # Loaded module rlm_always # Instantiating module "reject" from file /usr/local/etc/raddb/mods-enabled/always always reject { rcode = "reject" simulcount = 0 mpp = no } # Instantiating module "fail" from file /usr/local/etc/raddb/mods-enabled/always always fail { rcode = "fail" simulcount = 0 mpp = no } # Instantiating module "ok" from file /usr/local/etc/raddb/mods-enabled/always always ok { rcode = "ok" simulcount = 0 mpp = no } # Instantiating module "handled" from file /usr/local/etc/raddb/mods-enabled/always always handled { rcode = "handled" simulcount = 0 mpp = no } # Instantiating module "invalid" from file /usr/local/etc/raddb/mods-enabled/always always invalid { rcode = "invalid" simulcount = 0 mpp = no } # Instantiating module "userlock" from file /usr/local/etc/raddb/mods-enabled/always always userlock { rcode = "userlock" simulcount = 0 mpp = no } # Instantiating module "notfound" from file /usr/local/etc/raddb/mods-enabled/always always notfound { rcode = "notfound" simulcount = 0 mpp = no } # Instantiating module "noop" from file /usr/local/etc/raddb/mods-enabled/always always noop { rcode = "noop" simulcount = 0 mpp = no } # Instantiating module "updated" from file /usr/local/etc/raddb/mods-enabled/always always updated { rcode = "updated" simulcount = 0 mpp = no } # Loaded module rlm_replicate # Instantiating module "replicate" from file /usr/local/etc/raddb/mods-enabled/replicate # Loaded module rlm_radutmp # Instantiating module "sradutmp" from file /usr/local/etc/raddb/mods-enabled/sradutmp radutmp sradutmp { filename = "/usr/local/var/log/radius/sradutmp" username = "%{User-Name}" case_sensitive = yes check_with_nas = yes permissions = 420 caller_id = no } # Instantiating module "ntlm_auth" from file /usr/local/etc/raddb/mods-enabled/ntlm_auth exec ntlm_auth { wait = yes program = "/path/to/ntlm_auth --request-nt-key --domain=MYDOMAIN --username=%{mschap:User-Name} --password=%{User-Password}" shell_escape = yes } # Loaded module rlm_detail # Instantiating module "detail" from file /usr/local/etc/raddb/mods-enabled/detail detail { filename = "/usr/local/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d" header = "%t" permissions = 384 dir_permissions = 493 locking = no log_packet_header = no } # Loaded module rlm_mschap # Instantiating module "mschap" from file /usr/local/etc/raddb/mods-enabled/mschap mschap { use_mppe = yes require_encryption = no require_strong = no with_ntdomain_hack = yes passchange { } allow_retry = yes } # Instantiating module "radutmp" from file /usr/local/etc/raddb/mods-enabled/radutmp radutmp { filename = "/usr/local/var/log/radius/radutmp" username = "%{User-Name}" case_sensitive = yes check_with_nas = yes permissions = 384 caller_id = yes } # Instantiating module "exec" from file /usr/local/etc/raddb/mods-enabled/exec exec { wait = no input_pairs = "request" shell_escape = yes timeout = 10 } # Loaded module rlm_cache # Instantiating module "cache_eap" from file /usr/local/etc/raddb/mods-enabled/cache_eap cache cache_eap { key = "%{%{control:State}:-%{%{reply:State}:-%{State}}}" ttl = 15 max_entries = 16384 epoch = 0 add_stats = no } # Loaded module rlm_pap # Instantiating module "pap" from file /usr/local/etc/raddb/mods-enabled/pap pap { auto_header = no normalise = yes } # Loaded module rlm_utf8 # Instantiating module "utf8" from file /usr/local/etc/raddb/mods-enabled/utf8 # Loaded module rlm_chap # Instantiating module "chap" from file /usr/local/etc/raddb/mods-enabled/chap # Loaded module rlm_realm # Instantiating module "IPASS" from file /usr/local/etc/raddb/mods-enabled/realm realm IPASS { format = "prefix" delimiter = "/" ignore_default = no ignore_null = no } # Instantiating module "suffix" from file /usr/local/etc/raddb/mods-enabled/realm realm suffix { format = "suffix" delimiter = "@" ignore_default = no ignore_null = no } # Instantiating module "realmpercent" from file /usr/local/etc/raddb/mods-enabled/realm realm realmpercent { format = "suffix" delimiter = "%" ignore_default = no ignore_null = no } # Instantiating module "ntdomain" from file /usr/local/etc/raddb/mods-enabled/realm realm ntdomain { format = "prefix" delimiter = "\" ignore_default = no ignore_null = no } # Loaded module rlm_digest # Instantiating module "digest" from file /usr/local/etc/raddb/mods-enabled/digest # Loaded module rlm_attr_filter # Instantiating module "attr_filter.post-proxy" from file /usr/local/etc/raddb/mods-enabled/attr_filter attr_filter attr_filter.post-proxy { filename = "/usr/local/etc/raddb/mods-config/attr_filter/post-proxy" key = "%{Realm}" relaxed = no } reading pairlist file /usr/local/etc/raddb/mods-config/attr_filter/post-proxy # Instantiating module "attr_filter.pre-proxy" from file /usr/local/etc/raddb/mods-enabled/attr_filter attr_filter attr_filter.pre-proxy { filename = "/usr/local/etc/raddb/mods-config/attr_filter/pre-proxy" key = "%{Realm}" relaxed = no } reading pairlist file /usr/local/etc/raddb/mods-config/attr_filter/pre-proxy # Instantiating module "attr_filter.access_reject" from file /usr/local/etc/raddb/mods-enabled/attr_filter attr_filter attr_filter.access_reject { filename = "/usr/local/etc/raddb/mods-config/attr_filter/access_reject" key = "%{User-Name}" relaxed = no } reading pairlist file /usr/local/etc/raddb/mods-config/attr_filter/access_reject # Instantiating module "attr_filter.access_challenge" from file /usr/local/etc/raddb/mods-enabled/attr_filter attr_filter attr_filter.access_challenge { filename = "/usr/local/etc/raddb/mods-config/attr_filter/access_challenge" key = "%{User-Name}" relaxed = no } reading pairlist file /usr/local/etc/raddb/mods-config/attr_filter/access_challenge # Instantiating module "attr_filter.accounting_response" from file /usr/local/etc/raddb/mods-enabled/attr_filter attr_filter attr_filter.accounting_response { filename = "/usr/local/etc/raddb/mods-config/attr_filter/accounting_response" key = "%{User-Name}" relaxed = no } reading pairlist file /usr/local/etc/raddb/mods-config/attr_filter/accounting_response # Loaded module rlm_expiration # Instantiating module "expiration" from file /usr/local/etc/raddb/mods-enabled/expiration # Loaded module rlm_passwd # Instantiating module "etc_passwd" from file /usr/local/etc/raddb/mods-enabled/passwd passwd etc_passwd { filename = "/etc/passwd" format = "*User-Name:Crypt-Password:" delimiter = ":" ignore_nislike = no ignore_empty = yes allow_multiple_keys = no hash_size = 100 } rlm_passwd: nfields: 3 keyfield 0(User-Name) listable: no # Instantiating module "echo" from file /usr/local/etc/raddb/mods-enabled/echo exec echo { wait = yes program = "/bin/echo %{User-Name}" input_pairs = "request" output_pairs = "reply" shell_escape = yes } # Instantiating module "auth_log" from file /usr/local/etc/raddb/mods-enabled/detail.log detail auth_log { filename = "/usr/local/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d" header = "%t" permissions = 384 dir_permissions = 493 locking = no log_packet_header = no } rlm_detail (auth_log): 'User-Password' suppressed, will not appear in detail output # Instantiating module "reply_log" from file /usr/local/etc/raddb/mods-enabled/detail.log detail reply_log { filename = "/usr/local/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/reply-detail-%Y%m%d" header = "%t" permissions = 384 dir_permissions = 493 locking = no log_packet_header = no } # Instantiating module "pre_proxy_log" from file /usr/local/etc/raddb/mods-enabled/detail.log detail pre_proxy_log { filename = "/usr/local/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/pre-proxy-detail-%Y%m%d" header = "%t" permissions = 384 dir_permissions = 493 locking = no log_packet_header = no } # Instantiating module "post_proxy_log" from file /usr/local/etc/raddb/mods-enabled/detail.log detail post_proxy_log { filename = "/usr/local/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/post-proxy-detail-%Y%m%d" header = "%t" permissions = 384 dir_permissions = 493 locking = no log_packet_header = no } # Loaded module rlm_unix # Instantiating module "unix" from file /usr/local/etc/raddb/mods-enabled/unix unix { radwtmp = "/usr/local/var/log/radius/radwtmp" } # Loaded module rlm_eap # Instantiating module "eap" from file /usr/local/etc/raddb/mods-enabled/eap eap { default_eap_type = "md5" timer_expire = 60 ignore_unknown_eap_types = no mod_accounting_username_bug = no max_sessions = 4096 } # Linked to sub-module rlm_eap_md5 # Linked to sub-module rlm_eap_leap # Linked to sub-module rlm_eap_gtc gtc { challenge = "Password: " auth_type = "PAP" } # Linked to sub-module rlm_eap_tls tls { tls = "tls-common" } tls-config tls-common { rsa_key_exchange = no dh_key_exchange = yes rsa_key_length = 512 dh_key_length = 512 verify_depth = 0 ca_path = "/usr/local/etc/raddb/certs" pem_file_type = yes private_key_file = "/usr/local/etc/raddb/certs/server.pem" certificate_file = "/usr/local/etc/raddb/certs/server.pem" ca_file = "/usr/local/etc/raddb/certs/ca.pem" private_key_password = <<< secret>>> dh_file = "/usr/local/etc/raddb/certs/dh" fragment_size = 1024 include_length = yes check_crl = no cipher_list = "DEFAULT" ecdh_curve = "prime256v1" cache { enable = yes lifetime = 24 max_entries = 255 } verify { } ocsp { enable = no override_cert_url = yes url = "http://127.0.0.1/ocsp/" use_nonce = yes timeout = 0 softfail = yes } } # Linked to sub-module rlm_eap_ttls ttls { tls = "tls-common" default_eap_type = "md5" copy_request_to_tunnel = no use_tunneled_reply = no virtual_server = "inner-tunnel" include_length = yes require_client_cert = no } Using cached TLS configuration from previous invocation # Linked to sub-module rlm_eap_peap peap { tls = "tls-common" default_method = "mschapv2" copy_request_to_tunnel = no use_tunneled_reply = no proxy_tunneled_request_as_eap = yes virtual_server = "inner-tunnel" soh = no require_client_cert = no } Using cached TLS configuration from previous invocation # Linked to sub-module rlm_eap_mschapv2 mschapv2 { with_ntdomain_hack = no send_error = no } # Loaded module rlm_linelog # Instantiating module "linelog" from file /usr/local/etc/raddb/mods-enabled/linelog linelog { filename = "/usr/local/var/log/radius/linelog" permissions = 384 format = "This is a log message for %{User-Name}" reference = "%{%{Packet-Type}:-format}" } } # modules radiusd: #### Loading Virtual Servers #### server { # from file /usr/local/etc/raddb/radiusd.conf } # server server dhcp { # from file /usr/local/etc/raddb/sites-enabled/dhcp # Loading dhcp DHCP-Discover {...} # Loading dhcp DHCP-Request {...} # Loading dhcp {...} } # server dhcp server default { # from file /usr/local/etc/raddb/sites-enabled/default # Creating Auth-Type = digest # Loading authenticate {...} # Loading authorize {...} WARNING: Ignoring "sql" (see raddb/mods-available/README.rst) WARNING: Ignoring "ldap" (see raddb/mods-available/README.rst) # Loading preacct {...} # Loading accounting {...} # Loading post-proxy {...} # Loading post-auth {...} } # server default server inner-tunnel { # from file /usr/local/etc/raddb/sites-enabled/inner-tunnel # Loading authenticate {...} # Loading authorize {...} # Loading session {...} # Loading post-proxy {...} # Loading post-auth {...} } # server inner-tunnel radiusd: #### Opening IP addresses and Ports #### listen { type = "dhcp" ipaddr = * port = 67 WARNING: No "interface" setting is defined. Only unicast DHCP will work. src_ipaddr = 10.199.100.1 } listen { type = "auth" ipaddr = * port = 0 limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } listen { type = "acct" ipaddr = * port = 0 limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } listen { type = "auth" ipaddr = 127.0.0.1 port = 18120 } Listening on dhcp address * port 67 as server dhcp Listening on auth address * port 1812 as server default Listening on acct address * port 1813 as server default Listening on auth address 127.0.0.1 port 18120 as server inner-tunnel Opening new proxy socket 'proxy address * port 1814' Listening on proxy address * port 1814 Ready to process requests Received DHCP-Request of id 4fca2bd4 from 0.0.0.0:68 to 255.255.255.255:67 DHCP-Opcode = Client-Message DHCP-Hardware-Type = Ethernet DHCP-Hardware-Address-Length = 6 DHCP-Hop-Count = 0 DHCP-Transaction-Id = 1338649556 DHCP-Number-of-Seconds = 0 DHCP-Flags = 0 DHCP-Client-IP-Address = 0.0.0.0 DHCP-Your-IP-Address = 0.0.0.0 DHCP-Server-IP-Address = 0.0.0.0 DHCP-Gateway-IP-Address = 0.0.0.0 DHCP-Client-Hardware-Address = 5c:0a:5b:11:0b:89 DHCP-Message-Type += DHCP-Request DHCP-Client-Identifier += 20:01:51:01:00:00 DHCP-Requested-IP-Address += 10.1.10.105 DHCP-DHCP-Maximum-Msg-Size += 1500 DHCP-Vendor-Class-Identifier += 'dhcpcd-5.5.6' DHCP-Hostname += 'android-ad465a94ec6fe012' DHCP-Parameter-Request-List += DHCP-Subnet-Mask DHCP-Parameter-Request-List += DHCP-Static-Routes DHCP-Parameter-Request-List += DHCP-Router-Address DHCP-Parameter-Request-List += DHCP-Domain-Name-Server DHCP-Parameter-Request-List += DHCP-Domain-Name DHCP-Parameter-Request-List += DHCP-Interface-MTU-Size DHCP-Parameter-Request-List += DHCP-Broadcast-Address DHCP-Parameter-Request-List += DHCP-IP-Address-Lease-Time DHCP-Parameter-Request-List += DHCP-Renewal-Time DHCP-Parameter-Request-List += DHCP-Rebinding-Time Trying sub-section dhcp DHCP-Request {...} (0) dhcp DHCP-Request { (0) update reply { (0) DHCP-Message-Type = DHCP-Ack (0) } # update reply = noop (0) phptestauth : Executing: /usr/bin/php -f /usr/local/etc/raddb/scripts/hugh-test.php %{DHCP-Client-Hardware-Address} (0) phptestauth : expand: "%{DHCP-Client-Hardware-Address}" -> '5c:0a:5b:11:0b:89' (0) phptestauth : Program returned code (0) and output 'DHCP-Domain-Name-Server := 10.1.30.170, DHCP-Domain-Name-Server := 10.1.30.171, DHCP-IP-Address-Lease-Time := 7200, DHCP-Broadcast-Address := 10.199.100.15, DHCP-DHCP-Server-Identifier := 10.199.100.1, DHCP-Router-Address := 10.199.100.1, DHCP-Subnet-Mask := 255.255.255.240, DHCP-Server-Host-Name := 'wipi_1', DHCP-Your-IP-Address := 10.199.100.9, ' (0) phptestauth : Program executed successfully (0) [phptestauth] = ok (0) [ok] = ok (0) } # dhcp DHCP-Request = ok (0) DHCP: Reply will be unicast to giaddr from original packet DHCP-Opcode = Server-Message DHCP-Hardware-Type = Ethernet DHCP-Hardware-Address-Length = 6 DHCP-Hop-Count = 0 DHCP-Transaction-Id = 1338649556 DHCP-Number-of-Seconds = 0 DHCP-Flags = 0 DHCP-Client-IP-Address = 0.0.0.0 DHCP-Your-IP-Address = 10.199.100.9 DHCP-Server-IP-Address = 10.199.100.1 DHCP-Gateway-IP-Address = 0.0.0.0 DHCP-Client-Hardware-Address = 5c:0a:5b:11:0b:89 DHCP-Server-Host-Name = 'wipi_1' DHCP-Boot-Filename = '' DHCP-Subnet-Mask := 255.255.255.240 DHCP-Router-Address := 10.199.100.1 DHCP-Domain-Name-Server := 10.1.30.170 DHCP-Domain-Name-Server := 10.1.30.171 DHCP-Broadcast-Address := 10.199.100.15 DHCP-IP-Address-Lease-Time := 7200 DHCP-DHCP-Server-Identifier := 10.199.100.1 DHCP-DHCP-Maximum-Msg-Size += 1500 Sending DHCP-Ack of id 4fca2bd4 from 10.199.100.1:67 to 2.0.0.0:68 (0) Finished request 0. Waking up in 4.9 seconds. Received DHCP-Request of id 4fca2bd4 from 0.0.0.0:68 to 255.255.255.255:67 Sending DHCP-Ack of id 4fca2bd4 from 10.199.100.1:67 to 2.0.0.0:68 Waking up in 999995.7 seconds. Received DHCP-Discover of id 6e47403d from 0.0.0.0:68 to 255.255.255.255:67 DHCP-Opcode = Client-Message DHCP-Hardware-Type = Ethernet DHCP-Hardware-Address-Length = 6 DHCP-Hop-Count = 0 DHCP-Transaction-Id = 1850163261 DHCP-Number-of-Seconds = 5 DHCP-Flags = 0 DHCP-Client-IP-Address = 0.0.0.0 DHCP-Your-IP-Address = 0.0.0.0 DHCP-Server-IP-Address = 0.0.0.0 DHCP-Gateway-IP-Address = 0.0.0.0 DHCP-Client-Hardware-Address = 5c:0a:5b:11:0b:89 DHCP-Message-Type += DHCP-Discover DHCP-Client-Identifier += a0:09:51:01:00:00 DHCP-DHCP-Maximum-Msg-Size += 1500 DHCP-Vendor-Class-Identifier += 'dhcpcd-5.5.6' DHCP-Hostname += 'android-ad465a94ec6fe012' DHCP-Parameter-Request-List += DHCP-Subnet-Mask DHCP-Parameter-Request-List += DHCP-Static-Routes DHCP-Parameter-Request-List += DHCP-Router-Address DHCP-Parameter-Request-List += DHCP-Domain-Name-Server DHCP-Parameter-Request-List += DHCP-Domain-Name DHCP-Parameter-Request-List += DHCP-Interface-MTU-Size DHCP-Parameter-Request-List += DHCP-Broadcast-Address DHCP-Parameter-Request-List += DHCP-IP-Address-Lease-Time DHCP-Parameter-Request-List += DHCP-Renewal-Time DHCP-Parameter-Request-List += DHCP-Rebinding-Time Trying sub-section dhcp DHCP-Discover {...} (1) dhcp DHCP-Discover { (1) update reply { (1) DHCP-Message-Type = DHCP-Offer (1) } # update reply = noop (1) phptestauth : Executing: /usr/bin/php -f /usr/local/etc/raddb/scripts/hugh-test.php %{DHCP-Client-Hardware-Address} (1) phptestauth : expand: "%{DHCP-Client-Hardware-Address}" -> '5c:0a:5b:11:0b:89' (1) phptestauth : Program returned code (0) and output 'DHCP-Domain-Name-Server := 10.1.30.170, DHCP-Domain-Name-Server := 10.1.30.171, DHCP-IP-Address-Lease-Time := 7200, DHCP-Broadcast-Address := 10.199.100.15, DHCP-DHCP-Server-Identifier := 10.199.100.1, DHCP-Router-Address := 10.199.100.1, DHCP-Subnet-Mask := 255.255.255.240, DHCP-Server-Host-Name := 'wipi_1', DHCP-Your-IP-Address := 10.199.100.9, ' (1) phptestauth : Program executed successfully (1) [phptestauth] = ok (1) [ok] = ok (1) } # dhcp DHCP-Discover = ok (1) DHCP: Reply will be unicast to giaddr from original packet DHCP-Opcode = Server-Message DHCP-Hardware-Type = Ethernet DHCP-Hardware-Address-Length = 6 DHCP-Hop-Count = 0 DHCP-Transaction-Id = 1850163261 DHCP-Number-of-Seconds = 0 DHCP-Flags = 0 DHCP-Client-IP-Address = 0.0.0.0 DHCP-Your-IP-Address = 10.199.100.9 DHCP-Server-IP-Address = 10.199.100.1 DHCP-Gateway-IP-Address = 0.0.0.0 DHCP-Client-Hardware-Address = 5c:0a:5b:11:0b:89 DHCP-Server-Host-Name = 'wipi_1' DHCP-Boot-Filename = '' DHCP-Subnet-Mask := 255.255.255.240 DHCP-Router-Address := 10.199.100.1 DHCP-Domain-Name-Server := 10.1.30.170 DHCP-Domain-Name-Server := 10.1.30.171 DHCP-Broadcast-Address := 10.199.100.15 DHCP-IP-Address-Lease-Time := 7200 DHCP-DHCP-Server-Identifier := 10.199.100.1 DHCP-DHCP-Maximum-Msg-Size += 1500 Sending DHCP-Offer of id 6e47403d from 10.199.100.1:67 to 2.0.0.0:68 (1) Finished request 1. Waking up in 4.9 seconds. ----------------------------------------
Date: Thu, 13 Mar 2014 10:27:25 -0400 From: aland@deployingradius.com To: freeradius-users@lists.freeradius.org Subject: Re: Issue with DHCP with Wireless card
Hugh McLenaghan wrote:
When i set this up before I didn't have an IPSEC VPN set up and I got it working. When I came back to work on it, I had set up an IPSEC VPN in the meantime. Now freeradius wasn't working for DHCP, however ISC DHCPD WAS working. So i was assuming it was completely an issue with freeradius. It does have an issue causing the problem, however it has at least identified WHY things are broken for me!
OK. DHCP gets tricky with multiple interfaces.
So i have 2 rules in my ipsec-tools.conf file:-
spdadd 10.199.100.0/28 0.0.0.0/0 any -P out ipsec esp/tunnel/yy.yy.yy.yy-xx.xx.xx.xx/require; spdadd 0.0.0.0/0 10.199.100.0/28 any -P in ipsec esp/tunnel/xx.xx.xx.xx-yy.yy.yy.yy/require;
Hmm... DHCP works via broadcast on the local network, and broadcast traffic isn't routed.
NOW, what's happening is that the freeradius DHCP server is sending the reply packets FROM 0.0.0.0 to the 10.199.100.x network.
It's not supposed to do that. The should be sending a reply FROM it's own IP address, not 0.0.0.0. However... if it can't discover the interfaces IP address, it just uses 0.0.0.0. ISC DHCP has code to troll through all of the addresses for an interface, and then uses that.
So I guess to fully fix the freeradius DHCP we need to try to get the SRC address of the reply packets coming from the Interface IP and not from 0.0.0.0
Done. There's more it can do, but that can wait until after 3.0.2.
If I can help in any way, PLEASE let me know.
This helps enormously. I've pushed a fix. You can either grab the "v3.0.x" branch from git && re-build, or you can edit your current configuration, and do:
listen { type = dhcp ipaddr = * src_ipaddr = 10.199.100.1 # add this }
I've also added documentation for the src_ipaddr configuration ite,
I'd like to get this resolved, since the features in freeradius are worth it :) Well done on all the features, it's a great product.
Thanks. We try hard to make FreeRADIUS crush ISC DHCPd. :)
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
OK, with IPSEC disabled it works, with IPSEC enabled it fails like before, however it does show the IP address in the from address, which is good. I've looked at the packets and the only difference between ISC DHCP server and Freeradius is:- ISC DHCP Next Server IP Address: 0.0.0.0 Freeradius: Next Server IP Address: 10.199.100.1 Everything else is the same, including the SRC/Destination IP addresses. I need to find out now if there's a way to use ip route rules or something to bypass whatever is happening now *sigh* always something :) Still would like to know why there is still a difference. Here's a trace with Freeradius 3.0.2 with IPSEC DISABLED:- Starting FreeRADIUS:radiusd: FreeRADIUS Version 3.0.2 (git #4c1edd5), for host armv6l-unknown-linux-gnu, built on Mar 13 2014 at 12:46:43 Copyright (C) 1999-2014 The FreeRADIUS server project and contributors There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License For more information about these matters, see the file named COPYRIGHT Starting - reading configuration files ... including dictionary file /usr/local/share/freeradius/dictionary including dictionary file /usr/local/etc/raddb/dictionary including configuration file /usr/local/etc/raddb/radiusd.conf including configuration file /usr/local/etc/raddb/proxy.conf including configuration file /usr/local/etc/raddb/clients.conf including files in directory /usr/local/etc/raddb/mods-enabled/ including configuration file /usr/local/etc/raddb/mods-enabled/dynamic_clients including configuration file /usr/local/etc/raddb/mods-enabled/logintime including configuration file /usr/local/etc/raddb/mods-enabled/phptestauth including configuration file /usr/local/etc/raddb/mods-enabled/preprocess including configuration file /usr/local/etc/raddb/mods-enabled/soh including configuration file /usr/local/etc/raddb/mods-enabled/dhcp including configuration file /usr/local/etc/raddb/mods-enabled/expr including configuration file /usr/local/etc/raddb/mods-enabled/files including configuration file /usr/local/etc/raddb/mods-enabled/always including configuration file /usr/local/etc/raddb/mods-enabled/replicate including configuration file /usr/local/etc/raddb/mods-enabled/sradutmp including configuration file /usr/local/etc/raddb/mods-enabled/ntlm_auth including configuration file /usr/local/etc/raddb/mods-enabled/detail including configuration file /usr/local/etc/raddb/mods-enabled/mschap including configuration file /usr/local/etc/raddb/mods-enabled/radutmp including configuration file /usr/local/etc/raddb/mods-enabled/exec including configuration file /usr/local/etc/raddb/mods-enabled/cache_eap including configuration file /usr/local/etc/raddb/mods-enabled/pap including configuration file /usr/local/etc/raddb/mods-enabled/utf8 including configuration file /usr/local/etc/raddb/mods-enabled/chap including configuration file /usr/local/etc/raddb/mods-enabled/realm including configuration file /usr/local/etc/raddb/mods-enabled/digest including configuration file /usr/local/etc/raddb/mods-enabled/attr_filter including configuration file /usr/local/etc/raddb/mods-enabled/expiration including configuration file /usr/local/etc/raddb/mods-enabled/passwd including configuration file /usr/local/etc/raddb/mods-enabled/echo including configuration file /usr/local/etc/raddb/mods-enabled/detail.log including configuration file /usr/local/etc/raddb/mods-enabled/unix including configuration file /usr/local/etc/raddb/mods-enabled/eap including configuration file /usr/local/etc/raddb/mods-enabled/linelog including files in directory /usr/local/etc/raddb/policy.d/ including configuration file /usr/local/etc/raddb/policy.d/control including configuration file /usr/local/etc/raddb/policy.d/dhcp including configuration file /usr/local/etc/raddb/policy.d/canonicalization including configuration file /usr/local/etc/raddb/policy.d/cui including configuration file /usr/local/etc/raddb/policy.d/operator-name including configuration file /usr/local/etc/raddb/policy.d/accounting including configuration file /usr/local/etc/raddb/policy.d/filter including configuration file /usr/local/etc/raddb/policy.d/eap including files in directory /usr/local/etc/raddb/sites-enabled/ including configuration file /usr/local/etc/raddb/sites-enabled/dhcp including configuration file /usr/local/etc/raddb/sites-enabled/default including configuration file /usr/local/etc/raddb/sites-enabled/inner-tunnel main { security { allow_core_dumps = no } } main { name = "radiusd" prefix = "/usr/local" localstatedir = "/usr/local/var" sbindir = "/usr/local/sbin" logdir = "/usr/local/var/log/radius" run_dir = "/usr/local/var/run/radiusd" libdir = "/usr/local/lib" radacctdir = "/usr/local/var/log/radius/radacct" hostname_lookups = no max_request_time = 30 cleanup_delay = 5 max_requests = 1024 pidfile = "/usr/local/var/run/radiusd/radiusd.pid" checkrad = "/usr/local/sbin/checkrad" debug_level = 0 proxy_requests = yes log { stripped_names = no auth = no auth_badpass = no auth_goodpass = no colourise = yes } security { max_attributes = 200 reject_delay = 1 status_server = yes } } radiusd: #### Loading Realms and Home Servers #### proxy server { retry_delay = 5 retry_count = 3 default_fallback = no dead_time = 120 wake_all_if_all_dead = no } home_server localhost { ipaddr = 127.0.0.1 port = 1812 type = "auth" secret = <<< secret>>> response_window = 20 max_outstanding = 65536 zombie_period = 40 status_check = "status-server" ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 revive_interval = 120 status_check_timeout = 4 coa { irt = 2 mrt = 16 mrc = 5 mrd = 30 } limit { max_connections = 16 max_requests = 0 lifetime = 0 idle_timeout = 0 } } home_server_pool my_auth_failover { type = fail-over home_server = localhost } realm example.com { auth_pool = my_auth_failover } realm LOCAL { } radiusd: #### Loading Clients #### client localhost { ipaddr = 127.0.0.1 require_message_authenticator = no secret = <<< secret>>> nas_type = "other" proto = "*" limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } radiusd: #### Instantiating modules #### instantiate { } modules { # Loaded module rlm_dynamic_clients # Instantiating module "dynamic_clients" from file /usr/local/etc/raddb/mods-enabled/dynamic_clients # Loaded module rlm_logintime # Instantiating module "logintime" from file /usr/local/etc/raddb/mods-enabled/logintime logintime { minimum_timeout = 60 } # Loaded module rlm_exec # Instantiating module "phptestauth" from file /usr/local/etc/raddb/mods-enabled/phptestauth exec phptestauth { wait = yes program = "/usr/bin/php -f /usr/local/etc/raddb/scripts/hugh-test.php %{DHCP-Client-Hardware-Address}" input_pairs = "request" output_pairs = "reply" shell_escape = yes } # Loaded module rlm_preprocess # Instantiating module "preprocess" from file /usr/local/etc/raddb/mods-enabled/preprocess preprocess { huntgroups = "/usr/local/etc/raddb/mods-config/preprocess/huntgroups" hints = "/usr/local/etc/raddb/mods-config/preprocess/hints" with_ascend_hack = no ascend_channels_per_line = 23 with_ntdomain_hack = no with_specialix_jetstream_hack = no with_cisco_vsa_hack = no with_alvarion_vsa_hack = no } reading pairlist file /usr/local/etc/raddb/mods-config/preprocess/huntgroups reading pairlist file /usr/local/etc/raddb/mods-config/preprocess/hints # Loaded module rlm_soh # Instantiating module "soh" from file /usr/local/etc/raddb/mods-enabled/soh soh { dhcp = yes } # Loaded module rlm_dhcp # Instantiating module "dhcp" from file /usr/local/etc/raddb/mods-enabled/dhcp # Loaded module rlm_expr # Instantiating module "expr" from file /usr/local/etc/raddb/mods-enabled/expr expr { safe_characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /" } # Loaded module rlm_files # Instantiating module "files" from file /usr/local/etc/raddb/mods-enabled/files files { filename = "/usr/local/etc/raddb/mods-config/files/authorize" usersfile = "/usr/local/etc/raddb/mods-config/files/authorize" acctusersfile = "/usr/local/etc/raddb/mods-config/files/accounting" preproxy_usersfile = "/usr/local/etc/raddb/mods-config/files/pre-proxy" compat = "no" } reading pairlist file /usr/local/etc/raddb/mods-config/files/authorize reading pairlist file /usr/local/etc/raddb/mods-config/files/authorize reading pairlist file /usr/local/etc/raddb/mods-config/files/accounting reading pairlist file /usr/local/etc/raddb/mods-config/files/pre-proxy # Loaded module rlm_always # Instantiating module "reject" from file /usr/local/etc/raddb/mods-enabled/always always reject { rcode = "reject" simulcount = 0 mpp = no } # Instantiating module "fail" from file /usr/local/etc/raddb/mods-enabled/always always fail { rcode = "fail" simulcount = 0 mpp = no } # Instantiating module "ok" from file /usr/local/etc/raddb/mods-enabled/always always ok { rcode = "ok" simulcount = 0 mpp = no } # Instantiating module "handled" from file /usr/local/etc/raddb/mods-enabled/always always handled { rcode = "handled" simulcount = 0 mpp = no } # Instantiating module "invalid" from file /usr/local/etc/raddb/mods-enabled/always always invalid { rcode = "invalid" simulcount = 0 mpp = no } # Instantiating module "userlock" from file /usr/local/etc/raddb/mods-enabled/always always userlock { rcode = "userlock" simulcount = 0 mpp = no } # Instantiating module "notfound" from file /usr/local/etc/raddb/mods-enabled/always always notfound { rcode = "notfound" simulcount = 0 mpp = no } # Instantiating module "noop" from file /usr/local/etc/raddb/mods-enabled/always always noop { rcode = "noop" simulcount = 0 mpp = no } # Instantiating module "updated" from file /usr/local/etc/raddb/mods-enabled/always always updated { rcode = "updated" simulcount = 0 mpp = no } # Loaded module rlm_replicate # Instantiating module "replicate" from file /usr/local/etc/raddb/mods-enabled/replicate # Loaded module rlm_radutmp # Instantiating module "sradutmp" from file /usr/local/etc/raddb/mods-enabled/sradutmp radutmp sradutmp { filename = "/usr/local/var/log/radius/sradutmp" username = "%{User-Name}" case_sensitive = yes check_with_nas = yes permissions = 420 caller_id = no } # Instantiating module "ntlm_auth" from file /usr/local/etc/raddb/mods-enabled/ntlm_auth exec ntlm_auth { wait = yes program = "/path/to/ntlm_auth --request-nt-key --domain=MYDOMAIN --username=%{mschap:User-Name} --password=%{User-Password}" shell_escape = yes } # Loaded module rlm_detail # Instantiating module "detail" from file /usr/local/etc/raddb/mods-enabled/detail detail { filename = "/usr/local/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d" header = "%t" permissions = 384 dir_permissions = 493 locking = no log_packet_header = no } # Loaded module rlm_mschap # Instantiating module "mschap" from file /usr/local/etc/raddb/mods-enabled/mschap mschap { use_mppe = yes require_encryption = no require_strong = no with_ntdomain_hack = yes passchange { } allow_retry = yes } # Instantiating module "radutmp" from file /usr/local/etc/raddb/mods-enabled/radutmp radutmp { filename = "/usr/local/var/log/radius/radutmp" username = "%{User-Name}" case_sensitive = yes check_with_nas = yes permissions = 384 caller_id = yes } # Instantiating module "exec" from file /usr/local/etc/raddb/mods-enabled/exec exec { wait = no input_pairs = "request" shell_escape = yes timeout = 10 } # Loaded module rlm_cache # Instantiating module "cache_eap" from file /usr/local/etc/raddb/mods-enabled/cache_eap cache cache_eap { key = "%{%{control:State}:-%{%{reply:State}:-%{State}}}" ttl = 15 max_entries = 16384 epoch = 0 add_stats = no } # Loaded module rlm_pap # Instantiating module "pap" from file /usr/local/etc/raddb/mods-enabled/pap pap { auto_header = no normalise = yes } # Loaded module rlm_utf8 # Instantiating module "utf8" from file /usr/local/etc/raddb/mods-enabled/utf8 # Loaded module rlm_chap # Instantiating module "chap" from file /usr/local/etc/raddb/mods-enabled/chap # Loaded module rlm_realm # Instantiating module "IPASS" from file /usr/local/etc/raddb/mods-enabled/realm realm IPASS { format = "prefix" delimiter = "/" ignore_default = no ignore_null = no } # Instantiating module "suffix" from file /usr/local/etc/raddb/mods-enabled/realm realm suffix { format = "suffix" delimiter = "@" ignore_default = no ignore_null = no } # Instantiating module "realmpercent" from file /usr/local/etc/raddb/mods-enabled/realm realm realmpercent { format = "suffix" delimiter = "%" ignore_default = no ignore_null = no } # Instantiating module "ntdomain" from file /usr/local/etc/raddb/mods-enabled/realm realm ntdomain { format = "prefix" delimiter = "\" ignore_default = no ignore_null = no } # Loaded module rlm_digest # Instantiating module "digest" from file /usr/local/etc/raddb/mods-enabled/digest # Loaded module rlm_attr_filter # Instantiating module "attr_filter.post-proxy" from file /usr/local/etc/raddb/mods-enabled/attr_filter attr_filter attr_filter.post-proxy { filename = "/usr/local/etc/raddb/mods-config/attr_filter/post-proxy" key = "%{Realm}" relaxed = no } reading pairlist file /usr/local/etc/raddb/mods-config/attr_filter/post-proxy # Instantiating module "attr_filter.pre-proxy" from file /usr/local/etc/raddb/mods-enabled/attr_filter attr_filter attr_filter.pre-proxy { filename = "/usr/local/etc/raddb/mods-config/attr_filter/pre-proxy" key = "%{Realm}" relaxed = no } reading pairlist file /usr/local/etc/raddb/mods-config/attr_filter/pre-proxy # Instantiating module "attr_filter.access_reject" from file /usr/local/etc/raddb/mods-enabled/attr_filter attr_filter attr_filter.access_reject { filename = "/usr/local/etc/raddb/mods-config/attr_filter/access_reject" key = "%{User-Name}" relaxed = no } reading pairlist file /usr/local/etc/raddb/mods-config/attr_filter/access_reject # Instantiating module "attr_filter.access_challenge" from file /usr/local/etc/raddb/mods-enabled/attr_filter attr_filter attr_filter.access_challenge { filename = "/usr/local/etc/raddb/mods-config/attr_filter/access_challenge" key = "%{User-Name}" relaxed = no } reading pairlist file /usr/local/etc/raddb/mods-config/attr_filter/access_challenge # Instantiating module "attr_filter.accounting_response" from file /usr/local/etc/raddb/mods-enabled/attr_filter attr_filter attr_filter.accounting_response { filename = "/usr/local/etc/raddb/mods-config/attr_filter/accounting_response" key = "%{User-Name}" relaxed = no } reading pairlist file /usr/local/etc/raddb/mods-config/attr_filter/accounting_response # Loaded module rlm_expiration # Instantiating module "expiration" from file /usr/local/etc/raddb/mods-enabled/expiration # Loaded module rlm_passwd # Instantiating module "etc_passwd" from file /usr/local/etc/raddb/mods-enabled/passwd passwd etc_passwd { filename = "/etc/passwd" format = "*User-Name:Crypt-Password:" delimiter = ":" ignore_nislike = no ignore_empty = yes allow_multiple_keys = no hash_size = 100 } rlm_passwd: nfields: 3 keyfield 0(User-Name) listable: no # Instantiating module "echo" from file /usr/local/etc/raddb/mods-enabled/echo exec echo { wait = yes program = "/bin/echo %{User-Name}" input_pairs = "request" output_pairs = "reply" shell_escape = yes } # Instantiating module "auth_log" from file /usr/local/etc/raddb/mods-enabled/detail.log detail auth_log { filename = "/usr/local/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d" header = "%t" permissions = 384 dir_permissions = 493 locking = no log_packet_header = no } rlm_detail (auth_log): 'User-Password' suppressed, will not appear in detail output # Instantiating module "reply_log" from file /usr/local/etc/raddb/mods-enabled/detail.log detail reply_log { filename = "/usr/local/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/reply-detail-%Y%m%d" header = "%t" permissions = 384 dir_permissions = 493 locking = no log_packet_header = no } # Instantiating module "pre_proxy_log" from file /usr/local/etc/raddb/mods-enabled/detail.log detail pre_proxy_log { filename = "/usr/local/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/pre-proxy-detail-%Y%m%d" header = "%t" permissions = 384 dir_permissions = 493 locking = no log_packet_header = no } # Instantiating module "post_proxy_log" from file /usr/local/etc/raddb/mods-enabled/detail.log detail post_proxy_log { filename = "/usr/local/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/post-proxy-detail-%Y%m%d" header = "%t" permissions = 384 dir_permissions = 493 locking = no log_packet_header = no } # Loaded module rlm_unix # Instantiating module "unix" from file /usr/local/etc/raddb/mods-enabled/unix unix { radwtmp = "/usr/local/var/log/radius/radwtmp" } # Loaded module rlm_eap # Instantiating module "eap" from file /usr/local/etc/raddb/mods-enabled/eap eap { default_eap_type = "md5" timer_expire = 60 ignore_unknown_eap_types = no mod_accounting_username_bug = no max_sessions = 4096 } # Linked to sub-module rlm_eap_md5 # Linked to sub-module rlm_eap_leap # Linked to sub-module rlm_eap_gtc gtc { challenge = "Password: " auth_type = "PAP" } # Linked to sub-module rlm_eap_tls tls { tls = "tls-common" } tls-config tls-common { rsa_key_exchange = no dh_key_exchange = yes rsa_key_length = 512 dh_key_length = 512 verify_depth = 0 ca_path = "/usr/local/etc/raddb/certs" pem_file_type = yes private_key_file = "/usr/local/etc/raddb/certs/server.pem" certificate_file = "/usr/local/etc/raddb/certs/server.pem" ca_file = "/usr/local/etc/raddb/certs/ca.pem" private_key_password = <<< secret>>> dh_file = "/usr/local/etc/raddb/certs/dh" fragment_size = 1024 include_length = yes check_crl = no cipher_list = "DEFAULT" ecdh_curve = "prime256v1" cache { enable = yes lifetime = 24 max_entries = 255 } verify { } ocsp { enable = no override_cert_url = yes url = "http://127.0.0.1/ocsp/" use_nonce = yes timeout = 0 softfail = yes } } # Linked to sub-module rlm_eap_ttls ttls { tls = "tls-common" default_eap_type = "md5" copy_request_to_tunnel = no use_tunneled_reply = no virtual_server = "inner-tunnel" include_length = yes require_client_cert = no } Using cached TLS configuration from previous invocation # Linked to sub-module rlm_eap_peap peap { tls = "tls-common" default_method = "mschapv2" copy_request_to_tunnel = no use_tunneled_reply = no proxy_tunneled_request_as_eap = yes virtual_server = "inner-tunnel" soh = no require_client_cert = no } Using cached TLS configuration from previous invocation # Linked to sub-module rlm_eap_mschapv2 mschapv2 { with_ntdomain_hack = no send_error = no } # Loaded module rlm_linelog # Instantiating module "linelog" from file /usr/local/etc/raddb/mods-enabled/linelog linelog { filename = "/usr/local/var/log/radius/linelog" permissions = 384 format = "This is a log message for %{User-Name}" reference = "%{%{Packet-Type}:-format}" } } # modules radiusd: #### Loading Virtual Servers #### server { # from file /usr/local/etc/raddb/radiusd.conf } # server server dhcp { # from file /usr/local/etc/raddb/sites-enabled/dhcp # Loading dhcp DHCP-Discover {...} # Loading dhcp DHCP-Request {...} # Loading dhcp {...} } # server dhcp server default { # from file /usr/local/etc/raddb/sites-enabled/default # Creating Auth-Type = digest # Loading authenticate {...} # Loading authorize {...} WARNING: Ignoring "sql" (see raddb/mods-available/README.rst) WARNING: Ignoring "ldap" (see raddb/mods-available/README.rst) # Loading preacct {...} # Loading accounting {...} # Loading post-proxy {...} # Loading post-auth {...} } # server default server inner-tunnel { # from file /usr/local/etc/raddb/sites-enabled/inner-tunnel # Loading authenticate {...} # Loading authorize {...} # Loading session {...} # Loading post-proxy {...} # Loading post-auth {...} } # server inner-tunnel radiusd: #### Opening IP addresses and Ports #### listen { type = "dhcp" ipaddr = * port = 67 src_ipaddr = 10.199.100.1 } listen { type = "auth" ipaddr = * port = 0 limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } listen { type = "acct" ipaddr = * port = 0 limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } listen { type = "auth" ipaddr = 127.0.0.1 port = 18120 } Listening on dhcp interface wlan0 address * port 67 as server dhcp Listening on auth address * port 1812 as server default Listening on acct address * port 1813 as server default Listening on auth address 127.0.0.1 port 18120 as server inner-tunnel Opening new proxy socket 'proxy address * port 0' Listening on proxy address * port 55398 Ready to process requests. Received DHCP-Discover of id 1d3d4523 from 0.0.0.0:68 to 255.255.255.255:67 DHCP-Opcode = Client-Message DHCP-Hardware-Type = Ethernet DHCP-Hardware-Address-Length = 6 DHCP-Hop-Count = 0 DHCP-Transaction-Id = 490554659 DHCP-Number-of-Seconds = 3 DHCP-Flags = 0 DHCP-Client-IP-Address = 0.0.0.0 DHCP-Your-IP-Address = 0.0.0.0 DHCP-Server-IP-Address = 0.0.0.0 DHCP-Gateway-IP-Address = 0.0.0.0 DHCP-Client-Hardware-Address = 5c:0a:5b:11:0b:89 DHCP-Message-Type += DHCP-Discover DHCP-Client-Identifier += 80:2a:e7:00:00:00 DHCP-DHCP-Maximum-Msg-Size += 1500 DHCP-Vendor-Class-Identifier += 'dhcpcd-5.5.6' DHCP-Hostname += 'android-ad465a94ec6fe012' DHCP-Parameter-Request-List += DHCP-Subnet-Mask DHCP-Parameter-Request-List += DHCP-Static-Routes DHCP-Parameter-Request-List += DHCP-Router-Address DHCP-Parameter-Request-List += DHCP-Domain-Name-Server DHCP-Parameter-Request-List += DHCP-Domain-Name DHCP-Parameter-Request-List += DHCP-Interface-MTU-Size DHCP-Parameter-Request-List += DHCP-Broadcast-Address DHCP-Parameter-Request-List += DHCP-IP-Address-Lease-Time DHCP-Parameter-Request-List += DHCP-Renewal-Time DHCP-Parameter-Request-List += DHCP-Rebinding-Time Trying sub-section dhcp DHCP-Discover {...} (0) dhcp DHCP-Discover { (0) update reply { (0) DHCP-Message-Type = DHCP-Offer (0) } # update reply = noop (0) phptestauth : Executing: /usr/bin/php -f /usr/local/etc/raddb/scripts/hugh-test.php %{DHCP-Client-Hardware-Address} (0) phptestauth : expand: "%{DHCP-Client-Hardware-Address}" -> '5c:0a:5b:11:0b:89' (0) phptestauth : Program returned code (0) and output 'DHCP-Domain-Name-Server := 10.1.30.170, DHCP-Domain-Name-Server := 10.1.30.171, DHCP-IP-Address-Lease-Time := 7200, DHCP-Broadcast-Address := 10.199.100.15, DHCP-DHCP-Server-Identifier := 10.199.100.1, DHCP-Router-Address := 10.199.100.1, DHCP-Subnet-Mask := 255.255.255.240, DHCP-Server-Host-Name := 'wipi_1', DHCP-Your-IP-Address := 10.199.100.11, ' (0) phptestauth : Program executed successfully (0) [phptestauth] = ok (0) [ok] = ok (0) } # dhcp DHCP-Discover = ok (0) DHCP: Reply will be unicast to your-ip-address DHCP-Opcode = Server-Message DHCP-Hardware-Type = Ethernet DHCP-Hardware-Address-Length = 6 DHCP-Hop-Count = 0 DHCP-Transaction-Id = 490554659 DHCP-Number-of-Seconds = 0 DHCP-Flags = 0 DHCP-Client-IP-Address = 0.0.0.0 DHCP-Your-IP-Address = 10.199.100.11 DHCP-Server-IP-Address = 10.199.100.1 DHCP-Gateway-IP-Address = 0.0.0.0 DHCP-Client-Hardware-Address = 5c:0a:5b:11:0b:89 DHCP-Server-Host-Name = 'wipi_1' DHCP-Boot-Filename = '' DHCP-Subnet-Mask := 255.255.255.240 DHCP-Router-Address := 10.199.100.1 DHCP-Domain-Name-Server := 10.1.30.170 DHCP-Domain-Name-Server := 10.1.30.171 DHCP-Broadcast-Address := 10.199.100.15 DHCP-IP-Address-Lease-Time := 7200 DHCP-DHCP-Server-Identifier := 10.199.100.1 DHCP-DHCP-Maximum-Msg-Size += 1500 Sending DHCP-Offer of id 1d3d4523 from 10.199.100.1:67 to 10.199.100.11:68 (0) Finished request 0. Waking up in 4.9 seconds. Received DHCP-Request of id 1d3d4523 from 0.0.0.0:68 to 255.255.255.255:67 (0) Cleaning up request packet ID 490554659 with timestamp +12 DHCP-Opcode = Client-Message DHCP-Hardware-Type = Ethernet DHCP-Hardware-Address-Length = 6 DHCP-Hop-Count = 0 DHCP-Transaction-Id = 490554659 DHCP-Number-of-Seconds = 7 DHCP-Flags = 0 DHCP-Client-IP-Address = 0.0.0.0 DHCP-Your-IP-Address = 0.0.0.0 DHCP-Server-IP-Address = 0.0.0.0 DHCP-Gateway-IP-Address = 0.0.0.0 DHCP-Client-Hardware-Address = 5c:0a:5b:11:0b:89 DHCP-Message-Type += DHCP-Request DHCP-Client-Identifier += f0:23:e7:00:00:00 DHCP-Requested-IP-Address += 10.199.100.11 DHCP-DHCP-Server-Identifier += 10.199.100.1 DHCP-DHCP-Maximum-Msg-Size += 1500 DHCP-Vendor-Class-Identifier += 'dhcpcd-5.5.6' DHCP-Hostname += 'android-ad465a94ec6fe012' DHCP-Parameter-Request-List += DHCP-Subnet-Mask DHCP-Parameter-Request-List += DHCP-Static-Routes DHCP-Parameter-Request-List += DHCP-Router-Address DHCP-Parameter-Request-List += DHCP-Domain-Name-Server DHCP-Parameter-Request-List += DHCP-Domain-Name DHCP-Parameter-Request-List += DHCP-Interface-MTU-Size DHCP-Parameter-Request-List += DHCP-Broadcast-Address DHCP-Parameter-Request-List += DHCP-IP-Address-Lease-Time DHCP-Parameter-Request-List += DHCP-Renewal-Time DHCP-Parameter-Request-List += DHCP-Rebinding-Time Trying sub-section dhcp DHCP-Request {...} (1) dhcp DHCP-Request { (1) update reply { (1) DHCP-Message-Type = DHCP-Ack (1) } # update reply = noop (1) phptestauth : Executing: /usr/bin/php -f /usr/local/etc/raddb/scripts/hugh-test.php %{DHCP-Client-Hardware-Address} (1) phptestauth : expand: "%{DHCP-Client-Hardware-Address}" -> '5c:0a:5b:11:0b:89' (1) phptestauth : Program returned code (0) and output 'DHCP-Domain-Name-Server := 10.1.30.170, DHCP-Domain-Name-Server := 10.1.30.171, DHCP-IP-Address-Lease-Time := 7200, DHCP-Broadcast-Address := 10.199.100.15, DHCP-DHCP-Server-Identifier := 10.199.100.1, DHCP-Router-Address := 10.199.100.1, DHCP-Subnet-Mask := 255.255.255.240, DHCP-Server-Host-Name := 'wipi_1', DHCP-Your-IP-Address := 10.199.100.11, ' (1) phptestauth : Program executed successfully (1) [phptestauth] = ok (1) [ok] = ok (1) } # dhcp DHCP-Request = ok (1) DHCP: Reply will be unicast to your-ip-address DHCP-Opcode = Server-Message DHCP-Hardware-Type = Ethernet DHCP-Hardware-Address-Length = 6 DHCP-Hop-Count = 0 DHCP-Transaction-Id = 490554659 DHCP-Number-of-Seconds = 0 DHCP-Flags = 0 DHCP-Client-IP-Address = 0.0.0.0 DHCP-Your-IP-Address = 10.199.100.11 DHCP-Server-IP-Address = 10.199.100.1 DHCP-Gateway-IP-Address = 0.0.0.0 DHCP-Client-Hardware-Address = 5c:0a:5b:11:0b:89 DHCP-Server-Host-Name = 'wipi_1' DHCP-Boot-Filename = '' DHCP-Subnet-Mask := 255.255.255.240 DHCP-Router-Address := 10.199.100.1 DHCP-Domain-Name-Server := 10.1.30.170 DHCP-Domain-Name-Server := 10.1.30.171 DHCP-Broadcast-Address := 10.199.100.15 DHCP-IP-Address-Lease-Time := 7200 DHCP-DHCP-Server-Identifier := 10.199.100.1 DHCP-DHCP-Maximum-Msg-Size += 1500 Sending DHCP-Ack of id 1d3d4523 from 10.199.100.1:67 to 10.199.100.11:68 (1) Finished request 1. Waking up in 4.9 seconds. Received DHCP-Request of id 8d42b684 from 0.0.0.0:68 to 255.255.255.255:67 DHCP-Opcode = Client-Message DHCP-Hardware-Type = Ethernet DHCP-Hardware-Address-Length = 6 DHCP-Hop-Count = 0 DHCP-Transaction-Id = 2369959556 DHCP-Number-of-Seconds = 0 DHCP-Flags = 0 DHCP-Client-IP-Address = 0.0.0.0 DHCP-Your-IP-Address = 0.0.0.0 DHCP-Server-IP-Address = 0.0.0.0 DHCP-Gateway-IP-Address = 0.0.0.0 DHCP-Client-Hardware-Address = 5c:0a:5b:11:0b:89 DHCP-Message-Type += DHCP-Request DHCP-Client-Identifier += 98:39:e7:00:00:00 DHCP-Requested-IP-Address += 10.199.100.11 DHCP-DHCP-Maximum-Msg-Size += 1500 DHCP-Vendor-Class-Identifier += 'dhcpcd-5.5.6' DHCP-Hostname += 'android-ad465a94ec6fe012' DHCP-Parameter-Request-List += DHCP-Subnet-Mask DHCP-Parameter-Request-List += DHCP-Static-Routes DHCP-Parameter-Request-List += DHCP-Router-Address DHCP-Parameter-Request-List += DHCP-Domain-Name-Server DHCP-Parameter-Request-List += DHCP-Domain-Name DHCP-Parameter-Request-List += DHCP-Interface-MTU-Size DHCP-Parameter-Request-List += DHCP-Broadcast-Address DHCP-Parameter-Request-List += DHCP-IP-Address-Lease-Time DHCP-Parameter-Request-List += DHCP-Renewal-Time DHCP-Parameter-Request-List += DHCP-Rebinding-Time Trying sub-section dhcp DHCP-Request {...} (2) dhcp DHCP-Request { (2) update reply { (2) DHCP-Message-Type = DHCP-Ack (2) } # update reply = noop (2) phptestauth : Executing: /usr/bin/php -f /usr/local/etc/raddb/scripts/hugh-test.php %{DHCP-Client-Hardware-Address} (2) phptestauth : expand: "%{DHCP-Client-Hardware-Address}" -> '5c:0a:5b:11:0b:89' (2) phptestauth : Program returned code (0) and output 'DHCP-Domain-Name-Server := 10.1.30.170, DHCP-Domain-Name-Server := 10.1.30.171, DHCP-IP-Address-Lease-Time := 7200, DHCP-Broadcast-Address := 10.199.100.15, DHCP-DHCP-Server-Identifier := 10.199.100.1, DHCP-Router-Address := 10.199.100.1, DHCP-Subnet-Mask := 255.255.255.240, DHCP-Server-Host-Name := 'wipi_1', DHCP-Your-IP-Address := 10.199.100.11, ' (2) phptestauth : Program executed successfully (2) [phptestauth] = ok (2) [ok] = ok (2) } # dhcp DHCP-Request = ok (2) DHCP: Reply will be unicast to your-ip-address DHCP-Opcode = Server-Message DHCP-Hardware-Type = Ethernet DHCP-Hardware-Address-Length = 6 DHCP-Hop-Count = 0 DHCP-Transaction-Id = 2369959556 DHCP-Number-of-Seconds = 0 DHCP-Flags = 0 DHCP-Client-IP-Address = 0.0.0.0 DHCP-Your-IP-Address = 10.199.100.11 DHCP-Server-IP-Address = 10.199.100.1 DHCP-Gateway-IP-Address = 0.0.0.0 DHCP-Client-Hardware-Address = 5c:0a:5b:11:0b:89 DHCP-Server-Host-Name = 'wipi_1' DHCP-Boot-Filename = '' DHCP-Subnet-Mask := 255.255.255.240 DHCP-Router-Address := 10.199.100.1 DHCP-Domain-Name-Server := 10.1.30.170 DHCP-Domain-Name-Server := 10.1.30.171 DHCP-Broadcast-Address := 10.199.100.15 DHCP-IP-Address-Lease-Time := 7200 DHCP-DHCP-Server-Identifier := 10.199.100.1 DHCP-DHCP-Maximum-Msg-Size += 1500 Sending DHCP-Ack of id 8d42b684 from 10.199.100.1:67 to 10.199.100.11:68 (2) Finished request 2. Waking up in 2.9 seconds. (1) Cleaning up request packet ID 490554659 with timestamp +16 Waking up in 2.0 seconds. ----------------------------------------
From: hughmcl@hotmail.com To: freeradius-users@lists.freeradius.org Subject: RE: Issue with DHCP with Wireless card Date: Thu, 13 Mar 2014 11:07:11 -0500
I Had checked out 3.1.0 (accidentally), now checking out 3.0.2 and starting re-build.
Here's the debug from the 3.1.0:-
Starting FreeRADIUS:radiusd: FreeRADIUS Version 3.1.0 (git #b71e353), for host armv6l-unknown-linux-gnu, built on Mar 13 2014 at 10:26:08 Copyright (C) 1999-2014 The FreeRADIUS server project and contributors There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License For more information about these matters, see the file named COPYRIGHT Starting - reading configuration files ... including dictionary file /usr/local/share/freeradius/dictionary including dictionary file /usr/local/etc/raddb/dictionary including configuration file /usr/local/etc/raddb/radiusd.conf including configuration file /usr/local/etc/raddb/proxy.conf including configuration file /usr/local/etc/raddb/clients.conf including files in directory /usr/local/etc/raddb/mods-enabled/ including configuration file /usr/local/etc/raddb/mods-enabled/dynamic_clients including configuration file /usr/local/etc/raddb/mods-enabled/logintime including configuration file /usr/local/etc/raddb/mods-enabled/phptestauth including configuration file /usr/local/etc/raddb/mods-enabled/preprocess including configuration file /usr/local/etc/raddb/mods-enabled/soh including configuration file /usr/local/etc/raddb/mods-enabled/dhcp including configuration file /usr/local/etc/raddb/mods-enabled/expr including configuration file /usr/local/etc/raddb/mods-enabled/files including configuration file /usr/local/etc/raddb/mods-enabled/always including configuration file /usr/local/etc/raddb/mods-enabled/replicate including configuration file /usr/local/etc/raddb/mods-enabled/sradutmp including configuration file /usr/local/etc/raddb/mods-enabled/ntlm_auth including configuration file /usr/local/etc/raddb/mods-enabled/detail including configuration file /usr/local/etc/raddb/mods-enabled/mschap including configuration file /usr/local/etc/raddb/mods-enabled/radutmp including configuration file /usr/local/etc/raddb/mods-enabled/exec including configuration file /usr/local/etc/raddb/mods-enabled/cache_eap including configuration file /usr/local/etc/raddb/mods-enabled/pap including configuration file /usr/local/etc/raddb/mods-enabled/utf8 including configuration file /usr/local/etc/raddb/mods-enabled/chap including configuration file /usr/local/etc/raddb/mods-enabled/realm including configuration file /usr/local/etc/raddb/mods-enabled/digest including configuration file /usr/local/etc/raddb/mods-enabled/attr_filter including configuration file /usr/local/etc/raddb/mods-enabled/expiration including configuration file /usr/local/etc/raddb/mods-enabled/passwd including configuration file /usr/local/etc/raddb/mods-enabled/echo including configuration file /usr/local/etc/raddb/mods-enabled/detail.log including configuration file /usr/local/etc/raddb/mods-enabled/unix including configuration file /usr/local/etc/raddb/mods-enabled/eap including configuration file /usr/local/etc/raddb/mods-enabled/linelog including files in directory /usr/local/etc/raddb/policy.d/ including configuration file /usr/local/etc/raddb/policy.d/control including configuration file /usr/local/etc/raddb/policy.d/dhcp including configuration file /usr/local/etc/raddb/policy.d/canonicalization including configuration file /usr/local/etc/raddb/policy.d/cui including configuration file /usr/local/etc/raddb/policy.d/operator-name including configuration file /usr/local/etc/raddb/policy.d/accounting including configuration file /usr/local/etc/raddb/policy.d/filter including configuration file /usr/local/etc/raddb/policy.d/eap including files in directory /usr/local/etc/raddb/sites-enabled/ including configuration file /usr/local/etc/raddb/sites-enabled/dhcp including configuration file /usr/local/etc/raddb/sites-enabled/default including configuration file /usr/local/etc/raddb/sites-enabled/inner-tunnel main { security { allow_core_dumps = no } } main { name = "radiusd" prefix = "/usr/local" localstatedir = "/usr/local/var" sbindir = "/usr/local/sbin" logdir = "/usr/local/var/log/radius" run_dir = "/usr/local/var/run/radiusd" libdir = "/usr/local/lib" radacctdir = "/usr/local/var/log/radius/radacct" hostname_lookups = no max_request_time = 30 cleanup_delay = 5 max_requests = 1024 pidfile = "/usr/local/var/run/radiusd/radiusd.pid" checkrad = "/usr/local/sbin/checkrad" debug_level = 0 proxy_requests = yes log { stripped_names = no auth = no auth_badpass = no auth_goodpass = no colourise = yes } security { max_attributes = 200 reject_delay = 1 status_server = yes } } radiusd: #### Loading Realms and Home Servers #### proxy server { retry_delay = 5 retry_count = 3 default_fallback = no dead_time = 120 wake_all_if_all_dead = no } home_server localhost { ipaddr = 127.0.0.1 port = 1812 type = "auth" secret = <<< secret>>> response_window = 20 max_outstanding = 65536 zombie_period = 40 status_check = "status-server" ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 revive_interval = 120 status_check_timeout = 4 coa { irt = 2 mrt = 16 mrc = 5 mrd = 30 } limit { max_connections = 16 max_requests = 0 lifetime = 0 idle_timeout = 0 } } home_server_pool my_auth_failover { type = fail-over home_server = localhost } realm example.com { auth_pool = my_auth_failover } realm LOCAL { } radiusd: #### Loading Clients #### client localhost { ipaddr = 127.0.0.1 require_message_authenticator = no secret = <<< secret>>> nas_type = "other" proto = "*" limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } radiusd: #### Instantiating modules #### instantiate { } modules { # Loaded module rlm_dynamic_clients # Instantiating module "dynamic_clients" from file /usr/local/etc/raddb/mods-enabled/dynamic_clients # Loaded module rlm_logintime # Instantiating module "logintime" from file /usr/local/etc/raddb/mods-enabled/logintime logintime { minimum_timeout = 60 } # Loaded module rlm_exec # Instantiating module "phptestauth" from file /usr/local/etc/raddb/mods-enabled/phptestauth exec phptestauth { wait = yes program = "/usr/bin/php -f /usr/local/etc/raddb/scripts/hugh-test.php %{DHCP-Client-Hardware-Address}" input_pairs = "request" output_pairs = "reply" shell_escape = yes } # Loaded module rlm_preprocess # Instantiating module "preprocess" from file /usr/local/etc/raddb/mods-enabled/preprocess preprocess { huntgroups = "/usr/local/etc/raddb/mods-config/preprocess/huntgroups" hints = "/usr/local/etc/raddb/mods-config/preprocess/hints" with_ascend_hack = no ascend_channels_per_line = 23 with_ntdomain_hack = no with_specialix_jetstream_hack = no with_cisco_vsa_hack = no with_alvarion_vsa_hack = no } reading pairlist file /usr/local/etc/raddb/mods-config/preprocess/huntgroups reading pairlist file /usr/local/etc/raddb/mods-config/preprocess/hints # Loaded module rlm_soh # Instantiating module "soh" from file /usr/local/etc/raddb/mods-enabled/soh soh { dhcp = yes } # Loaded module rlm_dhcp # Instantiating module "dhcp" from file /usr/local/etc/raddb/mods-enabled/dhcp # Loaded module rlm_expr # Instantiating module "expr" from file /usr/local/etc/raddb/mods-enabled/expr expr { safe_characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /" } # Loaded module rlm_files # Instantiating module "files" from file /usr/local/etc/raddb/mods-enabled/files files { filename = "/usr/local/etc/raddb/mods-config/files/authorize" usersfile = "/usr/local/etc/raddb/mods-config/files/authorize" acctusersfile = "/usr/local/etc/raddb/mods-config/files/accounting" preproxy_usersfile = "/usr/local/etc/raddb/mods-config/files/pre-proxy" compat = "no" } reading pairlist file /usr/local/etc/raddb/mods-config/files/authorize reading pairlist file /usr/local/etc/raddb/mods-config/files/authorize reading pairlist file /usr/local/etc/raddb/mods-config/files/accounting reading pairlist file /usr/local/etc/raddb/mods-config/files/pre-proxy # Loaded module rlm_always # Instantiating module "reject" from file /usr/local/etc/raddb/mods-enabled/always always reject { rcode = "reject" simulcount = 0 mpp = no } # Instantiating module "fail" from file /usr/local/etc/raddb/mods-enabled/always always fail { rcode = "fail" simulcount = 0 mpp = no } # Instantiating module "ok" from file /usr/local/etc/raddb/mods-enabled/always always ok { rcode = "ok" simulcount = 0 mpp = no } # Instantiating module "handled" from file /usr/local/etc/raddb/mods-enabled/always always handled { rcode = "handled" simulcount = 0 mpp = no } # Instantiating module "invalid" from file /usr/local/etc/raddb/mods-enabled/always always invalid { rcode = "invalid" simulcount = 0 mpp = no } # Instantiating module "userlock" from file /usr/local/etc/raddb/mods-enabled/always always userlock { rcode = "userlock" simulcount = 0 mpp = no } # Instantiating module "notfound" from file /usr/local/etc/raddb/mods-enabled/always always notfound { rcode = "notfound" simulcount = 0 mpp = no } # Instantiating module "noop" from file /usr/local/etc/raddb/mods-enabled/always always noop { rcode = "noop" simulcount = 0 mpp = no } # Instantiating module "updated" from file /usr/local/etc/raddb/mods-enabled/always always updated { rcode = "updated" simulcount = 0 mpp = no } # Loaded module rlm_replicate # Instantiating module "replicate" from file /usr/local/etc/raddb/mods-enabled/replicate # Loaded module rlm_radutmp # Instantiating module "sradutmp" from file /usr/local/etc/raddb/mods-enabled/sradutmp radutmp sradutmp { filename = "/usr/local/var/log/radius/sradutmp" username = "%{User-Name}" case_sensitive = yes check_with_nas = yes permissions = 420 caller_id = no } # Instantiating module "ntlm_auth" from file /usr/local/etc/raddb/mods-enabled/ntlm_auth exec ntlm_auth { wait = yes program = "/path/to/ntlm_auth --request-nt-key --domain=MYDOMAIN --username=%{mschap:User-Name} --password=%{User-Password}" shell_escape = yes } # Loaded module rlm_detail # Instantiating module "detail" from file /usr/local/etc/raddb/mods-enabled/detail detail { filename = "/usr/local/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d" header = "%t" permissions = 384 dir_permissions = 493 locking = no log_packet_header = no } # Loaded module rlm_mschap # Instantiating module "mschap" from file /usr/local/etc/raddb/mods-enabled/mschap mschap { use_mppe = yes require_encryption = no require_strong = no with_ntdomain_hack = yes passchange { } allow_retry = yes } # Instantiating module "radutmp" from file /usr/local/etc/raddb/mods-enabled/radutmp radutmp { filename = "/usr/local/var/log/radius/radutmp" username = "%{User-Name}" case_sensitive = yes check_with_nas = yes permissions = 384 caller_id = yes } # Instantiating module "exec" from file /usr/local/etc/raddb/mods-enabled/exec exec { wait = no input_pairs = "request" shell_escape = yes timeout = 10 } # Loaded module rlm_cache # Instantiating module "cache_eap" from file /usr/local/etc/raddb/mods-enabled/cache_eap cache cache_eap { key = "%{%{control:State}:-%{%{reply:State}:-%{State}}}" ttl = 15 max_entries = 16384 epoch = 0 add_stats = no } # Loaded module rlm_pap # Instantiating module "pap" from file /usr/local/etc/raddb/mods-enabled/pap pap { auto_header = no normalise = yes } # Loaded module rlm_utf8 # Instantiating module "utf8" from file /usr/local/etc/raddb/mods-enabled/utf8 # Loaded module rlm_chap # Instantiating module "chap" from file /usr/local/etc/raddb/mods-enabled/chap # Loaded module rlm_realm # Instantiating module "IPASS" from file /usr/local/etc/raddb/mods-enabled/realm realm IPASS { format = "prefix" delimiter = "/" ignore_default = no ignore_null = no } # Instantiating module "suffix" from file /usr/local/etc/raddb/mods-enabled/realm realm suffix { format = "suffix" delimiter = "@" ignore_default = no ignore_null = no } # Instantiating module "realmpercent" from file /usr/local/etc/raddb/mods-enabled/realm realm realmpercent { format = "suffix" delimiter = "%" ignore_default = no ignore_null = no } # Instantiating module "ntdomain" from file /usr/local/etc/raddb/mods-enabled/realm realm ntdomain { format = "prefix" delimiter = "\" ignore_default = no ignore_null = no } # Loaded module rlm_digest # Instantiating module "digest" from file /usr/local/etc/raddb/mods-enabled/digest # Loaded module rlm_attr_filter # Instantiating module "attr_filter.post-proxy" from file /usr/local/etc/raddb/mods-enabled/attr_filter attr_filter attr_filter.post-proxy { filename = "/usr/local/etc/raddb/mods-config/attr_filter/post-proxy" key = "%{Realm}" relaxed = no } reading pairlist file /usr/local/etc/raddb/mods-config/attr_filter/post-proxy # Instantiating module "attr_filter.pre-proxy" from file /usr/local/etc/raddb/mods-enabled/attr_filter attr_filter attr_filter.pre-proxy { filename = "/usr/local/etc/raddb/mods-config/attr_filter/pre-proxy" key = "%{Realm}" relaxed = no } reading pairlist file /usr/local/etc/raddb/mods-config/attr_filter/pre-proxy # Instantiating module "attr_filter.access_reject" from file /usr/local/etc/raddb/mods-enabled/attr_filter attr_filter attr_filter.access_reject { filename = "/usr/local/etc/raddb/mods-config/attr_filter/access_reject" key = "%{User-Name}" relaxed = no } reading pairlist file /usr/local/etc/raddb/mods-config/attr_filter/access_reject # Instantiating module "attr_filter.access_challenge" from file /usr/local/etc/raddb/mods-enabled/attr_filter attr_filter attr_filter.access_challenge { filename = "/usr/local/etc/raddb/mods-config/attr_filter/access_challenge" key = "%{User-Name}" relaxed = no } reading pairlist file /usr/local/etc/raddb/mods-config/attr_filter/access_challenge # Instantiating module "attr_filter.accounting_response" from file /usr/local/etc/raddb/mods-enabled/attr_filter attr_filter attr_filter.accounting_response { filename = "/usr/local/etc/raddb/mods-config/attr_filter/accounting_response" key = "%{User-Name}" relaxed = no } reading pairlist file /usr/local/etc/raddb/mods-config/attr_filter/accounting_response # Loaded module rlm_expiration # Instantiating module "expiration" from file /usr/local/etc/raddb/mods-enabled/expiration # Loaded module rlm_passwd # Instantiating module "etc_passwd" from file /usr/local/etc/raddb/mods-enabled/passwd passwd etc_passwd { filename = "/etc/passwd" format = "*User-Name:Crypt-Password:" delimiter = ":" ignore_nislike = no ignore_empty = yes allow_multiple_keys = no hash_size = 100 } rlm_passwd: nfields: 3 keyfield 0(User-Name) listable: no # Instantiating module "echo" from file /usr/local/etc/raddb/mods-enabled/echo exec echo { wait = yes program = "/bin/echo %{User-Name}" input_pairs = "request" output_pairs = "reply" shell_escape = yes } # Instantiating module "auth_log" from file /usr/local/etc/raddb/mods-enabled/detail.log detail auth_log { filename = "/usr/local/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d" header = "%t" permissions = 384 dir_permissions = 493 locking = no log_packet_header = no } rlm_detail (auth_log): 'User-Password' suppressed, will not appear in detail output # Instantiating module "reply_log" from file /usr/local/etc/raddb/mods-enabled/detail.log detail reply_log { filename = "/usr/local/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/reply-detail-%Y%m%d" header = "%t" permissions = 384 dir_permissions = 493 locking = no log_packet_header = no } # Instantiating module "pre_proxy_log" from file /usr/local/etc/raddb/mods-enabled/detail.log detail pre_proxy_log { filename = "/usr/local/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/pre-proxy-detail-%Y%m%d" header = "%t" permissions = 384 dir_permissions = 493 locking = no log_packet_header = no } # Instantiating module "post_proxy_log" from file /usr/local/etc/raddb/mods-enabled/detail.log detail post_proxy_log { filename = "/usr/local/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/post-proxy-detail-%Y%m%d" header = "%t" permissions = 384 dir_permissions = 493 locking = no log_packet_header = no } # Loaded module rlm_unix # Instantiating module "unix" from file /usr/local/etc/raddb/mods-enabled/unix unix { radwtmp = "/usr/local/var/log/radius/radwtmp" } # Loaded module rlm_eap # Instantiating module "eap" from file /usr/local/etc/raddb/mods-enabled/eap eap { default_eap_type = "md5" timer_expire = 60 ignore_unknown_eap_types = no mod_accounting_username_bug = no max_sessions = 4096 } # Linked to sub-module rlm_eap_md5 # Linked to sub-module rlm_eap_leap # Linked to sub-module rlm_eap_gtc gtc { challenge = "Password: " auth_type = "PAP" } # Linked to sub-module rlm_eap_tls tls { tls = "tls-common" } tls-config tls-common { rsa_key_exchange = no dh_key_exchange = yes rsa_key_length = 512 dh_key_length = 512 verify_depth = 0 ca_path = "/usr/local/etc/raddb/certs" pem_file_type = yes private_key_file = "/usr/local/etc/raddb/certs/server.pem" certificate_file = "/usr/local/etc/raddb/certs/server.pem" ca_file = "/usr/local/etc/raddb/certs/ca.pem" private_key_password = <<< secret>>> dh_file = "/usr/local/etc/raddb/certs/dh" fragment_size = 1024 include_length = yes check_crl = no cipher_list = "DEFAULT" ecdh_curve = "prime256v1" cache { enable = yes lifetime = 24 max_entries = 255 } verify { } ocsp { enable = no override_cert_url = yes url = "http://127.0.0.1/ocsp/" use_nonce = yes timeout = 0 softfail = yes } } # Linked to sub-module rlm_eap_ttls ttls { tls = "tls-common" default_eap_type = "md5" copy_request_to_tunnel = no use_tunneled_reply = no virtual_server = "inner-tunnel" include_length = yes require_client_cert = no } Using cached TLS configuration from previous invocation # Linked to sub-module rlm_eap_peap peap { tls = "tls-common" default_method = "mschapv2" copy_request_to_tunnel = no use_tunneled_reply = no proxy_tunneled_request_as_eap = yes virtual_server = "inner-tunnel" soh = no require_client_cert = no } Using cached TLS configuration from previous invocation # Linked to sub-module rlm_eap_mschapv2 mschapv2 { with_ntdomain_hack = no send_error = no } # Loaded module rlm_linelog # Instantiating module "linelog" from file /usr/local/etc/raddb/mods-enabled/linelog linelog { filename = "/usr/local/var/log/radius/linelog" permissions = 384 format = "This is a log message for %{User-Name}" reference = "%{%{Packet-Type}:-format}" } } # modules radiusd: #### Loading Virtual Servers #### server { # from file /usr/local/etc/raddb/radiusd.conf } # server server dhcp { # from file /usr/local/etc/raddb/sites-enabled/dhcp # Loading dhcp DHCP-Discover {...} # Loading dhcp DHCP-Request {...} # Loading dhcp {...} } # server dhcp server default { # from file /usr/local/etc/raddb/sites-enabled/default # Creating Auth-Type = digest # Loading authenticate {...} # Loading authorize {...} WARNING: Ignoring "sql" (see raddb/mods-available/README.rst) WARNING: Ignoring "ldap" (see raddb/mods-available/README.rst) # Loading preacct {...} # Loading accounting {...} # Loading post-proxy {...} # Loading post-auth {...} } # server default server inner-tunnel { # from file /usr/local/etc/raddb/sites-enabled/inner-tunnel # Loading authenticate {...} # Loading authorize {...} # Loading session {...} # Loading post-proxy {...} # Loading post-auth {...} } # server inner-tunnel radiusd: #### Opening IP addresses and Ports #### listen { type = "dhcp" ipaddr = * port = 67 WARNING: No "interface" setting is defined. Only unicast DHCP will work. src_ipaddr = 10.199.100.1 } listen { type = "auth" ipaddr = * port = 0 limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } listen { type = "acct" ipaddr = * port = 0 limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } listen { type = "auth" ipaddr = 127.0.0.1 port = 18120 } Listening on dhcp address * port 67 as server dhcp Listening on auth address * port 1812 as server default Listening on acct address * port 1813 as server default Listening on auth address 127.0.0.1 port 18120 as server inner-tunnel Opening new proxy socket 'proxy address * port 1814' Listening on proxy address * port 1814 Ready to process requests Received DHCP-Request of id 4fca2bd4 from 0.0.0.0:68 to 255.255.255.255:67 DHCP-Opcode = Client-Message DHCP-Hardware-Type = Ethernet DHCP-Hardware-Address-Length = 6 DHCP-Hop-Count = 0 DHCP-Transaction-Id = 1338649556 DHCP-Number-of-Seconds = 0 DHCP-Flags = 0 DHCP-Client-IP-Address = 0.0.0.0 DHCP-Your-IP-Address = 0.0.0.0 DHCP-Server-IP-Address = 0.0.0.0 DHCP-Gateway-IP-Address = 0.0.0.0 DHCP-Client-Hardware-Address = 5c:0a:5b:11:0b:89 DHCP-Message-Type += DHCP-Request DHCP-Client-Identifier += 20:01:51:01:00:00 DHCP-Requested-IP-Address += 10.1.10.105 DHCP-DHCP-Maximum-Msg-Size += 1500 DHCP-Vendor-Class-Identifier += 'dhcpcd-5.5.6' DHCP-Hostname += 'android-ad465a94ec6fe012' DHCP-Parameter-Request-List += DHCP-Subnet-Mask DHCP-Parameter-Request-List += DHCP-Static-Routes DHCP-Parameter-Request-List += DHCP-Router-Address DHCP-Parameter-Request-List += DHCP-Domain-Name-Server DHCP-Parameter-Request-List += DHCP-Domain-Name DHCP-Parameter-Request-List += DHCP-Interface-MTU-Size DHCP-Parameter-Request-List += DHCP-Broadcast-Address DHCP-Parameter-Request-List += DHCP-IP-Address-Lease-Time DHCP-Parameter-Request-List += DHCP-Renewal-Time DHCP-Parameter-Request-List += DHCP-Rebinding-Time Trying sub-section dhcp DHCP-Request {...} (0) dhcp DHCP-Request { (0) update reply { (0) DHCP-Message-Type = DHCP-Ack (0) } # update reply = noop (0) phptestauth : Executing: /usr/bin/php -f /usr/local/etc/raddb/scripts/hugh-test.php %{DHCP-Client-Hardware-Address} (0) phptestauth : expand: "%{DHCP-Client-Hardware-Address}" -> '5c:0a:5b:11:0b:89' (0) phptestauth : Program returned code (0) and output 'DHCP-Domain-Name-Server := 10.1.30.170, DHCP-Domain-Name-Server := 10.1.30.171, DHCP-IP-Address-Lease-Time := 7200, DHCP-Broadcast-Address := 10.199.100.15, DHCP-DHCP-Server-Identifier := 10.199.100.1, DHCP-Router-Address := 10.199.100.1, DHCP-Subnet-Mask := 255.255.255.240, DHCP-Server-Host-Name := 'wipi_1', DHCP-Your-IP-Address := 10.199.100.9, ' (0) phptestauth : Program executed successfully (0) [phptestauth] = ok (0) [ok] = ok (0) } # dhcp DHCP-Request = ok (0) DHCP: Reply will be unicast to giaddr from original packet DHCP-Opcode = Server-Message DHCP-Hardware-Type = Ethernet DHCP-Hardware-Address-Length = 6 DHCP-Hop-Count = 0 DHCP-Transaction-Id = 1338649556 DHCP-Number-of-Seconds = 0 DHCP-Flags = 0 DHCP-Client-IP-Address = 0.0.0.0 DHCP-Your-IP-Address = 10.199.100.9 DHCP-Server-IP-Address = 10.199.100.1 DHCP-Gateway-IP-Address = 0.0.0.0 DHCP-Client-Hardware-Address = 5c:0a:5b:11:0b:89 DHCP-Server-Host-Name = 'wipi_1' DHCP-Boot-Filename = '' DHCP-Subnet-Mask := 255.255.255.240 DHCP-Router-Address := 10.199.100.1 DHCP-Domain-Name-Server := 10.1.30.170 DHCP-Domain-Name-Server := 10.1.30.171 DHCP-Broadcast-Address := 10.199.100.15 DHCP-IP-Address-Lease-Time := 7200 DHCP-DHCP-Server-Identifier := 10.199.100.1 DHCP-DHCP-Maximum-Msg-Size += 1500 Sending DHCP-Ack of id 4fca2bd4 from 10.199.100.1:67 to 2.0.0.0:68 (0) Finished request 0. Waking up in 4.9 seconds. Received DHCP-Request of id 4fca2bd4 from 0.0.0.0:68 to 255.255.255.255:67 Sending DHCP-Ack of id 4fca2bd4 from 10.199.100.1:67 to 2.0.0.0:68 Waking up in 999995.7 seconds. Received DHCP-Discover of id 6e47403d from 0.0.0.0:68 to 255.255.255.255:67 DHCP-Opcode = Client-Message DHCP-Hardware-Type = Ethernet DHCP-Hardware-Address-Length = 6 DHCP-Hop-Count = 0 DHCP-Transaction-Id = 1850163261 DHCP-Number-of-Seconds = 5 DHCP-Flags = 0 DHCP-Client-IP-Address = 0.0.0.0 DHCP-Your-IP-Address = 0.0.0.0 DHCP-Server-IP-Address = 0.0.0.0 DHCP-Gateway-IP-Address = 0.0.0.0 DHCP-Client-Hardware-Address = 5c:0a:5b:11:0b:89 DHCP-Message-Type += DHCP-Discover DHCP-Client-Identifier += a0:09:51:01:00:00 DHCP-DHCP-Maximum-Msg-Size += 1500 DHCP-Vendor-Class-Identifier += 'dhcpcd-5.5.6' DHCP-Hostname += 'android-ad465a94ec6fe012' DHCP-Parameter-Request-List += DHCP-Subnet-Mask DHCP-Parameter-Request-List += DHCP-Static-Routes DHCP-Parameter-Request-List += DHCP-Router-Address DHCP-Parameter-Request-List += DHCP-Domain-Name-Server DHCP-Parameter-Request-List += DHCP-Domain-Name DHCP-Parameter-Request-List += DHCP-Interface-MTU-Size DHCP-Parameter-Request-List += DHCP-Broadcast-Address DHCP-Parameter-Request-List += DHCP-IP-Address-Lease-Time DHCP-Parameter-Request-List += DHCP-Renewal-Time DHCP-Parameter-Request-List += DHCP-Rebinding-Time Trying sub-section dhcp DHCP-Discover {...} (1) dhcp DHCP-Discover { (1) update reply { (1) DHCP-Message-Type = DHCP-Offer (1) } # update reply = noop (1) phptestauth : Executing: /usr/bin/php -f /usr/local/etc/raddb/scripts/hugh-test.php %{DHCP-Client-Hardware-Address} (1) phptestauth : expand: "%{DHCP-Client-Hardware-Address}" -> '5c:0a:5b:11:0b:89' (1) phptestauth : Program returned code (0) and output 'DHCP-Domain-Name-Server := 10.1.30.170, DHCP-Domain-Name-Server := 10.1.30.171, DHCP-IP-Address-Lease-Time := 7200, DHCP-Broadcast-Address := 10.199.100.15, DHCP-DHCP-Server-Identifier := 10.199.100.1, DHCP-Router-Address := 10.199.100.1, DHCP-Subnet-Mask := 255.255.255.240, DHCP-Server-Host-Name := 'wipi_1', DHCP-Your-IP-Address := 10.199.100.9, ' (1) phptestauth : Program executed successfully (1) [phptestauth] = ok (1) [ok] = ok (1) } # dhcp DHCP-Discover = ok (1) DHCP: Reply will be unicast to giaddr from original packet DHCP-Opcode = Server-Message DHCP-Hardware-Type = Ethernet DHCP-Hardware-Address-Length = 6 DHCP-Hop-Count = 0 DHCP-Transaction-Id = 1850163261 DHCP-Number-of-Seconds = 0 DHCP-Flags = 0 DHCP-Client-IP-Address = 0.0.0.0 DHCP-Your-IP-Address = 10.199.100.9 DHCP-Server-IP-Address = 10.199.100.1 DHCP-Gateway-IP-Address = 0.0.0.0 DHCP-Client-Hardware-Address = 5c:0a:5b:11:0b:89 DHCP-Server-Host-Name = 'wipi_1' DHCP-Boot-Filename = '' DHCP-Subnet-Mask := 255.255.255.240 DHCP-Router-Address := 10.199.100.1 DHCP-Domain-Name-Server := 10.1.30.170 DHCP-Domain-Name-Server := 10.1.30.171 DHCP-Broadcast-Address := 10.199.100.15 DHCP-IP-Address-Lease-Time := 7200 DHCP-DHCP-Server-Identifier := 10.199.100.1 DHCP-DHCP-Maximum-Msg-Size += 1500 Sending DHCP-Offer of id 6e47403d from 10.199.100.1:67 to 2.0.0.0:68 (1) Finished request 1. Waking up in 4.9 seconds.
Date: Thu, 13 Mar 2014 10:27:25 -0400 From: aland@deployingradius.com To: freeradius-users@lists.freeradius.org Subject: Re: Issue with DHCP with Wireless card
Hugh McLenaghan wrote:
When i set this up before I didn't have an IPSEC VPN set up and I got it working. When I came back to work on it, I had set up an IPSEC VPN in the meantime. Now freeradius wasn't working for DHCP, however ISC DHCPD WAS working. So i was assuming it was completely an issue with freeradius. It does have an issue causing the problem, however it has at least identified WHY things are broken for me!
OK. DHCP gets tricky with multiple interfaces.
So i have 2 rules in my ipsec-tools.conf file:-
spdadd 10.199.100.0/28 0.0.0.0/0 any -P out ipsec esp/tunnel/yy.yy.yy.yy-xx.xx.xx.xx/require; spdadd 0.0.0.0/0 10.199.100.0/28 any -P in ipsec esp/tunnel/xx.xx.xx.xx-yy.yy.yy.yy/require;
Hmm... DHCP works via broadcast on the local network, and broadcast traffic isn't routed.
NOW, what's happening is that the freeradius DHCP server is sending the reply packets FROM 0.0.0.0 to the 10.199.100.x network.
It's not supposed to do that. The should be sending a reply FROM it's own IP address, not 0.0.0.0. However... if it can't discover the interfaces IP address, it just uses 0.0.0.0. ISC DHCP has code to troll through all of the addresses for an interface, and then uses that.
So I guess to fully fix the freeradius DHCP we need to try to get the SRC address of the reply packets coming from the Interface IP and not from 0.0.0.0
Done. There's more it can do, but that can wait until after 3.0.2.
If I can help in any way, PLEASE let me know.
This helps enormously. I've pushed a fix. You can either grab the "v3.0.x" branch from git && re-build, or you can edit your current configuration, and do:
listen { type = dhcp ipaddr = * src_ipaddr = 10.199.100.1 # add this }
I've also added documentation for the src_ipaddr configuration ite,
I'd like to get this resolved, since the features in freeradius are worth it :) Well done on all the features, it's a great product.
Thanks. We try hard to make FreeRADIUS crush ISC DHCPd. :)
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
---------------------------------------- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hugh McLenaghan wrote:
OK, with IPSEC disabled it works, with IPSEC enabled it fails like before, however it does show the IP address in the from address, which is good.
So the packet is still not making it off of the machine? That's just... odd. FreeRADIUS uses the normal socket calls to write packets. There's no reason for it to fail.
I've looked at the packets and the only difference between ISC DHCP server and Freeradius is:- ISC DHCP Next Server IP Address: 0.0.0.0
Freeradius: Next Server IP Address: 10.199.100.1
Everything else is the same, including the SRC/Destination IP addresses.
The packet contents won't affect routing.
I need to find out now if there's a way to use ip route rules or something to bypass whatever is happening now *sigh* always something :)
DHCP doesn't interact well with routing rules. It expects to send raw packets out the interface, and to bypass IPv4 routing entirely. Alan DeKok.
Capture with IPSEC ENABLED:_ Starting FreeRADIUS:radiusd: FreeRADIUS Version 3.0.2 (git #4c1edd5), for host armv6l-unknown-linux-gnu, built on Mar 13 2014 at 12:46:43 Copyright (C) 1999-2014 The FreeRADIUS server project and contributors There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License For more information about these matters, see the file named COPYRIGHT Starting - reading configuration files ... including dictionary file /usr/local/share/freeradius/dictionary including dictionary file /usr/local/etc/raddb/dictionary including configuration file /usr/local/etc/raddb/radiusd.conf including configuration file /usr/local/etc/raddb/proxy.conf including configuration file /usr/local/etc/raddb/clients.conf including files in directory /usr/local/etc/raddb/mods-enabled/ including configuration file /usr/local/etc/raddb/mods-enabled/dynamic_clients including configuration file /usr/local/etc/raddb/mods-enabled/logintime including configuration file /usr/local/etc/raddb/mods-enabled/phptestauth including configuration file /usr/local/etc/raddb/mods-enabled/preprocess including configuration file /usr/local/etc/raddb/mods-enabled/soh including configuration file /usr/local/etc/raddb/mods-enabled/dhcp including configuration file /usr/local/etc/raddb/mods-enabled/expr including configuration file /usr/local/etc/raddb/mods-enabled/files including configuration file /usr/local/etc/raddb/mods-enabled/always including configuration file /usr/local/etc/raddb/mods-enabled/replicate including configuration file /usr/local/etc/raddb/mods-enabled/sradutmp including configuration file /usr/local/etc/raddb/mods-enabled/ntlm_auth including configuration file /usr/local/etc/raddb/mods-enabled/detail including configuration file /usr/local/etc/raddb/mods-enabled/mschap including configuration file /usr/local/etc/raddb/mods-enabled/radutmp including configuration file /usr/local/etc/raddb/mods-enabled/exec including configuration file /usr/local/etc/raddb/mods-enabled/cache_eap including configuration file /usr/local/etc/raddb/mods-enabled/pap including configuration file /usr/local/etc/raddb/mods-enabled/utf8 including configuration file /usr/local/etc/raddb/mods-enabled/chap including configuration file /usr/local/etc/raddb/mods-enabled/realm including configuration file /usr/local/etc/raddb/mods-enabled/digest including configuration file /usr/local/etc/raddb/mods-enabled/attr_filter including configuration file /usr/local/etc/raddb/mods-enabled/expiration including configuration file /usr/local/etc/raddb/mods-enabled/passwd including configuration file /usr/local/etc/raddb/mods-enabled/echo including configuration file /usr/local/etc/raddb/mods-enabled/detail.log including configuration file /usr/local/etc/raddb/mods-enabled/unix including configuration file /usr/local/etc/raddb/mods-enabled/eap including configuration file /usr/local/etc/raddb/mods-enabled/linelog including files in directory /usr/local/etc/raddb/policy.d/ including configuration file /usr/local/etc/raddb/policy.d/control including configuration file /usr/local/etc/raddb/policy.d/dhcp including configuration file /usr/local/etc/raddb/policy.d/canonicalization including configuration file /usr/local/etc/raddb/policy.d/cui including configuration file /usr/local/etc/raddb/policy.d/operator-name including configuration file /usr/local/etc/raddb/policy.d/accounting including configuration file /usr/local/etc/raddb/policy.d/filter including configuration file /usr/local/etc/raddb/policy.d/eap including files in directory /usr/local/etc/raddb/sites-enabled/ including configuration file /usr/local/etc/raddb/sites-enabled/dhcp including configuration file /usr/local/etc/raddb/sites-enabled/default including configuration file /usr/local/etc/raddb/sites-enabled/inner-tunnel main { security { allow_core_dumps = no } } main { name = "radiusd" prefix = "/usr/local" localstatedir = "/usr/local/var" sbindir = "/usr/local/sbin" logdir = "/usr/local/var/log/radius" run_dir = "/usr/local/var/run/radiusd" libdir = "/usr/local/lib" radacctdir = "/usr/local/var/log/radius/radacct" hostname_lookups = no max_request_time = 30 cleanup_delay = 5 max_requests = 1024 pidfile = "/usr/local/var/run/radiusd/radiusd.pid" checkrad = "/usr/local/sbin/checkrad" debug_level = 0 proxy_requests = yes log { stripped_names = no auth = no auth_badpass = no auth_goodpass = no colourise = yes } security { max_attributes = 200 reject_delay = 1 status_server = yes } } radiusd: #### Loading Realms and Home Servers #### proxy server { retry_delay = 5 retry_count = 3 default_fallback = no dead_time = 120 wake_all_if_all_dead = no } home_server localhost { ipaddr = 127.0.0.1 port = 1812 type = "auth" secret = <<< secret>>> response_window = 20 max_outstanding = 65536 zombie_period = 40 status_check = "status-server" ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 revive_interval = 120 status_check_timeout = 4 coa { irt = 2 mrt = 16 mrc = 5 mrd = 30 } limit { max_connections = 16 max_requests = 0 lifetime = 0 idle_timeout = 0 } } home_server_pool my_auth_failover { type = fail-over home_server = localhost } realm example.com { auth_pool = my_auth_failover } realm LOCAL { } radiusd: #### Loading Clients #### client localhost { ipaddr = 127.0.0.1 require_message_authenticator = no secret = <<< secret>>> nas_type = "other" proto = "*" limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } radiusd: #### Instantiating modules #### instantiate { } modules { # Loaded module rlm_dynamic_clients # Instantiating module "dynamic_clients" from file /usr/local/etc/raddb/mods-enabled/dynamic_clients # Loaded module rlm_logintime # Instantiating module "logintime" from file /usr/local/etc/raddb/mods-enabled/logintime logintime { minimum_timeout = 60 } # Loaded module rlm_exec # Instantiating module "phptestauth" from file /usr/local/etc/raddb/mods-enabled/phptestauth exec phptestauth { wait = yes program = "/usr/bin/php -f /usr/local/etc/raddb/scripts/hugh-test.php %{DHCP-Client-Hardware-Address}" input_pairs = "request" output_pairs = "reply" shell_escape = yes } # Loaded module rlm_preprocess # Instantiating module "preprocess" from file /usr/local/etc/raddb/mods-enabled/preprocess preprocess { huntgroups = "/usr/local/etc/raddb/mods-config/preprocess/huntgroups" hints = "/usr/local/etc/raddb/mods-config/preprocess/hints" with_ascend_hack = no ascend_channels_per_line = 23 with_ntdomain_hack = no with_specialix_jetstream_hack = no with_cisco_vsa_hack = no with_alvarion_vsa_hack = no } reading pairlist file /usr/local/etc/raddb/mods-config/preprocess/huntgroups reading pairlist file /usr/local/etc/raddb/mods-config/preprocess/hints # Loaded module rlm_soh # Instantiating module "soh" from file /usr/local/etc/raddb/mods-enabled/soh soh { dhcp = yes } # Loaded module rlm_dhcp # Instantiating module "dhcp" from file /usr/local/etc/raddb/mods-enabled/dhcp # Loaded module rlm_expr # Instantiating module "expr" from file /usr/local/etc/raddb/mods-enabled/expr expr { safe_characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /" } # Loaded module rlm_files # Instantiating module "files" from file /usr/local/etc/raddb/mods-enabled/files files { filename = "/usr/local/etc/raddb/mods-config/files/authorize" usersfile = "/usr/local/etc/raddb/mods-config/files/authorize" acctusersfile = "/usr/local/etc/raddb/mods-config/files/accounting" preproxy_usersfile = "/usr/local/etc/raddb/mods-config/files/pre-proxy" compat = "no" } reading pairlist file /usr/local/etc/raddb/mods-config/files/authorize reading pairlist file /usr/local/etc/raddb/mods-config/files/authorize reading pairlist file /usr/local/etc/raddb/mods-config/files/accounting reading pairlist file /usr/local/etc/raddb/mods-config/files/pre-proxy # Loaded module rlm_always # Instantiating module "reject" from file /usr/local/etc/raddb/mods-enabled/always always reject { rcode = "reject" simulcount = 0 mpp = no } # Instantiating module "fail" from file /usr/local/etc/raddb/mods-enabled/always always fail { rcode = "fail" simulcount = 0 mpp = no } # Instantiating module "ok" from file /usr/local/etc/raddb/mods-enabled/always always ok { rcode = "ok" simulcount = 0 mpp = no } # Instantiating module "handled" from file /usr/local/etc/raddb/mods-enabled/always always handled { rcode = "handled" simulcount = 0 mpp = no } # Instantiating module "invalid" from file /usr/local/etc/raddb/mods-enabled/always always invalid { rcode = "invalid" simulcount = 0 mpp = no } # Instantiating module "userlock" from file /usr/local/etc/raddb/mods-enabled/always always userlock { rcode = "userlock" simulcount = 0 mpp = no } # Instantiating module "notfound" from file /usr/local/etc/raddb/mods-enabled/always always notfound { rcode = "notfound" simulcount = 0 mpp = no } # Instantiating module "noop" from file /usr/local/etc/raddb/mods-enabled/always always noop { rcode = "noop" simulcount = 0 mpp = no } # Instantiating module "updated" from file /usr/local/etc/raddb/mods-enabled/always always updated { rcode = "updated" simulcount = 0 mpp = no } # Loaded module rlm_replicate # Instantiating module "replicate" from file /usr/local/etc/raddb/mods-enabled/replicate # Loaded module rlm_radutmp # Instantiating module "sradutmp" from file /usr/local/etc/raddb/mods-enabled/sradutmp radutmp sradutmp { filename = "/usr/local/var/log/radius/sradutmp" username = "%{User-Name}" case_sensitive = yes check_with_nas = yes permissions = 420 caller_id = no } # Instantiating module "ntlm_auth" from file /usr/local/etc/raddb/mods-enabled/ntlm_auth exec ntlm_auth { wait = yes program = "/path/to/ntlm_auth --request-nt-key --domain=MYDOMAIN --username=%{mschap:User-Name} --password=%{User-Password}" shell_escape = yes } # Loaded module rlm_detail # Instantiating module "detail" from file /usr/local/etc/raddb/mods-enabled/detail detail { filename = "/usr/local/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d" header = "%t" permissions = 384 dir_permissions = 493 locking = no log_packet_header = no } # Loaded module rlm_mschap # Instantiating module "mschap" from file /usr/local/etc/raddb/mods-enabled/mschap mschap { use_mppe = yes require_encryption = no require_strong = no with_ntdomain_hack = yes passchange { } allow_retry = yes } # Instantiating module "radutmp" from file /usr/local/etc/raddb/mods-enabled/radutmp radutmp { filename = "/usr/local/var/log/radius/radutmp" username = "%{User-Name}" case_sensitive = yes check_with_nas = yes permissions = 384 caller_id = yes } # Instantiating module "exec" from file /usr/local/etc/raddb/mods-enabled/exec exec { wait = no input_pairs = "request" shell_escape = yes timeout = 10 } # Loaded module rlm_cache # Instantiating module "cache_eap" from file /usr/local/etc/raddb/mods-enabled/cache_eap cache cache_eap { key = "%{%{control:State}:-%{%{reply:State}:-%{State}}}" ttl = 15 max_entries = 16384 epoch = 0 add_stats = no } # Loaded module rlm_pap # Instantiating module "pap" from file /usr/local/etc/raddb/mods-enabled/pap pap { auto_header = no normalise = yes } # Loaded module rlm_utf8 # Instantiating module "utf8" from file /usr/local/etc/raddb/mods-enabled/utf8 # Loaded module rlm_chap # Instantiating module "chap" from file /usr/local/etc/raddb/mods-enabled/chap # Loaded module rlm_realm # Instantiating module "IPASS" from file /usr/local/etc/raddb/mods-enabled/realm realm IPASS { format = "prefix" delimiter = "/" ignore_default = no ignore_null = no } # Instantiating module "suffix" from file /usr/local/etc/raddb/mods-enabled/realm realm suffix { format = "suffix" delimiter = "@" ignore_default = no ignore_null = no } # Instantiating module "realmpercent" from file /usr/local/etc/raddb/mods-enabled/realm realm realmpercent { format = "suffix" delimiter = "%" ignore_default = no ignore_null = no } # Instantiating module "ntdomain" from file /usr/local/etc/raddb/mods-enabled/realm realm ntdomain { format = "prefix" delimiter = "\" ignore_default = no ignore_null = no } # Loaded module rlm_digest # Instantiating module "digest" from file /usr/local/etc/raddb/mods-enabled/digest # Loaded module rlm_attr_filter # Instantiating module "attr_filter.post-proxy" from file /usr/local/etc/raddb/mods-enabled/attr_filter attr_filter attr_filter.post-proxy { filename = "/usr/local/etc/raddb/mods-config/attr_filter/post-proxy" key = "%{Realm}" relaxed = no } reading pairlist file /usr/local/etc/raddb/mods-config/attr_filter/post-proxy # Instantiating module "attr_filter.pre-proxy" from file /usr/local/etc/raddb/mods-enabled/attr_filter attr_filter attr_filter.pre-proxy { filename = "/usr/local/etc/raddb/mods-config/attr_filter/pre-proxy" key = "%{Realm}" relaxed = no } reading pairlist file /usr/local/etc/raddb/mods-config/attr_filter/pre-proxy # Instantiating module "attr_filter.access_reject" from file /usr/local/etc/raddb/mods-enabled/attr_filter attr_filter attr_filter.access_reject { filename = "/usr/local/etc/raddb/mods-config/attr_filter/access_reject" key = "%{User-Name}" relaxed = no } reading pairlist file /usr/local/etc/raddb/mods-config/attr_filter/access_reject # Instantiating module "attr_filter.access_challenge" from file /usr/local/etc/raddb/mods-enabled/attr_filter attr_filter attr_filter.access_challenge { filename = "/usr/local/etc/raddb/mods-config/attr_filter/access_challenge" key = "%{User-Name}" relaxed = no } reading pairlist file /usr/local/etc/raddb/mods-config/attr_filter/access_challenge # Instantiating module "attr_filter.accounting_response" from file /usr/local/etc/raddb/mods-enabled/attr_filter attr_filter attr_filter.accounting_response { filename = "/usr/local/etc/raddb/mods-config/attr_filter/accounting_response" key = "%{User-Name}" relaxed = no } reading pairlist file /usr/local/etc/raddb/mods-config/attr_filter/accounting_response # Loaded module rlm_expiration # Instantiating module "expiration" from file /usr/local/etc/raddb/mods-enabled/expiration # Loaded module rlm_passwd # Instantiating module "etc_passwd" from file /usr/local/etc/raddb/mods-enabled/passwd passwd etc_passwd { filename = "/etc/passwd" format = "*User-Name:Crypt-Password:" delimiter = ":" ignore_nislike = no ignore_empty = yes allow_multiple_keys = no hash_size = 100 } rlm_passwd: nfields: 3 keyfield 0(User-Name) listable: no # Instantiating module "echo" from file /usr/local/etc/raddb/mods-enabled/echo exec echo { wait = yes program = "/bin/echo %{User-Name}" input_pairs = "request" output_pairs = "reply" shell_escape = yes } # Instantiating module "auth_log" from file /usr/local/etc/raddb/mods-enabled/detail.log detail auth_log { filename = "/usr/local/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d" header = "%t" permissions = 384 dir_permissions = 493 locking = no log_packet_header = no } rlm_detail (auth_log): 'User-Password' suppressed, will not appear in detail output # Instantiating module "reply_log" from file /usr/local/etc/raddb/mods-enabled/detail.log detail reply_log { filename = "/usr/local/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/reply-detail-%Y%m%d" header = "%t" permissions = 384 dir_permissions = 493 locking = no log_packet_header = no } # Instantiating module "pre_proxy_log" from file /usr/local/etc/raddb/mods-enabled/detail.log detail pre_proxy_log { filename = "/usr/local/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/pre-proxy-detail-%Y%m%d" header = "%t" permissions = 384 dir_permissions = 493 locking = no log_packet_header = no } # Instantiating module "post_proxy_log" from file /usr/local/etc/raddb/mods-enabled/detail.log detail post_proxy_log { filename = "/usr/local/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/post-proxy-detail-%Y%m%d" header = "%t" permissions = 384 dir_permissions = 493 locking = no log_packet_header = no } # Loaded module rlm_unix # Instantiating module "unix" from file /usr/local/etc/raddb/mods-enabled/unix unix { radwtmp = "/usr/local/var/log/radius/radwtmp" } # Loaded module rlm_eap # Instantiating module "eap" from file /usr/local/etc/raddb/mods-enabled/eap eap { default_eap_type = "md5" timer_expire = 60 ignore_unknown_eap_types = no mod_accounting_username_bug = no max_sessions = 4096 } # Linked to sub-module rlm_eap_md5 # Linked to sub-module rlm_eap_leap # Linked to sub-module rlm_eap_gtc gtc { challenge = "Password: " auth_type = "PAP" } # Linked to sub-module rlm_eap_tls tls { tls = "tls-common" } tls-config tls-common { rsa_key_exchange = no dh_key_exchange = yes rsa_key_length = 512 dh_key_length = 512 verify_depth = 0 ca_path = "/usr/local/etc/raddb/certs" pem_file_type = yes private_key_file = "/usr/local/etc/raddb/certs/server.pem" certificate_file = "/usr/local/etc/raddb/certs/server.pem" ca_file = "/usr/local/etc/raddb/certs/ca.pem" private_key_password = <<< secret>>> dh_file = "/usr/local/etc/raddb/certs/dh" fragment_size = 1024 include_length = yes check_crl = no cipher_list = "DEFAULT" ecdh_curve = "prime256v1" cache { enable = yes lifetime = 24 max_entries = 255 } verify { } ocsp { enable = no override_cert_url = yes url = "http://127.0.0.1/ocsp/" use_nonce = yes timeout = 0 softfail = yes } } # Linked to sub-module rlm_eap_ttls ttls { tls = "tls-common" default_eap_type = "md5" copy_request_to_tunnel = no use_tunneled_reply = no virtual_server = "inner-tunnel" include_length = yes require_client_cert = no } Using cached TLS configuration from previous invocation # Linked to sub-module rlm_eap_peap peap { tls = "tls-common" default_method = "mschapv2" copy_request_to_tunnel = no use_tunneled_reply = no proxy_tunneled_request_as_eap = yes virtual_server = "inner-tunnel" soh = no require_client_cert = no } Using cached TLS configuration from previous invocation # Linked to sub-module rlm_eap_mschapv2 mschapv2 { with_ntdomain_hack = no send_error = no } # Loaded module rlm_linelog # Instantiating module "linelog" from file /usr/local/etc/raddb/mods-enabled/linelog linelog { filename = "/usr/local/var/log/radius/linelog" permissions = 384 format = "This is a log message for %{User-Name}" reference = "%{%{Packet-Type}:-format}" } } # modules radiusd: #### Loading Virtual Servers #### server { # from file /usr/local/etc/raddb/radiusd.conf } # server server dhcp { # from file /usr/local/etc/raddb/sites-enabled/dhcp # Loading dhcp DHCP-Discover {...} # Loading dhcp DHCP-Request {...} # Loading dhcp {...} } # server dhcp server default { # from file /usr/local/etc/raddb/sites-enabled/default # Creating Auth-Type = digest # Loading authenticate {...} # Loading authorize {...} WARNING: Ignoring "sql" (see raddb/mods-available/README.rst) WARNING: Ignoring "ldap" (see raddb/mods-available/README.rst) # Loading preacct {...} # Loading accounting {...} # Loading post-proxy {...} # Loading post-auth {...} } # server default server inner-tunnel { # from file /usr/local/etc/raddb/sites-enabled/inner-tunnel # Loading authenticate {...} # Loading authorize {...} # Loading session {...} # Loading post-proxy {...} # Loading post-auth {...} } # server inner-tunnel radiusd: #### Opening IP addresses and Ports #### listen { type = "dhcp" ipaddr = * port = 67 src_ipaddr = 10.199.100.1 } listen { type = "auth" ipaddr = * port = 0 limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } listen { type = "acct" ipaddr = * port = 0 limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } listen { type = "auth" ipaddr = 127.0.0.1 port = 18120 } Listening on dhcp interface wlan0 address * port 67 as server dhcp Listening on auth address * port 1812 as server default Listening on acct address * port 1813 as server default Listening on auth address 127.0.0.1 port 18120 as server inner-tunnel Opening new proxy socket 'proxy address * port 0' Listening on proxy address * port 56577 Ready to process requests. Received DHCP-Request of id 1f551051 from 0.0.0.0:68 to 255.255.255.255:67 DHCP-Opcode = Client-Message DHCP-Hardware-Type = Ethernet DHCP-Hardware-Address-Length = 6 DHCP-Hop-Count = 0 DHCP-Transaction-Id = 525668433 DHCP-Number-of-Seconds = 0 DHCP-Flags = 0 DHCP-Client-IP-Address = 0.0.0.0 DHCP-Your-IP-Address = 0.0.0.0 DHCP-Server-IP-Address = 0.0.0.0 DHCP-Gateway-IP-Address = 0.0.0.0 DHCP-Client-Hardware-Address = 5c:0a:5b:11:0b:89 DHCP-Message-Type += DHCP-Request DHCP-Client-Identifier += 98:8a:68:00:00:00 DHCP-Requested-IP-Address += 10.1.10.105 DHCP-DHCP-Maximum-Msg-Size += 1500 DHCP-Vendor-Class-Identifier += 'dhcpcd-5.5.6' DHCP-Hostname += 'android-ad465a94ec6fe012' DHCP-Parameter-Request-List += DHCP-Subnet-Mask DHCP-Parameter-Request-List += DHCP-Static-Routes DHCP-Parameter-Request-List += DHCP-Router-Address DHCP-Parameter-Request-List += DHCP-Domain-Name-Server DHCP-Parameter-Request-List += DHCP-Domain-Name DHCP-Parameter-Request-List += DHCP-Interface-MTU-Size DHCP-Parameter-Request-List += DHCP-Broadcast-Address DHCP-Parameter-Request-List += DHCP-IP-Address-Lease-Time DHCP-Parameter-Request-List += DHCP-Renewal-Time DHCP-Parameter-Request-List += DHCP-Rebinding-Time Trying sub-section dhcp DHCP-Request {...} (0) dhcp DHCP-Request { (0) update reply { (0) DHCP-Message-Type = DHCP-Ack (0) } # update reply = noop (0) phptestauth : Executing: /usr/bin/php -f /usr/local/etc/raddb/scripts/hugh-test.php %{DHCP-Client-Hardware-Address} (0) phptestauth : expand: "%{DHCP-Client-Hardware-Address}" -> '5c:0a:5b:11:0b:89' (0) phptestauth : Program returned code (0) and output 'DHCP-Domain-Name-Server := 10.1.30.170, DHCP-Domain-Name-Server := 10.1.30.171, DHCP-IP-Address-Lease-Time := 7200, DHCP-Broadcast-Address := 10.199.100.15, DHCP-DHCP-Server-Identifier := 10.199.100.1, DHCP-Router-Address := 10.199.100.1, DHCP-Subnet-Mask := 255.255.255.240, DHCP-Server-Host-Name := 'wipi_1', DHCP-Your-IP-Address := 10.199.100.11, ' (0) phptestauth : Program executed successfully (0) [phptestauth] = ok (0) [ok] = ok (0) } # dhcp DHCP-Request = ok (0) DHCP: Reply will be unicast to your-ip-address DHCP-Opcode = Server-Message DHCP-Hardware-Type = Ethernet DHCP-Hardware-Address-Length = 6 DHCP-Hop-Count = 0 DHCP-Transaction-Id = 525668433 DHCP-Number-of-Seconds = 0 DHCP-Flags = 0 DHCP-Client-IP-Address = 0.0.0.0 DHCP-Your-IP-Address = 10.199.100.11 DHCP-Server-IP-Address = 10.199.100.1 DHCP-Gateway-IP-Address = 0.0.0.0 DHCP-Client-Hardware-Address = 5c:0a:5b:11:0b:89 DHCP-Server-Host-Name = 'wipi_1' DHCP-Boot-Filename = '' DHCP-Subnet-Mask := 255.255.255.240 DHCP-Router-Address := 10.199.100.1 DHCP-Domain-Name-Server := 10.1.30.170 DHCP-Domain-Name-Server := 10.1.30.171 DHCP-Broadcast-Address := 10.199.100.15 DHCP-IP-Address-Lease-Time := 7200 DHCP-DHCP-Server-Identifier := 10.199.100.1 DHCP-DHCP-Maximum-Msg-Size += 1500 Sending DHCP-Ack of id 1f551051 from 10.199.100.1:67 to 10.199.100.11:68 (0) Finished request 0. Waking up in 4.9 seconds. Received DHCP-Request of id 1f551051 from 0.0.0.0:68 to 255.255.255.255:67 Sending DHCP-Ack of id 1f551051 from 10.199.100.1:67 to 10.199.100.11:68 Waking up in 999995.9 seconds. Received DHCP-Discover of id 3b208ab0 from 0.0.0.0:68 to 255.255.255.255:67 DHCP-Opcode = Client-Message DHCP-Hardware-Type = Ethernet DHCP-Hardware-Address-Length = 6 DHCP-Hop-Count = 0 DHCP-Transaction-Id = 991988400 DHCP-Number-of-Seconds = 5 DHCP-Flags = 0 DHCP-Client-IP-Address = 0.0.0.0 DHCP-Your-IP-Address = 0.0.0.0 DHCP-Server-IP-Address = 0.0.0.0 DHCP-Gateway-IP-Address = 0.0.0.0 DHCP-Client-Hardware-Address = 5c:0a:5b:11:0b:89 DHCP-Message-Type += DHCP-Discover DHCP-Client-Identifier += a8:99:68:00:00:00 DHCP-DHCP-Maximum-Msg-Size += 1500 DHCP-Vendor-Class-Identifier += 'dhcpcd-5.5.6' DHCP-Hostname += 'android-ad465a94ec6fe012' DHCP-Parameter-Request-List += DHCP-Subnet-Mask DHCP-Parameter-Request-List += DHCP-Static-Routes DHCP-Parameter-Request-List += DHCP-Router-Address DHCP-Parameter-Request-List += DHCP-Domain-Name-Server DHCP-Parameter-Request-List += DHCP-Domain-Name DHCP-Parameter-Request-List += DHCP-Interface-MTU-Size DHCP-Parameter-Request-List += DHCP-Broadcast-Address DHCP-Parameter-Request-List += DHCP-IP-Address-Lease-Time DHCP-Parameter-Request-List += DHCP-Renewal-Time DHCP-Parameter-Request-List += DHCP-Rebinding-Time Trying sub-section dhcp DHCP-Discover {...} (1) dhcp DHCP-Discover { (1) update reply { (1) DHCP-Message-Type = DHCP-Offer (1) } # update reply = noop (1) phptestauth : Executing: /usr/bin/php -f /usr/local/etc/raddb/scripts/hugh-test.php %{DHCP-Client-Hardware-Address} (1) phptestauth : expand: "%{DHCP-Client-Hardware-Address}" -> '5c:0a:5b:11:0b:89' (1) phptestauth : Program returned code (0) and output 'DHCP-Domain-Name-Server := 10.1.30.170, DHCP-Domain-Name-Server := 10.1.30.171, DHCP-IP-Address-Lease-Time := 7200, DHCP-Broadcast-Address := 10.199.100.15, DHCP-DHCP-Server-Identifier := 10.199.100.1, DHCP-Router-Address := 10.199.100.1, DHCP-Subnet-Mask := 255.255.255.240, DHCP-Server-Host-Name := 'wipi_1', DHCP-Your-IP-Address := 10.199.100.11, ' (1) phptestauth : Program executed successfully (1) [phptestauth] = ok (1) [ok] = ok (1) } # dhcp DHCP-Discover = ok (1) DHCP: Reply will be unicast to your-ip-address DHCP-Opcode = Server-Message DHCP-Hardware-Type = Ethernet DHCP-Hardware-Address-Length = 6 DHCP-Hop-Count = 0 DHCP-Transaction-Id = 991988400 DHCP-Number-of-Seconds = 0 DHCP-Flags = 0 DHCP-Client-IP-Address = 0.0.0.0 DHCP-Your-IP-Address = 10.199.100.11 DHCP-Server-IP-Address = 10.199.100.1 DHCP-Gateway-IP-Address = 0.0.0.0 DHCP-Client-Hardware-Address = 5c:0a:5b:11:0b:89 DHCP-Server-Host-Name = 'wipi_1' DHCP-Boot-Filename = '' DHCP-Subnet-Mask := 255.255.255.240 DHCP-Router-Address := 10.199.100.1 DHCP-Domain-Name-Server := 10.1.30.170 DHCP-Domain-Name-Server := 10.1.30.171 DHCP-Broadcast-Address := 10.199.100.15 DHCP-IP-Address-Lease-Time := 7200 DHCP-DHCP-Server-Identifier := 10.199.100.1 DHCP-DHCP-Maximum-Msg-Size += 1500 Sending DHCP-Offer of id 3b208ab0 from 10.199.100.1:67 to 10.199.100.11:68 (1) Finished request 1. Waking up in 4.9 seconds. Received DHCP-Discover of id 3b208ab0 from 0.0.0.0:68 to 255.255.255.255:67 Sending DHCP-Offer of id 3b208ab0 from 10.199.100.1:67 to 10.199.100.11:68 Waking up in 999989.6 seconds. Received DHCP-Discover of id 3b208ab0 from 0.0.0.0:68 to 255.255.255.255:67 Sending DHCP-Offer of id 3b208ab0 from 10.199.100.1:67 to 10.199.100.11:68 Waking up in 999981.9 seconds. ----------------------------------------
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Digging further into the packet captures, i did notice another difference! DHCPD sets the DSCP to 0x10 (Differentiated Services Field) Field is 0x10 (DSCP 0x04) I'm wondering if that's enough of a change. I don't think it is, but is it worth trying? Hugh ----------------------------------------
From: hughmcl@hotmail.com To: freeradius-users@lists.freeradius.org Subject: RE: Issue with DHCP with Wireless card Date: Thu, 13 Mar 2014 13:37:41 -0500
Capture with IPSEC ENABLED:_
Starting FreeRADIUS:radiusd: FreeRADIUS Version 3.0.2 (git #4c1edd5), for host armv6l-unknown-linux-gnu, built on Mar 13 2014 at 12:46:43 Copyright (C) 1999-2014 The FreeRADIUS server project and contributors There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License For more information about these matters, see the file named COPYRIGHT Starting - reading configuration files ... including dictionary file /usr/local/share/freeradius/dictionary including dictionary file /usr/local/etc/raddb/dictionary including configuration file /usr/local/etc/raddb/radiusd.conf including configuration file /usr/local/etc/raddb/proxy.conf including configuration file /usr/local/etc/raddb/clients.conf including files in directory /usr/local/etc/raddb/mods-enabled/ including configuration file /usr/local/etc/raddb/mods-enabled/dynamic_clients including configuration file /usr/local/etc/raddb/mods-enabled/logintime including configuration file /usr/local/etc/raddb/mods-enabled/phptestauth including configuration file /usr/local/etc/raddb/mods-enabled/preprocess including configuration file /usr/local/etc/raddb/mods-enabled/soh including configuration file /usr/local/etc/raddb/mods-enabled/dhcp including configuration file /usr/local/etc/raddb/mods-enabled/expr including configuration file /usr/local/etc/raddb/mods-enabled/files including configuration file /usr/local/etc/raddb/mods-enabled/always including configuration file /usr/local/etc/raddb/mods-enabled/replicate including configuration file /usr/local/etc/raddb/mods-enabled/sradutmp including configuration file /usr/local/etc/raddb/mods-enabled/ntlm_auth including configuration file /usr/local/etc/raddb/mods-enabled/detail including configuration file /usr/local/etc/raddb/mods-enabled/mschap including configuration file /usr/local/etc/raddb/mods-enabled/radutmp including configuration file /usr/local/etc/raddb/mods-enabled/exec including configuration file /usr/local/etc/raddb/mods-enabled/cache_eap including configuration file /usr/local/etc/raddb/mods-enabled/pap including configuration file /usr/local/etc/raddb/mods-enabled/utf8 including configuration file /usr/local/etc/raddb/mods-enabled/chap including configuration file /usr/local/etc/raddb/mods-enabled/realm including configuration file /usr/local/etc/raddb/mods-enabled/digest including configuration file /usr/local/etc/raddb/mods-enabled/attr_filter including configuration file /usr/local/etc/raddb/mods-enabled/expiration including configuration file /usr/local/etc/raddb/mods-enabled/passwd including configuration file /usr/local/etc/raddb/mods-enabled/echo including configuration file /usr/local/etc/raddb/mods-enabled/detail.log including configuration file /usr/local/etc/raddb/mods-enabled/unix including configuration file /usr/local/etc/raddb/mods-enabled/eap including configuration file /usr/local/etc/raddb/mods-enabled/linelog including files in directory /usr/local/etc/raddb/policy.d/ including configuration file /usr/local/etc/raddb/policy.d/control including configuration file /usr/local/etc/raddb/policy.d/dhcp including configuration file /usr/local/etc/raddb/policy.d/canonicalization including configuration file /usr/local/etc/raddb/policy.d/cui including configuration file /usr/local/etc/raddb/policy.d/operator-name including configuration file /usr/local/etc/raddb/policy.d/accounting including configuration file /usr/local/etc/raddb/policy.d/filter including configuration file /usr/local/etc/raddb/policy.d/eap including files in directory /usr/local/etc/raddb/sites-enabled/ including configuration file /usr/local/etc/raddb/sites-enabled/dhcp including configuration file /usr/local/etc/raddb/sites-enabled/default including configuration file /usr/local/etc/raddb/sites-enabled/inner-tunnel main { security { allow_core_dumps = no } } main { name = "radiusd" prefix = "/usr/local" localstatedir = "/usr/local/var" sbindir = "/usr/local/sbin" logdir = "/usr/local/var/log/radius" run_dir = "/usr/local/var/run/radiusd" libdir = "/usr/local/lib" radacctdir = "/usr/local/var/log/radius/radacct" hostname_lookups = no max_request_time = 30 cleanup_delay = 5 max_requests = 1024 pidfile = "/usr/local/var/run/radiusd/radiusd.pid" checkrad = "/usr/local/sbin/checkrad" debug_level = 0 proxy_requests = yes log { stripped_names = no auth = no auth_badpass = no auth_goodpass = no colourise = yes } security { max_attributes = 200 reject_delay = 1 status_server = yes } } radiusd: #### Loading Realms and Home Servers #### proxy server { retry_delay = 5 retry_count = 3 default_fallback = no dead_time = 120 wake_all_if_all_dead = no } home_server localhost { ipaddr = 127.0.0.1 port = 1812 type = "auth" secret = <<< secret>>> response_window = 20 max_outstanding = 65536 zombie_period = 40 status_check = "status-server" ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 revive_interval = 120 status_check_timeout = 4 coa { irt = 2 mrt = 16 mrc = 5 mrd = 30 } limit { max_connections = 16 max_requests = 0 lifetime = 0 idle_timeout = 0 } } home_server_pool my_auth_failover { type = fail-over home_server = localhost } realm example.com { auth_pool = my_auth_failover } realm LOCAL { } radiusd: #### Loading Clients #### client localhost { ipaddr = 127.0.0.1 require_message_authenticator = no secret = <<< secret>>> nas_type = "other" proto = "*" limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } radiusd: #### Instantiating modules #### instantiate { } modules { # Loaded module rlm_dynamic_clients # Instantiating module "dynamic_clients" from file /usr/local/etc/raddb/mods-enabled/dynamic_clients # Loaded module rlm_logintime # Instantiating module "logintime" from file /usr/local/etc/raddb/mods-enabled/logintime logintime { minimum_timeout = 60 } # Loaded module rlm_exec # Instantiating module "phptestauth" from file /usr/local/etc/raddb/mods-enabled/phptestauth exec phptestauth { wait = yes program = "/usr/bin/php -f /usr/local/etc/raddb/scripts/hugh-test.php %{DHCP-Client-Hardware-Address}" input_pairs = "request" output_pairs = "reply" shell_escape = yes } # Loaded module rlm_preprocess # Instantiating module "preprocess" from file /usr/local/etc/raddb/mods-enabled/preprocess preprocess { huntgroups = "/usr/local/etc/raddb/mods-config/preprocess/huntgroups" hints = "/usr/local/etc/raddb/mods-config/preprocess/hints" with_ascend_hack = no ascend_channels_per_line = 23 with_ntdomain_hack = no with_specialix_jetstream_hack = no with_cisco_vsa_hack = no with_alvarion_vsa_hack = no } reading pairlist file /usr/local/etc/raddb/mods-config/preprocess/huntgroups reading pairlist file /usr/local/etc/raddb/mods-config/preprocess/hints # Loaded module rlm_soh # Instantiating module "soh" from file /usr/local/etc/raddb/mods-enabled/soh soh { dhcp = yes } # Loaded module rlm_dhcp # Instantiating module "dhcp" from file /usr/local/etc/raddb/mods-enabled/dhcp # Loaded module rlm_expr # Instantiating module "expr" from file /usr/local/etc/raddb/mods-enabled/expr expr { safe_characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /" } # Loaded module rlm_files # Instantiating module "files" from file /usr/local/etc/raddb/mods-enabled/files files { filename = "/usr/local/etc/raddb/mods-config/files/authorize" usersfile = "/usr/local/etc/raddb/mods-config/files/authorize" acctusersfile = "/usr/local/etc/raddb/mods-config/files/accounting" preproxy_usersfile = "/usr/local/etc/raddb/mods-config/files/pre-proxy" compat = "no" } reading pairlist file /usr/local/etc/raddb/mods-config/files/authorize reading pairlist file /usr/local/etc/raddb/mods-config/files/authorize reading pairlist file /usr/local/etc/raddb/mods-config/files/accounting reading pairlist file /usr/local/etc/raddb/mods-config/files/pre-proxy # Loaded module rlm_always # Instantiating module "reject" from file /usr/local/etc/raddb/mods-enabled/always always reject { rcode = "reject" simulcount = 0 mpp = no } # Instantiating module "fail" from file /usr/local/etc/raddb/mods-enabled/always always fail { rcode = "fail" simulcount = 0 mpp = no } # Instantiating module "ok" from file /usr/local/etc/raddb/mods-enabled/always always ok { rcode = "ok" simulcount = 0 mpp = no } # Instantiating module "handled" from file /usr/local/etc/raddb/mods-enabled/always always handled { rcode = "handled" simulcount = 0 mpp = no } # Instantiating module "invalid" from file /usr/local/etc/raddb/mods-enabled/always always invalid { rcode = "invalid" simulcount = 0 mpp = no } # Instantiating module "userlock" from file /usr/local/etc/raddb/mods-enabled/always always userlock { rcode = "userlock" simulcount = 0 mpp = no } # Instantiating module "notfound" from file /usr/local/etc/raddb/mods-enabled/always always notfound { rcode = "notfound" simulcount = 0 mpp = no } # Instantiating module "noop" from file /usr/local/etc/raddb/mods-enabled/always always noop { rcode = "noop" simulcount = 0 mpp = no } # Instantiating module "updated" from file /usr/local/etc/raddb/mods-enabled/always always updated { rcode = "updated" simulcount = 0 mpp = no } # Loaded module rlm_replicate # Instantiating module "replicate" from file /usr/local/etc/raddb/mods-enabled/replicate # Loaded module rlm_radutmp # Instantiating module "sradutmp" from file /usr/local/etc/raddb/mods-enabled/sradutmp radutmp sradutmp { filename = "/usr/local/var/log/radius/sradutmp" username = "%{User-Name}" case_sensitive = yes check_with_nas = yes permissions = 420 caller_id = no } # Instantiating module "ntlm_auth" from file /usr/local/etc/raddb/mods-enabled/ntlm_auth exec ntlm_auth { wait = yes program = "/path/to/ntlm_auth --request-nt-key --domain=MYDOMAIN --username=%{mschap:User-Name} --password=%{User-Password}" shell_escape = yes } # Loaded module rlm_detail # Instantiating module "detail" from file /usr/local/etc/raddb/mods-enabled/detail detail { filename = "/usr/local/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d" header = "%t" permissions = 384 dir_permissions = 493 locking = no log_packet_header = no } # Loaded module rlm_mschap # Instantiating module "mschap" from file /usr/local/etc/raddb/mods-enabled/mschap mschap { use_mppe = yes require_encryption = no require_strong = no with_ntdomain_hack = yes passchange { } allow_retry = yes } # Instantiating module "radutmp" from file /usr/local/etc/raddb/mods-enabled/radutmp radutmp { filename = "/usr/local/var/log/radius/radutmp" username = "%{User-Name}" case_sensitive = yes check_with_nas = yes permissions = 384 caller_id = yes } # Instantiating module "exec" from file /usr/local/etc/raddb/mods-enabled/exec exec { wait = no input_pairs = "request" shell_escape = yes timeout = 10 } # Loaded module rlm_cache # Instantiating module "cache_eap" from file /usr/local/etc/raddb/mods-enabled/cache_eap cache cache_eap { key = "%{%{control:State}:-%{%{reply:State}:-%{State}}}" ttl = 15 max_entries = 16384 epoch = 0 add_stats = no } # Loaded module rlm_pap # Instantiating module "pap" from file /usr/local/etc/raddb/mods-enabled/pap pap { auto_header = no normalise = yes } # Loaded module rlm_utf8 # Instantiating module "utf8" from file /usr/local/etc/raddb/mods-enabled/utf8 # Loaded module rlm_chap # Instantiating module "chap" from file /usr/local/etc/raddb/mods-enabled/chap # Loaded module rlm_realm # Instantiating module "IPASS" from file /usr/local/etc/raddb/mods-enabled/realm realm IPASS { format = "prefix" delimiter = "/" ignore_default = no ignore_null = no } # Instantiating module "suffix" from file /usr/local/etc/raddb/mods-enabled/realm realm suffix { format = "suffix" delimiter = "@" ignore_default = no ignore_null = no } # Instantiating module "realmpercent" from file /usr/local/etc/raddb/mods-enabled/realm realm realmpercent { format = "suffix" delimiter = "%" ignore_default = no ignore_null = no } # Instantiating module "ntdomain" from file /usr/local/etc/raddb/mods-enabled/realm realm ntdomain { format = "prefix" delimiter = "\" ignore_default = no ignore_null = no } # Loaded module rlm_digest # Instantiating module "digest" from file /usr/local/etc/raddb/mods-enabled/digest # Loaded module rlm_attr_filter # Instantiating module "attr_filter.post-proxy" from file /usr/local/etc/raddb/mods-enabled/attr_filter attr_filter attr_filter.post-proxy { filename = "/usr/local/etc/raddb/mods-config/attr_filter/post-proxy" key = "%{Realm}" relaxed = no } reading pairlist file /usr/local/etc/raddb/mods-config/attr_filter/post-proxy # Instantiating module "attr_filter.pre-proxy" from file /usr/local/etc/raddb/mods-enabled/attr_filter attr_filter attr_filter.pre-proxy { filename = "/usr/local/etc/raddb/mods-config/attr_filter/pre-proxy" key = "%{Realm}" relaxed = no } reading pairlist file /usr/local/etc/raddb/mods-config/attr_filter/pre-proxy # Instantiating module "attr_filter.access_reject" from file /usr/local/etc/raddb/mods-enabled/attr_filter attr_filter attr_filter.access_reject { filename = "/usr/local/etc/raddb/mods-config/attr_filter/access_reject" key = "%{User-Name}" relaxed = no } reading pairlist file /usr/local/etc/raddb/mods-config/attr_filter/access_reject # Instantiating module "attr_filter.access_challenge" from file /usr/local/etc/raddb/mods-enabled/attr_filter attr_filter attr_filter.access_challenge { filename = "/usr/local/etc/raddb/mods-config/attr_filter/access_challenge" key = "%{User-Name}" relaxed = no } reading pairlist file /usr/local/etc/raddb/mods-config/attr_filter/access_challenge # Instantiating module "attr_filter.accounting_response" from file /usr/local/etc/raddb/mods-enabled/attr_filter attr_filter attr_filter.accounting_response { filename = "/usr/local/etc/raddb/mods-config/attr_filter/accounting_response" key = "%{User-Name}" relaxed = no } reading pairlist file /usr/local/etc/raddb/mods-config/attr_filter/accounting_response # Loaded module rlm_expiration # Instantiating module "expiration" from file /usr/local/etc/raddb/mods-enabled/expiration # Loaded module rlm_passwd # Instantiating module "etc_passwd" from file /usr/local/etc/raddb/mods-enabled/passwd passwd etc_passwd { filename = "/etc/passwd" format = "*User-Name:Crypt-Password:" delimiter = ":" ignore_nislike = no ignore_empty = yes allow_multiple_keys = no hash_size = 100 } rlm_passwd: nfields: 3 keyfield 0(User-Name) listable: no # Instantiating module "echo" from file /usr/local/etc/raddb/mods-enabled/echo exec echo { wait = yes program = "/bin/echo %{User-Name}" input_pairs = "request" output_pairs = "reply" shell_escape = yes } # Instantiating module "auth_log" from file /usr/local/etc/raddb/mods-enabled/detail.log detail auth_log { filename = "/usr/local/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d" header = "%t" permissions = 384 dir_permissions = 493 locking = no log_packet_header = no } rlm_detail (auth_log): 'User-Password' suppressed, will not appear in detail output # Instantiating module "reply_log" from file /usr/local/etc/raddb/mods-enabled/detail.log detail reply_log { filename = "/usr/local/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/reply-detail-%Y%m%d" header = "%t" permissions = 384 dir_permissions = 493 locking = no log_packet_header = no } # Instantiating module "pre_proxy_log" from file /usr/local/etc/raddb/mods-enabled/detail.log detail pre_proxy_log { filename = "/usr/local/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/pre-proxy-detail-%Y%m%d" header = "%t" permissions = 384 dir_permissions = 493 locking = no log_packet_header = no } # Instantiating module "post_proxy_log" from file /usr/local/etc/raddb/mods-enabled/detail.log detail post_proxy_log { filename = "/usr/local/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/post-proxy-detail-%Y%m%d" header = "%t" permissions = 384 dir_permissions = 493 locking = no log_packet_header = no } # Loaded module rlm_unix # Instantiating module "unix" from file /usr/local/etc/raddb/mods-enabled/unix unix { radwtmp = "/usr/local/var/log/radius/radwtmp" } # Loaded module rlm_eap # Instantiating module "eap" from file /usr/local/etc/raddb/mods-enabled/eap eap { default_eap_type = "md5" timer_expire = 60 ignore_unknown_eap_types = no mod_accounting_username_bug = no max_sessions = 4096 } # Linked to sub-module rlm_eap_md5 # Linked to sub-module rlm_eap_leap # Linked to sub-module rlm_eap_gtc gtc { challenge = "Password: " auth_type = "PAP" } # Linked to sub-module rlm_eap_tls tls { tls = "tls-common" } tls-config tls-common { rsa_key_exchange = no dh_key_exchange = yes rsa_key_length = 512 dh_key_length = 512 verify_depth = 0 ca_path = "/usr/local/etc/raddb/certs" pem_file_type = yes private_key_file = "/usr/local/etc/raddb/certs/server.pem" certificate_file = "/usr/local/etc/raddb/certs/server.pem" ca_file = "/usr/local/etc/raddb/certs/ca.pem" private_key_password = <<< secret>>> dh_file = "/usr/local/etc/raddb/certs/dh" fragment_size = 1024 include_length = yes check_crl = no cipher_list = "DEFAULT" ecdh_curve = "prime256v1" cache { enable = yes lifetime = 24 max_entries = 255 } verify { } ocsp { enable = no override_cert_url = yes url = "http://127.0.0.1/ocsp/" use_nonce = yes timeout = 0 softfail = yes } } # Linked to sub-module rlm_eap_ttls ttls { tls = "tls-common" default_eap_type = "md5" copy_request_to_tunnel = no use_tunneled_reply = no virtual_server = "inner-tunnel" include_length = yes require_client_cert = no } Using cached TLS configuration from previous invocation # Linked to sub-module rlm_eap_peap peap { tls = "tls-common" default_method = "mschapv2" copy_request_to_tunnel = no use_tunneled_reply = no proxy_tunneled_request_as_eap = yes virtual_server = "inner-tunnel" soh = no require_client_cert = no } Using cached TLS configuration from previous invocation # Linked to sub-module rlm_eap_mschapv2 mschapv2 { with_ntdomain_hack = no send_error = no } # Loaded module rlm_linelog # Instantiating module "linelog" from file /usr/local/etc/raddb/mods-enabled/linelog linelog { filename = "/usr/local/var/log/radius/linelog" permissions = 384 format = "This is a log message for %{User-Name}" reference = "%{%{Packet-Type}:-format}" } } # modules radiusd: #### Loading Virtual Servers #### server { # from file /usr/local/etc/raddb/radiusd.conf } # server server dhcp { # from file /usr/local/etc/raddb/sites-enabled/dhcp # Loading dhcp DHCP-Discover {...} # Loading dhcp DHCP-Request {...} # Loading dhcp {...} } # server dhcp server default { # from file /usr/local/etc/raddb/sites-enabled/default # Creating Auth-Type = digest # Loading authenticate {...} # Loading authorize {...} WARNING: Ignoring "sql" (see raddb/mods-available/README.rst) WARNING: Ignoring "ldap" (see raddb/mods-available/README.rst) # Loading preacct {...} # Loading accounting {...} # Loading post-proxy {...} # Loading post-auth {...} } # server default server inner-tunnel { # from file /usr/local/etc/raddb/sites-enabled/inner-tunnel # Loading authenticate {...} # Loading authorize {...} # Loading session {...} # Loading post-proxy {...} # Loading post-auth {...} } # server inner-tunnel radiusd: #### Opening IP addresses and Ports #### listen { type = "dhcp" ipaddr = * port = 67 src_ipaddr = 10.199.100.1 } listen { type = "auth" ipaddr = * port = 0 limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } listen { type = "acct" ipaddr = * port = 0 limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } listen { type = "auth" ipaddr = 127.0.0.1 port = 18120 } Listening on dhcp interface wlan0 address * port 67 as server dhcp Listening on auth address * port 1812 as server default Listening on acct address * port 1813 as server default Listening on auth address 127.0.0.1 port 18120 as server inner-tunnel Opening new proxy socket 'proxy address * port 0' Listening on proxy address * port 56577 Ready to process requests. Received DHCP-Request of id 1f551051 from 0.0.0.0:68 to 255.255.255.255:67 DHCP-Opcode = Client-Message DHCP-Hardware-Type = Ethernet DHCP-Hardware-Address-Length = 6 DHCP-Hop-Count = 0 DHCP-Transaction-Id = 525668433 DHCP-Number-of-Seconds = 0 DHCP-Flags = 0 DHCP-Client-IP-Address = 0.0.0.0 DHCP-Your-IP-Address = 0.0.0.0 DHCP-Server-IP-Address = 0.0.0.0 DHCP-Gateway-IP-Address = 0.0.0.0 DHCP-Client-Hardware-Address = 5c:0a:5b:11:0b:89 DHCP-Message-Type += DHCP-Request DHCP-Client-Identifier += 98:8a:68:00:00:00 DHCP-Requested-IP-Address += 10.1.10.105 DHCP-DHCP-Maximum-Msg-Size += 1500 DHCP-Vendor-Class-Identifier += 'dhcpcd-5.5.6' DHCP-Hostname += 'android-ad465a94ec6fe012' DHCP-Parameter-Request-List += DHCP-Subnet-Mask DHCP-Parameter-Request-List += DHCP-Static-Routes DHCP-Parameter-Request-List += DHCP-Router-Address DHCP-Parameter-Request-List += DHCP-Domain-Name-Server DHCP-Parameter-Request-List += DHCP-Domain-Name DHCP-Parameter-Request-List += DHCP-Interface-MTU-Size DHCP-Parameter-Request-List += DHCP-Broadcast-Address DHCP-Parameter-Request-List += DHCP-IP-Address-Lease-Time DHCP-Parameter-Request-List += DHCP-Renewal-Time DHCP-Parameter-Request-List += DHCP-Rebinding-Time Trying sub-section dhcp DHCP-Request {...} (0) dhcp DHCP-Request { (0) update reply { (0) DHCP-Message-Type = DHCP-Ack (0) } # update reply = noop (0) phptestauth : Executing: /usr/bin/php -f /usr/local/etc/raddb/scripts/hugh-test.php %{DHCP-Client-Hardware-Address} (0) phptestauth : expand: "%{DHCP-Client-Hardware-Address}" -> '5c:0a:5b:11:0b:89' (0) phptestauth : Program returned code (0) and output 'DHCP-Domain-Name-Server := 10.1.30.170, DHCP-Domain-Name-Server := 10.1.30.171, DHCP-IP-Address-Lease-Time := 7200, DHCP-Broadcast-Address := 10.199.100.15, DHCP-DHCP-Server-Identifier := 10.199.100.1, DHCP-Router-Address := 10.199.100.1, DHCP-Subnet-Mask := 255.255.255.240, DHCP-Server-Host-Name := 'wipi_1', DHCP-Your-IP-Address := 10.199.100.11, ' (0) phptestauth : Program executed successfully (0) [phptestauth] = ok (0) [ok] = ok (0) } # dhcp DHCP-Request = ok (0) DHCP: Reply will be unicast to your-ip-address DHCP-Opcode = Server-Message DHCP-Hardware-Type = Ethernet DHCP-Hardware-Address-Length = 6 DHCP-Hop-Count = 0 DHCP-Transaction-Id = 525668433 DHCP-Number-of-Seconds = 0 DHCP-Flags = 0 DHCP-Client-IP-Address = 0.0.0.0 DHCP-Your-IP-Address = 10.199.100.11 DHCP-Server-IP-Address = 10.199.100.1 DHCP-Gateway-IP-Address = 0.0.0.0 DHCP-Client-Hardware-Address = 5c:0a:5b:11:0b:89 DHCP-Server-Host-Name = 'wipi_1' DHCP-Boot-Filename = '' DHCP-Subnet-Mask := 255.255.255.240 DHCP-Router-Address := 10.199.100.1 DHCP-Domain-Name-Server := 10.1.30.170 DHCP-Domain-Name-Server := 10.1.30.171 DHCP-Broadcast-Address := 10.199.100.15 DHCP-IP-Address-Lease-Time := 7200 DHCP-DHCP-Server-Identifier := 10.199.100.1 DHCP-DHCP-Maximum-Msg-Size += 1500 Sending DHCP-Ack of id 1f551051 from 10.199.100.1:67 to 10.199.100.11:68 (0) Finished request 0. Waking up in 4.9 seconds. Received DHCP-Request of id 1f551051 from 0.0.0.0:68 to 255.255.255.255:67 Sending DHCP-Ack of id 1f551051 from 10.199.100.1:67 to 10.199.100.11:68 Waking up in 999995.9 seconds. Received DHCP-Discover of id 3b208ab0 from 0.0.0.0:68 to 255.255.255.255:67 DHCP-Opcode = Client-Message DHCP-Hardware-Type = Ethernet DHCP-Hardware-Address-Length = 6 DHCP-Hop-Count = 0 DHCP-Transaction-Id = 991988400 DHCP-Number-of-Seconds = 5 DHCP-Flags = 0 DHCP-Client-IP-Address = 0.0.0.0 DHCP-Your-IP-Address = 0.0.0.0 DHCP-Server-IP-Address = 0.0.0.0 DHCP-Gateway-IP-Address = 0.0.0.0 DHCP-Client-Hardware-Address = 5c:0a:5b:11:0b:89 DHCP-Message-Type += DHCP-Discover DHCP-Client-Identifier += a8:99:68:00:00:00 DHCP-DHCP-Maximum-Msg-Size += 1500 DHCP-Vendor-Class-Identifier += 'dhcpcd-5.5.6' DHCP-Hostname += 'android-ad465a94ec6fe012' DHCP-Parameter-Request-List += DHCP-Subnet-Mask DHCP-Parameter-Request-List += DHCP-Static-Routes DHCP-Parameter-Request-List += DHCP-Router-Address DHCP-Parameter-Request-List += DHCP-Domain-Name-Server DHCP-Parameter-Request-List += DHCP-Domain-Name DHCP-Parameter-Request-List += DHCP-Interface-MTU-Size DHCP-Parameter-Request-List += DHCP-Broadcast-Address DHCP-Parameter-Request-List += DHCP-IP-Address-Lease-Time DHCP-Parameter-Request-List += DHCP-Renewal-Time DHCP-Parameter-Request-List += DHCP-Rebinding-Time Trying sub-section dhcp DHCP-Discover {...} (1) dhcp DHCP-Discover { (1) update reply { (1) DHCP-Message-Type = DHCP-Offer (1) } # update reply = noop (1) phptestauth : Executing: /usr/bin/php -f /usr/local/etc/raddb/scripts/hugh-test.php %{DHCP-Client-Hardware-Address} (1) phptestauth : expand: "%{DHCP-Client-Hardware-Address}" -> '5c:0a:5b:11:0b:89' (1) phptestauth : Program returned code (0) and output 'DHCP-Domain-Name-Server := 10.1.30.170, DHCP-Domain-Name-Server := 10.1.30.171, DHCP-IP-Address-Lease-Time := 7200, DHCP-Broadcast-Address := 10.199.100.15, DHCP-DHCP-Server-Identifier := 10.199.100.1, DHCP-Router-Address := 10.199.100.1, DHCP-Subnet-Mask := 255.255.255.240, DHCP-Server-Host-Name := 'wipi_1', DHCP-Your-IP-Address := 10.199.100.11, ' (1) phptestauth : Program executed successfully (1) [phptestauth] = ok (1) [ok] = ok (1) } # dhcp DHCP-Discover = ok (1) DHCP: Reply will be unicast to your-ip-address DHCP-Opcode = Server-Message DHCP-Hardware-Type = Ethernet DHCP-Hardware-Address-Length = 6 DHCP-Hop-Count = 0 DHCP-Transaction-Id = 991988400 DHCP-Number-of-Seconds = 0 DHCP-Flags = 0 DHCP-Client-IP-Address = 0.0.0.0 DHCP-Your-IP-Address = 10.199.100.11 DHCP-Server-IP-Address = 10.199.100.1 DHCP-Gateway-IP-Address = 0.0.0.0 DHCP-Client-Hardware-Address = 5c:0a:5b:11:0b:89 DHCP-Server-Host-Name = 'wipi_1' DHCP-Boot-Filename = '' DHCP-Subnet-Mask := 255.255.255.240 DHCP-Router-Address := 10.199.100.1 DHCP-Domain-Name-Server := 10.1.30.170 DHCP-Domain-Name-Server := 10.1.30.171 DHCP-Broadcast-Address := 10.199.100.15 DHCP-IP-Address-Lease-Time := 7200 DHCP-DHCP-Server-Identifier := 10.199.100.1 DHCP-DHCP-Maximum-Msg-Size += 1500 Sending DHCP-Offer of id 3b208ab0 from 10.199.100.1:67 to 10.199.100.11:68 (1) Finished request 1. Waking up in 4.9 seconds. Received DHCP-Discover of id 3b208ab0 from 0.0.0.0:68 to 255.255.255.255:67 Sending DHCP-Offer of id 3b208ab0 from 10.199.100.1:67 to 10.199.100.11:68 Waking up in 999989.6 seconds. Received DHCP-Discover of id 3b208ab0 from 0.0.0.0:68 to 255.255.255.255:67 Sending DHCP-Offer of id 3b208ab0 from 10.199.100.1:67 to 10.199.100.11:68 Waking up in 999981.9 seconds.
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
---------------------------------------- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hugh McLenaghan wrote:
Digging further into the packet captures, i did notice another difference!
DHCPD sets the DSCP to 0x10 (Differentiated Services Field)
Field is 0x10 (DSCP 0x04)
I'm wondering if that's enough of a change. I don't think it is, but is it worth trying?
That shouldn't make any difference. Alan DeKok.
Config:- listen { type = dhcp ipaddr = * port = 67 interface = wlan0 broadcast = yes } dhcp DHCP-Discover { update reply { DHCP-Message-Type = DHCP-Offer } update reply { DHCP-DHCP-Server-Identifier = 10.199.100.1 DHCP-IP-Address-Lease-Time = 600 DHCP-Subnet-Mask = 255.255.255.240 DHCP-Router-Address = 10.199.100.1 DHCP-Domain-Name-Server = 10.1.30.170 DHCP-Domain-Name = 'mclenaghan.local' DHCP-Broadcast-Address = 10.199.100.15 DHCP-Server-IP-Address = 10.199.100.1 DHCP-Your-IP-Address = 10.199.100.5 DHCP-Server-Host-Name = 'wipi_2' } ok } dhcp DHCP-Request { update reply { DHCP-Message-Type = DHCP-Ack } update reply { DHCP-DHCP-Server-Identifier = 10.199.100.1 DHCP-IP-Address-Lease-Time = 600 DHCP-Subnet-Mask = 255.255.255.240 DHCP-Router-Address = 10.199.100.1 DHCP-Domain-Name-Server = 10.1.30.170 DHCP-Domain-Name = 'mclenaghan.local' DHCP-Broadcast-Address = 10.199.100.15 DHCP-Server-IP-Address = 10.199.100.1 DHCP-Your-IP-Address = 10.199.100.5 DHCP-Server-Host-Name = 'wipi_2' } ok } dhcp { reject } } Hugh ----------------------------------------
Date: Wed, 12 Mar 2014 13:15:57 +0000 From: mcn4@leicester.ac.uk To: freeradius-users@lists.freeradius.org Subject: Re: Issue with DHCP with Wireless card
Hi,
On Wed, Mar 12, 2014 at 01:39:56AM -0500, Hugh McLenaghan wrote:
I've been struggling getting the DHCP server to work. I have the configuration correct.
That's an interesting statement - there really isn't any sort of "correct" at the moment :)
The server starts fine, it listens on the port. When a client sends a request, the request is received correctly. it's then processed as expected, and it supposedly sends out the reply. However I DO NOT see the reply on the interface when i do a tcpdump.
OK, I had that working fine last night. Machine on network serving DHCP to tablet (over wireless).
Can you post full debug logs from "radiusd -X" please.
I've tried changing multiple settings including setting broadcast off/on, I've changed the IP address bindings and that doesn't help.
This worked here (you probably want eth0 not br0):
listen { ipaddr = 0.0.0.0 port = 67 type = dhcp interface = br0 broadcast = yes }
I've also tried using different versions of freeradius, from 2.2.x through 3.0.1 and 3.1.0 (the git repository).
Use 3.0.x HEAD. DHCP is new enough that you always want to be running the latest code.
I know the wireless card will support it, because when i try using the regular ISC DHCPD daemon, it gets an IP address and I can see the request/reply packets.
One thing I did notice though in the debug logs of freeradius, is when it supposedly sends the reply packet the source/from address is 0.0.0.0:67 however when ISC DHCPD sends it's response it comes from the IP address of the interface itself e.g. 10.199.100.1:67.
Where was it sending _to_? If 0.0.0.0:68, then it won't actually send anything, and means that something has gone wrong. I've got a patch that makes that clearer in the debug, as I hit that as well.
For my tests i've been using a raspberry Pi running raspian OS. I'm going to try to do this on a regular VM tomorrow to see if it's related to the OS/hardware.
Haven't tried it on my Pi, but I doubt that is the issue. System here is Debian, so similar.
Cheers
Matthew
-- Matthew Newton, Ph.D. <mcn4@le.ac.uk>
Systems Specialist, Infrastructure Services, I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, <ithelp@le.ac.uk> - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi Thanks - If you could try with ipaddr = 0.0.0.0, just in case (which will match my working config, apart from the wireless card), and with v3.0.x HEAD as well, that would be useful. If I get a chance I'll see if I can test it on a wifi-enabled Pi. Thanks Matthew On Wed, Mar 12, 2014 at 12:46:01PM -0500, Hugh McLenaghan wrote:
Config:- listen { type = dhcp ipaddr = * port = 67 interface = wlan0 broadcast = yes }
-- Matthew Newton, Ph.D. <mcn4@le.ac.uk> Systems Specialist, Infrastructure Services, I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom For IT help contact helpdesk extn. 2253, <ithelp@le.ac.uk>
participants (5)
-
Alan DeKok -
Arran Cudbard-Bell -
Hugh McLenaghan -
Iliya Peregoudov -
Matthew Newton