Access request always return reject
J Kephart
jkephart at safetynetaccess.com
Wed May 20 23:16:56 CEST 2015
Good day!
We've just compiled FR 2.2.7 on a CentOS 6.6 system, preparatory to
migrating from our old 2.1.12 release. When we ran the initial test,
under "radius -X," we got the expected reject, because there was no user
named "test." We then added that user to the users file (the only
change we made), with just the username and cleartext-password, and ran
the test again, and it still returned a reject.
I'm posting the output from "radius -X" below. We've essentially the
same config on the older server, and we've never encountered the problem
there, so it seems fairly obvious that something's wrong; we just can't
tell what it is. I do see that it says "++[reject] = reject", but I'm
not seeing the cause.
One note however: In the output, at line 190, we see "server { # from
file /usr/loc" followed by a bunch of gibberish. I'm not sure that's a
real concern, but it does seem odd.
In any case, the debug output is below. I'd appreciate it if someone
could point me to the problem.
Many thanks!
Jim
1: Wed May 20 16:46:25 2015 : Info: radiusd: FreeRADIUS Version 2.2.7,
for host x86_64-unknown-linux-gnu, built on May 20 2015 at 16:45:16
2: Wed May 20 16:46:25 2015 : Debug: Server was built with:
3: Wed May 20 16:46:25 2015 : Debug: accounting
4: Wed May 20 16:46:25 2015 : Debug: authentication
5: Wed May 20 16:46:25 2015 : Debug: WITH_DHCP
6: Wed May 20 16:46:25 2015 : Debug: WITH_VMPS
7: Wed May 20 16:46:25 2015 : Debug: Server core libs:
8: Wed May 20 16:46:25 2015 : Debug: ssl: OpenSSL 1.0.1e-fips 11 Feb
2013
9: Wed May 20 16:46:25 2015 : Info: Copyright (C) 1999-2015 The
FreeRADIUS server project and contributors.
10: Wed May 20 16:46:25 2015 : Info: There is NO warranty; not even for
MERCHANTABILITY or FITNESS FOR A
11: Wed May 20 16:46:25 2015 : Info: PARTICULAR PURPOSE.
12: Wed May 20 16:46:25 2015 : Info: You may redistribute copies of
FreeRADIUS under the terms of the
13: Wed May 20 16:46:25 2015 : Info: GNU General Public License.
14: Wed May 20 16:46:25 2015 : Info: For more information about these
matters, see the file named COPYRIGHT.
15: Wed May 20 16:46:25 2015 : Info: Starting - reading configuration
files ...
16: Wed May 20 16:46:25 2015 : Debug: including configuration file
/usr/local/etc/raddb/radiusd.conf
17: Wed May 20 16:46:25 2015 : Debug: including configuration file
/usr/local/etc/raddb/proxy.conf
18: Wed May 20 16:46:25 2015 : Debug: including configuration file
/usr/local/etc/raddb/clients.conf
19: Wed May 20 16:46:25 2015 : Debug: including files in directory
/usr/local/etc/raddb/modules/
20: Wed May 20 16:46:25 2015 : Debug: including configuration file
/usr/local/etc/raddb/modules/wimax
21: Wed May 20 16:46:25 2015 : Debug: including configuration file
/usr/local/etc/raddb/modules/chap
22: Wed May 20 16:46:25 2015 : Debug: including configuration file
/usr/local/etc/raddb/modules/unix
23: Wed May 20 16:46:25 2015 : Debug: including configuration file
/usr/local/etc/raddb/modules/detail.example.com
24: Wed May 20 16:46:25 2015 : Debug: including configuration file
/usr/local/etc/raddb/modules/always
25: Wed May 20 16:46:25 2015 : Debug: including configuration file
/usr/local/etc/raddb/modules/mschap
26: Wed May 20 16:46:25 2015 : Debug: including configuration file
/usr/local/etc/raddb/modules/detail
27: Wed May 20 16:46:25 2015 : Debug: including configuration file
/usr/local/etc/raddb/modules/redis
28: Wed May 20 16:46:25 2015 : Debug: including configuration file
/usr/local/etc/raddb/modules/detail.log
29: Wed May 20 16:46:25 2015 : Debug: including configuration file
/usr/local/etc/raddb/modules/perl
30: Wed May 20 16:46:25 2015 : Debug: including configuration file
/usr/local/etc/raddb/modules/radrelay
31: Wed May 20 16:46:25 2015 : Debug: including configuration file
/usr/local/etc/raddb/modules/pap
32: Wed May 20 16:46:25 2015 : Debug: including configuration file
/usr/local/etc/raddb/modules/preprocess
33: Wed May 20 16:46:25 2015 : Debug: including configuration file
/usr/local/etc/raddb/modules/smsotp
34: Wed May 20 16:46:25 2015 : Debug: including configuration file
/usr/local/etc/raddb/modules/otp
35: Wed May 20 16:46:25 2015 : Debug: including configuration file
/usr/local/etc/raddb/modules/passwd
36: Wed May 20 16:46:25 2015 : Debug: including configuration file
/usr/local/etc/raddb/modules/files
37: Wed May 20 16:46:25 2015 : Debug: including configuration file
/usr/local/etc/raddb/modules/digest
38: Wed May 20 16:46:25 2015 : Debug: including configuration file
/usr/local/etc/raddb/modules/policy
39: Wed May 20 16:46:25 2015 : Debug: including configuration file
/usr/local/etc/raddb/modules/realm
40: Wed May 20 16:46:25 2015 : Debug: including configuration file
/usr/local/etc/raddb/modules/dynamic_clients
41: Wed May 20 16:46:25 2015 : Debug: including configuration file
/usr/local/etc/raddb/modules/opendirectory
42: Wed May 20 16:46:25 2015 : Debug: including configuration file
/usr/local/etc/raddb/modules/sradutmp
43: Wed May 20 16:46:25 2015 : Debug: including configuration file
/usr/local/etc/raddb/modules/smbpasswd
44: Wed May 20 16:46:25 2015 : Debug: including configuration file
/usr/local/etc/raddb/modules/echo
45: Wed May 20 16:46:25 2015 : Debug: including configuration file
/usr/local/etc/raddb/modules/exec
46: Wed May 20 16:46:25 2015 : Debug: including configuration file
/usr/local/etc/raddb/modules/logintime
47: Wed May 20 16:46:25 2015 : Debug: including configuration file
/usr/local/etc/raddb/modules/cui
48: Wed May 20 16:46:25 2015 : Debug: including configuration file
/usr/local/etc/raddb/modules/radutmp
49: Wed May 20 16:46:25 2015 : Debug: including configuration file
/usr/local/etc/raddb/modules/expiration
50: Wed May 20 16:46:25 2015 : Debug: including configuration file
/usr/local/etc/raddb/modules/acct_unique
51: Wed May 20 16:46:25 2015 : Debug: including configuration file
/usr/local/etc/raddb/modules/krb5
52: Wed May 20 16:46:25 2015 : Debug: including configuration file
/usr/local/etc/raddb/modules/ntlm_auth
53: Wed May 20 16:46:25 2015 : Debug: including configuration file
/usr/local/etc/raddb/modules/checkval
54: Wed May 20 16:46:25 2015 : Debug: including configuration file
/usr/local/etc/raddb/modules/attr_filter
55: Wed May 20 16:46:25 2015 : Debug: including configuration file
/usr/local/etc/raddb/modules/sql_log
56: Wed May 20 16:46:25 2015 : Debug: including configuration file
/usr/local/etc/raddb/modules/counter
57: Wed May 20 16:46:25 2015 : Debug: including configuration file
/usr/local/etc/raddb/modules/dhcp_sqlippool
58: Wed May 20 16:46:25 2015 : Debug: including configuration file
/usr/local/etc/raddb/sql/mysql/ippool-dhcp.conf
59: Wed May 20 16:46:25 2015 : Debug: including configuration file
/usr/local/etc/raddb/modules/expr
60: Wed May 20 16:46:25 2015 : Debug: including configuration file
/usr/local/etc/raddb/modules/cache
61: Wed May 20 16:46:25 2015 : Debug: including configuration file
/usr/local/etc/raddb/modules/attr_rewrite
62: Wed May 20 16:46:25 2015 : Debug: including configuration file
/usr/local/etc/raddb/modules/mac2ip
63: Wed May 20 16:46:25 2015 : Debug: including configuration file
/usr/local/etc/raddb/modules/ippool
64: Wed May 20 16:46:25 2015 : Debug: including configuration file
/usr/local/etc/raddb/modules/linelog
65: Wed May 20 16:46:25 2015 : Debug: including configuration file
/usr/local/etc/raddb/modules/pam
66: Wed May 20 16:46:25 2015 : Debug: including configuration file
/usr/local/etc/raddb/modules/soh
67: Wed May 20 16:46:25 2015 : Debug: including configuration file
/usr/local/etc/raddb/modules/ldap
68: Wed May 20 16:46:25 2015 : Debug: including configuration file
/usr/local/etc/raddb/modules/sqlcounter_expire_on_login
69: Wed May 20 16:46:25 2015 : Debug: including configuration file
/usr/local/etc/raddb/modules/inner-eap
70: Wed May 20 16:46:25 2015 : Debug: including configuration file
/usr/local/etc/raddb/modules/mac2vlan
71: Wed May 20 16:46:25 2015 : Debug: including configuration file
/usr/local/etc/raddb/modules/replicate
72: Wed May 20 16:46:25 2015 : Debug: including configuration file
/usr/local/etc/raddb/modules/etc_group
73: Wed May 20 16:46:25 2015 : Debug: including configuration file
/usr/local/etc/raddb/modules/rediswho
74: Wed May 20 16:46:25 2015 : Debug: including configuration file
/usr/local/etc/raddb/eap.conf
75: Wed May 20 16:46:25 2015 : Debug: including configuration file
/usr/local/etc/raddb/policy.conf
76: Wed May 20 16:46:25 2015 : Debug: including files in directory
/usr/local/etc/raddb/sites-enabled/
77: Wed May 20 16:46:25 2015 : Debug: including configuration file
/usr/local/etc/raddb/sites-enabled/default
78: Wed May 20 16:46:25 2015 : Debug: including configuration file
/usr/local/etc/raddb/sites-enabled/inner-tunnel
79: Wed May 20 16:46:25 2015 : Debug: including configuration file
/usr/local/etc/raddb/sites-enabled/control-socket
80: Wed May 20 16:46:25 2015 : Debug: main {
81: Wed May 20 16:46:25 2015 : Debug: allow_core_dumps = no
82: Wed May 20 16:46:25 2015 : Debug: }
83: Wed May 20 16:46:25 2015 : Debug: including dictionary file
/usr/local/etc/raddb/dictionary
84: Wed May 20 16:46:25 2015 : Debug: main {
85: Wed May 20 16:46:25 2015 : Debug: name = "radiusd"
86: Wed May 20 16:46:25 2015 : Debug: prefix = "/usr/local"
87: Wed May 20 16:46:25 2015 : Debug: localstatedir = "/usr/local/var"
88: Wed May 20 16:46:25 2015 : Debug: sbindir = "/usr/local/sbin"
89: Wed May 20 16:46:25 2015 : Debug: logdir = "/var/log/radius"
90: Wed May 20 16:46:25 2015 : Debug: run_dir =
"/usr/local/var/run/radiusd"
91: Wed May 20 16:46:25 2015 : Debug: libdir = "/usr/local/lib"
92: Wed May 20 16:46:25 2015 : Debug: radacctdir =
"/var/log/radius/radacct"
93: Wed May 20 16:46:25 2015 : Debug: hostname_lookups = no
94: Wed May 20 16:46:25 2015 : Debug: max_request_time = 30
95: Wed May 20 16:46:25 2015 : Debug: cleanup_delay = 5
96: Wed May 20 16:46:25 2015 : Debug: max_requests = 1024
97: Wed May 20 16:46:25 2015 : Debug: pidfile =
"/usr/local/var/run/radiusd/radiusd.pid"
98: Wed May 20 16:46:25 2015 : Debug: checkrad =
"/usr/local/sbin/checkrad"
99: Wed May 20 16:46:25 2015 : Debug: debug_level = 0
100: Wed May 20 16:46:25 2015 : Debug: proxy_requests = yes
101: Wed May 20 16:46:25 2015 : Debug: log {
102: Wed May 20 16:46:25 2015 : Debug: stripped_names = no
103: Wed May 20 16:46:25 2015 : Debug: auth = no
104: Wed May 20 16:46:25 2015 : Debug: auth_badpass = no
105: Wed May 20 16:46:25 2015 : Debug: auth_goodpass = no
106: Wed May 20 16:46:25 2015 : Debug: }
107: Wed May 20 16:46:25 2015 : Debug: security {
108: Wed May 20 16:46:25 2015 : Debug: max_attributes = 200
109: Wed May 20 16:46:25 2015 : Debug: reject_delay = 1
110: Wed May 20 16:46:25 2015 : Debug: status_server = yes
111: Wed May 20 16:46:25 2015 : Debug: allow_vulnerable_openssl = yes
112: Wed May 20 16:46:25 2015 : Debug: }
113: Wed May 20 16:46:25 2015 : Debug: }
114: Wed May 20 16:46:25 2015 : Debug: radiusd: #### Loading Realms and
Home Servers ####
115: Wed May 20 16:46:25 2015 : Debug: proxy server {
116: Wed May 20 16:46:25 2015 : Debug: retry_delay = 5
117: Wed May 20 16:46:25 2015 : Debug: retry_count = 3
118: Wed May 20 16:46:25 2015 : Debug: default_fallback = no
119: Wed May 20 16:46:25 2015 : Debug: dead_time = 120
120: Wed May 20 16:46:25 2015 : Debug: wake_all_if_all_dead = no
121: Wed May 20 16:46:25 2015 : Debug: }
122: Wed May 20 16:46:25 2015 : Debug: home_server localhost {
123: Wed May 20 16:46:25 2015 : Debug: ipaddr = 127.0.0.1
124: Wed May 20 16:46:25 2015 : Debug: port = 1812
125: Wed May 20 16:46:25 2015 : Debug: type = "auth"
126: Wed May 20 16:46:25 2015 : Debug: secret = "testing123"
127: Wed May 20 16:46:25 2015 : Debug: response_window = 20
128: Wed May 20 16:46:25 2015 : Debug: max_outstanding = 65536
129: Wed May 20 16:46:25 2015 : Debug:
require_message_authenticator = yes
130: Wed May 20 16:46:25 2015 : Debug: zombie_period = 40
131: Wed May 20 16:46:25 2015 : Debug: status_check = "status-server"
132: Wed May 20 16:46:25 2015 : Debug: ping_interval = 30
133: Wed May 20 16:46:25 2015 : Debug: check_interval = 30
134: Wed May 20 16:46:25 2015 : Debug: num_answers_to_alive = 3
135: Wed May 20 16:46:25 2015 : Debug: num_pings_to_alive = 3
136: Wed May 20 16:46:25 2015 : Debug: revive_interval = 120
137: Wed May 20 16:46:25 2015 : Debug: status_check_timeout = 4
138: Wed May 20 16:46:25 2015 : Debug: coa {
139: Wed May 20 16:46:25 2015 : Debug: irt = 2
140: Wed May 20 16:46:25 2015 : Debug: mrt = 16
141: Wed May 20 16:46:25 2015 : Debug: mrc = 5
142: Wed May 20 16:46:25 2015 : Debug: mrd = 30
143: Wed May 20 16:46:25 2015 : Debug: }
144: Wed May 20 16:46:25 2015 : Debug: }
145: Wed May 20 16:46:25 2015 : Debug: home_server_pool my_auth_failover {
146: Wed May 20 16:46:25 2015 : Debug: type = fail-over
147: Wed May 20 16:46:25 2015 : Debug: home_server = localhost
148: Wed May 20 16:46:25 2015 : Debug: }
149: Wed May 20 16:46:25 2015 : Debug: realm example.com {
150: Wed May 20 16:46:25 2015 : Debug: auth_pool = my_auth_failover
151: Wed May 20 16:46:25 2015 : Debug: }
152: Wed May 20 16:46:25 2015 : Debug: realm LOCAL {
153: Wed May 20 16:46:25 2015 : Debug: }
154: Wed May 20 16:46:25 2015 : Debug: radiusd: #### Loading Clients ####
155: Wed May 20 16:46:25 2015 : Debug: client localhost {
156: Wed May 20 16:46:25 2015 : Debug: ipaddr = 127.0.0.1
157: Wed May 20 16:46:25 2015 : Debug:
require_message_authenticator = no
158: Wed May 20 16:46:25 2015 : Debug: secret = "testing123"
159: Wed May 20 16:46:25 2015 : Debug: nastype = "other"
160: Wed May 20 16:46:25 2015 : Debug: }
161: Wed May 20 16:46:25 2015 : Debug: radiusd: #### Instantiating
modules ####
162: Wed May 20 16:46:25 2015 : Debug: instantiate {
163: Wed May 20 16:46:25 2015 : Debug: (Loaded rlm_exec, checking if
it's valid)
164: Wed May 20 16:46:25 2015 : Debug: Module: Linked to module rlm_exec
165: Wed May 20 16:46:25 2015 : Debug: Module: Instantiating module
"exec" from file /usr/local/etc/raddb/modules/exec
166: Wed May 20 16:46:25 2015 : Debug: exec {
167: Wed May 20 16:46:25 2015 : Debug: wait = no
168: Wed May 20 16:46:25 2015 : Debug: input_pairs = "request"
169: Wed May 20 16:46:25 2015 : Debug: shell_escape = yes
170: Wed May 20 16:46:25 2015 : Debug: timeout = 10
171: Wed May 20 16:46:25 2015 : Debug: }
172: Wed May 20 16:46:25 2015 : Debug: (Loaded rlm_expr, checking if
it's valid)
173: Wed May 20 16:46:25 2015 : Debug: Module: Linked to module rlm_expr
174: Wed May 20 16:46:25 2015 : Debug: Module: Instantiating module
"expr" from file /usr/local/etc/raddb/modules/expr
175: Wed May 20 16:46:25 2015 : Debug: (Loaded rlm_expiration,
checking if it's valid)
176: Wed May 20 16:46:25 2015 : Debug: Module: Linked to module
rlm_expiration
177: Wed May 20 16:46:25 2015 : Debug: Module: Instantiating module
"expiration" from file /usr/local/etc/raddb/modules/expiration
178: Wed May 20 16:46:25 2015 : Debug: expiration {
179: Wed May 20 16:46:25 2015 : Debug: reply-message = "Password
Has Expired "
180: Wed May 20 16:46:25 2015 : Debug: }
181: Wed May 20 16:46:25 2015 : Debug: (Loaded rlm_logintime,
checking if it's valid)
182: Wed May 20 16:46:25 2015 : Debug: Module: Linked to module
rlm_logintime
183: Wed May 20 16:46:25 2015 : Debug: Module: Instantiating module
"logintime" from file /usr/local/etc/raddb/modules/logintime
184: Wed May 20 16:46:25 2015 : Debug: logintime {
185: Wed May 20 16:46:25 2015 : Debug: reply-message = "You are
calling outside your allowed timespan "
186: Wed May 20 16:46:25 2015 : Debug: minimum-timeout = 60
187: Wed May 20 16:46:25 2015 : Debug: }
188: Wed May 20 16:46:25 2015 : Debug: }
189: Wed May 20 16:46:25 2015 : Debug: radiusd: #### Loading Virtual
Servers ####
190: Wed May 20 16:46:25 2015 : Debug: server { # from file
/usr/loc\E0?Y\FD\FF
191: Wed May 20 16:46:25 2015 : Debug: modules {
192: Wed May 20 16:46:25 2015 : Debug: Module: Creating Auth-Type = digest
193: Wed May 20 16:46:25 2015 : Debug: Module: Checking authenticate
{...} for more modules to load
194: Wed May 20 16:46:25 2015 : Debug: (Loaded rlm_pap, checking if
it's valid)
195: Wed May 20 16:46:25 2015 : Debug: Module: Linked to module rlm_pap
196: Wed May 20 16:46:25 2015 : Debug: Module: Instantiating module
"pap" from file /usr/local/etc/raddb/modules/pap
197: Wed May 20 16:46:25 2015 : Debug: pap {
198: Wed May 20 16:46:25 2015 : Debug: encryption_scheme = "auto"
199: Wed May 20 16:46:25 2015 : Debug: auto_header = no
200: Wed May 20 16:46:25 2015 : Debug: }
201: Wed May 20 16:46:25 2015 : Debug: (Loaded rlm_chap, checking if
it's valid)
202: Wed May 20 16:46:25 2015 : Debug: Module: Linked to module rlm_chap
203: Wed May 20 16:46:25 2015 : Debug: Module: Instantiating module
"chap" from file /usr/local/etc/raddb/modules/chap
204: Wed May 20 16:46:25 2015 : Debug: (Loaded rlm_mschap, checking
if it's valid)
205: Wed May 20 16:46:25 2015 : Debug: Module: Linked to module rlm_mschap
206: Wed May 20 16:46:25 2015 : Debug: Module: Instantiating module
"mschap" from file /usr/local/etc/raddb/modules/mschap
207: Wed May 20 16:46:25 2015 : Debug: mschap {
208: Wed May 20 16:46:25 2015 : Debug: use_mppe = yes
209: Wed May 20 16:46:25 2015 : Debug: require_encryption = no
210: Wed May 20 16:46:25 2015 : Debug: require_strong = no
211: Wed May 20 16:46:25 2015 : Debug: with_ntdomain_hack = no
212: Wed May 20 16:46:25 2015 : Debug: allow_retry = yes
213: Wed May 20 16:46:25 2015 : Debug: }
214: Wed May 20 16:46:25 2015 : Debug: (Loaded rlm_digest, checking
if it's valid)
215: Wed May 20 16:46:25 2015 : Debug: Module: Linked to module rlm_digest
216: Wed May 20 16:46:25 2015 : Debug: Module: Instantiating module
"digest" from file /usr/local/etc/raddb/modules/digest
217: Wed May 20 16:46:25 2015 : Debug: (Loaded rlm_unix, checking if
it's valid)
218: Wed May 20 16:46:25 2015 : Debug: Module: Linked to module rlm_unix
219: Wed May 20 16:46:25 2015 : Debug: Module: Instantiating module
"unix" from file /usr/local/etc/raddb/modules/unix
220: Wed May 20 16:46:25 2015 : Debug: unix {
221: Wed May 20 16:46:25 2015 : Debug: radwtmp =
"/var/log/radius/radwtmp"
222: Wed May 20 16:46:25 2015 : Debug: }
223: Wed May 20 16:46:25 2015 : Debug: (Loaded rlm_eap, checking if
it's valid)
224: Wed May 20 16:46:25 2015 : Debug: Module: Linked to module rlm_eap
225: Wed May 20 16:46:25 2015 : Debug: Module: Instantiating module
"eap" from file /usr/local/etc/raddb/eap.conf
226: Wed May 20 16:46:25 2015 : Debug: eap {
227: Wed May 20 16:46:25 2015 : Debug: default_eap_type = "md5"
228: Wed May 20 16:46:25 2015 : Debug: timer_expire = 60
229: Wed May 20 16:46:25 2015 : Debug: ignore_unknown_eap_types = no
230: Wed May 20 16:46:25 2015 : Debug:
cisco_accounting_username_bug = no
231: Wed May 20 16:46:25 2015 : Debug: max_sessions = 1024
232: Wed May 20 16:46:25 2015 : Debug: }
233: Wed May 20 16:46:25 2015 : Debug: Module: Linked to sub-module
rlm_eap_md5
234: Wed May 20 16:46:25 2015 : Debug: Module: Instantiating eap-md5
235: Wed May 20 16:46:25 2015 : Debug: Module: Linked to sub-module
rlm_eap_leap
236: Wed May 20 16:46:25 2015 : Debug: Module: Instantiating eap-leap
237: Wed May 20 16:46:25 2015 : Debug: Module: Linked to sub-module
rlm_eap_gtc
238: Wed May 20 16:46:25 2015 : Debug: Module: Instantiating eap-gtc
239: Wed May 20 16:46:25 2015 : Debug: gtc {
240: Wed May 20 16:46:25 2015 : Debug: challenge = "Password: "
241: Wed May 20 16:46:25 2015 : Debug: auth_type = "PAP"
242: Wed May 20 16:46:25 2015 : Debug: }
243: Wed May 20 16:46:25 2015 : Debug: Module: Linked to sub-module
rlm_eap_tls
244: Wed May 20 16:46:25 2015 : Debug: Module: Instantiating eap-tls
245: Wed May 20 16:46:25 2015 : Debug: tls {
246: Wed May 20 16:46:25 2015 : Debug: rsa_key_exchange = no
247: Wed May 20 16:46:25 2015 : Debug: dh_key_exchange = yes
248: Wed May 20 16:46:25 2015 : Debug: rsa_key_length = 512
249: Wed May 20 16:46:25 2015 : Debug: dh_key_length = 512
250: Wed May 20 16:46:25 2015 : Debug: verify_depth = 0
251: Wed May 20 16:46:25 2015 : Debug: CA_path =
"/usr/local/etc/raddb/certs"
252: Wed May 20 16:46:25 2015 : Debug: pem_file_type = yes
253: Wed May 20 16:46:25 2015 : Debug: private_key_file =
"/usr/local/etc/raddb/certs/server.pem"
254: Wed May 20 16:46:25 2015 : Debug: certificate_file =
"/usr/local/etc/raddb/certs/server.pem"
255: Wed May 20 16:46:25 2015 : Debug: CA_file =
"/usr/local/etc/raddb/certs/ca.pem"
256: Wed May 20 16:46:25 2015 : Debug: private_key_password =
"whatever"
257: Wed May 20 16:46:25 2015 : Debug: dh_file =
"/usr/local/etc/raddb/certs/dh"
258: Wed May 20 16:46:25 2015 : Debug: fragment_size = 1024
259: Wed May 20 16:46:25 2015 : Debug: include_length = yes
260: Wed May 20 16:46:25 2015 : Debug: check_crl = no
261: Wed May 20 16:46:25 2015 : Debug: cipher_list = "DEFAULT"
262: Wed May 20 16:46:25 2015 : Debug: make_cert_command =
"/usr/local/etc/raddb/certs/bootstrap"
263: Wed May 20 16:46:25 2015 : Debug: ecdh_curve = "prime256v1"
264: Wed May 20 16:46:25 2015 : Debug: cache {
265: Wed May 20 16:46:25 2015 : Debug: enable = no
266: Wed May 20 16:46:25 2015 : Debug: lifetime = 24
267: Wed May 20 16:46:25 2015 : Debug: max_entries = 255
268: Wed May 20 16:46:25 2015 : Debug: }
269: Wed May 20 16:46:25 2015 : Debug: verify {
270: Wed May 20 16:46:25 2015 : Debug: }
271: Wed May 20 16:46:25 2015 : Debug: ocsp {
272: Wed May 20 16:46:25 2015 : Debug: enable = no
273: Wed May 20 16:46:25 2015 : Debug: override_cert_url = yes
274: Wed May 20 16:46:25 2015 : Debug: url =
"http://127.0.0.1/ocsp/"
275: Wed May 20 16:46:25 2015 : Debug: use_nonce = yes
276: Wed May 20 16:46:25 2015 : Debug: timeout = 0
277: Wed May 20 16:46:25 2015 : Debug: softfail = no
278: Wed May 20 16:46:25 2015 : Debug: }
279: Wed May 20 16:46:25 2015 : Debug: }
280: Wed May 20 16:46:25 2015 : Debug: Module: Linked to sub-module
rlm_eap_ttls
281: Wed May 20 16:46:25 2015 : Debug: Module: Instantiating eap-ttls
282: Wed May 20 16:46:25 2015 : Debug: ttls {
283: Wed May 20 16:46:25 2015 : Debug: default_eap_type = "md5"
284: Wed May 20 16:46:25 2015 : Debug: copy_request_to_tunnel = no
285: Wed May 20 16:46:25 2015 : Debug: use_tunneled_reply = no
286: Wed May 20 16:46:25 2015 : Debug: virtual_server =
"inner-tunnel"
287: Wed May 20 16:46:25 2015 : Debug: include_length = yes
288: Wed May 20 16:46:25 2015 : Debug: }
289: Wed May 20 16:46:25 2015 : Debug: Module: Linked to sub-module
rlm_eap_peap
290: Wed May 20 16:46:25 2015 : Debug: Module: Instantiating eap-peap
291: Wed May 20 16:46:25 2015 : Debug: peap {
292: Wed May 20 16:46:25 2015 : Debug: default_eap_type = "mschapv2"
293: Wed May 20 16:46:25 2015 : Debug: copy_request_to_tunnel = no
294: Wed May 20 16:46:25 2015 : Debug: use_tunneled_reply = no
295: Wed May 20 16:46:25 2015 : Debug:
proxy_tunneled_request_as_eap = yes
296: Wed May 20 16:46:25 2015 : Debug: virtual_server =
"inner-tunnel"
297: Wed May 20 16:46:25 2015 : Debug: soh = no
298: Wed May 20 16:46:25 2015 : Debug: }
299: Wed May 20 16:46:25 2015 : Debug: Module: Linked to sub-module
rlm_eap_mschapv2
300: Wed May 20 16:46:25 2015 : Debug: Module: Instantiating eap-mschapv2
301: Wed May 20 16:46:25 2015 : Debug: mschapv2 {
302: Wed May 20 16:46:25 2015 : Debug: with_ntdomain_hack = no
303: Wed May 20 16:46:25 2015 : Debug: send_error = no
304: Wed May 20 16:46:25 2015 : Debug: }
305: Wed May 20 16:46:25 2015 : Debug: Module: Checking authorize {...}
for more modules to load
306: Wed May 20 16:46:25 2015 : Debug: (Loaded rlm_preprocess,
checking if it's valid)
307: Wed May 20 16:46:25 2015 : Debug: Module: Linked to module
rlm_preprocess
308: Wed May 20 16:46:25 2015 : Debug: Module: Instantiating module
"preprocess" from file /usr/local/etc/raddb/modules/preprocess
309: Wed May 20 16:46:25 2015 : Debug: preprocess {
310: Wed May 20 16:46:25 2015 : Debug: huntgroups =
"/usr/local/etc/raddb/huntgroups"
311: Wed May 20 16:46:25 2015 : Debug: hints =
"/usr/local/etc/raddb/hints"
312: Wed May 20 16:46:25 2015 : Debug: with_ascend_hack = no
313: Wed May 20 16:46:25 2015 : Debug: ascend_channels_per_line = 23
314: Wed May 20 16:46:25 2015 : Debug: with_ntdomain_hack = no
315: Wed May 20 16:46:25 2015 : Debug:
with_specialix_jetstream_hack = no
316: Wed May 20 16:46:25 2015 : Debug: with_cisco_vsa_hack = no
317: Wed May 20 16:46:25 2015 : Debug: with_alvarion_vsa_hack = no
318: Wed May 20 16:46:25 2015 : Debug: }
319: Wed May 20 16:46:25 2015 : Debug: reading pairlist file
/usr/local/etc/raddb/huntgroups
320: Wed May 20 16:46:25 2015 : Debug: reading pairlist file
/usr/local/etc/raddb/hints
321: Wed May 20 16:46:25 2015 : Debug: (Loaded rlm_realm, checking
if it's valid)
322: Wed May 20 16:46:25 2015 : Debug: Module: Linked to module rlm_realm
323: Wed May 20 16:46:25 2015 : Debug: Module: Instantiating module
"suffix" from file /usr/local/etc/raddb/modules/realm
324: Wed May 20 16:46:25 2015 : Debug: realm suffix {
325: Wed May 20 16:46:25 2015 : Debug: format = "suffix"
326: Wed May 20 16:46:25 2015 : Debug: delimiter = "@"
327: Wed May 20 16:46:25 2015 : Debug: ignore_default = no
328: Wed May 20 16:46:25 2015 : Debug: ignore_null = no
329: Wed May 20 16:46:25 2015 : Debug: }
330: Wed May 20 16:46:25 2015 : Debug: (Loaded rlm_always, checking
if it's valid)
331: Wed May 20 16:46:25 2015 : Debug: Module: Linked to module rlm_always
332: Wed May 20 16:46:25 2015 : Debug: Module: Instantiating module
"reject" from file /usr/local/etc/raddb/modules/always
333: Wed May 20 16:46:25 2015 : Debug: always reject {
334: Wed May 20 16:46:25 2015 : Debug: rcode = "reject"
335: Wed May 20 16:46:25 2015 : Debug: simulcount = 0
336: Wed May 20 16:46:25 2015 : Debug: mpp = no
337: Wed May 20 16:46:25 2015 : Debug: }
338: Wed May 20 16:46:25 2015 : Debug: (Loaded rlm_files, checking
if it's valid)
339: Wed May 20 16:46:25 2015 : Debug: Module: Linked to module rlm_files
340: Wed May 20 16:46:25 2015 : Debug: Module: Instantiating module
"files" from file /usr/local/etc/raddb/modules/files
341: Wed May 20 16:46:25 2015 : Debug: files {
342: Wed May 20 16:46:25 2015 : Debug: usersfile =
"/usr/local/etc/raddb/users"
343: Wed May 20 16:46:25 2015 : Debug: acctusersfile =
"/usr/local/etc/raddb/acct_users"
344: Wed May 20 16:46:25 2015 : Debug: preproxy_usersfile =
"/usr/local/etc/raddb/preproxy_users"
345: Wed May 20 16:46:25 2015 : Debug: compat = "no"
346: Wed May 20 16:46:25 2015 : Debug: }
347: Wed May 20 16:46:25 2015 : Debug: reading pairlist file
/usr/local/etc/raddb/users
348: Wed May 20 16:46:25 2015 : Debug: reading pairlist file
/usr/local/etc/raddb/acct_users
349: Wed May 20 16:46:25 2015 : Debug: reading pairlist file
/usr/local/etc/raddb/preproxy_users
350: Wed May 20 16:46:25 2015 : Debug: Module: Checking preacct {...}
for more modules to load
351: Wed May 20 16:46:25 2015 : Debug: (Loaded rlm_acct_unique,
checking if it's valid)
352: Wed May 20 16:46:25 2015 : Debug: Module: Linked to module
rlm_acct_unique
353: Wed May 20 16:46:25 2015 : Debug: Module: Instantiating module
"acct_unique" from file /usr/local/etc/raddb/modules/acct_unique
354: Wed May 20 16:46:25 2015 : Debug: acct_unique {
355: Wed May 20 16:46:25 2015 : Debug: key = "User-Name,
Acct-Session-Id, NAS-IP-Address, NAS-Identifier, NAS-Port"
356: Wed May 20 16:46:25 2015 : Debug: }
357: Wed May 20 16:46:25 2015 : Debug: Module: Checking accounting
{...} for more modules to load
358: Wed May 20 16:46:25 2015 : Debug: (Loaded rlm_detail, checking
if it's valid)
359: Wed May 20 16:46:25 2015 : Debug: Module: Linked to module rlm_detail
360: Wed May 20 16:46:25 2015 : Debug: Module: Instantiating module
"detail" from file /usr/local/etc/raddb/modules/detail
361: Wed May 20 16:46:25 2015 : Debug: detail {
362: Wed May 20 16:46:25 2015 : Debug: detailfile =
"/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d"
363: Wed May 20 16:46:25 2015 : Debug: header = "%t"
364: Wed May 20 16:46:25 2015 : Debug: detailperm = 384
365: Wed May 20 16:46:25 2015 : Debug: dirperm = 493
366: Wed May 20 16:46:25 2015 : Debug: locking = no
367: Wed May 20 16:46:25 2015 : Debug: log_packet_header = no
368: Wed May 20 16:46:25 2015 : Debug: escape_filenames = no
369: Wed May 20 16:46:25 2015 : Debug: }
370: Wed May 20 16:46:25 2015 : Debug: (Loaded rlm_attr_filter,
checking if it's valid)
371: Wed May 20 16:46:25 2015 : Debug: Module: Linked to module
rlm_attr_filter
372: Wed May 20 16:46:25 2015 : Debug: Module: Instantiating module
"attr_filter.accounting_response" from file
/usr/local/etc/raddb/modules/attr_filter
373: Wed May 20 16:46:25 2015 : Debug: attr_filter
attr_filter.accounting_response {
374: Wed May 20 16:46:25 2015 : Debug: attrsfile =
"/usr/local/etc/raddb/attrs.accounting_response"
375: Wed May 20 16:46:25 2015 : Debug: key = "%{User-Name}"
376: Wed May 20 16:46:25 2015 : Debug: relaxed = no
377: Wed May 20 16:46:25 2015 : Debug: }
378: Wed May 20 16:46:25 2015 : Debug: reading pairlist file
/usr/local/etc/raddb/attrs.accounting_response
379: Wed May 20 16:46:25 2015 : Debug: Module: Checking session {...}
for more modules to load
380: Wed May 20 16:46:25 2015 : Debug: (Loaded rlm_radutmp, checking
if it's valid)
381: Wed May 20 16:46:25 2015 : Debug: Module: Linked to module rlm_radutmp
382: Wed May 20 16:46:25 2015 : Debug: Module: Instantiating module
"radutmp" from file /usr/local/etc/raddb/modules/radutmp
383: Wed May 20 16:46:25 2015 : Debug: radutmp {
384: Wed May 20 16:46:25 2015 : Debug: filename =
"/var/log/radius/radutmp"
385: Wed May 20 16:46:25 2015 : Debug: username = "%{User-Name}"
386: Wed May 20 16:46:25 2015 : Debug: case_sensitive = yes
387: Wed May 20 16:46:25 2015 : Debug: check_with_nas = yes
388: Wed May 20 16:46:25 2015 : Debug: perm = 384
389: Wed May 20 16:46:25 2015 : Debug: callerid = yes
390: Wed May 20 16:46:25 2015 : Debug: }
391: Wed May 20 16:46:25 2015 : Debug: Module: Checking post-proxy
{...} for more modules to load
392: Wed May 20 16:46:25 2015 : Debug: Module: Checking post-auth {...}
for more modules to load
393: Wed May 20 16:46:25 2015 : Debug: Module: Instantiating module
"attr_filter.access_reject" from file
/usr/local/etc/raddb/modules/attr_filter
394: Wed May 20 16:46:25 2015 : Debug: attr_filter
attr_filter.access_reject {
395: Wed May 20 16:46:25 2015 : Debug: attrsfile =
"/usr/local/etc/raddb/attrs.access_reject"
396: Wed May 20 16:46:25 2015 : Debug: key = "%{User-Name}"
397: Wed May 20 16:46:25 2015 : Debug: relaxed = no
398: Wed May 20 16:46:25 2015 : Debug: }
399: Wed May 20 16:46:25 2015 : Debug: reading pairlist file
/usr/local/etc/raddb/attrs.access_reject
400: Wed May 20 16:46:25 2015 : Debug: } # modules
401: Wed May 20 16:46:25 2015 : Debug: } # server
402: Wed May 20 16:46:25 2015 : Debug: server inner-tunnel { # from file
/usr/local/etc/raddb/sites-enabled/inner-tunnel
403: Wed May 20 16:46:25 2015 : Debug: modules {
404: Wed May 20 16:46:25 2015 : Debug: Module: Checking authenticate
{...} for more modules to load
405: Wed May 20 16:46:25 2015 : Debug: Module: Checking authorize {...}
for more modules to load
406: Wed May 20 16:46:25 2015 : Debug: Module: Checking session {...}
for more modules to load
407: Wed May 20 16:46:25 2015 : Debug: Module: Checking post-proxy
{...} for more modules to load
408: Wed May 20 16:46:25 2015 : Debug: Module: Checking post-auth {...}
for more modules to load
409: Wed May 20 16:46:25 2015 : Debug: } # modules
410: Wed May 20 16:46:25 2015 : Debug: } # server
411: Wed May 20 16:46:25 2015 : Debug: radiusd: #### Opening IP
addresses and Ports ####
412: Wed May 20 16:46:25 2015 : Debug: listen {
413: Wed May 20 16:46:25 2015 : Debug: type = "auth"
414: Wed May 20 16:46:25 2015 : Debug: ipaddr = *
415: Wed May 20 16:46:25 2015 : Debug: port = 0
416: Wed May 20 16:46:25 2015 : Debug: }
417: Wed May 20 16:46:25 2015 : Debug: listen {
418: Wed May 20 16:46:25 2015 : Debug: type = "acct"
419: Wed May 20 16:46:25 2015 : Debug: ipaddr = *
420: Wed May 20 16:46:25 2015 : Debug: port = 0
421: Wed May 20 16:46:25 2015 : Debug: }
422: Wed May 20 16:46:25 2015 : Debug: listen {
423: Wed May 20 16:46:25 2015 : Debug: type = "control"
424: Wed May 20 16:46:25 2015 : Debug: listen {
425: Wed May 20 16:46:25 2015 : Debug: socket =
"/usr/local/var/run/radiusd/radiusd.sock"
426: Wed May 20 16:46:25 2015 : Debug: }
427: Wed May 20 16:46:25 2015 : Debug: }
428: Wed May 20 16:46:25 2015 : Debug: listen {
429: Wed May 20 16:46:25 2015 : Debug: type = "auth"
430: Wed May 20 16:46:25 2015 : Debug: ipaddr = 127.0.0.1
431: Wed May 20 16:46:25 2015 : Debug: port = 18120
432: Wed May 20 16:46:25 2015 : Debug: }
433: Wed May 20 16:46:25 2015 : Debug: ... adding new socket proxy
address * port 49326
434: Wed May 20 16:46:25 2015 : Debug: Listening on authentication
address * port 1812
435: Wed May 20 16:46:25 2015 : Debug: Listening on accounting address *
port 1813
436: Wed May 20 16:46:25 2015 : Debug: Listening on command file
/usr/local/var/run/radiusd/radiusd.sock
437: Wed May 20 16:46:25 2015 : Debug: Listening on authentication
address 127.0.0.1 port 18120 as server inner-tunnel
438: Wed May 20 16:46:25 2015 : Debug: Listening on proxy address * port
1814
439: Wed May 20 16:46:25 2015 : Info: Ready to process requests.
440: rad_recv: Access-Request packet from host 127.0.0.1 port 38078,
id=59, length=74
441: User-Name = "test"
442: User-Password = "test"
443: NAS-IP-Address = xx.xx.xx.xx
444: NAS-Port = 0
445: Message-Authenticator = 0x7aa095c3bdfd6bc29db406eaa142ef44
446: Wed May 20 16:46:28 2015 : Info: # Executing section authorize from
file /usr/local/etc/raddb/sites-enabled/default
447: Wed May 20 16:46:28 2015 : Info: +group authorize {
448: Wed May 20 16:46:28 2015 : Info: ++[preprocess] = ok
449: Wed May 20 16:46:28 2015 : Info: ++[chap] = noop
450: Wed May 20 16:46:28 2015 : Info: ++[mschap] = noop
451: Wed May 20 16:46:28 2015 : Info: ++[digest] = noop
452: Wed May 20 16:46:28 2015 : Info: [suffix] No '@' in User-Name =
"test", looking up realm NULL
453: Wed May 20 16:46:28 2015 : Info: [suffix] No such realm "NULL"
454: Wed May 20 16:46:28 2015 : Info: ++[suffix] = noop
455: Wed May 20 16:46:28 2015 : Info: [eap] No EAP-Message, not doing EAP
456: Wed May 20 16:46:28 2015 : Info: ++[eap] = noop
457: Wed May 20 16:46:28 2015 : Info: ++[reject] = reject
458: Wed May 20 16:46:28 2015 : Info: +} # group authorize = reject
459: Wed May 20 16:46:28 2015 : Info: Using Post-Auth-Type Reject
460: Wed May 20 16:46:28 2015 : Info: # Executing group from file
/usr/local/etc/raddb/sites-enabled/default
461: Wed May 20 16:46:28 2015 : Info: +group REJECT {
462: Wed May 20 16:46:28 2015 : Info: [eap] Request didn't contain an
EAP-Message, not inserting EAP-Failure
463: Wed May 20 16:46:28 2015 : Info: ++[eap] = noop
464: Wed May 20 16:46:28 2015 : Info: [attr_filter.access_reject]
expand: %{User-Name} -> test
465: Wed May 20 16:46:28 2015 : Debug: attr_filter: Matched entry
DEFAULT at line 11
466: Wed May 20 16:46:28 2015 : Info: ++[attr_filter.access_reject] =
updated
467: Wed May 20 16:46:28 2015 : Info: +} # group REJECT = updated
468: Wed May 20 16:46:28 2015 : Info: Delaying reject of request 0 for 1
seconds
469: Wed May 20 16:46:28 2015 : Debug: Going to the next request
470: Wed May 20 16:46:28 2015 : Debug: Waking up in 0.9 seconds.
471: Wed May 20 16:46:29 2015 : Info: Sending delayed reject for request 0
472: Sending Access-Reject of id 59 to 127.0.0.1 port 38078
473: Wed May 20 16:46:29 2015 : Debug: Waking up in 4.9 seconds.
474: Wed May 20 16:46:34 2015 : Info: Cleaning up request 0 ID 59 with
timestamp +3
475: Wed May 20 16:46:34 2015 : Info: Ready to process requests.
More information about the Freeradius-Users
mailing list