Certificate problem between 3.0.11 and 3.1.x
Jonathan Gazeley
Jonathan.Gazeley at bristol.ac.uk
Tue Mar 15 16:14:01 CET 2016
I've been migrating our RADIUS estate from 2.2.9 and 3.0.11 to 3.1.x,
built from git. Thanks to help from this list last week I've got eduroam
working successfully. I'm now struggling to get another SSID (machine
authentication for domain-joined Windows PCs) to work.
I can see that it is printing the warning:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!! EAP session 0x2ab6bf0 did not finish! !!
!! See http://wiki.freeradius.org/guide/Certificate_Compatibility !!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
however the same certificate works properly on 3.0.11. Has there been a
change of behaviour in the server?
Thanks,
Jonathan
FreeRADIUS Version 3.1.0
Copyright (C) 1999-2016 The FreeRADIUS server project and contributors
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License
For more information about these matters, see the file named COPYRIGHT
Starting - reading configuration files ...
including dictionary file /usr/share/freeradius/dictionary
including dictionary file /usr/share/freeradius/dictionary.dhcp
including dictionary file /usr/share/freeradius/dictionary.vqp
including dictionary file /etc/raddb/dictionary
including configuration file /etc/raddb/radiusd.conf
including configuration file /etc/raddb/proxy.conf
including files in directory /etc/raddb/clients.d/
including configuration file /etc/raddb/clients.d/WISM7.conf
including configuration file /etc/raddb/clients.d/YEOVIL.conf
including configuration file /etc/raddb/clients.d/WISM8.conf
including configuration file /etc/raddb/clients.d/WISM2.conf
including configuration file /etc/raddb/clients.d/NHS-JA-GW.conf
including configuration file /etc/raddb/clients.d/WISM2-HA.conf
including configuration file /etc/raddb/clients.d/localhost.conf
including configuration file /etc/raddb/clients.d/WISM5-HA.conf
including configuration file /etc/raddb/clients.d/WISM6.conf
including configuration file /etc/raddb/clients.d/roaming2.ja.net.conf
including configuration file /etc/raddb/clients.d/WISM3.conf
including configuration file /etc/raddb/clients.d/WISM6-HA.conf
including configuration file /etc/raddb/clients.d/roaming1.ja.net-v6.conf
including configuration file /etc/raddb/clients.d/monitor.conf
including configuration file /etc/raddb/clients.d/roaming1.ja.net.conf
including configuration file /etc/raddb/clients.d/WISM4-HA.conf
including configuration file /etc/raddb/clients.d/ENGINE-SHED.conf
including configuration file /etc/raddb/clients.d/NBHT.conf
including configuration file /etc/raddb/clients.d/roaming0.ja.net.conf
including configuration file /etc/raddb/clients.d/WISM5.conf
including configuration file /etc/raddb/clients.d/BCC110.conf
including configuration file /etc/raddb/clients.d/WISM1-HA.conf
including configuration file /etc/raddb/clients.d/testswitch.conf
including configuration file /etc/raddb/clients.d/UBHT120.conf
including configuration file /etc/raddb/clients.d/WISM7-HA.conf
including configuration file /etc/raddb/clients.d/adminctrl.conf
including configuration file /etc/raddb/clients.d/monitor-dev.conf
including configuration file /etc/raddb/clients.d/WISM4.conf
including configuration file /etc/raddb/clients.d/UBHT169.conf
including configuration file /etc/raddb/clients.d/WISM1.conf
including configuration file /etc/raddb/clients.d/TAUNTON-NEW.conf
including configuration file /etc/raddb/clients.d/F5.conf
including configuration file /etc/raddb/clients.d/roaming2.ja.net-v6.conf
including configuration file /etc/raddb/clients.d/WISM3-HA.conf
including configuration file /etc/raddb/clients.d/WISM9.conf
including configuration file /etc/raddb/clients.d/roaming0.ja.net-v6.conf
including configuration file /etc/raddb/clients.d/WISM12.conf
including files in directory /etc/raddb/mods-enabled/
including configuration file /etc/raddb/mods-enabled/detail.log
including configuration file /etc/raddb/mods-enabled/rainbowpreprocess
including configuration file /etc/raddb/mods-enabled/uobdetail
including configuration file /etc/raddb/mods-enabled/rainbowmschap
including configuration file /etc/raddb/mods-enabled/mschap
including configuration file /etc/raddb/mods-enabled/files-eduroam
including configuration file /etc/raddb/mods-enabled/linelog
/etc/raddb/mods-enabled/linelog[114]: Reference "${..pool}" not found
/etc/raddb/mods-enabled/linelog[127]: Reference "${..pool}" not found
including configuration file /etc/raddb/mods-enabled/vpimschap
including configuration file /etc/raddb/mods-enabled/rainbowlog
including configuration file /etc/raddb/mods-enabled/replicate
including configuration file /etc/raddb/mods-enabled/files
including configuration file /etc/raddb/mods-enabled/eduroameap
including configuration file /etc/raddb/mods-enabled/chap
including configuration file /etc/raddb/mods-enabled/exec
including configuration file /etc/raddb/mods-enabled/realm
including configuration file /etc/raddb/mods-enabled/dynamic_clients
including configuration file /etc/raddb/mods-enabled/digest
including configuration file /etc/raddb/mods-enabled/expr
including configuration file /etc/raddb/mods-enabled/sradutmp
including configuration file /etc/raddb/mods-enabled/eduroamvlan
including configuration file /etc/raddb/mods-enabled/dhcp
including configuration file /etc/raddb/mods-enabled/uobldap
including configuration file /etc/raddb/mods-enabled/uobsql-write
including configuration file
/etc/raddb/mods-config/uobsql-write-queries.conf
including configuration file /etc/raddb/mods-enabled/expiration
including configuration file /etc/raddb/mods-enabled/eduroamlioneap
including configuration file /etc/raddb/mods-enabled/logtofile
including configuration file /etc/raddb/mods-enabled/always
including configuration file /etc/raddb/mods-enabled/ntlm_auth
including configuration file /etc/raddb/mods-enabled/rainbowfiles
including configuration file /etc/raddb/mods-enabled/logtosyslog
including configuration file /etc/raddb/mods-enabled/attr_filter
including configuration file /etc/raddb/mods-enabled/utf8
including configuration file /etc/raddb/mods-enabled/radutmp
including configuration file /etc/raddb/mods-enabled/passwd
including configuration file /etc/raddb/mods-enabled/soh
including configuration file /etc/raddb/mods-enabled/unix
including configuration file /etc/raddb/mods-enabled/cache_eap
including configuration file /etc/raddb/mods-enabled/eduroammschap
including configuration file /etc/raddb/mods-enabled/uobsql
including configuration file /etc/raddb/mods-config/uobsql-queries.conf
including configuration file /etc/raddb/mods-enabled/eduroaminfo
including configuration file /etc/raddb/mods-enabled/detail
including configuration file /etc/raddb/mods-enabled/vpieap
including configuration file /etc/raddb/mods-enabled/rainboweap
including configuration file /etc/raddb/mods-enabled/echo
including configuration file /etc/raddb/mods-enabled/preprocess
including configuration file /etc/raddb/mods-enabled/unpack
including configuration file /etc/raddb/mods-enabled/pap
including configuration file /etc/raddb/mods-enabled/logintime
including configuration file /etc/raddb/templates.conf
including files in directory /etc/raddb/policy.d/
including configuration file /etc/raddb/policy.d/policies
including configuration file /etc/raddb/policy.d/normalization
including configuration file /etc/raddb/policy.d/filter
including configuration file /etc/raddb/policy.d/eduroam-realm-checks.conf
including configuration file /etc/raddb/policy.d/debug
including configuration file /etc/raddb/policy.d/dhcp
including configuration file /etc/raddb/policy.d/get-ssid
including configuration file /etc/raddb/policy.d/canonicalization
including configuration file /etc/raddb/policy.d/eap
including configuration file /etc/raddb/policy.d/control
including configuration file /etc/raddb/policy.d/vendor
including configuration file /etc/raddb/policy.d/logchecker
including configuration file /etc/raddb/policy.d/cui
including configuration file /etc/raddb/policy.d/abfab-tr
including configuration file /etc/raddb/policy.d/operator-name
including configuration file /etc/raddb/policy.d/accounting
including configuration file /etc/raddb/policy.d/rainbowmacauth
including files in directory /etc/raddb/sites-enabled/
including configuration file /etc/raddb/sites-enabled/eduroam-partners
including configuration file /etc/raddb/sites-enabled/bristolresearchnet
including configuration file /etc/raddb/sites-enabled/rainbow-inner
including configuration file /etc/raddb/sites-enabled/uobconsoles
including configuration file /etc/raddb/sites-enabled/control-socket
including configuration file /etc/raddb/sites-enabled/vpi-inner
including configuration file /etc/raddb/sites-enabled/rainbow
including configuration file /etc/raddb/sites-enabled/eduroamalien
including configuration file /etc/raddb/sites-enabled/vpi
including configuration file /etc/raddb/sites-enabled/status
including files in directory /etc/raddb/statusclients.d/
including configuration file /etc/raddb/statusclients.d/localhost.conf
including configuration file /etc/raddb/statusclients.d/monitor-devv6.conf
including configuration file /etc/raddb/statusclients.d/monitor.conf
including configuration file /etc/raddb/statusclients.d/monitorv6.conf
including configuration file /etc/raddb/statusclients.d/monitor-dev.conf
including configuration file /etc/raddb/sites-enabled/eduroamlocal-acct
including configuration file /etc/raddb/sites-enabled/eduroamlocal-auth
including configuration file /etc/raddb/sites-enabled/eduroamlion-inner
including configuration file /etc/raddb/sites-enabled/rainboweap-tls
including configuration file /etc/raddb/sites-enabled/eduroam-inner
main {
security {
user = "radiusd"
group = "radiusd"
allow_core_dumps = no
}
name = "radiusd"
prefix = "/usr"
localstatedir = "/var"
logdir = "/var/log/radius"
run_dir = "/var/run/radiusd"
}
main {
name = "radiusd"
prefix = "/usr"
localstatedir = "/var"
sbindir = "/usr/sbin"
logdir = "/var/log/radius"
run_dir = "/var/run/radiusd"
libdir = "/usr/lib64/freeradius"
radacctdir = "/var/log/radius/radacct"
hostname_lookups = no
max_request_time = 30
cleanup_delay = 5
continuation_timeout = 15
max_requests = 4096
pidfile = "/var/run/radiusd/radiusd.pid"
checkrad = "/usr/sbin/checkrad"
debug_level = 0
proxy_requests = yes
log {
stripped_names = no
auth = no
auth_badpass = no
auth_goodpass = no
colourise = yes
msg_denied = "You are already logged in - access denied"
}
resources {
}
security {
max_attributes = 200
reject_delay = 1.000000
status_server = yes
allow_vulnerable_openssl = "yes"
}
}
radiusd: #### Loading Realms and Home Servers ####
home_server jrs0 {
ipaddr = 194.82.174.185
port = 1812
type = "auth+acct"
proto = "udp"
secret = <<< secret >>>
response_window = 30.000000
response_timeouts = 1
max_outstanding = 65536
zombie_period = 40
status_check = "none"
ping_interval = 30
check_timeout = 4
num_answers_to_alive = 3
revive_interval = 300
limit {
max_connections = 16
max_requests = 0
lifetime = 0
idle_timeout = 0
}
coa {
irt = 2
mrt = 16
mrc = 5
mrd = 30
}
}
home_server jrs0v6 {
ipv6addr = 2001:630:1:128::185
port = 1812
type = "auth+acct"
proto = "udp"
secret = <<< secret >>>
response_window = 30.000000
response_timeouts = 1
max_outstanding = 65536
zombie_period = 40
status_check = "none"
ping_interval = 30
check_timeout = 4
num_answers_to_alive = 3
revive_interval = 300
limit {
max_connections = 16
max_requests = 0
lifetime = 0
idle_timeout = 0
}
coa {
irt = 2
mrt = 16
mrc = 5
mrd = 30
}
}
home_server jrs1 {
ipaddr = 194.83.56.233
port = 1812
type = "auth+acct"
proto = "udp"
secret = <<< secret >>>
response_window = 30.000000
response_timeouts = 1
max_outstanding = 65536
zombie_period = 40
status_check = "none"
ping_interval = 30
check_timeout = 4
num_answers_to_alive = 3
revive_interval = 300
limit {
max_connections = 16
max_requests = 0
lifetime = 0
idle_timeout = 0
}
coa {
irt = 2
mrt = 16
mrc = 5
mrd = 30
}
}
home_server jrs1v6 {
ipv6addr = 2001:630:1:12a::233
port = 1812
type = "auth+acct"
proto = "udp"
secret = <<< secret >>>
response_window = 30.000000
response_timeouts = 1
max_outstanding = 65536
zombie_period = 40
status_check = "none"
ping_interval = 30
check_timeout = 4
num_answers_to_alive = 3
revive_interval = 300
limit {
max_connections = 16
max_requests = 0
lifetime = 0
idle_timeout = 0
}
coa {
irt = 2
mrt = 16
mrc = 5
mrd = 30
}
}
home_server jrs2 {
ipaddr = 194.83.56.249
port = 1812
type = "auth+acct"
proto = "udp"
secret = <<< secret >>>
response_window = 30.000000
response_timeouts = 1
max_outstanding = 65536
zombie_period = 40
status_check = "none"
ping_interval = 30
check_timeout = 4
num_answers_to_alive = 3
revive_interval = 300
limit {
max_connections = 16
max_requests = 0
lifetime = 0
idle_timeout = 0
}
coa {
irt = 2
mrt = 16
mrc = 5
mrd = 30
}
}
home_server jrs2v6 {
ipv6addr = 2001:630:1:129::249
port = 1812
type = "auth+acct"
proto = "udp"
secret = <<< secret >>>
response_window = 30.000000
response_timeouts = 1
max_outstanding = 65536
zombie_period = 40
status_check = "none"
ping_interval = 30
check_timeout = 4
num_answers_to_alive = 3
revive_interval = 300
limit {
max_connections = 16
max_requests = 0
lifetime = 0
idle_timeout = 0
}
coa {
irt = 2
mrt = 16
mrc = 5
mrd = 30
}
}
home_server radius-dev {
ipaddr = 137.222.7.119
port = 16006
type = "auth+acct"
proto = "udp"
secret = <<< secret >>>
response_window = 30.000000
response_timeouts = 1
max_outstanding = 65536
zombie_period = 40
status_check = "none"
ping_interval = 30
check_timeout = 4
num_answers_to_alive = 3
revive_interval = 300
limit {
max_connections = 16
max_requests = 0
lifetime = 0
idle_timeout = 0
}
coa {
irt = 2
mrt = 16
mrc = 5
mrd = 30
}
}
home_server radius-dev-v6 {
ipv6addr = 2001:630:e4:81:137:222:7:119
port = 16006
type = "auth+acct"
proto = "udp"
secret = <<< secret >>>
response_window = 30.000000
response_timeouts = 1
max_outstanding = 65536
zombie_period = 40
status_check = "none"
ping_interval = 30
check_timeout = 4
num_answers_to_alive = 3
revive_interval = 300
limit {
max_connections = 16
max_requests = 0
lifetime = 0
idle_timeout = 0
}
coa {
irt = 2
mrt = 16
mrc = 5
mrd = 30
}
}
realm LOCAL {
}
realm bris.ac.uk {
}
realm bristol.ac.uk {
}
home_server_pool dev {
type = fail-over
home_server = radius-dev
home_server = radius-dev-v6
}
realm dev {
pool = dev
}
home_server_pool jrs {
type = fail-over
home_server = jrs1v6
home_server = jrs2v6
home_server = jrs1
home_server = jrs0v6
home_server = jrs2
home_server = jrs0
}
realm jrs {
pool = jrs
nostrip
}
realm lion.bristol.ac.uk {
}
realm my.bristol.ac.uk {
}
radiusd: #### Loading Clients ####
client WISM7 {
ipaddr = 172.17.107.207
require_message_authenticator = no
secret = <<< secret >>>
shortname = "WISM7"
nas_type = "cisco"
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
client YEOVIL {
ipaddr = 195.171.105.146
require_message_authenticator = no
secret = <<< secret >>>
shortname = "YEOVIL"
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
client WISM8 {
ipaddr = 172.17.107.208
require_message_authenticator = no
secret = <<< secret >>>
shortname = "WISM8"
nas_type = "cisco"
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
client WISM2 {
ipaddr = 172.17.107.202
require_message_authenticator = no
secret = <<< secret >>>
shortname = "WISM2"
nas_type = "cisco"
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
client NHS-JA-GW {
ipaddr = 194.176.105.96/28
require_message_authenticator = no
secret = <<< secret >>>
shortname = "NHS-JA-GW"
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
client WISM2-HA {
ipaddr = 172.17.107.102
require_message_authenticator = no
secret = <<< secret >>>
shortname = "WISM2-HA"
nas_type = "cisco"
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
client localhost {
ipaddr = 127.0.0.1
require_message_authenticator = no
secret = <<< secret >>>
shortname = "localhost"
nas_type = "other"
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
client WISM5-HA {
ipaddr = 172.17.107.105
require_message_authenticator = no
secret = <<< secret >>>
shortname = "WISM5-HA"
nas_type = "cisco"
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
client WISM6 {
ipaddr = 172.17.107.206
require_message_authenticator = no
secret = <<< secret >>>
shortname = "WISM6"
nas_type = "cisco"
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
client roaming2.ja.net {
ipaddr = 194.83.56.249
require_message_authenticator = no
secret = <<< secret >>>
shortname = "roaming2.ja.net"
virtual_server = "eduroamalien"
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
client WISM3 {
ipaddr = 172.17.107.203
require_message_authenticator = no
secret = <<< secret >>>
shortname = "WISM3"
nas_type = "cisco"
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
client WISM6-HA {
ipaddr = 172.17.107.106
require_message_authenticator = no
secret = <<< secret >>>
shortname = "WISM6-HA"
nas_type = "cisco"
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
client roaming1.ja.net-v6 {
ipv6addr = 2001:630:1:12a::233
require_message_authenticator = no
secret = <<< secret >>>
shortname = "roaming1.ja.net-v6"
virtual_server = "eduroamalien"
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
client monitor {
ipaddr = 137.222.7.147
require_message_authenticator = no
secret = <<< secret >>>
shortname = "monitor"
nas_type = "other"
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
client roaming1.ja.net {
ipaddr = 194.83.56.233
require_message_authenticator = no
secret = <<< secret >>>
shortname = "roaming1.ja.net"
virtual_server = "eduroamalien"
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
client WISM4-HA {
ipaddr = 172.17.107.104
require_message_authenticator = no
secret = <<< secret >>>
shortname = "WISM4-HA"
nas_type = "cisco"
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
client ENGINE-SHED {
ipaddr = 172.21.120.253
require_message_authenticator = no
secret = <<< secret >>>
shortname = "ENGINE-SHED"
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
client NBHT {
ipaddr = 82.33.242.34
require_message_authenticator = no
secret = <<< secret >>>
shortname = "NBHT"
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
client roaming0.ja.net {
ipaddr = 194.82.174.185
require_message_authenticator = no
secret = <<< secret >>>
shortname = "roaming0.ja.net"
virtual_server = "eduroamalien"
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
client WISM5 {
ipaddr = 172.17.107.205
require_message_authenticator = no
secret = <<< secret >>>
shortname = "WISM5"
nas_type = "cisco"
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
client BCC110 {
ipaddr = 193.35.235.110
require_message_authenticator = no
secret = <<< secret >>>
shortname = "BCC110"
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
client WISM1-HA {
ipaddr = 172.17.107.101
require_message_authenticator = no
secret = <<< secret >>>
shortname = "WISM1-HA"
nas_type = "cisco"
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
client testswitch {
ipaddr = 172.17.51.30
require_message_authenticator = no
secret = <<< secret >>>
shortname = "testswitch"
nas_type = "cisco"
virtual_server = "rainbow"
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
client UBHT120 {
ipaddr = 10.160.155.120
require_message_authenticator = no
secret = <<< secret >>>
shortname = "UBHT120"
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
client WISM7-HA {
ipaddr = 172.17.107.107
require_message_authenticator = no
secret = <<< secret >>>
shortname = "WISM7-HA"
nas_type = "cisco"
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
client adminctrl {
ipaddr = 172.17.0.0/16
require_message_authenticator = no
secret = <<< secret >>>
shortname = "adminctrl"
nas_type = "cisco"
virtual_server = "rainbow"
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
client monitor-dev {
ipaddr = 137.222.8.103
require_message_authenticator = no
secret = <<< secret >>>
shortname = "monitor-dev"
nas_type = "other"
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
client WISM4 {
ipaddr = 172.17.107.204
require_message_authenticator = no
secret = <<< secret >>>
shortname = "WISM4"
nas_type = "cisco"
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
client UBHT169 {
ipaddr = 10.160.156.169
require_message_authenticator = no
secret = <<< secret >>>
shortname = "UBHT169"
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
client WISM1 {
ipaddr = 172.17.107.201
require_message_authenticator = no
secret = <<< secret >>>
shortname = "WISM1"
nas_type = "cisco"
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
client TAUNTON-NEW {
ipaddr = 109.176.101.162
require_message_authenticator = no
secret = <<< secret >>>
shortname = "TAUNTON-NEW"
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
client F5 {
ipaddr = 137.222.250.0/24
require_message_authenticator = no
secret = <<< secret >>>
shortname = "F5"
nas_type = "other"
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
client roaming2.ja.net-v6 {
ipv6addr = 2001:630:1:129::249
require_message_authenticator = no
secret = <<< secret >>>
shortname = "roaming2.ja.net-v6"
virtual_server = "eduroamalien"
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
client WISM3-HA {
ipaddr = 172.17.107.103
require_message_authenticator = no
secret = <<< secret >>>
shortname = "WISM3-HA"
nas_type = "cisco"
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
client WISM9 {
ipaddr = 172.17.107.209
require_message_authenticator = no
secret = <<< secret >>>
shortname = "WISM9"
nas_type = "cisco"
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
client roaming0.ja.net-v6 {
ipv6addr = 2001:630:1:128::185
require_message_authenticator = no
secret = <<< secret >>>
shortname = "roaming0.ja.net-v6"
virtual_server = "eduroamalien"
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
client WISM12 {
ipaddr = 172.17.107.212
require_message_authenticator = no
secret = <<< secret >>>
shortname = "WISM12"
nas_type = "cisco"
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
Debugger not attached
thread pool {
start_servers = 5
max_servers = 256
min_spare_servers = 3
max_spare_servers = 10
max_requests_per_server = 0
cleanup_delay = 5
max_queue_size = 65536
auto_limit_acct = no
}
WARNING: Ignoring "max_spare_servers = 10", forcing to
"max_spare_servers = 3"
listen {
type = "control"
listen {
socket = "/var/run/radiusd/control/radiusd.sock"
mode = "rw"
peercred = yes
}
}
listen {
type = "auth"
ipaddr = *
port = 1645
recv_buff = 0
}
listen {
type = "acct"
ipaddr = *
port = 1646
recv_buff = 0
}
listen {
type = "auth"
ipaddr = *
port = 16061
recv_buff = 0
}
listen {
type = "acct"
ipaddr = *
port = 16062
recv_buff = 0
}
listen {
type = "auth"
ipaddr = *
port = 16063
recv_buff = 0
}
listen {
type = "acct"
ipaddr = *
port = 16064
recv_buff = 0
}
# Creating Autz-Type = Status-Server
# Creating Auth-Type = eduroameap
# Creating Auth-Type = eduroamlioneap
# Creating Acct-Type = Status-Server
listen {
type = "auth"
ipaddr = *
port = 16014
recv_buff = 0
}
listen {
type = "acct"
ipaddr = *
port = 16015
recv_buff = 0
}
# Creating Auth-Type = PAP
# Creating Auth-Type = MS-CHAP
# Creating Auth-Type = rainboweap
listen {
type = "auth"
ipaddr = *
port = 16018
recv_buff = 0
}
# Creating Auth-Type = vpieap
listen {
type = "auth"
ipaddr = *
port = 16028
recv_buff = 0
}
listen {
type = "acct"
ipaddr = *
port = 16029
recv_buff = 0
}
listen {
type = "auth"
ipaddr = *
port = 1812
recv_buff = 0
}
listen {
type = "auth"
ipv6addr = ::
port = 1812
recv_buff = 0
}
listen {
type = "auth"
ipaddr = *
port = 16020
recv_buff = 0
}
listen {
type = "acct"
ipaddr = *
port = 16021
recv_buff = 0
}
listen {
type = "status"
ipaddr = *
port = 18120
recv_buff = 0
client localhost {
ipaddr = 127.0.0.1
require_message_authenticator = no
secret = <<< secret >>>
shortname = "localhost"
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
client monitor-devv6 {
ipv6addr = 2001:630:e4:81:137:222:8:103
require_message_authenticator = no
secret = <<< secret >>>
shortname = "monitor-devv6"
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
client monitor {
ipaddr = 137.222.7.147
require_message_authenticator = no
secret = <<< secret >>>
shortname = "monitor"
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
client monitorv6 {
ipv6addr = 2001:630:e4:81:137:222:7:147
require_message_authenticator = no
secret = <<< secret >>>
shortname = "monitorv6"
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
client monitor-dev {
ipaddr = 137.222.8.103
require_message_authenticator = no
secret = <<< secret >>>
shortname = "monitor-dev"
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
}
/etc/raddb/statusclients.d/localhost.conf[1]: Ignoring unknown
sub-section "client"
/etc/raddb/statusclients.d/monitor-devv6.conf[1]: Ignoring unknown
sub-section "client"
/etc/raddb/statusclients.d/monitor.conf[1]: Ignoring unknown sub-section
"client"
/etc/raddb/statusclients.d/monitorv6.conf[1]: Ignoring unknown
sub-section "client"
/etc/raddb/statusclients.d/monitor-dev.conf[1]: Ignoring unknown
sub-section "client"
listen {
type = "acct"
ipaddr = *
port = 16007
recv_buff = 0
}
listen {
type = "auth"
ipaddr = *
port = 16006
recv_buff = 0
}
# Creating Auth-Type = files-eduroam
radiusd: #### Loading modules ####
modules {
# Loaded module "rlm_detail"
# Loading module "auth_log" from file /etc/raddb/mods-enabled/detail.log
detail auth_log {
filename =
"/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d"
header = "%t"
permissions = 384
locking = no
escape_filenames = no
log_packet_header = no
}
# Loading module "reply_log" from file /etc/raddb/mods-enabled/detail.log
detail reply_log {
filename =
"/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/reply-detail-%Y%m%d"
header = "%t"
permissions = 384
locking = no
escape_filenames = no
log_packet_header = no
}
# Loading module "pre_proxy_log" from file
/etc/raddb/mods-enabled/detail.log
detail pre_proxy_log {
filename =
"/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/pre-proxy-detail-%Y%m%d"
header = "%t"
permissions = 384
locking = no
escape_filenames = no
log_packet_header = no
}
# Loading module "post_proxy_log" from file
/etc/raddb/mods-enabled/detail.log
detail post_proxy_log {
filename =
"/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/post-proxy-detail-%Y%m%d"
header = "%t"
permissions = 384
locking = no
escape_filenames = no
log_packet_header = no
}
# Loaded module "rlm_preprocess"
# Loading module "rainbowpreprocess" from file
/etc/raddb/mods-enabled/rainbowpreprocess
preprocess rainbowpreprocess {
with_ascend_hack = no
ascend_channels_per_line = 23
with_ntdomain_hack = no
with_specialix_jetstream_hack = no
with_cisco_vsa_hack = yes
with_alvarion_vsa_hack = no
}
# Loading module "uob_detail" from file /etc/raddb/mods-enabled/uobdetail
detail uob_detail {
filename =
"/var/log/radius/radacct/%{%{Virtual-Server}:-UNKNOWN}/detail.log"
header = "%t"
permissions = 416
locking = no
escape_filenames = no
log_packet_header = no
}
# Loading module "uob_auth_log" from file
/etc/raddb/mods-enabled/uobdetail
detail uob_auth_log {
filename =
"/var/log/radius/radacct/%{%{Virtual-Server}:-UNKNOWN}/auth-detail.log"
header = "%t"
permissions = 384
locking = no
escape_filenames = no
log_packet_header = yes
}
# Loading module "uob_auth_log_password" from file
/etc/raddb/mods-enabled/uobdetail
detail uob_auth_log_password {
filename =
"/var/log/radius/radacct/%{%{Virtual-Server}:-UNKNOWN}/auth-detail.log"
header = "%t"
permissions = 384
locking = no
escape_filenames = no
log_packet_header = no
}
# Loading module "uob_reply_log" from file
/etc/raddb/mods-enabled/uobdetail
detail uob_reply_log {
filename =
"/var/log/radius/radacct/%{%{Virtual-Server}:-UNKNOWN}/reply-detail.log"
header = "%t"
permissions = 384
locking = no
escape_filenames = no
log_packet_header = no
}
# Loading module "uob_pre_proxy_log" from file
/etc/raddb/mods-enabled/uobdetail
detail uob_pre_proxy_log {
filename =
"/var/log/radius/radacct/%{%{Virtual-Server}:-DEFAULT}/pre-proxy-detail.log"
header = "%t"
permissions = 384
locking = no
escape_filenames = no
log_packet_header = no
}
# Loading module "uob_post_proxy_log" from file
/etc/raddb/mods-enabled/uobdetail
detail uob_post_proxy_log {
filename =
"/var/log/radius/radacct/%{%{Virtual-Server}:-DEFAULT}/post-proxy-detail.log"
header = "%t"
permissions = 384
locking = no
escape_filenames = no
log_packet_header = no
}
# Loaded module "rlm_mschap"
# Loading module "rainbowmschap" from file
/etc/raddb/mods-enabled/rainbowmschap
mschap rainbowmschap {
use_mppe = yes
require_encryption = no
require_strong = no
with_ntdomain_hack = yes
ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key
--username=%{%{Stripped-User-Name}:-%{rainbowmschap:User-Name}}
--challenge=%{%{rainbowmschap:Challenge}:-00}
--nt-response=%{%{rainbowmschap:NT-Response}:-00}"
passchange {
}
allow_retry = yes
}
# Loading module "rainbowmachinemschap" from file
/etc/raddb/mods-enabled/rainbowmschap
mschap rainbowmachinemschap {
use_mppe = yes
require_encryption = no
require_strong = no
with_ntdomain_hack = yes
ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key
--username=%{%{Stripped-User-Name}:-%{rainbowmschap:User-Name}}
--challenge=%{%{rainbowmschap:Challenge}:-00}
--nt-response=%{%{rainbowmschap:NT-Response}:-00}
--require-membership-of=S-1-5-21-1117850145-1682116191-196506527-515"
passchange {
}
allow_retry = yes
}
# Loading module "mschap" from file /etc/raddb/mods-enabled/mschap
mschap {
use_mppe = yes
require_encryption = no
require_strong = no
with_ntdomain_hack = yes
passchange {
}
allow_retry = yes
}
# Loaded module "rlm_files"
# Loading module "files-eduroam" from file
/etc/raddb/mods-enabled/files-eduroam
files files-eduroam {
usersfile = "/etc/raddb/users.d/users-eduroam"
}
# Loaded module "rlm_linelog"
# Loading module "linelog" from file /etc/raddb/mods-enabled/linelog
linelog {
destination = "file"
delimiter = " "
file {
filename = "/var/log/radius/linelog"
permissions = 384
escape_filenames = no
}
syslog {
severity = "info"
}
unix {
}
tcp {
port = 514
timeout = 2.000000
}
udp {
port = 514
timeout = 2.000000
}
}
# Loading module "log_accounting" from file
/etc/raddb/mods-enabled/linelog
linelog log_accounting {
destination = "file"
delimiter = " "
file {
filename = "/var/log/radius/linelog-accounting"
permissions = 384
escape_filenames = no
}
syslog {
severity = "info"
}
unix {
}
tcp {
timeout = 1000.000000
}
udp {
timeout = 1000.000000
}
}
# Loading module "vpimschap" from file /etc/raddb/mods-enabled/vpimschap
mschap vpimschap {
use_mppe = yes
require_encryption = no
require_strong = no
with_ntdomain_hack = yes
ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key
--username=%{%{Stripped-User-Name}:-%{vpimschap:User-Name}}
--challenge=%{vpimschap:Challenge}
--nt-response=%{vpimschap:NT-Response}
--require-membership-of=S-1-5-21-1117850145-1682116191-196506527-149178"
passchange {
}
allow_retry = yes
}
# Loading module "rainbowlogsyslog" from file
/etc/raddb/mods-enabled/rainbowlog
linelog rainbowlogsyslog {
destination = "syslog"
delimiter = " "
file {
permissions = 384
escape_filenames = no
}
syslog {
facility = "local5"
severity = "info"
}
unix {
}
tcp {
timeout = 1000.000000
}
udp {
timeout = 1000.000000
}
}
# Loading module "rainbowlogfiles" from file
/etc/raddb/mods-enabled/rainbowlog
linelog rainbowlogfiles {
destination = "file"
delimiter = " "
file {
filename = "/var/log/radius/radiusd-%{%{Virtual-Server}:-DEFAULT}.log"
permissions = 384
escape_filenames = no
}
syslog {
severity = "info"
}
unix {
}
tcp {
timeout = 1000.000000
}
udp {
timeout = 1000.000000
}
}
# Loading module "rainbowacclog" from file
/etc/raddb/mods-enabled/rainbowlog
linelog rainbowacclog {
destination = "syslog"
delimiter = " "
file {
permissions = 384
escape_filenames = no
}
syslog {
facility = "local5"
severity = "info"
}
unix {
}
tcp {
timeout = 1000.000000
}
udp {
timeout = 1000.000000
}
}
# Loaded module "rlm_replicate"
# Loading module "replicate" from file /etc/raddb/mods-enabled/replicate
# Loading module "files" from file /etc/raddb/mods-enabled/files
files {
filename = "/etc/raddb/mods-config/files/authorize"
acctusersfile = "/etc/raddb/mods-config/files/accounting"
preproxy_usersfile = "/etc/raddb/mods-config/files/pre-proxy"
}
# Loaded module "rlm_eap"
# Loading module "eduroameap" from file
/etc/raddb/mods-enabled/eduroameap
eap eduroameap {
default_eap_type = "peap"
ignore_unknown_eap_types = no
cisco_accounting_username_bug = no
}
# Linked to sub-module rlm_eap_tls
tls {
tls = "tls-common"
require_client_cert = yes
}
tls-config tls-common {
verify_depth = 0
ca_path = "/etc/raddb/certs"
pem_file_type = yes
private_key_file = "/etc/raddb/certs/eduroam.wireless.bris.ac.uk.key"
certificate_file =
"/etc/raddb/certs/eduroam.wireless.bris.ac.uk-cert.pem"
ca_file = "/etc/raddb/certs/uob-net-ca.pem"
dh_file = "/etc/raddb/certs/dh"
fragment_size = 1024
include_length = yes
auto_chain = yes
check_crl = no
check_all_crl = no
cipher_list = "DEFAULT:!ADH:!SSLv2"
ecdh_curve = "prime256v1"
cache {
}
verify {
}
ocsp {
enable = no
override_cert_url = yes
url = "http://127.0.0.1/ocsp/"
use_nonce = yes
timeout = 0
softfail = no
}
}
# Linked to sub-module rlm_eap_ttls
ttls {
tls = "tls-common"
default_eap_type = "mschapv2"
copy_request_to_tunnel = yes
use_tunneled_reply = yes
virtual_server = "eduroam-inner"
include_length = yes
require_client_cert = no
}
tls - Using cached TLS configuration from previous invocation
# Linked to sub-module rlm_eap_peap
peap {
tls = "tls-common"
default_eap_type = "mschapv2"
copy_request_to_tunnel = yes
use_tunneled_reply = yes
proxy_tunneled_request_as_eap = yes
virtual_server = "eduroam-inner"
soh = no
require_client_cert = no
}
tls - Using cached TLS configuration from previous invocation
rlm_eap_peap - Failed to find 'Auth-Type eap' section in virtual server
eduroam-inner. The server cannot proxy inner-tunnel EAP packets.
# Linked to sub-module rlm_eap_mschapv2
mschapv2 {
with_ntdomain_hack = no
send_error = no
}
# Loaded module "rlm_chap"
# Loading module "chap" from file /etc/raddb/mods-enabled/chap
# Loaded module "rlm_exec"
# Loading module "exec" from file /etc/raddb/mods-enabled/exec
exec {
wait = no
input_pairs = "request"
shell_escape = yes
timeout = 10
}
# Loaded module "rlm_realm"
# Loading module "IPASS" from file /etc/raddb/mods-enabled/realm
realm IPASS {
format = "prefix"
delimiter = "/"
ignore_default = no
ignore_null = no
}
# Loading module "suffix" from file /etc/raddb/mods-enabled/realm
realm suffix {
format = "suffix"
delimiter = "@"
ignore_default = no
ignore_null = no
}
# Loading module "realmpercent" from file /etc/raddb/mods-enabled/realm
realm realmpercent {
format = "suffix"
delimiter = "%"
ignore_default = no
ignore_null = no
}
# Loading module "ntdomain" from file /etc/raddb/mods-enabled/realm
realm ntdomain {
format = "prefix"
delimiter = "\\"
ignore_default = no
ignore_null = no
}
# Loaded module "rlm_dynamic_clients"
# Loading module "dynamic_clients" from file
/etc/raddb/mods-enabled/dynamic_clients
# Loaded module "rlm_digest"
# Loading module "digest" from file /etc/raddb/mods-enabled/digest
# Loaded module "rlm_expr"
# Loading module "expr" from file /etc/raddb/mods-enabled/expr
expr {
safe_characters =
"@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_:
/äéöüàâæçèéêëîïôœùûüaÿÄÉÖÜßÀÂÆÇÈÉÊËÎÏÔŒÙÛÜŸ"
}
# Loaded module "rlm_radutmp"
# Loading module "sradutmp" from file /etc/raddb/mods-enabled/sradutmp
radutmp sradutmp {
filename = "/var/log/radius/sradutmp"
username = "%{User-Name}"
case_sensitive = yes
check_with_nas = yes
permissions = 420
caller_id = no
}
# Loaded module "rlm_cache"
# Loading module "eduroamvlan" from file
/etc/raddb/mods-enabled/eduroamvlan
cache eduroamvlan {
driver = "rlm_cache_rbtree"
ttl = 600
max_entries = 0
epoch = 0
add_stats = no
}
# Loaded module "rlm_dhcp"
# Loading module "dhcp" from file /etc/raddb/mods-enabled/dhcp
# Loaded module "rlm_ldap"
# Loading module "uobldap" from file /etc/raddb/mods-enabled/uobldap
ldap uobldap {
server = "cse-lox.ads.bris.ac.uk"
port = 636
identity = "CN=iser-linauth,OU=ISER - Special Purpose
Accounts,OU=ISER,DC=ads,DC=bris,DC=ac,DC=uk"
password = <<< secret >>>
sasl {
}
user {
scope = "sub"
access_positive = yes
sasl {
}
}
group {
filter = "(objectClass=posixGroup)"
scope = "sub"
name_attribute = "cn"
membership_attribute = "memberOf"
cacheable_name = no
cacheable_dn = no
}
client {
filter = "(objectClass=radiusClient)"
scope = "sub"
base_dn = "DC=ads,DC=bris,DC=ac,DC=uk"
}
profile {
}
options {
ldap_debug = 40
chase_referrals = yes
use_referral_credentials = no
rebind = yes
session_tracking = no
res_timeout = 10
srv_timelimit = 3
idle = 60
probes = 3
interval = 3
}
tls {
start_tls = no
require_cert = "allow"
}
}
Creating attribute uobldap-LDAP-Group
# Loaded module "rlm_sql"
# Loading module "uobsql-write" from file
/etc/raddb/mods-enabled/uobsql-write
sql uobsql-write {
driver = "rlm_sql_mysql"
server = "db-write.nomadic-core.bris.ac.uk"
port = 3306
login = "radiusd"
password = <<< secret >>>
radius_db = "radius"
read_groups = yes
read_profiles = yes
read_clients = no
delete_stale_sessions = yes
sql_user_name = "%{%{Stripped-User-Name}:-%{User-Name}}"
group_attribute = "uobsql-write-sql-Group"
default_user_profile = ""
client_query = "SELECT id, nasname, shortname, type, secret, server
FROM nas"
authorize_check_query = "SELECT id, username, attribute, value, op
FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id"
authorize_reply_query = "SELECT id, username, attribute, value, op
FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id"
authorize_group_check_query = "SELECT id, groupname, attribute,
Value, op FROM radgroupcheck WHERE groupname =
'%{uobsql-write-sql-Group}' ORDER BY id"
authorize_group_reply_query = "SELECT id, groupname, attribute,
value, op FROM radgroupreply WHERE groupname =
'%{uobsql-write-sql-Group}' ORDER BY id"
group_membership_query = "SELECT groupname FROM radusergroup WHERE
username = '%{SQL-User-Name}' ORDER BY priority"
simul_verify_query = "SELECT radacctid, acctsessionid, username,
nasipaddress, nasportid, framedipaddress, callingstationid,
framedprotocol FROM radacct WHERE username = '%{SQL-User-Name}' AND
acctstoptime IS NULL"
safe_characters =
"@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
accounting {
reference = "%{tolower:type.%{Acct-Status-Type}.query}"
type {
accounting-on {
query = "UPDATE radacct SET acctstoptime = '%S', acctsessiontime
= '%{integer:Event-Timestamp}' - UNIX_TIMESTAMP(acctstarttime),
acctterminatecause = '%{%{Acct-Terminate-Cause}:-NAS-Reboot}' WHERE
acctstoptime IS NULL AND nasipaddress = '%{NAS-IP-Address}' AND
acctstarttime <= '%S'"
}
accounting-off {
query = "UPDATE radacct SET acctstoptime = '%S', acctsessiontime
= '%{integer:Event-Timestamp}' - UNIX_TIMESTAMP(acctstarttime),
acctterminatecause = '%{%{Acct-Terminate-Cause}:-NAS-Reboot}' WHERE
acctstoptime IS NULL AND nasipaddress = '%{NAS-IP-Address}' AND
acctstarttime <= '%S'"
}
start {
query = "INSERT INTO radacct (acctsessionid, acctuniqueid,
username, realm, nasipaddress, nasportid, nasporttype,
acctstarttime, acctupdatetime, acctstoptime, acctsessiontime,
acctauthentic, connectinfo_start, connectinfo_stop, acctinputoctets,
acctoutputoctets, calledstationid, callingstationid,
acctterminatecause, servicetype, framedprotocol, framedipaddress,
virtual_server, radius_server, vlan, strippedusername) VALUES
('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}',
'%{Realm}', '%{NAS-IP-Address}', '%{%{NAS-Port-ID}:-%{NAS-Port}}',
'%{NAS-Port-Type}', '%S', '%S', NULL, '0', '%{Acct-Authentic}',
'%{Connect-Info}', '', '0', '0', '%{Called-Station-Id}',
'%{Calling-Station-Id}', '', '%{Service-Type}', '%{Framed-Protocol}',
'%{Framed-IP-Address}', '%{Virtual-Server}', '%{Packet-Dst-IP-Address}',
'%{Tunnel-Private-Group-Id}', SUBSTRING_INDEX('%{SQL-User-Name}', '@', 1))"
query = "UPDATE radacct SET acctstarttime = '%S', acctupdatetime
= '%S', connectinfo_start = '%{Connect-Info}' WHERE AcctUniqueId =
'%{Acct-Unique-Session-Id}'"
}
interim-update {
query = "UPDATE radacct SET acctupdatetime =
(@acctupdatetime_old:=acctupdatetime), acctupdatetime = '%S',
acctinterval = %{integer:Event-Timestamp} -
UNIX_TIMESTAMP(@acctupdatetime_old), framedipaddress =
'%{Framed-IP-Address}', acctsessiontime = %{%{Acct-Session-Time}:-NULL},
acctinputoctets = '%{%{Acct-Input-Gigawords}:-0}' << 32 |
'%{%{Acct-Input-Octets}:-0}', acctoutputoctets =
'%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}'
WHERE AcctUniqueId = '%{Acct-Unique-Session-Id}'"
query = "INSERT INTO radacct (acctsessionid, acctuniqueid,
username, realm, nasipaddress, nasportid, nasporttype,
acctstarttime, acctupdatetime, acctstoptime, acctsessiontime,
acctauthentic, connectinfo_start, connectinfo_stop, acctinputoctets,
acctoutputoctets, calledstationid, callingstationid,
acctterminatecause, servicetype, framedprotocol, framedipaddress,
virtual_server, radius_server, vlan, strippedusername) VALUES
('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}',
'%{Realm}', '%{NAS-IP-Address}', '%{%{NAS-Port-ID}:-%{NAS-Port}}',
'%{NAS-Port-Type}', FROM_UNIXTIME(%{integer:Event-Timestamp} -
%{%{Acct-Session-Time}:-0}), '%S', NULL, %{%{Acct-Session-Time}:-NULL},
'%{Acct-Authentic}', '%{Connect-Info}', '',
'%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}',
'%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}',
'%{Called-Station-Id}', '%{Calling-Station-Id}', '', '%{Service-Type}',
'%{Framed-Protocol}', '%{Framed-IP-Address}', '%{Virtual-Server}',
'%{Packet-Dst-IP-Address}', '%{Tunnel-Private-Group-Id}',
SUBSTRING_INDEX('%{SQL-User-Name}', '@', 1))"
}
stop {
query = "UPDATE radacct SET acctstoptime = '%S', acctsessiontime
= %{%{Acct-Session-Time}:-NULL}, acctinputoctets =
'%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}',
acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' << 32 |
'%{%{Acct-Output-Octets}:-0}', acctterminatecause =
'%{Acct-Terminate-Cause}', connectinfo_stop = '%{Connect-Info}' WHERE
AcctUniqueId = '%{Acct-Unique-Session-Id}'"
query = "INSERT INTO radacct (acctsessionid, acctuniqueid,
username, realm, nasipaddress, nasportid, nasporttype,
acctstarttime, acctupdatetime, acctstoptime, acctsessiontime,
acctauthentic, connectinfo_start, connectinfo_stop, acctinputoctets,
acctoutputoctets, calledstationid, callingstationid,
acctterminatecause, servicetype, framedprotocol, framedipaddress,
virtual_server, radius_server, vlan, strippedusername) VALUES
('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}',
'%{Realm}', '%{NAS-IP-Address}', '%{%{NAS-Port-ID}:-%{NAS-Port}}',
'%{NAS-Port-Type}', FROM_UNIXTIME(%{integer:Event-Timestamp} -
%{%{Acct-Session-Time}:-0}), '%S', '%S', %{%{Acct-Session-Time}:-NULL},
'%{Acct-Authentic}', '', '%{Connect-Info}',
'%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}',
'%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}',
'%{Called-Station-Id}', '%{Calling-Station-Id}',
'%{Acct-Terminate-Cause}', '%{Service-Type}', '%{Framed-Protocol}',
'%{Framed-IP-Address}', '%{Virtual-Server}', '%{Packet-Dst-IP-Address}',
'%{Tunnel-Private-Group-Id}', SUBSTRING_INDEX('%{SQL-User-Name}', '@', 1))"
}
}
}
post-auth {
reference = ".query"
query = "INSERT INTO radpostauth (username, pass, reply, authdate)
VALUES ( '%{SQL-User-Name}', '%{%{User-Password}:-%{Chap-Password}}',
'%{reply:Packet-Type}', '%S')"
}
}
rlm_sql (uobsql-write) - Driver rlm_sql_mysql (module rlm_sql_mysql)
loaded and linked
Creating attribute uobsql-write-sql-Group
# Loaded module "rlm_expiration"
# Loading module "expiration" from file
/etc/raddb/mods-enabled/expiration
# Loading module "eduroamlioneap" from file
/etc/raddb/mods-enabled/eduroamlioneap
eap eduroamlioneap {
default_eap_type = "peap"
ignore_unknown_eap_types = no
cisco_accounting_username_bug = no
}
# Linked to sub-module rlm_eap_tls
tls {
tls = "tls-common"
require_client_cert = yes
}
tls-config tls-common {
verify_depth = 0
ca_path = "/etc/raddb/certs"
pem_file_type = yes
private_key_file = "/etc/raddb/certs/eduroam.wireless.bris.ac.uk.key"
certificate_file =
"/etc/raddb/certs/eduroam.wireless.bris.ac.uk-cert.pem"
ca_file = "/etc/raddb/certs/uob-net-ca.pem"
dh_file = "/etc/raddb/certs/dh"
fragment_size = 1024
include_length = yes
auto_chain = yes
check_crl = no
check_all_crl = no
cipher_list = "DEFAULT:!ADH:!SSLv2"
ecdh_curve = "prime256v1"
cache {
}
verify {
}
ocsp {
enable = no
override_cert_url = yes
url = "http://127.0.0.1/ocsp/"
use_nonce = yes
timeout = 0
softfail = no
}
}
# Linked to sub-module rlm_eap_ttls
ttls {
tls = "tls-common"
default_eap_type = "mschapv2"
copy_request_to_tunnel = yes
use_tunneled_reply = yes
virtual_server = "eduroamlion-inner"
include_length = yes
require_client_cert = no
}
tls - Using cached TLS configuration from previous invocation
# Linked to sub-module rlm_eap_peap
peap {
tls = "tls-common"
default_eap_type = "mschapv2"
copy_request_to_tunnel = yes
use_tunneled_reply = yes
proxy_tunneled_request_as_eap = yes
virtual_server = "eduroamlion-inner"
soh = no
require_client_cert = no
}
tls - Using cached TLS configuration from previous invocation
rlm_eap_peap - Failed to find 'Auth-Type eap' section in virtual server
eduroamlion-inner. The server cannot proxy inner-tunnel EAP packets.
# Linked to sub-module rlm_eap_mschapv2
mschapv2 {
with_ntdomain_hack = no
send_error = no
}
# Loading module "logtofile" from file /etc/raddb/mods-enabled/logtofile
linelog logtofile {
destination = "file"
delimiter = " "
file {
filename = "/var/log/radius/radiusd-%{%{Virtual-Server}:-DEFAULT}.log"
permissions = 384
escape_filenames = no
}
syslog {
severity = "info"
}
unix {
}
tcp {
timeout = 1000.000000
}
udp {
timeout = 1000.000000
}
}
# Loaded module "rlm_always"
# Loading module "reject" from file /etc/raddb/mods-enabled/always
always reject {
rcode = "reject"
simulcount = 0
mpp = no
}
# Loading module "fail" from file /etc/raddb/mods-enabled/always
always fail {
rcode = "fail"
simulcount = 0
mpp = no
}
# Loading module "ok" from file /etc/raddb/mods-enabled/always
always ok {
rcode = "ok"
simulcount = 0
mpp = no
}
# Loading module "handled" from file /etc/raddb/mods-enabled/always
always handled {
rcode = "handled"
simulcount = 0
mpp = no
}
# Loading module "invalid" from file /etc/raddb/mods-enabled/always
always invalid {
rcode = "invalid"
simulcount = 0
mpp = no
}
# Loading module "userlock" from file /etc/raddb/mods-enabled/always
always userlock {
rcode = "userlock"
simulcount = 0
mpp = no
}
# Loading module "notfound" from file /etc/raddb/mods-enabled/always
always notfound {
rcode = "notfound"
simulcount = 0
mpp = no
}
# Loading module "noop" from file /etc/raddb/mods-enabled/always
always noop {
rcode = "noop"
simulcount = 0
mpp = no
}
# Loading module "updated" from file /etc/raddb/mods-enabled/always
always updated {
rcode = "updated"
simulcount = 0
mpp = no
}
# Loading module "ntlm_auth" from file /etc/raddb/mods-enabled/ntlm_auth
exec ntlm_auth {
wait = yes
program = "/path/to/ntlm_auth --request-nt-key --domain=MYDOMAIN
--username=%{mschap:User-Name} --password=%{User-Password}"
shell_escape = yes
}
# Loading module "rainbowfiles" from file
/etc/raddb/mods-enabled/rainbowfiles
files rainbowfiles {
usersfile = "/etc/raddb/users.d/users-rainbow"
}
# Loading module "logtosyslog" from file
/etc/raddb/mods-enabled/logtosyslog
linelog logtosyslog {
destination = "syslog"
delimiter = " "
file {
permissions = 384
escape_filenames = no
}
syslog {
facility = "local5"
severity = "info"
}
unix {
}
tcp {
timeout = 1000.000000
}
udp {
timeout = 1000.000000
}
}
# Loaded module "rlm_attr_filter"
# Loading module "attr_filter.post-proxy" from file
/etc/raddb/mods-enabled/attr_filter
attr_filter attr_filter.post-proxy {
filename = "/etc/raddb/mods-config/attr_filter/post-proxy"
relaxed = no
}
# Loading module "attr_filter.pre-proxy" from file
/etc/raddb/mods-enabled/attr_filter
attr_filter attr_filter.pre-proxy {
filename = "/etc/raddb/mods-config/attr_filter/pre-proxy"
relaxed = no
}
# Loading module "attr_filter.access_reject" from file
/etc/raddb/mods-enabled/attr_filter
attr_filter attr_filter.access_reject {
filename = "/etc/raddb/mods-config/attr_filter/access_reject"
relaxed = no
}
# Loading module "attr_filter.access_challenge" from file
/etc/raddb/mods-enabled/attr_filter
attr_filter attr_filter.access_challenge {
filename = "/etc/raddb/mods-config/attr_filter/access_challenge"
relaxed = no
}
# Loading module "attr_filter.accounting_response" from file
/etc/raddb/mods-enabled/attr_filter
attr_filter attr_filter.accounting_response {
filename = "/etc/raddb/mods-config/attr_filter/accounting_response"
relaxed = no
}
# Loading module "filter.attrs.accounting_response" from file
/etc/raddb/mods-enabled/attr_filter
attr_filter filter.attrs.accounting_response {
filename =
"/etc/raddb/mods-config/attr_filter/attrs.accounting_response"
relaxed = no
}
# Loading module "filter.bristolresearchnet-a_reject" from file
/etc/raddb/mods-enabled/attr_filter
attr_filter filter.bristolresearchnet-a_reject {
filename =
"/etc/raddb/mods-config/attr_filter/bristolresearchnet-a_reject"
relaxed = no
}
# Loading module "filter.eduroamalien-a_accept" from file
/etc/raddb/mods-enabled/attr_filter
attr_filter filter.eduroamalien-a_accept {
filename = "/etc/raddb/mods-config/attr_filter/eduroamalien-a_accept"
relaxed = no
}
# Loading module "filter.eduroamalien-a_challenge" from file
/etc/raddb/mods-enabled/attr_filter
attr_filter filter.eduroamalien-a_challenge {
filename = "/etc/raddb/mods-config/attr_filter/eduroamalien-a_challenge"
relaxed = no
}
# Loading module "filter.eduroamalien-a_reject" from file
/etc/raddb/mods-enabled/attr_filter
attr_filter filter.eduroamalien-a_reject {
filename = "/etc/raddb/mods-config/attr_filter/eduroamalien-a_reject"
relaxed = no
}
# Loading module "filter.eduroamlocal-a_accept" from file
/etc/raddb/mods-enabled/attr_filter
attr_filter filter.eduroamlocal-a_accept {
filename = "/etc/raddb/mods-config/attr_filter/eduroamlocal-a_accept"
relaxed = no
}
# Loading module "filter.eduroamlocal-a_challenge" from file
/etc/raddb/mods-enabled/attr_filter
attr_filter filter.eduroamlocal-a_challenge {
filename = "/etc/raddb/mods-config/attr_filter/eduroamlocal-a_challenge"
relaxed = no
}
# Loading module "filter.eduroamlocal-a_reject" from file
/etc/raddb/mods-enabled/attr_filter
attr_filter filter.eduroamlocal-a_reject {
filename = "/etc/raddb/mods-config/attr_filter/eduroamlocal-a_reject"
relaxed = no
}
# Loading module "filter.eduroamlocal-post_proxy" from file
/etc/raddb/mods-enabled/attr_filter
attr_filter filter.eduroamlocal-post_proxy {
filename = "/etc/raddb/mods-config/attr_filter/eduroamlocal-post_proxy"
relaxed = no
}
# Loading module "filter.eduroamlocal-pre_proxy" from file
/etc/raddb/mods-enabled/attr_filter
attr_filter filter.eduroamlocal-pre_proxy {
filename = "/etc/raddb/mods-config/attr_filter/eduroamlocal-pre_proxy"
relaxed = no
}
# Loading module "filter.vpi-a_accept" from file
/etc/raddb/mods-enabled/attr_filter
attr_filter filter.vpi-a_accept {
filename = "/etc/raddb/mods-config/attr_filter/vpi-a_accept"
relaxed = no
}
# Loading module "filter.vpi-a_challenge" from file
/etc/raddb/mods-enabled/attr_filter
attr_filter filter.vpi-a_challenge {
filename = "/etc/raddb/mods-config/attr_filter/vpi-a_challenge"
relaxed = no
}
# Loading module "filter.vpi-a_reject" from file
/etc/raddb/mods-enabled/attr_filter
attr_filter filter.vpi-a_reject {
filename = "/etc/raddb/mods-config/attr_filter/vpi-a_reject"
relaxed = no
}
# Loaded module "rlm_utf8"
# Loading module "utf8" from file /etc/raddb/mods-enabled/utf8
# Loading module "radutmp" from file /etc/raddb/mods-enabled/radutmp
radutmp {
filename = "/var/log/radius/radutmp"
username = "%{User-Name}"
case_sensitive = yes
check_with_nas = yes
permissions = 384
caller_id = yes
}
# Loaded module "rlm_passwd"
# Loading module "etc_passwd" from file /etc/raddb/mods-enabled/passwd
passwd etc_passwd {
filename = "/etc/passwd"
format = "*User-Name:Crypt-Password:"
delimiter = ":"
ignore_nislike = no
ignore_empty = yes
allow_multiple_keys = no
hash_size = 100
}
# Loaded module "rlm_soh"
# Loading module "soh" from file /etc/raddb/mods-enabled/soh
soh {
dhcp = yes
}
# Loaded module "rlm_unix"
# Loading module "unix" from file /etc/raddb/mods-enabled/unix
unix {
radwtmp = "/var/log/radius/radwtmp"
}
Creating attribute Unix-Group
# Loading module "cache_eap" from file /etc/raddb/mods-enabled/cache_eap
cache cache_eap {
driver = "rlm_cache_rbtree"
ttl = 15
max_entries = 0
epoch = 0
add_stats = no
}
# Loading module "eduroammschap" from file
/etc/raddb/mods-enabled/eduroammschap
mschap eduroammschap {
use_mppe = yes
require_encryption = no
require_strong = no
with_ntdomain_hack = yes
passchange {
}
allow_retry = no
retry_msg = "Verify username and re-enter your password"
}
# Loading module "uobsql" from file /etc/raddb/mods-enabled/uobsql
sql uobsql {
driver = "rlm_sql_mysql"
server = "db.nomadic-core.bris.ac.uk"
port = 3306
login = "radiusd"
password = <<< secret >>>
radius_db = "radius"
read_groups = yes
read_profiles = yes
read_clients = no
delete_stale_sessions = yes
sql_user_name = "%{%{Stripped-User-Name}:-%{User-Name}}"
group_attribute = "uobsql-sql-Group"
default_user_profile = ""
client_query = "SELECT id, nasname, shortname, type, secret, server
FROM nas"
authorize_check_query = "SELECT id, username, attribute, value, op
FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id"
authorize_reply_query = "SELECT id, username, attribute, value, op
FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id"
authorize_group_check_query = "SELECT id, groupname, attribute,
Value, op FROM radgroupcheck WHERE groupname = '%{uobsql-sql-Group}'
ORDER BY id"
authorize_group_reply_query = "SELECT id, groupname, attribute,
value, op FROM radgroupreply WHERE groupname = '%{uobsql-sql-Group}'
ORDER BY id"
group_membership_query = "SELECT groupname FROM radusergroup WHERE
username = '%{SQL-User-Name}' ORDER BY priority"
simul_verify_query = "SELECT radacctid, acctsessionid, username,
nasipaddress, nasportid, framedipaddress, callingstationid,
framedprotocol FROM radacct WHERE username = '%{SQL-User-Name}' AND
acctstoptime IS NULL"
safe_characters =
"@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
accounting {
reference = "%{tolower:type.%{Acct-Status-Type}.query}"
type {
accounting-on {
query = "UPDATE radacct SET acctstoptime = '%S', acctsessiontime
= '%{integer:Event-Timestamp}' - UNIX_TIMESTAMP(acctstarttime),
acctterminatecause = '%{%{Acct-Terminate-Cause}:-NAS-Reboot}' WHERE
acctstoptime IS NULL AND nasipaddress = '%{NAS-IP-Address}' AND
acctstarttime <= '%S'"
}
accounting-off {
query = "UPDATE radacct SET acctstoptime = '%S', acctsessiontime
= '%{integer:Event-Timestamp}' - UNIX_TIMESTAMP(acctstarttime),
acctterminatecause = '%{%{Acct-Terminate-Cause}:-NAS-Reboot}' WHERE
acctstoptime IS NULL AND nasipaddress = '%{NAS-IP-Address}' AND
acctstarttime <= '%S'"
}
start {
query = "INSERT INTO radacct (acctsessionid, acctuniqueid,
username, realm, nasipaddress, nasportid, nasporttype,
acctstarttime, acctupdatetime, acctstoptime, acctsessiontime,
acctauthentic, connectinfo_start, connectinfo_stop, acctinputoctets,
acctoutputoctets, calledstationid, callingstationid,
acctterminatecause, servicetype, framedprotocol, framedipaddress,
virtual_server, radius_server, vlan, strippedusername) VALUES
('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}',
'%{Realm}', '%{NAS-IP-Address}', '%{%{NAS-Port-ID}:-%{NAS-Port}}',
'%{NAS-Port-Type}', '%S', '%S', NULL, '0', '%{Acct-Authentic}',
'%{Connect-Info}', '', '0', '0', '%{Called-Station-Id}',
'%{Calling-Station-Id}', '', '%{Service-Type}', '%{Framed-Protocol}',
'%{Framed-IP-Address}', '%{Virtual-Server}', '%{Packet-Dst-IP-Address}',
'%{Tunnel-Private-Group-Id}', SUBSTRING_INDEX('%{SQL-User-Name}', '@', 1))"
query = "UPDATE radacct SET acctstarttime = '%S', acctupdatetime
= '%S', connectinfo_start = '%{Connect-Info}' WHERE AcctUniqueId =
'%{Acct-Unique-Session-Id}'"
}
interim-update {
query = "UPDATE radacct SET acctupdatetime =
(@acctupdatetime_old:=acctupdatetime), acctupdatetime = '%S',
acctinterval = %{integer:Event-Timestamp} -
UNIX_TIMESTAMP(@acctupdatetime_old), framedipaddress =
'%{Framed-IP-Address}', acctsessiontime = %{%{Acct-Session-Time}:-NULL},
acctinputoctets = '%{%{Acct-Input-Gigawords}:-0}' << 32 |
'%{%{Acct-Input-Octets}:-0}', acctoutputoctets =
'%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}'
WHERE AcctUniqueId = '%{Acct-Unique-Session-Id}'"
query = "INSERT INTO radacct (acctsessionid, acctuniqueid,
username, realm, nasipaddress, nasportid, nasporttype,
acctstarttime, acctupdatetime, acctstoptime, acctsessiontime,
acctauthentic, connectinfo_start, connectinfo_stop, acctinputoctets,
acctoutputoctets, calledstationid, callingstationid,
acctterminatecause, servicetype, framedprotocol, framedipaddress,
virtual_server, radius_server, vlan, strippedusername) VALUES
('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}',
'%{Realm}', '%{NAS-IP-Address}', '%{%{NAS-Port-ID}:-%{NAS-Port}}',
'%{NAS-Port-Type}', FROM_UNIXTIME(%{integer:Event-Timestamp} -
%{%{Acct-Session-Time}:-0}), '%S', NULL, %{%{Acct-Session-Time}:-NULL},
'%{Acct-Authentic}', '%{Connect-Info}', '',
'%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}',
'%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}',
'%{Called-Station-Id}', '%{Calling-Station-Id}', '', '%{Service-Type}',
'%{Framed-Protocol}', '%{Framed-IP-Address}', '%{Virtual-Server}',
'%{Packet-Dst-IP-Address}', '%{Tunnel-Private-Group-Id}',
SUBSTRING_INDEX('%{SQL-User-Name}', '@', 1))"
}
stop {
query = "UPDATE radacct SET acctstoptime = '%S', acctsessiontime
= %{%{Acct-Session-Time}:-NULL}, acctinputoctets =
'%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}',
acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' << 32 |
'%{%{Acct-Output-Octets}:-0}', acctterminatecause =
'%{Acct-Terminate-Cause}', connectinfo_stop = '%{Connect-Info}' WHERE
AcctUniqueId = '%{Acct-Unique-Session-Id}'"
query = "INSERT INTO radacct (acctsessionid, acctuniqueid,
username, realm, nasipaddress, nasportid, nasporttype,
acctstarttime, acctupdatetime, acctstoptime, acctsessiontime,
acctauthentic, connectinfo_start, connectinfo_stop, acctinputoctets,
acctoutputoctets, calledstationid, callingstationid,
acctterminatecause, servicetype, framedprotocol, framedipaddress,
virtual_server, radius_server, vlan, strippedusername) VALUES
('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}',
'%{Realm}', '%{NAS-IP-Address}', '%{%{NAS-Port-ID}:-%{NAS-Port}}',
'%{NAS-Port-Type}', FROM_UNIXTIME(%{integer:Event-Timestamp} -
%{%{Acct-Session-Time}:-0}), '%S', '%S', %{%{Acct-Session-Time}:-NULL},
'%{Acct-Authentic}', '', '%{Connect-Info}',
'%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}',
'%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}',
'%{Called-Station-Id}', '%{Calling-Station-Id}',
'%{Acct-Terminate-Cause}', '%{Service-Type}', '%{Framed-Protocol}',
'%{Framed-IP-Address}', '%{Virtual-Server}', '%{Packet-Dst-IP-Address}',
'%{Tunnel-Private-Group-Id}', SUBSTRING_INDEX('%{SQL-User-Name}', '@', 1))"
}
}
}
post-auth {
reference = ".query"
query = "INSERT INTO radpostauth (username, pass, reply, authdate)
VALUES ( '%{SQL-User-Name}', '%{%{User-Password}:-%{Chap-Password}}',
'%{reply:Packet-Type}', '%S')"
}
}
rlm_sql (uobsql) - Driver rlm_sql_mysql (module rlm_sql_mysql) loaded
and linked
Creating attribute uobsql-sql-Group
# Loading module "eduroaminfo" from file
/etc/raddb/mods-enabled/eduroaminfo
linelog eduroaminfo {
destination = "syslog"
delimiter = " "
file {
permissions = 384
escape_filenames = no
}
syslog {
facility = "user"
severity = "info"
}
unix {
}
tcp {
timeout = 1000.000000
}
udp {
timeout = 1000.000000
}
}
# Loading module "detail" from file /etc/raddb/mods-enabled/detail
detail {
filename =
"/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d"
header = "%t"
permissions = 384
locking = no
escape_filenames = no
log_packet_header = no
}
# Loading module "vpieap" from file /etc/raddb/mods-enabled/vpieap
eap vpieap {
default_eap_type = "peap"
ignore_unknown_eap_types = no
cisco_accounting_username_bug = no
}
# Linked to sub-module rlm_eap_tls
tls {
tls = "tls-common"
require_client_cert = yes
}
tls-config tls-common {
verify_depth = 0
ca_path = "/etc/raddb/certs"
pem_file_type = yes
private_key_file = "/etc/raddb/certs/2016-vpi.wireless.bris.ac.uk.key"
certificate_file = "/etc/raddb/certs/2016-vpi.wireless.bris.ac.uk.pem"
ca_file = "/etc/raddb/certs/University-of-Bristol-Windows-CA.pem"
dh_file = "/etc/raddb/certs/dh"
fragment_size = 1024
include_length = yes
auto_chain = yes
check_crl = no
check_all_crl = no
cipher_list = "DEFAULT"
ecdh_curve = "prime256v1"
disable_tlsv1_2 = yes
cache {
}
verify {
}
ocsp {
enable = no
override_cert_url = yes
url = "http://127.0.0.1/ocsp/"
use_nonce = yes
timeout = 0
softfail = no
}
}
# Linked to sub-module rlm_eap_peap
peap {
tls = "tls-common"
default_eap_type = "mschapv2"
copy_request_to_tunnel = yes
use_tunneled_reply = yes
proxy_tunneled_request_as_eap = yes
virtual_server = "vpi-inner"
soh = no
require_client_cert = no
}
tls - Using cached TLS configuration from previous invocation
rlm_eap_peap - Failed to find 'Auth-Type eap' section in virtual server
vpi-inner. The server cannot proxy inner-tunnel EAP packets.
# Linked to sub-module rlm_eap_mschapv2
mschapv2 {
with_ntdomain_hack = no
send_error = no
}
# Loading module "rainboweap" from file
/etc/raddb/mods-enabled/rainboweap
eap rainboweap {
default_eap_type = "peap"
ignore_unknown_eap_types = no
cisco_accounting_username_bug = no
}
# Linked to sub-module rlm_eap_tls
tls {
require_client_cert = yes
virtual_server = "rainboweap-tls"
}
TLS section "tls" missing, trying to use legacy configuration
tls {
verify_depth = 0
ca_path = "/etc/raddb/certs"
pem_file_type = yes
private_key_file = "/etc/raddb/certs/The-Rainbow-Edge.key"
certificate_file = "/etc/raddb/certs/The-Rainbow-Edge-cert.pem"
ca_file = "/etc/raddb/certs/uob-net-ca.pem"
dh_file = "/etc/raddb/certs/dh"
random_file = "/dev/urandom"
fragment_size = 1024
include_length = yes
auto_chain = yes
check_crl = no
check_all_crl = no
cipher_list = "DEFAULT"
require_client_cert = yes
ecdh_curve = "prime256v1"
cache {
}
verify {
}
ocsp {
enable = no
override_cert_url = yes
url = "http://127.0.0.1/ocsp/"
use_nonce = yes
timeout = 0
softfail = no
}
}
# Linked to sub-module rlm_eap_ttls
ttls {
default_eap_type = "mschapv2"
copy_request_to_tunnel = yes
use_tunneled_reply = yes
virtual_server = "rainbow-inner"
include_length = yes
require_client_cert = no
}
TLS section "tls" missing, trying to use legacy configuration
tls - Using cached TLS configuration from previous invocation
# Linked to sub-module rlm_eap_peap
peap {
default_eap_type = "mschapv2"
copy_request_to_tunnel = yes
use_tunneled_reply = yes
proxy_tunneled_request_as_eap = yes
virtual_server = "rainbow-inner"
soh = no
require_client_cert = no
}
TLS section "tls" missing, trying to use legacy configuration
tls - Using cached TLS configuration from previous invocation
rlm_eap_peap - Failed to find 'Auth-Type eap' section in virtual server
rainbow-inner. The server cannot proxy inner-tunnel EAP packets.
# Linked to sub-module rlm_eap_mschapv2
mschapv2 {
with_ntdomain_hack = no
send_error = no
}
# Loading module "echo" from file /etc/raddb/mods-enabled/echo
exec echo {
wait = yes
program = "/bin/echo %{User-Name}"
input_pairs = "request"
output_pairs = "reply"
shell_escape = yes
}
# Loading module "preprocess" from file
/etc/raddb/mods-enabled/preprocess
preprocess {
huntgroups = "/etc/raddb/mods-config/preprocess/huntgroups"
hints = "/etc/raddb/mods-config/preprocess/hints"
with_ascend_hack = no
ascend_channels_per_line = 23
with_ntdomain_hack = no
with_specialix_jetstream_hack = no
with_cisco_vsa_hack = no
with_alvarion_vsa_hack = no
}
# Loaded module "rlm_unpack"
# Loading module "unpack" from file /etc/raddb/mods-enabled/unpack
# Loaded module "rlm_pap"
# Loading module "pap" from file /etc/raddb/mods-enabled/pap
pap {
normalise = yes
}
# Loaded module "rlm_logintime"
# Loading module "logintime" from file /etc/raddb/mods-enabled/logintime
logintime {
minimum_timeout = 60
}
instantiate {
}
} # modules
# Instantiating module "auth_log" from file
/etc/raddb/mods-enabled/detail.log
rlm_detail (auth_log) - 'User-Password' suppressed, will not appear in
detail output
# Instantiating module "reply_log" from file
/etc/raddb/mods-enabled/detail.log
# Instantiating module "pre_proxy_log" from file
/etc/raddb/mods-enabled/detail.log
# Instantiating module "post_proxy_log" from file
/etc/raddb/mods-enabled/detail.log
# Instantiating module "rainbowpreprocess" from file
/etc/raddb/mods-enabled/rainbowpreprocess
# Instantiating module "uob_detail" from file
/etc/raddb/mods-enabled/uobdetail
rlm_detail (uob_detail) - 'User-Password' suppressed, will not appear in
detail output
# Instantiating module "uob_auth_log" from file
/etc/raddb/mods-enabled/uobdetail
rlm_detail (uob_auth_log) - 'User-Password' suppressed, will not appear
in detail output
# Instantiating module "uob_auth_log_password" from file
/etc/raddb/mods-enabled/uobdetail
# Instantiating module "uob_reply_log" from file
/etc/raddb/mods-enabled/uobdetail
# Instantiating module "uob_pre_proxy_log" from file
/etc/raddb/mods-enabled/uobdetail
# Instantiating module "uob_post_proxy_log" from file
/etc/raddb/mods-enabled/uobdetail
# Instantiating module "rainbowmschap" from file
/etc/raddb/mods-enabled/rainbowmschap
rainbowmschap : authenticating by calling 'ntlm_auth'
# Instantiating module "rainbowmachinemschap" from file
/etc/raddb/mods-enabled/rainbowmschap
rainbowmachinemschap : authenticating by calling 'ntlm_auth'
# Instantiating module "mschap" from file /etc/raddb/mods-enabled/mschap
mschap: using internal authentication
# Instantiating module "files-eduroam" from file
/etc/raddb/mods-enabled/files-eduroam
reading file /etc/raddb/users.d/users-eduroam
# Instantiating module "linelog" from file
/etc/raddb/mods-enabled/linelog
# Instantiating module "log_accounting" from file
/etc/raddb/mods-enabled/linelog
# Instantiating module "vpimschap" from file
/etc/raddb/mods-enabled/vpimschap
vpimschap : authenticating by calling 'ntlm_auth'
# Instantiating module "rainbowlogsyslog" from file
/etc/raddb/mods-enabled/rainbowlog
# Instantiating module "rainbowlogfiles" from file
/etc/raddb/mods-enabled/rainbowlog
# Instantiating module "rainbowacclog" from file
/etc/raddb/mods-enabled/rainbowlog
# Instantiating module "files" from file /etc/raddb/mods-enabled/files
reading file /etc/raddb/mods-config/files/authorize
reading file /etc/raddb/mods-config/files/accounting
reading file /etc/raddb/mods-config/files/pre-proxy
# Instantiating module "IPASS" from file /etc/raddb/mods-enabled/realm
# Instantiating module "suffix" from file /etc/raddb/mods-enabled/realm
# Instantiating module "realmpercent" from file
/etc/raddb/mods-enabled/realm
# Instantiating module "ntdomain" from file /etc/raddb/mods-enabled/realm
# Instantiating module "eduroamvlan" from file
/etc/raddb/mods-enabled/eduroamvlan
eduroamvlan - Driver rlm_cache_rbtree loaded and linked
# Instantiating module "uobldap" from file
/etc/raddb/mods-enabled/uobldap
rlm_ldap (uobldap) - libldap vendor: OpenLDAP, version: 20440
accounting {
reference = "%{tolower:type.%{Acct-Status-Type}}"
}
post-auth {
reference = "."
}
rlm_ldap (uobldap) - Initialising connection pool
pool {
start = 5
min = 3
max = 5
spare = 10
uses = 0
lifetime = 0
cleanup_interval = 30
idle_timeout = 60
connect_timeout = 3.000000
held_trigger_min = 0.000000
held_trigger_max = 0.500000
retry_delay = 30
spread = no
}
rlm_ldap (uobldap) - WARNING: Ignoring "spare = 10", forcing to "spare = 2"
rlm_ldap (uobldap) - Opening additional connection (0), 1 of 5 pending
slots used
rlm_ldap (uobldap) - Connecting to ldap://cse-lox.ads.bris.ac.uk:636
rlm_ldap (uobldap) - Waiting for bind result...
rlm_ldap (uobldap) - Bind successful
rlm_ldap (uobldap) - Performing search in "" with filter
"(objectclass=*)", scope "base"
rlm_ldap (uobldap) - Waiting for search result...
rlm_ldap (uobldap) - Directory type: Active Directory
rlm_ldap (uobldap) - Opening additional connection (1), 1 of 4 pending
slots used
rlm_ldap (uobldap) - Connecting to ldap://cse-lox.ads.bris.ac.uk:636
rlm_ldap (uobldap) - Waiting for bind result...
rlm_ldap (uobldap) - Bind successful
rlm_ldap (uobldap) - Opening additional connection (2), 1 of 3 pending
slots used
rlm_ldap (uobldap) - Connecting to ldap://cse-lox.ads.bris.ac.uk:636
rlm_ldap (uobldap) - Waiting for bind result...
rlm_ldap (uobldap) - Bind successful
rlm_ldap (uobldap) - Opening additional connection (3), 1 of 2 pending
slots used
rlm_ldap (uobldap) - Connecting to ldap://cse-lox.ads.bris.ac.uk:636
rlm_ldap (uobldap) - Waiting for bind result...
rlm_ldap (uobldap) - Bind successful
rlm_ldap (uobldap) - Opening additional connection (4), 1 of 1 pending
slots used
rlm_ldap (uobldap) - Connecting to ldap://cse-lox.ads.bris.ac.uk:636
rlm_ldap (uobldap) - Waiting for bind result...
rlm_ldap (uobldap) - Bind successful
# Instantiating module "uobsql-write" from file
/etc/raddb/mods-enabled/uobsql-write
rlm_sql_mysql - libmysql version: 5.5.44-MariaDB
mysql {
tls {
}
warnings = "auto"
}
rlm_sql (uobsql-write) - Attempting to connect to database "radius"
rlm_sql (uobsql-write) - Initialising connection pool
pool {
start = 1
min = 1
max = 2
spare = 1
uses = 10000
lifetime = 300
cleanup_interval = 30
idle_timeout = 60
connect_timeout = 3.000000
held_trigger_min = 0.000000
held_trigger_max = 0.500000
retry_delay = 2
spread = no
}
rlm_sql (uobsql-write) - Opening additional connection (0), 1 of 2
pending slots used
rlm_sql_mysql - Starting connect to MySQL server
rlm_sql_mysql - Connected to database 'radius' on
db-write.nomadic-core.bris.ac.uk via TCP/IP, server version
5.5.48-MariaDB-wsrep, protocol version 10
# Instantiating module "expiration" from file
/etc/raddb/mods-enabled/expiration
# Instantiating module "logtofile" from file
/etc/raddb/mods-enabled/logtofile
# Instantiating module "reject" from file /etc/raddb/mods-enabled/always
# Instantiating module "fail" from file /etc/raddb/mods-enabled/always
# Instantiating module "ok" from file /etc/raddb/mods-enabled/always
# Instantiating module "handled" from file /etc/raddb/mods-enabled/always
# Instantiating module "invalid" from file /etc/raddb/mods-enabled/always
# Instantiating module "userlock" from file
/etc/raddb/mods-enabled/always
# Instantiating module "notfound" from file
/etc/raddb/mods-enabled/always
# Instantiating module "noop" from file /etc/raddb/mods-enabled/always
# Instantiating module "updated" from file /etc/raddb/mods-enabled/always
# Instantiating module "rainbowfiles" from file
/etc/raddb/mods-enabled/rainbowfiles
reading file /etc/raddb/users.d/users-rainbow
# Instantiating module "logtosyslog" from file
/etc/raddb/mods-enabled/logtosyslog
# Instantiating module "attr_filter.post-proxy" from file
/etc/raddb/mods-enabled/attr_filter
reading file /etc/raddb/mods-config/attr_filter/post-proxy
# Instantiating module "attr_filter.pre-proxy" from file
/etc/raddb/mods-enabled/attr_filter
reading file /etc/raddb/mods-config/attr_filter/pre-proxy
# Instantiating module "attr_filter.access_reject" from file
/etc/raddb/mods-enabled/attr_filter
reading file /etc/raddb/mods-config/attr_filter/access_reject
[/etc/raddb/mods-config/attr_filter/access_reject]:11 Check item
"FreeRADIUS-Response-Delay" found in filter list for realm "DEFAULT".
[/etc/raddb/mods-config/attr_filter/access_reject]:11 Check item
"FreeRADIUS-Response-Delay-USec" found in filter list for realm "DEFAULT".
# Instantiating module "attr_filter.access_challenge" from file
/etc/raddb/mods-enabled/attr_filter
reading file /etc/raddb/mods-config/attr_filter/access_challenge
# Instantiating module "attr_filter.accounting_response" from file
/etc/raddb/mods-enabled/attr_filter
reading file /etc/raddb/mods-config/attr_filter/accounting_response
# Instantiating module "filter.attrs.accounting_response" from file
/etc/raddb/mods-enabled/attr_filter
reading file
/etc/raddb/mods-config/attr_filter/attrs.accounting_response
# Instantiating module "filter.bristolresearchnet-a_reject" from file
/etc/raddb/mods-enabled/attr_filter
reading file
/etc/raddb/mods-config/attr_filter/bristolresearchnet-a_reject
# Instantiating module "filter.eduroamalien-a_accept" from file
/etc/raddb/mods-enabled/attr_filter
reading file /etc/raddb/mods-config/attr_filter/eduroamalien-a_accept
# Instantiating module "filter.eduroamalien-a_challenge" from file
/etc/raddb/mods-enabled/attr_filter
reading file
/etc/raddb/mods-config/attr_filter/eduroamalien-a_challenge
# Instantiating module "filter.eduroamalien-a_reject" from file
/etc/raddb/mods-enabled/attr_filter
reading file /etc/raddb/mods-config/attr_filter/eduroamalien-a_reject
# Instantiating module "filter.eduroamlocal-a_accept" from file
/etc/raddb/mods-enabled/attr_filter
reading file /etc/raddb/mods-config/attr_filter/eduroamlocal-a_accept
# Instantiating module "filter.eduroamlocal-a_challenge" from file
/etc/raddb/mods-enabled/attr_filter
reading file
/etc/raddb/mods-config/attr_filter/eduroamlocal-a_challenge
# Instantiating module "filter.eduroamlocal-a_reject" from file
/etc/raddb/mods-enabled/attr_filter
reading file /etc/raddb/mods-config/attr_filter/eduroamlocal-a_reject
# Instantiating module "filter.eduroamlocal-post_proxy" from file
/etc/raddb/mods-enabled/attr_filter
reading file
/etc/raddb/mods-config/attr_filter/eduroamlocal-post_proxy
# Instantiating module "filter.eduroamlocal-pre_proxy" from file
/etc/raddb/mods-enabled/attr_filter
reading file
/etc/raddb/mods-config/attr_filter/eduroamlocal-pre_proxy
# Instantiating module "filter.vpi-a_accept" from file
/etc/raddb/mods-enabled/attr_filter
reading file /etc/raddb/mods-config/attr_filter/vpi-a_accept
# Instantiating module "filter.vpi-a_challenge" from file
/etc/raddb/mods-enabled/attr_filter
reading file /etc/raddb/mods-config/attr_filter/vpi-a_challenge
# Instantiating module "filter.vpi-a_reject" from file
/etc/raddb/mods-enabled/attr_filter
reading file /etc/raddb/mods-config/attr_filter/vpi-a_reject
# Instantiating module "etc_passwd" from file
/etc/raddb/mods-enabled/passwd
# Instantiating module "cache_eap" from file
/etc/raddb/mods-enabled/cache_eap
cache_eap - Driver rlm_cache_rbtree loaded and linked
# Instantiating module "eduroammschap" from file
/etc/raddb/mods-enabled/eduroammschap
rlm_mschap (eduroammschap) - Initialising connection pool
pool {
start = 5
min = 3
max = 256
spare = 10
uses = 0
lifetime = 86400
cleanup_interval = 300
idle_timeout = 600
connect_timeout = 3.000000
held_trigger_min = 0.000000
held_trigger_max = 0.500000
retry_delay = 30
spread = no
}
rlm_mschap (eduroammschap) - Opening additional connection (0), 1 of 256
pending slots used
rlm_mschap (eduroammschap) - Opening additional connection (1), 1 of 255
pending slots used
rlm_mschap (eduroammschap) - Opening additional connection (2), 1 of 254
pending slots used
rlm_mschap (eduroammschap) - Opening additional connection (3), 1 of 253
pending slots used
rlm_mschap (eduroammschap) - Opening additional connection (4), 1 of 252
pending slots used
eduroammschap : authenticating directly to winbind
# Instantiating module "uobsql" from file /etc/raddb/mods-enabled/uobsql
mysql {
tls {
}
warnings = "auto"
}
rlm_sql (uobsql) - Attempting to connect to database "radius"
rlm_sql (uobsql) - Initialising connection pool
pool {
start = 1
min = 1
max = 8
spare = 1
uses = 10000
lifetime = 300
cleanup_interval = 30
idle_timeout = 60
connect_timeout = 3.000000
held_trigger_min = 0.000000
held_trigger_max = 0.500000
retry_delay = 2
spread = no
}
rlm_sql (uobsql) - Opening additional connection (0), 1 of 8 pending
slots used
rlm_sql_mysql - Starting connect to MySQL server
rlm_sql_mysql - Connected to database 'radius' on
db.nomadic-core.bris.ac.uk via TCP/IP, server version
5.5.48-MariaDB-wsrep, protocol version 10
# Instantiating module "eduroaminfo" from file
/etc/raddb/mods-enabled/eduroaminfo
# Instantiating module "detail" from file /etc/raddb/mods-enabled/detail
# Instantiating module "preprocess" from file
/etc/raddb/mods-enabled/preprocess
reading file /etc/raddb/mods-config/preprocess/huntgroups
reading file /etc/raddb/mods-config/preprocess/hints
# Instantiating module "pap" from file /etc/raddb/mods-enabled/pap
# Instantiating module "logintime" from file
/etc/raddb/mods-enabled/logintime
radiusd: #### Loading Virtual Servers ####
server eduroam-partners { # from file
/etc/raddb/sites-enabled/eduroam-partners
} # server eduroam-partners
server bristolresearchnet { # from file
/etc/raddb/sites-enabled/bristolresearchnet
} # server bristolresearchnet
server rainbow-inner { # from file /etc/raddb/sites-enabled/rainbow-inner
} # server rainbow-inner
server uobconsoles { # from file /etc/raddb/sites-enabled/uobconsoles
} # server uobconsoles
server vpi-inner { # from file /etc/raddb/sites-enabled/vpi-inner
} # server vpi-inner
server rainbow { # from file /etc/raddb/sites-enabled/rainbow
} # server rainbow
server eduroamalien { # from file /etc/raddb/sites-enabled/eduroamalien
} # server eduroamalien
server vpi { # from file /etc/raddb/sites-enabled/vpi
} # server vpi
server status { # from file /etc/raddb/sites-enabled/status
} # server status
server eduroamlocal-acct { # from file
/etc/raddb/sites-enabled/eduroamlocal-acct
} # server eduroamlocal-acct
server eduroamlocal-auth { # from file
/etc/raddb/sites-enabled/eduroamlocal-auth
} # server eduroamlocal-auth
server eduroamlion-inner { # from file
/etc/raddb/sites-enabled/eduroamlion-inner
} # server eduroamlion-inner
server rainboweap-tls { # from file /etc/raddb/sites-enabled/rainboweap-tls
} # server rainboweap-tls
server eduroam-inner { # from file /etc/raddb/sites-enabled/eduroam-inner
} # server eduroam-inner
radiusd: #### Opening IP addresses and Ports ####
Listening on command file /var/run/radiusd/control/radiusd.sock
Listening on auth address * port 1645 bound to server eduroam-partners
Listening on acct address * port 1646 bound to server eduroam-partners
Listening on auth address * port 16061 bound to server eduroam-partners
Listening on acct address * port 16062 bound to server eduroam-partners
Listening on auth address * port 16063 bound to server eduroam-partners
Listening on acct address * port 16064 bound to server eduroam-partners
Listening on auth address * port 16014 bound to server bristolresearchnet
Listening on acct address * port 16015 bound to server bristolresearchnet
Listening on auth address * port 16018 bound to server uobconsoles
Listening on auth address * port 16028 bound to server rainbow
Listening on acct address * port 16029 bound to server rainbow
Listening on auth address * port 1812 bound to server eduroamalien
Listening on auth address :: port 1812 bound to server eduroamalien
Listening on auth address * port 16020 bound to server vpi
Listening on acct address * port 16021 bound to server vpi
Listening on status address * port 18120 bound to server status
Listening on acct address * port 16007 bound to server eduroamlocal-acct
Listening on auth address * port 16006 bound to server eduroamlocal-auth
Listening on proxy address * port 48159
Listening on proxy address :: port 46124
Ready to process requests
(0) Received Access-Request Id 156 from 172.17.107.208:32770 to
137.222.8.134:16020 via ens192 length 322
(0) User-Name = "host/IT051252.users.bris.ac.uk"
(0) Chargeable-User-Identity = 0x00
(0) Location-Capable = Civix-Location
(0) Calling-Station-Id = "c4:85:08:a9:05:24"
(0) Called-Station-Id = "88:f0:31:b2:be:70:Bristol-ManagedPCs"
(0) NAS-Port = 13
(0) Cisco-AVPair = "audit-session-id=ac116bd000015f4456e81e35"
(0) Acct-Session-Id = "56e81e35/c4:85:08:a9:05:24/87627"
(0) NAS-IP-Address = 172.17.107.208
(0) NAS-Identifier = "wism8"
(0) Airespace-Wlan-Id = 3
(0) Service-Type = Framed-User
(0) Framed-MTU = 1300
(0) NAS-Port-Type = Wireless-802.11
(0) Tunnel-Type:0 = VLAN
(0) Tunnel-Medium-Type:0 = IEEE-802
(0) Tunnel-Private-Group-Id:0 = "547"
(0) EAP-Message =
0x0202002301686f73742f49543035313235322e75736572732e627269732e61632e756b
(0) Message-Authenticator = 0x210eb8a98c17341f7b1831b8224f1ca9
(0) Running section authorize from file /etc/raddb/sites-enabled/vpi
(0) authorize {
(0) wism-checks {
(0) if (Service-Type == "NAS-Prompt-User") {
(0) ...
(0) }
(0) } # wism-checks (notfound)
(0) preprocess (ok)
(0) uob_auth_log - EXPAND
/var/log/radius/radacct/%{%{Virtual-Server}:-UNKNOWN}/auth-detail.log
(0) uob_auth_log - --> /var/log/radius/radacct/vpi/auth-detail.log
(0) uob_auth_log -
/var/log/radius/radacct/%{%{Virtual-Server}:-UNKNOWN}/auth-detail.log
expands to /var/log/radius/radacct/vpi/auth-detail.log
(0) uob_auth_log - EXPAND %t
(0) uob_auth_log - --> Tue Mar 15 14:59:02 2016
(0) uob_auth_log (ok)
(0) if (User-Name !~ /^host\/.+\.bris(tol)?\.ac\.uk$/i) {
(0) ...
(0) }
(0) vpieap - Peer sent EAP Response (code 2) ID 2 length 35
(0) vpieap - Peer sent EAP-Identity. Returning 'ok' so we can
short-circuit the rest of authorize
(0) vpieap (ok)
(0) } # authorize (ok)
(0) Using 'Auth-Type = vpieap' for authenticate {...}
(0) Running Auth-Type vpieap from file /etc/raddb/sites-enabled/vpi
(0) authenticate {
(0) vpieap - Peer sent packet with EAP method Identity (1)
(0) vpieap - Calling submodule eap_peap to process data
(0) eap_peap - Initiating new EAP-TLS session
(0) vpieap - Sending EAP Request (code 1) ID 3 length 6
(0) vpieap (handled)
(0) } # authenticate (handled)
(0) Using Post-Auth-Type Challenge
(0) Post-Auth-Type sub-section not found. Ignoring.
(0) Running Post-Auth-Type Challenge from file /etc/raddb/sites-enabled/vpi
(0) Sent Access-Challenge Id 156 from 137.222.8.134:16020 to
172.17.107.208:32770 via ens192 length 0
(0) EAP-Message = 0x010300061920
(0) Message-Authenticator = 0x00000000000000000000000000000000
(0) State = 0x01016e00b7ba0f346d696f996ec2a586
(0) Finished request
Waking up in 4.9 seconds.
(1) Received Access-Request Id 157 from 172.17.107.208:32770 to
137.222.8.134:16020 via ens192 length 412
(1) User-Name = "host/IT051252.users.bris.ac.uk"
(1) Chargeable-User-Identity = 0x00
(1) Location-Capable = Civix-Location
(1) Calling-Station-Id = "c4:85:08:a9:05:24"
(1) Called-Station-Id = "88:f0:31:b2:be:70:Bristol-ManagedPCs"
(1) NAS-Port = 13
(1) Cisco-AVPair = "audit-session-id=ac116bd000015f4456e81e35"
(1) Acct-Session-Id = "56e81e35/c4:85:08:a9:05:24/87627"
(1) NAS-IP-Address = 172.17.107.208
(1) NAS-Identifier = "wism8"
(1) Airespace-Wlan-Id = 3
(1) Service-Type = Framed-User
(1) Framed-MTU = 1300
(1) NAS-Port-Type = Wireless-802.11
(1) Tunnel-Type:0 = VLAN
(1) Tunnel-Medium-Type:0 = IEEE-802
(1) Tunnel-Private-Group-Id:0 = "547"
(1) EAP-Message =
0x0203006b198000000061160301005c01000058030156e82335df750bf907213b69795c99dd0e5a0fd9cafa4e22e72034f7067ec9cb000018c014c013c00ac0090035002f00380032000a00130005000401000017000a00080006001900170018000b00020100ff01000100
(1) State = 0x01016e00b7ba0f346d696f996ec2a586
(1) Message-Authenticator = 0x8ce96eef1c29f0f8b418aa5516a813f4
(1) Running section authorize from file /etc/raddb/sites-enabled/vpi
(1) authorize {
(1) wism-checks {
(1) if (Service-Type == "NAS-Prompt-User") {
(1) ...
(1) }
(1) } # wism-checks (notfound)
(1) preprocess (ok)
(1) uob_auth_log - EXPAND
/var/log/radius/radacct/%{%{Virtual-Server}:-UNKNOWN}/auth-detail.log
(1) uob_auth_log - --> /var/log/radius/radacct/vpi/auth-detail.log
(1) uob_auth_log -
/var/log/radius/radacct/%{%{Virtual-Server}:-UNKNOWN}/auth-detail.log
expands to /var/log/radius/radacct/vpi/auth-detail.log
(1) uob_auth_log - EXPAND %t
(1) uob_auth_log - --> Tue Mar 15 14:59:02 2016
(1) uob_auth_log (ok)
(1) if (User-Name !~ /^host\/.+\.bris(tol)?\.ac\.uk$/i) {
(1) ...
(1) }
(1) vpieap - Peer sent EAP Response (code 2) ID 3 length 107
(1) vpieap - Continuing tunnel setup
(1) vpieap (ok)
(1) } # authorize (ok)
(1) Using 'Auth-Type = vpieap' for authenticate {...}
(1) Running Auth-Type vpieap from file /etc/raddb/sites-enabled/vpi
(1) authenticate {
(1) vpieap - Peer sent packet with EAP method PEAP (25)
(1) vpieap - Calling submodule eap_peap to process data
(1) eap_peap - Continuing EAP-TLS
(1) eap_peap - Peer indicated complete TLS record size will be 97 bytes
(1) eap_peap - Got complete TLS record, with length field (97 bytes)
(1) eap_peap - [eap-tls verify] = ok
(1) eap_peap - before/accept initialization
(1) eap_peap - TLS Accept: before/accept initialization
(1) eap_peap - <<< recv handshake [length 92], client_hello
(1) eap_peap - TLS Accept: SSLv3 read client hello A
(1) eap_peap - >>> send handshake [length 57], server_hello
(1) eap_peap - TLS Accept: SSLv3 write server hello A
(1) eap_peap - >>> send handshake [length 1833], certificate
(1) eap_peap - TLS Accept: SSLv3 write certificate A
(1) eap_peap - >>> send handshake [length 331], server_key_exchange
(1) eap_peap - TLS Accept: SSLv3 write key exchange A
(1) eap_peap - >>> send handshake [length 4], server_hello_done
(1) eap_peap - TLS Accept: SSLv3 write server done A
(1) eap_peap - TLS Accept: SSLv3 flush data
(1) eap_peap - TLS Accept: Need to read more data: SSLv3 read
client certificate A
(1) eap_peap - TLS Accept: Need to read more data: SSLv3 read
client certificate A
(1) eap_peap - In TLS handshake phase
(1) eap_peap - In TLS accept mode
(1) eap_peap - Complete TLS record (2245 bytes) larger than MTU
(1000 bytes), will fragment
(1) eap_peap - Sending first TLS record fragment (1000 bytes), 1245
bytes remaining
(1) eap_peap - [eap-tls process] = handled
(1) vpieap - Sending EAP Request (code 1) ID 4 length 1010
(1) vpieap (handled)
(1) } # authenticate (handled)
(1) Using Post-Auth-Type Challenge
(1) Post-Auth-Type sub-section not found. Ignoring.
(1) Running Post-Auth-Type Challenge from file /etc/raddb/sites-enabled/vpi
(1) Sent Access-Challenge Id 157 from 137.222.8.134:16020 to
172.17.107.208:32770 via ens192 length 0
(1) EAP-Message =
0x010403f219c0000008c5160301003902000035030156e823361b5cba1ccb77c8d1c2d294e5648fa5293f6acb6c7e0b210e9899de6e00c01400000dff01000100000b00040300010216030107290b0007250007220002dc308202d830820282020410456227300d06092a864886f70d01010b05003081bf
(1) Message-Authenticator = 0x00000000000000000000000000000000
(1) State = 0x02036e003ffa67036d696f996ec2a586
(1) Finished request
Waking up in 4.9 seconds.
(2) Received Access-Request Id 158 from 172.17.107.208:32770 to
137.222.8.134:16020 via ens192 length 311
(2) User-Name = "host/IT051252.users.bris.ac.uk"
(2) Chargeable-User-Identity = 0x00
(2) Location-Capable = Civix-Location
(2) Calling-Station-Id = "c4:85:08:a9:05:24"
(2) Called-Station-Id = "88:f0:31:b2:be:70:Bristol-ManagedPCs"
(2) NAS-Port = 13
(2) Cisco-AVPair = "audit-session-id=ac116bd000015f4456e81e35"
(2) Acct-Session-Id = "56e81e35/c4:85:08:a9:05:24/87627"
(2) NAS-IP-Address = 172.17.107.208
(2) NAS-Identifier = "wism8"
(2) Airespace-Wlan-Id = 3
(2) Service-Type = Framed-User
(2) Framed-MTU = 1300
(2) NAS-Port-Type = Wireless-802.11
(2) Tunnel-Type:0 = VLAN
(2) Tunnel-Medium-Type:0 = IEEE-802
(2) Tunnel-Private-Group-Id:0 = "547"
(2) EAP-Message = 0x020400061900
(2) State = 0x02036e003ffa67036d696f996ec2a586
(2) Message-Authenticator = 0x2973017c64efccc5305299b5fdd47e3d
(2) Running section authorize from file /etc/raddb/sites-enabled/vpi
(2) authorize {
(2) wism-checks {
(2) if (Service-Type == "NAS-Prompt-User") {
(2) ...
(2) }
(2) } # wism-checks (notfound)
(2) preprocess (ok)
(2) uob_auth_log - EXPAND
/var/log/radius/radacct/%{%{Virtual-Server}:-UNKNOWN}/auth-detail.log
(2) uob_auth_log - --> /var/log/radius/radacct/vpi/auth-detail.log
(2) uob_auth_log -
/var/log/radius/radacct/%{%{Virtual-Server}:-UNKNOWN}/auth-detail.log
expands to /var/log/radius/radacct/vpi/auth-detail.log
(2) uob_auth_log - EXPAND %t
(2) uob_auth_log - --> Tue Mar 15 14:59:02 2016
(2) uob_auth_log (ok)
(2) if (User-Name !~ /^host\/.+\.bris(tol)?\.ac\.uk$/i) {
(2) ...
(2) }
(2) vpieap - Peer sent EAP Response (code 2) ID 4 length 6
(2) vpieap - Continuing tunnel setup
(2) vpieap (ok)
(2) } # authorize (ok)
(2) Using 'Auth-Type = vpieap' for authenticate {...}
(2) Running Auth-Type vpieap from file /etc/raddb/sites-enabled/vpi
(2) authenticate {
(2) vpieap - Peer sent packet with EAP method PEAP (25)
(2) vpieap - Calling submodule eap_peap to process data
(2) eap_peap - Continuing EAP-TLS
(2) eap_peap - Peer ACKed our handshake fragment
(2) eap_peap - [eap-tls verify] = request
(2) eap_peap - Sending additional TLS record fragment (1004 bytes),
241 bytes remaining
(2) eap_peap - [eap-tls process] = handled
(2) vpieap - Sending EAP Request (code 1) ID 5 length 1010
(2) vpieap (handled)
(2) } # authenticate (handled)
(2) Using Post-Auth-Type Challenge
(2) Post-Auth-Type sub-section not found. Ignoring.
(2) Running Post-Auth-Type Challenge from file /etc/raddb/sites-enabled/vpi
(2) Sent Access-Challenge Id 158 from 137.222.8.134:16020 to
172.17.107.208:32770 via ens192 length 0
(2) EAP-Message =
0x010503f219402053657276696365733129302706035504031320556e6976657273697479206f662042726973746f6c2057696e646f7773204341301e170d3033303131303130323733375a170d3233303131303130333531315a3081bf3125302306092a864886f70d010901161663612d61646d696e40
(2) Message-Authenticator = 0x00000000000000000000000000000000
(2) State = 0x03016e00b7ba0f346d696f996ec2a586
(2) Finished request
Waking up in 4.9 seconds.
(3) Received Access-Request Id 159 from 172.17.107.208:32770 to
137.222.8.134:16020 via ens192 length 311
(3) User-Name = "host/IT051252.users.bris.ac.uk"
(3) Chargeable-User-Identity = 0x00
(3) Location-Capable = Civix-Location
(3) Calling-Station-Id = "c4:85:08:a9:05:24"
(3) Called-Station-Id = "88:f0:31:b2:be:70:Bristol-ManagedPCs"
(3) NAS-Port = 13
(3) Cisco-AVPair = "audit-session-id=ac116bd000015f4456e81e35"
(3) Acct-Session-Id = "56e81e35/c4:85:08:a9:05:24/87627"
(3) NAS-IP-Address = 172.17.107.208
(3) NAS-Identifier = "wism8"
(3) Airespace-Wlan-Id = 3
(3) Service-Type = Framed-User
(3) Framed-MTU = 1300
(3) NAS-Port-Type = Wireless-802.11
(3) Tunnel-Type:0 = VLAN
(3) Tunnel-Medium-Type:0 = IEEE-802
(3) Tunnel-Private-Group-Id:0 = "547"
(3) EAP-Message = 0x020500061900
(3) State = 0x03016e00b7ba0f346d696f996ec2a586
(3) Message-Authenticator = 0x98cabe8901eb9b85dccb9e16a30658c2
(3) Running section authorize from file /etc/raddb/sites-enabled/vpi
(3) authorize {
(3) wism-checks {
(3) if (Service-Type == "NAS-Prompt-User") {
(3) ...
(3) }
(3) } # wism-checks (notfound)
(3) preprocess (ok)
(3) uob_auth_log - EXPAND
/var/log/radius/radacct/%{%{Virtual-Server}:-UNKNOWN}/auth-detail.log
(3) uob_auth_log - --> /var/log/radius/radacct/vpi/auth-detail.log
(3) uob_auth_log -
/var/log/radius/radacct/%{%{Virtual-Server}:-UNKNOWN}/auth-detail.log
expands to /var/log/radius/radacct/vpi/auth-detail.log
(3) uob_auth_log - EXPAND %t
(3) uob_auth_log - --> Tue Mar 15 14:59:02 2016
(3) uob_auth_log (ok)
(3) if (User-Name !~ /^host\/.+\.bris(tol)?\.ac\.uk$/i) {
(3) ...
(3) }
(3) vpieap - Peer sent EAP Response (code 2) ID 5 length 6
(3) vpieap - Continuing tunnel setup
(3) vpieap (ok)
(3) } # authorize (ok)
(3) Using 'Auth-Type = vpieap' for authenticate {...}
(3) Running Auth-Type vpieap from file /etc/raddb/sites-enabled/vpi
(3) authenticate {
(3) vpieap - Peer sent packet with EAP method PEAP (25)
(3) vpieap - Calling submodule eap_peap to process data
(3) eap_peap - Continuing EAP-TLS
(3) eap_peap - Peer ACKed our handshake fragment
(3) eap_peap - [eap-tls verify] = request
(3) eap_peap - Sending final TLS record fragment (241 bytes)
(3) eap_peap - [eap-tls process] = handled
(3) vpieap - Sending EAP Request (code 1) ID 6 length 247
(3) vpieap (handled)
(3) } # authenticate (handled)
(3) Using Post-Auth-Type Challenge
(3) Post-Auth-Type sub-section not found. Ignoring.
(3) Running Post-Auth-Type Challenge from file /etc/raddb/sites-enabled/vpi
(3) Sent Access-Challenge Id 159 from 137.222.8.134:16020 to
172.17.107.208:32770 via ens192 length 0
(3) EAP-Message =
0x010600f71900ebe0344cb4e5d4ac912e10789408d80c66f81fd27cddd89c4c4a4dc3ae440f0cc86f59ca46e8ff75376eb7910a0af3153626fe0cf81027c02f568b1e56e2656a4191c98103f0da0f1ff061a21c81756cc2aec65066916bda86078229a217c291a4cb982853454ddb46b5e54200d5fd06d4
(3) Message-Authenticator = 0x00000000000000000000000000000000
(3) State = 0x04076e003ffa67036d696f996ec2a586
(3) Finished request
Waking up in 4.9 seconds.
(4) Received Access-Request Id 160 from 172.17.107.208:32770 to
137.222.8.134:16020 via ens192 length 449
(4) User-Name = "host/IT051252.users.bris.ac.uk"
(4) Chargeable-User-Identity = 0x00
(4) Location-Capable = Civix-Location
(4) Calling-Station-Id = "c4:85:08:a9:05:24"
(4) Called-Station-Id = "88:f0:31:b2:be:70:Bristol-ManagedPCs"
(4) NAS-Port = 13
(4) Cisco-AVPair = "audit-session-id=ac116bd000015f4456e81e35"
(4) Acct-Session-Id = "56e81e35/c4:85:08:a9:05:24/87627"
(4) NAS-IP-Address = 172.17.107.208
(4) NAS-Identifier = "wism8"
(4) Airespace-Wlan-Id = 3
(4) Service-Type = Framed-User
(4) Framed-MTU = 1300
(4) NAS-Port-Type = Wireless-802.11
(4) Tunnel-Type:0 = VLAN
(4) Tunnel-Medium-Type:0 = IEEE-802
(4) Tunnel-Private-Group-Id:0 = "547"
(4) EAP-Message =
0x020600901980000000861603010046100000424104647ecb7be9097a5ded8a15cad2f20782f73ac6dc656b780709999a57827e73a8fe8e6a1b0e84a16922438dc84d05ae35ea7a5ea9a0dde79187142978e52f2b8a14030100010116030100306891fee4d9c9dc571d75c0f76b02e5725a63f2d65a9a70
(4) State = 0x04076e003ffa67036d696f996ec2a586
(4) Message-Authenticator = 0x88fc7f16291a306da34adbcad2b075d8
(4) Running section authorize from file /etc/raddb/sites-enabled/vpi
(4) authorize {
(4) wism-checks {
(4) if (Service-Type == "NAS-Prompt-User") {
(4) ...
(4) }
(4) } # wism-checks (notfound)
(4) preprocess (ok)
(4) uob_auth_log - EXPAND
/var/log/radius/radacct/%{%{Virtual-Server}:-UNKNOWN}/auth-detail.log
(4) uob_auth_log - --> /var/log/radius/radacct/vpi/auth-detail.log
(4) uob_auth_log -
/var/log/radius/radacct/%{%{Virtual-Server}:-UNKNOWN}/auth-detail.log
expands to /var/log/radius/radacct/vpi/auth-detail.log
(4) uob_auth_log - EXPAND %t
(4) uob_auth_log - --> Tue Mar 15 14:59:02 2016
(4) uob_auth_log (ok)
(4) if (User-Name !~ /^host\/.+\.bris(tol)?\.ac\.uk$/i) {
(4) ...
(4) }
(4) vpieap - Peer sent EAP Response (code 2) ID 6 length 144
(4) vpieap - Continuing tunnel setup
(4) vpieap (ok)
(4) } # authorize (ok)
(4) Using 'Auth-Type = vpieap' for authenticate {...}
(4) Running Auth-Type vpieap from file /etc/raddb/sites-enabled/vpi
(4) authenticate {
(4) vpieap - Peer sent packet with EAP method PEAP (25)
(4) vpieap - Calling submodule eap_peap to process data
(4) eap_peap - Continuing EAP-TLS
(4) eap_peap - Peer indicated complete TLS record size will be 134
bytes
(4) eap_peap - Got complete TLS record, with length field (134 bytes)
(4) eap_peap - [eap-tls verify] = ok
(4) eap_peap - <<< recv handshake [length 70], client_key_exchange
(4) eap_peap - TLS Accept: SSLv3 read client key exchange A
(4) eap_peap - <<< recv change_cipher_spec [length 1]
(4) eap_peap - <<< recv handshake [length 16], finished
(4) eap_peap - TLS Accept: SSLv3 read finished A
(4) eap_peap - >>> send change_cipher_spec [length 1]
(4) eap_peap - TLS Accept: SSLv3 write change cipher spec A
(4) eap_peap - >>> send handshake [length 16], finished
(4) eap_peap - TLS Accept: SSLv3 write finished A
(4) eap_peap - TLS Accept: SSLv3 flush data
(4) eap_peap - SSL negotiation finished successfully
(4) eap_peap - TLS established with cipher suite:
ECDHE-RSA-AES256-SHA SSLv3 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA1
(4) eap_peap - Sending complete TLS record (59 bytes)
(4) eap_peap - [eap-tls process] = handled
(4) vpieap - Sending EAP Request (code 1) ID 7 length 69
(4) vpieap (handled)
(4) } # authenticate (handled)
(4) Using Post-Auth-Type Challenge
(4) Post-Auth-Type sub-section not found. Ignoring.
(4) Running Post-Auth-Type Challenge from file /etc/raddb/sites-enabled/vpi
(4) Sent Access-Challenge Id 160 from 137.222.8.134:16020 to
172.17.107.208:32770 via ens192 length 0
(4) EAP-Message =
0x0107004519800000003b14030100010116030100306fdc388f829843e06f869eeae13afdf94ba2efe759a91d60b7a147cb1663ee604ab474b08aaf072259723668fe0c447b
(4) Message-Authenticator = 0x00000000000000000000000000000000
(4) State = 0x05016e00b7ba0f346d696f996ec2a586
(4) Finished request
Waking up in 4.9 seconds.
(5) Received Access-Request Id 161 from 172.17.107.208:32770 to
137.222.8.134:16020 via ens192 length 311
(5) User-Name = "host/IT051252.users.bris.ac.uk"
(5) Chargeable-User-Identity = 0x00
(5) Location-Capable = Civix-Location
(5) Calling-Station-Id = "c4:85:08:a9:05:24"
(5) Called-Station-Id = "88:f0:31:b2:be:70:Bristol-ManagedPCs"
(5) NAS-Port = 13
(5) Cisco-AVPair = "audit-session-id=ac116bd000015f4456e81e35"
(5) Acct-Session-Id = "56e81e35/c4:85:08:a9:05:24/87627"
(5) NAS-IP-Address = 172.17.107.208
(5) NAS-Identifier = "wism8"
(5) Airespace-Wlan-Id = 3
(5) Service-Type = Framed-User
(5) Framed-MTU = 1300
(5) NAS-Port-Type = Wireless-802.11
(5) Tunnel-Type:0 = VLAN
(5) Tunnel-Medium-Type:0 = IEEE-802
(5) Tunnel-Private-Group-Id:0 = "547"
(5) EAP-Message = 0x020700061900
(5) State = 0x05016e00b7ba0f346d696f996ec2a586
(5) Message-Authenticator = 0x96dc59cdbca6df009be0b9cbd5443481
(5) Running section authorize from file /etc/raddb/sites-enabled/vpi
(5) authorize {
(5) wism-checks {
(5) if (Service-Type == "NAS-Prompt-User") {
(5) ...
(5) }
(5) } # wism-checks (notfound)
(5) preprocess (ok)
(5) uob_auth_log - EXPAND
/var/log/radius/radacct/%{%{Virtual-Server}:-UNKNOWN}/auth-detail.log
(5) uob_auth_log - --> /var/log/radius/radacct/vpi/auth-detail.log
(5) uob_auth_log -
/var/log/radius/radacct/%{%{Virtual-Server}:-UNKNOWN}/auth-detail.log
expands to /var/log/radius/radacct/vpi/auth-detail.log
(5) uob_auth_log - EXPAND %t
(5) uob_auth_log - --> Tue Mar 15 14:59:02 2016
(5) uob_auth_log (ok)
(5) if (User-Name !~ /^host\/.+\.bris(tol)?\.ac\.uk$/i) {
(5) ...
(5) }
(5) vpieap - Peer sent EAP Response (code 2) ID 7 length 6
(5) vpieap - Continuing tunnel setup
(5) vpieap (ok)
(5) } # authorize (ok)
(5) Using 'Auth-Type = vpieap' for authenticate {...}
(5) Running Auth-Type vpieap from file /etc/raddb/sites-enabled/vpi
(5) authenticate {
(5) vpieap - Peer sent packet with EAP method PEAP (25)
(5) vpieap - Calling submodule eap_peap to process data
(5) eap_peap - Continuing EAP-TLS
(5) eap_peap - Peer ACKed our handshake fragment. handshake is
finished
(5) eap_peap - [eap-tls verify] = success
(5) eap_peap - [eap-tls process] = success
(5) eap_peap - Session established. Decoding tunneled data
(5) eap_peap - PEAP state TUNNEL ESTABLISHED
(5) eap_peap - Sending complete TLS record (37 bytes)
(5) vpieap - Sending EAP Request (code 1) ID 8 length 47
(5) vpieap (handled)
(5) } # authenticate (handled)
(5) Using Post-Auth-Type Challenge
(5) Post-Auth-Type sub-section not found. Ignoring.
(5) Running Post-Auth-Type Challenge from file /etc/raddb/sites-enabled/vpi
(5) Sent Access-Challenge Id 161 from 137.222.8.134:16020 to
172.17.107.208:32770 via ens192 length 0
(5) EAP-Message =
0x0108002f19800000002517030100205f34f3a684a6f8a6c27272a92b19c76ee8552b4ea7b442e2ff9d4c5027a36f41
(5) Message-Authenticator = 0x00000000000000000000000000000000
(5) State = 0x06036e003ffa67036d696f996ec2a586
(5) Finished request
Waking up in 4.9 seconds.
(0) Cleaning up request packet ID 156 with timestamp +3
(1) Cleaning up request packet ID 157 with timestamp +3
(2) Cleaning up request packet ID 158 with timestamp +3
(3) Cleaning up request packet ID 159 with timestamp +3
(4) Cleaning up request packet ID 160 with timestamp +3
(5) Cleaning up request packet ID 161 with timestamp +3
Ready to process requests
Ready to process requests
Signalled to terminate
Exiting normally
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!! EAP session 0x2ab6bf0 did not finish! !!
!! See http://wiki.freeradius.org/guide/Certificate_Compatibility !!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
rlm_sql (uobsql) - Removing connection pool
rlm_sql (uobsql) - Closing connection (0)
rlm_sql_mysql - Socket destructor called, closing socket
rlm_mschap (eduroammschap) - Removing connection pool
rlm_mschap (eduroammschap) - Closing connection (4)
rlm_mschap (eduroammschap) - Closing connection (3)
rlm_mschap (eduroammschap) - Closing connection (2)
rlm_mschap (eduroammschap) - Closing connection (1)
rlm_mschap (eduroammschap) - Closing connection (0)
rlm_sql (uobsql-write) - Removing connection pool
rlm_sql (uobsql-write) - Closing connection (0)
rlm_sql_mysql - Socket destructor called, closing socket
rlm_ldap (uobldap) - Removing connection pool
rlm_ldap (uobldap) - Closing connection (4)
rlm_ldap (uobldap) - Closing connection (3)
rlm_ldap (uobldap) - Closing connection (2)
rlm_ldap (uobldap) - Closing connection (1)
rlm_ldap (uobldap) - Closing connection (0)
--
Jonathan Gazeley
Senior Systems Administrator
IT Services
University of Bristol
More information about the Freeradius-Users
mailing list