Problem with freeradius 3.0.13
Hieu Nguyen
hieu.ntrong at gmail.com
Wed Apr 4 05:44:11 CEST 2018
I have encountered when I view the radius log. But the client still can
authenticate to radius server
Error: (34406) Ignoring duplicate packet from client AP-Aerohive port 51961
- ID: 74 due to unfinished request in component authenticate module eap_peap
Error: (34832) Ignoring duplicate packet from client AP-Aerohive port 45456
- ID: 151 due to unfinished request in component <core> module <queue>
Error: (36273) Ignoring duplicate packet from client AP-Aerohive port 48417
- ID: 17 due to unfinished request in component <core> module <queue>
Error: (36604) Ignoring duplicate packet from client AP-Aerohive port 47301
- ID: 165 due to unfinished request in component authenticate module eap
Error: (680844) Ignoring duplicate packet from client AP-Aerohive port
43470 - ID: 156 due to unfinished request in component accounting module sql
This is the output debug " freeradius -X "
FreeRADIUS Version 3.0.13
>
> Copyright (C) 1999-2017 The FreeRADIUS server project and contributors
>
> There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
>
> PARTICULAR PURPOSE
>
> You may redistribute copies of FreeRADIUS under the terms of the
>
> GNU General Public License
>
> For more information about these matters, see the file named COPYRIGHT
>
> Starting - reading configuration files ...
>
> including dictionary file /usr/share/freeradius/dictionary
>
> including dictionary file /usr/share/freeradius/dictionary.dhcp
>
> including dictionary file /usr/share/freeradius/dictionary.vqp
>
> including dictionary file /etc/freeradius/dictionary
>
> including configuration file /etc/freeradius/radiusd.conf
>
> including configuration file /etc/freeradius/clients.conf
>
> including files in directory /etc/freeradius/mods-enabled/
>
> including configuration file /etc/freeradius/mods-enabled/always
>
> including configuration file /etc/freeradius/mods-enabled/attr_filter
>
> including configuration file /etc/freeradius/mods-enabled/cache_eap
>
> including configuration file /etc/freeradius/mods-enabled/chap
>
> including configuration file /etc/freeradius/mods-enabled/detail
>
> including configuration file /etc/freeradius/mods-enabled/detail.log
>
> including configuration file /etc/freeradius/mods-enabled/digest
>
> including configuration file /etc/freeradius/mods-enabled/dynamic_clients
>
> including configuration file /etc/freeradius/mods-enabled/eap
>
> including configuration file /etc/freeradius/mods-enabled/echo
>
> including configuration file /etc/freeradius/mods-enabled/exec
>
> including configuration file /etc/freeradius/mods-enabled/expiration
>
> including configuration file /etc/freeradius/mods-enabled/expr
>
> including configuration file /etc/freeradius/mods-enabled/files
>
> including configuration file /etc/freeradius/mods-enabled/linelog
>
> including configuration file /etc/freeradius/mods-enabled/logintime
>
> including configuration file /etc/freeradius/mods-enabled/mschap
>
> including configuration file /etc/freeradius/mods-enabled/ntlm_auth
>
> including configuration file /etc/freeradius/mods-enabled/pap
>
> including configuration file /etc/freeradius/mods-enabled/passwd
>
> including configuration file /etc/freeradius/mods-enabled/preprocess
>
> including configuration file /etc/freeradius/mods-enabled/radutmp
>
> including configuration file /etc/freeradius/mods-enabled/realm
>
> including configuration file /etc/freeradius/mods-enabled/replicate
>
> including configuration file /etc/freeradius/mods-enabled/soh
>
> including configuration file /etc/freeradius/mods-enabled/sradutmp
>
> including configuration file /etc/freeradius/mods-enabled/unix
>
> including configuration file /etc/freeradius/mods-enabled/unpack
>
> including configuration file /etc/freeradius/mods-enabled/utf8
>
> including configuration file /etc/freeradius/mods-enabled/sql
>
> including configuration file
>> /etc/freeradius/mods-config/sql/main/mysql/queries.conf
>
> including files in directory /etc/freeradius/policy.d/
>
> including configuration file /etc/freeradius/policy.d/abfab-tr
>
> including configuration file /etc/freeradius/policy.d/accounting
>
> including configuration file /etc/freeradius/policy.d/canonicalization
>
> including configuration file /etc/freeradius/policy.d/control
>
> including configuration file /etc/freeradius/policy.d/cui
>
> including configuration file /etc/freeradius/policy.d/debug
>
> including configuration file /etc/freeradius/policy.d/dhcp
>
> including configuration file /etc/freeradius/policy.d/eap
>
> including configuration file /etc/freeradius/policy.d/filter
>
> including configuration file /etc/freeradius/policy.d/moonshot-targeted-ids
>
> including configuration file /etc/freeradius/policy.d/operator-name
>
> including files in directory /etc/freeradius/sites-enabled/
>
> including configuration file /etc/freeradius/sites-enabled/default
>
> including configuration file /etc/freeradius/sites-enabled/inner-tunnel
>
> including configuration file /etc/freeradius/sites-enabled/status
>
> main {
>
> security {
>
> user = "freerad"
>
> group = "freerad"
>
> allow_core_dumps = no
>
> }
>
> name = "freeradius"
>
> prefix = "/usr"
>
> localstatedir = "/var"
>
> logdir = "/var/log/freeradius"
>
> run_dir = "/var/run/freeradius"
>
> }
>
> main {
>
> name = "freeradius"
>
> prefix = "/usr"
>
> localstatedir = "/var"
>
> sbindir = "/usr/sbin"
>
> logdir = "/var/log/freeradius"
>
> run_dir = "/var/run/freeradius"
>
> libdir = "/usr/lib/freeradius"
>
> radacctdir = "/var/log/freeradius/radacct"
>
> hostname_lookups = no
>
> max_request_time = 30
>
> cleanup_delay = 5
>
> max_requests = 16384
>
> pidfile = "/var/run/freeradius/freeradius.pid"
>
> checkrad = "/usr/sbin/checkrad"
>
> debug_level = 0
>
> proxy_requests = no
>
> log {
>
> stripped_names = no
>
> auth = no
>
> auth_badpass = no
>
> auth_goodpass = no
>
> colourise = yes
>
> msg_denied = "You are already logged in - access denied"
>
> }
>
> resources {
>
> }
>
> security {
>
> max_attributes = 200
>
> reject_delay = 1.000000
>
> status_server = yes
>
> }
>
> }
>
> radiusd: #### Loading Realms and Home Servers ####
>
> radiusd: #### Loading Clients ####
>
> client localhost {
>
> ipaddr = 127.0.0.1
>
> require_message_authenticator = no
>
> secret = <<< secret >>>
>
> nas_type = "other"
>
> proto = "*"
>
> limit {
>
> max_connections = 16
>
> lifetime = 0
>
> idle_timeout = 30
>
> }
>
> }
>
> client localhost_ipv6 {
>
> ipv6addr = ::1
>
> require_message_authenticator = no
>
> secret = <<< secret >>>
>
> limit {
>
> max_connections = 16
>
> lifetime = 0
>
> idle_timeout = 30
>
> }
>
> }
>
> client AP-Wireless802.1X {
>
> ipaddr = *
>
> require_message_authenticator = no
>
> secret = <<< secret >>>
>
> shortname = "AP-Aerohive"
>
> limit {
>
> max_connections = 16
>
> lifetime = 0
>
> idle_timeout = 30
>
> }
>
> }
>
> client eapol_testing {
>
> ipaddr = 172.16.0.0/16
>
> require_message_authenticator = no
>
> secret = <<< secret >>>
>
> shortname = "Local-Testing"
>
> limit {
>
> max_connections = 16
>
> lifetime = 0
>
> idle_timeout = 30
>
> }
>
> }
>
> Debugger not attached
>
> # Creating Auth-Type = mschap
>
> # Creating Auth-Type = digest
>
> # Creating Auth-Type = eap
>
> # Creating Auth-Type = PAP
>
> # Creating Auth-Type = CHAP
>
> # Creating Auth-Type = MS-CHAP
>
> # Creating Autz-Type = Status-Server
>
> radiusd: #### Instantiating modules ####
>
> modules {
>
> # Loaded module rlm_always
>
> # Loading module "reject" from file /etc/freeradius/mods-enabled/always
>
> always reject {
>
> rcode = "reject"
>
> simulcount = 0
>
> mpp = no
>
> }
>
> # Loading module "fail" from file /etc/freeradius/mods-enabled/always
>
> always fail {
>
> rcode = "fail"
>
> simulcount = 0
>
> mpp = no
>
> }
>
> # Loading module "ok" from file /etc/freeradius/mods-enabled/always
>
> always ok {
>
> rcode = "ok"
>
> simulcount = 0
>
> mpp = no
>
> }
>
> # Loading module "handled" from file /etc/freeradius/mods-enabled/always
>
> always handled {
>
> rcode = "handled"
>
> simulcount = 0
>
> mpp = no
>
> }
>
> # Loading module "invalid" from file /etc/freeradius/mods-enabled/always
>
> always invalid {
>
> rcode = "invalid"
>
> simulcount = 0
>
> mpp = no
>
> }
>
> # Loading module "userlock" from file /etc/freeradius/mods-enabled/always
>
> always userlock {
>
> rcode = "userlock"
>
> simulcount = 0
>
> mpp = no
>
> }
>
> # Loading module "notfound" from file /etc/freeradius/mods-enabled/always
>
> always notfound {
>
> rcode = "notfound"
>
> simulcount = 0
>
> mpp = no
>
> }
>
> # Loading module "noop" from file /etc/freeradius/mods-enabled/always
>
> always noop {
>
> rcode = "noop"
>
> simulcount = 0
>
> mpp = no
>
> }
>
> # Loading module "updated" from file /etc/freeradius/mods-enabled/always
>
> always updated {
>
> rcode = "updated"
>
> simulcount = 0
>
> mpp = no
>
> }
>
> # Loaded module rlm_attr_filter
>
> # Loading module "attr_filter.post-proxy" from file
>> /etc/freeradius/mods-enabled/attr_filter
>
> attr_filter attr_filter.post-proxy {
>
> filename = "/etc/freeradius/mods-config/attr_filter/post-proxy"
>
> key = "%{Realm}"
>
> relaxed = no
>
> }
>
> # Loading module "attr_filter.pre-proxy" from file
>> /etc/freeradius/mods-enabled/attr_filter
>
> attr_filter attr_filter.pre-proxy {
>
> filename = "/etc/freeradius/mods-config/attr_filter/pre-proxy"
>
> key = "%{Realm}"
>
> relaxed = no
>
> }
>
> # Loading module "attr_filter.access_reject" from file
>> /etc/freeradius/mods-enabled/attr_filter
>
> attr_filter attr_filter.access_reject {
>
> filename = "/etc/freeradius/mods-config/attr_filter/access_reject"
>
> key = "%{User-Name}"
>
> relaxed = no
>
> }
>
> # Loading module "attr_filter.access_challenge" from file
>> /etc/freeradius/mods-enabled/attr_filter
>
> attr_filter attr_filter.access_challenge {
>
> filename =
>> "/etc/freeradius/mods-config/attr_filter/access_challenge"
>
> key = "%{User-Name}"
>
> relaxed = no
>
> }
>
> # Loading module "attr_filter.accounting_response" from file
>> /etc/freeradius/mods-enabled/attr_filter
>
> attr_filter attr_filter.accounting_response {
>
> filename =
>> "/etc/freeradius/mods-config/attr_filter/accounting_response"
>
> key = "%{User-Name}"
>
> relaxed = no
>
> }
>
> # Loaded module rlm_cache
>
> # Loading module "cache_eap" from file
>> /etc/freeradius/mods-enabled/cache_eap
>
> cache cache_eap {
>
> driver = "rlm_cache_rbtree"
>
> key = "%{%{control:State}:-%{%{reply:State}:-%{State}}}"
>
> ttl = 15
>
> max_entries = 0
>
> epoch = 0
>
> add_stats = no
>
> }
>
> # Loaded module rlm_chap
>
> # Loading module "chap" from file /etc/freeradius/mods-enabled/chap
>
> # Loaded module rlm_detail
>
> # Loading module "detail" from file /etc/freeradius/mods-enabled/detail
>
> detail {
>
> filename =
>> "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d"
>
> header = "%t"
>
> permissions = 384
>
> locking = no
>
> escape_filenames = no
>
> log_packet_header = no
>
> }
>
> # Loading module "auth_log" from file
>> /etc/freeradius/mods-enabled/detail.log
>
> detail auth_log {
>
> filename =
>> "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d"
>
> header = "%t"
>
> permissions = 384
>
> locking = no
>
> escape_filenames = no
>
> log_packet_header = no
>
> }
>
> # Loading module "reply_log" from file
>> /etc/freeradius/mods-enabled/detail.log
>
> detail reply_log {
>
> filename =
>> "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/reply-detail-%Y%m%d"
>
> header = "%t"
>
> permissions = 384
>
> locking = no
>
> escape_filenames = no
>
> log_packet_header = no
>
> }
>
> # Loading module "pre_proxy_log" from file
>> /etc/freeradius/mods-enabled/detail.log
>
> detail pre_proxy_log {
>
> filename =
>> "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/pre-proxy-detail-%Y%m%d"
>
> header = "%t"
>
> permissions = 384
>
> locking = no
>
> escape_filenames = no
>
> log_packet_header = no
>
> }
>
> # Loading module "post_proxy_log" from file
>> /etc/freeradius/mods-enabled/detail.log
>
> detail post_proxy_log {
>
> filename =
>> "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/post-proxy-detail-%Y%m%d"
>
> header = "%t"
>
> permissions = 384
>
> locking = no
>
> escape_filenames = no
>
> log_packet_header = no
>
> }
>
> # Loaded module rlm_digest
>
> # Loading module "digest" from file /etc/freeradius/mods-enabled/digest
>
> # Loaded module rlm_dynamic_clients
>
> # Loading module "dynamic_clients" from file
>> /etc/freeradius/mods-enabled/dynamic_clients
>
> # Loaded module rlm_eap
>
> # Loading module "eap" from file /etc/freeradius/mods-enabled/eap
>
> eap {
>
> default_eap_type = "peap"
>
> timer_expire = 60
>
> ignore_unknown_eap_types = no
>
> cisco_accounting_username_bug = no
>
> max_sessions = 16384
>
> }
>
> # Loaded module rlm_exec
>
> # Loading module "echo" from file /etc/freeradius/mods-enabled/echo
>
> exec echo {
>
> wait = yes
>
> program = "/bin/echo %{User-Name}"
>
> input_pairs = "request"
>
> output_pairs = "reply"
>
> shell_escape = yes
>
> }
>
> # Loading module "exec" from file /etc/freeradius/mods-enabled/exec
>
> exec {
>
> wait = no
>
> input_pairs = "request"
>
> shell_escape = yes
>
> timeout = 10
>
> }
>
> # Loaded module rlm_expiration
>
> # Loading module "expiration" from file
>> /etc/freeradius/mods-enabled/expiration
>
> # Loaded module rlm_expr
>
> # Loading module "expr" from file /etc/freeradius/mods-enabled/expr
>
> expr {
>
> safe_characters =
>> "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_:
>> /äéöüàâæçèéêëîïôœùûüaÿÄÉÖÜßÀÂÆÇÈÉÊËÎÏÔŒÙÛÜŸ"
>
> }
>
> # Loaded module rlm_files
>
> # Loading module "files" from file /etc/freeradius/mods-enabled/files
>
> files {
>
> filename = "/etc/freeradius/mods-config/files/authorize"
>
> acctusersfile = "/etc/freeradius/mods-config/files/accounting"
>
> preproxy_usersfile = "/etc/freeradius/mods-config/files/pre-proxy"
>
> }
>
> # Loaded module rlm_linelog
>
> # Loading module "linelog" from file /etc/freeradius/mods-enabled/linelog
>
> linelog {
>
> filename = "/var/log/freeradius/linelog"
>
> escape_filenames = no
>
> syslog_severity = "info"
>
> permissions = 384
>
> format = "This is a log message for %{User-Name}"
>
> reference = "messages.%{%{reply:Packet-Type}:-default}"
>
> }
>
> # Loading module "log_accounting" from file
>> /etc/freeradius/mods-enabled/linelog
>
> linelog log_accounting {
>
> filename = "/var/log/freeradius/linelog-accounting"
>
> escape_filenames = no
>
> syslog_severity = "info"
>
> permissions = 384
>
> format = ""
>
> reference = "Accounting-Request.%{%{Acct-Status-Type}:-unknown}"
>
> }
>
> # Loaded module rlm_logintime
>
> # Loading module "logintime" from file
>> /etc/freeradius/mods-enabled/logintime
>
> logintime {
>
> minimum_timeout = 60
>
> }
>
> # Loaded module rlm_mschap
>
> # Loading module "mschap" from file /etc/freeradius/mods-enabled/mschap
>
> mschap {
>
> use_mppe = yes
>
> require_encryption = yes
>
> require_strong = yes
>
> with_ntdomain_hack = yes
>
> passchange {
>
> }
>
> allow_retry = yes
>
> winbind_retry_with_normalised_username = no
>
> }
>
> # Loading module "ntlm_auth" from file
>> /etc/freeradius/mods-enabled/ntlm_auth
>
> exec ntlm_auth {
>
> wait = yes
>
> program = "/path/to/ntlm_auth --request-nt-key --domain=MYDOMAIN
>> --username=%{mschap:User-Name} --password=%{User-Password}"
>
> shell_escape = yes
>
> }
>
> # Loaded module rlm_pap
>
> # Loading module "pap" from file /etc/freeradius/mods-enabled/pap
>
> pap {
>
> normalise = yes
>
> }
>
> # Loaded module rlm_passwd
>
> # Loading module "etc_passwd" from file
>> /etc/freeradius/mods-enabled/passwd
>
> passwd etc_passwd {
>
> filename = "/etc/passwd"
>
> format = "*User-Name:Crypt-Password:"
>
> delimiter = ":"
>
> ignore_nislike = no
>
> ignore_empty = yes
>
> allow_multiple_keys = no
>
> hash_size = 100
>
> }
>
> # Loaded module rlm_preprocess
>
> # Loading module "preprocess" from file
>> /etc/freeradius/mods-enabled/preprocess
>
> preprocess {
>
> huntgroups = "/etc/freeradius/mods-config/preprocess/huntgroups"
>
> hints = "/etc/freeradius/mods-config/preprocess/hints"
>
> with_ascend_hack = no
>
> ascend_channels_per_line = 23
>
> with_ntdomain_hack = no
>
> with_specialix_jetstream_hack = no
>
> with_cisco_vsa_hack = no
>
> with_alvarion_vsa_hack = no
>
> }
>
> # Loaded module rlm_radutmp
>
> # Loading module "radutmp" from file /etc/freeradius/mods-enabled/radutmp
>
> radutmp {
>
> filename = "/var/log/freeradius/radutmp"
>
> username = "%{User-Name}"
>
> case_sensitive = yes
>
> check_with_nas = yes
>
> permissions = 384
>
> caller_id = yes
>
> }
>
> # Loaded module rlm_realm
>
> # Loading module "IPASS" from file /etc/freeradius/mods-enabled/realm
>
> realm IPASS {
>
> format = "prefix"
>
> delimiter = "/"
>
> ignore_default = no
>
> ignore_null = no
>
> }
>
> # Loading module "suffix" from file /etc/freeradius/mods-enabled/realm
>
> realm suffix {
>
> format = "suffix"
>
> delimiter = "@"
>
> ignore_default = no
>
> ignore_null = no
>
> }
>
> # Loading module "realmpercent" from file
>> /etc/freeradius/mods-enabled/realm
>
> realm realmpercent {
>
> format = "suffix"
>
> delimiter = "%"
>
> ignore_default = no
>
> ignore_null = no
>
> }
>
> # Loading module "ntdomain" from file /etc/freeradius/mods-enabled/realm
>
> realm ntdomain {
>
> format = "prefix"
>
> delimiter = "\\"
>
> ignore_default = no
>
> ignore_null = no
>
> }
>
> # Loaded module rlm_replicate
>
> # Loading module "replicate" from file
>> /etc/freeradius/mods-enabled/replicate
>
> # Loaded module rlm_soh
>
> # Loading module "soh" from file /etc/freeradius/mods-enabled/soh
>
> soh {
>
> dhcp = yes
>
> }
>
> # Loading module "sradutmp" from file
>> /etc/freeradius/mods-enabled/sradutmp
>
> radutmp sradutmp {
>
> filename = "/var/log/freeradius/sradutmp"
>
> username = "%{User-Name}"
>
> case_sensitive = yes
>
> check_with_nas = yes
>
> permissions = 420
>
> caller_id = no
>
> }
>
> # Loaded module rlm_unix
>
> # Loading module "unix" from file /etc/freeradius/mods-enabled/unix
>
> unix {
>
> radwtmp = "/var/log/freeradius/radwtmp"
>
> }
>
> Creating attribute Unix-Group
>
> # Loaded module rlm_unpack
>
> # Loading module "unpack" from file /etc/freeradius/mods-enabled/unpack
>
> # Loaded module rlm_utf8
>
> # Loading module "utf8" from file /etc/freeradius/mods-enabled/utf8
>
> # Loaded module rlm_sql
>
> # Loading module "sql" from file /etc/freeradius/mods-enabled/sql
>
> sql {
>
> driver = "rlm_sql_mysql"
>
> server = "127.0.0.1"
>
> port = 3306
>
> login = "freeradius"
>
> password = <<< secret >>>
>
> radius_db = "radius"
>
> read_groups = yes
>
> read_profiles = yes
>
> read_clients = yes
>
> delete_stale_sessions = yes
>
> sql_user_name = "%{User-Name}"
>
> default_user_profile = ""
>
> client_query = "SELECT id, nasname, shortname, type, secret,
>> server FROM nas"
>
> authorize_check_query = "SELECT id, username, attribute, value, op
>> FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id"
>
> authorize_reply_query = "SELECT id, username, attribute, value, op
>> FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id"
>
> authorize_group_check_query = "SELECT id, groupname, attribute,
>> Value, op FROM radgroupcheck WHERE groupname = '%{SQL-Group}' ORDER BY id"
>
> authorize_group_reply_query = "SELECT id, groupname, attribute,
>> value, op FROM radgroupreply WHERE groupname = '%{SQL-Group}' ORDER BY id"
>
> group_membership_query = "SELECT groupname FROM radusergroup WHERE
>> username = '%{SQL-User-Name}' ORDER BY priority"
>
> simul_count_query = "SELECT COUNT(*) FROM radacct WHERE username =
>> '%{SQL-User-Name}' AND acctstoptime IS NULL"
>
> simul_verify_query = "SELECT radacctid, acctsessionid, username,
>> nasipaddress, nasportid, framedipaddress, callingstationid, framedprotocol
>> FROM radacct WHERE username = '%{SQL-User-Name}' AND acctstoptime IS NULL"
>
> safe_characters =
>> "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
>
> accounting {
>
> reference = "%{tolower:type.%{Acct-Status-Type}.query}"
>
> type {
>
> accounting-on {
>
> query = "UPDATE radacct SET acctstoptime =
>> FROM_UNIXTIME(%{integer:Event-Timestamp}), acctsessiontime =
>> '%{integer:Event-Timestamp}' - UNIX_TIMESTAMP(acctstarttime),
>> acctterminatecause = '%{%{Acct-Terminate-Cause}:-NAS-Reboot}' WHERE
>> acctstoptime IS NULL AND nasipaddress = '%{NAS-IP-Address}' AND
>> acctstarttime <= FROM_UNIXTIME(%{integer:Event-Timestamp})"
>
> }
>
> accounting-off {
>
> query = "UPDATE radacct SET acctstoptime =
>> FROM_UNIXTIME(%{integer:Event-Timestamp}), acctsessiontime =
>> '%{integer:Event-Timestamp}' - UNIX_TIMESTAMP(acctstarttime),
>> acctterminatecause = '%{%{Acct-Terminate-Cause}:-NAS-Reboot}' WHERE
>> acctstoptime IS NULL AND nasipaddress = '%{NAS-IP-Address}' AND
>> acctstarttime <= FROM_UNIXTIME(%{integer:Event-Timestamp})"
>
> }
>
> start {
>
> query = "INSERT INTO radacct (acctsessionid,
>> acctuniqueid, username, realm,
>> nasipaddress, nasportid, nasporttype, acctstarttime,
>> acctupdatetime, acctstoptime, acctsessiontime,
>> acctauthentic, connectinfo_start, connectinfo_stop, acctinputoctets,
>> acctoutputoctets, calledstationid, callingstationid,
>> acctterminatecause, servicetype, framedprotocol,
>> framedipaddress) VALUES ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}',
>> '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}',
>> '%{%{NAS-Port-ID}:-%{NAS-Port}}', '%{NAS-Port-Type}',
>> FROM_UNIXTIME(%{integer:Event-Timestamp}),
>> FROM_UNIXTIME(%{integer:Event-Timestamp}), NULL, '0', '%{Acct-Authentic}',
>> '%{Connect-Info}', '', '0', '0', '%{Called-Station-Id}',
>> '%{Calling-Station-Id}', '', '%{Service-Type}', '%{Framed-Protocol}',
>> '%{Framed-IP-Address}')"
>
> }
>
> interim-update {
>
> query = "UPDATE radacct SET acctupdatetime =
>> (@acctupdatetime_old:=acctupdatetime), acctupdatetime =
>> FROM_UNIXTIME(%{integer:Event-Timestamp}), acctinterval =
>> %{integer:Event-Timestamp} - UNIX_TIMESTAMP(@acctupdatetime_old),
>> framedipaddress = '%{Framed-IP-Address}', acctsessiontime =
>> %{%{Acct-Session-Time}:-NULL}, acctinputoctets =
>> '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}',
>> acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' << 32 |
>> '%{%{Acct-Output-Octets}:-0}' WHERE AcctUniqueId =
>> '%{Acct-Unique-Session-Id}'"
>
> }
>
> stop {
>
> query = "UPDATE radacct SET acctstoptime =
>> FROM_UNIXTIME(%{integer:Event-Timestamp}), acctsessiontime =
>> %{%{Acct-Session-Time}:-NULL}, acctinputoctets =
>> '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}',
>> acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' << 32 |
>> '%{%{Acct-Output-Octets}:-0}', acctterminatecause =
>> '%{Acct-Terminate-Cause}', connectinfo_stop = '%{Connect-Info}' WHERE
>> AcctUniqueId = '%{Acct-Unique-Session-Id}'"
>
> }
>
> }
>
> }
>
> post-auth {
>
> reference = ".query"
>
> query = "INSERT INTO radpostauth (username, pass, reply, authdate)
>> VALUES ( '%{SQL-User-Name}', '%{%{User-Password}:-%{Chap-Password}}',
>> '%{reply:Packet-Type}', '%S')"
>
> }
>
> }
>
> rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and
>> linked
>
> Creating attribute SQL-Group
>
> instantiate {
>
> }
>
> # Instantiating module "reject" from file
>> /etc/freeradius/mods-enabled/always
>
> # Instantiating module "fail" from file
>> /etc/freeradius/mods-enabled/always
>
> # Instantiating module "ok" from file /etc/freeradius/mods-enabled/always
>
> # Instantiating module "handled" from file
>> /etc/freeradius/mods-enabled/always
>
> # Instantiating module "invalid" from file
>> /etc/freeradius/mods-enabled/always
>
> # Instantiating module "userlock" from file
>> /etc/freeradius/mods-enabled/always
>
> # Instantiating module "notfound" from file
>> /etc/freeradius/mods-enabled/always
>
> # Instantiating module "noop" from file
>> /etc/freeradius/mods-enabled/always
>
> # Instantiating module "updated" from file
>> /etc/freeradius/mods-enabled/always
>
> # Instantiating module "attr_filter.post-proxy" from file
>> /etc/freeradius/mods-enabled/attr_filter
>
> reading pairlist file /etc/freeradius/mods-config/attr_filter/post-proxy
>
> # Instantiating module "attr_filter.pre-proxy" from file
>> /etc/freeradius/mods-enabled/attr_filter
>
> reading pairlist file /etc/freeradius/mods-config/attr_filter/pre-proxy
>
> # Instantiating module "attr_filter.access_reject" from file
>> /etc/freeradius/mods-enabled/attr_filter
>
> reading pairlist file /etc/freeradius/mods-config/attr_filter/access_reject
>
> [/etc/freeradius/mods-config/attr_filter/access_reject]:11 Check item
>> "FreeRADIUS-Response-Delay" found in filter list for realm "DEFAULT".
>
> [/etc/freeradius/mods-config/attr_filter/access_reject]:11 Check item
>> "FreeRADIUS-Response-Delay-USec" found in filter list for realm "DEFAULT".
>
> # Instantiating module "attr_filter.access_challenge" from file
>> /etc/freeradius/mods-enabled/attr_filter
>
> reading pairlist file
>> /etc/freeradius/mods-config/attr_filter/access_challenge
>
> # Instantiating module "attr_filter.accounting_response" from file
>> /etc/freeradius/mods-enabled/attr_filter
>
> reading pairlist file
>> /etc/freeradius/mods-config/attr_filter/accounting_response
>
> # Instantiating module "cache_eap" from file
>> /etc/freeradius/mods-enabled/cache_eap
>
> rlm_cache (cache_eap): Driver rlm_cache_rbtree (module rlm_cache_rbtree)
>> loaded and linked
>
> # Instantiating module "detail" from file
>> /etc/freeradius/mods-enabled/detail
>
> # Instantiating module "auth_log" from file
>> /etc/freeradius/mods-enabled/detail.log
>
> rlm_detail (auth_log): 'User-Password' suppressed, will not appear in
>> detail output
>
> # Instantiating module "reply_log" from file
>> /etc/freeradius/mods-enabled/detail.log
>
> # Instantiating module "pre_proxy_log" from file
>> /etc/freeradius/mods-enabled/detail.log
>
> # Instantiating module "post_proxy_log" from file
>> /etc/freeradius/mods-enabled/detail.log
>
> # Instantiating module "eap" from file /etc/freeradius/mods-enabled/eap
>
> # Linked to sub-module rlm_eap_tls
>
> tls {
>
> tls = "tls-common"
>
> }
>
> tls-config tls-common {
>
> verify_depth = 0
>
> ca_path = "/etc/freeradius/certs"
>
> pem_file_type = yes
>
> private_key_file = "/etc/freeradius/certs/server.pem"
>
> certificate_file = "/etc/freeradius/certs/server.pem"
>
> ca_file = "/etc/freeradius/certs/ca.pem"
>
> private_key_password = <<< secret >>>
>
> dh_file = "/etc/freeradius/certs/dh"
>
> fragment_size = 1024
>
> include_length = yes
>
> auto_chain = yes
>
> check_crl = no
>
> check_all_crl = no
>
> cipher_list = "DEFAULT"
>
> cipher_server_preference = no
>
> ecdh_curve = "prime256v1"
>
> cache {
>
> enable = yes
>
> lifetime = 24
>
> max_entries = 255
>
> }
>
> verify {
>
> skip_if_ocsp_ok = no
>
> }
>
> ocsp {
>
> enable = no
>
> override_cert_url = yes
>
> url = "http://127.0.0.1/ocsp/"
>
> use_nonce = yes
>
> timeout = 0
>
> softfail = no
>
> }
>
> }
>
> # Linked to sub-module rlm_eap_ttls
>
> ttls {
>
> tls = "tls-common"
>
> default_eap_type = "md5"
>
> copy_request_to_tunnel = no
>
> use_tunneled_reply = no
>
> virtual_server = "inner-tunnel"
>
> include_length = yes
>
> require_client_cert = no
>
> }
>
> tls: Using cached TLS configuration from previous invocation
>
> # Linked to sub-module rlm_eap_peap
>
> peap {
>
> tls = "tls-common"
>
> default_eap_type = "mschapv2"
>
> copy_request_to_tunnel = yes
>
> use_tunneled_reply = no
>
> proxy_tunneled_request_as_eap = yes
>
> virtual_server = "inner-tunnel"
>
> soh = no
>
> require_client_cert = no
>
> }
>
> tls: Using cached TLS configuration from previous invocation
>
> # Linked to sub-module rlm_eap_mschapv2
>
> mschapv2 {
>
> with_ntdomain_hack = no
>
> send_error = no
>
> }
>
> # Instantiating module "expiration" from file
>> /etc/freeradius/mods-enabled/expiration
>
> # Instantiating module "files" from file
>> /etc/freeradius/mods-enabled/files
>
> reading pairlist file /etc/freeradius/mods-config/files/authorize
>
> reading pairlist file /etc/freeradius/mods-config/files/accounting
>
> reading pairlist file /etc/freeradius/mods-config/files/pre-proxy
>
> # Instantiating module "linelog" from file
>> /etc/freeradius/mods-enabled/linelog
>
> # Instantiating module "log_accounting" from file
>> /etc/freeradius/mods-enabled/linelog
>
> # Instantiating module "logintime" from file
>> /etc/freeradius/mods-enabled/logintime
>
> # Instantiating module "mschap" from file
>> /etc/freeradius/mods-enabled/mschap
>
> rlm_mschap (mschap): using internal authentication
>
> # Instantiating module "pap" from file /etc/freeradius/mods-enabled/pap
>
> # Instantiating module "etc_passwd" from file
>> /etc/freeradius/mods-enabled/passwd
>
> rlm_passwd: nfields: 3 keyfield 0(User-Name) listable: no
>
> # Instantiating module "preprocess" from file
>> /etc/freeradius/mods-enabled/preprocess
>
> reading pairlist file /etc/freeradius/mods-config/preprocess/huntgroups
>
> reading pairlist file /etc/freeradius/mods-config/preprocess/hints
>
> # Instantiating module "IPASS" from file
>> /etc/freeradius/mods-enabled/realm
>
> # Instantiating module "suffix" from file
>> /etc/freeradius/mods-enabled/realm
>
> # Instantiating module "realmpercent" from file
>> /etc/freeradius/mods-enabled/realm
>
> # Instantiating module "ntdomain" from file
>> /etc/freeradius/mods-enabled/realm
>
> # Instantiating module "sql" from file /etc/freeradius/mods-enabled/sql
>
> rlm_sql_mysql: libmysql version: 5.7.19
>
> mysql {
>
> tls {
>
> }
>
> warnings = "auto"
>
> }
>
> rlm_sql (sql): Attempting to connect to database "radius"
>
> rlm_sql (sql): Initialising connection pool
>
> pool {
>
> start = 5
>
> min = 3
>
> max = 32
>
> spare = 10
>
> uses = 0
>
> lifetime = 0
>
> cleanup_interval = 30
>
> idle_timeout = 60
>
> retry_delay = 30
>
> spread = no
>
> }
>
> rlm_sql (sql): Opening additional connection (0), 1 of 32 pending slots
>> used
>
> rlm_sql_mysql: Starting connect to MySQL server
>
> rlm_sql_mysql: Connected to database 'radius' on 127.0.0.1 via TCP/IP,
>> server version 5.7.19-0ubuntu0.16.04.1-log, protocol version 10
>
> rlm_sql (sql): Opening additional connection (1), 1 of 31 pending slots
>> used
>
> rlm_sql_mysql: Starting connect to MySQL server
>
> rlm_sql_mysql: Connected to database 'radius' on 127.0.0.1 via TCP/IP,
>> server version 5.7.19-0ubuntu0.16.04.1-log, protocol version 10
>
> rlm_sql (sql): Opening additional connection (2), 1 of 30 pending slots
>> used
>
> rlm_sql_mysql: Starting connect to MySQL server
>
> rlm_sql_mysql: Connected to database 'radius' on 127.0.0.1 via TCP/IP,
>> server version 5.7.19-0ubuntu0.16.04.1-log, protocol version 10
>
> rlm_sql (sql): Opening additional connection (3), 1 of 29 pending slots
>> used
>
> rlm_sql_mysql: Starting connect to MySQL server
>
> rlm_sql_mysql: Connected to database 'radius' on 127.0.0.1 via TCP/IP,
>> server version 5.7.19-0ubuntu0.16.04.1-log, protocol version 10
>
> rlm_sql (sql): Opening additional connection (4), 1 of 28 pending slots
>> used
>
> rlm_sql_mysql: Starting connect to MySQL server
>
> rlm_sql_mysql: Connected to database 'radius' on 127.0.0.1 via TCP/IP,
>> server version 5.7.19-0ubuntu0.16.04.1-log, protocol version 10
>
> rlm_sql (sql): Processing generate_sql_clients
>
> rlm_sql (sql) in generate_sql_clients: query is SELECT id, nasname,
>> shortname, type, secret, server FROM nas
>
> rlm_sql (sql): Reserved connection (0)
>
> rlm_sql (sql): Executing select query: SELECT id, nasname, shortname,
>> type, secret, server FROM nas
>
> rlm_sql (sql): Released connection (0)
>
> Need 5 more connections to reach 10 spares
>
> rlm_sql (sql): Opening additional connection (5), 1 of 27 pending slots
>> used
>
> rlm_sql_mysql: Starting connect to MySQL server
>
> rlm_sql_mysql: Connected to database 'radius' on 127.0.0.1 via TCP/IP,
>> server version 5.7.19-0ubuntu0.16.04.1-log, protocol version 10
>
> } # modules
>
> radiusd: #### Loading Virtual Servers ####
>
> server { # from file /etc/freeradius/radiusd.conf
>
> } # server
>
> server default { # from file /etc/freeradius/sites-enabled/default
>
> # Loading authenticate {...}
>
> # Loading authorize {...}
>
> # Loading preacct {...}
>
> # Loading accounting {...}
>
> # Loading session {...}
>
> # Loading post-auth {...}
>
> } # server default
>
> server inner-tunnel { # from file
>> /etc/freeradius/sites-enabled/inner-tunnel
>
> # Loading authenticate {...}
>
> # Loading authorize {...}
>
> # Loading session {...}
>
> # Loading post-auth {...}
>
> } # server inner-tunnel
>
> server status { # from file /etc/freeradius/sites-enabled/status
>
> # Loading authorize {...}
>
> } # server status
>
> radiusd: #### Opening IP addresses and Ports ####
>
> listen {
>
> type = "auth"
>
> ipaddr = *
>
> port = 0
>
> limit {
>
> max_connections = 16
>
> lifetime = 0
>
> idle_timeout = 30
>
> }
>
> }
>
> listen {
>
> type = "acct"
>
> ipaddr = *
>
> port = 0
>
> limit {
>
> max_connections = 16
>
> lifetime = 0
>
> idle_timeout = 30
>
> }
>
> }
>
> listen {
>
> type = "auth"
>
> ipv6addr = ::
>
> port = 0
>
> limit {
>
> max_connections = 16
>
> lifetime = 0
>
> idle_timeout = 30
>
> }
>
> }
>
> listen {
>
> type = "acct"
>
> ipv6addr = ::
>
> port = 0
>
> limit {
>
> max_connections = 16
>
> lifetime = 0
>
> idle_timeout = 30
>
> }
>
> }
>
> listen {
>
> type = "auth"
>
> ipaddr = 127.0.0.1
>
> port = 18120
>
> }
>
> listen {
>
> type = "status"
>
> ipaddr = 127.0.0.1
>
> port = 18121
>
> client admin {
>
> ipaddr = 127.0.0.1
>
> require_message_authenticator = no
>
> secret = <<< secret >>>
>
> limit {
>
> max_connections = 16
>
> lifetime = 0
>
> idle_timeout = 30
>
> }
>
> }
>
> }
>
> Listening on auth address * port 1812 bound to server default
>
> Listening on acct address * port 1813 bound to server default
>
> Listening on auth address :: port 1812 bound to server default
>
> Listening on acct address :: port 1813 bound to server default
>
> Listening on auth address 127.0.0.1 port 18120 bound to server inner-tunnel
>
> Listening on status address 127.0.0.1 port 18121 bound to server status
>
> Ready to process requests
>
>
>
More information about the Freeradius-Users
mailing list