Freeradius-Users Digest, Vol 165, Issue 71
Eero Volotinen
eero.volotinen at iki.fi
Mon Jan 28 08:54:30 CET 2019
and first check that you config works with pure password and after that add
google authenticator. (ie. test config without google authenticator enabled)
Eero
On Mon, Jan 28, 2019 at 9:49 AM Eero Volotinen <eero.volotinen at iki.fi>
wrote:
> Well. try removing this:
>
> try removing this line
>
> DEFAULT Group == "disabled", Auth-Type := Reject
> Reply-Message = "Your account has been disabled."
>
> and keep that pam line in config file..
>
> Check that user password is correct and add some more debug to pam_google
> authenticator line like adding debug *) switch to it and then check out pam
> logging..
>
>
> https://github.com/google/google-authenticator-libpam/blob/master/man/pam_google_authenticator.8.md
>
> Eero
>
> On Mon, Jan 28, 2019 at 9:37 AM Soklang Sum <soklang.sum at cambotech.com>
> wrote:
>
>> Dear Eero Volotinen,
>>
>> Can you give me more details the guide its work or link preference how to
>> do it?
>>
>> My problem in this step:
>>
>> # vi /etc/raddb/users
>> DEFAULT Group == "disabled", Auth-Type := Reject
>> Reply-Message = "Your account has been disabled."
>> DEFAULT Auth-Type := PAM
>>
>> When I enable the step as mention above, it always rejected.
>>
>> This is RADIUS Debugs in my attachment file.
>>
>>
>>
>> -----Original Message-----
>> From: Freeradius-Users <freeradius-users-bounces+soklang.sum=
>> cambotech.com at lists.freeradius.org> On Behalf Of
>> freeradius-users-request at lists.freeradius.org
>> Sent: Monday, January 28, 2019 2:13 PM
>> To: freeradius-users at lists.freeradius.org
>> Subject: Freeradius-Users Digest, Vol 165, Issue 71
>>
>> Send Freeradius-Users mailing list submissions to
>> freeradius-users at lists.freeradius.org
>>
>> To subscribe or unsubscribe via the World Wide Web, visit
>> http://lists.freeradius.org/mailman/listinfo/freeradius-users
>> or, via email, send a message with subject or body 'help' to
>> freeradius-users-request at lists.freeradius.org
>>
>> You can reach the person managing the list at
>> freeradius-users-owner at lists.freeradius.org
>>
>> When replying, please edit your Subject line so it is more specific than
>> "Re: Contents of Freeradius-Users digest..."
>>
>>
>> Today's Topics:
>>
>> 1. Re: Contents of Freeradius-Users digest...Google
>> Authenticator (Eero Volotinen)
>>
>>
>> ----------------------------------------------------------------------
>>
>> Message: 1
>> Date: Mon, 28 Jan 2019 09:12:17 +0200
>> From: Eero Volotinen <eero.volotinen at iki.fi>
>> To: FreeRadius users mailing list
>> <freeradius-users at lists.freeradius.org>,
>> soklang.sum at cambotech.com
>> Subject: Re: Contents of Freeradius-Users digest...Google
>> Authenticator
>> Message-ID:
>> <CABzZrXdo9ExvdiNDjo5485NKnjp=
>> QfaZfwhU+GdMVO7V9i592g at mail.gmail.com>
>> Content-Type: text/plain; charset="UTF-8"
>>
>> works fine. remember to run freeradius as root or else it cannot access
>> google authenticator files
>>
>> Eero
>>
>> On Mon, Jan 28, 2019, 09:09 Soklang Sum <soklang.sum at cambotech.com wrote:
>>
>> > Dear Team Freeradius,
>> >
>> > I would like to ask about FreeRADIUS work with google authenticator
>> > (2FA) or not?
>> > I have tried to install freeRADIUS with google authenticator but it
>> > doesn't work, when I try install following the guideline any website
>> > like https://networkjutsu.com/freeradius-google-authenticator/ it
>> > always rejected.
>> >
>> > So that why I want to make sure from team expertise freeRADIUS it work
>> > with google authenticator or not?
>> >
>> > But I saw in the guideline it works but for me never work.
>> >
>> > Please help feedback soon as possible.
>> >
>> > Thanks
>> >
>> > -----Original Message-----
>> > From: Freeradius-Users <freeradius-users-bounces+soklang.sum=
>> > cambotech.com at lists.freeradius.org> On Behalf Of
>> > freeradius-users-request at lists.freeradius.org
>> > Sent: Monday, January 28, 2019 11:42 AM
>> > To: freeradius-users at lists.freeradius.org
>> > Subject: Freeradius-Users Digest, Vol 165, Issue 69
>> >
>> > Send Freeradius-Users mailing list submissions to
>> > freeradius-users at lists.freeradius.org
>> >
>> > To subscribe or unsubscribe via the World Wide Web, visit
>> > http://lists.freeradius.org/mailman/listinfo/freeradius-users
>> > or, via email, send a message with subject or body 'help' to
>> > freeradius-users-request at lists.freeradius.org
>> >
>> > You can reach the person managing the list at
>> > freeradius-users-owner at lists.freeradius.org
>> >
>> > When replying, please edit your Subject line so it is more specific
>> > than
>> > "Re: Contents of Freeradius-Users digest..."
>> >
>> >
>> > Today's Topics:
>> >
>> > 1. EAP-GTC w/ "PAP-like" LDAP authentication (Ian Pilcher)
>> > 2. Re: EAP-GTC w/ "PAP-like" LDAP authentication (Alan DeKok)
>> > 3. Multiple UserDN for different LDAPs (diego.barzon at tiscali.it)
>> > 4. Freeradius-Users Digest, Vol 165, Issue 68 (Soklang Sum)
>> > 5. radius accounting issue. (slnarayanan at nitt.edu)
>> >
>> >
>> > ----------------------------------------------------------------------
>> >
>> > Message: 1
>> > Date: Sun, 27 Jan 2019 11:43:12 -0600
>> > From: Ian Pilcher <arequipeno at gmail.com>
>> > To: freeradius-users at lists.freeradius.org
>> > Subject: EAP-GTC w/ "PAP-like" LDAP authentication
>> > Message-ID: <q2kqjg$4fa3$1 at blaine.gmane.org>
>> > Content-Type: text/plain; charset=utf-8; format=flowed
>> >
>> > I am struggling to find documentation of how to set up $SUBJECT.
>> >
>> > I've got FreeRADIUS working with both PEAP/MSCHAPv2 and (P)EAP-GTC
>> > using a file-based test user, but the number of different protocols
>> > and configurations supported and documented in the config files means
>> > that I haven't been able to figure out how to achieve what I want.
>> >
>> > Any hints, links, etc. would be appreciated.
>> >
>> > Thanks!
>> >
>> > --
>> > ========================================================================
>> > Ian Pilcher
>> arequipeno at gmail.com
>> > -------- "I grew up before Mark Zuckerberg invented friendship"
>> > --------
>> > ======================================================================
>> > ==
>> >
>> >
>> >
>> > ------------------------------
>> >
>> > Message: 2
>> > Date: Sun, 27 Jan 2019 14:17:58 -0500
>> > From: Alan DeKok <aland at deployingradius.com>
>> > To: FreeRadius users mailing list
>> > <freeradius-users at lists.freeradius.org>
>> > Subject: Re: EAP-GTC w/ "PAP-like" LDAP authentication
>> > Message-ID: <165EB1A7-2D19-4AAD-BD48-719D157BC5C5 at deployingradius.com>
>> > Content-Type: text/plain; charset=us-ascii
>> >
>> > On Jan 27, 2019, at 12:43 PM, Ian Pilcher <arequipeno at gmail.com> wrote:
>> > >
>> > > I am struggling to find documentation of how to set up $SUBJECT.
>> > >
>> > > I've got FreeRADIUS working with both PEAP/MSCHAPv2 and (P)EAP-GTC
>> > > using a file-based test user, but the number of different protocols
>> > > and configurations supported and documented in the config files
>> > > means that I haven't been able to figure out how to achieve what I
>> want.
>> >
>> > (a) Make sure PEAP works with certificates.
>> >
>> > (b) configure and enable LDAP. See mods-available/ldap
>> >
>> > Once the LDAP module is available, the server will automatically use
>> it.
>> >
>> > And, the server will automatically grab passwords from LDAP. And,
>> > the server will automatically use those passwords to do EAP-GTC.
>> >
>> > It really is that easy. The key thing is to *let the server do the
>> > work*. Don't try to "force" a particular kind of authentication. EAP
>> > doesn't work that way.
>> >
>> > If you're using Active Directory, it's harder. Because Active
>> > Directory isn't a real LDAP server.
>> >
>> > It also helps to describe what you've done, what happened, and why
>> > you think it's wrong. Otherwise, we're limited to:
>> >
>> > Q: I tried stuff and it doesn't work. What do I do?
>> > A: Try different stuff
>> >
>> > Which isn't helpful to anyone. Better questions means better answers.
>> >
>> > Alan DeKok.
>> >
>> >
>> >
>> >
>> > ------------------------------
>> >
>> > Message: 3
>> > Date: Mon, 28 Jan 2019 00:27:28 +0100
>> > From: diego.barzon at tiscali.it
>> > To: <freeradius-users at lists.freeradius.org>
>> > Subject: Multiple UserDN for different LDAPs
>> > Message-ID: <a5fefc494d4f1514bf2d35eb706b2edb at tiscali.it>
>> > Content-Type: text/plain; charset=UTF-8
>> >
>> >
>> >
>> > Hi all,
>> > here's the problem.
>> > I need to authenticate against 2
>> > different LDAP servers, populated with different data. I don't need
>> > specific information (like group memberships or so): trying to bind
>> > with the credentials is enough.
>> > In 'authorize' I set Auth to LDAP and in authenticate I put something
>> > like this:
>> > ldap1{
>> > fail = 1
>> > invalid = 2
>> >
>> > reject = 3
>> > }
>> > if (!ok) {
>> > ldap2
>> > }
>> > ldap1 and ldap2 configurations are on
>> > separate files, they are different in everything: the former's a DC,
>> > the latter an openldap server. Moreover they have different BaseDN.
>> > It
>> > looks like freeradius set UserDN for the first ldap and tries to use
>> > the same on the second. I think I need two different values for
>> > LDAP-UserDN, which is not possible, but I read there's some kind of
>> > workaround involving writing on files/authorize but honestly I didn't
>> > understand what I'm supposed to do.
>> > Thanks in advance!
>> >
>> >
>> >
>> > Con OpenStar hai Giga, SMS e i minuti che vuoi da 4,99€ al mese, per
>> > sempre. Cambi gratis quando e come vuoi e in più hai 6 mesi di INFINTY!
>> > http://tisca.li/myopen
>> >
>> >
>> >
>> > ------------------------------
>> >
>> > Message: 4
>> > Date: Mon, 28 Jan 2019 11:14:50 +0700
>> > From: "Soklang Sum" <soklang.sum at cambotech.com>
>> > To: <freeradius-users at lists.freeradius.org>
>> > Subject: Freeradius-Users Digest, Vol 165, Issue 68
>> > Message-ID: <000201d4b6c0$05465b20$0fd31160$@cambotech.com>
>> > Content-Type: text/plain; charset="utf-8"
>> >
>> > Dear Team Freeradius,
>> >
>> > I would like to ask about FreeRADIUS work with google authenticator
>> > (2FA) or not?
>> > I have tried to install freeRADIUS with google authenticator but it
>> > doesn't work, when I try install following the guideline any website
>> > like https://networkjutsu.com/freeradius-google-authenticator/ it
>> > always rejected.
>> >
>> > So that why I want to make sure from team expertise freeRADIUS it work
>> > with google authenticator or not?
>> >
>> > But I saw in the guideline it works but for me never work.
>> >
>> > Please help feedback soon as possible.
>> >
>> > Thanks
>> >
>> > ===================
>> >
>> > -----Original Message-----
>> > From: Freeradius-Users <freeradius-users-bounces+soklang.sum=
>> > cambotech.com at lists.freeradius.org> On Behalf Of
>> > freeradius-users-request at lists.freeradius.org
>> > Sent: Sunday, January 27, 2019 6:00 PM
>> > To: freeradius-users at lists.freeradius.org
>> > Subject: Freeradius-Users Digest, Vol 165, Issue 68
>> >
>> > Send Freeradius-Users mailing list submissions to
>> > freeradius-users at lists.freeradius.org
>> >
>> > To subscribe or unsubscribe via the World Wide Web, visit
>> > http://lists.freeradius.org/mailman/listinfo/freeradius-users
>> > or, via email, send a message with subject or body 'help' to
>> > freeradius-users-request at lists.freeradius.org
>> >
>> > You can reach the person managing the list at
>> > freeradius-users-owner at lists.freeradius.org
>> >
>> > When replying, please edit your Subject line so it is more specific
>> > than
>> > "Re: Contents of Freeradius-Users digest..."
>> >
>> >
>> > Today's Topics:
>> >
>> > 1. Session start times issues (Philemon Jaomalaza)
>> > 2. Re: Session start times issues (Alan DeKok)
>> >
>> >
>> > ----------------------------------------------------------------------
>> >
>> > Message: 1
>> > Date: Sat, 26 Jan 2019 16:43:23 +0300
>> > From: "Philemon Jaomalaza" <philemon.jaomalaza at gmail.com>
>> > To: "'FreeRadius users mailing list'"
>> > <freeradius-users at lists.freeradius.org>
>> > Subject: Session start times issues
>> > Message-ID: <031301d4b57d$1e29c3a0$5a7d4ae0$@gmail.com>
>> > Content-Type: text/plain; charset="utf-8"
>> >
>> > Hello,
>> > If the nas has a wrong date and time, the sqlcounter does not work
>> > correctly.
>> >
>> > The attribute Event-Timestamp got the wrong data and time from nas.
>> >
>> > I found this features in preacct substitution:
>> >
>> > update request {
>> > &FreeRADIUS-Acct-Session-Start-Time = "%{expr: %l -
>> > %{%{Acct-Session-Time}:-0} - %{%{Acct-D$
>> > }
>> >
>> > I uncomente it but nothing change.
>> >
>> > Where is the best way to have the good local time of radius server on
>> > "acctstarttime" column of "radacct" on sql database ?
>> >
>> > JMLZ
>> >
>> >
>> >
>> > ---
>> > L'absence de virus dans ce courrier électronique a été vérifiée par le
>> > logiciel antivirus Avast.
>> > https://www.avast.com/antivirus
>> >
>> >
>> >
>> >
>> > ------------------------------
>> >
>> > Message: 2
>> > Date: Sat, 26 Jan 2019 14:35:02 -0500
>> > From: Alan DeKok <aland at deployingradius.com>
>> > To: FreeRadius users mailing list
>> > <freeradius-users at lists.freeradius.org>
>> > Subject: Re: Session start times issues
>> > Message-ID: <717983BF-2594-4316-807F-0726F706BD53 at deployingradius.com>
>> > Content-Type: text/plain; charset=us-ascii
>> >
>> > On Jan 26, 2019, at 8:43 AM, Philemon Jaomalaza <
>> > philemon.jaomalaza at gmail.com> wrote:
>> > > If the nas has a wrong date and time, the sqlcounter does not work
>> > correctly.
>> >
>> > If I take the tires off of my car, it doesn't drive well.
>> >
>> > Solution: fix the REAL problem.
>> >
>> > > The attribute Event-Timestamp got the wrong data and time from nas.
>> >
>> > Fix the NAS. Anything else is an ugly hack.
>> >
>> > > I found this features in preacct substitution:
>> > >
>> > > update request {
>> > > &FreeRADIUS-Acct-Session-Start-Time = "%{expr: %l -
>> > %{%{Acct-Session-Time}:-0} - %{%{Acct-D$
>> > > }
>> > >
>> > > I uncomente it but nothing change.
>> > >
>> > > Where is the best way to have the good local time of radius server
>> > > on
>> > "acctstarttime" column of "radacct" on sql database ?
>> >
>> > Fix the NAS.
>> >
>> > Alan DeKok.
>> >
>> >
>> >
>> >
>> > ------------------------------
>> >
>> > Subject: Digest Footer
>> >
>> > -
>> > List info/subscribe/unsubscribe? See
>> > http://www.freeradius.org/list/users.html
>> >
>> > ------------------------------
>> >
>> > End of Freeradius-Users Digest, Vol 165, Issue 68
>> > *************************************************
>> >
>> >
>> >
>> >
>> > ------------------------------
>> >
>> > Message: 5
>> > Date: Mon, 28 Jan 2019 10:05:15 +0530
>> > From: slnarayanan at nitt.edu
>> > To: FreeRadius users mailing list
>> > <freeradius-users at lists.freeradius.org>
>> > Subject: radius accounting issue.
>> > Message-ID:
>> >
>> > <20190128100515.Horde.b8e9HpA3uLd-EHwBhBcx3A6 at webmail.nitt.edu>
>> > Content-Type: text/plain; charset="utf-8"; Format="flowed";
>> > DelSp="Yes"
>> >
>> >
>> > Dear All,
>> >
>> > I have a problem with accounting .Everything is working fine on
>> > freeradius.Login& authentication sql everything is working fine.But i
>> > have a problem in accounting pocket.We are using sonciwall firwall in
>> > our campus.Those who logged through our radius server the login
>> > information (Radius Accounting) information need to display on
>> > sonicwall user's page.The UDP pocket 1813 not send to our firewall
>> > ip.In the firewall i have enable policy allow to all our local
>> > network.I have attached my radiususd -X log to this mail.Kindly
>> > provide the solution for resolve my issue.The Radius Accounting
>> > information now shows on radacct in the phpmyadmin.
>> >
>> > Regards.
>> > S.Lakshmi narayanan
>> >
>> > -------------- next part -------------- FreeRADIUS Version 3.0.13
>> > Copyright (C) 1999-2017 The FreeRADIUS server project and contributors
>> > There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
>> > PARTICULAR PURPOSE You may redistribute copies of FreeRADIUS under the
>> > terms of the GNU General Public License For more information about
>> > these matters, see the file named COPYRIGHT Starting - reading
>> > configuration files ...
>> > including dictionary file /usr/share/freeradius/dictionary including
>> > dictionary file /usr/share/freeradius/dictionary.dhcp
>> > including dictionary file /usr/share/freeradius/dictionary.vqp
>> > including dictionary file /etc/raddb/dictionary including
>> > configuration file /etc/raddb/radiusd.conf including configuration
>> > file /etc/raddb/proxy.conf including configuration file
>> > /etc/raddb/clients.conf including files in directory
>> > /etc/raddb/mods-enabled/ including configuration file
>> > /etc/raddb/mods-enabled/always including configuration file
>> > /etc/raddb/mods-enabled/attr_filter
>> > including configuration file /etc/raddb/mods-enabled/cache_eap
>> > including configuration file /etc/raddb/mods-enabled/chap including
>> > configuration file /etc/raddb/mods-enabled/date including
>> > configuration file /etc/raddb/mods-enabled/detail including
>> > configuration file /etc/raddb/mods-enabled/detail.log
>> > including configuration file /etc/raddb/mods-enabled/dhcp including
>> > configuration file /etc/raddb/mods-enabled/digest including
>> > configuration file /etc/raddb/mods-enabled/dynamic_clients
>> > including configuration file /etc/raddb/mods-enabled/eap including
>> > configuration file /etc/raddb/mods-enabled/echo including
>> > configuration file /etc/raddb/mods-enabled/exec including
>> > configuration file /etc/raddb/mods-enabled/expiration
>> > including configuration file /etc/raddb/mods-enabled/expr including
>> > configuration file /etc/raddb/mods-enabled/files including
>> > configuration file /etc/raddb/mods-enabled/linelog including
>> > configuration file /etc/raddb/mods-enabled/logintime including
>> > configuration file /etc/raddb/mods-enabled/mschap including
>> > configuration file /etc/raddb/mods-enabled/ntlm_auth including
>> > configuration file /etc/raddb/mods-enabled/pap including configuration
>> > file /etc/raddb/mods-enabled/passwd including configuration file
>> > /etc/raddb/mods-enabled/preprocess
>> > including configuration file /etc/raddb/mods-enabled/radutmp including
>> > configuration file /etc/raddb/mods-enabled/realm including
>> > configuration file /etc/raddb/mods-enabled/replicate including
>> > configuration file /etc/raddb/mods-enabled/soh including configuration
>> > file /etc/raddb/mods-enabled/sradutmp including configuration file
>> > /etc/raddb/mods-enabled/unix including configuration file
>> > /etc/raddb/mods-enabled/unpack including configuration file
>> > /etc/raddb/mods-enabled/utf8 including configuration file
>> > /etc/raddb/mods-enabled/sql including configuration file
>> > /etc/raddb/mods-config/sql/main/mysql/queries.conf
>> > including files in directory /etc/raddb/policy.d/ including
>> > configuration file /etc/raddb/policy.d/accounting including
>> > configuration file /etc/raddb/policy.d/canonicalization
>> > including configuration file /etc/raddb/policy.d/control including
>> > configuration file /etc/raddb/policy.d/cui including configuration
>> > file /etc/raddb/policy.d/debug including configuration file
>> > /etc/raddb/policy.d/dhcp including configuration file
>> > /etc/raddb/policy.d/eap including configuration file
>> > /etc/raddb/policy.d/filter including configuration file
>> > /etc/raddb/policy.d/operator-name including files in directory
>> > /etc/raddb/sites-enabled/ including configuration file
>> > /etc/raddb/sites-enabled/default including configuration file
>> > /etc/raddb/sites-enabled/inner-tunnel
>> > main {
>> > security {
>> > user = "radiusd"
>> > group = "radiusd"
>> > allow_core_dumps = no
>> > }
>> > name = "radiusd"
>> > prefix = "/usr"
>> > localstatedir = "/var"
>> > logdir = "/var/log/radius"
>> > run_dir = "/var/run/radiusd"
>> > }
>> > main {
>> > name = "radiusd"
>> > prefix = "/usr"
>> > localstatedir = "/var"
>> > sbindir = "/usr/sbin"
>> > logdir = "/var/log/radius"
>> > run_dir = "/var/run/radiusd"
>> > libdir = "/usr/lib64/freeradius"
>> > radacctdir = "/var/log/radius/radacct"
>> > hostname_lookups = no
>> > max_request_time = 30
>> > cleanup_delay = 5
>> > max_requests = 16384
>> > pidfile = "/var/run/radiusd/radiusd.pid"
>> > checkrad = "/usr/sbin/checkrad"
>> > debug_level = 0
>> > proxy_requests = no
>> > log {
>> > stripped_names = yes
>> > auth = yes
>> > auth_badpass = yes
>> > auth_goodpass = yes
>> > colourise = yes
>> > msg_denied = "You are already logged in - access denied"
>> > }
>> > resources {
>> > }
>> > security {
>> > max_attributes = 200
>> > reject_delay = 1.000000
>> > status_server = yes
>> > }
>> > }
>> > radiusd: #### Loading Realms and Home Servers #### proxy server {
>> > retry_delay = 5
>> > retry_count = 3
>> > default_fallback = no
>> > dead_time = 120
>> > wake_all_if_all_dead = no
>> > }
>> > home_server localhost {
>> > ipaddr = 127.0.0.1
>> > port = 1812
>> > type = "auth"
>> > secret = <<< secret >>>
>> > response_window = 20.000000
>> > response_timeouts = 1
>> > max_outstanding = 65536
>> > zombie_period = 40
>> > status_check = "status-server"
>> > ping_interval = 30
>> > check_interval = 30
>> > check_timeout = 4
>> > num_answers_to_alive = 3
>> > revive_interval = 120
>> > limit {
>> > max_connections = 16
>> > max_requests = 0
>> > lifetime = 0
>> > idle_timeout = 0
>> > }
>> > coa {
>> > irt = 2
>> > mrt = 16
>> > mrc = 5
>> > mrd = 30
>> > }
>> > }
>> > home_server_pool my_auth_failover {
>> > type = fail-over
>> > home_server = localhost
>> > }
>> > realm example.com {
>> > auth_pool = my_auth_failover
>> > }
>> > realm LOCAL {
>> > }
>> > realm int {
>> > virtual_server = inner-tunnel
>> > }
>> > radiusd: #### Loading Clients ####
>> > client localhost {
>> > ipv4addr = *
>> > require_message_authenticator = no
>> > secret = <<< secret >>>
>> > nas_type = "other"
>> > proto = "udp"
>> > limit {
>> > max_connections = 16
>> > lifetime = 0
>> > idle_timeout = 0
>> > }
>> > }
>> > Debugger not attached
>> > # Creating Auth-Type = mschap
>> > # Creating Auth-Type = eap
>> > # Creating Auth-Type = NTLMAuth
>> > # Creating Auth-Type = MS-CHAP
>> > # Creating Autz-Type = Status-Server
>> > # Creating Acct-Type = Status-Server
>> > # Creating Auth-Type = NTLM_AUTH
>> > radiusd: #### Instantiating modules #### modules {
>> > # Loaded module rlm_always
>> > # Loading module "reject" from file /etc/raddb/mods-enabled/always
>> > always reject {
>> > rcode = "reject"
>> > simulcount = 0
>> > mpp = no
>> > }
>> > # Loading module "fail" from file /etc/raddb/mods-enabled/always
>> > always fail {
>> > rcode = "fail"
>> > simulcount = 0
>> > mpp = no
>> > }
>> > # Loading module "ok" from file /etc/raddb/mods-enabled/always
>> > always ok {
>> > rcode = "ok"
>> > simulcount = 0
>> > mpp = no
>> > }
>> > # Loading module "handled" from file /etc/raddb/mods-enabled/always
>> > always handled {
>> > rcode = "handled"
>> > simulcount = 0
>> > mpp = no
>> > }
>> > # Loading module "invalid" from file /etc/raddb/mods-enabled/always
>> > always invalid {
>> > rcode = "invalid"
>> > simulcount = 0
>> > mpp = no
>> > }
>> > # Loading module "userlock" from file /etc/raddb/mods-enabled/always
>> > always userlock {
>> > rcode = "userlock"
>> > simulcount = 0
>> > mpp = no
>> > }
>> > # Loading module "notfound" from file /etc/raddb/mods-enabled/always
>> > always notfound {
>> > rcode = "notfound"
>> > simulcount = 0
>> > mpp = no
>> > }
>> > # Loading module "noop" from file /etc/raddb/mods-enabled/always
>> > always noop {
>> > rcode = "noop"
>> > simulcount = 0
>> > mpp = no
>> > }
>> > # Loading module "updated" from file /etc/raddb/mods-enabled/always
>> > always updated {
>> > rcode = "updated"
>> > simulcount = 0
>> > mpp = no
>> > }
>> > # Loaded module rlm_attr_filter
>> > # Loading module "attr_filter.post-proxy" from file
>> > /etc/raddb/mods-enabled/attr_filter
>> > attr_filter attr_filter.post-proxy {
>> > filename = "/etc/raddb/mods-config/attr_filter/post-proxy"
>> > key = "%{Realm}"
>> > relaxed = no
>> > }
>> > # Loading module "attr_filter.pre-proxy" from file
>> > /etc/raddb/mods-enabled/attr_filter
>> > attr_filter attr_filter.pre-proxy {
>> > filename = "/etc/raddb/mods-config/attr_filter/pre-proxy"
>> > key = "%{Realm}"
>> > relaxed = no
>> > }
>> > # Loading module "attr_filter.access_reject" from file
>> > /etc/raddb/mods-enabled/attr_filter
>> > attr_filter attr_filter.access_reject {
>> > filename = "/etc/raddb/mods-config/attr_filter/access_reject"
>> > key = "%{User-Name}"
>> > relaxed = no
>> > }
>> > # Loading module "attr_filter.access_challenge" from file
>> > /etc/raddb/mods-enabled/attr_filter
>> > attr_filter attr_filter.access_challenge {
>> > filename = "/etc/raddb/mods-config/attr_filter/access_challenge"
>> > key = "%{User-Name}"
>> > relaxed = no
>> > }
>> > # Loading module "attr_filter.accounting_response" from file
>> > /etc/raddb/mods-enabled/attr_filter
>> > attr_filter attr_filter.accounting_response {
>> > filename =
>> "/etc/raddb/mods-config/attr_filter/accounting_response"
>> > key = "%{User-Name}"
>> > relaxed = no
>> > }
>> > # Loaded module rlm_cache
>> > # Loading module "cache_eap" from file
>> /etc/raddb/mods-enabled/cache_eap
>> > cache cache_eap {
>> > driver = "rlm_cache_rbtree"
>> > key = "%{%{control:State}:-%{%{reply:State}:-%{State}}}"
>> > ttl = 15
>> > max_entries = 0
>> > epoch = 0
>> > add_stats = no
>> > }
>> > # Loaded module rlm_chap
>> > # Loading module "chap" from file /etc/raddb/mods-enabled/chap
>> > # Loaded module rlm_date
>> > # Loading module "date" from file /etc/raddb/mods-enabled/date
>> > date {
>> > format = "%b %e %Y %H:%M:%S %Z"
>> > }
>> > # Loaded module rlm_detail
>> > # Loading module "detail" from file /etc/raddb/mods-enabled/detail
>> > detail {
>> > filename =
>> >
>> "/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d"
>> > header = "%t"
>> > permissions = 384
>> > locking = no
>> > escape_filenames = no
>> > log_packet_header = no
>> > }
>> > # Loading module "auth_log" from file
>> /etc/raddb/mods-enabled/detail.log
>> > detail auth_log {
>> > filename =
>> >
>> "/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d"
>> > header = "%t"
>> > permissions = 384
>> > locking = no
>> > escape_filenames = no
>> > log_packet_header = no
>> > }
>> > # Loading module "reply_log" from file
>> /etc/raddb/mods-enabled/detail.log
>> > detail reply_log {
>> > filename =
>> >
>> "/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/reply-detail-%Y%m%d"
>> > header = "%t"
>> > permissions = 384
>> > locking = no
>> > escape_filenames = no
>> > log_packet_header = no
>> > }
>> > # Loading module "pre_proxy_log" from file
>> > /etc/raddb/mods-enabled/detail.log
>> > detail pre_proxy_log {
>> > filename =
>> >
>> "/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/pre-proxy-detail-%Y%m%d"
>> > header = "%t"
>> > permissions = 384
>> > locking = no
>> > escape_filenames = no
>> > log_packet_header = no
>> > }
>> > # Loading module "post_proxy_log" from file
>> > /etc/raddb/mods-enabled/detail.log
>> > detail post_proxy_log {
>> > filename =
>> >
>> "/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/post-proxy-detail-%Y%m%d"
>> > header = "%t"
>> > permissions = 384
>> > locking = no
>> > escape_filenames = no
>> > log_packet_header = no
>> > }
>> > # Loaded module rlm_dhcp
>> > # Loading module "dhcp" from file /etc/raddb/mods-enabled/dhcp
>> > # Loaded module rlm_digest
>> > # Loading module "digest" from file /etc/raddb/mods-enabled/digest
>> > # Loaded module rlm_dynamic_clients
>> > # Loading module "dynamic_clients" from file
>> > /etc/raddb/mods-enabled/dynamic_clients
>> > # Loaded module rlm_eap
>> > # Loading module "eap" from file /etc/raddb/mods-enabled/eap
>> > eap {
>> > default_eap_type = "peap"
>> > timer_expire = 60
>> > ignore_unknown_eap_types = no
>> > cisco_accounting_username_bug = no
>> > max_sessions = 16384
>> > }
>> > # Loaded module rlm_exec
>> > # Loading module "echo" from file /etc/raddb/mods-enabled/echo
>> > exec echo {
>> > wait = yes
>> > program = "/bin/echo %{User-Name}"
>> > input_pairs = "request"
>> > output_pairs = "reply"
>> > shell_escape = yes
>> > }
>> > # Loading module "exec" from file /etc/raddb/mods-enabled/exec
>> > exec {
>> > wait = no
>> > input_pairs = "request"
>> > shell_escape = yes
>> > timeout = 10
>> > }
>> > # Loaded module rlm_expiration
>> > # Loading module "expiration" from file
>> > /etc/raddb/mods-enabled/expiration
>> > # Loaded module rlm_expr
>> > # Loading module "expr" from file /etc/raddb/mods-enabled/expr
>> > expr {
>> > safe_characters =
>> > "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_:
>> > /äéöüàâæçèéêëîïôœùûüaÿÄÉÖÜßÀÂÆÇÈÉÊËÎÏÔŒÙÛÜŸ"
>> > }
>> > # Loaded module rlm_files
>> > # Loading module "files" from file /etc/raddb/mods-enabled/files
>> > files {
>> > filename = "/etc/raddb/mods-config/files/authorize"
>> > acctusersfile = "/etc/raddb/mods-config/files/accounting"
>> > preproxy_usersfile = "/etc/raddb/mods-config/files/pre-proxy"
>> > }
>> > # Loaded module rlm_linelog
>> > # Loading module "linelog" from file /etc/raddb/mods-enabled/linelog
>> > linelog {
>> > filename = "/var/log/radius/linelog"
>> > escape_filenames = no
>> > syslog_severity = "info"
>> > permissions = 384
>> > format = "This is a log message for %{User-Name}"
>> > reference = "messages.%{%{reply:Packet-Type}:-default}"
>> > }
>> > # Loading module "log_accounting" from file
>> > /etc/raddb/mods-enabled/linelog
>> > linelog log_accounting {
>> > filename = "/var/log/radius/linelog-accounting"
>> > escape_filenames = no
>> > syslog_severity = "info"
>> > permissions = 384
>> > format = ""
>> > reference = "Accounting-Request.%{%{Acct-Status-Type}:-unknown}"
>> > }
>> > # Loaded module rlm_logintime
>> > # Loading module "logintime" from file
>> /etc/raddb/mods-enabled/logintime
>> > logintime {
>> > minimum_timeout = 60
>> > }
>> > # Loaded module rlm_mschap
>> > # Loading module "mschap" from file /etc/raddb/mods-enabled/mschap
>> > mschap {
>> > use_mppe = yes
>> > require_encryption = yes
>> > require_strong = yes
>> > with_ntdomain_hack = yes
>> > ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key
>> > --username=%{mschap:User-Name:-None} --domain=%{%{mschap:NT-Domain}:-
>> > OCTA.EDU} --challenge=%{mschap:Challenge:-00}
>> > --nt-response=%{mschap:NT-Response:-00}"
>> > ntlm_auth_timeout = 10
>> > passchange {
>> > ntlm_auth = "/usr/bin/ntlm_auth
>> > --helper-protocol=ntlm-change-password-1"
>> > ntlm_auth_username = "username: %{mschap:User-Name}"
>> > ntlm_auth_domain = "nt-domain: %{mschap:NT-Domain}"
>> > }
>> > allow_retry = yes
>> > winbind_retry_with_normalised_username = no
>> > }
>> > # Loading module "ntlm_auth" from file
>> /etc/raddb/mods-enabled/ntlm_auth
>> > exec ntlm_auth {
>> > wait = yes
>> > program = "/usr/bin/ntlm_auth --request-nt-key
>> > --domain=OCTA.EDU --username=%{mschap:User-Name}
>> --password=%{User-Password}"
>> > shell_escape = yes
>> > }
>> > # Loaded module rlm_pap
>> > # Loading module "pap" from file /etc/raddb/mods-enabled/pap
>> > pap {
>> > normalise = yes
>> > }
>> > # Loaded module rlm_passwd
>> > # Loading module "etc_passwd" from file /etc/raddb/mods-enabled/passwd
>> > passwd etc_passwd {
>> > filename = "/etc/passwd"
>> > format = "*User-Name:Cleartext-Password:"
>> > delimiter = ":"
>> > ignore_nislike = no
>> > ignore_empty = yes
>> > allow_multiple_keys = no
>> > hash_size = 100
>> > }
>> > # Loaded module rlm_preprocess
>> > # Loading module "preprocess" from file
>> > /etc/raddb/mods-enabled/preprocess
>> > preprocess {
>> > huntgroups = "/etc/raddb/mods-config/preprocess/huntgroups"
>> > hints = "/etc/raddb/mods-config/preprocess/hints"
>> > with_ascend_hack = no
>> > ascend_channels_per_line = 23
>> > with_ntdomain_hack = no
>> > with_specialix_jetstream_hack = no
>> > with_cisco_vsa_hack = no
>> > with_alvarion_vsa_hack = no
>> > }
>> > # Loaded module rlm_radutmp
>> > # Loading module "radutmp" from file /etc/raddb/mods-enabled/radutmp
>> > radutmp {
>> > filename = "/var/log/radius/radutmp"
>> > username = "%{User-Name}"
>> > case_sensitive = no
>> > check_with_nas = yes
>> > permissions = 384
>> > caller_id = yes
>> > }
>> > # Loaded module rlm_realm
>> > # Loading module "IPASS" from file /etc/raddb/mods-enabled/realm
>> > realm IPASS {
>> > format = "prefix"
>> > delimiter = "/"
>> > ignore_default = no
>> > ignore_null = no
>> > }
>> > # Loading module "suffix" from file /etc/raddb/mods-enabled/realm
>> > realm suffix {
>> > format = "suffix"
>> > delimiter = "@"
>> > ignore_default = no
>> > ignore_null = no
>> > }
>> > # Loading module "realmpercent" from file
>> /etc/raddb/mods-enabled/realm
>> > realm realmpercent {
>> > format = "suffix"
>> > delimiter = "%"
>> > ignore_default = no
>> > ignore_null = no
>> > }
>> > # Loading module "ntdomain" from file /etc/raddb/mods-enabled/realm
>> > realm ntdomain {
>> > format = "prefix"
>> > delimiter = "\\"
>> > ignore_default = no
>> > ignore_null = no
>> > }
>> > # Loaded module rlm_replicate
>> > # Loading module "replicate" from file
>> /etc/raddb/mods-enabled/replicate
>> > # Loaded module rlm_soh
>> > # Loading module "soh" from file /etc/raddb/mods-enabled/soh
>> > soh {
>> > dhcp = yes
>> > }
>> > # Loading module "sradutmp" from file /etc/raddb/mods-enabled/sradutmp
>> > radutmp sradutmp {
>> > filename = "/var/log/radius/sradutmp"
>> > username = "%{User-Name}"
>> > case_sensitive = yes
>> > check_with_nas = yes
>> > permissions = 420
>> > caller_id = no
>> > }
>> > # Loaded module rlm_unix
>> > # Loading module "unix" from file /etc/raddb/mods-enabled/unix
>> > unix {
>> > radwtmp = "/var/log/radius/radwtmp"
>> > }
>> > Creating attribute Unix-Group
>> > # Loaded module rlm_unpack
>> > # Loading module "unpack" from file /etc/raddb/mods-enabled/unpack
>> > # Loaded module rlm_utf8
>> > # Loading module "utf8" from file /etc/raddb/mods-enabled/utf8
>> > # Loaded module rlm_sql
>> > # Loading module "sql" from file /etc/raddb/mods-enabled/sql
>> > sql {
>> > driver = "rlm_sql_mysql"
>> > server = "localhost"
>> > port = 3306
>> > login = "root"
>> > password = <<< secret >>>
>> > radius_db = "radius"
>> > read_groups = yes
>> > read_profiles = yes
>> > read_clients = yes
>> > delete_stale_sessions = yes
>> > sql_user_name = "%{User-Name}"
>> > logfile = "/var/log/radius/sqllog.sql"
>> > default_user_profile = ""
>> > client_query = "SELECT id, nasname, shortname, type, secret,
>> > server FROM nas"
>> > authorize_check_query = "SELECT id, username, attribute,
>> > value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id"
>> > authorize_reply_query = "SELECT id, username, attribute,
>> > value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id"
>> > authorize_group_check_query = "SELECT id, groupname,
>> > attribute, Value, op FROM radgroupcheck WHERE groupname =
>> '%{SQL-Group}' ORDER BY id"
>> > authorize_group_reply_query = "SELECT id, groupname,
>> > attribute, value, op FROM radgroupreply WHERE groupname =
>> '%{SQL-Group}' ORDER BY id"
>> > group_membership_query = "SELECT groupname FROM radusergroup
>> > WHERE username = '%{SQL-User-Name}' ORDER BY priority"
>> > simul_count_query = "SELECT COUNT(*) FROM radacct WHERE
>> > username = '%{SQL-User-Name}' AND acctstoptime IS NULL"
>> > simul_verify_query = "SELECT radacctid, acctsessionid,
>> > username, nasipaddress, nasportid, framedipaddress, callingstationid,
>> > framedprotocol FROM radacct WHERE username = '%{SQL-User-Name}' AND
>> acctstoptime IS NULL"
>> > safe_characters =
>> > "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
>> > accounting {
>> > reference = "%{tolower:type.%{Acct-Status-Type}.query}"
>> > type {
>> > accounting-on {
>> > query = "UPDATE radacct SET acctstoptime =
>> > FROM_UNIXTIME(%{integer:Event-Timestamp}), acctsessiontime =
>> > '%{integer:Event-Timestamp}' - UNIX_TIMESTAMP(acctstarttime),
>> > acctterminatecause = '%{%{Acct-Terminate-Cause}:-NAS-Reboot}' WHERE
>> > acctstoptime IS NULL AND nasipaddress = '%{NAS-IP-Address}' AND
>> > acctstarttime <= FROM_UNIXTIME(%{integer:Event-Timestamp})"
>> > }
>> > accounting-off {
>> > query = "UPDATE radacct SET acctstoptime =
>> > FROM_UNIXTIME(%{integer:Event-Timestamp}), acctsessiontime =
>> > '%{integer:Event-Timestamp}' - UNIX_TIMESTAMP(acctstarttime),
>> > acctterminatecause = '%{%{Acct-Terminate-Cause}:-NAS-Reboot}' WHERE
>> > acctstoptime IS NULL AND nasipaddress = '%{NAS-IP-Address}' AND
>> > acctstarttime <= FROM_UNIXTIME(%{integer:Event-Timestamp})"
>> > }
>> > start {
>> > query = "INSERT INTO radacct (acctsessionid,
>> > acctuniqueid, username, realm,
>> > nasipaddress, nasportid, nasporttype, acctstarttime,
>> > acctupdatetime, acctstoptime, acctsessiontime,
>> > acctauthentic, connectinfo_start, connectinfo_stop,
>> > acctinputoctets, acctoutputoctets, calledstationid,
>> > callingstationid, acctterminatecause, servicetype,
>> > framedprotocol, framedipaddress) VALUES ('%{Acct-Session-Id}',
>> > '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}',
>> > '%{NAS-IP-Address}', '%{%{NAS-Port-ID}:-%{NAS-Port}}',
>> > '%{NAS-Port-Type}', FROM_UNIXTIME(%{integer:Event-Timestamp}),
>> > FROM_UNIXTIME(%{integer:Event-Timestamp}), NULL, '0',
>> > '%{Acct-Authentic}', '%{Connect-Info}', '', '0', '0',
>> > '%{Called-Station-Id}', '%{Calling-Station-Id}', '',
>> > '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}')"
>> > }
>> > interim-update {
>> > query = "UPDATE radacct SET acctupdatetime =
>> > (@acctupdatetime_old:=acctupdatetime), acctupdatetime =
>> > FROM_UNIXTIME(%{integer:Event-Timestamp}), acctinterval =
>> > %{integer:Event-Timestamp} - UNIX_TIMESTAMP(@acctupdatetime_old),
>> > framedipaddress = '%{Framed-IP-Address}', acctsessiontime =
>> > %{%{Acct-Session-Time}:-NULL}, acctinputoctets =
>> > '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}',
>> > acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' << 32 |
>> > '%{%{Acct-Output-Octets}:-0}' WHERE AcctUniqueId =
>> > '%{Acct-Unique-Session-Id}'"
>> > }
>> > stop {
>> > query = "UPDATE radacct SET acctstoptime =
>> > FROM_UNIXTIME(%{integer:Event-Timestamp}), acctsessiontime =
>> > %{%{Acct-Session-Time}:-NULL}, acctinputoctets =
>> > '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}',
>> > acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' << 32 |
>> > '%{%{Acct-Output-Octets}:-0}', acctterminatecause =
>> > '%{Acct-Terminate-Cause}', connectinfo_stop = '%{Connect-Info}' WHERE
>> > AcctUniqueId = '%{Acct-Unique-Session-Id}'"
>> > }
>> > }
>> > }
>> > post-auth {
>> > reference = ".query"
>> > query = "INSERT INTO radpostauth (username, pass, reply,
>> > authdate) VALUES ( '%{SQL-User-Name}',
>> > '%{%{User-Password}:-%{Chap-Password}}',
>> > '%{reply:Packet-Type}', '%S')"
>> > }
>> > }
>> > rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and
>> > linked Creating attribute SQL-Group
>> > instantiate {
>> > }
>> > # Instantiating module "reject" from file
>> /etc/raddb/mods-enabled/always
>> > # Instantiating module "fail" from file /etc/raddb/mods-enabled/always
>> > # Instantiating module "ok" from file /etc/raddb/mods-enabled/always
>> > # Instantiating module "handled" from file
>> /etc/raddb/mods-enabled/always
>> > # Instantiating module "invalid" from file
>> /etc/raddb/mods-enabled/always
>> > # Instantiating module "userlock" from file
>> > /etc/raddb/mods-enabled/always
>> > # Instantiating module "notfound" from file
>> > /etc/raddb/mods-enabled/always
>> > # Instantiating module "noop" from file /etc/raddb/mods-enabled/always
>> > # Instantiating module "updated" from file
>> /etc/raddb/mods-enabled/always
>> > # Instantiating module "attr_filter.post-proxy" from file
>> > /etc/raddb/mods-enabled/attr_filter
>> > reading pairlist file /etc/raddb/mods-config/attr_filter/post-proxy
>> > # Instantiating module "attr_filter.pre-proxy" from file
>> > /etc/raddb/mods-enabled/attr_filter
>> > reading pairlist file /etc/raddb/mods-config/attr_filter/pre-proxy
>> > # Instantiating module "attr_filter.access_reject" from file
>> > /etc/raddb/mods-enabled/attr_filter
>> > reading pairlist file /etc/raddb/mods-config/attr_filter/access_reject
>> > [/etc/raddb/mods-config/attr_filter/access_reject]:11 Check item
>> > "FreeRADIUS-Response-Delay" found in filter list for realm "DEFAULT".
>> > [/etc/raddb/mods-config/attr_filter/access_reject]:11 Check item
>> > "FreeRADIUS-Response-Delay-USec" found in filter list for realm
>> > "DEFAULT".
>> > # Instantiating module "attr_filter.access_challenge" from file
>> > /etc/raddb/mods-enabled/attr_filter
>> > reading pairlist file
>> /etc/raddb/mods-config/attr_filter/access_challenge
>> > # Instantiating module "attr_filter.accounting_response" from file
>> > /etc/raddb/mods-enabled/attr_filter
>> > reading pairlist file
>> > /etc/raddb/mods-config/attr_filter/accounting_response
>> > # Instantiating module "cache_eap" from file
>> > /etc/raddb/mods-enabled/cache_eap rlm_cache (cache_eap): Driver
>> > rlm_cache_rbtree (module rlm_cache_rbtree) loaded and linked
>> > # Instantiating module "detail" from file
>> /etc/raddb/mods-enabled/detail
>> > # Instantiating module "auth_log" from file
>> > /etc/raddb/mods-enabled/detail.log
>> > rlm_detail (auth_log): 'User-Password' suppressed, will not appear in
>> > detail output
>> > # Instantiating module "reply_log" from file
>> > /etc/raddb/mods-enabled/detail.log
>> > # Instantiating module "pre_proxy_log" from file
>> > /etc/raddb/mods-enabled/detail.log
>> > # Instantiating module "post_proxy_log" from file
>> > /etc/raddb/mods-enabled/detail.log
>> > # Instantiating module "eap" from file /etc/raddb/mods-enabled/eap
>> > # Linked to sub-module rlm_eap_tls
>> > tls {
>> > tls = "tls-common"
>> > }
>> > tls-config tls-common {
>> > verify_depth = 0
>> > ca_path = "/etc/raddb/certs"
>> > pem_file_type = yes
>> > private_key_file = "/etc/raddb/certs/server.pem"
>> > certificate_file = "/etc/raddb/certs/server.pem"
>> > ca_file = "/etc/raddb/certs/ca.pem"
>> > private_key_password = <<< secret >>>
>> > fragment_size = 1024
>> > include_length = yes
>> > auto_chain = yes
>> > check_crl = no
>> > check_all_crl = no
>> > cipher_list = "DEFAULT"
>> > cipher_server_preference = no
>> > ecdh_curve = "prime256v1"
>> > cache {
>> > enable = no
>> > lifetime = 24
>> > max_entries = 255
>> > }
>> > verify {
>> > skip_if_ocsp_ok = no
>> > }
>> > ocsp {
>> > enable = no
>> > override_cert_url = yes
>> > url = "http://127.0.0.1/ocsp/"
>> > use_nonce = yes
>> > timeout = 0
>> > softfail = no
>> > }
>> > }
>> > # Linked to sub-module rlm_eap_ttls
>> > ttls {
>> > tls = "tls-common"
>> > default_eap_type = "md5"
>> > copy_request_to_tunnel = no
>> > use_tunneled_reply = no
>> > virtual_server = "inner-tunnel"
>> > include_length = yes
>> > require_client_cert = no
>> > }
>> > tls: Using cached TLS configuration from previous invocation
>> > # Linked to sub-module rlm_eap_peap
>> > peap {
>> > tls = "tls-common"
>> > default_eap_type = "mschapv2"
>> > copy_request_to_tunnel = yes
>> > use_tunneled_reply = yes
>> > proxy_tunneled_request_as_eap = no
>> > virtual_server = "inner-tunnel"
>> > soh = no
>> > require_client_cert = no
>> > }
>> > tls: Using cached TLS configuration from previous invocation
>> > # Linked to sub-module rlm_eap_mschapv2
>> > mschapv2 {
>> > with_ntdomain_hack = no
>> > send_error = yes
>> > identity = "FreeRADIUS"
>> > }
>> > # Instantiating module "expiration" from file
>> > /etc/raddb/mods-enabled/expiration
>> > # Instantiating module "files" from file
>> > /etc/raddb/mods-enabled/files reading pairlist file
>> > /etc/raddb/mods-config/files/authorize
>> > reading pairlist file /etc/raddb/mods-config/files/accounting
>> > reading pairlist file /etc/raddb/mods-config/files/pre-proxy
>> > # Instantiating module "linelog" from file
>> > /etc/raddb/mods-enabled/linelog
>> > # Instantiating module "log_accounting" from file
>> > /etc/raddb/mods-enabled/linelog
>> > # Instantiating module "logintime" from file
>> > /etc/raddb/mods-enabled/logintime
>> > # Instantiating module "mschap" from file
>> > /etc/raddb/mods-enabled/mschap rlm_mschap (mschap): authenticating by
>> calling 'ntlm_auth'
>> > # Instantiating module "pap" from file /etc/raddb/mods-enabled/pap
>> > # Instantiating module "etc_passwd" from file
>> > /etc/raddb/mods-enabled/passwd
>> > rlm_passwd: nfields: 3 keyfield 0(User-Name) listable: no
>> > # Instantiating module "preprocess" from file
>> > /etc/raddb/mods-enabled/preprocess
>> > reading pairlist file /etc/raddb/mods-config/preprocess/huntgroups
>> > reading pairlist file /etc/raddb/mods-config/preprocess/hints
>> > # Instantiating module "IPASS" from file /etc/raddb/mods-enabled/realm
>> > # Instantiating module "suffix" from file
>> /etc/raddb/mods-enabled/realm
>> > # Instantiating module "realmpercent" from file
>> > /etc/raddb/mods-enabled/realm
>> > # Instantiating module "ntdomain" from file
>> /etc/raddb/mods-enabled/realm
>> > # Instantiating module "sql" from file /etc/raddb/mods-enabled/sql
>> > rlm_sql_mysql: libmysql version: 10.1.37-MariaDB
>> > mysql {
>> > tls {
>> > }
>> > warnings = "auto"
>> > }
>> > rlm_sql (sql): Attempting to connect to database "radius"
>> > rlm_sql (sql): Initialising connection pool
>> > pool {
>> > start = 5
>> > min = 3
>> > max = 32
>> > spare = 10
>> > uses = 0
>> > lifetime = 0
>> > cleanup_interval = 30
>> > idle_timeout = 60
>> > retry_delay = 30
>> > spread = no
>> > }
>> > rlm_sql (sql): Opening additional connection (0), 1 of 32 pending
>> > slots used
>> > rlm_sql_mysql: Starting connect to MySQL server
>> > rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX
>> > socket, server version 10.1.37-MariaDB, protocol version 10 rlm_sql
>> > (sql): Opening additional connection (1), 1 of 31 pending slots used
>> > rlm_sql_mysql: Starting connect to MySQL server
>> > rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX
>> > socket, server version 10.1.37-MariaDB, protocol version 10 rlm_sql
>> > (sql): Opening additional connection (2), 1 of 30 pending slots used
>> > rlm_sql_mysql: Starting connect to MySQL server
>> > rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX
>> > socket, server version 10.1.37-MariaDB, protocol version 10 rlm_sql
>> > (sql): Opening additional connection (3), 1 of 29 pending slots used
>> > rlm_sql_mysql: Starting connect to MySQL server
>> > rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX
>> > socket, server version 10.1.37-MariaDB, protocol version 10 rlm_sql
>> > (sql): Opening additional connection (4), 1 of 28 pending slots used
>> > rlm_sql_mysql: Starting connect to MySQL server
>> > rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX
>> > socket, server version 10.1.37-MariaDB, protocol version 10 rlm_sql
>> > (sql): Processing generate_sql_clients rlm_sql (sql) in
>> > generate_sql_clients: query is SELECT id, nasname, shortname, type,
>> > secret, server FROM nas rlm_sql (sql): Reserved connection (0) rlm_sql
>> > (sql): Executing select query: SELECT id, nasname, shortname, type,
>> > secret, server FROM nas rlm_sql (sql): Adding client 10.0.0.38 (domain
>> > controller) to global clients list rlm_sql (10.0.0.38): Client "domain
>> > controller" (sql) added rlm_sql (sql): Adding client 10.0.0.39 (domain
>> > contr-2) to global clients list rlm_sql (10.0.0.39): Client "domain
>> > contr-2" (sql) added rlm_sql (sql): Adding client 10.1.172.16 (team2)
>> > to global clients list rlm_sql (10.1.172.16): Client "team2" (sql)
>> > added rlm_sql (sql): Adding client 10.1.172.18 (team4) to global
>> > clients list rlm_sql (10.1.172.18): Client "team4" (sql) added rlm_sql
>> > (sql): Adding client 10.1.172.19 (team5) to global clients list
>> > rlm_sql (10.1.172.19): Client "team5" (sql) added rlm_sql (sql):
>> > Adding client 10.1.172.20 (team6) to global clients list rlm_sql
>> > (10.1.172.20): Client "team6" (sql) added rlm_sql (sql): Adding client
>> > 10.0.0.1 (Local network) to global clients list rlm_sql (10.0.0.1):
>> > Client "Local network" (sql) added rlm_sql (sql): Adding client
>> > 192.168.20.1 (ACCT) to global clients list rlm_sql (192.168.20.1):
>> > Client "ACCT" (sql) added rlm_sql (sql): Released connection (0) Need
>> > 5 more connections to reach 10 spares rlm_sql (sql): Opening
>> > additional connection (5), 1 of 27 pending slots used
>> > rlm_sql_mysql: Starting connect to MySQL server
>> > rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX
>> > socket, server version 10.1.37-MariaDB, protocol version 10 } #
>> > modules
>> > radiusd: #### Loading Virtual Servers #### server { # from file
>> > /etc/raddb/radiusd.conf } # server server default { # from file
>> > /etc/raddb/sites-enabled/default # Loading authenticate {...} #
>> > Loading authorize {...} Ignoring "ldap" (see
>> > raddb/mods-available/README.rst) # Loading preacct {...} # Loading
>> > accounting {...} } # server default server inner-tunnel { # from file
>> > /etc/raddb/sites-enabled/inner-tunnel
>> > # Loading authenticate {...}
>> > # Loading authorize {...}
>> > # Loading session {...}
>> > # Loading post-auth {...}
>> > } # server inner-tunnel
>> > radiusd: #### Opening IP addresses and Ports #### listen {
>> > type = "auth"
>> > ipaddr = *
>> > port = 0
>> > limit {
>> > max_connections = 16
>> > lifetime = 0
>> > idle_timeout = 0
>> > }
>> > Failed binding to auth address * port 1812 bound to server default:
>> > Address already in use
>> > /etc/raddb/sites-enabled/default[60]: Error binding to port for
>> > 0.0.0.0 port 1812
>> >
>> > ------------------------------
>> >
>> > Subject: Digest Footer
>> >
>> > -
>> > List info/subscribe/unsubscribe? See
>> > http://www.freeradius.org/list/users.html
>> >
>> > ------------------------------
>> >
>> > End of Freeradius-Users Digest, Vol 165, Issue 69
>> > *************************************************
>> >
>> >
>> > -
>> > List info/subscribe/unsubscribe? See
>> > http://www.freeradius.org/list/users.html
>>
>>
>> ------------------------------
>>
>> Subject: Digest Footer
>>
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>>
>> ------------------------------
>>
>> End of Freeradius-Users Digest, Vol 165, Issue 71
>> *************************************************
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>
>
More information about the Freeradius-Users
mailing list