Nested dynamic variable expansion at parse time
Nitin sidhu
nitin.sidhu23 at gmail.com
Wed Jun 5 15:04:51 CEST 2019
Hello
I am using FreeRADIUS Version 3.0.17 running on apline linux. I am trying
to setup some variable under virtual server sections that are referenced at
multiple points in the virtual server. Essentially trying to make editing
of the configuration easier and adding more virtual server easier
Virtual server config is:
*server tenant1 {sql_instance_name = tenant1sql_db =
"${sql[${.sql_instance_name}].radius_db}"authorize
{chap"${..sql_instance_name}"pap}}*
I followed the documentation:
https://networkradius.com/doc/3.0.10/raddb/syntax/config_reference.html
I am getting this error:
freeradius_1 | FreeRADIUS Version 3.0.17
freeradius_1 | Copyright (C) 1999-2017 The FreeRADIUS server project and
contributors
freeradius_1 | There is NO warranty; not even for MERCHANTABILITY or
FITNESS FOR A
freeradius_1 | PARTICULAR PURPOSE
freeradius_1 | You may redistribute copies of FreeRADIUS under the terms
of the
freeradius_1 | GNU General Public License
freeradius_1 | For more information about these matters, see the file
named COPYRIGHT
freeradius_1 | Starting - reading configuration files ...
freeradius_1 | including dictionary file /usr/share/freeradius/dictionary
freeradius_1 | including dictionary file
/usr/share/freeradius/dictionary.dhcp
freeradius_1 | including dictionary file
/usr/share/freeradius/dictionary.vqp
freeradius_1 | including dictionary file /etc/raddb/dictionary
freeradius_1 | including configuration file /etc/raddb/radiusd.conf
freeradius_1 | including configuration file /etc/raddb/proxy.conf
freeradius_1 | including configuration file /etc/raddb/clients.conf
freeradius_1 | including configuration file
/etc/raddb/mods-available/sql_config
freeradius_1 | /etc/raddb/mods-available/sql_config[196]: Reference
"${thread[pool].start_servers}" not found
freeradius_1 | /etc/raddb/mods-available/sql_config[199]: Reference
"${thread[pool].min_spare_servers}" not found
freeradius_1 | /etc/raddb/mods-available/sql_config[212]: Reference
"${thread[pool].max_servers}" not found
freeradius_1 | /etc/raddb/mods-available/sql_config[218]: Reference
"${thread[pool].max_spare_servers}" not found
freeradius_1 | including configuration file
/etc/raddb/sql_data/radius_queries.conf
freeradius_1 | /etc/raddb/mods-available/sql_config[447]: Reference
"${thread[pool].start_servers}" not found
freeradius_1 | /etc/raddb/mods-available/sql_config[450]: Reference
"${thread[pool].min_spare_servers}" not found
freeradius_1 | /etc/raddb/mods-available/sql_config[463]: Reference
"${thread[pool].max_servers}" not found
freeradius_1 | /etc/raddb/mods-available/sql_config[469]: Reference
"${thread[pool].max_spare_servers}" not found
freeradius_1 | including configuration file
/etc/raddb/sql_data/corespeed_radius_queries.conf
freeradius_1 | including files in directory /etc/raddb/mods-enabled/
freeradius_1 | including configuration file
/etc/raddb/mods-enabled/cache_eap
freeradius_1 | including configuration file
/etc/raddb/mods-enabled/logintime
freeradius_1 | including configuration file /etc/raddb/mods-enabled/files
freeradius_1 | including configuration file /etc/raddb/mods-enabled/passwd
freeradius_1 | including configuration file /etc/raddb/mods-enabled/detail
freeradius_1 | including configuration file /etc/raddb/mods-enabled/echo
freeradius_1 | including configuration file /etc/raddb/mods-enabled/radutmp
freeradius_1 | including configuration file
/etc/raddb/mods-enabled/preprocess
freeradius_1 | including configuration file /etc/raddb/mods-enabled/pap
freeradius_1 | including configuration file /etc/raddb/mods-enabled/date
freeradius_1 | including configuration file /etc/raddb/mods-enabled/always
freeradius_1 | including configuration file /etc/raddb/mods-enabled/soh
freeradius_1 | including configuration file /etc/raddb/mods-enabled/digest
freeradius_1 | including configuration file /etc/raddb/mods-enabled/mschap
freeradius_1 | including configuration file
/etc/raddb/mods-enabled/ntlm_auth
freeradius_1 | including configuration file /etc/raddb/mods-enabled/unpack
freeradius_1 | including configuration file /etc/raddb/mods-enabled/realm
freeradius_1 | including configuration file /etc/raddb/mods-enabled/exec
freeradius_1 | including configuration file
/etc/raddb/mods-enabled/expiration
freeradius_1 | including configuration file /etc/raddb/mods-enabled/expr
freeradius_1 | including configuration file /etc/raddb/mods-enabled/linelog
freeradius_1 | including configuration file
/etc/raddb/mods-enabled/sradutmp
freeradius_1 | including configuration file
/etc/raddb/mods-enabled/detail.log
freeradius_1 | including configuration file
/etc/raddb/mods-enabled/replicate
freeradius_1 | including configuration file /etc/raddb/mods-enabled/unix
freeradius_1 | including configuration file
/etc/raddb/mods-enabled/dynamic_clients
freeradius_1 | including configuration file /etc/raddb/mods-enabled/utf8
freeradius_1 | including configuration file /etc/raddb/mods-enabled/chap
freeradius_1 | including configuration file
/etc/raddb/mods-enabled/attr_filter
freeradius_1 | including configuration file
/etc/raddb/mods-enabled/dhcp_sqlippool
freeradius_1 | including configuration file
/etc/raddb/mods-config/sql/ippool-dhcp/mysql/queries.conf
freeradius_1 | including configuration file
/etc/raddb/mods-enabled/sql_config
freeradius_1 | including configuration file
/etc/raddb/sql_data/radius_queries.conf
freeradius_1 | including configuration file
/etc/raddb/sql_data/corespeed_radius_queries.conf
freeradius_1 | including files in directory /etc/raddb/policy.d/
freeradius_1 | including configuration file
/etc/raddb/policy.d/operator-name
freeradius_1 | including configuration file /etc/raddb/policy.d/filter
freeradius_1 | including configuration file
/etc/raddb/policy.d/canonicalization
freeradius_1 | including configuration file /etc/raddb/policy.d/dhcp
freeradius_1 | including configuration file /etc/raddb/policy.d/eap
freeradius_1 | including configuration file /etc/raddb/policy.d/debug
freeradius_1 | including configuration file /etc/raddb/policy.d/accounting
freeradius_1 | including configuration file /etc/raddb/policy.d/control
freeradius_1 | including configuration file
/etc/raddb/policy.d/moonshot-targeted-ids
freeradius_1 | including configuration file /etc/raddb/policy.d/abfab-tr
freeradius_1 | including configuration file /etc/raddb/policy.d/cui
freeradius_1 | including files in directory /etc/raddb/sites-enabled/
freeradius_1 | including configuration file
/etc/raddb/sites-enabled/inner-tunnel
freeradius_1 | including configuration file
/etc/raddb/sites-enabled/main_config
freeradius_1 | /etc/raddb/sites-enabled/main_config[46]: Reference
"${sql[${.sql_instance_name}" not found
freeradius_1 | /etc/raddb/sites-enabled/main_config[75]: Reference
"%{tenant1: SELECT ${...sql_db}.radusergroup.groupname FROM
${...sql_db}.radusergroup WHERE ${...sql_db}.radusergroup.username =
'%{User-Name}' AND priority = '3'}" points to a variable which has not been
expanded.
freeradius_1 | including configuration file /etc/raddb/sites-enabled/dhcp
freeradius_1 | including configuration file
/etc/raddb/sites-enabled/originate-coa
freeradius_1 | /etc/raddb/sites-enabled/main_config[46]: Reference
"${sql[${.sql_instance_name}" not found
freeradius_1 | Errors reading or parsing /etc/raddb/radiusd.conf
I have been struggling to work out why there is an error message
regarding *Reference
"${sql[${.sql_instance_name}" not found. *
If i change the virtual server config to not use nested variable reference
like this
*server tenant1 {sql_instance_name = tenant1sql_db ="
${sql[tenant1].radius_db}"authorize {chap"${..sql_instance_name}"pap}}*
Then i get the following error under the authorize section
freeradius_1 | FreeRADIUS Version 3.0.17
freeradius_1 | Copyright (C) 1999-2017 The FreeRADIUS server project and
contributors
freeradius_1 | There is NO warranty; not even for MERCHANTABILITY or
FITNESS FOR A
freeradius_1 | PARTICULAR PURPOSE
freeradius_1 | You may redistribute copies of FreeRADIUS under the terms
of the
freeradius_1 | GNU General Public License
freeradius_1 | For more information about these matters, see the file
named COPYRIGHT
freeradius_1 | Starting - reading configuration files ...
freeradius_1 | including dictionary file /usr/share/freeradius/dictionary
freeradius_1 | including dictionary file
/usr/share/freeradius/dictionary.dhcp
freeradius_1 | including dictionary file
/usr/share/freeradius/dictionary.vqp
freeradius_1 | including dictionary file /etc/raddb/dictionary
freeradius_1 | including configuration file /etc/raddb/radiusd.conf
freeradius_1 | including configuration file /etc/raddb/proxy.conf
freeradius_1 | including configuration file /etc/raddb/clients.conf
freeradius_1 | including configuration file
/etc/raddb/mods-available/sql_config
freeradius_1 | /etc/raddb/mods-available/sql_config[196]: Reference
"${thread[pool].start_servers}" not found
freeradius_1 | /etc/raddb/mods-available/sql_config[199]: Reference
"${thread[pool].min_spare_servers}" not found
freeradius_1 | /etc/raddb/mods-available/sql_config[212]: Reference
"${thread[pool].max_servers}" not found
freeradius_1 | /etc/raddb/mods-available/sql_config[218]: Reference
"${thread[pool].max_spare_servers}" not found
freeradius_1 | including configuration file
/etc/raddb/sql_data/radius_queries.conf
freeradius_1 | /etc/raddb/mods-available/sql_config[447]: Reference
"${thread[pool].start_servers}" not found
freeradius_1 | /etc/raddb/mods-available/sql_config[450]: Reference
"${thread[pool].min_spare_servers}" not found
freeradius_1 | /etc/raddb/mods-available/sql_config[463]: Reference
"${thread[pool].max_servers}" not found
freeradius_1 | /etc/raddb/mods-available/sql_config[469]: Reference
"${thread[pool].max_spare_servers}" not found
freeradius_1 | including configuration file
/etc/raddb/sql_data/tenant2_radius_queries.conf
freeradius_1 | including files in directory /etc/raddb/mods-enabled/
freeradius_1 | including configuration file
/etc/raddb/mods-enabled/cache_eap
freeradius_1 | including configuration file
/etc/raddb/mods-enabled/logintime
freeradius_1 | including configuration file /etc/raddb/mods-enabled/files
freeradius_1 | including configuration file /etc/raddb/mods-enabled/passwd
freeradius_1 | including configuration file /etc/raddb/mods-enabled/detail
freeradius_1 | including configuration file /etc/raddb/mods-enabled/echo
freeradius_1 | including configuration file /etc/raddb/mods-enabled/radutmp
freeradius_1 | including configuration file
/etc/raddb/mods-enabled/preprocess
freeradius_1 | including configuration file /etc/raddb/mods-enabled/pap
freeradius_1 | including configuration file /etc/raddb/mods-enabled/date
freeradius_1 | including configuration file /etc/raddb/mods-enabled/always
freeradius_1 | including configuration file /etc/raddb/mods-enabled/soh
freeradius_1 | including configuration file /etc/raddb/mods-enabled/digest
freeradius_1 | including configuration file /etc/raddb/mods-enabled/mschap
freeradius_1 | including configuration file
/etc/raddb/mods-enabled/ntlm_auth
freeradius_1 | including configuration file /etc/raddb/mods-enabled/unpack
freeradius_1 | including configuration file /etc/raddb/mods-enabled/realm
freeradius_1 | including configuration file /etc/raddb/mods-enabled/exec
freeradius_1 | including configuration file
/etc/raddb/mods-enabled/expiration
freeradius_1 | including configuration file /etc/raddb/mods-enabled/expr
freeradius_1 | including configuration file /etc/raddb/mods-enabled/linelog
freeradius_1 | including configuration file
/etc/raddb/mods-enabled/sradutmp
freeradius_1 | including configuration file
/etc/raddb/mods-enabled/detail.log
freeradius_1 | including configuration file
/etc/raddb/mods-enabled/replicate
freeradius_1 | including configuration file /etc/raddb/mods-enabled/unix
freeradius_1 | including configuration file
/etc/raddb/mods-enabled/dynamic_clients
freeradius_1 | including configuration file /etc/raddb/mods-enabled/utf8
freeradius_1 | including configuration file /etc/raddb/mods-enabled/chap
freeradius_1 | including configuration file
/etc/raddb/mods-enabled/attr_filter
freeradius_1 | including configuration file
/etc/raddb/mods-enabled/dhcp_sqlippool
freeradius_1 | including configuration file
/etc/raddb/mods-config/sql/ippool-dhcp/mysql/queries.conf
freeradius_1 | including configuration file
/etc/raddb/mods-enabled/sql_config
freeradius_1 | including configuration file
/etc/raddb/sql_data/radius_queries.conf
freeradius_1 | including configuration file
/etc/raddb/sql_data/tenant2_radius_queries.conf
freeradius_1 | including files in directory /etc/raddb/policy.d/
freeradius_1 | including configuration file
/etc/raddb/policy.d/operator-name
freeradius_1 | including configuration file /etc/raddb/policy.d/filter
freeradius_1 | including configuration file
/etc/raddb/policy.d/canonicalization
freeradius_1 | including configuration file /etc/raddb/policy.d/dhcp
freeradius_1 | including configuration file /etc/raddb/policy.d/eap
freeradius_1 | including configuration file /etc/raddb/policy.d/debug
freeradius_1 | including configuration file /etc/raddb/policy.d/accounting
freeradius_1 | including configuration file /etc/raddb/policy.d/control
freeradius_1 | including configuration file
/etc/raddb/policy.d/moonshot-targeted-ids
freeradius_1 | including configuration file /etc/raddb/policy.d/abfab-tr
freeradius_1 | including configuration file /etc/raddb/policy.d/cui
freeradius_1 | including files in directory /etc/raddb/sites-enabled/
freeradius_1 | including configuration file
/etc/raddb/sites-enabled/inner-tunnel
freeradius_1 | including configuration file
/etc/raddb/sites-enabled/main_config
freeradius_1 | including configuration file /etc/raddb/sites-enabled/dhcp
freeradius_1 | including configuration file
/etc/raddb/sites-enabled/originate-coa
freeradius_1 | main {
freeradius_1 | security {
freeradius_1 | user = "radius"
freeradius_1 | group = "radius"
freeradius_1 | allow_core_dumps = no
freeradius_1 | }
freeradius_1 | name = "radiusd"
freeradius_1 | prefix = "/usr"
freeradius_1 | localstatedir = "/var"
freeradius_1 | logdir = "/var/log/radius"
freeradius_1 | run_dir = "/var/run/radiusd"
freeradius_1 | }
freeradius_1 | main {
freeradius_1 | name = "radiusd"
freeradius_1 | prefix = "/usr"
freeradius_1 | localstatedir = "/var"
freeradius_1 | sbindir = "/usr/sbin"
freeradius_1 | logdir = "/var/log/radius"
freeradius_1 | run_dir = "/var/run/radiusd"
freeradius_1 | libdir = "/usr/lib/freeradius"
freeradius_1 | radacctdir = "/var/log/radius/radacct"
freeradius_1 | hostname_lookups = no
freeradius_1 | max_request_time = 30
freeradius_1 | cleanup_delay = 5
freeradius_1 | max_requests = 16384
freeradius_1 | pidfile = "/var/run/radiusd/radiusd.pid"
freeradius_1 | checkrad = "/usr/sbin/checkrad"
freeradius_1 | debug_level = 0
freeradius_1 | proxy_requests = yes
freeradius_1 | log {
freeradius_1 | stripped_names = no
freeradius_1 | auth = no
freeradius_1 | auth_badpass = yes
freeradius_1 | auth_goodpass = no
freeradius_1 | colourise = yes
freeradius_1 | msg_denied = "You are already logged in - access denied"
freeradius_1 | }
freeradius_1 | resources {
freeradius_1 | }
freeradius_1 | security {
freeradius_1 | max_attributes = 200
freeradius_1 | reject_delay = 1.000000
freeradius_1 | status_server = yes
freeradius_1 | allow_vulnerable_openssl = "no"
freeradius_1 | }
freeradius_1 | }
freeradius_1 | radiusd: #### Loading Realms and Home Servers ####
freeradius_1 | proxy server {
freeradius_1 | retry_delay = 5
freeradius_1 | retry_count = 3
freeradius_1 | default_fallback = no
freeradius_1 | dead_time = 120
freeradius_1 | wake_all_if_all_dead = no
freeradius_1 | }
freeradius_1 | home_server localhost {
freeradius_1 | ipaddr = 127.0.0.1
freeradius_1 | port = 1812
freeradius_1 | type = "auth"
freeradius_1 | secret = <<< secret >>>
freeradius_1 | response_window = 20.000000
freeradius_1 | response_timeouts = 1
freeradius_1 | max_outstanding = 65536
freeradius_1 | zombie_period = 40
freeradius_1 | status_check = "status-server"
freeradius_1 | ping_interval = 30
freeradius_1 | check_interval = 30
freeradius_1 | check_timeout = 4
freeradius_1 | num_answers_to_alive = 3
freeradius_1 | revive_interval = 120
freeradius_1 | limit {
freeradius_1 | max_connections = 16
freeradius_1 | max_requests = 0
freeradius_1 | lifetime = 0
freeradius_1 | idle_timeout = 0
freeradius_1 | }
freeradius_1 | coa {
freeradius_1 | irt = 2
freeradius_1 | mrt = 16
freeradius_1 | mrc = 5
freeradius_1 | mrd = 30
freeradius_1 | }
freeradius_1 | }
freeradius_1 | home_server tenant1_auth_home_server {
freeradius_1 | virtual_server = "tenant1"
freeradius_1 | port = 0
freeradius_1 | type = "auth"
freeradius_1 | response_window = 30.000000
freeradius_1 | response_timeouts = 1
freeradius_1 | max_outstanding = 65536
freeradius_1 | zombie_period = 40
freeradius_1 | status_check = "none"
freeradius_1 | ping_interval = 30
freeradius_1 | check_timeout = 4
freeradius_1 | num_answers_to_alive = 3
freeradius_1 | revive_interval = 300
freeradius_1 | limit {
freeradius_1 | max_connections = 16
freeradius_1 | max_requests = 0
freeradius_1 | lifetime = 0
freeradius_1 | idle_timeout = 0
freeradius_1 | }
freeradius_1 | coa {
freeradius_1 | irt = 2
freeradius_1 | mrt = 16
freeradius_1 | mrc = 5
freeradius_1 | mrd = 30
freeradius_1 | }
freeradius_1 | }
freeradius_1 | home_server tenant1_acct_home_server {
freeradius_1 | virtual_server = "tenant1"
freeradius_1 | port = 0
freeradius_1 | type = "acct"
freeradius_1 | response_window = 30.000000
freeradius_1 | response_timeouts = 1
freeradius_1 | max_outstanding = 65536
freeradius_1 | zombie_period = 40
freeradius_1 | status_check = "none"
freeradius_1 | ping_interval = 30
freeradius_1 | check_timeout = 4
freeradius_1 | num_answers_to_alive = 3
freeradius_1 | revive_interval = 300
freeradius_1 | limit {
freeradius_1 | max_connections = 16
freeradius_1 | max_requests = 0
freeradius_1 | lifetime = 0
freeradius_1 | idle_timeout = 0
freeradius_1 | }
freeradius_1 | coa {
freeradius_1 | irt = 2
freeradius_1 | mrt = 16
freeradius_1 | mrc = 5
freeradius_1 | mrd = 30
freeradius_1 | }
freeradius_1 | }
freeradius_1 | home_server tenant2_auth_home_server {
freeradius_1 | virtual_server = "tenant2"
freeradius_1 | port = 0
freeradius_1 | type = "auth"
freeradius_1 | response_window = 30.000000
freeradius_1 | response_timeouts = 1
freeradius_1 | max_outstanding = 65536
freeradius_1 | zombie_period = 40
freeradius_1 | status_check = "none"
freeradius_1 | ping_interval = 30
freeradius_1 | check_timeout = 4
freeradius_1 | num_answers_to_alive = 3
freeradius_1 | revive_interval = 300
freeradius_1 | limit {
freeradius_1 | max_connections = 16
freeradius_1 | max_requests = 0
freeradius_1 | lifetime = 0
freeradius_1 | idle_timeout = 0
freeradius_1 | }
freeradius_1 | coa {
freeradius_1 | irt = 2
freeradius_1 | mrt = 16
freeradius_1 | mrc = 5
freeradius_1 | mrd = 30
freeradius_1 | }
freeradius_1 | }
freeradius_1 | home_server tenant2_acct_home_server {
freeradius_1 | virtual_server = "tenant2"
freeradius_1 | port = 0
freeradius_1 | type = "acct"
freeradius_1 | response_window = 30.000000
freeradius_1 | response_timeouts = 1
freeradius_1 | max_outstanding = 65536
freeradius_1 | zombie_period = 40
freeradius_1 | status_check = "none"
freeradius_1 | ping_interval = 30
freeradius_1 | check_timeout = 4
freeradius_1 | num_answers_to_alive = 3
freeradius_1 | revive_interval = 300
freeradius_1 | limit {
freeradius_1 | max_connections = 16
freeradius_1 | max_requests = 0
freeradius_1 | lifetime = 0
freeradius_1 | idle_timeout = 0
freeradius_1 | }
freeradius_1 | coa {
freeradius_1 | irt = 2
freeradius_1 | mrt = 16
freeradius_1 | mrc = 5
freeradius_1 | mrd = 30
freeradius_1 | }
freeradius_1 | }
freeradius_1 | home_server example-coa {
freeradius_1 | ipaddr = 192.0.2.42
freeradius_1 | port = 3799
freeradius_1 | type = "coa"
freeradius_1 | secret = <<< secret >>>
freeradius_1 | response_window = 30.000000
freeradius_1 | response_timeouts = 1
freeradius_1 | max_outstanding = 65536
freeradius_1 | zombie_period = 40
freeradius_1 | status_check = "none"
freeradius_1 | ping_interval = 30
freeradius_1 | check_timeout = 4
freeradius_1 | num_answers_to_alive = 3
freeradius_1 | revive_interval = 300
freeradius_1 | limit {
freeradius_1 | max_connections = 16
freeradius_1 | max_requests = 0
freeradius_1 | lifetime = 0
freeradius_1 | idle_timeout = 0
freeradius_1 | }
freeradius_1 | coa {
freeradius_1 | irt = 2
freeradius_1 | mrt = 16
freeradius_1 | mrc = 5
freeradius_1 | mrd = 30
freeradius_1 | }
freeradius_1 | }
freeradius_1 | home_server test-client-coa {
freeradius_1 | ipaddr = 10.0.0.24
freeradius_1 | port = 3799
freeradius_1 | type = "coa"
freeradius_1 | secret = <<< secret >>>
freeradius_1 | response_window = 30.000000
freeradius_1 | response_timeouts = 1
freeradius_1 | max_outstanding = 65536
freeradius_1 | zombie_period = 40
freeradius_1 | status_check = "none"
freeradius_1 | ping_interval = 30
freeradius_1 | check_timeout = 4
freeradius_1 | num_answers_to_alive = 3
freeradius_1 | revive_interval = 300
freeradius_1 | limit {
freeradius_1 | max_connections = 16
freeradius_1 | max_requests = 0
freeradius_1 | lifetime = 0
freeradius_1 | idle_timeout = 0
freeradius_1 | }
freeradius_1 | coa {
freeradius_1 | irt = 2
freeradius_1 | mrt = 16
freeradius_1 | mrc = 5
freeradius_1 | mrd = 30
freeradius_1 | }
freeradius_1 | }
freeradius_1 | home_server_pool tenant1_auth_home_server_pool {
freeradius_1 | home_server = tenant1_auth_home_server
freeradius_1 | }
freeradius_1 | home_server_pool tenant1_acct_home_server_pool {
freeradius_1 | home_server = tenant1_acct_home_server
freeradius_1 | }
freeradius_1 | realm hsi.tenant1.net {
freeradius_1 | auth_pool = tenant1_auth_home_server_pool
freeradius_1 | acct_pool = tenant1_acct_home_server_pool
freeradius_1 | }
freeradius_1 | home_server_pool tenant2_auth_home_server_pool {
freeradius_1 | home_server = tenant2_auth_home_server
freeradius_1 | }
freeradius_1 | home_server_pool tenant2_acct_home_server_pool {
freeradius_1 | home_server = tenant2_acct_home_server
freeradius_1 | }
freeradius_1 | realm ipoe.tenant2.net {
freeradius_1 | auth_pool = tenant2_auth_home_server_pool
freeradius_1 | acct_pool = tenant2_acct_home_server_pool
freeradius_1 | }
freeradius_1 | home_server_pool my_auth_failover {
freeradius_1 | type = fail-over
freeradius_1 | home_server = localhost
freeradius_1 | }
freeradius_1 | realm example.com {
freeradius_1 | auth_pool = my_auth_failover
freeradius_1 | }
freeradius_1 | realm LOCAL {
freeradius_1 | }
freeradius_1 | home_server_pool coa {
freeradius_1 | type = fail-over
freeradius_1 | virtual_server = originate-coa.example.com
freeradius_1 | home_server = example-coa
freeradius_1 | }
freeradius_1 | radiusd: #### Loading Clients ####
freeradius_1 | client localhost {
freeradius_1 | ipaddr = 127.0.0.1
freeradius_1 | require_message_authenticator = no
freeradius_1 | secret = <<< secret >>>
freeradius_1 | nas_type = "other"
freeradius_1 | proto = "*"
freeradius_1 | limit {
freeradius_1 | max_connections = 16
freeradius_1 | lifetime = 0
freeradius_1 | idle_timeout = 30
freeradius_1 | }
freeradius_1 | }
freeradius_1 | client localhost_ipv6 {
freeradius_1 | ipv6addr = ::1
freeradius_1 | require_message_authenticator = no
freeradius_1 | secret = <<< secret >>>
freeradius_1 | limit {
freeradius_1 | max_connections = 16
freeradius_1 | lifetime = 0
freeradius_1 | idle_timeout = 30
freeradius_1 | }
freeradius_1 | }
freeradius_1 | client test-radclient {
freeradius_1 | ipaddr = *
freeradius_1 | require_message_authenticator = no
freeradius_1 | secret = <<< secret >>>
freeradius_1 | limit {
freeradius_1 | max_connections = 16
freeradius_1 | lifetime = 0
freeradius_1 | idle_timeout = 30
freeradius_1 | }
freeradius_1 | }
freeradius_1 | Found debugger attached
freeradius_1 | # Creating Auth-Type = mschap
freeradius_1 | # Creating Auth-Type = PAP
freeradius_1 | # Creating Auth-Type = CHAP
freeradius_1 | # Creating Auth-Type = MS-CHAP
freeradius_1 | radiusd: #### Instantiating modules ####
freeradius_1 | modules {
freeradius_1 | # Loaded module rlm_cache
freeradius_1 | # Loading module "cache_eap" from file
/etc/raddb/mods-enabled/cache_eap
freeradius_1 | cache cache_eap {
freeradius_1 | driver = "rlm_cache_rbtree"
freeradius_1 | key = "%{%{control:State}:-%{%{reply:State}:-%{State}}}"
freeradius_1 | ttl = 15
freeradius_1 | max_entries = 0
freeradius_1 | epoch = 0
freeradius_1 | add_stats = no
freeradius_1 | }
freeradius_1 | # Loaded module rlm_logintime
freeradius_1 | # Loading module "logintime" from file
/etc/raddb/mods-enabled/logintime
freeradius_1 | logintime {
freeradius_1 | minimum_timeout = 60
freeradius_1 | }
freeradius_1 | # Loaded module rlm_files
freeradius_1 | # Loading module "files" from file
/etc/raddb/mods-enabled/files
freeradius_1 | files {
freeradius_1 | filename = "/etc/raddb/mods-config/files/authorize"
freeradius_1 | acctusersfile = "/etc/raddb/mods-config/files/accounting"
freeradius_1 | preproxy_usersfile =
"/etc/raddb/mods-config/files/pre-proxy"
freeradius_1 | }
freeradius_1 | # Loaded module rlm_passwd
freeradius_1 | # Loading module "etc_passwd" from file
/etc/raddb/mods-enabled/passwd
freeradius_1 | passwd etc_passwd {
freeradius_1 | filename = "/etc/passwd"
freeradius_1 | format = "*User-Name:Crypt-Password:"
freeradius_1 | delimiter = ":"
freeradius_1 | ignore_nislike = no
freeradius_1 | ignore_empty = yes
freeradius_1 | allow_multiple_keys = no
freeradius_1 | hash_size = 100
freeradius_1 | }
freeradius_1 | # Loaded module rlm_detail
freeradius_1 | # Loading module "detail" from file
/etc/raddb/mods-enabled/detail
freeradius_1 | detail {
freeradius_1 | filename =
"/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d"
freeradius_1 | header = "%t"
freeradius_1 | permissions = 384
freeradius_1 | locking = no
freeradius_1 | escape_filenames = no
freeradius_1 | log_packet_header = no
freeradius_1 | }
freeradius_1 | # Loaded module rlm_exec
freeradius_1 | # Loading module "echo" from file
/etc/raddb/mods-enabled/echo
freeradius_1 | exec echo {
freeradius_1 | wait = yes
freeradius_1 | program = "/bin/echo %{User-Name}"
freeradius_1 | input_pairs = "request"
freeradius_1 | output_pairs = "reply"
freeradius_1 | shell_escape = yes
freeradius_1 | }
freeradius_1 | # Loaded module rlm_radutmp
freeradius_1 | # Loading module "radutmp" from file
/etc/raddb/mods-enabled/radutmp
freeradius_1 | radutmp {
freeradius_1 | filename = "/var/log/radius/radutmp"
freeradius_1 | username = "%{User-Name}"
freeradius_1 | case_sensitive = yes
freeradius_1 | check_with_nas = yes
freeradius_1 | permissions = 384
freeradius_1 | caller_id = yes
freeradius_1 | }
freeradius_1 | # Loaded module rlm_preprocess
freeradius_1 | # Loading module "preprocess" from file
/etc/raddb/mods-enabled/preprocess
freeradius_1 | preprocess {
freeradius_1 | huntgroups =
"/etc/raddb/mods-config/preprocess/huntgroups"
freeradius_1 | hints = "/etc/raddb/mods-config/preprocess/hints"
freeradius_1 | with_ascend_hack = no
freeradius_1 | ascend_channels_per_line = 23
freeradius_1 | with_ntdomain_hack = no
freeradius_1 | with_specialix_jetstream_hack = no
freeradius_1 | with_cisco_vsa_hack = no
freeradius_1 | with_alvarion_vsa_hack = no
freeradius_1 | }
freeradius_1 | # Loaded module rlm_pap
freeradius_1 | # Loading module "pap" from file
/etc/raddb/mods-enabled/pap
freeradius_1 | pap {
freeradius_1 | normalise = yes
freeradius_1 | }
freeradius_1 | # Loaded module rlm_date
freeradius_1 | # Loading module "date" from file
/etc/raddb/mods-enabled/date
freeradius_1 | date {
freeradius_1 | format = "%b %e %Y %H:%M:%S %Z"
freeradius_1 | utc = no
freeradius_1 | }
freeradius_1 | # Loaded module rlm_always
freeradius_1 | # Loading module "reject" from file
/etc/raddb/mods-enabled/always
freeradius_1 | always reject {
freeradius_1 | rcode = "reject"
freeradius_1 | simulcount = 0
freeradius_1 | mpp = no
freeradius_1 | }
freeradius_1 | # Loading module "fail" from file
/etc/raddb/mods-enabled/always
freeradius_1 | always fail {
freeradius_1 | rcode = "fail"
freeradius_1 | simulcount = 0
freeradius_1 | mpp = no
freeradius_1 | }
freeradius_1 | # Loading module "ok" from file
/etc/raddb/mods-enabled/always
freeradius_1 | always ok {
freeradius_1 | rcode = "ok"
freeradius_1 | simulcount = 0
freeradius_1 | mpp = no
freeradius_1 | }
freeradius_1 | # Loading module "handled" from file
/etc/raddb/mods-enabled/always
freeradius_1 | always handled {
freeradius_1 | rcode = "handled"
freeradius_1 | simulcount = 0
freeradius_1 | mpp = no
freeradius_1 | }
freeradius_1 | # Loading module "invalid" from file
/etc/raddb/mods-enabled/always
freeradius_1 | always invalid {
freeradius_1 | rcode = "invalid"
freeradius_1 | simulcount = 0
freeradius_1 | mpp = no
freeradius_1 | }
freeradius_1 | # Loading module "userlock" from file
/etc/raddb/mods-enabled/always
freeradius_1 | always userlock {
freeradius_1 | rcode = "userlock"
freeradius_1 | simulcount = 0
freeradius_1 | mpp = no
freeradius_1 | }
freeradius_1 | # Loading module "notfound" from file
/etc/raddb/mods-enabled/always
freeradius_1 | always notfound {
freeradius_1 | rcode = "notfound"
freeradius_1 | simulcount = 0
freeradius_1 | mpp = no
freeradius_1 | }
freeradius_1 | # Loading module "noop" from file
/etc/raddb/mods-enabled/always
freeradius_1 | always noop {
freeradius_1 | rcode = "noop"
freeradius_1 | simulcount = 0
freeradius_1 | mpp = no
freeradius_1 | }
freeradius_1 | # Loading module "updated" from file
/etc/raddb/mods-enabled/always
freeradius_1 | always updated {
freeradius_1 | rcode = "updated"
freeradius_1 | simulcount = 0
freeradius_1 | mpp = no
freeradius_1 | }
freeradius_1 | # Loaded module rlm_soh
freeradius_1 | # Loading module "soh" from file
/etc/raddb/mods-enabled/soh
freeradius_1 | soh {
freeradius_1 | dhcp = yes
freeradius_1 | }
freeradius_1 | # Loaded module rlm_digest
freeradius_1 | # Loading module "digest" from file
/etc/raddb/mods-enabled/digest
freeradius_1 | # Loaded module rlm_mschap
freeradius_1 | # Loading module "mschap" from file
/etc/raddb/mods-enabled/mschap
freeradius_1 | mschap {
freeradius_1 | use_mppe = yes
freeradius_1 | require_encryption = no
freeradius_1 | require_strong = no
freeradius_1 | with_ntdomain_hack = yes
freeradius_1 | passchange {
freeradius_1 | }
freeradius_1 | allow_retry = yes
freeradius_1 | winbind_retry_with_normalised_username = no
freeradius_1 | }
freeradius_1 | # Loading module "ntlm_auth" from file
/etc/raddb/mods-enabled/ntlm_auth
freeradius_1 | exec ntlm_auth {
freeradius_1 | wait = yes
freeradius_1 | program = "/path/to/ntlm_auth --request-nt-key
--domain=MYDOMAIN --username=%{mschap:User-Name}
--password=%{User-Password}"
freeradius_1 | shell_escape = yes
freeradius_1 | }
freeradius_1 | # Loaded module rlm_unpack
freeradius_1 | # Loading module "unpack" from file
/etc/raddb/mods-enabled/unpack
freeradius_1 | # Loaded module rlm_realm
freeradius_1 | # Loading module "IPASS" from file
/etc/raddb/mods-enabled/realm
freeradius_1 | realm IPASS {
freeradius_1 | format = "prefix"
freeradius_1 | delimiter = "/"
freeradius_1 | ignore_default = no
freeradius_1 | ignore_null = no
freeradius_1 | }
freeradius_1 | # Loading module "suffix" from file
/etc/raddb/mods-enabled/realm
freeradius_1 | realm suffix {
freeradius_1 | format = "suffix"
freeradius_1 | delimiter = "@"
freeradius_1 | ignore_default = no
freeradius_1 | ignore_null = no
freeradius_1 | }
freeradius_1 | # Loading module "realmpercent" from file
/etc/raddb/mods-enabled/realm
freeradius_1 | realm realmpercent {
freeradius_1 | format = "suffix"
freeradius_1 | delimiter = "%"
freeradius_1 | ignore_default = no
freeradius_1 | ignore_null = no
freeradius_1 | }
freeradius_1 | # Loading module "ntdomain" from file
/etc/raddb/mods-enabled/realm
freeradius_1 | realm ntdomain {
freeradius_1 | format = "prefix"
freeradius_1 | delimiter = "\\"
freeradius_1 | ignore_default = no
freeradius_1 | ignore_null = no
freeradius_1 | }
freeradius_1 | # Loading module "exec" from file
/etc/raddb/mods-enabled/exec
freeradius_1 | exec {
freeradius_1 | wait = no
freeradius_1 | input_pairs = "request"
freeradius_1 | shell_escape = yes
freeradius_1 | timeout = 10
freeradius_1 | }
freeradius_1 | # Loaded module rlm_expiration
freeradius_1 | # Loading module "expiration" from file
/etc/raddb/mods-enabled/expiration
freeradius_1 | # Loaded module rlm_expr
freeradius_1 | # Loading module "expr" from file
/etc/raddb/mods-enabled/expr
freeradius_1 | expr {
freeradius_1 | safe_characters =
"@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_:
/äéöüàâæçèéêëîïôœùûüaÿÄÉÖÜßÀÂÆÇÈÉÊËÎÏÔŒÙÛÜŸ"
freeradius_1 | }
freeradius_1 | # Loaded module rlm_linelog
freeradius_1 | # Loading module "linelog" from file
/etc/raddb/mods-enabled/linelog
freeradius_1 | linelog {
freeradius_1 | filename = "/var/log/radius/linelog"
freeradius_1 | escape_filenames = no
freeradius_1 | syslog_severity = "info"
freeradius_1 | permissions = 384
freeradius_1 | format = "This is a log message for %{User-Name}"
freeradius_1 | reference = "messages.%{%{reply:Packet-Type}:-default}"
freeradius_1 | }
freeradius_1 | # Loading module "log_accounting" from file
/etc/raddb/mods-enabled/linelog
freeradius_1 | linelog log_accounting {
freeradius_1 | filename = "/var/log/radius/linelog-accounting"
freeradius_1 | escape_filenames = no
freeradius_1 | syslog_severity = "info"
freeradius_1 | permissions = 384
freeradius_1 | format = ""
freeradius_1 | reference =
"Accounting-Request.%{%{Acct-Status-Type}:-unknown}"
freeradius_1 | }
freeradius_1 | # Loading module "sradutmp" from file
/etc/raddb/mods-enabled/sradutmp
freeradius_1 | radutmp sradutmp {
freeradius_1 | filename = "/var/log/radius/sradutmp"
freeradius_1 | username = "%{User-Name}"
freeradius_1 | case_sensitive = yes
freeradius_1 | check_with_nas = yes
freeradius_1 | permissions = 420
freeradius_1 | caller_id = no
freeradius_1 | }
freeradius_1 | # Loading module "auth_log" from file
/etc/raddb/mods-enabled/detail.log
freeradius_1 | detail auth_log {
freeradius_1 | filename =
"/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d"
freeradius_1 | header = "%t"
freeradius_1 | permissions = 384
freeradius_1 | locking = no
freeradius_1 | escape_filenames = no
freeradius_1 | log_packet_header = no
freeradius_1 | }
freeradius_1 | # Loading module "reply_log" from file
/etc/raddb/mods-enabled/detail.log
freeradius_1 | detail reply_log {
freeradius_1 | filename =
"/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/reply-detail-%Y%m%d"
freeradius_1 | header = "%t"
freeradius_1 | permissions = 384
freeradius_1 | locking = no
freeradius_1 | escape_filenames = no
freeradius_1 | log_packet_header = no
freeradius_1 | }
freeradius_1 | # Loading module "pre_proxy_log" from file
/etc/raddb/mods-enabled/detail.log
freeradius_1 | detail pre_proxy_log {
freeradius_1 | filename =
"/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/pre-proxy-detail-%Y%m%d"
freeradius_1 | header = "%t"
freeradius_1 | permissions = 384
freeradius_1 | locking = no
freeradius_1 | escape_filenames = no
freeradius_1 | log_packet_header = no
freeradius_1 | }
freeradius_1 | # Loading module "post_proxy_log" from file
/etc/raddb/mods-enabled/detail.log
freeradius_1 | detail post_proxy_log {
freeradius_1 | filename =
"/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/post-proxy-detail-%Y%m%d"
freeradius_1 | header = "%t"
freeradius_1 | permissions = 384
freeradius_1 | locking = no
freeradius_1 | escape_filenames = no
freeradius_1 | log_packet_header = no
freeradius_1 | }
freeradius_1 | # Loaded module rlm_replicate
freeradius_1 | # Loading module "replicate" from file
/etc/raddb/mods-enabled/replicate
freeradius_1 | # Loaded module rlm_unix
freeradius_1 | # Loading module "unix" from file
/etc/raddb/mods-enabled/unix
freeradius_1 | unix {
freeradius_1 | radwtmp = "/var/log/radius/radwtmp"
freeradius_1 | }
freeradius_1 | Creating attribute Unix-Group
freeradius_1 | # Loaded module rlm_dynamic_clients
freeradius_1 | # Loading module "dynamic_clients" from file
/etc/raddb/mods-enabled/dynamic_clients
freeradius_1 | # Loaded module rlm_utf8
freeradius_1 | # Loading module "utf8" from file
/etc/raddb/mods-enabled/utf8
freeradius_1 | # Loaded module rlm_chap
freeradius_1 | # Loading module "chap" from file
/etc/raddb/mods-enabled/chap
freeradius_1 | # Loaded module rlm_attr_filter
freeradius_1 | # Loading module "attr_filter.post-proxy" from file
/etc/raddb/mods-enabled/attr_filter
freeradius_1 | attr_filter attr_filter.post-proxy {
freeradius_1 | filename = "/etc/raddb/mods-config/attr_filter/post-proxy"
freeradius_1 | key = "%{Realm}"
freeradius_1 | relaxed = no
freeradius_1 | }
freeradius_1 | # Loading module "attr_filter.pre-proxy" from file
/etc/raddb/mods-enabled/attr_filter
freeradius_1 | attr_filter attr_filter.pre-proxy {
freeradius_1 | filename = "/etc/raddb/mods-config/attr_filter/pre-proxy"
freeradius_1 | key = "%{Realm}"
freeradius_1 | relaxed = no
freeradius_1 | }
freeradius_1 | # Loading module "attr_filter.access_reject" from file
/etc/raddb/mods-enabled/attr_filter
freeradius_1 | attr_filter attr_filter.access_reject {
freeradius_1 | filename =
"/etc/raddb/mods-config/attr_filter/access_reject"
freeradius_1 | key = "%{User-Name}"
freeradius_1 | relaxed = no
freeradius_1 | }
freeradius_1 | # Loading module "attr_filter.access_challenge" from file
/etc/raddb/mods-enabled/attr_filter
freeradius_1 | attr_filter attr_filter.access_challenge {
freeradius_1 | filename =
"/etc/raddb/mods-config/attr_filter/access_challenge"
freeradius_1 | key = "%{User-Name}"
freeradius_1 | relaxed = no
freeradius_1 | }
freeradius_1 | # Loading module "attr_filter.accounting_response" from
file /etc/raddb/mods-enabled/attr_filter
freeradius_1 | attr_filter attr_filter.accounting_response {
freeradius_1 | filename =
"/etc/raddb/mods-config/attr_filter/accounting_response"
freeradius_1 | key = "%{User-Name}"
freeradius_1 | relaxed = no
freeradius_1 | }
freeradius_1 | # Loaded module rlm_sqlippool
freeradius_1 | # Loading module "dhcp_sqlippool" from file
/etc/raddb/mods-enabled/dhcp_sqlippool
freeradius_1 | sqlippool dhcp_sqlippool {
freeradius_1 | sql_module_instance = "tenant2"
freeradius_1 | lease_duration = 259200
freeradius_1 | pool_name = ""
freeradius_1 | default_pool = "main_pool"
freeradius_1 | allocate_begin = "START TRANSACTION"
freeradius_1 | allocate_clear = ""
freeradius_1 | allocate_find = "SELECT framedipaddress FROM
dhcp_radippool WHERE pool_name = '%{control:Pool-Name}' AND
(callingstationid = '%{Calling-Station-Id}' or callingstationid = '') ORDER
BY id LIMIT 1 FOR UPDATE"
freeradius_1 | allocate_update = "UPDATE dhcp_radippool SET nasipaddress
= '%{NAS-IP-Address}', pool_key = '%{Calling-Station-Id}', callingstationid
= '%{Calling-Station-Id}', username = '%{User-Name}' WHERE framedipaddress
= '%I'"
freeradius_1 | allocate_commit = "COMMIT"
freeradius_1 | pool_check = "SELECT id FROM dhcp_radippool WHERE
pool_name='%{control:Pool-Name}' LIMIT 1"
freeradius_1 | start_begin = "START TRANSACTION"
freeradius_1 | start_update = ""
freeradius_1 | start_commit = "COMMIT"
freeradius_1 | alive_begin = "START TRANSACTION"
freeradius_1 | alive_update = ""
freeradius_1 | alive_commit = "COMMIT"
freeradius_1 | stop_begin = "START TRANSACTION"
freeradius_1 | stop_clear = ""
freeradius_1 | stop_commit = "COMMIT"
freeradius_1 | on_begin = "START TRANSACTION"
freeradius_1 | on_clear = ""
freeradius_1 | on_commit = "COMMIT"
freeradius_1 | off_begin = "START TRANSACTION"
freeradius_1 | off_clear = ""
freeradius_1 | off_commit = "COMMIT"
freeradius_1 | messages {
freeradius_1 | }
freeradius_1 | }
freeradius_1 | # Loaded module rlm_sql
freeradius_1 | # Loading module "tenant1" from file
/etc/raddb/mods-enabled/sql_config
freeradius_1 | sql tenant1 {
freeradius_1 | driver = "rlm_sql_mysql"
freeradius_1 | server = "192.168.2.30"
freeradius_1 | port = 3306
freeradius_1 | login = "root"
freeradius_1 | password = <<< secret >>>
freeradius_1 | radius_db = "radius"
freeradius_1 | read_groups = yes
freeradius_1 | read_profiles = yes
freeradius_1 | read_clients = no
freeradius_1 | delete_stale_sessions = yes
freeradius_1 | sql_user_name = "%{User-Name}"
freeradius_1 | default_user_profile = ""
freeradius_1 | client_query = "SELECT id, nasname, shortname, type,
secret, server FROM nas"
freeradius_1 | authorize_check_query = "SELECT id, username, attribute,
value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id"
freeradius_1 | authorize_reply_query = "SELECT id, username, attribute,
value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id"
freeradius_1 | authorize_group_check_query = "SELECT id, groupname,
attribute, Value, op FROM radgroupcheck WHERE groupname =
'%{tenant1-SQL-Group}' ORDER BY id"
freeradius_1 | authorize_group_reply_query = "SELECT id, groupname,
attribute, value, op FROM radgroupreply WHERE groupname =
'%{tenant1-SQL-Group}' ORDER BY id"
freeradius_1 | group_membership_query = "SELECT groupname FROM
radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority"
freeradius_1 | simul_count_query = "SELECT COUNT(*) FROM radacct WHERE
username = '%{SQL-User-Name}' AND acctstoptime IS NULL"
freeradius_1 | simul_verify_query = "SELECT radacctid, acctsessionid,
username, nasipaddress, nasportid, framedipaddress, callingstationid,
framedprotocol FROM radacct WHERE username = '%{SQL-User-Name}' AND
acctstoptime IS NULL"
freeradius_1 | safe_characters =
"@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
freeradius_1 | accounting {
freeradius_1 | reference = "%{tolower:type.%{Acct-Status-Type}.query}"
freeradius_1 | type {
freeradius_1 | accounting-on {
freeradius_1 | query = "UPDATE radacct SET acctstoptime =
FROM_UNIXTIME(%{integer:Event-Timestamp}), acctsessiontime =
'%{integer:Event-Timestamp}' - UNIX_TIMESTAMP(acctstarttime),
acctterminatecause = '%{%{Acct-Terminate-Cause}:-NAS-Reboot}' WHERE
acctstoptime IS NULL AND nasipaddress = '%{NAS-IP-Address}' AND
acctstarttime <= FROM_UNIXTIME(%{integer:Event-Timestamp})"
freeradius_1 | }
freeradius_1 | accounting-off {
freeradius_1 | query = "UPDATE radacct SET acctstoptime =
FROM_UNIXTIME(%{integer:Event-Timestamp}), acctsessiontime =
'%{integer:Event-Timestamp}' - UNIX_TIMESTAMP(acctstarttime),
acctterminatecause = '%{%{Acct-Terminate-Cause}:-NAS-Reboot}' WHERE
acctstoptime IS NULL AND nasipaddress = '%{NAS-IP-Address}' AND
acctstarttime <= FROM_UNIXTIME(%{integer:Event-Timestamp})"
freeradius_1 | }
freeradius_1 | start {
freeradius_1 | query = "INSERT INTO radacct (acctsessionid,
acctuniqueid, username, realm, nasipaddress, nasportid, nasporttype,
acctstarttime, acctupdatetime, acctstoptime, acctsessiontime,
acctauthentic, connectinfo_start, connectinfo_stop, acctinputoctets,
acctoutputoctets, calledstationid, callingstationid, acctterminatecause,
servicetype, framedprotocol, framedipaddress, qos_profile) VALUES
('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}',
'%{Realm}', '%{NAS-IP-Address}', '%{%{NAS-Port-ID}:-%{NAS-Port}}',
'%{NAS-Port-Type}', FROM_UNIXTIME(%{integer:Event-Timestamp}),
FROM_UNIXTIME(%{integer:Event-Timestamp}), NULL, '0', '%{Acct-Authentic}',
'%{Connect-Info}', '', '0', '0', '%{Called-Station-Id}',
'%{Calling-Station-Id}', '', '%{Service-Type}', '%{Framed-Protocol}',
'%{Framed-IP-Address}', '%{HW-QOS-Profile-Name}')"
freeradius_1 | }
freeradius_1 | interim-update {
freeradius_1 | query = "UPDATE radacct SET acctupdatetime =
(@acctupdatetime_old:=acctupdatetime), acctupdatetime =
FROM_UNIXTIME(%{integer:Event-Timestamp}), acctinterval =
%{integer:Event-Timestamp} - UNIX_TIMESTAMP(@acctupdatetime_old),
framedipaddress = '%{Framed-IP-Address}', qos_profile =
'%{HW-QOS-Profile-Name}', acctsessiontime = %{%{Acct-Session-Time}:-NULL},
acctinputoctets = '%{%{Acct-Input-Gigawords}:-0}' << 32 |
'%{%{Acct-Input-Octets}:-0}', acctoutputoctets =
'%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}'
WHERE AcctUniqueId = '%{Acct-Unique-Session-Id}'"
freeradius_1 | }
freeradius_1 | stop {
freeradius_1 | query = "UPDATE radacct SET acctstoptime =
FROM_UNIXTIME(%{integer:Event-Timestamp}), acctsessiontime =
%{%{Acct-Session-Time}:-NULL}, acctinputoctets =
'%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}',
acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' << 32 |
'%{%{Acct-Output-Octets}:-0}', acctterminatecause =
'%{Acct-Terminate-Cause}', connectinfo_stop = '%{Connect-Info}' WHERE
AcctUniqueId = '%{Acct-Unique-Session-Id}'"
freeradius_1 | }
freeradius_1 | }
freeradius_1 | }
freeradius_1 | post-auth {
freeradius_1 | reference = ".query"
freeradius_1 | query = "INSERT INTO radpostauth (username, pass,
reply, authdate) VALUES ( '%{SQL-User-Name}',
'%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S')"
freeradius_1 | }
freeradius_1 | }
freeradius_1 | rlm_sql (tenant1): Driver rlm_sql_mysql (module
rlm_sql_mysql) loaded and linked
freeradius_1 | Creating attribute tenant1-SQL-Group
freeradius_1 | # Loading module "tenant2" from file
/etc/raddb/mods-enabled/sql_config
freeradius_1 | sql tenant2 {
freeradius_1 | driver = "rlm_sql_mysql"
freeradius_1 | server = "192.168.2.30"
freeradius_1 | port = 3306
freeradius_1 | login = "root"
freeradius_1 | password = <<< secret >>>
freeradius_1 | radius_db = "tenant2_radius"
freeradius_1 | read_groups = yes
freeradius_1 | read_profiles = yes
freeradius_1 | read_clients = no
freeradius_1 | delete_stale_sessions = yes
freeradius_1 | sql_user_name = "%{User-Name}"
freeradius_1 | default_user_profile = ""
freeradius_1 | client_query = "SELECT id, nasname, shortname, type,
secret, server FROM nas"
freeradius_1 | authorize_check_query = "SELECT id, username, attribute,
value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id"
freeradius_1 | authorize_reply_query = "SELECT id, username, attribute,
value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id"
freeradius_1 | authorize_group_check_query = "SELECT id, groupname,
attribute, Value, op FROM radgroupcheck WHERE groupname =
'%{tenant2-SQL-Group}' ORDER BY id"
freeradius_1 | authorize_group_reply_query = "SELECT id, groupname,
attribute, value, op FROM radgroupreply WHERE groupname =
'%{tenant2-SQL-Group}' ORDER BY id"
freeradius_1 | group_membership_query = "SELECT groupname FROM
radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority"
freeradius_1 | simul_count_query = "SELECT COUNT(*) FROM radacct WHERE
username = '%{SQL-User-Name}' AND acctstoptime IS NULL"
freeradius_1 | simul_verify_query = "SELECT radacctid, acctsessionid,
username, nasipaddress, nasportid, framedipaddress, callingstationid,
framedprotocol FROM radacct WHERE username = '%{SQL-User-Name}' AND
acctstoptime IS NULL"
freeradius_1 | safe_characters =
"@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
freeradius_1 | accounting {
freeradius_1 | reference = "%{tolower:type.%{Acct-Status-Type}.query}"
freeradius_1 | type {
freeradius_1 | accounting-on {
freeradius_1 | query = "UPDATE radacct SET acctstoptime =
FROM_UNIXTIME(%{integer:Event-Timestamp}), acctsessiontime =
'%{integer:Event-Timestamp}' - UNIX_TIMESTAMP(acctstarttime),
acctterminatecause = '%{%{Acct-Terminate-Cause}:-NAS-Reboot}' WHERE
acctstoptime IS NULL AND nasipaddress = '%{NAS-IP-Address}' AND
acctstarttime <= FROM_UNIXTIME(%{integer:Event-Timestamp})"
freeradius_1 | }
freeradius_1 | accounting-off {
freeradius_1 | query = "UPDATE radacct SET acctstoptime =
FROM_UNIXTIME(%{integer:Event-Timestamp}), acctsessiontime =
'%{integer:Event-Timestamp}' - UNIX_TIMESTAMP(acctstarttime),
acctterminatecause = '%{%{Acct-Terminate-Cause}:-NAS-Reboot}' WHERE
acctstoptime IS NULL AND nasipaddress = '%{NAS-IP-Address}' AND
acctstarttime <= FROM_UNIXTIME(%{integer:Event-Timestamp})"
freeradius_1 | }
freeradius_1 | start {
freeradius_1 | query = "INSERT INTO radacct (acctsessionid,
acctuniqueid, username, realm, nasipaddress, nasportid, nasporttype,
acctstarttime, acctupdatetime, acctstoptime, acctsessiontime,
acctauthentic, connectinfo_start, connectinfo_stop, acctinputoctets,
acctoutputoctets, calledstationid, callingstationid, acctterminatecause,
servicetype, framedprotocol, framedipaddress, qos_profile) VALUES
('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}',
'%{Realm}', '%{NAS-IP-Address}', '%{%{NAS-Port-ID}:-%{NAS-Port}}',
'%{NAS-Port-Type}', FROM_UNIXTIME(%{integer:Event-Timestamp}),
FROM_UNIXTIME(%{integer:Event-Timestamp}), NULL, '0', '%{Acct-Authentic}',
'%{Connect-Info}', '', '0', '0', '%{Called-Station-Id}',
'%{Calling-Station-Id}', '', '%{Service-Type}', '%{Framed-Protocol}',
'%{Framed-IP-Address}', '%{HW-QOS-Profile-Name}')"
freeradius_1 | }
freeradius_1 | interim-update {
freeradius_1 | query = "UPDATE radacct SET acctupdatetime =
(@acctupdatetime_old:=acctupdatetime), acctupdatetime =
FROM_UNIXTIME(%{integer:Event-Timestamp}), acctinterval =
%{integer:Event-Timestamp} - UNIX_TIMESTAMP(@acctupdatetime_old),
framedipaddress = '%{Framed-IP-Address}', qos_profile =
'%{HW-QOS-Profile-Name}', acctsessiontime = %{%{Acct-Session-Time}:-NULL},
acctinputoctets = '%{%{Acct-Input-Gigawords}:-0}' << 32 |
'%{%{Acct-Input-Octets}:-0}', acctoutputoctets =
'%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}'
WHERE AcctUniqueId = '%{Acct-Unique-Session-Id}'"
freeradius_1 | }
freeradius_1 | stop {
freeradius_1 | query = "UPDATE radacct SET acctstoptime =
FROM_UNIXTIME(%{integer:Event-Timestamp}), acctsessiontime =
%{%{Acct-Session-Time}:-NULL}, acctinputoctets =
'%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}',
acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' << 32 |
'%{%{Acct-Output-Octets}:-0}', acctterminatecause =
'%{Acct-Terminate-Cause}', connectinfo_stop = '%{Connect-Info}' WHERE
AcctUniqueId = '%{Acct-Unique-Session-Id}'"
freeradius_1 | }
freeradius_1 | }
freeradius_1 | }
freeradius_1 | post-auth {
freeradius_1 | reference = ".query"
freeradius_1 | query = "INSERT INTO radpostauth (username, pass,
reply, authdate) VALUES ( '%{SQL-User-Name}',
'%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S')"
freeradius_1 | }
freeradius_1 | }
freeradius_1 | rlm_sql (tenant2): Driver rlm_sql_mysql (module
rlm_sql_mysql) loaded and linked
freeradius_1 | Creating attribute tenant2-SQL-Group
freeradius_1 | instantiate {
freeradius_1 | # Instantiating module "tenant1" from file
/etc/raddb/mods-enabled/sql_config
freeradius_1 | rlm_sql_mysql: libmysql version: 10.3.6
freeradius_1 | mysql {
freeradius_1 | tls {
freeradius_1 | }
freeradius_1 | warnings = "auto"
freeradius_1 | }
freeradius_1 | rlm_sql (tenant1): Attempting to connect to database
"radius"
freeradius_1 | rlm_sql (tenant1): Initialising connection pool
freeradius_1 | pool {
freeradius_1 | start = 5
freeradius_1 | min = 3
freeradius_1 | max = 32
freeradius_1 | spare = 10
freeradius_1 | uses = 0
freeradius_1 | lifetime = 0
freeradius_1 | cleanup_interval = 30
freeradius_1 | idle_timeout = 60
freeradius_1 | retry_delay = 30
freeradius_1 | spread = no
freeradius_1 | }
freeradius_1 | rlm_sql (tenant1): Opening additional connection (0), 1 of
32 pending slots used
freeradius_1 | rlm_sql_mysql: Starting connect to MySQL server
freeradius_1 | rlm_sql_mysql: Connected to database 'radius' on
192.168.2.30 via TCP/IP, server version 5.7.26, protocol version 10
freeradius_1 | rlm_sql (tenant1): Opening additional connection (1), 1 of
31 pending slots used
freeradius_1 | rlm_sql_mysql: Starting connect to MySQL server
freeradius_1 | rlm_sql_mysql: Connected to database 'radius' on
192.168.2.30 via TCP/IP, server version 5.7.26, protocol version 10
freeradius_1 | rlm_sql (tenant1): Opening additional connection (2), 1 of
30 pending slots used
freeradius_1 | rlm_sql_mysql: Starting connect to MySQL server
freeradius_1 | rlm_sql_mysql: Connected to database 'radius' on
192.168.2.30 via TCP/IP, server version 5.7.26, protocol version 10
freeradius_1 | rlm_sql (tenant1): Opening additional connection (3), 1 of
29 pending slots used
freeradius_1 | rlm_sql_mysql: Starting connect to MySQL server
freeradius_1 | rlm_sql_mysql: Connected to database 'radius' on
192.168.2.30 via TCP/IP, server version 5.7.26, protocol version 10
freeradius_1 | rlm_sql (tenant1): Opening additional connection (4), 1 of
28 pending slots used
freeradius_1 | rlm_sql_mysql: Starting connect to MySQL server
freeradius_1 | rlm_sql_mysql: Connected to database 'radius' on
192.168.2.30 via TCP/IP, server version 5.7.26, protocol version 10
freeradius_1 | # Instantiating module "tenant2" from file
/etc/raddb/mods-enabled/sql_config
freeradius_1 | mysql {
freeradius_1 | tls {
freeradius_1 | }
freeradius_1 | warnings = "auto"
freeradius_1 | }
freeradius_1 | rlm_sql (tenant2): Attempting to connect to database
"tenant2_radius"
freeradius_1 | rlm_sql (tenant2): Initialising connection pool
freeradius_1 | pool {
freeradius_1 | start = 5
freeradius_1 | min = 3
freeradius_1 | max = 32
freeradius_1 | spare = 10
freeradius_1 | uses = 0
freeradius_1 | lifetime = 0
freeradius_1 | cleanup_interval = 30
freeradius_1 | idle_timeout = 60
freeradius_1 | retry_delay = 30
freeradius_1 | spread = no
freeradius_1 | }
freeradius_1 | rlm_sql (tenant2): Opening additional connection (0), 1 of
32 pending slots used
freeradius_1 | rlm_sql_mysql: Starting connect to MySQL server
freeradius_1 | rlm_sql_mysql: Connected to database 'tenant2_radius' on
192.168.2.30 via TCP/IP, server version 5.7.26, protocol version 10
freeradius_1 | rlm_sql (tenant2): Opening additional connection (1), 1 of
31 pending slots used
freeradius_1 | rlm_sql_mysql: Starting connect to MySQL server
freeradius_1 | rlm_sql_mysql: Connected to database 'tenant2_radius' on
192.168.2.30 via TCP/IP, server version 5.7.26, protocol version 10
freeradius_1 | rlm_sql (tenant2): Opening additional connection (2), 1 of
30 pending slots used
freeradius_1 | rlm_sql_mysql: Starting connect to MySQL server
freeradius_1 | rlm_sql_mysql: Connected to database 'tenant2_radius' on
192.168.2.30 via TCP/IP, server version 5.7.26, protocol version 10
freeradius_1 | rlm_sql (tenant2): Opening additional connection (3), 1 of
29 pending slots used
freeradius_1 | rlm_sql_mysql: Starting connect to MySQL server
freeradius_1 | rlm_sql_mysql: Connected to database 'tenant2_radius' on
192.168.2.30 via TCP/IP, server version 5.7.26, protocol version 10
freeradius_1 | rlm_sql (tenant2): Opening additional connection (4), 1 of
28 pending slots used
freeradius_1 | rlm_sql_mysql: Starting connect to MySQL server
freeradius_1 | rlm_sql_mysql: Connected to database 'tenant2_radius' on
192.168.2.30 via TCP/IP, server version 5.7.26, protocol version 10
freeradius_1 | }
freeradius_1 | # Instantiating module "cache_eap" from file
/etc/raddb/mods-enabled/cache_eap
freeradius_1 | rlm_cache (cache_eap): Driver rlm_cache_rbtree (module
rlm_cache_rbtree) loaded and linked
freeradius_1 | # Instantiating module "logintime" from file
/etc/raddb/mods-enabled/logintime
freeradius_1 | # Instantiating module "files" from file
/etc/raddb/mods-enabled/files
freeradius_1 | reading pairlist file /etc/raddb/mods-config/files/authorize
freeradius_1 | reading pairlist file
/etc/raddb/mods-config/files/accounting
freeradius_1 | reading pairlist file /etc/raddb/mods-config/files/pre-proxy
freeradius_1 | # Instantiating module "etc_passwd" from file
/etc/raddb/mods-enabled/passwd
freeradius_1 | rlm_passwd: nfields: 3 keyfield 0(User-Name) listable: no
freeradius_1 | # Instantiating module "detail" from file
/etc/raddb/mods-enabled/detail
freeradius_1 | # Instantiating module "preprocess" from file
/etc/raddb/mods-enabled/preprocess
freeradius_1 | reading pairlist file
/etc/raddb/mods-config/preprocess/huntgroups
freeradius_1 | reading pairlist file
/etc/raddb/mods-config/preprocess/hints
freeradius_1 | # Instantiating module "pap" from file
/etc/raddb/mods-enabled/pap
freeradius_1 | # Instantiating module "reject" from file
/etc/raddb/mods-enabled/always
freeradius_1 | # Instantiating module "fail" from file
/etc/raddb/mods-enabled/always
freeradius_1 | # Instantiating module "ok" from file
/etc/raddb/mods-enabled/always
freeradius_1 | # Instantiating module "handled" from file
/etc/raddb/mods-enabled/always
freeradius_1 | # Instantiating module "invalid" from file
/etc/raddb/mods-enabled/always
freeradius_1 | # Instantiating module "userlock" from file
/etc/raddb/mods-enabled/always
freeradius_1 | # Instantiating module "notfound" from file
/etc/raddb/mods-enabled/always
freeradius_1 | # Instantiating module "noop" from file
/etc/raddb/mods-enabled/always
freeradius_1 | # Instantiating module "updated" from file
/etc/raddb/mods-enabled/always
freeradius_1 | # Instantiating module "mschap" from file
/etc/raddb/mods-enabled/mschap
freeradius_1 | rlm_mschap (mschap): using internal authentication
freeradius_1 | # Instantiating module "IPASS" from file
/etc/raddb/mods-enabled/realm
freeradius_1 | # Instantiating module "suffix" from file
/etc/raddb/mods-enabled/realm
freeradius_1 | # Instantiating module "realmpercent" from file
/etc/raddb/mods-enabled/realm
freeradius_1 | # Instantiating module "ntdomain" from file
/etc/raddb/mods-enabled/realm
freeradius_1 | # Instantiating module "expiration" from file
/etc/raddb/mods-enabled/expiration
freeradius_1 | # Instantiating module "linelog" from file
/etc/raddb/mods-enabled/linelog
freeradius_1 | # Instantiating module "log_accounting" from file
/etc/raddb/mods-enabled/linelog
freeradius_1 | # Instantiating module "auth_log" from file
/etc/raddb/mods-enabled/detail.log
freeradius_1 | rlm_detail (auth_log): 'User-Password' suppressed, will not
appear in detail output
freeradius_1 | # Instantiating module "reply_log" from file
/etc/raddb/mods-enabled/detail.log
freeradius_1 | # Instantiating module "pre_proxy_log" from file
/etc/raddb/mods-enabled/detail.log
freeradius_1 | # Instantiating module "post_proxy_log" from file
/etc/raddb/mods-enabled/detail.log
freeradius_1 | # Instantiating module "attr_filter.post-proxy" from file
/etc/raddb/mods-enabled/attr_filter
freeradius_1 | reading pairlist file
/etc/raddb/mods-config/attr_filter/post-proxy
freeradius_1 | # Instantiating module "attr_filter.pre-proxy" from file
/etc/raddb/mods-enabled/attr_filter
freeradius_1 | reading pairlist file
/etc/raddb/mods-config/attr_filter/pre-proxy
freeradius_1 | # Instantiating module "attr_filter.access_reject" from
file /etc/raddb/mods-enabled/attr_filter
freeradius_1 | reading pairlist file
/etc/raddb/mods-config/attr_filter/access_reject
freeradius_1 | [/etc/raddb/mods-config/attr_filter/access_reject]:11 Check
item "FreeRADIUS-Response-Delay" found in filter list for realm "DEFAULT".
freeradius_1 | [/etc/raddb/mods-config/attr_filter/access_reject]:11 Check
item "FreeRADIUS-Response-Delay-USec" found in filter list for realm
"DEFAULT".
freeradius_1 | # Instantiating module "attr_filter.access_challenge"
from file /etc/raddb/mods-enabled/attr_filter
freeradius_1 | reading pairlist file
/etc/raddb/mods-config/attr_filter/access_challenge
freeradius_1 | # Instantiating module "attr_filter.accounting_response"
from file /etc/raddb/mods-enabled/attr_filter
freeradius_1 | reading pairlist file
/etc/raddb/mods-config/attr_filter/accounting_response
freeradius_1 | # Instantiating module "dhcp_sqlippool" from file
/etc/raddb/mods-enabled/dhcp_sqlippool
freeradius_1 | } # modules
freeradius_1 | radiusd: #### Loading Virtual Servers ####
freeradius_1 | server { # from file /etc/raddb/radiusd.conf
freeradius_1 | } # server
freeradius_1 | server inner-tunnel { # from file
/etc/raddb/sites-enabled/inner-tunnel
freeradius_1 | # Loading authenticate {...}
freeradius_1 | # Loading authorize {...}
freeradius_1 | Ignoring "sql" (see raddb/mods-available/README.rst)
freeradius_1 | Ignoring "ldap" (see raddb/mods-available/README.rst)
freeradius_1 | # Loading session {...}
freeradius_1 | # Loading post-auth {...}
freeradius_1 | # Skipping contents of 'if' as it is always 'false' --
/etc/raddb/sites-enabled/inner-tunnel:331
freeradius_1 | } # server inner-tunnel
freeradius_1 | server default { # from file
/etc/raddb/sites-enabled/main_config
freeradius_1 | # Loading authorize {...}
freeradius_1 | # Loading preacct {...}
freeradius_1 | # Loading post-auth {...}
freeradius_1 | } # server default
freeradius_1 | server tenant1 { # from file
/etc/raddb/sites-enabled/main_config
freeradius_1 | # Loading authenticate {...}
freeradius_1 | # Loading authorize {...}
freeradius_1 | /etc/raddb/sites-enabled/main_config[50]: Failed to find
"${..sql_instance_name}" as a module or policy.
freeradius_1 | /etc/raddb/sites-enabled/main_config[50]: Please verify
that the configuration exists in
/etc/raddb/mods-enabled/${..sql_instance_name}.
freeradius_1 | /etc/raddb/sites-enabled/main_config[48]: Errors parsing
authorize section.
Seems like variable is not able to expand in the authorize section. If i
dont use variable reference in authorize section and not use nested
variable reference for *sql_db* then all is working fine.
Could someone please point me in the right direction as to how i can use
nested variable reference and variable expansion under authorize section of
virtual server?
Thank you in advance
Kind Regards
Nitin Sidhu
More information about the Freeradius-Users
mailing list