OpenDirectory Authentication memory corruption
Carsten Kirschner
carsten.kirschner at corussoft.de
Mon May 25 12:36:44 CEST 2020
Hello, i wrote on 15.01.2020 17:50 about our Freeradius problems, now we tested it anew with a new version of Freeradius (3.0.21).
And i have the strong suspicion that the opendirectory module has a memory coruption bug. It would explain why some Auths woks, and others print in the shortUserName debug print some garbage. And i hat also a segmentation Fault of freeradius in debug mode and multiple other occurences in the system log:
May 25 08:54:00 server com.apple.xpc.launchd[1] (org.freeradius.radiusd[54628]): Service exited due to SIGSEGV | sent by exc handler[54628]
May 25 08:54:05 server com.apple.xpc.launchd[1] (org.freeradius.radiusd[61018]): Service exited due to SIGSEGV | sent by exc handler[61018]
May 25 08:54:05 server com.apple.xpc.launchd[1] (org.freeradius.radiusd): Service only ran for 5 seconds. Pushing respawn out by 5 seconds.
May 25 08:54:19 server com.apple.xpc.launchd[1] (org.freeradius.radiusd[61021]): Service exited due to SIGSEGV | sent by exc handler[61021]
May 25 08:54:19 server com.apple.xpc.launchd[1] (org.freeradius.radiusd): Service only ran for 9 seconds. Pushing respawn out by 1 seconds.
and more ...
At the end is an example Crashreport, all crash reports Crash at getUserNodeRef in rlm_mschap.dylib.
And after that a full radiusd -X output.
Kind regards,
Carsten Kirschner
Request Examples:
(6) mschap: WARNING: No Cleartext-Password configured. Cannot create NT-Password
(6) mschap: No NT-Password configured. Trying OpenDirectory Authentication
(6) mschap: OD username_string = CKirschner, OD shortUserName=CKirschner (length = 10)
(6) mschap: Stepbuf server challenge :
ffffffc0ffffff92ffffff96234b56ffffffd8ffffffbc6b67ffffffa7ffffffdbffffff88ffffffbe4777
(6) mschap: Stepbuf peer challenge :
1709083c13ffffffba6affffffe366ffffff86ffffffc9ffffff8d36ffffffdafffffff8fffffff0
(6) mschap: Stepbuf p24 :
ffffffe5ffffffde0f14100cffffffd37847fffffff1727f031e1e09fffffff3395723ffffff90ffffffb873ffffffca
(6) mschap: dsDoDirNodeAuth returns stepbuff: S=FA1D3E965B2187EA23BECF6655F1289024D6998B???? (len=40)
(6) eap_mschapv2: [mschap] = ok
(6) eap_mschapv2: } # authenticate = ok
(6) eap_mschapv2: MSCHAP Success
(14) mschap: WARNING: No Cleartext-Password configured. Cannot create NT-Password
(14) mschap: No NT-Password configured. Trying OpenDirectory Authentication
(14) mschap: OD username_string = CKirschner, OD shortUserName=CKirschnerYn?? (length = 14)
(14) mschap: Stepbuf server challenge :
fffffff9ffffffe942ffffffc4ffffff8c04ffffffc7ffffffb16cffffffb7ffffffadfffffff118ffffffa123ffffffad
(14) mschap: Stepbuf peer challenge :
ffffffbbffffffb16111ffffffba4620ffffffe6ffffff8162ffffff891119ffffffa63d16
(14) mschap: Stepbuf p24 :
ffffff9f53ffffffebffffffb8ffffff857a6affffffb7ffffffdd03ffffff927e65ffffffc1ffffff82ffffff8d13ffffff8cffffffebffffffb158ffffffa44affffffc1
(14) mschap: ERROR: rlm_mschap: authentication failed - status = eUndefinedError
(14) eap_mschapv2: [mschap] = reject
(14) eap_mschapv2: } # authenticate = reject
(21) mschap: WARNING: No Cleartext-Password configured. Cannot create NT-Password
(21) mschap: No NT-Password configured. Trying OpenDirectory Authentication
(21) mschap: OD username_string = CKirschner, OD shortUserName=CKirschnerMn?? (length = 14)
(21) mschap: Stepbuf server challenge :
ffffffc02573ffffffdeffffffe9686fffffff9131ffffffddffffffd377ffffffb5ffffff9f48ffffffb9
(21) mschap: Stepbuf peer challenge :
2742ffffff8a6c3d695effffffa6553f423b3b1a0558
(21) mschap: Stepbuf p24 :
ffffffab6fffffffd00bffffffb0ffffff8cffffff85ffffff88014f1cffffffa8605cffffffb707ffffff8bffffff80282b3bffffffc15c74
(21) mschap: ERROR: rlm_mschap: authentication failed - status = eUndefinedError
(21) eap_mschapv2: [mschap] = reject
(21) eap_mschapv2: } # authenticate = reject
(28) mschap: WARNING: No Cleartext-Password configured. Cannot create NT-Password
(28) mschap: No NT-Password configured. Trying OpenDirectory Authentication
(28) mschap: OD username_string = IRosenfeld, OD shortUserName=IRosenfeld (length = 10)
(28) mschap: Stepbuf server challenge :
ffffffea53157e49ffffffb7ffffffa75effffffbbffffffde0f532f7d6b3f
(28) mschap: Stepbuf peer challenge :
ffffff9054ffffff9fffffff99ffffffa6ffffff966f38ffffffaaffffffb9ffffffb2713f3bffffff9efffffff9
(28) mschap: Stepbuf p24 :
ffffffa9624dffffffeb1072ffffffd1340e3e7c59ffffffc5ffffffebffffffadffffffbd0bfffffff4ffffffe81f20ffffffb859ffffff89
(28) mschap: dsDoDirNodeAuth returns stepbuff: S=56A259C71E123194964ED672DD28A11A17A10CF0???? (len=40)
(28) eap_mschapv2: [mschap] = ok
(28) eap_mschapv2: } # authenticate = ok
(28) eap_mschapv2: MSCHAP Success
(36) mschap: WARNING: No Cleartext-Password configured. Cannot create NT-Password
(36) mschap: No NT-Password configured. Trying OpenDirectory Authentication
(36) mschap: OD username_string = IRosenfeld, OD shortUserName=IRosenfeld (length = 10)
(36) mschap: Stepbuf server challenge :
5bfffffffa0bffffffa517354e66175affffffb4ffffffd2ffffffe811fffffff077
(36) mschap: Stepbuf peer challenge :
fffffff42968ffffffcaffffffd1ffffffc95e797b24ffffffb67649ffffffe7112e
(36) mschap: Stepbuf p24 :
ffffffbc38ffffffc1ffffff8bffffff92fffffff209ffffffe8740bffffff84ffffff80ffffffb1ffffffb0ffffffa6ffffffd23dfffffff8ffffffc2ffffffb35affffffdaffffffcaffffffb7
(36) mschap: dsDoDirNodeAuth returns stepbuff: S=CF27A062D3329B16C38D19C07477BC316A5B04EA???? (len=40)
(36) eap_mschapv2: [mschap] = ok
(36) eap_mschapv2: } # authenticate = ok
(36) eap_mschapv2: MSCHAP Success
(44) mschap: WARNING: No Cleartext-Password configured. Cannot create NT-Password
(44) mschap: No NT-Password configured. Trying OpenDirectory Authentication
(44) mschap: OD username_string = IRosenfeld, OD shortUserName=IRosenfelde (length = 11)
(44) mschap: Stepbuf server challenge :
fffffff5ffffffa9fffffffc4dffffffb8ffffff9fffffffd370ffffffdaffffffcb2fffffffae3dffffffa828ffffff94
(44) mschap: Stepbuf peer challenge :
ffffff814dffffffdc1b291d68ffffffef065968ffffffe319ffffffb051ffffffc6
(44) mschap: Stepbuf p24 :
ffffffb205ffffffac7fffffffa421ffffffffffffff8a1f5cffffff844d35ffffffeaffffff92ffffffa7584a5f77fffffff4fffffff2ffffff925d
(44) mschap: ERROR: rlm_mschap: authentication failed - status = eDSRecordNotFound
(44) eap_mschapv2: [mschap] = reject
(44) eap_mschapv2: } # authenticate = reject
(51) mschap: WARNING: No Cleartext-Password configured. Cannot create NT-Password
(51) mschap: No NT-Password configured. Trying OpenDirectory Authentication
Segmentation fault: 11
Example Crashreports, all crash reports Crash at getUserNodeRef in rlm_mschap.dylib
:
sh-3.2# cat /Library/Logs/DiagnosticReports/radiusd_2020-05-19-091930_Server.crash
Process: radiusd [35334]
Path: /usr/local/sbin/radiusd
Identifier: radiusd
Version: 0
Code Type: X86-64 (Native)
Parent Process: launchd [1]
Responsible: radiusd [35334]
User ID: 0
Date/Time: 2020-05-19 09:19:29.903 +0200
OS Version: Mac OS X 10.15.4 (19E287)
Report Version: 12
Anonymous UUID: 7B24091D-94A5-69D8-3216-7C8D93854234
Time Awake Since Boot: 670000 seconds
System Integrity Protection: enabled
Crashed Thread: 0 Dispatch queue: com.apple.main-thread
Exception Type: EXC_BAD_ACCESS (SIGSEGV)
Exception Codes: KERN_INVALID_ADDRESS at 0x000000e800000000
Exception Note: EXC_CORPSE_NOTIFY
Termination Signal: Segmentation fault: 11
Termination Reason: Namespace SIGNAL, Code 0xb
Terminating Process: exc handler [35334]
VM Regions Near 0xe800000000:
__LINKEDIT 0000000112a9b000-0000000112ad3000 [ 224K] r--/r-- SM=COW /usr/lib/dyld
-->
STACK GUARD 000070000a3e3000-000070000a3e4000 [ 4K] ---/rwx SM=NUL stack guard for thread 1
Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0 rlm_mschap.dylib 0x00000001095d0687 getUserNodeRef + 1463
1 rlm_mschap.dylib 0x00000001095cf6c7 od_mschap_auth + 423
2 rlm_mschap.dylib 0x00000001095ca5ec mod_authenticate + 4732
3 radiusd 0x0000000109099ee5 call_modsingle + 357
4 radiusd 0x00000001090933ee modcall_recurse + 1406
5 radiusd 0x000000010909a0b7 modcall_child + 183
6 radiusd 0x0000000109093f4b modcall_recurse + 4315
7 radiusd 0x0000000109092e14 modcall + 180
8 radiusd 0x000000010908f5f6 indexed_modcall + 854
9 radiusd 0x0000000109091cdf process_authenticate + 31
10 rlm_eap_mschapv2.dylib 0x000000010963d6dc mod_process + 3132
11 rlm_eap.dylib 0x000000010953fabf eap_module_call + 319
12 rlm_eap.dylib 0x000000010953f917 eap_method_select + 1111
13 rlm_eap.dylib 0x000000010953de07 mod_authenticate + 327
14 radiusd 0x0000000109099ee5 call_modsingle + 357
15 radiusd 0x00000001090933ee modcall_recurse + 1406
16 radiusd 0x000000010909a0b7 modcall_child + 183
17 radiusd 0x0000000109093f4b modcall_recurse + 4315
18 radiusd 0x0000000109092e14 modcall + 180
19 radiusd 0x000000010908f5f6 indexed_modcall + 854
20 radiusd 0x0000000109091cdf process_authenticate + 31
21 radiusd 0x0000000109076185 rad_check_password + 853
22 radiusd 0x000000010907589c rad_authenticate + 1500
23 radiusd 0x000000010907673f rad_virtual_server + 1327
24 rlm_eap_ttls.dylib 0x0000000109626603 eapttls_process + 2755
25 rlm_eap_ttls.dylib 0x00000001096259a4 mod_process + 1012
26 rlm_eap.dylib 0x000000010953fabf eap_module_call + 319
27 rlm_eap.dylib 0x000000010953f917 eap_method_select + 1111
28 rlm_eap.dylib 0x000000010953de07 mod_authenticate + 327
29 radiusd 0x0000000109099ee5 call_modsingle + 357
30 radiusd 0x00000001090933ee modcall_recurse + 1406
31 radiusd 0x000000010909a0b7 modcall_child + 183
32 radiusd 0x0000000109093f4b modcall_recurse + 4315
33 radiusd 0x0000000109092e14 modcall + 180
34 radiusd 0x000000010908f5f6 indexed_modcall + 854
35 radiusd 0x0000000109091cdf process_authenticate + 31
36 radiusd 0x0000000109076185 rad_check_password + 853
37 radiusd 0x000000010907589c rad_authenticate + 1500
38 radiusd 0x00000001090a9d95 request_running + 357
39 radiusd 0x00000001090a9bff request_queue_or_run + 383
40 radiusd 0x00000001090a8d0a request_receive + 2106
41 radiusd 0x0000000109088c51 auth_socket_recv + 1425
42 radiusd 0x00000001090b502d event_socket_handler + 285
43 libfreeradius-radius.dylib 0x0000000109199fd5 fr_event_loop + 805
44 radiusd 0x00000001090ac54e radius_event_process + 46
45 radiusd 0x000000010909c674 main + 3396
46 libdyld.dylib 0x00007fff671becc9 start + 1
Thread 1:
0 libsystem_pthread.dylib 0x00007fff673beb68 start_wqthread + 0
Thread 2:
0 libsystem_pthread.dylib 0x00007fff673beb68 start_wqthread + 0
Thread 3:
0 libsystem_pthread.dylib 0x00007fff673beb68 start_wqthread + 0
Thread 0 crashed with X86 Thread State (64-bit):
rax: 0x00007f886a805160 rbx: 0x0000000000000000 rcx: 0x000000e800000000 rdx: 0x0000000000000006
rdi: 0x00007f886a805160 rsi: 0x00007f886a80533c rbp: 0x00007ffee6b86dc0 rsp: 0x00007ffee6b86cb0
r8: 0x0000000000000006 r9: 0x000000000000010f r10: 0x00000000ffff81ff r11: 0xfffffffffffffe24
r12: 0x0000000000000000 r13: 0x0000000000000000 r14: 0x0000000000000000 r15: 0x0000000000000000
rip: 0x00000001095d0687 rfl: 0x0000000000010246 cr2: 0x000000e800000000
Logical CPU: 0
Error Code: 0x00000006 (no mapping for user data write)
Trap Number: 14
Binary Images:
0x109073000 - 0x1090e5ff3 +radiusd (0) <0FA0DC9F-22C6-327D-BB46-4C5B3A05F02C> /usr/local/sbin/radiusd
0x109115000 - 0x10914cfff +libfreeradius-server.dylib (0) <D62BB0D8-EF8C-304F-A7E3-C5F5D63F654B> /usr/local/lib/libfreeradius-server.dylib
0x109164000 - 0x1091a6fff +libfreeradius-radius.dylib (0) <7DAF7764-412F-3C40-86D8-5AE20EB26D96> /usr/local/lib/libfreeradius-radius.dylib
0x1091c7000 - 0x1091d1fff +libfreeradius-eap.dylib (0) <949B6C66-CA7F-31DA-B74C-878693F538A2> /usr/local/lib/libfreeradius-eap.dylib
0x1091db000 - 0x1093a72e3 +libcrypto.1.1.dylib (0) <1A6E39CC-8016-3637-8BE9-2E7EDD8865A1> /usr/local/lib/libcrypto.1.1.dylib
0x10943f000 - 0x10949cffb +libssl.1.1.dylib (0) <D8F84717-3D85-3C62-836C-E4707FA90D0B> /usr/local/lib/libssl.1.1.dylib
0x1094c6000 - 0x1094cdffb +libtalloc.2.3.1.dylib (0) <C80C1AD3-F5C9-30BB-B278-5D49C786E69E> /usr/local/lib/libtalloc.2.3.1.dylib
0x109536000 - 0x109538fff +rlm_detail.dylib (0) <246A5BA0-3E71-3DED-BDCD-ECAC12327504> /usr/local/lib/rlm_detail.dylib
0x10953d000 - 0x109545ff3 +rlm_eap.dylib (0) <6FBC1EED-ABF0-3C86-B463-E20AD4A0B760> /usr/local/lib/rlm_eap.dylib
0x10954c000 - 0x10954dfff +rlm_exec.dylib (0) <69CC0A1A-9F5E-355C-BB0D-59C085109B7B> /usr/local/lib/rlm_exec.dylib
0x109552000 - 0x109552fff +rlm_utf8.dylib (0) <A905087F-8447-35A5-B98A-29B35AC3A4AD> /usr/local/lib/rlm_utf8.dylib
0x109556000 - 0x109556fff +rlm_always.dylib (0) <662CE0C6-9332-3338-B06B-DF042194CC21> /usr/local/lib/rlm_always.dylib
0x10955a000 - 0x10955cfff +rlm_digest.dylib (0) <2E035966-CC52-3731-9A8B-3369DABAA037> /usr/local/lib/rlm_digest.dylib
0x109560000 - 0x109560fff +rlm_date.dylib (0) <EC139A21-5BB4-3D00-AF4B-181F2CE22F6F> /usr/local/lib/rlm_date.dylib
0x109564000 - 0x109566fff +rlm_preprocess.dylib (0) <88566A67-16A1-3A80-9523-61045BE5F732> /usr/local/lib/rlm_preprocess.dylib
0x10956b000 - 0x10956fffb +rlm_pap.dylib (0) <AE675564-C63E-3385-9621-CE876A77AAA5> /usr/local/lib/rlm_pap.dylib
0x109574000 - 0x10957aff3 +rlm_expr.dylib (0) <A639DF57-1985-3A0F-AB3A-AEC7CA4C37E2> /usr/local/lib/rlm_expr.dylib
0x109581000 - 0x109583fff +rlm_radutmp.dylib (0) <F83E339C-F77E-3E38-9945-2B58BC3E7F78> /usr/local/lib/rlm_radutmp.dylib
0x109588000 - 0x109589fff +rlm_linelog.dylib (0) <225A2F7B-E025-3BFC-B909-CF1E19F2E118> /usr/local/lib/rlm_linelog.dylib
0x10958e000 - 0x10958fffb +rlm_unix.dylib (0) <6C7E3E6C-FBBF-3E17-A8A3-A9F65E7FA148> /usr/local/lib/rlm_unix.dylib
0x109594000 - 0x109595ff3 +rlm_attr_filter.dylib (0) <6AB0AC26-2977-3AB2-8900-80B1FB766446> /usr/local/lib/rlm_attr_filter.dylib
0x10959a000 - 0x10959cff3 +rlm_files.dylib (0) <93DE4983-CC8C-3970-A03B-363B9D672158> /usr/local/lib/rlm_files.dylib
0x1095a1000 - 0x1095a2ffb +rlm_replicate.dylib (0) <026525EE-D909-3D0B-9536-3E27C5B9C483> /usr/local/lib/rlm_replicate.dylib
0x1095a6000 - 0x1095a7ff7 +rlm_chap.dylib (0) <E222B3DE-495E-3602-B484-3328551C3EAF> /usr/local/lib/rlm_chap.dylib
0x1095ab000 - 0x1095acff7 +rlm_unpack.dylib (0) <1482E97E-9075-3566-A6DA-12585440876B> /usr/local/lib/rlm_unpack.dylib
0x1095b0000 - 0x1095b2ff3 +rlm_logintime.dylib (0) <298DF225-3B2D-3F8D-8F6A-EBAD1EE1D2CC> /usr/local/lib/rlm_logintime.dylib
0x1095b7000 - 0x1095b7ff7 +rlm_expiration.dylib (0) <D084B881-CDC1-3772-8EBE-E2C932A02282> /usr/local/lib/rlm_expiration.dylib
0x1095bb000 - 0x1095beff7 +rlm_cache.dylib (0) <1EBEE1DA-185C-3500-9F4D-B38659174941> /usr/local/lib/rlm_cache.dylib
0x1095c3000 - 0x1095c4ff7 +rlm_soh.dylib (0) <BA1841CF-3982-343E-A975-C7C350DF6874> /usr/local/lib/rlm_soh.dylib
0x1095c8000 - 0x1095d3fff +rlm_mschap.dylib (0) <F62ACA8F-3BB0-3932-A158-210CCD0B8F07> /usr/local/lib/rlm_mschap.dylib
0x1095da000 - 0x1095daff3 +rlm_dynamic_clients.dylib (0) <F4634476-CBE4-33D1-9579-29FB02278A33> /usr/local/lib/rlm_dynamic_clients.dylib
0x1095de000 - 0x1095e0fff +rlm_passwd.dylib (0) <9188D7BE-35B2-373D-8A4C-9B305FFC098B> /usr/local/lib/rlm_passwd.dylib
0x1095e5000 - 0x1095e7ff7 +rlm_realm.dylib (0) <B7BB88C3-EF14-3A46-9C29-145FFBB7E0EF> /usr/local/lib/rlm_realm.dylib
0x1095eb000 - 0x1095edff3 +rlm_opendirectory.dylib (0) <3AA71310-4F21-329D-87DC-5C9A6A20D943> /usr/local/lib/rlm_opendirectory.dylib
0x1095f2000 - 0x1095faff3 +rlm_sql.dylib (0) <3B72D87B-6821-36B0-AFCB-99EEEC78517F> /usr/local/lib/rlm_sql.dylib
0x109601000 - 0x109604fff +rlm_sql_sqlite.dylib (0) <EC984C10-53F2-3843-A13C-A600E96451A4> /usr/local/lib/rlm_sql_sqlite.dylib
0x109609000 - 0x10960affb +rlm_eap_md5.dylib (0) <F4B40CF6-17D3-364D-8E6A-B4C3DD2AE0B0> /usr/local/lib/rlm_eap_md5.dylib
0x10960f000 - 0x109613ffb +rlm_eap_leap.dylib (0) <9936B58F-C00E-35DA-B61F-363846CA8AB7> /usr/local/lib/rlm_eap_leap.dylib
0x109619000 - 0x10961aff7 +rlm_eap_gtc.dylib (0) <F9E3BD22-9FB4-3CE1-83D7-1C69C0B709CF> /usr/local/lib/rlm_eap_gtc.dylib
0x10961e000 - 0x10961fff7 +rlm_eap_tls.dylib (0) <F180BC76-4143-31A9-9EC5-C7C0D7B2444B> /usr/local/lib/rlm_eap_tls.dylib
0x109624000 - 0x10962afff +rlm_eap_ttls.dylib (0) <9063D507-143D-3DC7-A755-BDCB2387CB6F> /usr/local/lib/rlm_eap_ttls.dylib
0x109630000 - 0x109636ff7 +rlm_eap_peap.dylib (0) <6513E754-D025-3667-A70C-E852660DEDEC> /usr/local/lib/rlm_eap_peap.dylib
0x10963c000 - 0x10963efff +rlm_eap_mschapv2.dylib (0) <4DCA761E-A3BE-3639-A3BE-850B80C940E4> /usr/local/lib/rlm_eap_mschapv2.dylib
0x109643000 - 0x109644ff3 +rlm_cache_rbtree.dylib (0) <C614EDD6-91F1-3897-82A7-708ECAE481F2> /usr/local/lib/rlm_cache_rbtree.dylib
0x1129ce000 - 0x112a5feff dyld (750.5) <1F893B81-89A5-3502-8510-95B97B9F730D> /usr/lib/dyld
0x7fff29021000 - 0x7fff29021fff com.apple.Accelerate (1.11 - Accelerate 1.11) <8BE0965F-6A6A-35B0-89D0-F0A75835C2CA> /System/Library/Frameworks/Accelerate.framework/Versions/A/Accelerate
0x7fff29039000 - 0x7fff2968ffef com.apple.vImage (8.1 - 524.2) <DAE0E5C5-BA70-325D-8B4C-6B821F009CBF> /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vImage.framework/Versions/A/vImage
0x7fff29690000 - 0x7fff298f7ff7 libBLAS.dylib (1303.60.1) <4E980D6B-4B3A-33D6-B52C-AFC7D120D11A> /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libBLAS.dylib
0x7fff298f8000 - 0x7fff29dcbfef libBNNS.dylib (144.100.2) <C05F9F9D-4498-37BD-9C1C-2F7B920B401D> /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libBNNS.dylib
0x7fff29dcc000 - 0x7fff2a167fff libLAPACK.dylib (1303.60.1) <F8E9D081-7C60-32EC-A47D-2D30CAD73C5F> /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libLAPACK.dylib
0x7fff2a168000 - 0x7fff2a17dfec libLinearAlgebra.dylib (1303.60.1) <79CB28C5-F811-3EAF-AD8E-7D7D879FE662> /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libLinearAlgebra.dylib
0x7fff2a17e000 - 0x7fff2a183ff3 libQuadrature.dylib (7) <EB7C9E98-D1E7-314C-90B4-3EB04428CC7C> /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libQuadrature.dylib
0x7fff2a184000 - 0x7fff2a1f4fff libSparse.dylib (103) <8C55F5F2-6AE3-393C-B2FF-22B8CFCBD7FC> /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libSparse.dylib
0x7fff2a1f5000 - 0x7fff2a207fef libSparseBLAS.dylib (1303.60.1) <08F6D629-5DAC-3A99-B261-2B6095DD38B4> /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libSparseBLAS.dylib
0x7fff2a208000 - 0x7fff2a3dffd7 libvDSP.dylib (735.100.4) <0744F29B-F822-3571-9B4A-B592146D4E03> /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libvDSP.dylib
0x7fff2a3e0000 - 0x7fff2a4a2fef libvMisc.dylib (735.100.4) <E6C94B52-931B-3858-AF4D-C2EA52ACB7F5> /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libvMisc.dylib
0x7fff2a4a3000 - 0x7fff2a4a3fff com.apple.Accelerate.vecLib (3.11 - vecLib 3.11) <66282197-81EE-316F-978E-EF1471551DEF> /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/vecLib
0x7fff2bc04000 - 0x7fff2bf92ffd com.apple.CFNetwork (1125.2 - 1125.2) <1D4D81F7-FC48-3588-87FC-481E2586E345> /System/Library/Frameworks/CFNetwork.framework/Versions/A/CFNetwork
0x7fff2d38d000 - 0x7fff2d80cffb com.apple.CoreFoundation (6.9 - 1675.129) <9E632A1E-9622-33D6-BCCE-23AC16DAA6B7> /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation
0x7fff2e775000 - 0x7fff2e775fff com.apple.CoreServices (1069.22 - 1069.22) <888FE7B9-CE6C-3C7C-BA33-63364462228A> /System/Library/Frameworks/CoreServices.framework/Versions/A/CoreServices
0x7fff2e776000 - 0x7fff2e7fbfff com.apple.AE (838.1 - 838.1) <2BAB1B88-C198-3D20-8DA3-056E66510E7A> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/AE.framework/Versions/A/AE
0x7fff2e7fc000 - 0x7fff2eaddff7 com.apple.CoreServices.CarbonCore (1217 - 1217) <D0FECC17-7E16-308F-98EA-AF311CB77FE6> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/CarbonCore.framework/Versions/A/CarbonCore
0x7fff2eade000 - 0x7fff2eb2bffd com.apple.DictionaryServices (1.2 - 323.6) <11513ED9-8B4B-39BB-A6B2-AA6AA0A2DF72> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/DictionaryServices.framework/Versions/A/DictionaryServices
0x7fff2eb2c000 - 0x7fff2eb34ff7 com.apple.CoreServices.FSEvents (1268.100.1 - 1268.100.1) <CE3D8B13-2583-3527-8532-D5DDAAD7D56B> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/FSEvents.framework/Versions/A/FSEvents
0x7fff2eb35000 - 0x7fff2ed6effc com.apple.LaunchServices (1069.22 - 1069.22) <E51EE658-608C-3034-9635-4FDF1E241E62> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/LaunchServices.framework/Versions/A/LaunchServices
0x7fff2ed6f000 - 0x7fff2ee07ff1 com.apple.Metadata (10.7.0 - 2076.3) <EE42CCA1-FEC2-3F1C-9B62-2E73EFB05FCC> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/Metadata.framework/Versions/A/Metadata
0x7fff2ee08000 - 0x7fff2ee35fff com.apple.CoreServices.OSServices (1069.22 - 1069.22) <A0654B4E-3194-3066-911F-FF1FBEE1D2C2> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/OSServices.framework/Versions/A/OSServices
0x7fff2ee36000 - 0x7fff2ee9dfff com.apple.SearchKit (1.4.1 - 1.4.1) <D4F82BC9-FD9B-3E04-B78E-D9E2A73B0BD7> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/SearchKit.framework/Versions/A/SearchKit
0x7fff2ee9e000 - 0x7fff2eec2ff5 com.apple.coreservices.SharedFileList (131.4 - 131.4) <AEB4E42C-F5A2-3F63-80B0-4226483AD4F5> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/SharedFileList.framework/Versions/A/SharedFileList
0x7fff2f62d000 - 0x7fff2f638ff7 com.apple.DirectoryService.Framework (10.15 - 220.40.1) <A2504DEB-2C9D-3F87-90FF-70104421DAF7> /System/Library/Frameworks/DirectoryService.framework/Versions/A/DirectoryService
0x7fff2f708000 - 0x7fff2f70efff com.apple.DiskArbitration (2.7 - 2.7) <D7617B57-B01C-3848-8818-593FB12039E9> /System/Library/Frameworks/DiskArbitration.framework/Versions/A/DiskArbitration
0x7fff2fa43000 - 0x7fff2fe08ff8 com.apple.Foundation (6.9 - 1675.129) <9A74FA97-7F7B-3929-B381-D9514B1E4754> /System/Library/Frameworks/Foundation.framework/Versions/C/Foundation
0x7fff3017c000 - 0x7fff30220ff3 com.apple.framework.IOKit (2.0.2 - 1726.100.16) <3D8BA34A-AAF7-3AF2-9B5B-189AC4755404> /System/Library/Frameworks/IOKit.framework/Versions/A/IOKit
0x7fff33d1f000 - 0x7fff33d2bffe com.apple.NetFS (6.0 - 4.0) <7A96A8FE-17F3-3850-8E81-9DDDC5A48DDB> /System/Library/Frameworks/NetFS.framework/Versions/A/NetFS
0x7fff3690d000 - 0x7fff36929fff com.apple.CFOpenDirectory (10.15 - 220.40.1) <58835104-9E7A-32E8-862B-530CE899C9B4> /System/Library/Frameworks/OpenDirectory.framework/Versions/A/Frameworks/CFOpenDirectory.framework/Versions/A/CFOpenDirectory
0x7fff3692a000 - 0x7fff36935ffd com.apple.OpenDirectory (10.15 - 220.40.1) <D846BA35-59A1-3B78-B1C8-7E0EDE972AD2> /System/Library/Frameworks/OpenDirectory.framework/Versions/A/OpenDirectory
0x7fff39ccf000 - 0x7fff3a018ff1 com.apple.security (7.0 - 59306.101.1) <430E04FE-F068-3476-9CA2-72CB5F040D1F> /System/Library/Frameworks/Security.framework/Versions/A/Security
0x7fff3a019000 - 0x7fff3a0a1ffb com.apple.securityfoundation (6.0 - 55236.60.1) <BC15B825-955D-33CF-B416-A64D69A1D008> /System/Library/Frameworks/SecurityFoundation.framework/Versions/A/SecurityFoundation
0x7fff3a0d0000 - 0x7fff3a0d4ff8 com.apple.xpc.ServiceManagement (1.0 - 1) <C66FC9CF-224B-348C-94A5-ABAC579F5C0A> /System/Library/Frameworks/ServiceManagement.framework/Versions/A/ServiceManagement
0x7fff3ad7f000 - 0x7fff3adedff7 com.apple.SystemConfiguration (1.19 - 1.19) <71AC15DE-7018-3D2B-B599-F2972F0288AE> /System/Library/Frameworks/SystemConfiguration.framework/Versions/A/SystemConfiguration
0x7fff3ed4a000 - 0x7fff3ee0fff7 com.apple.APFS (1412.101.1 - 1412.101.1) <2F5A48FB-9788-3A24-87FE-C1B7DDBC8A07> /System/Library/PrivateFrameworks/APFS.framework/Versions/A/APFS
0x7fff40b11000 - 0x7fff40b20fd7 com.apple.AppleFSCompression (119.100.1 - 1.0) <E1B024EB-DAB1-30A1-A43D-01D9E9357F2B> /System/Library/PrivateFrameworks/AppleFSCompression.framework/Versions/A/AppleFSCompression
0x7fff422df000 - 0x7fff422e8ff7 com.apple.coreservices.BackgroundTaskManagement (1.0 - 104) <2088BC70-5329-3390-A851-C4ECF654047C> /System/Library/PrivateFrameworks/BackgroundTaskManagement.framework/Versions/A/BackgroundTaskManagement
0x7fff4509e000 - 0x7fff450aeff3 com.apple.CoreEmoji (1.0 - 107) <AC83B860-61BD-384E-81BF-CA3CBE655968> /System/Library/PrivateFrameworks/CoreEmoji.framework/Versions/A/CoreEmoji
0x7fff456ee000 - 0x7fff45758ff0 com.apple.CoreNLP (1.0 - 213) <687A4C31-A307-3255-83BE-9B123971FF62> /System/Library/PrivateFrameworks/CoreNLP.framework/Versions/A/CoreNLP
0x7fff465d3000 - 0x7fff46601ffd com.apple.CSStore (1069.22 - 1069.22) <39E431F9-3584-34DF-A64D-C5895AA72068> /System/Library/PrivateFrameworks/CoreServicesStore.framework/Versions/A/CoreServicesStore
0x7fff52816000 - 0x7fff528e4ffd com.apple.LanguageModeling (1.0 - 215.1) <3FAF1700-F7D4-3F92-88AA-A3920702B8BB> /System/Library/PrivateFrameworks/LanguageModeling.framework/Versions/A/LanguageModeling
0x7fff528e5000 - 0x7fff5292dfff com.apple.Lexicon-framework (1.0 - 72) <212D02CE-11BC-3C7F-BDFD-DF1A0C4017EE> /System/Library/PrivateFrameworks/Lexicon.framework/Versions/A/Lexicon
0x7fff52934000 - 0x7fff52939ff3 com.apple.LinguisticData (1.0 - 353.18) <BA3869B7-9C39-32DA-A4BA-12F1BC4B04CF> /System/Library/PrivateFrameworks/LinguisticData.framework/Versions/A/LinguisticData
0x7fff53ca0000 - 0x7fff53cecfff com.apple.spotlight.metadata.utilities (1.0 - 2076.3) <EF8AC054-B15F-375F-AACB-018DC73CD16E> /System/Library/PrivateFrameworks/MetadataUtilities.framework/Versions/A/MetadataUtilities
0x7fff547a1000 - 0x7fff547abfff com.apple.NetAuth (6.2 - 6.2) <D324C7CC-E614-35F6-8619-DECBE90ECAEB> /System/Library/PrivateFrameworks/NetAuth.framework/Versions/A/NetAuth
0x7fff5da0b000 - 0x7fff5da1bff3 com.apple.TCC (1.0 - 1) <AEE98D6E-03FD-3C80-90AC-5B45B4AE7A2E> /System/Library/PrivateFrameworks/TCC.framework/Versions/A/TCC
0x7fff610e6000 - 0x7fff610e8ff3 com.apple.loginsupport (1.0 - 1) <B84ABC31-431B-3F99-BABE-44ED0A7DB3C0> /System/Library/PrivateFrameworks/login.framework/Versions/A/Frameworks/loginsupport.framework/Versions/A/loginsupport
0x7fff63c01000 - 0x7fff63c35fff libCRFSuite.dylib (48) <E52BECF7-1819-3998-ACC4-8D1A332CE4EB> /usr/lib/libCRFSuite.dylib
0x7fff63c38000 - 0x7fff63c42fff libChineseTokenizer.dylib (34) <EE842A48-3D30-34B0-B9D2-F045DE582650> /usr/lib/libChineseTokenizer.dylib
0x7fff63cce000 - 0x7fff63cd0ff7 libDiagnosticMessagesClient.dylib (112) <BE749883-9400-334A-8FBF-F3321CF205F5> /usr/lib/libDiagnosticMessagesClient.dylib
0x7fff641a4000 - 0x7fff641a5fff libSystem.B.dylib (1281.100.1) <DB8310F1-272D-3533-A840-3B390AF55C26> /usr/lib/libSystem.B.dylib
0x7fff64232000 - 0x7fff64233fff libThaiTokenizer.dylib (3) <DC582222-7C1F-3C27-8C3A-BAF696A2197D> /usr/lib/libThaiTokenizer.dylib
0x7fff6424b000 - 0x7fff64261fff libapple_nghttp2.dylib (1.39.2) <268F4E3E-95DC-35FB-82DC-5B0D1855A676> /usr/lib/libapple_nghttp2.dylib
0x7fff64296000 - 0x7fff64308ff7 libarchive.2.dylib (72.100.1) <65E0870E-02AB-365D-84F9-5800B5BB69FC> /usr/lib/libarchive.2.dylib
0x7fff643a6000 - 0x7fff643a6ff3 libauto.dylib (187) <FD0E5750-7004-36A7-B9C2-D6B6B4EF559B> /usr/lib/libauto.dylib
0x7fff6446c000 - 0x7fff6447cffb libbsm.0.dylib (60.100.1) <B0373A39-DBC6-3A84-879B-BA46E30D04BF> /usr/lib/libbsm.0.dylib
0x7fff6447d000 - 0x7fff64489fff libbz2.1.0.dylib (44) <FFCD4427-AF87-36D2-8097-8870FDC75A1B> /usr/lib/libbz2.1.0.dylib
0x7fff6448a000 - 0x7fff644dcfff libc++.1.dylib (902.1) <08199809-33CA-321E-9B9D-FD5B2BC64580> /usr/lib/libc++.1.dylib
0x7fff644dd000 - 0x7fff644f2ffb libc++abi.dylib (902) <1C880020-396D-3F91-BE27-5A09A9239F68> /usr/lib/libc++abi.dylib
0x7fff644f3000 - 0x7fff644f3fff libcharset.1.dylib (59) <4E63BA25-04A3-329A-923D-251155C03F30> /usr/lib/libcharset.1.dylib
0x7fff644f4000 - 0x7fff64505fff libcmph.dylib (8) <D4C5E0A8-92D9-33D5-9F83-6F4742FFBE29> /usr/lib/libcmph.dylib
0x7fff64506000 - 0x7fff6451dfd7 libcompression.dylib (87) <7F258A06-E01D-32D2-9CD2-6B2931DA5DA7> /usr/lib/libcompression.dylib
0x7fff647f7000 - 0x7fff6480dff7 libcoretls.dylib (167) <EFC237BB-78F7-33C6-BFF9-53860062DD99> /usr/lib/libcoretls.dylib
0x7fff6480e000 - 0x7fff6480ffff libcoretls_cfhelpers.dylib (167) <2E542A2B-7730-33EE-9B3B-154B08608AA6> /usr/lib/libcoretls_cfhelpers.dylib
0x7fff64f19000 - 0x7fff64f36fff libedit.3.dylib (55) <A41E499B-D031-38EA-8D1D-F271EED15830> /usr/lib/libedit.3.dylib
0x7fff64f37000 - 0x7fff64f37fff libenergytrace.dylib (21) <FFB9FB70-8DBD-3025-BC92-51F02481A489> /usr/lib/libenergytrace.dylib
0x7fff64f5e000 - 0x7fff64f60fff libfakelink.dylib (149.1) <B04F9A05-7E52-3382-9186-F603BE4BFBB2> /usr/lib/libfakelink.dylib
0x7fff64f6f000 - 0x7fff64f74fff libgermantok.dylib (24) <8091F952-B592-38E3-982B-7DEA0A44E211> /usr/lib/libgermantok.dylib
0x7fff64f7f000 - 0x7fff6506ffff libiconv.2.dylib (59) <9458704B-A702-37CB-9707-66ABBB5DB71E> /usr/lib/libiconv.2.dylib
0x7fff65070000 - 0x7fff652c7fff libicucore.A.dylib (64260.0.1) <DCC4A4EE-32FD-350F-84D8-E857F2F29855> /usr/lib/libicucore.A.dylib
0x7fff652e1000 - 0x7fff652e2fff liblangid.dylib (133) <E9595222-602B-38F0-8572-0F1872A00527> /usr/lib/liblangid.dylib
0x7fff652e3000 - 0x7fff652fbff3 liblzma.5.dylib (16) <0AA1EB11-A433-327E-B8DB-7395CFF06554> /usr/lib/liblzma.5.dylib
0x7fff65313000 - 0x7fff653baff7 libmecab.dylib (883.10) <13136C11-8763-37BA-AEB2-676092798DAA> /usr/lib/libmecab.dylib
0x7fff653bb000 - 0x7fff6561dfe1 libmecabra.dylib (883.10) <6AC22857-F528-35CE-94A9-D70F6F766C15> /usr/lib/libmecabra.dylib
0x7fff6598a000 - 0x7fff659b9fff libncurses.5.4.dylib (57) <6BD6F430-C8B3-39D8-87B5-2C16E6578FD5> /usr/lib/libncurses.5.4.dylib
0x7fff65ae9000 - 0x7fff65f64ff5 libnetwork.dylib (1880.100.30) <9519B6F8-44E2-3F53-B995-1527C5333240> /usr/lib/libnetwork.dylib
0x7fff66004000 - 0x7fff66037fde libobjc.A.dylib (787.1) <20AC082F-2DB7-3974-A2D4-8C5E01787584> /usr/lib/libobjc.A.dylib
0x7fff6604a000 - 0x7fff6604efff libpam.2.dylib (25.100.1) <D5CEC1AD-A2EC-362C-B71A-22FD521917F1> /usr/lib/libpam.2.dylib
0x7fff66051000 - 0x7fff66087ff7 libpcap.A.dylib (89.100.1) <171BAAB0-A5C8-32C5-878E-83D46073BF8C> /usr/lib/libpcap.A.dylib
0x7fff6610b000 - 0x7fff66123fff libresolv.9.dylib (67.40.1) <92A522F9-95E2-35EE-A8AD-FC8DEE6B2C1F> /usr/lib/libresolv.9.dylib
0x7fff6617f000 - 0x7fff66369ff7 libsqlite3.dylib (308.4) <BBC375B7-AF20-3D2C-8826-78D3BDC8A004> /usr/lib/libsqlite3.dylib
0x7fff665ba000 - 0x7fff665bdffb libutil.dylib (57) <07ED7CF0-1744-3386-B8B2-0DDBD446999E> /usr/lib/libutil.dylib
0x7fff665be000 - 0x7fff665cbff7 libxar.1.dylib (425.2) <625F24E1-1A0F-3301-9F99-F0F3DADE0287> /usr/lib/libxar.1.dylib
0x7fff665d1000 - 0x7fff666b3ff7 libxml2.2.dylib (33.3) <24147A90-E3EB-3926-BFB0-5F0FC9F706E2> /usr/lib/libxml2.2.dylib
0x7fff666b7000 - 0x7fff666dffff libxslt.1.dylib (16.9) <8C8648B1-F2CA-38EA-A409-D6F19715C6E6> /usr/lib/libxslt.1.dylib
0x7fff666e0000 - 0x7fff666f2ff3 libz.1.dylib (76) <6A449C6A-DF88-36C1-8F2D-DB9A808263B5> /usr/lib/libz.1.dylib
0x7fff66fa0000 - 0x7fff66fa5ff3 libcache.dylib (83) <5F90FFCE-403B-3724-991D-BA32401D99C5> /usr/lib/system/libcache.dylib
0x7fff66fa6000 - 0x7fff66fb1fff libcommonCrypto.dylib (60165) <C7A5E3F7-1E5A-3785-875A-B6647082B614> /usr/lib/system/libcommonCrypto.dylib
0x7fff66fb2000 - 0x7fff66fb9fff libcompiler_rt.dylib (101.2) <A517E149-2D25-3C04-BCEF-F69149C85B18> /usr/lib/system/libcompiler_rt.dylib
0x7fff66fba000 - 0x7fff66fc3ff7 libcopyfile.dylib (166.40.1) <1A5270B5-0D97-35DA-9296-4F4A428BC6A2> /usr/lib/system/libcopyfile.dylib
0x7fff66fc4000 - 0x7fff67056fe3 libcorecrypto.dylib (866.100.30) <FCDEC0D1-8C30-3989-BDD1-996BBC715C29> /usr/lib/system/libcorecrypto.dylib
0x7fff67163000 - 0x7fff671a3ff0 libdispatch.dylib (1173.100.2) <EB592997-B11C-3AB3-85B1-F725F3D0B412> /usr/lib/system/libdispatch.dylib
0x7fff671a4000 - 0x7fff671dafff libdyld.dylib (750.5) <D2A07EF5-A64B-3692-BE13-89DAA2EC5E80> /usr/lib/system/libdyld.dylib
0x7fff671db000 - 0x7fff671dbffb libkeymgr.dylib (30) <CC5A2B43-770B-3C6C-BA10-AA3A6B4A142D> /usr/lib/system/libkeymgr.dylib
0x7fff671dc000 - 0x7fff671e8ff3 libkxld.dylib (6153.101.6) <77282DCB-83D6-3199-874E-9A4A0FD7D4F3> /usr/lib/system/libkxld.dylib
0x7fff671e9000 - 0x7fff671e9ff7 liblaunch.dylib (1738.100.39) <A7FF7357-600F-3014-8C28-A4F367717E8D> /usr/lib/system/liblaunch.dylib
0x7fff671ea000 - 0x7fff671efff7 libmacho.dylib (959.0.1) <D8FED478-25A2-3844-AE4B-A5C9F9827615> /usr/lib/system/libmacho.dylib
0x7fff671f0000 - 0x7fff671f2ff3 libquarantine.dylib (110.40.3) <51E0304F-AB11-3BF7-99DC-BB916CC9088B> /usr/lib/system/libquarantine.dylib
0x7fff671f3000 - 0x7fff671f4ff7 libremovefile.dylib (48) <078F29AB-26BA-3493-BCAA-E1E75A187521> /usr/lib/system/libremovefile.dylib
0x7fff671f5000 - 0x7fff6720cff3 libsystem_asl.dylib (377.60.2) <0F1BAC19-2AE0-3F8E-9B90-AACF819B2BF7> /usr/lib/system/libsystem_asl.dylib
0x7fff6720d000 - 0x7fff6720dff7 libsystem_blocks.dylib (74) <32224AFF-C06F-3279-B753-097194EDEF49> /usr/lib/system/libsystem_blocks.dylib
0x7fff6720e000 - 0x7fff67295fff libsystem_c.dylib (1353.100.2) <4F5EED22-4D46-3F04-8C64-C492CDAD70EB> /usr/lib/system/libsystem_c.dylib
0x7fff67296000 - 0x7fff67299ffb libsystem_configuration.dylib (1061.101.1) <2A2C778D-07EB-35C7-A954-8BF8FD74BD75> /usr/lib/system/libsystem_configuration.dylib
0x7fff6729a000 - 0x7fff6729dfff libsystem_coreservices.dylib (114) <FDA41CC4-170A-3D93-85BD-838A563B03C4> /usr/lib/system/libsystem_coreservices.dylib
0x7fff6729e000 - 0x7fff672a6fff libsystem_darwin.dylib (1353.100.2) <B567B86D-8818-38A4-A861-03EB83B55867> /usr/lib/system/libsystem_darwin.dylib
0x7fff672a7000 - 0x7fff672aefff libsystem_dnssd.dylib (1096.100.3) <7C690DF5-E119-33FB-85CD-9EFC67A36E40> /usr/lib/system/libsystem_dnssd.dylib
0x7fff672af000 - 0x7fff672b0ffb libsystem_featureflags.dylib (17) <415D83EF-084C-3485-B757-53001870EA94> /usr/lib/system/libsystem_featureflags.dylib
0x7fff672b1000 - 0x7fff672feff7 libsystem_info.dylib (538) <17049D3F-C798-3651-B391-1551FC699D3E> /usr/lib/system/libsystem_info.dylib
0x7fff672ff000 - 0x7fff6732bff7 libsystem_kernel.dylib (6153.101.6) <E76440E1-D1E8-3D9A-8B47-D01F554FF1C4> /usr/lib/system/libsystem_kernel.dylib
0x7fff6732c000 - 0x7fff67373fff libsystem_m.dylib (3178) <74741FA8-5C29-3241-9046-4FC91C6A6D4A> /usr/lib/system/libsystem_m.dylib
0x7fff67374000 - 0x7fff6739bfff libsystem_malloc.dylib (283.100.5) <97833239-2F83-3AEB-A426-0593997C8A54> /usr/lib/system/libsystem_malloc.dylib
0x7fff6739c000 - 0x7fff673a9ffb libsystem_networkextension.dylib (1095.100.29) <C9E988B2-6A18-35C0-9577-63201E9D6018> /usr/lib/system/libsystem_networkextension.dylib
0x7fff673aa000 - 0x7fff673b3ff7 libsystem_notify.dylib (241.100.2) <E405F84B-BD4F-3874-9755-CB3EC86E18D5> /usr/lib/system/libsystem_notify.dylib
0x7fff673b4000 - 0x7fff673bcfef libsystem_platform.dylib (220.100.1) <6EF12F34-C33F-36BF-9A9A-2A35EA19EFE0> /usr/lib/system/libsystem_platform.dylib
0x7fff673bd000 - 0x7fff673c7fff libsystem_pthread.dylib (416.100.3) <A8514582-E000-3854-911A-0A73D2C79600> /usr/lib/system/libsystem_pthread.dylib
0x7fff673c8000 - 0x7fff673ccff3 libsystem_sandbox.dylib (1217.101.2) <E9D78CDE-FB67-32E7-BABC-9EFC23AA0DC6> /usr/lib/system/libsystem_sandbox.dylib
0x7fff673cd000 - 0x7fff673cffff libsystem_secinit.dylib (62.100.2) <AAC639E5-7103-3366-A602-8FC6944E2C13> /usr/lib/system/libsystem_secinit.dylib
0x7fff673d0000 - 0x7fff673d7ffb libsystem_symptoms.dylib (1238.100.26) <487B92DE-45F9-39F9-A478-89BBD478157D> /usr/lib/system/libsystem_symptoms.dylib
0x7fff673d8000 - 0x7fff673eeff2 libsystem_trace.dylib (1147.100.8) <BB90B1FD-8C09-3DF4-BD8B-9E4AEADFEA2B> /usr/lib/system/libsystem_trace.dylib
0x7fff673f0000 - 0x7fff673f5ff7 libunwind.dylib (35.4) <CC87C836-BE9D-334E-A0E6-0297D52E9D73> /usr/lib/system/libunwind.dylib
0x7fff673f6000 - 0x7fff6742bffe libxpc.dylib (1738.100.39) <32B0E31E-9DA3-328B-A962-BC9591B93537> /usr/lib/system/libxpc.dylib
External Modification Summary:
Calls made by other processes targeting this process:
task_for_pid: 95
thread_create: 0
thread_set_state: 0
Calls made by this process:
task_for_pid: 0
thread_create: 0
thread_set_state: 0
Calls made by all processes on this machine:
task_for_pid: 454121
thread_create: 0
thread_set_state: 0
VM Region Summary:
ReadOnly portion of Libraries: Total=461.2M resident=0K(0%) swapped_out_or_unallocated=461.2M(100%)
Writable regions: Total=58.8M written=0K(0%) resident=0K(0%) swapped_out=0K(0%) unallocated=58.8M(100%)
VIRTUAL REGION
REGION TYPE SIZE COUNT (non-coalesced)
=========== ======= =======
Activity Tracing 256K 1
Dispatch continuations 8192K 1
Kernel Alloc Once 8K 1
MALLOC 40.7M 29
MALLOC guard page 16K 4
SQLite page cache 64K 1
STACK GUARD 56.0M 4
Stack 9752K 4
VM_ALLOCATE 8K 1
__DATA 6270K 171
__DATA_CONST 388K 45
__LINKEDIT 389.1M 46
__OBJC_RO 32.2M 1
__OBJC_RW 1892K 2
__TEXT 72.1M 167
__UNICODE 564K 1
mapped file 27.2M 2
shared memory 28K 4
=========== ======= =======
TOTAL 644.1M 485
sh-3.2# sudo /usr/local/sbin/radiusd -X
FreeRADIUS Version 3.0.21
Copyright (C) 1999-2019 The FreeRADIUS server project and contributors
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License
For more information about these matters, see the file named COPYRIGHT
Starting - reading configuration files ...
including dictionary file /usr/local/share/freeradius/dictionary
including dictionary file /usr/local/share/freeradius/dictionary.dhcp
including dictionary file /usr/local/share/freeradius/dictionary.vqp
including dictionary file /usr/local/etc/raddb/dictionary
including configuration file /usr/local/etc/raddb/radiusd.conf
including configuration file /usr/local/etc/raddb/proxy.conf
including configuration file /usr/local/etc/raddb/clients.conf
including files in directory /usr/local/etc/raddb/mods-enabled/
including configuration file /usr/local/etc/raddb/mods-enabled/detail.log
including configuration file /usr/local/etc/raddb/mods-enabled/eap
including configuration file /usr/local/etc/raddb/mods-enabled/echo
including configuration file /usr/local/etc/raddb/mods-enabled/utf8
including configuration file /usr/local/etc/raddb/mods-enabled/always
including configuration file /usr/local/etc/raddb/mods-enabled/digest
including configuration file /usr/local/etc/raddb/mods-enabled/date
including configuration file /usr/local/etc/raddb/mods-enabled/preprocess
including configuration file /usr/local/etc/raddb/mods-enabled/pap
including configuration file /usr/local/etc/raddb/mods-enabled/expr
including configuration file /usr/local/etc/raddb/mods-enabled/radutmp
including configuration file /usr/local/etc/raddb/mods-enabled/linelog
including configuration file /usr/local/etc/raddb/mods-enabled/unix
including configuration file /usr/local/etc/raddb/mods-enabled/detail
including configuration file /usr/local/etc/raddb/mods-enabled/attr_filter
including configuration file /usr/local/etc/raddb/mods-enabled/ntlm_auth
including configuration file /usr/local/etc/raddb/mods-enabled/exec
including configuration file /usr/local/etc/raddb/mods-enabled/files
including configuration file /usr/local/etc/raddb/mods-enabled/replicate
including configuration file /usr/local/etc/raddb/mods-enabled/chap
including configuration file /usr/local/etc/raddb/mods-enabled/unpack
including configuration file /usr/local/etc/raddb/mods-enabled/logintime
including configuration file /usr/local/etc/raddb/mods-enabled/expiration
including configuration file /usr/local/etc/raddb/mods-enabled/cache_eap
including configuration file /usr/local/etc/raddb/mods-enabled/soh
including configuration file /usr/local/etc/raddb/mods-enabled/sradutmp
including configuration file /usr/local/etc/raddb/mods-enabled/mschap
including configuration file /usr/local/etc/raddb/mods-enabled/dynamic_clients
including configuration file /usr/local/etc/raddb/mods-enabled/passwd
including configuration file /usr/local/etc/raddb/mods-enabled/realm
including configuration file /usr/local/etc/raddb/mods-enabled/opendirectory
including configuration file /usr/local/etc/raddb/mods-enabled/sql
including configuration file /usr/local/etc/raddb/mods-config/sql/main/sqlite/queries.conf
including files in directory /usr/local/etc/raddb/policy.d/
including configuration file /usr/local/etc/raddb/policy.d/accounting
including configuration file /usr/local/etc/raddb/policy.d/eap
including configuration file /usr/local/etc/raddb/policy.d/rfc7542
including configuration file /usr/local/etc/raddb/policy.d/canonicalization
including configuration file /usr/local/etc/raddb/policy.d/abfab-tr
including configuration file /usr/local/etc/raddb/policy.d/dhcp
including configuration file /usr/local/etc/raddb/policy.d/cui
including configuration file /usr/local/etc/raddb/policy.d/filter
including configuration file /usr/local/etc/raddb/policy.d/moonshot-targeted-ids
including configuration file /usr/local/etc/raddb/policy.d/operator-name
including configuration file /usr/local/etc/raddb/policy.d/control
including configuration file /usr/local/etc/raddb/policy.d/debug
including files in directory /usr/local/etc/raddb/sites-enabled/
including configuration file /usr/local/etc/raddb/sites-enabled/default
including configuration file /usr/local/etc/raddb/sites-enabled/inner-tunnel
main {
security {
allow_core_dumps = no
}
name = "radiusd"
prefix = "/usr/local"
localstatedir = "/var"
logdir = "/var/log/radius"
run_dir = "/var/run/radiusd"
}
main {
name = "radiusd"
prefix = "/usr/local"
localstatedir = "/var"
sbindir = "/usr/local/sbin"
logdir = "/var/log/radius"
run_dir = "/var/run/radiusd"
libdir = "/usr/local/lib"
radacctdir = "/var/log/radius/radacct"
hostname_lookups = no
max_request_time = 30
cleanup_delay = 5
max_requests = 16384
pidfile = "/var/run/radiusd/radiusd.pid"
checkrad = "/usr/local/sbin/checkrad"
debug_level = 0
proxy_requests = yes
log {
stripped_names = no
auth = no
auth_badpass = no
auth_goodpass = no
colourise = yes
msg_denied = "You are already logged in - access denied"
}
resources {
}
security {
max_attributes = 200
reject_delay = 1.000000
status_server = yes
allow_vulnerable_openssl = "no"
}
}
radiusd: #### Loading Realms and Home Servers ####
proxy server {
retry_delay = 5
retry_count = 3
default_fallback = no
dead_time = 120
wake_all_if_all_dead = no
}
home_server localhost {
ipaddr = 127.0.0.1
port = 1812
type = "auth"
secret = <<< secret >>>
response_window = 20.000000
response_timeouts = 1
max_outstanding = 65536
zombie_period = 40
status_check = "status-server"
ping_interval = 30
check_interval = 30
check_timeout = 4
num_answers_to_alive = 3
revive_interval = 120
limit {
max_connections = 16
max_requests = 0
lifetime = 0
idle_timeout = 0
}
coa {
irt = 2
mrt = 16
mrc = 5
mrd = 30
}
}
home_server_pool my_auth_failover {
type = fail-over
home_server = localhost
}
realm example.com {
auth_pool = my_auth_failover
}
realm LOCAL {
}
radiusd: #### Loading Clients ####
client localhost {
ipaddr = 127.0.0.1
require_message_authenticator = no
secret = <<< secret >>>
nas_type = "other"
proto = "*"
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
client localhost_ipv6 {
ipv6addr = ::1
require_message_authenticator = no
secret = <<< secret >>>
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
Debugger not attached
# Creating Auth-Type = mschap
# Creating Auth-Type = digest
# Creating Auth-Type = eap
# Creating Auth-Type = PAP
# Creating Auth-Type = CHAP
# Creating Auth-Type = MS-CHAP
# Creating Auth-Type = opendirectory
radiusd: #### Instantiating modules ####
modules {
# Loaded module rlm_detail
# Loading module "auth_log" from file /usr/local/etc/raddb/mods-enabled/detail.log
detail auth_log {
filename = "/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d"
header = "%t"
permissions = 384
locking = no
escape_filenames = no
log_packet_header = no
}
# Loading module "reply_log" from file /usr/local/etc/raddb/mods-enabled/detail.log
detail reply_log {
filename = "/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/reply-detail-%Y%m%d"
header = "%t"
permissions = 384
locking = no
escape_filenames = no
log_packet_header = no
}
# Loading module "pre_proxy_log" from file /usr/local/etc/raddb/mods-enabled/detail.log
detail pre_proxy_log {
filename = "/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/pre-proxy-detail-%Y%m%d"
header = "%t"
permissions = 384
locking = no
escape_filenames = no
log_packet_header = no
}
# Loading module "post_proxy_log" from file /usr/local/etc/raddb/mods-enabled/detail.log
detail post_proxy_log {
filename = "/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/post-proxy-detail-%Y%m%d"
header = "%t"
permissions = 384
locking = no
escape_filenames = no
log_packet_header = no
}
# Loaded module rlm_eap
# Loading module "eap" from file /usr/local/etc/raddb/mods-enabled/eap
eap {
default_eap_type = "ttls"
timer_expire = 60
ignore_unknown_eap_types = no
cisco_accounting_username_bug = no
max_sessions = 16384
}
# Loaded module rlm_exec
# Loading module "echo" from file /usr/local/etc/raddb/mods-enabled/echo
exec echo {
wait = yes
program = "/bin/echo %{User-Name}"
input_pairs = "request"
output_pairs = "reply"
shell_escape = yes
}
# Loaded module rlm_utf8
# Loading module "utf8" from file /usr/local/etc/raddb/mods-enabled/utf8
# Loaded module rlm_always
# Loading module "reject" from file /usr/local/etc/raddb/mods-enabled/always
always reject {
rcode = "reject"
simulcount = 0
mpp = no
}
# Loading module "fail" from file /usr/local/etc/raddb/mods-enabled/always
always fail {
rcode = "fail"
simulcount = 0
mpp = no
}
# Loading module "ok" from file /usr/local/etc/raddb/mods-enabled/always
always ok {
rcode = "ok"
simulcount = 0
mpp = no
}
# Loading module "handled" from file /usr/local/etc/raddb/mods-enabled/always
always handled {
rcode = "handled"
simulcount = 0
mpp = no
}
# Loading module "invalid" from file /usr/local/etc/raddb/mods-enabled/always
always invalid {
rcode = "invalid"
simulcount = 0
mpp = no
}
# Loading module "userlock" from file /usr/local/etc/raddb/mods-enabled/always
always userlock {
rcode = "userlock"
simulcount = 0
mpp = no
}
# Loading module "notfound" from file /usr/local/etc/raddb/mods-enabled/always
always notfound {
rcode = "notfound"
simulcount = 0
mpp = no
}
# Loading module "noop" from file /usr/local/etc/raddb/mods-enabled/always
always noop {
rcode = "noop"
simulcount = 0
mpp = no
}
# Loading module "updated" from file /usr/local/etc/raddb/mods-enabled/always
always updated {
rcode = "updated"
simulcount = 0
mpp = no
}
# Loaded module rlm_digest
# Loading module "digest" from file /usr/local/etc/raddb/mods-enabled/digest
# Loaded module rlm_date
# Loading module "date" from file /usr/local/etc/raddb/mods-enabled/date
date {
format = "%b %e %Y %H:%M:%S %Z"
utc = no
}
# Loading module "wispr2date" from file /usr/local/etc/raddb/mods-enabled/date
date wispr2date {
format = "%Y-%m-%dT%H:%M:%S"
utc = no
}
# Loaded module rlm_preprocess
# Loading module "preprocess" from file /usr/local/etc/raddb/mods-enabled/preprocess
preprocess {
huntgroups = "/usr/local/etc/raddb/mods-config/preprocess/huntgroups"
hints = "/usr/local/etc/raddb/mods-config/preprocess/hints"
with_ascend_hack = no
ascend_channels_per_line = 23
with_ntdomain_hack = no
with_specialix_jetstream_hack = no
with_cisco_vsa_hack = no
with_alvarion_vsa_hack = no
}
# Loaded module rlm_pap
# Loading module "pap" from file /usr/local/etc/raddb/mods-enabled/pap
pap {
normalise = yes
}
# Loaded module rlm_expr
# Loading module "expr" from file /usr/local/etc/raddb/mods-enabled/expr
expr {
safe_characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /äéöüàâæçèéêëîïôœùûüaÿÄÉÖÜßÀÂÆÇÈÉÊËÎÏÔŒÙÛÜŸ"
}
# Loaded module rlm_radutmp
# Loading module "radutmp" from file /usr/local/etc/raddb/mods-enabled/radutmp
radutmp {
filename = "/var/log/radius/radutmp"
username = "%{User-Name}"
case_sensitive = yes
check_with_nas = yes
permissions = 384
caller_id = yes
}
# Loaded module rlm_linelog
# Loading module "linelog" from file /usr/local/etc/raddb/mods-enabled/linelog
linelog {
filename = "/var/log/radius/linelog"
escape_filenames = no
syslog_severity = "info"
permissions = 384
format = "This is a log message for %{User-Name}"
reference = "messages.%{%{reply:Packet-Type}:-default}"
}
# Loading module "log_accounting" from file /usr/local/etc/raddb/mods-enabled/linelog
linelog log_accounting {
filename = "/var/log/radius/linelog-accounting"
escape_filenames = no
syslog_severity = "info"
permissions = 384
format = ""
reference = "Accounting-Request.%{%{Acct-Status-Type}:-unknown}"
}
# Loaded module rlm_unix
# Loading module "unix" from file /usr/local/etc/raddb/mods-enabled/unix
unix {
radwtmp = "/var/log/radius/radwtmp"
}
Creating attribute Unix-Group
# Loading module "detail" from file /usr/local/etc/raddb/mods-enabled/detail
detail {
filename = "/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d"
header = "%t"
permissions = 384
locking = no
escape_filenames = no
log_packet_header = no
}
# Loaded module rlm_attr_filter
# Loading module "attr_filter.post-proxy" from file /usr/local/etc/raddb/mods-enabled/attr_filter
attr_filter attr_filter.post-proxy {
filename = "/usr/local/etc/raddb/mods-config/attr_filter/post-proxy"
key = "%{Realm}"
relaxed = no
}
# Loading module "attr_filter.pre-proxy" from file /usr/local/etc/raddb/mods-enabled/attr_filter
attr_filter attr_filter.pre-proxy {
filename = "/usr/local/etc/raddb/mods-config/attr_filter/pre-proxy"
key = "%{Realm}"
relaxed = no
}
# Loading module "attr_filter.access_reject" from file /usr/local/etc/raddb/mods-enabled/attr_filter
attr_filter attr_filter.access_reject {
filename = "/usr/local/etc/raddb/mods-config/attr_filter/access_reject"
key = "%{User-Name}"
relaxed = no
}
# Loading module "attr_filter.access_challenge" from file /usr/local/etc/raddb/mods-enabled/attr_filter
attr_filter attr_filter.access_challenge {
filename = "/usr/local/etc/raddb/mods-config/attr_filter/access_challenge"
key = "%{User-Name}"
relaxed = no
}
# Loading module "attr_filter.accounting_response" from file /usr/local/etc/raddb/mods-enabled/attr_filter
attr_filter attr_filter.accounting_response {
filename = "/usr/local/etc/raddb/mods-config/attr_filter/accounting_response"
key = "%{User-Name}"
relaxed = no
}
# Loading module "ntlm_auth" from file /usr/local/etc/raddb/mods-enabled/ntlm_auth
exec ntlm_auth {
wait = yes
program = "/path/to/ntlm_auth --request-nt-key --domain=MYDOMAIN --username=%{mschap:User-Name} --password=%{User-Password}"
shell_escape = yes
}
# Loading module "exec" from file /usr/local/etc/raddb/mods-enabled/exec
exec {
wait = no
input_pairs = "request"
shell_escape = yes
timeout = 10
}
# Loaded module rlm_files
# Loading module "files" from file /usr/local/etc/raddb/mods-enabled/files
files {
filename = "/usr/local/etc/raddb/mods-config/files/authorize"
acctusersfile = "/usr/local/etc/raddb/mods-config/files/accounting"
preproxy_usersfile = "/usr/local/etc/raddb/mods-config/files/pre-proxy"
}
# Loaded module rlm_replicate
# Loading module "replicate" from file /usr/local/etc/raddb/mods-enabled/replicate
# Loaded module rlm_chap
# Loading module "chap" from file /usr/local/etc/raddb/mods-enabled/chap
# Loaded module rlm_unpack
# Loading module "unpack" from file /usr/local/etc/raddb/mods-enabled/unpack
# Loaded module rlm_logintime
# Loading module "logintime" from file /usr/local/etc/raddb/mods-enabled/logintime
logintime {
minimum_timeout = 60
}
# Loaded module rlm_expiration
# Loading module "expiration" from file /usr/local/etc/raddb/mods-enabled/expiration
# Loaded module rlm_cache
# Loading module "cache_eap" from file /usr/local/etc/raddb/mods-enabled/cache_eap
cache cache_eap {
driver = "rlm_cache_rbtree"
key = "%{%{control:State}:-%{%{reply:State}:-%{State}}}"
ttl = 15
max_entries = 0
epoch = 0
add_stats = no
}
# Loaded module rlm_soh
# Loading module "soh" from file /usr/local/etc/raddb/mods-enabled/soh
soh {
dhcp = yes
}
# Loading module "sradutmp" from file /usr/local/etc/raddb/mods-enabled/sradutmp
radutmp sradutmp {
filename = "/var/log/radius/sradutmp"
username = "%{User-Name}"
case_sensitive = yes
check_with_nas = yes
permissions = 420
caller_id = no
}
# Loaded module rlm_mschap
# Loading module "mschap" from file /usr/local/etc/raddb/mods-enabled/mschap
mschap {
use_mppe = yes
require_encryption = no
require_strong = no
with_ntdomain_hack = yes
passchange {
}
allow_retry = yes
winbind_retry_with_normalised_username = no
use_open_directory = yes
}
# Loaded module rlm_dynamic_clients
# Loading module "dynamic_clients" from file /usr/local/etc/raddb/mods-enabled/dynamic_clients
# Loaded module rlm_passwd
# Loading module "etc_passwd" from file /usr/local/etc/raddb/mods-enabled/passwd
passwd etc_passwd {
filename = "/etc/passwd"
format = "*User-Name:Crypt-Password:"
delimiter = ":"
ignore_nislike = no
ignore_empty = yes
allow_multiple_keys = no
hash_size = 100
}
# Loaded module rlm_realm
# Loading module "IPASS" from file /usr/local/etc/raddb/mods-enabled/realm
realm IPASS {
format = "prefix"
delimiter = "/"
ignore_default = no
ignore_null = no
}
# Loading module "suffix" from file /usr/local/etc/raddb/mods-enabled/realm
realm suffix {
format = "suffix"
delimiter = "@"
ignore_default = no
ignore_null = no
}
# Loading module "bangpath" from file /usr/local/etc/raddb/mods-enabled/realm
realm bangpath {
format = "prefix"
delimiter = "!"
ignore_default = no
ignore_null = no
}
# Loading module "realmpercent" from file /usr/local/etc/raddb/mods-enabled/realm
realm realmpercent {
format = "suffix"
delimiter = "%"
ignore_default = no
ignore_null = no
}
# Loading module "ntdomain" from file /usr/local/etc/raddb/mods-enabled/realm
realm ntdomain {
format = "prefix"
delimiter = "\\"
ignore_default = no
ignore_null = no
}
# Loaded module rlm_opendirectory
# Loading module "opendirectory" from file /usr/local/etc/raddb/mods-enabled/opendirectory
# Loaded module rlm_sql
# Loading module "sql" from file /usr/local/etc/raddb/mods-enabled/sql
sql {
driver = "rlm_sql_sqlite"
server = ""
port = 0
login = ""
password = <<< secret >>>
radius_db = "radius"
read_groups = yes
read_profiles = yes
read_clients = yes
delete_stale_sessions = yes
sql_user_name = "%{User-Name}"
default_user_profile = ""
client_query = "SELECT id, nasname, shortname, type, secret, server FROM nas"
authorize_check_query = "SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id"
authorize_reply_query = "SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id"
authorize_group_check_query = "SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{SQL-Group}' ORDER BY id"
authorize_group_reply_query = "SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{SQL-Group}' ORDER BY id"
group_membership_query = "SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority"
simul_count_query = "SELECT COUNT(*) FROM radacct WHERE username = '%{SQL-User-Name}' AND acctstoptime IS NULL"
simul_verify_query = "SELECT radacctid, acctsessionid, username, nasipaddress, nasportid, framedipaddress, callingstationid, framedprotocol FROM radacct WHERE username = '%{SQL-Group}' AND acctstoptime IS NULL"
safe_characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
auto_escape = no
accounting {
reference = "%{tolower:type.%{%{Acct-Status-Type}:-%{Request-Processing-Stage}}.query}"
type {
accounting-on {
query = "UPDATE radacct SET acctstoptime = %{%{integer:Event-Timestamp}:-%l}, acctsessiontime = (%{%{integer:Event-Timestamp}:-%l} - acctstarttime), acctterminatecause = '%{Acct-Terminate-Cause}' WHERE acctstoptime IS NULL AND nasipaddress = '%{NAS-IP-Address}' AND acctstarttime <= %{%{integer:Event-Timestamp}:-%l}"
}
accounting-off {
query = "UPDATE radacct SET acctstoptime = %{%{integer:Event-Timestamp}:-%l}, acctsessiontime = (%{%{integer:Event-Timestamp}:-%l} - acctstarttime), acctterminatecause = '%{Acct-Terminate-Cause}' WHERE acctstoptime IS NULL AND nasipaddress = '%{NAS-IP-Address}' AND acctstarttime <= %{%{integer:Event-Timestamp}:-%l}"
}
start {
query = "INSERT INTO radacct (acctsessionid, acctuniqueid, username, realm, nasipaddress, nasportid, nasporttype, acctstarttime, acctupdatetime, acctstoptime, acctsessiontime, acctauthentic, connectinfo_start, connectinfo_stop, acctinputoctets, acctoutputoctets, calledstationid, callingstationid, acctterminatecause, servicetype, framedprotocol, framedipaddress, framedipv6address, framedipv6prefix, framedinterfaceid, delegatedipv6prefix) VALUES ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{%{NAS-Port-ID}:-%{NAS-Port}}', '%{NAS-Port-Type}', %{%{integer:Event-Timestamp}:-%l}, %{%{integer:Event-Timestamp}:-%l}, NULL, '0', '%{Acct-Authentic}', '%{Connect-Info}', '', '0', '0', '%{Called-Station-Id}', '%{Calling-Station-Id}', '', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '%{Framed-IPv6-Address}', '%{Framed-IPv6-Prefix}', '%{Framed-Interface-Id}', '%{Delegated-IPv6-Prefix}')"
}
interim-update {
query = "UPDATE radacct SET acctupdatetime = %{%{integer:Event-Timestamp}:-%l}, acctinterval = 0, framedipaddress = '%{Framed-IP-Address}', framedipv6address = '%{Framed-IPv6-Address}', framedipv6prefix = '%{Framed-IPv6-Prefix}', framedinterfaceid = '%{Framed-Interface-Id}', delegatedipv6prefix = '%{Delegated-IPv6-Prefix}', acctsessiontime = %{%{Acct-Session-Time}:-NULL}, acctinputoctets = %{%{Acct-Input-Gigawords}:-0} << 32 | %{%{Acct-Input-Octets}:-0}, acctoutputoctets = %{%{Acct-Output-Gigawords}:-0} << 32 | %{%{Acct-Output-Octets}:-0} WHERE AcctUniqueId = '%{Acct-Unique-Session-Id}'"
}
stop {
query = "UPDATE radacct SET acctstoptime = %{%{integer:Event-Timestamp}:-%l}, acctsessiontime = %{%{Acct-Session-Time}:-NULL}, acctinputoctets = %{%{Acct-Input-Gigawords}:-0} << 32 | %{%{Acct-Input-Octets}:-0}, acctoutputoctets = %{%{Acct-Output-Gigawords}:-0} << 32 | %{%{Acct-Output-Octets}:-0}, acctterminatecause = '%{Acct-Terminate-Cause}', connectinfo_stop = '%{Connect-Info}' WHERE AcctUniqueId = '%{Acct-Unique-Session-Id}'"
}
}
}
post-auth {
reference = ".query"
query = "INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{SQL-User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S.%M')"
}
}
rlm_sql (sql): Driver rlm_sql_sqlite (module rlm_sql_sqlite) loaded and linked
Creating attribute SQL-Group
instantiate {
}
# Instantiating module "auth_log" from file /usr/local/etc/raddb/mods-enabled/detail.log
rlm_detail (auth_log): 'User-Password' suppressed, will not appear in detail output
# Instantiating module "reply_log" from file /usr/local/etc/raddb/mods-enabled/detail.log
# Instantiating module "pre_proxy_log" from file /usr/local/etc/raddb/mods-enabled/detail.log
# Instantiating module "post_proxy_log" from file /usr/local/etc/raddb/mods-enabled/detail.log
# Instantiating module "eap" from file /usr/local/etc/raddb/mods-enabled/eap
# Linked to sub-module rlm_eap_md5
# Linked to sub-module rlm_eap_leap
# Linked to sub-module rlm_eap_gtc
gtc {
challenge = "Password: "
auth_type = "PAP"
}
# Linked to sub-module rlm_eap_tls
tls {
tls = "tls-common"
}
tls-config tls-common {
verify_depth = 0
ca_path = "/usr/local/etc/raddb/certs"
pem_file_type = yes
private_key_file = "/usr/local/etc/raddb/certs/server.intern.corussoft.de.key.pem"
certificate_file = "/usr/local/etc/raddb/certs/server.intern.corussoft.de.pem"
ca_file = "/usr/local/etc/raddb/certs/corussoft-intermediate-ca.pem"
private_key_password = <<< secret >>>
dh_file = "/usr/local/etc/raddb/certs/dh"
random_file = "/dev/urandom"
fragment_size = 1024
include_length = yes
auto_chain = yes
check_crl = no
check_all_crl = no
cipher_list = "DEFAULT"
cipher_server_preference = no
ecdh_curve = "prime256v1"
disable_tlsv1 = yes
disable_tlsv1_1 = yes
tls_max_version = "1.2"
tls_min_version = "1.2"
cache {
enable = no
lifetime = 24
max_entries = 255
}
verify {
skip_if_ocsp_ok = no
}
ocsp {
enable = no
override_cert_url = yes
url = "http://127.0.0.1/ocsp/"
use_nonce = yes
timeout = 0
softfail = no
}
}
Please use tls_min_version and tls_max_version instead of disable_tlsv1
Please use tls_min_version and tls_max_version instead of disable_tlsv1_2
# Linked to sub-module rlm_eap_ttls
ttls {
tls = "tls-common"
default_eap_type = "mschapv2"
copy_request_to_tunnel = no
use_tunneled_reply = no
virtual_server = "inner-tunnel"
include_length = yes
require_client_cert = no
}
tls: Using cached TLS configuration from previous invocation
# Linked to sub-module rlm_eap_peap
peap {
tls = "tls-common"
default_eap_type = "mschapv2"
copy_request_to_tunnel = no
use_tunneled_reply = no
proxy_tunneled_request_as_eap = yes
virtual_server = "inner-tunnel"
soh = no
require_client_cert = no
}
tls: Using cached TLS configuration from previous invocation
# Linked to sub-module rlm_eap_mschapv2
mschapv2 {
with_ntdomain_hack = no
send_error = no
}
# Instantiating module "reject" from file /usr/local/etc/raddb/mods-enabled/always
# Instantiating module "fail" from file /usr/local/etc/raddb/mods-enabled/always
# Instantiating module "ok" from file /usr/local/etc/raddb/mods-enabled/always
# Instantiating module "handled" from file /usr/local/etc/raddb/mods-enabled/always
# Instantiating module "invalid" from file /usr/local/etc/raddb/mods-enabled/always
# Instantiating module "userlock" from file /usr/local/etc/raddb/mods-enabled/always
# Instantiating module "notfound" from file /usr/local/etc/raddb/mods-enabled/always
# Instantiating module "noop" from file /usr/local/etc/raddb/mods-enabled/always
# Instantiating module "updated" from file /usr/local/etc/raddb/mods-enabled/always
# Instantiating module "preprocess" from file /usr/local/etc/raddb/mods-enabled/preprocess
reading pairlist file /usr/local/etc/raddb/mods-config/preprocess/huntgroups
reading pairlist file /usr/local/etc/raddb/mods-config/preprocess/hints
# Instantiating module "pap" from file /usr/local/etc/raddb/mods-enabled/pap
# Instantiating module "linelog" from file /usr/local/etc/raddb/mods-enabled/linelog
# Instantiating module "log_accounting" from file /usr/local/etc/raddb/mods-enabled/linelog
# Instantiating module "detail" from file /usr/local/etc/raddb/mods-enabled/detail
# Instantiating module "attr_filter.post-proxy" from file /usr/local/etc/raddb/mods-enabled/attr_filter
reading pairlist file /usr/local/etc/raddb/mods-config/attr_filter/post-proxy
# Instantiating module "attr_filter.pre-proxy" from file /usr/local/etc/raddb/mods-enabled/attr_filter
reading pairlist file /usr/local/etc/raddb/mods-config/attr_filter/pre-proxy
# Instantiating module "attr_filter.access_reject" from file /usr/local/etc/raddb/mods-enabled/attr_filter
reading pairlist file /usr/local/etc/raddb/mods-config/attr_filter/access_reject
# Instantiating module "attr_filter.access_challenge" from file /usr/local/etc/raddb/mods-enabled/attr_filter
reading pairlist file /usr/local/etc/raddb/mods-config/attr_filter/access_challenge
# Instantiating module "attr_filter.accounting_response" from file /usr/local/etc/raddb/mods-enabled/attr_filter
reading pairlist file /usr/local/etc/raddb/mods-config/attr_filter/accounting_response
# Instantiating module "files" from file /usr/local/etc/raddb/mods-enabled/files
reading pairlist file /usr/local/etc/raddb/mods-config/files/authorize
reading pairlist file /usr/local/etc/raddb/mods-config/files/accounting
reading pairlist file /usr/local/etc/raddb/mods-config/files/pre-proxy
# Instantiating module "logintime" from file /usr/local/etc/raddb/mods-enabled/logintime
# Instantiating module "expiration" from file /usr/local/etc/raddb/mods-enabled/expiration
# Instantiating module "cache_eap" from file /usr/local/etc/raddb/mods-enabled/cache_eap
rlm_cache (cache_eap): Driver rlm_cache_rbtree (module rlm_cache_rbtree) loaded and linked
# Instantiating module "mschap" from file /usr/local/etc/raddb/mods-enabled/mschap
rlm_mschap (mschap): using internal authentication
# Instantiating module "etc_passwd" from file /usr/local/etc/raddb/mods-enabled/passwd
rlm_passwd: nfields: 3 keyfield 0(User-Name) listable: no
# Instantiating module "IPASS" from file /usr/local/etc/raddb/mods-enabled/realm
# Instantiating module "suffix" from file /usr/local/etc/raddb/mods-enabled/realm
# Instantiating module "bangpath" from file /usr/local/etc/raddb/mods-enabled/realm
# Instantiating module "realmpercent" from file /usr/local/etc/raddb/mods-enabled/realm
# Instantiating module "ntdomain" from file /usr/local/etc/raddb/mods-enabled/realm
# Instantiating module "sql" from file /usr/local/etc/raddb/mods-enabled/sql
rlm_sql_sqlite: libsqlite version: 3.28.0
sqlite {
filename = "/var/db/radius/freeradius.db"
busy_timeout = 200
}
rlm_sql (sql): Attempting to connect to database "radius"
rlm_sql (sql): Initialising connection pool
pool {
start = 5
min = 3
max = 32
spare = 10
uses = 0
lifetime = 0
cleanup_interval = 30
idle_timeout = 60
retry_delay = 30
spread = no
}
rlm_sql (sql): Opening additional connection (0), 1 of 32 pending slots used
rlm_sql_sqlite: Opening SQLite database "/var/db/radius/freeradius.db"
rlm_sql (sql): Opening additional connection (1), 1 of 31 pending slots used
rlm_sql_sqlite: Opening SQLite database "/var/db/radius/freeradius.db"
rlm_sql (sql): Opening additional connection (2), 1 of 30 pending slots used
rlm_sql_sqlite: Opening SQLite database "/var/db/radius/freeradius.db"
rlm_sql (sql): Opening additional connection (3), 1 of 29 pending slots used
rlm_sql_sqlite: Opening SQLite database "/var/db/radius/freeradius.db"
rlm_sql (sql): Opening additional connection (4), 1 of 28 pending slots used
rlm_sql_sqlite: Opening SQLite database "/var/db/radius/freeradius.db"
rlm_sql (sql): Processing generate_sql_clients
rlm_sql (sql) in generate_sql_clients: query is SELECT id, nasname, shortname, type, secret, server FROM nas
rlm_sql (sql): Reserved connection (0)
rlm_sql (sql): Executing select query: SELECT id, nasname, shortname, type, secret, server FROM nas
rlm_sql (sql): Adding client 192.168.10.50 (4. Etage Serverraum) to global clients list
rlm_sql (192.168.10.50): Client "4. Etage Serverraum" (sql) added
rlm_sql (sql): Adding client 192.168.10.51 (4. Etage Drucker) to global clients list
rlm_sql (192.168.10.51): Client "4. Etage Drucker" (sql) added
rlm_sql (sql): Adding client 192.168.10.1 (Firewall) to global clients list
rlm_sql (192.168.10.1): Client "Firewall" (sql) added
rlm_sql (sql): Released connection (0)
Need 5 more connections to reach 10 spares
rlm_sql (sql): Opening additional connection (5), 1 of 27 pending slots used
rlm_sql_sqlite: Opening SQLite database "/var/db/radius/freeradius.db"
} # modules
radiusd: #### Loading Virtual Servers ####
server { # from file /usr/local/etc/raddb/radiusd.conf
} # server
server default { # from file /usr/local/etc/raddb/sites-enabled/default
# Loading authenticate {...}
# Loading authorize {...}
# Loading preacct {...}
# Loading accounting {...}
# Loading post-proxy {...}
# Loading post-auth {...}
} # server default
server inner-tunnel { # from file /usr/local/etc/raddb/sites-enabled/inner-tunnel
# Loading authenticate {...}
# Loading authorize {...}
Ignoring "ldap" (see raddb/mods-available/README.rst)
# Loading session {...}
# Loading post-proxy {...}
# Loading post-auth {...}
# Skipping contents of 'if' as it is always 'false' -- /usr/local/etc/raddb/sites-enabled/inner-tunnel:336
} # server inner-tunnel
radiusd: #### Opening IP addresses and Ports ####
listen {
type = "auth"
ipaddr = *
port = 0
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
listen {
type = "acct"
ipaddr = *
port = 0
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
listen {
type = "auth"
ipv6addr = ::
port = 0
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
listen {
type = "acct"
ipv6addr = ::
port = 0
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
listen {
type = "auth"
ipaddr = 127.0.0.1
port = 18120
}
Listening on auth address * port 1812 bound to server default
Listening on acct address * port 1813 bound to server default
Listening on auth address :: port 1812 bound to server default
Listening on acct address :: port 1813 bound to server default
Listening on auth address 127.0.0.1 port 18120 bound to server inner-tunnel
Listening on proxy address * port 63029
Listening on proxy address :: port 63030
Ready to process requests
More information about the Freeradius-Users
mailing list