freeradius tacacs site
Саша Щербаков
sashasaturn at gmail.com
Thu Aug 19 15:14:20 CEST 2021
Hi people,
Looks like I can't enable tacacs site with freeradius 3.0.23
I've added two files to the default docker container
/etc/freeradius/sites-enabled/tacacs
/etc/freeradius/policy.d/tacacs
and when I'm trying to start it I'm getting the following error
freeradius | /etc/freeradius/policy.d/tacacs[18]: Failed to find
"subrequest" as a module or policy.
freeradius | /etc/freeradius/policy.d/tacacs[18]: Please verify that the
configuration exists in /etc/freeradius/mods-enabled/subrequest.
freeradius | /etc/freeradius/policy.d/tacacs[18]: Failed to parse
"subrequest" subsection.
freeradius | /etc/freeradius/sites-enabled/tacacs[106]: Errors parsing
authenticate section.
Detailed docker output below
Recreating freeradius ... done
Attaching to freeradius
freeradius | FreeRADIUS Version 3.0.23
freeradius | Copyright (C) 1999-2021 The FreeRADIUS server project and
contributors
freeradius | There is NO warranty; not even for MERCHANTABILITY or
FITNESS FOR A
freeradius | PARTICULAR PURPOSE
freeradius | You may redistribute copies of FreeRADIUS under the terms
of the
freeradius | GNU General Public License
freeradius | For more information about these matters, see the file
named COPYRIGHT
freeradius | Starting - reading configuration files ...
freeradius | including dictionary file /usr/share/freeradius/dictionary
freeradius | including dictionary file /usr/share/freeradius
/dictionary.dhcp
freeradius | including dictionary file /usr/share/freeradius
/dictionary.vqp
freeradius | including dictionary file /etc/freeradius/dictionary
freeradius | including configuration file /etc/freeradius/radiusd.conf
freeradius | including configuration file /etc/freeradius/proxy.conf
freeradius | including configuration file /etc/freeradius/clients.conf
freeradius | including files in directory /etc/freeradius/mods-enabled/
freeradius | including configuration file /etc/freeradius
/mods-enabled/ntlm_auth
freeradius | including configuration file /etc/freeradius
/mods-enabled/chap
freeradius | including configuration file /etc/freeradius
/mods-enabled/detail
freeradius | including configuration file /etc/freeradius
/mods-enabled/digest
freeradius | including configuration file /etc/freeradius
/mods-enabled/echo
freeradius | including configuration file /etc/freeradius
/mods-enabled/exec
freeradius | including configuration file /etc/freeradius
/mods-enabled/unix
freeradius | including configuration file /etc/freeradius
/mods-enabled/radutmp
freeradius | including configuration file /etc/freeradius
/mods-enabled/files
freeradius | including configuration file /etc/freeradius
/mods-enabled/linelog
freeradius | including configuration file /etc/freeradius
/mods-enabled/cache_eap
freeradius | including configuration file /etc/freeradius
/mods-enabled/logintime
freeradius | including configuration file /etc/freeradius
/mods-enabled/realm
freeradius | including configuration file /etc/freeradius
/mods-enabled/eap
freeradius | including configuration file /etc/freeradius
/mods-enabled/passwd
freeradius | including configuration file /etc/freeradius
/mods-enabled/expr
freeradius | including configuration file /etc/freeradius
/mods-enabled/totp
freeradius | including configuration file /etc/freeradius
/mods-enabled/expiration
freeradius | including configuration file /etc/freeradius
/mods-enabled/always
freeradius | including configuration file /etc/freeradius
/mods-enabled/preprocess
freeradius | including configuration file /etc/freeradius
/mods-enabled/unpack
freeradius | including configuration file /etc/freeradius
/mods-enabled/replicate
freeradius | including configuration file /etc/freeradius
/mods-enabled/detail.log
freeradius | including configuration file /etc/freeradius
/mods-enabled/pap
freeradius | including configuration file /etc/freeradius
/mods-enabled/soh
freeradius | including configuration file /etc/freeradius
/mods-enabled/mschap
freeradius | including configuration file /etc/freeradius
/mods-enabled/sradutmp
freeradius | including configuration file /etc/freeradius
/mods-enabled/utf8
freeradius | including configuration file /etc/freeradius
/mods-enabled/attr_filter
freeradius | including configuration file /etc/freeradius
/mods-enabled/date
freeradius | including configuration file /etc/freeradius
/mods-enabled/dynamic_clients
freeradius | including files in directory /etc/freeradius/policy.d/
freeradius | including configuration file /etc/freeradius
/policy.d/abfab-tr
freeradius | including configuration file /etc/freeradius/policy.d/dhcp
freeradius | including configuration file /etc/freeradius
/policy.d/canonicalization
freeradius | including configuration file /etc/freeradius
/policy.d/rfc7542
freeradius | including configuration file /etc/freeradius/policy.d/debug
freeradius | including configuration file /etc/freeradius/policy.d/eap
freeradius | including configuration file /etc/freeradius
/policy.d/accounting
freeradius | including configuration file /etc/freeradius/policy.d/filter
freeradius | including configuration file /etc/freeradius/policy.d/cui
freeradius | including configuration file /etc/freeradius
/policy.d/control
freeradius | including configuration file /etc/freeradius
/policy.d/moonshot-targeted-ids
freeradius | including configuration file /etc/freeradius
/policy.d/operator-name
freeradius | including configuration file /etc/freeradius/policy.d/tacacs
freeradius | including files in directory /etc/freeradius/sites-enabled/
freeradius | including configuration file /etc/freeradius
/sites-enabled/default
freeradius | including configuration file /etc/freeradius
/sites-enabled/inner-tunnel
freeradius | including configuration file /etc/freeradius
/sites-enabled/tacacs
freeradius | main {
freeradius | security {
freeradius | user = "freerad"
freeradius | group = "freerad"
freeradius | allow_core_dumps = no
freeradius | }
freeradius | name = "freeradius"
freeradius | prefix = "/usr"
freeradius | localstatedir = "/var"
freeradius | logdir = "/var/log/freeradius"
freeradius | run_dir = "/var/run/freeradius"
freeradius | }
freeradius | main {
freeradius | name = "freeradius"
freeradius | prefix = "/usr"
freeradius | localstatedir = "/var"
freeradius | sbindir = "/usr/sbin"
freeradius | logdir = "/var/log/freeradius"
freeradius | run_dir = "/var/run/freeradius"
freeradius | libdir = "/usr/lib/freeradius"
freeradius | radacctdir = "/var/log/freeradius/radacct"
freeradius | hostname_lookups = no
freeradius | max_request_time = 30
freeradius | cleanup_delay = 5
freeradius | max_requests = 16384
freeradius | postauth_client_lost = no
freeradius | pidfile = "/var/run/freeradius/freeradius.pid"
freeradius | checkrad = "/usr/sbin/checkrad"
freeradius | debug_level = 0
freeradius | proxy_requests = yes
freeradius | log {
freeradius | stripped_names = no
freeradius | auth = no
freeradius | auth_badpass = no
freeradius | auth_goodpass = no
freeradius | colourise = yes
freeradius | msg_denied = "You are already logged in - access denied"
freeradius | }
freeradius | resources {
freeradius | }
freeradius | security {
freeradius | max_attributes = 200
freeradius | reject_delay = 1.000000
freeradius | status_server = yes
freeradius | }
freeradius | }
freeradius | radiusd: #### Loading Realms and Home Servers ####
freeradius | proxy server {
freeradius | retry_delay = 5
freeradius | retry_count = 3
freeradius | default_fallback = no
freeradius | dead_time = 120
freeradius | wake_all_if_all_dead = no
freeradius | }
freeradius | home_server localhost {
freeradius | ipaddr = 127.0.0.1
freeradius | port = 1812
freeradius | type = "auth"
freeradius | secret = <<< secret >>>
freeradius | response_window = 20.000000
freeradius | response_timeouts = 1
freeradius | max_outstanding = 65536
freeradius | zombie_period = 40
freeradius | status_check = "status-server"
freeradius | ping_interval = 30
freeradius | check_interval = 30
freeradius | check_timeout = 4
freeradius | num_answers_to_alive = 3
freeradius | revive_interval = 120
freeradius | limit {
freeradius | max_connections = 16
freeradius | max_requests = 0
freeradius | lifetime = 0
freeradius | idle_timeout = 0
freeradius | }
freeradius | coa {
freeradius | irt = 2
freeradius | mrt = 16
freeradius | mrc = 5
freeradius | mrd = 30
freeradius | }
freeradius | }
freeradius | home_server_pool my_auth_failover {
freeradius | type = fail-over
freeradius | home_server = localhost
freeradius | }
freeradius | realm example.com {
freeradius | auth_pool = my_auth_failover
freeradius | }
freeradius | realm LOCAL {
freeradius | }
freeradius | radiusd: #### Loading Clients ####
freeradius | client localhost {
freeradius | ipaddr = 127.0.0.1
freeradius | require_message_authenticator = no
freeradius | secret = <<< secret >>>
freeradius | nas_type = "other"
freeradius | proto = "*"
freeradius | limit {
freeradius | max_connections = 16
freeradius | lifetime = 0
freeradius | idle_timeout = 30
freeradius | }
freeradius | }
freeradius | client localhost_ipv6 {
freeradius | ipv6addr = ::1
freeradius | require_message_authenticator = no
freeradius | secret = <<< secret >>>
freeradius | limit {
freeradius | max_connections = 16
freeradius | lifetime = 0
freeradius | idle_timeout = 30
freeradius | }
freeradius | }
freeradius | Debug state unknown (cap_sys_ptrace capability not set)
freeradius | systemd watchdog is disabled
freeradius | # Creating Auth-Type = mschap
freeradius | # Creating Auth-Type = digest
freeradius | # Creating Auth-Type = eap
freeradius | # Creating Auth-Type = PAP
freeradius | # Creating Auth-Type = CHAP
freeradius | # Creating Auth-Type = MS-CHAP
freeradius | # Creating Autz-Type = New-TLS-Connection
freeradius | # Creating Auth-Type = tacacs_pap
freeradius | radiusd: #### Instantiating modules ####
freeradius | modules {
freeradius | # Loaded module rlm_exec
freeradius | # Loading module "ntlm_auth" from file /etc/freeradius
/mods-enabled/ntlm_auth
freeradius | exec ntlm_auth {
freeradius | wait = yes
freeradius | program = "/path/to/ntlm_auth --request-nt-key
--domain=MYDOMAIN --username=%{mschap:User-Name}
--password=%{User-Password}"
freeradius | shell_escape = yes
freeradius | }
freeradius | # Loaded module rlm_chap
freeradius | # Loading module "chap" from file /etc/freeradius
/mods-enabled/chap
freeradius | # Loaded module rlm_detail
freeradius | # Loading module "detail" from file /etc/freeradius
/mods-enabled/detail
freeradius | detail {
freeradius | filename = "/var/log/freeradius
/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d"
freeradius | header = "%t"
freeradius | permissions = 384
freeradius | locking = no
freeradius | escape_filenames = no
freeradius | log_packet_header = no
freeradius | }
freeradius | # Loaded module rlm_digest
freeradius | # Loading module "digest" from file /etc/freeradius
/mods-enabled/digest
freeradius | # Loading module "echo" from file /etc/freeradius
/mods-enabled/echo
freeradius | exec echo {
freeradius | wait = yes
freeradius | program = "/bin/echo %{User-Name}"
freeradius | input_pairs = "request"
freeradius | output_pairs = "reply"
freeradius | shell_escape = yes
freeradius | }
freeradius | # Loading module "exec" from file /etc/freeradius
/mods-enabled/exec
freeradius | exec {
freeradius | wait = no
freeradius | input_pairs = "request"
freeradius | shell_escape = yes
freeradius | timeout = 10
freeradius | }
freeradius | # Loaded module rlm_unix
freeradius | # Loading module "unix" from file /etc/freeradius
/mods-enabled/unix
freeradius | unix {
freeradius | radwtmp = "/var/log/freeradius/radwtmp"
freeradius | }
freeradius | Creating attribute Unix-Group
freeradius | # Loaded module rlm_radutmp
freeradius | # Loading module "radutmp" from file /etc/freeradius
/mods-enabled/radutmp
freeradius | radutmp {
freeradius | filename = "/var/log/freeradius/radutmp"
freeradius | username = "%{User-Name}"
freeradius | case_sensitive = yes
freeradius | check_with_nas = yes
freeradius | permissions = 384
freeradius | caller_id = yes
freeradius | }
freeradius | # Loaded module rlm_files
freeradius | # Loading module "files" from file /etc/freeradius
/mods-enabled/files
freeradius | files {
freeradius | filename = "/etc/freeradius/mods-config/files/authorize"
freeradius | acctusersfile = "/etc/freeradius
/mods-config/files/accounting"
freeradius | preproxy_usersfile = "/etc/freeradius
/mods-config/files/pre-proxy"
freeradius | }
freeradius | # Loaded module rlm_linelog
freeradius | # Loading module "linelog" from file /etc/freeradius
/mods-enabled/linelog
freeradius | linelog {
freeradius | filename = "/var/log/freeradius/linelog"
freeradius | escape_filenames = no
freeradius | syslog_severity = "info"
freeradius | permissions = 384
freeradius | format = "This is a log message for %{User-Name}"
freeradius | reference = "messages.%{%{reply:Packet-Type}:-default}"
freeradius | }
freeradius | # Loading module "log_accounting" from file /etc/
freeradius/mods-enabled/linelog
freeradius | linelog log_accounting {
freeradius | filename = "/var/log/freeradius/linelog-accounting"
freeradius | escape_filenames = no
freeradius | syslog_severity = "info"
freeradius | permissions = 384
freeradius | format = ""
freeradius | reference =
"Accounting-Request.%{%{Acct-Status-Type}:-unknown}"
freeradius | }
freeradius | # Loaded module rlm_cache
freeradius | # Loading module "cache_eap" from file /etc/freeradius
/mods-enabled/cache_eap
freeradius | cache cache_eap {
freeradius | driver = "rlm_cache_rbtree"
freeradius | key = "%{%{control:State}:-%{%{reply:State}:-%{State}}}"
freeradius | ttl = 15
freeradius | max_entries = 0
freeradius | epoch = 0
freeradius | add_stats = no
freeradius | }
freeradius | # Loaded module rlm_logintime
freeradius | # Loading module "logintime" from file /etc/freeradius
/mods-enabled/logintime
freeradius | logintime {
freeradius | minimum_timeout = 60
freeradius | }
freeradius | # Loaded module rlm_realm
freeradius | # Loading module "IPASS" from file /etc/freeradius
/mods-enabled/realm
freeradius | realm IPASS {
freeradius | format = "prefix"
freeradius | delimiter = "/"
freeradius | ignore_default = no
freeradius | ignore_null = no
freeradius | }
freeradius | # Loading module "suffix" from file /etc/freeradius
/mods-enabled/realm
freeradius | realm suffix {
freeradius | format = "suffix"
freeradius | delimiter = "@"
freeradius | ignore_default = no
freeradius | ignore_null = no
freeradius | }
freeradius | # Loading module "bangpath" from file /etc/freeradius
/mods-enabled/realm
freeradius | realm bangpath {
freeradius | format = "prefix"
freeradius | delimiter = "!"
freeradius | ignore_default = no
freeradius | ignore_null = no
freeradius | }
freeradius | # Loading module "realmpercent" from file /etc/freeradius
/mods-enabled/realm
freeradius | realm realmpercent {
freeradius | format = "suffix"
freeradius | delimiter = "%"
freeradius | ignore_default = no
freeradius | ignore_null = no
freeradius | }
freeradius | # Loading module "ntdomain" from file /etc/freeradius
/mods-enabled/realm
freeradius | realm ntdomain {
freeradius | format = "prefix"
freeradius | delimiter = "\\"
freeradius | ignore_default = no
freeradius | ignore_null = no
freeradius | }
freeradius | # Loaded module rlm_eap
freeradius | # Loading module "eap" from file /etc/freeradius
/mods-enabled/eap
freeradius | eap {
freeradius | default_eap_type = "md5"
freeradius | timer_expire = 60
freeradius | ignore_unknown_eap_types = no
freeradius | cisco_accounting_username_bug = no
freeradius | max_sessions = 16384
freeradius | }
freeradius | # Loaded module rlm_passwd
freeradius | # Loading module "etc_passwd" from file /etc/freeradius
/mods-enabled/passwd
freeradius | passwd etc_passwd {
freeradius | filename = "/etc/passwd"
freeradius | format = "*User-Name:Crypt-Password:"
freeradius | delimiter = ":"
freeradius | ignore_nislike = no
freeradius | ignore_empty = yes
freeradius | allow_multiple_keys = no
freeradius | hash_size = 100
freeradius | }
freeradius | # Loaded module rlm_expr
freeradius | # Loading module "expr" from file /etc/freeradius
/mods-enabled/expr
freeradius | expr {
freeradius | safe_characters =
"@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_:
/äéöüàâæçèéêëîïôœùûüaÿÄÉÖÜßÀÂÆÇÈÉÊËÎÏÔŒÙÛÜŸ"
freeradius | }
freeradius | # Loaded module rlm_totp
freeradius | # Loading module "totp" from file /etc/freeradius
/mods-enabled/totp
freeradius | # Loaded module rlm_expiration
freeradius | # Loading module "expiration" from file /etc/freeradius
/mods-enabled/expiration
freeradius | # Loaded module rlm_always
freeradius | # Loading module "reject" from file /etc/freeradius
/mods-enabled/always
freeradius | always reject {
freeradius | rcode = "reject"
freeradius | simulcount = 0
freeradius | mpp = no
freeradius | }
freeradius | # Loading module "fail" from file /etc/freeradius
/mods-enabled/always
freeradius | always fail {
freeradius | rcode = "fail"
freeradius | simulcount = 0
freeradius | mpp = no
freeradius | }
freeradius | # Loading module "ok" from file /etc/freeradius
/mods-enabled/always
freeradius | always ok {
freeradius | rcode = "ok"
freeradius | simulcount = 0
freeradius | mpp = no
freeradius | }
freeradius | # Loading module "handled" from file /etc/freeradius
/mods-enabled/always
freeradius | always handled {
freeradius | rcode = "handled"
freeradius | simulcount = 0
freeradius | mpp = no
freeradius | }
freeradius | # Loading module "invalid" from file /etc/freeradius
/mods-enabled/always
freeradius | always invalid {
freeradius | rcode = "invalid"
freeradius | simulcount = 0
freeradius | mpp = no
freeradius | }
freeradius | # Loading module "userlock" from file /etc/freeradius
/mods-enabled/always
freeradius | always userlock {
freeradius | rcode = "userlock"
freeradius | simulcount = 0
freeradius | mpp = no
freeradius | }
freeradius | # Loading module "notfound" from file /etc/freeradius
/mods-enabled/always
freeradius | always notfound {
freeradius | rcode = "notfound"
freeradius | simulcount = 0
freeradius | mpp = no
freeradius | }
freeradius | # Loading module "noop" from file /etc/freeradius
/mods-enabled/always
freeradius | always noop {
freeradius | rcode = "noop"
freeradius | simulcount = 0
freeradius | mpp = no
freeradius | }
freeradius | # Loading module "updated" from file /etc/freeradius
/mods-enabled/always
freeradius | always updated {
freeradius | rcode = "updated"
freeradius | simulcount = 0
freeradius | mpp = no
freeradius | }
freeradius | # Loaded module rlm_preprocess
freeradius | # Loading module "preprocess" from file /etc/freeradius
/mods-enabled/preprocess
freeradius | preprocess {
freeradius | huntgroups = "/etc/freeradius
/mods-config/preprocess/huntgroups"
freeradius | hints = "/etc/freeradius/mods-config/preprocess/hints"
freeradius | with_ascend_hack = no
freeradius | ascend_channels_per_line = 23
freeradius | with_ntdomain_hack = no
freeradius | with_specialix_jetstream_hack = no
freeradius | with_cisco_vsa_hack = no
freeradius | with_alvarion_vsa_hack = no
freeradius | }
freeradius | # Loaded module rlm_unpack
freeradius | # Loading module "unpack" from file /etc/freeradius
/mods-enabled/unpack
freeradius | # Loaded module rlm_replicate
freeradius | # Loading module "replicate" from file /etc/freeradius
/mods-enabled/replicate
freeradius | # Loading module "auth_log" from file /etc/freeradius
/mods-enabled/detail.log
freeradius | detail auth_log {
freeradius | filename = "/var/log/freeradius
/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d"
freeradius | header = "%t"
freeradius | permissions = 384
freeradius | locking = no
freeradius | escape_filenames = no
freeradius | log_packet_header = no
freeradius | }
freeradius | # Loading module "reply_log" from file /etc/freeradius
/mods-enabled/detail.log
freeradius | detail reply_log {
freeradius | filename = "/var/log/freeradius
/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/reply-detail-%Y%m%d"
freeradius | header = "%t"
freeradius | permissions = 384
freeradius | locking = no
freeradius | escape_filenames = no
freeradius | log_packet_header = no
freeradius | }
freeradius | # Loading module "pre_proxy_log" from file /etc/freeradius
/mods-enabled/detail.log
freeradius | detail pre_proxy_log {
freeradius | filename = "/var/log/freeradius
/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/pre-proxy-detail-%Y%m%d"
freeradius | header = "%t"
freeradius | permissions = 384
freeradius | locking = no
freeradius | escape_filenames = no
freeradius | log_packet_header = no
freeradius | }
freeradius | # Loading module "post_proxy_log" from file /etc/
freeradius/mods-enabled/detail.log
freeradius | detail post_proxy_log {
freeradius | filename = "/var/log/freeradius
/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/post-proxy-detail-%Y%m%d"
freeradius | header = "%t"
freeradius | permissions = 384
freeradius | locking = no
freeradius | escape_filenames = no
freeradius | log_packet_header = no
freeradius | }
freeradius | # Loaded module rlm_pap
freeradius | # Loading module "pap" from file /etc/freeradius
/mods-enabled/pap
freeradius | pap {
freeradius | normalise = yes
freeradius | }
freeradius | # Loaded module rlm_soh
freeradius | # Loading module "soh" from file /etc/freeradius
/mods-enabled/soh
freeradius | soh {
freeradius | dhcp = yes
freeradius | }
freeradius | # Loaded module rlm_mschap
freeradius | # Loading module "mschap" from file /etc/freeradius
/mods-enabled/mschap
freeradius | mschap {
freeradius | use_mppe = yes
freeradius | require_encryption = no
freeradius | require_strong = no
freeradius | with_ntdomain_hack = yes
freeradius | passchange {
freeradius | }
freeradius | allow_retry = yes
freeradius | winbind_retry_with_normalised_username = no
freeradius | }
freeradius | # Loading module "sradutmp" from file /etc/freeradius
/mods-enabled/sradutmp
freeradius | radutmp sradutmp {
freeradius | filename = "/var/log/freeradius/sradutmp"
freeradius | username = "%{User-Name}"
freeradius | case_sensitive = yes
freeradius | check_with_nas = yes
freeradius | permissions = 420
freeradius | caller_id = no
freeradius | }
freeradius | # Loaded module rlm_utf8
freeradius | # Loading module "utf8" from file /etc/freeradius
/mods-enabled/utf8
freeradius | # Loaded module rlm_attr_filter
freeradius | # Loading module "attr_filter.post-proxy" from file /etc/
freeradius/mods-enabled/attr_filter
freeradius | attr_filter attr_filter.post-proxy {
freeradius | filename = "/etc/freeradius
/mods-config/attr_filter/post-proxy"
freeradius | key = "%{Realm}"
freeradius | relaxed = no
freeradius | }
freeradius | # Loading module "attr_filter.pre-proxy" from file /etc/
freeradius/mods-enabled/attr_filter
freeradius | attr_filter attr_filter.pre-proxy {
freeradius | filename = "/etc/freeradius
/mods-config/attr_filter/pre-proxy"
freeradius | key = "%{Realm}"
freeradius | relaxed = no
freeradius | }
freeradius | # Loading module "attr_filter.access_reject" from file
/etc/freeradius/mods-enabled/attr_filter
freeradius | attr_filter attr_filter.access_reject {
freeradius | filename = "/etc/freeradius
/mods-config/attr_filter/access_reject"
freeradius | key = "%{User-Name}"
freeradius | relaxed = no
freeradius | }
freeradius | # Loading module "attr_filter.access_challenge" from file
/etc/freeradius/mods-enabled/attr_filter
freeradius | attr_filter attr_filter.access_challenge {
freeradius | filename = "/etc/freeradius
/mods-config/attr_filter/access_challenge"
freeradius | key = "%{User-Name}"
freeradius | relaxed = no
freeradius | }
freeradius | # Loading module "attr_filter.accounting_response" from
file /etc/freeradius/mods-enabled/attr_filter
freeradius | attr_filter attr_filter.accounting_response {
freeradius | filename = "/etc/freeradius
/mods-config/attr_filter/accounting_response"
freeradius | key = "%{User-Name}"
freeradius | relaxed = no
freeradius | }
freeradius | # Loading module "attr_filter.coa" from file /etc/
freeradius/mods-enabled/attr_filter
freeradius | attr_filter attr_filter.coa {
freeradius | filename = "/etc/freeradius/mods-config/attr_filter/coa"
freeradius | key = "%{User-Name}"
freeradius | relaxed = no
freeradius | }
freeradius | # Loaded module rlm_date
freeradius | # Loading module "date" from file /etc/freeradius
/mods-enabled/date
freeradius | date {
freeradius | format = "%b %e %Y %H:%M:%S %Z"
freeradius | utc = no
freeradius | }
freeradius | # Loading module "wispr2date" from file /etc/freeradius
/mods-enabled/date
freeradius | date wispr2date {
freeradius | format = "%Y-%m-%dT%H:%M:%S"
freeradius | utc = no
freeradius | }
freeradius | # Loaded module rlm_dynamic_clients
freeradius | # Loading module "dynamic_clients" from file /etc/
freeradius/mods-enabled/dynamic_clients
freeradius | instantiate {
freeradius | }
freeradius | # Instantiating module "detail" from file /etc/freeradius
/mods-enabled/detail
freeradius | # Instantiating module "files" from file /etc/freeradius
/mods-enabled/files
freeradius | reading pairlist file /etc/freeradius
/mods-config/files/authorize
freeradius | reading pairlist file /etc/freeradius
/mods-config/files/accounting
freeradius | reading pairlist file /etc/freeradius
/mods-config/files/pre-proxy
freeradius | # Instantiating module "linelog" from file /etc/freeradius
/mods-enabled/linelog
freeradius | # Instantiating module "log_accounting" from file /etc/
freeradius/mods-enabled/linelog
freeradius | # Instantiating module "cache_eap" from file /etc/
freeradius/mods-enabled/cache_eap
freeradius | rlm_cache (cache_eap): Driver rlm_cache_rbtree (module
rlm_cache_rbtree) loaded and linked
freeradius | # Instantiating module "logintime" from file /etc/
freeradius/mods-enabled/logintime
freeradius | # Instantiating module "IPASS" from file /etc/freeradius
/mods-enabled/realm
freeradius | # Instantiating module "suffix" from file /etc/freeradius
/mods-enabled/realm
freeradius | # Instantiating module "bangpath" from file /etc/
freeradius/mods-enabled/realm
freeradius | # Instantiating module "realmpercent" from file /etc/
freeradius/mods-enabled/realm
freeradius | # Instantiating module "ntdomain" from file /etc/
freeradius/mods-enabled/realm
freeradius | # Instantiating module "eap" from file /etc/freeradius
/mods-enabled/eap
freeradius | # Linked to sub-module rlm_eap_md5
freeradius | # Linked to sub-module rlm_eap_gtc
freeradius | gtc {
freeradius | challenge = "Password: "
freeradius | auth_type = "PAP"
freeradius | }
freeradius | # Linked to sub-module rlm_eap_tls
freeradius | tls {
freeradius | tls = "tls-common"
freeradius | }
freeradius | tls-config tls-common {
freeradius | verify_depth = 0
freeradius | ca_path = "/etc/freeradius/certs"
freeradius | pem_file_type = yes
freeradius | private_key_file = "/etc/freeradius/certs/server.pem"
freeradius | certificate_file = "/etc/freeradius/certs/server.pem"
freeradius | ca_file = "/etc/freeradius/certs/ca.pem"
freeradius | private_key_password = <<< secret >>>
freeradius | dh_file = "/etc/freeradius/certs/dh"
freeradius | fragment_size = 1024
freeradius | include_length = yes
freeradius | auto_chain = yes
freeradius | check_crl = no
freeradius | check_all_crl = no
freeradius | ca_path_reload_interval = 0
freeradius | cipher_list = "DEFAULT"
freeradius | cipher_server_preference = no
freeradius | ecdh_curve = "prime256v1"
freeradius | tls_max_version = "1.2"
freeradius | tls_min_version = "1.2"
freeradius | cache {
freeradius | enable = no
freeradius | lifetime = 24
freeradius | max_entries = 255
freeradius | }
freeradius | verify {
freeradius | skip_if_ocsp_ok = no
freeradius | }
freeradius | ocsp {
freeradius | enable = no
freeradius | override_cert_url = yes
freeradius | url = "http://127.0.0.1/ocsp/"
freeradius | use_nonce = yes
freeradius | timeout = 0
freeradius | softfail = no
freeradius | }
freeradius | }
freeradius | # Linked to sub-module rlm_eap_ttls
freeradius | ttls {
freeradius | tls = "tls-common"
freeradius | default_eap_type = "md5"
freeradius | copy_request_to_tunnel = no
freeradius | use_tunneled_reply = no
freeradius | virtual_server = "inner-tunnel"
freeradius | include_length = yes
freeradius | require_client_cert = no
freeradius | }
freeradius | tls: Using cached TLS configuration from previous invocation
freeradius | # Linked to sub-module rlm_eap_peap
freeradius | peap {
freeradius | tls = "tls-common"
freeradius | default_eap_type = "mschapv2"
freeradius | copy_request_to_tunnel = no
freeradius | use_tunneled_reply = no
freeradius | proxy_tunneled_request_as_eap = yes
freeradius | virtual_server = "inner-tunnel"
freeradius | soh = no
freeradius | require_client_cert = no
freeradius | }
freeradius | tls: Using cached TLS configuration from previous invocation
freeradius | # Linked to sub-module rlm_eap_mschapv2
freeradius | mschapv2 {
freeradius | with_ntdomain_hack = no
freeradius | send_error = no
freeradius | }
freeradius | # Instantiating module "etc_passwd" from file /etc/
freeradius/mods-enabled/passwd
freeradius | rlm_passwd: nfields: 3 keyfield 0(User-Name) listable: no
freeradius | # Instantiating module "expiration" from file /etc/
freeradius/mods-enabled/expiration
freeradius | # Instantiating module "reject" from file /etc/freeradius
/mods-enabled/always
freeradius | # Instantiating module "fail" from file /etc/freeradius
/mods-enabled/always
freeradius | # Instantiating module "ok" from file /etc/freeradius
/mods-enabled/always
freeradius | # Instantiating module "handled" from file /etc/freeradius
/mods-enabled/always
freeradius | # Instantiating module "invalid" from file /etc/freeradius
/mods-enabled/always
freeradius | # Instantiating module "userlock" from file /etc/
freeradius/mods-enabled/always
freeradius | # Instantiating module "notfound" from file /etc/
freeradius/mods-enabled/always
freeradius | # Instantiating module "noop" from file /etc/freeradius
/mods-enabled/always
freeradius | # Instantiating module "updated" from file /etc/freeradius
/mods-enabled/always
freeradius | # Instantiating module "preprocess" from file /etc/
freeradius/mods-enabled/preprocess
freeradius | reading pairlist file /etc/freeradius
/mods-config/preprocess/huntgroups
freeradius | reading pairlist file /etc/freeradius
/mods-config/preprocess/hints
freeradius | # Instantiating module "auth_log" from file /etc/
freeradius/mods-enabled/detail.log
freeradius | rlm_detail (auth_log): 'User-Password' suppressed, will not
appear in detail output
freeradius | # Instantiating module "reply_log" from file /etc/
freeradius/mods-enabled/detail.log
freeradius | # Instantiating module "pre_proxy_log" from file /etc/
freeradius/mods-enabled/detail.log
freeradius | # Instantiating module "post_proxy_log" from file /etc/
freeradius/mods-enabled/detail.log
freeradius | # Instantiating module "pap" from file /etc/freeradius
/mods-enabled/pap
freeradius | # Instantiating module "mschap" from file /etc/freeradius
/mods-enabled/mschap
freeradius | rlm_mschap (mschap): using internal authentication
freeradius | # Instantiating module "attr_filter.post-proxy" from file
/etc/freeradius/mods-enabled/attr_filter
freeradius | reading pairlist file /etc/freeradius
/mods-config/attr_filter/post-proxy
freeradius | # Instantiating module "attr_filter.pre-proxy" from file
/etc/freeradius/mods-enabled/attr_filter
freeradius | reading pairlist file /etc/freeradius
/mods-config/attr_filter/pre-proxy
freeradius | # Instantiating module "attr_filter.access_reject" from
file /etc/freeradius/mods-enabled/attr_filter
freeradius | reading pairlist file /etc/freeradius
/mods-config/attr_filter/access_reject
freeradius | # Instantiating module "attr_filter.access_challenge"
from file /etc/freeradius/mods-enabled/attr_filter
freeradius | reading pairlist file /etc/freeradius
/mods-config/attr_filter/access_challenge
freeradius | # Instantiating module "attr_filter.accounting_response"
from file /etc/freeradius/mods-enabled/attr_filter
freeradius | reading pairlist file /etc/freeradius
/mods-config/attr_filter/accounting_response
freeradius | # Instantiating module "attr_filter.coa" from file /etc/
freeradius/mods-enabled/attr_filter
freeradius | reading pairlist file /etc/freeradius
/mods-config/attr_filter/coa
freeradius | } # modules
freeradius | radiusd: #### Loading Virtual Servers ####
freeradius | server { # from file /etc/freeradius/radiusd.conf
freeradius | } # server
freeradius | server default { # from file /etc/freeradius
/sites-enabled/default
freeradius | # Loading authenticate {...}
freeradius | Compiling Auth-Type PAP for attr Auth-Type
freeradius | Compiling Auth-Type CHAP for attr Auth-Type
freeradius | Compiling Auth-Type MS-CHAP for attr Auth-Type
freeradius | # Loading authorize {...}
freeradius | Ignoring "sql" (see raddb/mods-available/README.rst)
freeradius | Ignoring "ldap" (see raddb/mods-available/README.rst)
freeradius | Compiling Autz-Type New-TLS-Connection for attr Autz-Type
freeradius | # Loading preacct {...}
freeradius | # Loading accounting {...}
freeradius | # Loading post-proxy {...}
freeradius | # Loading post-auth {...}
freeradius | Compiling Post-Auth-Type REJECT for attr Post-Auth-Type
freeradius | Compiling Post-Auth-Type Challenge for attr Post-Auth-Type
freeradius | Compiling Post-Auth-Type Client-Lost for attr Post-Auth-Type
freeradius | } # server default
freeradius | server inner-tunnel { # from file /etc/freeradius
/sites-enabled/inner-tunnel
freeradius | # Loading authenticate {...}
freeradius | Compiling Auth-Type PAP for attr Auth-Type
freeradius | Compiling Auth-Type CHAP for attr Auth-Type
freeradius | Compiling Auth-Type MS-CHAP for attr Auth-Type
freeradius | # Loading authorize {...}
freeradius | # Loading session {...}
freeradius | # Loading post-proxy {...}
freeradius | # Loading post-auth {...}
freeradius | # Skipping contents of 'if' as it is always 'false' --
/etc/freeradius/sites-enabled/inner-tunnel:336
freeradius | Compiling Post-Auth-Type REJECT for attr Post-Auth-Type
freeradius | } # server inner-tunnel
freeradius | server tacacs { # from file /etc/freeradius
/sites-enabled/tacacs
freeradius | # Loading authenticate {...}
freeradius | /etc/freeradius/policy.d/tacacs[18]: Failed to find
"subrequest" as a module or policy.
freeradius | /etc/freeradius/policy.d/tacacs[18]: Please verify that the
configuration exists in /etc/freeradius/mods-enabled/subrequest.
freeradius | /etc/freeradius/policy.d/tacacs[18]: Failed to parse
"subrequest" subsection.
freeradius | /etc/freeradius/sites-enabled/tacacs[106]: Errors parsing
authenticate section.
freeradius exited with code 1
Thanks in advance,
--Alex
--
Thanks,
Alex Shcherbakov
+38(093)690-32-46
More information about the Freeradius-Users
mailing list