Setting up RADIUS to send accounting packets to multiple database servers simultaneously
Sea Gull
seagull0044 at gmail.com
Tue Aug 2 09:09:45 UTC 2022
Hi,
I would like to set up RADIUS to send accounting packets to a local
MySQL database and a remote PostgreSQL database. From the research that I
did, this does not seem to be possible unless having them set redundant to
each other. Is there a possible way to achieve this, please?
I have started by setting up RADIUS to write accounting packets to the
remote PostgreSQL, which was successful. However, I needed to test that if
the remote database is unavailable, RADIUS will still start up.
Unfortunately, although I did the change below, RADIUS will not start if
the PostgreSQL database is not available. How is it possible to accomplish
this, if not as shown below, please?
pool {
# Connections to create during module instantiation.
# If the server cannot create specified number of
# connections during instantiation it will exit.
# Set to 0 to allow the server to start without the
# database being available.
start = 0
Furthermore, I am attaching RADIUS debug logs showing what I've explained
above.
Thanks in advance.
Kind Regards,
SG
-------------- next part --------------
11:49:11.428[root at TST02_RADAUTH01_POSTGRE mods-available]# radiusd -X
11:49:11.443FreeRADIUS Version 3.0.20
11:49:11.444Copyright (C) 1999-2019 The FreeRADIUS server project and contributors
11:49:11.444There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
11:49:11.444PARTICULAR PURPOSE
11:49:11.445You may redistribute copies of FreeRADIUS under the terms of the
11:49:11.445GNU General Public License
11:49:11.445For more information about these matters, see the file named COPYRIGHT
11:49:11.446Starting - reading configuration files ...
11:49:11.449including dictionary file /usr/share/freeradius/dictionary
11:49:11.466including dictionary file /usr/share/freeradius/dictionary.dhcp
11:49:11.467including dictionary file /usr/share/freeradius/dictionary.vqp
11:49:11.467including dictionary file /etc/raddb/dictionary
11:49:11.467including configuration file /etc/raddb/radiusd.conf
11:49:11.468including configuration file /etc/raddb/proxy.conf
11:49:11.468including configuration file /etc/raddb/clients.conf
11:49:11.468including files in directory /etc/raddb/mods-enabled/
11:49:11.469including configuration file /etc/raddb/mods-enabled/always
11:49:11.469including configuration file /etc/raddb/mods-enabled/attr_filter
11:49:11.469including configuration file /etc/raddb/mods-enabled/cache_eap
11:49:11.470including configuration file /etc/raddb/mods-enabled/chap
11:49:11.470including configuration file /etc/raddb/mods-enabled/date
11:49:11.470including configuration file /etc/raddb/mods-enabled/detail
11:49:11.470including configuration file /etc/raddb/mods-enabled/detail.log
11:49:11.470including configuration file /etc/raddb/mods-enabled/digest
11:49:11.471including configuration file /etc/raddb/mods-enabled/dynamic_clients
11:49:11.471including configuration file /etc/raddb/mods-enabled/eap
11:49:11.472including configuration file /etc/raddb/mods-enabled/echo
11:49:11.472including configuration file /etc/raddb/mods-enabled/exec
11:49:11.472including configuration file /etc/raddb/mods-enabled/expiration
11:49:11.473including configuration file /etc/raddb/mods-enabled/expr
11:49:11.473including configuration file /etc/raddb/mods-enabled/files
11:49:11.474including configuration file /etc/raddb/mods-enabled/linelog
11:49:11.475including configuration file /etc/raddb/mods-enabled/logintime
11:49:11.475including configuration file /etc/raddb/mods-enabled/mschap
11:49:11.475including configuration file /etc/raddb/mods-enabled/ntlm_auth
11:49:11.475including configuration file /etc/raddb/mods-enabled/pap
11:49:11.475including configuration file /etc/raddb/mods-enabled/passwd
11:49:11.476including configuration file /etc/raddb/mods-enabled/preprocess
11:49:11.476including configuration file /etc/raddb/mods-enabled/radutmp
11:49:11.476including configuration file /etc/raddb/mods-enabled/realm
11:49:11.476including configuration file /etc/raddb/mods-enabled/replicate
11:49:11.476including configuration file /etc/raddb/mods-enabled/soh
11:49:11.477including configuration file /etc/raddb/mods-enabled/sradutmp
11:49:11.477including configuration file /etc/raddb/mods-enabled/unix
11:49:11.477including configuration file /etc/raddb/mods-enabled/unpack
11:49:11.477including configuration file /etc/raddb/mods-enabled/utf8
11:49:11.478including configuration file /etc/raddb/mods-enabled/sql
11:49:11.478including configuration file /etc/raddb/mods-config/sql/main/postgresql/queries.conf
11:49:11.478including configuration file /etc/raddb/mods-enabled/ldap
11:49:11.478including files in directory /etc/raddb/policy.d/
11:49:11.479including configuration file /etc/raddb/policy.d/accounting
11:49:11.479including configuration file /etc/raddb/policy.d/canonicalization
11:49:11.479including configuration file /etc/raddb/policy.d/control
11:49:11.479including configuration file /etc/raddb/policy.d/cui
11:49:11.479including configuration file /etc/raddb/policy.d/debug
11:49:11.480including configuration file /etc/raddb/policy.d/dhcp
11:49:11.480including configuration file /etc/raddb/policy.d/eap
11:49:11.481including configuration file /etc/raddb/policy.d/filter
11:49:11.481including configuration file /etc/raddb/policy.d/operator-name
11:49:11.481including configuration file /etc/raddb/policy.d/rfc7542
11:49:11.481including files in directory /etc/raddb/sites-enabled/
11:49:11.481including configuration file /etc/raddb/sites-enabled/default
11:49:11.487including configuration file /etc/raddb/sites-enabled/inner-tunnel
11:49:11.487main {
11:49:11.487 security {
11:49:11.488 user = "radiusd"
11:49:11.488 group = "radiusd"
11:49:11.489 allow_core_dumps = no
11:49:11.489 }
11:49:11.490 name = "radiusd"
11:49:11.491 prefix = "/usr"
11:49:11.491 localstatedir = "/var"
11:49:11.491 logdir = "/var/log/radius"
11:49:11.492 run_dir = "/var/run/radiusd"
11:49:11.492}
11:49:11.492main {
11:49:11.492 name = "radiusd"
11:49:11.492 prefix = "/usr"
11:49:11.492 localstatedir = "/var"
11:49:11.492 sbindir = "/usr/sbin"
11:49:11.493 logdir = "/var/log/radius"
11:49:11.493 run_dir = "/var/run/radiusd"
11:49:11.493 libdir = "/usr/lib64/freeradius"
11:49:11.493 radacctdir = "/var/log/radius/radacct"
11:49:11.493 hostname_lookups = no
11:49:11.493 max_request_time = 30
11:49:11.494 cleanup_delay = 5
11:49:11.494 max_requests = 16384
11:49:11.494 pidfile = "/var/run/radiusd/radiusd.pid"
11:49:11.494 checkrad = "/usr/sbin/checkrad"
11:49:11.494 debug_level = 0
11:49:11.495 proxy_requests = yes
11:49:11.495 log {
11:49:11.495 stripped_names = no
11:49:11.495 auth = no
11:49:11.495 auth_badpass = no
11:49:11.495 auth_goodpass = no
11:49:11.495 colourise = yes
11:49:11.495 msg_denied = "You are already logged in - access denied"
11:49:11.496 }
11:49:11.496 resources {
11:49:11.496 }
11:49:11.496 security {
11:49:11.496 max_attributes = 200
11:49:11.497 reject_delay = 1.000000
11:49:11.497 status_server = yes
11:49:11.497 }
11:49:11.497}
11:49:11.497radiusd: #### Loading Realms and Home Servers ####
11:49:11.497 proxy server {
11:49:11.498 retry_delay = 5
11:49:11.498 retry_count = 3
11:49:11.498 default_fallback = no
11:49:11.498 dead_time = 120
11:49:11.499 wake_all_if_all_dead = no
11:49:11.509 }
11:49:11.509 home_server localhost {
11:49:11.509 ipaddr = 127.0.0.1
11:49:11.510 port = 1812
11:49:11.510 type = "auth"
11:49:11.511 secret = <<< secret >>>
11:49:11.511 response_window = 60.000000
11:49:11.511 response_timeouts = 1
11:49:11.511 max_outstanding = 65536
11:49:11.512 zombie_period = 40
11:49:11.512 status_check = "none"
11:49:11.512 ping_interval = 30
11:49:11.512 check_interval = 30
11:49:11.513 check_timeout = 4
11:49:11.513 num_answers_to_alive = 3
11:49:11.513 revive_interval = 120
11:49:11.513 limit {
11:49:11.514 max_connections = 16
11:49:11.514 max_requests = 0
11:49:11.514 lifetime = 0
11:49:11.514 idle_timeout = 0
11:49:11.514 }
11:49:11.515 coa {
11:49:11.515 irt = 2
11:49:11.515 mrt = 16
11:49:11.515 mrc = 5
11:49:11.516 mrd = 30
11:49:11.516 }
11:49:11.516 }
11:49:11.517Ignoring "response_window = 60.000000", forcing to "response_window = 30.000000"
11:49:11.517 home_server billing {
11:49:11.517 ipaddr = 127.0.0.1
11:49:11.517 port = 1813
11:49:11.518 type = "acct"
11:49:11.518 secret = <<< secret >>>
11:49:11.518 response_window = 60.000000
11:49:11.519 response_timeouts = 1
11:49:11.519 max_outstanding = 500
11:49:11.520 zombie_period = 40
11:49:11.520 status_check = "none"
11:49:11.520 ping_interval = 30
11:49:11.521 check_interval = 30
11:49:11.521 check_timeout = 4
11:49:11.521 num_answers_to_alive = 3
11:49:11.522 revive_interval = 120
11:49:11.522 limit {
11:49:11.522 max_connections = 16
11:49:11.522 max_requests = 0
11:49:11.523 lifetime = 0
11:49:11.523 idle_timeout = 0
11:49:11.523 }
11:49:11.523 coa {
11:49:11.523 irt = 2
11:49:11.529 mrt = 16
11:49:11.529 mrc = 5
11:49:11.529 mrd = 30
11:49:11.529 }
11:49:11.529 }
11:49:11.530Ignoring "response_window = 60.000000", forcing to "response_window = 30.000000"
11:49:11.530 realm LOCAL {
11:49:11.530 }
11:49:11.530 home_server_pool billing_pool {
11:49:11.530 type = fail-over
11:49:11.531 home_server = billing
11:49:11.531 }
11:49:11.532 realm xxx {
11:49:11.532 acct_pool = billing_pool
11:49:11.532 }
11:49:11.537 home_server_pool local_pool {
11:49:11.537 type = fail-over
11:49:11.538 home_server = localhost
11:49:11.538 }
11:49:11.542radiusd: #### Loading Clients ####
11:49:11.542 client localhost {
11:49:11.542 ipaddr = 127.0.0.1
11:49:11.542 require_message_authenticator = no
11:49:11.543 secret = <<< secret >>>
11:49:11.543 shortname = "localhost"
11:49:11.543 limit {
11:49:11.543 max_connections = 16
11:49:11.544 lifetime = 0
11:49:11.544 idle_timeout = 30
11:49:11.544 }
11:49:11.544 }
11:49:11.544 client bnxr4-lo1 {
11:49:11.545 ipaddr = xx.xx.xx.xx
11:49:11.545 require_message_authenticator = no
11:49:11.545 secret = <<< secret >>>
11:49:11.546 shortname = "bnxr4-lo1"
11:49:11.546 limit {
11:49:11.546 max_connections = 16
11:49:11.547 lifetime = 0
11:49:11.547 idle_timeout = 30
11:49:11.547 }
11:49:11.547 }
11:49:11.547 client bmst5-lo1 {
11:49:11.548 ipaddr = xx.xx.xx.xx
11:49:11.548 require_message_authenticator = no
11:49:11.548 secret = <<< secret >>>
11:49:11.548 shortname = "bmst5-lo1"
11:49:11.548 limit {
11:49:11.549 max_connections = 16
11:49:11.549 lifetime = 0
11:49:11.549 idle_timeout = 30
11:49:11.549 }
11:49:11.550 }
11:49:11.550 client bbkr1 {
11:49:11.550 ipaddr = xx.xx.xx.xx
11:49:11.550 require_message_authenticator = no
11:49:11.550 secret = <<< secret >>>
11:49:11.551 shortname = "bbkr1"
11:49:11.551 limit {
11:49:11.551 max_connections = 16
11:49:11.551 lifetime = 0
11:49:11.552 idle_timeout = 30
11:49:11.552 }
11:49:11.552 }
11:49:11.552 client bmst1 {
11:49:11.552 ipaddr = xx.xx.xx.xx
11:49:11.553 require_message_authenticator = no
11:49:11.553 secret = <<< secret >>>
11:49:11.553 shortname = "bmst1"
11:49:11.554 limit {
11:49:11.554 max_connections = 16
11:49:11.556 lifetime = 0
11:49:11.565 idle_timeout = 30
11:49:11.565 }
11:49:11.565 }
11:49:11.567 client bztn1 {
11:49:11.567 ipaddr = xx.xx.xx.xx
11:49:11.568 require_message_authenticator = no
11:49:11.568 secret = <<< secret >>>
11:49:11.568 shortname = "bztn1"
11:49:11.568 limit {
11:49:11.569 max_connections = 16
11:49:11.569 lifetime = 0
11:49:11.570 idle_timeout = 30
11:49:11.570 }
11:49:11.570 }
11:49:11.570 client bnxr1 {
11:49:11.570 ipaddr = xx.xx.xx.xx
11:49:11.571 require_message_authenticator = no
11:49:11.571 secret = <<< secret >>>
11:49:11.572 shortname = "bnxr1"
11:49:11.573 limit {
11:49:11.573 max_connections = 16
11:49:11.573 lifetime = 0
11:49:11.574 idle_timeout = 30
11:49:11.574 }
11:49:11.574 }
11:49:11.575 client bslm1 {
11:49:11.575 ipaddr = xx.xx.xx.xx
11:49:11.575 require_message_authenticator = no
11:49:11.576 secret = <<< secret >>>
11:49:11.576 shortname = "bslm1"
11:49:11.576 limit {
11:49:11.576 max_connections = 16
11:49:11.577 lifetime = 0
11:49:11.577 idle_timeout = 30
11:49:11.577 }
11:49:11.577 }
11:49:11.577 client BRAS-5 {
11:49:11.578 ipaddr = xx.xx.xx.xx
11:49:11.578 require_message_authenticator = no
11:49:11.578 secret = <<< secret >>>
11:49:11.578 shortname = "bras5"
11:49:11.578 limit {
11:49:11.579 max_connections = 16
11:49:11.579 lifetime = 0
11:49:11.579 idle_timeout = 30
11:49:11.579 }
11:49:11.579 }
11:49:11.580 client BRAS-6 {
11:49:11.580 ipaddr = xx.xx.xx.xx
11:49:11.580 require_message_authenticator = no
11:49:11.580 secret = <<< secret >>>
11:49:11.581 shortname = "bras6"
11:49:11.581 limit {
11:49:11.588 max_connections = 16
11:49:11.589 lifetime = 0
11:49:11.589 idle_timeout = 30
11:49:11.589 }
11:49:11.589 }
11:49:11.590 client bbkr4 {
11:49:11.590 ipaddr = xx.xx.xx.xx
11:49:11.590 require_message_authenticator = no
11:49:11.590 secret = <<< secret >>>
11:49:11.591 shortname = "bbkr4"
11:49:11.591 limit {
11:49:11.591 max_connections = 16
11:49:11.591 lifetime = 0
11:49:11.591 idle_timeout = 30
11:49:11.592 }
11:49:11.592 }
11:49:11.592 client bmst5 {
11:49:11.592 ipaddr = xx.xx.xx.xx
11:49:11.592 require_message_authenticator = no
11:49:11.593 secret = <<< secret >>>
11:49:11.593 shortname = "bmst5"
11:49:11.593 limit {
11:49:11.593 max_connections = 16
11:49:11.593 lifetime = 0
11:49:11.594 idle_timeout = 30
11:49:11.594 }
11:49:11.594 }
11:49:11.594 client bztn9 {
11:49:11.594 ipaddr = xx.xx.xx.xx
11:49:11.595 require_message_authenticator = no
11:49:11.595 secret = <<< secret >>>
11:49:11.595 shortname = "bztn9"
11:49:11.595 limit {
11:49:11.596 max_connections = 16
11:49:11.596 lifetime = 0
11:49:11.596 idle_timeout = 30
11:49:11.596 }
11:49:11.596 }
11:49:11.596 client bnxr4 {
11:49:11.597 ipaddr = xx.xx.xx.xx
11:49:11.597 require_message_authenticator = no
11:49:11.597 secret = <<< secret >>>
11:49:11.597 shortname = "bnxr4"
11:49:11.598 limit {
11:49:11.598 max_connections = 16
11:49:11.601 lifetime = 0
11:49:11.616 idle_timeout = 30
11:49:11.616 }
11:49:11.617 }
11:49:11.617 client bxwk1 {
11:49:11.617 ipaddr = xx.xx.xx.xx
11:49:11.617 require_message_authenticator = no
11:49:11.617 secret = <<< secret >>>
11:49:11.618 shortname = "bxwk1"
11:49:11.618 limit {
11:49:11.618 max_connections = 16
11:49:11.619 lifetime = 0
11:49:11.619 idle_timeout = 30
11:49:11.619 }
11:49:11.619 }
11:49:11.619 client TESTBRAS-2 {
11:49:11.620 ipaddr = xx.xx.xx.xx
11:49:11.620 require_message_authenticator = no
11:49:11.620 secret = <<< secret >>>
11:49:11.621 shortname = "testbras2"
11:49:11.621 limit {
11:49:11.621 max_connections = 16
11:49:11.622 lifetime = 0
11:49:11.622 idle_timeout = 30
11:49:11.623 }
11:49:11.623 }
11:49:11.624 client TESTBRAS-1 {
11:49:11.624 ipaddr = xx.xx.xx.xx
11:49:11.625 require_message_authenticator = no
11:49:11.625 secret = <<< secret >>>
11:49:11.626 shortname = "brastest"
11:49:11.626 limit {
11:49:11.627 max_connections = 16
11:49:11.627 lifetime = 0
11:49:11.627 idle_timeout = 30
11:49:11.627 }
11:49:11.628 }
11:49:11.628 client tbmrs1 {
11:49:11.628 ipaddr = xx.xx.xx.xx
11:49:11.628 require_message_authenticator = no
11:49:11.629 secret = <<< secret >>>
11:49:11.629 shortname = "tbmrs1"
11:49:11.629 limit {
11:49:11.629 max_connections = 16
11:49:11.629 lifetime = 0
11:49:11.630 idle_timeout = 30
11:49:11.630 }
11:49:11.630 }
11:49:11.630 client bbkrt1 {
11:49:11.630 ipaddr = xx.xx.xx.xx
11:49:11.631 require_message_authenticator = no
11:49:11.631 secret = <<< secret >>>
11:49:11.631 shortname = "bbkrt1"
11:49:11.631 limit {
11:49:11.639 max_connections = 16
11:49:11.639 lifetime = 0
11:49:11.640 idle_timeout = 30
11:49:11.640 }
11:49:11.640 }
11:49:11.640 client bbkrt1_lo1 {
11:49:11.640 ipaddr = xx.xx.xx.xx
11:49:11.641 require_message_authenticator = no
11:49:11.641 secret = <<< secret >>>
11:49:11.641 shortname = "bbkrt1_lo1"
11:49:11.641 limit {
11:49:11.641 max_connections = 16
11:49:11.642 lifetime = 0
11:49:11.642 idle_timeout = 30
11:49:11.642 }
11:49:11.642 }
11:49:11.642 client BRAS-WIMAX1 {
11:49:11.643 ipaddr = xx.xx.xx.xx
11:49:11.643 require_message_authenticator = no
11:49:11.643 secret = <<< secret >>>
11:49:11.643 shortname = "braswimax1"
11:49:11.643 limit {
11:49:11.644 max_connections = 16
11:49:11.644 lifetime = 0
11:49:11.644 idle_timeout = 30
11:49:11.644 }
11:49:11.645 }
11:49:11.691Debugger not attached
11:49:11.691 # Creating Auth-Type = PAP
11:49:11.691 # Creating Auth-Type = LDAP
11:49:11.692 # Creating Auth-Type = mschap
11:49:11.692 # Creating Auth-Type = eap
11:49:11.692 # Creating Auth-Type = CHAP
11:49:11.693 # Creating Auth-Type = MS-CHAP
11:49:11.693radiusd: #### Instantiating modules ####
11:49:11.693 modules {
11:49:11.693 # Loaded module rlm_always
11:49:11.694 # Loading module "reject" from file /etc/raddb/mods-enabled/always
11:49:11.694 always reject {
11:49:11.700 rcode = "reject"
11:49:11.701 simulcount = 0
11:49:11.701 mpp = no
11:49:11.701 }
11:49:11.702 # Loading module "fail" from file /etc/raddb/mods-enabled/always
11:49:11.702 always fail {
11:49:11.702 rcode = "fail"
11:49:11.702 simulcount = 0
11:49:11.703 mpp = no
11:49:11.703 }
11:49:11.703 # Loading module "ok" from file /etc/raddb/mods-enabled/always
11:49:11.703 always ok {
11:49:11.704 rcode = "ok"
11:49:11.704 simulcount = 0
11:49:11.704 mpp = no
11:49:11.705 }
11:49:11.705 # Loading module "handled" from file /etc/raddb/mods-enabled/always
11:49:11.705 always handled {
11:49:11.706 rcode = "handled"
11:49:11.707 simulcount = 0
11:49:11.707 mpp = no
11:49:11.708 }
11:49:11.708 # Loading module "invalid" from file /etc/raddb/mods-enabled/always
11:49:11.708 always invalid {
11:49:11.709 rcode = "invalid"
11:49:11.709 simulcount = 0
11:49:11.709 mpp = no
11:49:11.709 }
11:49:11.709 # Loading module "userlock" from file /etc/raddb/mods-enabled/always
11:49:11.710 always userlock {
11:49:11.710 rcode = "userlock"
11:49:11.710 simulcount = 0
11:49:11.710 mpp = no
11:49:11.710 }
11:49:11.711 # Loading module "notfound" from file /etc/raddb/mods-enabled/always
11:49:11.711 always notfound {
11:49:11.711 rcode = "notfound"
11:49:11.711 simulcount = 0
11:49:11.711 mpp = no
11:49:11.712 }
11:49:11.712 # Loading module "noop" from file /etc/raddb/mods-enabled/always
11:49:11.712 always noop {
11:49:11.712 rcode = "noop"
11:49:11.713 simulcount = 0
11:49:11.713 mpp = no
11:49:11.713 }
11:49:11.713 # Loading module "updated" from file /etc/raddb/mods-enabled/always
11:49:11.713 always updated {
11:49:11.713 rcode = "updated"
11:49:11.714 simulcount = 0
11:49:11.714 mpp = no
11:49:11.714 }
11:49:11.714 # Loaded module rlm_attr_filter
11:49:11.723 # Loading module "attr_filter.post-proxy" from file /etc/raddb/mods-enabled/attr_filter
11:49:11.723 attr_filter attr_filter.post-proxy {
11:49:11.723 filename = "/etc/raddb/mods-config/attr_filter/post-proxy"
11:49:11.724 key = "%{Realm}"
11:49:11.724 relaxed = no
11:49:11.724 }
11:49:11.724 # Loading module "attr_filter.pre-proxy" from file /etc/raddb/mods-enabled/attr_filter
11:49:11.725 attr_filter attr_filter.pre-proxy {
11:49:11.725 filename = "/etc/raddb/mods-config/attr_filter/pre-proxy"
11:49:11.725 key = "%{Realm}"
11:49:11.726 relaxed = no
11:49:11.726 }
11:49:11.726 # Loading module "attr_filter.access_reject" from file /etc/raddb/mods-enabled/attr_filter
11:49:11.727 attr_filter attr_filter.access_reject {
11:49:11.727 filename = "/etc/raddb/mods-config/attr_filter/access_reject"
11:49:11.727 key = "%{User-Name}"
11:49:11.727 relaxed = no
11:49:11.728 }
11:49:11.728 # Loading module "attr_filter.access_challenge" from file /etc/raddb/mods-enabled/attr_filter
11:49:11.728 attr_filter attr_filter.access_challenge {
11:49:11.728 filename = "/etc/raddb/mods-config/attr_filter/access_challenge"
11:49:11.729 key = "%{User-Name}"
11:49:11.729 relaxed = no
11:49:11.729 }
11:49:11.729 # Loading module "attr_filter.accounting_response" from file /etc/raddb/mods-enabled/attr_filter
11:49:11.729 attr_filter attr_filter.accounting_response {
11:49:11.730 filename = "/etc/raddb/mods-config/attr_filter/accounting_response"
11:49:11.730 key = "%{User-Name}"
11:49:11.730 relaxed = no
11:49:11.730 }
11:49:11.730 # Loaded module rlm_cache
11:49:11.731 # Loading module "cache_eap" from file /etc/raddb/mods-enabled/cache_eap
11:49:11.731 cache cache_eap {
11:49:11.731 driver = "rlm_cache_rbtree"
11:49:11.731 key = "%{%{control:State}:-%{%{reply:State}:-%{State}}}"
11:49:11.731 ttl = 15
11:49:11.732 max_entries = 0
11:49:11.732 epoch = 0
11:49:11.732 add_stats = no
11:49:11.732 }
11:49:11.733 # Loaded module rlm_chap
11:49:11.733 # Loading module "chap" from file /etc/raddb/mods-enabled/chap
11:49:11.733 # Loaded module rlm_date
11:49:11.733 # Loading module "date" from file /etc/raddb/mods-enabled/date
11:49:11.733 date {
11:49:11.734 format = "%b %e %Y %H:%M:%S %Z"
11:49:11.734 utc = no
11:49:11.734 }
11:49:11.734 # Loading module "wispr2date" from file /etc/raddb/mods-enabled/date
11:49:11.734 date wispr2date {
11:49:11.735 format = "%Y-%m-%dT%H:%M:%S"
11:49:11.735 utc = no
11:49:11.735 }
11:49:11.740 # Loaded module rlm_detail
11:49:11.740 # Loading module "detail" from file /etc/raddb/mods-enabled/detail
11:49:11.740 detail {
11:49:11.741 filename = "/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d"
11:49:11.741 header = "%t"
11:49:11.741 permissions = 384
11:49:11.742 locking = no
11:49:11.742 escape_filenames = no
11:49:11.742 log_packet_header = no
11:49:11.742 }
11:49:11.743 # Loading module "auth_log" from file /etc/raddb/mods-enabled/detail.log
11:49:11.743 detail auth_log {
11:49:11.743 filename = "/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d"
11:49:11.743 header = "%t"
11:49:11.744 permissions = 384
11:49:11.744 locking = no
11:49:11.744 escape_filenames = no
11:49:11.744 log_packet_header = no
11:49:11.744 }
11:49:11.745 # Loading module "reply_log" from file /etc/raddb/mods-enabled/detail.log
11:49:11.745 detail reply_log {
11:49:11.746 filename = "/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/reply-detail-%Y%m%d"
11:49:11.746 header = "%t"
11:49:11.746 permissions = 384
11:49:11.747 locking = no
11:49:11.747 escape_filenames = no
11:49:11.747 log_packet_header = no
11:49:11.747 }
11:49:11.748 # Loading module "pre_proxy_log" from file /etc/raddb/mods-enabled/detail.log
11:49:11.748 detail pre_proxy_log {
11:49:11.748 filename = "/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/pre-proxy-detail-%Y%m%d"
11:49:11.748 header = "%t"
11:49:11.749 permissions = 384
11:49:11.749 locking = no
11:49:11.749 escape_filenames = no
11:49:11.749 log_packet_header = no
11:49:11.750 }
11:49:11.750 # Loading module "post_proxy_log" from file /etc/raddb/mods-enabled/detail.log
11:49:11.750 detail post_proxy_log {
11:49:11.750 filename = "/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/post-proxy-detail-%Y%m%d"
11:49:11.751 header = "%t"
11:49:11.751 permissions = 384
11:49:11.751 locking = no
11:49:11.751 escape_filenames = no
11:49:11.752 log_packet_header = no
11:49:11.752 }
11:49:11.752 # Loaded module rlm_digest
11:49:11.753 # Loading module "digest" from file /etc/raddb/mods-enabled/digest
11:49:11.753 # Loaded module rlm_dynamic_clients
11:49:11.753 # Loading module "dynamic_clients" from file /etc/raddb/mods-enabled/dynamic_clients
11:49:11.753 # Loaded module rlm_eap
11:49:11.754 # Loading module "eap" from file /etc/raddb/mods-enabled/eap
11:49:11.754 eap {
11:49:11.767 default_eap_type = "md5"
11:49:11.768 timer_expire = 60
11:49:11.768 ignore_unknown_eap_types = no
11:49:11.769 cisco_accounting_username_bug = no
11:49:11.769 max_sessions = 16384
11:49:11.769 }
11:49:11.769 # Loaded module rlm_exec
11:49:11.770 # Loading module "echo" from file /etc/raddb/mods-enabled/echo
11:49:11.770 exec echo {
11:49:11.770 wait = yes
11:49:11.771 program = "/bin/echo %{User-Name}"
11:49:11.771 input_pairs = "request"
11:49:11.771 output_pairs = "reply"
11:49:11.772 shell_escape = yes
11:49:11.772 }
11:49:11.772 # Loading module "exec" from file /etc/raddb/mods-enabled/exec
11:49:11.772 exec {
11:49:11.773 wait = no
11:49:11.774 input_pairs = "request"
11:49:11.774 shell_escape = yes
11:49:11.775 timeout = 10
11:49:11.775 }
11:49:11.775 # Loaded module rlm_expiration
11:49:11.775 # Loading module "expiration" from file /etc/raddb/mods-enabled/expiration
11:49:11.775 # Loaded module rlm_expr
11:49:11.776 # Loading module "expr" from file /etc/raddb/mods-enabled/expr
11:49:11.779 expr {
11:49:11.791 safe_characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /äéöüàâæçèéêëîïôœùûüaÿÄÉÖÜßÀÂÆÇÈÉÊËÎÏÔŒÙÛÜŸ"
11:49:11.792 }
11:49:11.792 # Loaded module rlm_files
11:49:11.792 # Loading module "files" from file /etc/raddb/mods-enabled/files
11:49:11.792 files {
11:49:11.792 filename = "/etc/raddb/mods-config/files/authorize"
11:49:11.793 acctusersfile = "/etc/raddb/mods-config/files/accounting"
11:49:11.793 preproxy_usersfile = "/etc/raddb/mods-config/files/pre-proxy"
11:49:11.793 }
11:49:11.793 # Loaded module rlm_linelog
11:49:11.794 # Loading module "linelog" from file /etc/raddb/mods-enabled/linelog
11:49:11.794 linelog {
11:49:11.794 filename = "/var/log/radius/linelog"
11:49:11.794 escape_filenames = no
11:49:11.795 syslog_severity = "info"
11:49:11.795 permissions = 384
11:49:11.795 format = "This is a log message for %{User-Name}"
11:49:11.795 reference = "messages.%{%{reply:Packet-Type}:-default}"
11:49:11.795 }
11:49:11.796 # Loading module "log_accounting" from file /etc/raddb/mods-enabled/linelog
11:49:11.796 linelog log_accounting {
11:49:11.796 filename = "/var/log/radius/linelog-accounting"
11:49:11.796 escape_filenames = no
11:49:11.797 syslog_severity = "info"
11:49:11.797 permissions = 384
11:49:11.797 format = ""
11:49:11.798 reference = "Accounting-Request.%{%{Acct-Status-Type}:-unknown}"
11:49:11.798 }
11:49:11.798 # Loaded module rlm_logintime
11:49:11.798 # Loading module "logintime" from file /etc/raddb/mods-enabled/logintime
11:49:11.798 logintime {
11:49:11.799 minimum_timeout = 60
11:49:11.799 }
11:49:11.799 # Loaded module rlm_mschap
11:49:11.799 # Loading module "mschap" from file /etc/raddb/mods-enabled/mschap
11:49:11.799 mschap {
11:49:11.799 use_mppe = yes
11:49:11.800 require_encryption = no
11:49:11.800 require_strong = no
11:49:11.800 with_ntdomain_hack = yes
11:49:11.800 passchange {
11:49:11.801 }
11:49:11.801 allow_retry = yes
11:49:11.801 winbind_retry_with_normalised_username = no
11:49:11.801 }
11:49:11.802 # Loading module "ntlm_auth" from file /etc/raddb/mods-enabled/ntlm_auth
11:49:11.802 exec ntlm_auth {
11:49:11.802 wait = yes
11:49:11.803 program = "/path/to/ntlm_auth --request-nt-key --domain=MYDOMAIN --username=%{mschap:User-Name} --password=%{User-Password}"
11:49:11.803 shell_escape = yes
11:49:11.803 }
11:49:11.803 # Loaded module rlm_pap
11:49:11.804 # Loading module "pap" from file /etc/raddb/mods-enabled/pap
11:49:11.808 pap {
11:49:11.809 normalise = yes
11:49:11.809 }
11:49:11.809 # Loaded module rlm_passwd
11:49:11.809 # Loading module "etc_passwd" from file /etc/raddb/mods-enabled/passwd
11:49:11.809 passwd etc_passwd {
11:49:11.809 filename = "/etc/passwd"
11:49:11.810 format = "*User-Name:Crypt-Password:"
11:49:11.810 delimiter = ":"
11:49:11.810 ignore_nislike = no
11:49:11.810 ignore_empty = yes
11:49:11.811 allow_multiple_keys = no
11:49:11.811 hash_size = 100
11:49:11.811 }
11:49:11.811 # Loaded module rlm_preprocess
11:49:11.811 # Loading module "preprocess" from file /etc/raddb/mods-enabled/preprocess
11:49:11.812 preprocess {
11:49:11.812 huntgroups = "/etc/raddb/mods-config/preprocess/huntgroups"
11:49:11.812 hints = "/etc/raddb/mods-config/preprocess/hints"
11:49:11.812 with_ascend_hack = no
11:49:11.813 ascend_channels_per_line = 23
11:49:11.813 with_ntdomain_hack = no
11:49:11.813 with_specialix_jetstream_hack = no
11:49:11.814 with_cisco_vsa_hack = no
11:49:11.814 with_alvarion_vsa_hack = no
11:49:11.814 }
11:49:11.814 # Loaded module rlm_radutmp
11:49:11.814 # Loading module "radutmp" from file /etc/raddb/mods-enabled/radutmp
11:49:11.814 radutmp {
11:49:11.815 filename = "/var/log/radius/radutmp"
11:49:11.815 username = "%{User-Name}"
11:49:11.815 case_sensitive = yes
11:49:11.815 check_with_nas = yes
11:49:11.816 permissions = 384
11:49:11.816 caller_id = yes
11:49:11.816 }
11:49:11.817 # Loaded module rlm_realm
11:49:11.817 # Loading module "IPASS" from file /etc/raddb/mods-enabled/realm
11:49:11.817 realm IPASS {
11:49:11.818 format = "prefix"
11:49:11.818 delimiter = "/"
11:49:11.818 ignore_default = no
11:49:11.819 ignore_null = no
11:49:11.819 }
11:49:11.819 # Loading module "suffix" from file /etc/raddb/mods-enabled/realm
11:49:11.819 realm suffix {
11:49:11.820 format = "suffix"
11:49:11.821 delimiter = "@"
11:49:11.822 ignore_default = no
11:49:11.823 ignore_null = no
11:49:11.823 }
11:49:11.824 # Loading module "bangpath" from file /etc/raddb/mods-enabled/realm
11:49:11.824 realm bangpath {
11:49:11.834 format = "prefix"
11:49:11.835 delimiter = "!"
11:49:11.835 ignore_default = no
11:49:11.835 ignore_null = no
11:49:11.835 }
11:49:11.836 # Loading module "realmpercent" from file /etc/raddb/mods-enabled/realm
11:49:11.836 realm realmpercent {
11:49:11.837 format = "suffix"
11:49:11.837 delimiter = "%"
11:49:11.838 ignore_default = no
11:49:11.838 ignore_null = no
11:49:11.838 }
11:49:11.838 # Loading module "ntdomain" from file /etc/raddb/mods-enabled/realm
11:49:11.839 realm ntdomain {
11:49:11.839 format = "prefix"
11:49:11.839 delimiter = "\\"
11:49:11.840 ignore_default = no
11:49:11.840 ignore_null = no
11:49:11.840 }
11:49:11.840 # Loaded module rlm_replicate
11:49:11.841 # Loading module "replicate" from file /etc/raddb/mods-enabled/replicate
11:49:11.841 # Loaded module rlm_soh
11:49:11.841 # Loading module "soh" from file /etc/raddb/mods-enabled/soh
11:49:11.841 soh {
11:49:11.841 dhcp = yes
11:49:11.842 }
11:49:11.842 # Loading module "sradutmp" from file /etc/raddb/mods-enabled/sradutmp
11:49:11.842 radutmp sradutmp {
11:49:11.842 filename = "/var/log/radius/sradutmp"
11:49:11.842 username = "%{User-Name}"
11:49:11.843 case_sensitive = yes
11:49:11.843 check_with_nas = yes
11:49:11.843 permissions = 420
11:49:11.843 caller_id = no
11:49:11.844 }
11:49:11.844 # Loaded module rlm_unix
11:49:11.844 # Loading module "unix" from file /etc/raddb/mods-enabled/unix
11:49:11.844 unix {
11:49:11.844 radwtmp = "/var/log/radius/radwtmp"
11:49:11.845 }
11:49:11.845Creating attribute Unix-Group
11:49:11.845 # Loaded module rlm_unpack
11:49:11.846 # Loading module "unpack" from file /etc/raddb/mods-enabled/unpack
11:49:11.846 # Loaded module rlm_utf8
11:49:11.846 # Loading module "utf8" from file /etc/raddb/mods-enabled/utf8
11:49:11.847 # Loaded module rlm_sql
11:49:11.847 # Loading module "sql" from file /etc/raddb/mods-enabled/sql
11:49:11.847 sql {
11:49:11.847 driver = "rlm_sql_postgresql"
11:49:11.847 server = ""
11:49:11.848 port = 0
11:49:11.848 login = ""
11:49:11.848 password = <<< secret >>>
11:49:11.858 radius_db = "dbname=tst02bbradius host=mypostgresdb.corporate.intra user=tst02bbradiususer password=password"
11:49:11.858 read_groups = yes
11:49:11.858 read_profiles = yes
11:49:11.859 read_clients = yes
11:49:11.859 delete_stale_sessions = yes
11:49:11.859 sql_user_name = "%{User-Name}"
11:49:11.859 default_user_profile = ""
11:49:11.860 client_query = "SELECT id, nasname, shortname, type, secret, server FROM nas"
11:49:11.860 authorize_check_query = "SELECT id, UserName, Attribute, Value, Op FROM radcheck WHERE Username = '%{SQL-User-Name}' ORDER BY id"
11:49:11.860 authorize_reply_query = "SELECT id, UserName, Attribute, Value, Op FROM radreply WHERE Username = '%{SQL-User-Name}' ORDER BY id"
11:49:11.861 authorize_group_check_query = "SELECT id, GroupName, Attribute, Value, op FROM radgroupcheck WHERE GroupName = '%{SQL-Group}' ORDER BY id"
11:49:11.861 authorize_group_reply_query = "SELECT id, GroupName, Attribute, Value, op FROM radgroupreply WHERE GroupName = '%{SQL-Group}' ORDER BY id"
11:49:11.862 group_membership_query = "SELECT GroupName FROM radusergroup WHERE UserName='%{SQL-User-Name}' ORDER BY priority"
11:49:11.862 simul_count_query = "SELECT COUNT(*) FROM radacct WHERE UserName='%{SQL-User-Name}' AND AcctStopTime IS NULL"
11:49:11.863 simul_verify_query = "SELECT RadAcctId, AcctSessionId, UserName, NASIPAddress, NASPortId, FramedIPAddress, CallingStationId, FramedProtocol FROM radacct WHERE UserName='%{SQL-User-Name}' AND AcctStopTime IS NULL"
11:49:11.863 safe_characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
11:49:11.863 auto_escape = no
11:49:11.863 accounting {
11:49:11.864 reference = "%{tolower:type.%{%{Acct-Status-Type}:-%{Request-Processing-Stage}}.query}"
11:49:11.864 type {
11:49:11.864 accounting-on {
11:49:11.865 query = "UPDATE radacct SET AcctStopTime = TO_TIMESTAMP(%{integer:Event-Timestamp}), AcctUpdateTime = TO_TIMESTAMP(%{integer:Event-Timestamp}), AcctSessionTime = (%{integer:Event-Timestamp} - EXTRACT(EPOCH FROM(AcctStartTime))), AcctTerminateCause = '%{%{Acct-Terminate-Cause}:-NAS-Reboot}' WHERE AcctStopTime IS NULL AND NASIPAddress= '%{%{NAS-IPv6-Address}:-%{NAS-IP-Address}}' AND AcctStartTime <= '%S'::timestamp"
11:49:11.866 }
11:49:11.866 accounting-off {
11:49:11.867 query = "UPDATE radacct SET AcctStopTime = TO_TIMESTAMP(%{integer:Event-Timestamp}), AcctUpdateTime = TO_TIMESTAMP(%{integer:Event-Timestamp}), AcctSessionTime = (%{integer:Event-Timestamp} - EXTRACT(EPOCH FROM(AcctStartTime))), AcctTerminateCause = '%{%{Acct-Terminate-Cause}:-NAS-Reboot}' WHERE AcctStopTime IS NULL AND NASIPAddress= '%{%{NAS-IPv6-Address}:-%{NAS-IP-Address}}' AND AcctStartTime <= '%S'::timestamp"
11:49:11.868 }
11:49:11.868 start {
11:49:11.869 query = "INSERT INTO radacct (AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctUpdateTime, AcctStopTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, ConnectInfo_Stop, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, AcctTerminateCause, ServiceType, FramedProtocol, FramedIpAddress, FramedIpv6Address, FramedIpv6Prefix, FramedInterfaceId, DelegatedIpv6Prefix) VALUES('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', NULLIF('%{Realm}', ''), '%{%{NAS-IPv6-Address}:-%{NAS-IP-Address}}', NULLIF('%{%{NAS-Port-ID}:-%{NAS-Port}}', ''), '%{NAS-Port-Type}', TO_TIMESTAMP(%{integer:Event-Timestamp}), TO_TIMESTAMP(%{integer:Event-Timestamp}), NULL, 0, '%{Acct-Authentic}', '%{Connect-Info}', NULL, 0, 0, '%{Called-Station-Id}', '%{Calling-Station-Id}', NULL, '%{Service-Type}', '%{Framed-Protocol}', NULLIF('%{Framed-IP-Address}', '')::inet, NULLIF('%{Framed-IPv6-Address}', '')::inet, NULLIF('%{Framed-IPv6-Prefix}', '')::inet, NULLIF('%{Framed-Interface-Id}', ''), NULLIF('%{Delegated-IPv6-Prefix}', '')::inet) ON CONFLICT (AcctUniqueId) DO UPDATE SET AcctStartTime = TO_TIMESTAMP(%{integer:Event-Timestamp}), AcctUpdateTime = TO_TIMESTAMP(%{integer:Event-Timestamp}), ConnectInfo_start = '%{Connect-Info}' WHERE radacct.AcctUniqueId = '%{Acct-Unique-Session-Id}' AND radacct.AcctStopTime IS NULL"
11:49:11.874 }
11:49:11.874 interim-update {
11:49:11.874 query = "UPDATE radacct SET FramedIPAddress = NULLIF('%{Framed-IP-Address}', '')::inet, FramedIPv6Address = NULLIF('%{Framed-IPv6-Address}', '')::inet, FramedIPv6Prefix = NULLIF('%{Framed-IPv6-Prefix}', '')::inet, FramedInterfaceId = NULLIF('%{Framed-Interface-Id}', ''), DelegatedIPv6Prefix = NULLIF('%{Delegated-IPv6-Prefix}', '')::inet, AcctSessionTime = %{%{Acct-Session-Time}:-NULL}, AcctInterval = (%{integer:Event-Timestamp} - EXTRACT(EPOCH FROM (COALESCE(AcctUpdateTime, AcctStartTime)))), AcctUpdateTime = TO_TIMESTAMP(%{integer:Event-Timestamp}), AcctInputOctets = (('%{%{Acct-Input-Gigawords}:-0}'::bigint << 32) + '%{%{Acct-Input-Octets}:-0}'::bigint), AcctOutputOctets = (('%{%{Acct-Output-Gigawords}:-0}'::bigint << 32) + '%{%{Acct-Output-Octets}:-0}'::bigint) WHERE AcctUniqueId = '%{Acct-Unique-Session-Id}' AND AcctStopTime IS NULL"
11:49:11.876 }
11:49:11.876 stop {
11:49:11.878 query = "UPDATE radacct SET AcctStopTime = TO_TIMESTAMP(%{integer:Event-Timestamp}), AcctUpdateTime = TO_TIMESTAMP(%{integer:Event-Timestamp}), AcctSessionTime = COALESCE(%{%{Acct-Session-Time}:-NULL}, (%{integer:Event-Timestamp} - EXTRACT(EPOCH FROM(AcctStartTime)))), AcctInputOctets = (('%{%{Acct-Input-Gigawords}:-0}'::bigint << 32) + '%{%{Acct-Input-Octets}:-0}'::bigint), AcctOutputOctets = (('%{%{Acct-Output-Gigawords}:-0}'::bigint << 32) + '%{%{Acct-Output-Octets}:-0}'::bigint), AcctTerminateCause = '%{Acct-Terminate-Cause}', FramedIPAddress = NULLIF('%{Framed-IP-Address}', '')::inet, FramedIPv6Address = NULLIF('%{Framed-IPv6-Address}', '')::inet, FramedIPv6Prefix = NULLIF('%{Framed-IPv6-Prefix}', '')::inet, FramedInterfaceId = NULLIF('%{Framed-Interface-Id}', ''), DelegatedIPv6Prefix = NULLIF('%{Delegated-IPv6-Prefix}', '')::inet, ConnectInfo_stop = '%{Connect-Info}' WHERE AcctUniqueId = '%{Acct-Unique-Session-Id}' AND AcctStopTime IS NULL"
11:49:11.948 }
11:49:11.959 }
11:49:11.976 }
11:49:11.983 post-auth {
11:49:11.994 reference = ".query"
11:49:12.000 query = "INSERT INTO radpostauth (username, pass, reply, authdate) VALUES('%{User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', NOW())"
11:49:12.016 }
11:49:12.029 }
11:49:12.045rlm_sql (sql): Driver rlm_sql_postgresql (module rlm_sql_postgresql) loaded and linked
11:49:12.052Creating attribute SQL-Group
11:49:12.063 # Loaded module rlm_ldap
11:49:12.069 # Loading module "ldap" from file /etc/raddb/mods-enabled/ldap
11:49:12.078 ldap {
11:49:12.084 server = "localhost"
11:49:12.096 port = 389
11:49:12.113 identity = "uid=superradius,ou=people,dc=xxxxx,dc=net"
11:49:12.119 password = <<< secret >>>
11:49:12.130 sasl {
11:49:12.136 }
11:49:12.147 user_dn = "LDAP-UserDn"
11:49:12.147 user {
11:49:12.147 scope = "sub"
11:49:12.147 access_positive = yes
11:49:12.147 sasl {
11:49:12.148 }
11:49:12.148 }
11:49:12.148 group {
11:49:12.148 filter = "(objectClass=posixGroup)"
11:49:12.148 scope = "sub"
11:49:12.148 name_attribute = "cn"
11:49:12.149 membership_attribute = "memberOf"
11:49:12.149 cacheable_name = no
11:49:12.149 cacheable_dn = no
11:49:12.149 allow_dangling_group_ref = no
11:49:12.150 }
11:49:12.150 client {
11:49:12.150 filter = "(objectClass=radiusClient)"
11:49:12.151 scope = "sub"
11:49:12.151 base_dn = "ou=people,dc=xxxxx,dc=net"
11:49:12.151 }
11:49:12.151 profile {
11:49:12.151 }
11:49:12.151 options {
11:49:12.152 ldap_debug = 40
11:49:12.152 chase_referrals = yes
11:49:12.152 rebind = yes
11:49:12.152 net_timeout = 1
11:49:12.153 res_timeout = 10
11:49:12.153 srv_timelimit = 3
11:49:12.153 idle = 60
11:49:12.153 probes = 3
11:49:12.154 interval = 3
11:49:12.154 }
11:49:12.154 tls {
11:49:12.154 start_tls = no
11:49:12.155 }
11:49:12.155 }
11:49:12.155Creating attribute LDAP-Group
11:49:12.155 instantiate {
11:49:12.155 }
11:49:12.156 # Instantiating module "reject" from file /etc/raddb/mods-enabled/always
11:49:12.156 # Instantiating module "fail" from file /etc/raddb/mods-enabled/always
11:49:12.157 # Instantiating module "ok" from file /etc/raddb/mods-enabled/always
11:49:12.157 # Instantiating module "handled" from file /etc/raddb/mods-enabled/always
11:49:12.157 # Instantiating module "invalid" from file /etc/raddb/mods-enabled/always
11:49:12.158 # Instantiating module "userlock" from file /etc/raddb/mods-enabled/always
11:49:12.158 # Instantiating module "notfound" from file /etc/raddb/mods-enabled/always
11:49:12.158 # Instantiating module "noop" from file /etc/raddb/mods-enabled/always
11:49:12.158 # Instantiating module "updated" from file /etc/raddb/mods-enabled/always
11:49:12.159 # Instantiating module "attr_filter.post-proxy" from file /etc/raddb/mods-enabled/attr_filter
11:49:12.159reading pairlist file /etc/raddb/mods-config/attr_filter/post-proxy
11:49:12.159 # Instantiating module "attr_filter.pre-proxy" from file /etc/raddb/mods-enabled/attr_filter
11:49:12.165reading pairlist file /etc/raddb/mods-config/attr_filter/pre-proxy
11:49:12.165 # Instantiating module "attr_filter.access_reject" from file /etc/raddb/mods-enabled/attr_filter
11:49:12.166reading pairlist file /etc/raddb/mods-config/attr_filter/access_reject
11:49:12.166 # Instantiating module "attr_filter.access_challenge" from file /etc/raddb/mods-enabled/attr_filter
11:49:12.167reading pairlist file /etc/raddb/mods-config/attr_filter/access_challenge
11:49:12.167 # Instantiating module "attr_filter.accounting_response" from file /etc/raddb/mods-enabled/attr_filter
11:49:12.167reading pairlist file /etc/raddb/mods-config/attr_filter/accounting_response
11:49:12.168 # Instantiating module "cache_eap" from file /etc/raddb/mods-enabled/cache_eap
11:49:12.168rlm_cache (cache_eap): Driver rlm_cache_rbtree (module rlm_cache_rbtree) loaded and linked
11:49:12.168 # Instantiating module "detail" from file /etc/raddb/mods-enabled/detail
11:49:12.168 # Instantiating module "auth_log" from file /etc/raddb/mods-enabled/detail.log
11:49:12.168rlm_detail (auth_log): 'User-Password' suppressed, will not appear in detail output
11:49:12.169 # Instantiating module "reply_log" from file /etc/raddb/mods-enabled/detail.log
11:49:12.169 # Instantiating module "pre_proxy_log" from file /etc/raddb/mods-enabled/detail.log
11:49:12.169 # Instantiating module "post_proxy_log" from file /etc/raddb/mods-enabled/detail.log
11:49:12.169 # Instantiating module "eap" from file /etc/raddb/mods-enabled/eap
11:49:12.169 # Linked to sub-module rlm_eap_md5
11:49:12.169 # Linked to sub-module rlm_eap_leap
11:49:12.170 # Linked to sub-module rlm_eap_gtc
11:49:12.170 gtc {
11:49:12.170 challenge = "Password: "
11:49:12.171 auth_type = "PAP"
11:49:12.171 }
11:49:12.171 # Linked to sub-module rlm_eap_tls
11:49:12.171 tls {
11:49:12.171 tls = "tls-common"
11:49:12.171 }
11:49:12.172 tls-config tls-common {
11:49:12.172 verify_depth = 0
11:49:12.172 ca_path = "/etc/raddb/certs"
11:49:12.173 pem_file_type = yes
11:49:12.174 private_key_file = "/etc/raddb/certs/server.pem"
11:49:12.174 certificate_file = "/etc/raddb/certs/server.pem"
11:49:12.174 ca_file = "/etc/raddb/certs/ca.pem"
11:49:12.174 private_key_password = <<< secret >>>
11:49:12.175 dh_file = "/etc/raddb/certs/dh"
11:49:12.175 fragment_size = 1024
11:49:12.175 include_length = yes
11:49:12.175 auto_chain = yes
11:49:12.175 check_crl = no
11:49:12.176 check_all_crl = no
11:49:12.176 cipher_list = "PROFILE=SYSTEM"
11:49:12.176 cipher_server_preference = no
11:49:12.176 ecdh_curve = "prime256v1"
11:49:12.177 disable_tlsv1 = yes
11:49:12.177 disable_tlsv1_1 = yes
11:49:12.177 tls_max_version = "1.2"
11:49:12.177 tls_min_version = "1.2"
11:49:12.177 cache {
11:49:12.177 enable = no
11:49:12.178 lifetime = 24
11:49:12.178 max_entries = 255
11:49:12.178 }
11:49:12.182 verify {
11:49:12.183 skip_if_ocsp_ok = no
11:49:12.183 }
11:49:12.183 ocsp {
11:49:12.183 enable = no
11:49:12.183 override_cert_url = yes
11:49:12.183 url = "http://127.0.0.1/ocsp/"
11:49:12.184 use_nonce = yes
11:49:12.184 timeout = 0
11:49:12.184 softfail = no
11:49:12.184 }
11:49:12.184 }
11:49:12.185Please use tls_min_version and tls_max_version instead of disable_tlsv1
11:49:12.186Please use tls_min_version and tls_max_version instead of disable_tlsv1_2
11:49:12.186 # Linked to sub-module rlm_eap_ttls
11:49:12.186 ttls {
11:49:12.187 tls = "tls-common"
11:49:12.187 default_eap_type = "md5"
11:49:12.188 copy_request_to_tunnel = no
11:49:12.189 use_tunneled_reply = no
11:49:12.189 virtual_server = "inner-tunnel"
11:49:12.189 include_length = yes
11:49:12.189 require_client_cert = no
11:49:12.189 }
11:49:12.189tls: Using cached TLS configuration from previous invocation
11:49:12.190 # Linked to sub-module rlm_eap_peap
11:49:12.190 peap {
11:49:12.190 tls = "tls-common"
11:49:12.190 default_eap_type = "mschapv2"
11:49:12.190 copy_request_to_tunnel = no
11:49:12.190 use_tunneled_reply = no
11:49:12.191 proxy_tunneled_request_as_eap = yes
11:49:12.191 virtual_server = "inner-tunnel"
11:49:12.191 soh = no
11:49:12.191 require_client_cert = no
11:49:12.191 }
11:49:12.191tls: Using cached TLS configuration from previous invocation
11:49:12.191 # Linked to sub-module rlm_eap_mschapv2
11:49:12.192 mschapv2 {
11:49:12.192 with_ntdomain_hack = no
11:49:12.192 send_error = no
11:49:12.192 }
11:49:12.192 # Instantiating module "expiration" from file /etc/raddb/mods-enabled/expiration
11:49:12.192 # Instantiating module "files" from file /etc/raddb/mods-enabled/files
11:49:12.192reading pairlist file /etc/raddb/mods-config/files/authorize
11:49:12.193reading pairlist file /etc/raddb/mods-config/files/accounting
11:49:12.193reading pairlist file /etc/raddb/mods-config/files/pre-proxy
11:49:12.193 # Instantiating module "linelog" from file /etc/raddb/mods-enabled/linelog
11:49:12.193 # Instantiating module "log_accounting" from file /etc/raddb/mods-enabled/linelog
11:49:12.193 # Instantiating module "logintime" from file /etc/raddb/mods-enabled/logintime
11:49:12.193 # Instantiating module "mschap" from file /etc/raddb/mods-enabled/mschap
11:49:12.193rlm_mschap (mschap): using internal authentication
11:49:12.194 # Instantiating module "pap" from file /etc/raddb/mods-enabled/pap
11:49:12.198 # Instantiating module "etc_passwd" from file /etc/raddb/mods-enabled/passwd
11:49:12.198rlm_passwd: nfields: 3 keyfield 0(User-Name) listable: no
11:49:12.199 # Instantiating module "preprocess" from file /etc/raddb/mods-enabled/preprocess
11:49:12.199reading pairlist file /etc/raddb/mods-config/preprocess/huntgroups
11:49:12.199reading pairlist file /etc/raddb/mods-config/preprocess/hints
11:49:12.199 # Instantiating module "IPASS" from file /etc/raddb/mods-enabled/realm
11:49:12.199 # Instantiating module "suffix" from file /etc/raddb/mods-enabled/realm
11:49:12.200 # Instantiating module "bangpath" from file /etc/raddb/mods-enabled/realm
11:49:12.200 # Instantiating module "realmpercent" from file /etc/raddb/mods-enabled/realm
11:49:12.200 # Instantiating module "ntdomain" from file /etc/raddb/mods-enabled/realm
11:49:12.200 # Instantiating module "sql" from file /etc/raddb/mods-enabled/sql
11:49:12.200 postgresql {
11:49:12.201 send_application_name = yes
11:49:12.201 }
11:49:12.201rlm_sql (sql): Attempting to connect to database "dbname=tst02bbradius host=mypostgresdb.corporate.intra user=tst02bbradiususer password=password"
11:49:12.202rlm_sql (sql): Initialising connection pool
11:49:12.202 pool {
11:49:12.202 start = 5
11:49:12.203 min = 3
11:49:12.203 max = 32
11:49:12.203 spare = 10
11:49:12.203 uses = 0
11:49:12.203 lifetime = 0
11:49:12.204 cleanup_interval = 30
11:49:12.204 idle_timeout = 60
11:49:12.204 retry_delay = 30
11:49:12.204 spread = no
11:49:12.204 }
11:49:12.205rlm_sql (sql): Opening additional connection (0), 1 of 32 pending slots used
11:49:12.206rlm_sql_postgresql: Connecting using parameters: dbname=tst02bbradius host=mypostgresdb.corporate.intra user=tst02bbradiususer password=password application_name='FreeRADIUS 3.0.20 - radiusd (sql)'
11:49:12.207Connected to database 'tst02bbradius' on 'mypostgresdb.corporate.intra' server version 120005, protocol version 3, backend PID 1029919
11:49:12.207rlm_sql (sql): Opening additional connection (1), 1 of 31 pending slots used
11:49:12.208rlm_sql_postgresql: Connecting using parameters: dbname=tst02bbradius host=mypostgresdb.corporate.intra user=tst02bbradiususer password=password application_name='FreeRADIUS 3.0.20 - radiusd (sql)'
11:49:12.208Connected to database 'tst02bbradius' on 'mypostgresdb.corporate.intra' server version 120005, protocol version 3, backend PID 1029920
11:49:12.208rlm_sql (sql): Opening additional connection (2), 1 of 30 pending slots used
11:49:12.208rlm_sql_postgresql: Connecting using parameters: dbname=tst02bbradius host=mypostgresdb.corporate.intra user=tst02bbradiususer password=password application_name='FreeRADIUS 3.0.20 - radiusd (sql)'
11:49:12.209Connected to database 'tst02bbradius' on 'mypostgresdb.corporate.intra' server version 120005, protocol version 3, backend PID 1029921
11:49:12.209rlm_sql (sql): Opening additional connection (3), 1 of 29 pending slots used
11:49:12.209rlm_sql_postgresql: Connecting using parameters: dbname=tst02bbradius host=mypostgresdb.corporate.intra user=tst02bbradiususer password=password application_name='FreeRADIUS 3.0.20 - radiusd (sql)'
11:49:12.210Connected to database 'tst02bbradius' on 'mypostgresdb.corporate.intra' server version 120005, protocol version 3, backend PID 1029922
11:49:12.210rlm_sql (sql): Opening additional connection (4), 1 of 28 pending slots used
11:49:12.210rlm_sql_postgresql: Connecting using parameters: dbname=tst02bbradius host=mypostgresdb.corporate.intra user=tst02bbradiususer password=password application_name='FreeRADIUS 3.0.20 - radiusd (sql)'
11:49:12.210Connected to database 'tst02bbradius' on 'mypostgresdb.corporate.intra' server version 120005, protocol version 3, backend PID 1029923
11:49:12.210rlm_sql (sql): Processing generate_sql_clients
11:49:12.211rlm_sql (sql) in generate_sql_clients: query is SELECT id, nasname, shortname, type, secret, server FROM nas
11:49:12.211rlm_sql (sql): Reserved connection (0)
11:49:12.211rlm_sql (sql): Executing select query: SELECT id, nasname, shortname, type, secret, server FROM nas
11:49:12.212rlm_sql_postgresql: Status: PGRES_TUPLES_OK
11:49:12.223rlm_sql_postgresql: query affected rows = 0 , fields = 6
11:49:12.233rlm_sql (sql): Released connection (0)
11:49:12.249Need 5 more connections to reach 10 spares
11:49:12.261rlm_sql (sql): Opening additional connection (5), 1 of 27 pending slots used
11:49:12.268rlm_sql_postgresql: Connecting using parameters: dbname=tst02bbradius host=mypostgresdb.corporate.intra user=tst02bbradiususer password=password application_name='FreeRADIUS 3.0.20 - radiusd (sql)'
11:49:12.299Connected to database 'tst02bbradius' on 'mypostgresdb.corporate.intra' server version 120005, protocol version 3, backend PID 1029924
11:49:12.300 # Instantiating module "ldap" from file /etc/raddb/mods-enabled/ldap
11:49:12.300rlm_ldap: libldap vendor: OpenLDAP, version: 20446
11:49:12.300 accounting {
11:49:12.301 reference = "%{tolower:type.%{Acct-Status-Type}}"
11:49:12.301 }
11:49:12.301 post-auth {
11:49:12.301 reference = "."
11:49:12.301 }
11:49:12.301rlm_ldap (ldap): Initialising connection pool
11:49:12.301 pool {
11:49:12.302 start = 5
11:49:12.302 min = 3
11:49:12.302 max = 32
11:49:12.302 spare = 10
11:49:12.302 uses = 0
11:49:12.303 lifetime = 0
11:49:12.304 cleanup_interval = 30
11:49:12.304 idle_timeout = 60
11:49:12.304 retry_delay = 30
11:49:12.304 spread = no
11:49:12.304 }
11:49:12.305rlm_ldap (ldap): Opening additional connection (0), 1 of 32 pending slots used
11:49:12.305rlm_ldap (ldap): Connecting to ldap://localhost:389
11:49:12.307rlm_ldap (ldap): Waiting for bind result...
11:49:12.307rlm_ldap (ldap): Bind successful
11:49:12.308rlm_ldap (ldap): Opening additional connection (1), 1 of 31 pending slots used
11:49:12.308rlm_ldap (ldap): Connecting to ldap://localhost:389
11:49:12.308rlm_ldap (ldap): Waiting for bind result...
11:49:12.308rlm_ldap (ldap): Bind successful
11:49:12.308rlm_ldap (ldap): Opening additional connection (2), 1 of 30 pending slots used
11:49:12.309rlm_ldap (ldap): Connecting to ldap://localhost:389
11:49:12.309rlm_ldap (ldap): Waiting for bind result...
11:49:12.309rlm_ldap (ldap): Bind successful
11:49:12.309rlm_ldap (ldap): Opening additional connection (3), 1 of 29 pending slots used
11:49:12.309rlm_ldap (ldap): Connecting to ldap://localhost:389
11:49:12.309rlm_ldap (ldap): Waiting for bind result...
11:49:12.310rlm_ldap (ldap): Bind successful
11:49:12.310rlm_ldap (ldap): Opening additional connection (4), 1 of 28 pending slots used
11:49:12.310rlm_ldap (ldap): Connecting to ldap://localhost:389
11:49:12.310rlm_ldap (ldap): Waiting for bind result...
11:49:12.310rlm_ldap (ldap): Bind successful
11:49:12.310 } # modules
11:49:12.310radiusd: #### Loading Virtual Servers ####
11:49:12.311server { # from file /etc/raddb/radiusd.conf
11:49:12.311} # server
11:49:12.311server default { # from file /etc/raddb/sites-enabled/default
11:49:12.311 # Loading authenticate {...}
11:49:12.311 # Loading authorize {...}
11:49:12.311 # Loading preacct {...}
11:49:12.311 # Loading accounting {...}
11:49:12.311 # Loading post-auth {...}
11:49:12.312} # server default
11:49:12.316server inner-tunnel { # from file /etc/raddb/sites-enabled/inner-tunnel
11:49:12.316 # Loading authenticate {...}
11:49:12.316 # Loading authorize {...}
11:49:12.317 # Loading session {...}
11:49:12.317 # Loading post-proxy {...}
11:49:12.317 # Loading post-auth {...}
11:49:12.317 # Skipping contents of 'if' as it is always 'false' -- /etc/raddb/sites-enabled/inner-tunnel:336
11:49:12.317} # server inner-tunnel
11:49:12.317radiusd: #### Opening IP addresses and Ports ####
11:49:12.317listen {
11:49:12.318 type = "auth"
11:49:12.318 ipaddr = *
11:49:12.318 port = 0
11:49:12.318 limit {
11:49:12.318 max_connections = 16
11:49:12.318 lifetime = 0
11:49:12.319 idle_timeout = 30
11:49:12.319 }
11:49:12.319}
11:49:12.319listen {
11:49:12.319 type = "acct"
11:49:12.319 ipaddr = *
11:49:12.320 port = 0
11:49:12.320 limit {
11:49:12.320 max_connections = 16
11:49:12.320 lifetime = 0
11:49:12.320 idle_timeout = 30
11:49:12.321 }
11:49:12.321}
11:49:12.321listen {
11:49:12.321 type = "auth"
11:49:12.321 ipv6addr = ::
11:49:12.322 port = 0
11:49:12.322 limit {
11:49:12.322 max_connections = 16
11:49:12.322 lifetime = 0
11:49:12.322 idle_timeout = 30
11:49:12.322 }
11:49:12.322}
11:49:12.322listen {
11:49:12.323 type = "acct"
11:49:12.323 ipv6addr = ::
11:49:12.323 port = 0
11:49:12.323 limit {
11:49:12.323 max_connections = 16
11:49:12.323 lifetime = 0
11:49:12.324 idle_timeout = 30
11:49:12.324 }
11:49:12.324}
11:49:12.324listen {
11:49:12.324 type = "auth"
11:49:12.324 ipaddr = 127.0.0.1
11:49:12.324 port = 18120
11:49:12.332}
11:49:12.333Listening on auth address * port 1812 bound to server default
11:49:12.333Listening on acct address * port 1813 bound to server default
11:49:12.333Listening on auth address :: port 1812 bound to server default
11:49:12.333Listening on acct address :: port 1813 bound to server default
11:49:12.333Listening on auth address 127.0.0.1 port 18120 bound to server inner-tunnel
11:49:12.333Listening on proxy address * port 51524
11:49:12.334Listening on proxy address :: port 45628
11:49:12.339Ready to process requests
-------------- next part --------------
11:49:29.618[root at TST02_RADAUTH01_POSTGRE mods-available]# radiusd -X
11:49:29.641FreeRADIUS Version 3.0.20
11:49:29.642Copyright (C) 1999-2019 The FreeRADIUS server project and contributors
11:49:29.642There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
11:49:29.642PARTICULAR PURPOSE
11:49:29.642You may redistribute copies of FreeRADIUS under the terms of the
11:49:29.643GNU General Public License
11:49:29.643For more information about these matters, see the file named COPYRIGHT
11:49:29.643Starting - reading configuration files ...
11:49:29.645including dictionary file /usr/share/freeradius/dictionary
11:49:29.662including dictionary file /usr/share/freeradius/dictionary.dhcp
11:49:29.663including dictionary file /usr/share/freeradius/dictionary.vqp
11:49:29.663including dictionary file /etc/raddb/dictionary
11:49:29.663including configuration file /etc/raddb/radiusd.conf
11:49:29.663including configuration file /etc/raddb/proxy.conf
11:49:29.663including configuration file /etc/raddb/clients.conf
11:49:29.664including files in directory /etc/raddb/mods-enabled/
11:49:29.664including configuration file /etc/raddb/mods-enabled/always
11:49:29.665including configuration file /etc/raddb/mods-enabled/attr_filter
11:49:29.665including configuration file /etc/raddb/mods-enabled/cache_eap
11:49:29.666including configuration file /etc/raddb/mods-enabled/chap
11:49:29.666including configuration file /etc/raddb/mods-enabled/date
11:49:29.667including configuration file /etc/raddb/mods-enabled/detail
11:49:29.667including configuration file /etc/raddb/mods-enabled/detail.log
11:49:29.668including configuration file /etc/raddb/mods-enabled/digest
11:49:29.669including configuration file /etc/raddb/mods-enabled/dynamic_clients
11:49:29.669including configuration file /etc/raddb/mods-enabled/eap
11:49:29.669including configuration file /etc/raddb/mods-enabled/echo
11:49:29.669including configuration file /etc/raddb/mods-enabled/exec
11:49:29.670including configuration file /etc/raddb/mods-enabled/expiration
11:49:29.670including configuration file /etc/raddb/mods-enabled/expr
11:49:29.670including configuration file /etc/raddb/mods-enabled/files
11:49:29.671including configuration file /etc/raddb/mods-enabled/linelog
11:49:29.671including configuration file /etc/raddb/mods-enabled/logintime
11:49:29.672including configuration file /etc/raddb/mods-enabled/mschap
11:49:29.673including configuration file /etc/raddb/mods-enabled/ntlm_auth
11:49:29.673including configuration file /etc/raddb/mods-enabled/pap
11:49:29.673including configuration file /etc/raddb/mods-enabled/passwd
11:49:29.674including configuration file /etc/raddb/mods-enabled/preprocess
11:49:29.674including configuration file /etc/raddb/mods-enabled/radutmp
11:49:29.674including configuration file /etc/raddb/mods-enabled/realm
11:49:29.674including configuration file /etc/raddb/mods-enabled/replicate
11:49:29.675including configuration file /etc/raddb/mods-enabled/soh
11:49:29.675including configuration file /etc/raddb/mods-enabled/sradutmp
11:49:29.675including configuration file /etc/raddb/mods-enabled/unix
11:49:29.676including configuration file /etc/raddb/mods-enabled/unpack
11:49:29.676including configuration file /etc/raddb/mods-enabled/utf8
11:49:29.676including configuration file /etc/raddb/mods-enabled/sql
11:49:29.676including configuration file /etc/raddb/mods-config/sql/main/postgresql/queries.conf
11:49:29.676including configuration file /etc/raddb/mods-enabled/ldap
11:49:29.677including files in directory /etc/raddb/policy.d/
11:49:29.677including configuration file /etc/raddb/policy.d/accounting
11:49:29.677including configuration file /etc/raddb/policy.d/canonicalization
11:49:29.677including configuration file /etc/raddb/policy.d/control
11:49:29.677including configuration file /etc/raddb/policy.d/cui
11:49:29.678including configuration file /etc/raddb/policy.d/debug
11:49:29.678including configuration file /etc/raddb/policy.d/dhcp
11:49:29.678including configuration file /etc/raddb/policy.d/eap
11:49:29.678including configuration file /etc/raddb/policy.d/filter
11:49:29.679including configuration file /etc/raddb/policy.d/operator-name
11:49:29.679including configuration file /etc/raddb/policy.d/rfc7542
11:49:29.679including files in directory /etc/raddb/sites-enabled/
11:49:29.679including configuration file /etc/raddb/sites-enabled/default
11:49:29.686including configuration file /etc/raddb/sites-enabled/inner-tunnel
11:49:29.686main {
11:49:29.687 security {
11:49:29.687 user = "radiusd"
11:49:29.687 group = "radiusd"
11:49:29.687 allow_core_dumps = no
11:49:29.688 }
11:49:29.688 name = "radiusd"
11:49:29.688 prefix = "/usr"
11:49:29.688 localstatedir = "/var"
11:49:29.689 logdir = "/var/log/radius"
11:49:29.689 run_dir = "/var/run/radiusd"
11:49:29.689}
11:49:29.689main {
11:49:29.689 name = "radiusd"
11:49:29.689 prefix = "/usr"
11:49:29.690 localstatedir = "/var"
11:49:29.690 sbindir = "/usr/sbin"
11:49:29.690 logdir = "/var/log/radius"
11:49:29.690 run_dir = "/var/run/radiusd"
11:49:29.690 libdir = "/usr/lib64/freeradius"
11:49:29.691 radacctdir = "/var/log/radius/radacct"
11:49:29.691 hostname_lookups = no
11:49:29.691 max_request_time = 30
11:49:29.691 cleanup_delay = 5
11:49:29.691 max_requests = 16384
11:49:29.691 pidfile = "/var/run/radiusd/radiusd.pid"
11:49:29.692 checkrad = "/usr/sbin/checkrad"
11:49:29.692 debug_level = 0
11:49:29.692 proxy_requests = yes
11:49:29.692 log {
11:49:29.692 stripped_names = no
11:49:29.692 auth = no
11:49:29.693 auth_badpass = no
11:49:29.693 auth_goodpass = no
11:49:29.693 colourise = yes
11:49:29.693 msg_denied = "You are already logged in - access denied"
11:49:29.694 }
11:49:29.694 resources {
11:49:29.694 }
11:49:29.694 security {
11:49:29.694 max_attributes = 200
11:49:29.695 reject_delay = 1.000000
11:49:29.695 status_server = yes
11:49:29.695 }
11:49:29.695}
11:49:29.695radiusd: #### Loading Realms and Home Servers ####
11:49:29.696 proxy server {
11:49:29.696 retry_delay = 5
11:49:29.696 retry_count = 3
11:49:29.696 default_fallback = no
11:49:29.697 dead_time = 120
11:49:29.697 wake_all_if_all_dead = no
11:49:29.702 }
11:49:29.702 home_server localhost {
11:49:29.703 ipaddr = 127.0.0.1
11:49:29.703 port = 1812
11:49:29.703 type = "auth"
11:49:29.703 secret = <<< secret >>>
11:49:29.704 response_window = 60.000000
11:49:29.704 response_timeouts = 1
11:49:29.704 max_outstanding = 65536
11:49:29.704 zombie_period = 40
11:49:29.705 status_check = "none"
11:49:29.705 ping_interval = 30
11:49:29.705 check_interval = 30
11:49:29.705 check_timeout = 4
11:49:29.706 num_answers_to_alive = 3
11:49:29.706 revive_interval = 120
11:49:29.706 limit {
11:49:29.707 max_connections = 16
11:49:29.707 max_requests = 0
11:49:29.707 lifetime = 0
11:49:29.707 idle_timeout = 0
11:49:29.707 }
11:49:29.707 coa {
11:49:29.708 irt = 2
11:49:29.708 mrt = 16
11:49:29.708 mrc = 5
11:49:29.708 mrd = 30
11:49:29.709 }
11:49:29.709 }
11:49:29.709Ignoring "response_window = 60.000000", forcing to "response_window = 30.000000"
11:49:29.709 home_server billing {
11:49:29.709 ipaddr = 127.0.0.1
11:49:29.710 port = 1813
11:49:29.710 type = "acct"
11:49:29.710 secret = <<< secret >>>
11:49:29.710 response_window = 60.000000
11:49:29.711 response_timeouts = 1
11:49:29.711 max_outstanding = 500
11:49:29.711 zombie_period = 40
11:49:29.711 status_check = "none"
11:49:29.712 ping_interval = 30
11:49:29.712 check_interval = 30
11:49:29.712 check_timeout = 4
11:49:29.712 num_answers_to_alive = 3
11:49:29.713 revive_interval = 120
11:49:29.713 limit {
11:49:29.713 max_connections = 16
11:49:29.713 max_requests = 0
11:49:29.714 lifetime = 0
11:49:29.714 idle_timeout = 0
11:49:29.714 }
11:49:29.714 coa {
11:49:29.714 irt = 2
11:49:29.719 mrt = 16
11:49:29.719 mrc = 5
11:49:29.719 mrd = 30
11:49:29.719 }
11:49:29.720 }
11:49:29.720Ignoring "response_window = 60.000000", forcing to "response_window = 30.000000"
11:49:29.720 realm LOCAL {
11:49:29.720 }
11:49:29.720 home_server_pool billing_pool {
11:49:29.721 type = fail-over
11:49:29.721 home_server = billing
11:49:29.721 }
11:49:29.722 realm xxx {
11:49:29.722 acct_pool = billing_pool
11:49:29.722 }
11:49:29.727 home_server_pool local_pool {
11:49:29.727 type = fail-over
11:49:29.727 home_server = localhost
11:49:29.728 }
11:49:29.734radiusd: #### Loading Clients ####
11:49:29.734 client localhost {
11:49:29.734 ipaddr = 127.0.0.1
11:49:29.735 require_message_authenticator = no
11:49:29.735 secret = <<< secret >>>
11:49:29.735 shortname = "localhost"
11:49:29.735 limit {
11:49:29.736 max_connections = 16
11:49:29.736 lifetime = 0
11:49:29.736 idle_timeout = 30
11:49:29.736 }
11:49:29.736 }
11:49:29.737 client bnxr4-lo1 {
11:49:29.737 ipaddr = xx.xx.xx.xx
11:49:29.738 require_message_authenticator = no
11:49:29.738 secret = <<< secret >>>
11:49:29.739 shortname = "bnxr4-lo1"
11:49:29.739 limit {
11:49:29.739 max_connections = 16
11:49:29.739 lifetime = 0
11:49:29.740 idle_timeout = 30
11:49:29.740 }
11:49:29.740 }
11:49:29.740 client bmst5-lo1 {
11:49:29.740 ipaddr = xx.xx.xx.xx
11:49:29.741 require_message_authenticator = no
11:49:29.741 secret = <<< secret >>>
11:49:29.741 shortname = "bmst5-lo1"
11:49:29.741 limit {
11:49:29.741 max_connections = 16
11:49:29.742 lifetime = 0
11:49:29.742 idle_timeout = 30
11:49:29.742 }
11:49:29.742 }
11:49:29.742 client bbkr1 {
11:49:29.743 ipaddr = xx.xx.xx.xx
11:49:29.743 require_message_authenticator = no
11:49:29.743 secret = <<< secret >>>
11:49:29.744 shortname = "bbkr1"
11:49:29.744 limit {
11:49:29.744 max_connections = 16
11:49:29.744 lifetime = 0
11:49:29.745 idle_timeout = 30
11:49:29.745 }
11:49:29.745 }
11:49:29.745 client bmst1 {
11:49:29.746 ipaddr = xx.xx.xx.xx
11:49:29.746 require_message_authenticator = no
11:49:29.747 secret = <<< secret >>>
11:49:29.747 shortname = "bmst1"
11:49:29.747 limit {
11:49:29.747 max_connections = 16
11:49:29.747 lifetime = 0
11:49:29.754 idle_timeout = 30
11:49:29.754 }
11:49:29.754 }
11:49:29.754 client bztn1 {
11:49:29.755 ipaddr = xx.xx.xx.xx
11:49:29.755 require_message_authenticator = no
11:49:29.755 secret = <<< secret >>>
11:49:29.755 shortname = "bztn1"
11:49:29.756 limit {
11:49:29.756 max_connections = 16
11:49:29.756 lifetime = 0
11:49:29.756 idle_timeout = 30
11:49:29.757 }
11:49:29.757 }
11:49:29.757 client bnxr1 {
11:49:29.757 ipaddr = xx.xx.xx.xx
11:49:29.757 require_message_authenticator = no
11:49:29.758 secret = <<< secret >>>
11:49:29.758 shortname = "bnxr1"
11:49:29.758 limit {
11:49:29.758 max_connections = 16
11:49:29.758 lifetime = 0
11:49:29.759 idle_timeout = 30
11:49:29.759 }
11:49:29.759 }
11:49:29.759 client bslm1 {
11:49:29.759 ipaddr = xx.xx.xx.xx
11:49:29.760 require_message_authenticator = no
11:49:29.760 secret = <<< secret >>>
11:49:29.761 shortname = "bslm1"
11:49:29.761 limit {
11:49:29.761 max_connections = 16
11:49:29.762 lifetime = 0
11:49:29.762 idle_timeout = 30
11:49:29.762 }
11:49:29.762 }
11:49:29.762 client BRAS-5 {
11:49:29.763 ipaddr = xx.xx.xx.xx
11:49:29.763 require_message_authenticator = no
11:49:29.763 secret = <<< secret >>>
11:49:29.764 shortname = "bras5"
11:49:29.764 limit {
11:49:29.764 max_connections = 16
11:49:29.764 lifetime = 0
11:49:29.765 idle_timeout = 30
11:49:29.766 }
11:49:29.766 }
11:49:29.766 client BRAS-6 {
11:49:29.767 ipaddr = xx.xx.xx.xx
11:49:29.767 require_message_authenticator = no
11:49:29.767 secret = <<< secret >>>
11:49:29.768 shortname = "bras6"
11:49:29.768 limit {
11:49:29.772 max_connections = 16
11:49:29.772 lifetime = 0
11:49:29.772 idle_timeout = 30
11:49:29.772 }
11:49:29.772 }
11:49:29.773 client bbkr4 {
11:49:29.773 ipaddr = xx.xx.xx.xx
11:49:29.773 require_message_authenticator = no
11:49:29.773 secret = <<< secret >>>
11:49:29.774 shortname = "bbkr4"
11:49:29.774 limit {
11:49:29.774 max_connections = 16
11:49:29.774 lifetime = 0
11:49:29.775 idle_timeout = 30
11:49:29.775 }
11:49:29.775 }
11:49:29.775 client bmst5 {
11:49:29.775 ipaddr = xx.xx.xx.xx
11:49:29.775 require_message_authenticator = no
11:49:29.776 secret = <<< secret >>>
11:49:29.776 shortname = "bmst5"
11:49:29.776 limit {
11:49:29.777 max_connections = 16
11:49:29.777 lifetime = 0
11:49:29.777 idle_timeout = 30
11:49:29.777 }
11:49:29.778 }
11:49:29.778 client bztn9 {
11:49:29.778 ipaddr = xx.xx.xx.xx
11:49:29.778 require_message_authenticator = no
11:49:29.778 secret = <<< secret >>>
11:49:29.779 shortname = "bztn9"
11:49:29.779 limit {
11:49:29.779 max_connections = 16
11:49:29.779 lifetime = 0
11:49:29.780 idle_timeout = 30
11:49:29.780 }
11:49:29.780 }
11:49:29.780 client bnxr4 {
11:49:29.781 ipaddr = xx.xx.xx.xx
11:49:29.781 require_message_authenticator = no
11:49:29.781 secret = <<< secret >>>
11:49:29.782 shortname = "bnxr4"
11:49:29.782 limit {
11:49:29.783 max_connections = 16
11:49:29.783 lifetime = 0
11:49:29.783 idle_timeout = 30
11:49:29.783 }
11:49:29.783 }
11:49:29.783 client bxwk1 {
11:49:29.784 ipaddr = xx.xx.xx.xx
11:49:29.784 require_message_authenticator = no
11:49:29.784 secret = <<< secret >>>
11:49:29.789 shortname = "bxwk1"
11:49:29.789 limit {
11:49:29.789 max_connections = 16
11:49:29.789 lifetime = 0
11:49:29.790 idle_timeout = 30
11:49:29.790 }
11:49:29.790 }
11:49:29.790 client TESTBRAS-2 {
11:49:29.790 ipaddr = xx.xx.xx.xx
11:49:29.790 require_message_authenticator = no
11:49:29.791 secret = <<< secret >>>
11:49:29.791 shortname = "testbras2"
11:49:29.791 limit {
11:49:29.791 max_connections = 16
11:49:29.792 lifetime = 0
11:49:29.792 idle_timeout = 30
11:49:29.792 }
11:49:29.792 }
11:49:29.792 client TESTBRAS-1 {
11:49:29.793 ipaddr = xx.xx.xx.xx
11:49:29.793 require_message_authenticator = no
11:49:29.793 secret = <<< secret >>>
11:49:29.793 shortname = "brastest"
11:49:29.794 limit {
11:49:29.794 max_connections = 16
11:49:29.794 lifetime = 0
11:49:29.794 idle_timeout = 30
11:49:29.794 }
11:49:29.795 }
11:49:29.795 client tbmrs1 {
11:49:29.795 ipaddr = xx.xx.xx.xx
11:49:29.795 require_message_authenticator = no
11:49:29.796 secret = <<< secret >>>
11:49:29.796 shortname = "tbmrs1"
11:49:29.796 limit {
11:49:29.796 max_connections = 16
11:49:29.797 lifetime = 0
11:49:29.797 idle_timeout = 30
11:49:29.797 }
11:49:29.797 }
11:49:29.797 client bbkrt1 {
11:49:29.798 ipaddr = xx.xx.xx.xx
11:49:29.798 require_message_authenticator = no
11:49:29.798 secret = <<< secret >>>
11:49:29.798 shortname = "bbkrt1"
11:49:29.799 limit {
11:49:29.799 max_connections = 16
11:49:29.799 lifetime = 0
11:49:29.800 idle_timeout = 30
11:49:29.800 }
11:49:29.800 }
11:49:29.800 client bbkrt1_lo1 {
11:49:29.800 ipaddr = xx.xx.xx.xx
11:49:29.804 require_message_authenticator = no
11:49:29.805 secret = <<< secret >>>
11:49:29.806 shortname = "bbkrt1_lo1"
11:49:29.807 limit {
11:49:29.808 max_connections = 16
11:49:29.808 lifetime = 0
11:49:29.808 idle_timeout = 30
11:49:29.808 }
11:49:29.808 }
11:49:29.808 client BRAS-WIMAX1 {
11:49:29.809 ipaddr = xx.xx.xx.xx
11:49:29.809 require_message_authenticator = no
11:49:29.809 secret = <<< secret >>>
11:49:29.809 shortname = "braswimax1"
11:49:29.809 limit {
11:49:29.809 max_connections = 16
11:49:29.809 lifetime = 0
11:49:29.810 idle_timeout = 30
11:49:29.810 }
11:49:29.810 }
11:49:29.842Debugger not attached
11:49:29.843 # Creating Auth-Type = PAP
11:49:29.843 # Creating Auth-Type = LDAP
11:49:29.843 # Creating Auth-Type = mschap
11:49:29.843 # Creating Auth-Type = eap
11:49:29.843 # Creating Auth-Type = CHAP
11:49:29.843 # Creating Auth-Type = MS-CHAP
11:49:29.843radiusd: #### Instantiating modules ####
11:49:29.843 modules {
11:49:29.844 # Loaded module rlm_always
11:49:29.844 # Loading module "reject" from file /etc/raddb/mods-enabled/always
11:49:29.844 always reject {
11:49:29.844 rcode = "reject"
11:49:29.844 simulcount = 0
11:49:29.844 mpp = no
11:49:29.845 }
11:49:29.845 # Loading module "fail" from file /etc/raddb/mods-enabled/always
11:49:29.845 always fail {
11:49:29.845 rcode = "fail"
11:49:29.852 simulcount = 0
11:49:29.852 mpp = no
11:49:29.852 }
11:49:29.852 # Loading module "ok" from file /etc/raddb/mods-enabled/always
11:49:29.852 always ok {
11:49:29.852 rcode = "ok"
11:49:29.852 simulcount = 0
11:49:29.853 mpp = no
11:49:29.853 }
11:49:29.853 # Loading module "handled" from file /etc/raddb/mods-enabled/always
11:49:29.853 always handled {
11:49:29.853 rcode = "handled"
11:49:29.853 simulcount = 0
11:49:29.853 mpp = no
11:49:29.854 }
11:49:29.854 # Loading module "invalid" from file /etc/raddb/mods-enabled/always
11:49:29.854 always invalid {
11:49:29.854 rcode = "invalid"
11:49:29.854 simulcount = 0
11:49:29.854 mpp = no
11:49:29.854 }
11:49:29.854 # Loading module "userlock" from file /etc/raddb/mods-enabled/always
11:49:29.855 always userlock {
11:49:29.855 rcode = "userlock"
11:49:29.855 simulcount = 0
11:49:29.856 mpp = no
11:49:29.856 }
11:49:29.856 # Loading module "notfound" from file /etc/raddb/mods-enabled/always
11:49:29.856 always notfound {
11:49:29.856 rcode = "notfound"
11:49:29.856 simulcount = 0
11:49:29.856 mpp = no
11:49:29.856 }
11:49:29.857 # Loading module "noop" from file /etc/raddb/mods-enabled/always
11:49:29.857 always noop {
11:49:29.857 rcode = "noop"
11:49:29.857 simulcount = 0
11:49:29.857 mpp = no
11:49:29.857 }
11:49:29.857 # Loading module "updated" from file /etc/raddb/mods-enabled/always
11:49:29.857 always updated {
11:49:29.858 rcode = "updated"
11:49:29.858 simulcount = 0
11:49:29.858 mpp = no
11:49:29.858 }
11:49:29.858 # Loaded module rlm_attr_filter
11:49:29.858 # Loading module "attr_filter.post-proxy" from file /etc/raddb/mods-enabled/attr_filter
11:49:29.858 attr_filter attr_filter.post-proxy {
11:49:29.859 filename = "/etc/raddb/mods-config/attr_filter/post-proxy"
11:49:29.859 key = "%{Realm}"
11:49:29.859 relaxed = no
11:49:29.859 }
11:49:29.859 # Loading module "attr_filter.pre-proxy" from file /etc/raddb/mods-enabled/attr_filter
11:49:29.868 attr_filter attr_filter.pre-proxy {
11:49:29.869 filename = "/etc/raddb/mods-config/attr_filter/pre-proxy"
11:49:29.869 key = "%{Realm}"
11:49:29.869 relaxed = no
11:49:29.869 }
11:49:29.869 # Loading module "attr_filter.access_reject" from file /etc/raddb/mods-enabled/attr_filter
11:49:29.869 attr_filter attr_filter.access_reject {
11:49:29.870 filename = "/etc/raddb/mods-config/attr_filter/access_reject"
11:49:29.870 key = "%{User-Name}"
11:49:29.870 relaxed = no
11:49:29.870 }
11:49:29.870 # Loading module "attr_filter.access_challenge" from file /etc/raddb/mods-enabled/attr_filter
11:49:29.871 attr_filter attr_filter.access_challenge {
11:49:29.872 filename = "/etc/raddb/mods-config/attr_filter/access_challenge"
11:49:29.872 key = "%{User-Name}"
11:49:29.873 relaxed = no
11:49:29.873 }
11:49:29.873 # Loading module "attr_filter.accounting_response" from file /etc/raddb/mods-enabled/attr_filter
11:49:29.873 attr_filter attr_filter.accounting_response {
11:49:29.873 filename = "/etc/raddb/mods-config/attr_filter/accounting_response"
11:49:29.874 key = "%{User-Name}"
11:49:29.874 relaxed = no
11:49:29.874 }
11:49:29.874 # Loaded module rlm_cache
11:49:29.874 # Loading module "cache_eap" from file /etc/raddb/mods-enabled/cache_eap
11:49:29.874 cache cache_eap {
11:49:29.874 driver = "rlm_cache_rbtree"
11:49:29.875 key = "%{%{control:State}:-%{%{reply:State}:-%{State}}}"
11:49:29.875 ttl = 15
11:49:29.875 max_entries = 0
11:49:29.875 epoch = 0
11:49:29.875 add_stats = no
11:49:29.875 }
11:49:29.875 # Loaded module rlm_chap
11:49:29.876 # Loading module "chap" from file /etc/raddb/mods-enabled/chap
11:49:29.876 # Loaded module rlm_date
11:49:29.876 # Loading module "date" from file /etc/raddb/mods-enabled/date
11:49:29.876 date {
11:49:29.876 format = "%b %e %Y %H:%M:%S %Z"
11:49:29.876 utc = no
11:49:29.876 }
11:49:29.877 # Loading module "wispr2date" from file /etc/raddb/mods-enabled/date
11:49:29.877 date wispr2date {
11:49:29.877 format = "%Y-%m-%dT%H:%M:%S"
11:49:29.877 utc = no
11:49:29.877 }
11:49:29.878 # Loaded module rlm_detail
11:49:29.878 # Loading module "detail" from file /etc/raddb/mods-enabled/detail
11:49:29.878 detail {
11:49:29.878 filename = "/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d"
11:49:29.878 header = "%t"
11:49:29.879 permissions = 384
11:49:29.879 locking = no
11:49:29.886 escape_filenames = no
11:49:29.886 log_packet_header = no
11:49:29.886 }
11:49:29.886 # Loading module "auth_log" from file /etc/raddb/mods-enabled/detail.log
11:49:29.886 detail auth_log {
11:49:29.886 filename = "/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d"
11:49:29.887 header = "%t"
11:49:29.887 permissions = 384
11:49:29.888 locking = no
11:49:29.888 escape_filenames = no
11:49:29.888 log_packet_header = no
11:49:29.888 }
11:49:29.889 # Loading module "reply_log" from file /etc/raddb/mods-enabled/detail.log
11:49:29.889 detail reply_log {
11:49:29.889 filename = "/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/reply-detail-%Y%m%d"
11:49:29.889 header = "%t"
11:49:29.889 permissions = 384
11:49:29.891 locking = no
11:49:29.891 escape_filenames = no
11:49:29.891 log_packet_header = no
11:49:29.891 }
11:49:29.891 # Loading module "pre_proxy_log" from file /etc/raddb/mods-enabled/detail.log
11:49:29.891 detail pre_proxy_log {
11:49:29.891 filename = "/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/pre-proxy-detail-%Y%m%d"
11:49:29.891 header = "%t"
11:49:29.891 permissions = 384
11:49:29.891 locking = no
11:49:29.891 escape_filenames = no
11:49:29.891 log_packet_header = no
11:49:29.891 }
11:49:29.891 # Loading module "post_proxy_log" from file /etc/raddb/mods-enabled/detail.log
11:49:29.893 detail post_proxy_log {
11:49:29.893 filename = "/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/post-proxy-detail-%Y%m%d"
11:49:29.893 header = "%t"
11:49:29.893 permissions = 384
11:49:29.893 locking = no
11:49:29.893 escape_filenames = no
11:49:29.894 log_packet_header = no
11:49:29.894 }
11:49:29.894 # Loaded module rlm_digest
11:49:29.894 # Loading module "digest" from file /etc/raddb/mods-enabled/digest
11:49:29.894 # Loaded module rlm_dynamic_clients
11:49:29.894 # Loading module "dynamic_clients" from file /etc/raddb/mods-enabled/dynamic_clients
11:49:29.894 # Loaded module rlm_eap
11:49:29.895 # Loading module "eap" from file /etc/raddb/mods-enabled/eap
11:49:29.895 eap {
11:49:29.895 default_eap_type = "md5"
11:49:29.895 timer_expire = 60
11:49:29.895 ignore_unknown_eap_types = no
11:49:29.895 cisco_accounting_username_bug = no
11:49:29.895 max_sessions = 16384
11:49:29.895 }
11:49:29.895 # Loaded module rlm_exec
11:49:29.904 # Loading module "echo" from file /etc/raddb/mods-enabled/echo
11:49:29.904 exec echo {
11:49:29.905 wait = yes
11:49:29.905 program = "/bin/echo %{User-Name}"
11:49:29.905 input_pairs = "request"
11:49:29.905 output_pairs = "reply"
11:49:29.905 shell_escape = yes
11:49:29.907 }
11:49:29.923 # Loading module "exec" from file /etc/raddb/mods-enabled/exec
11:49:29.923 exec {
11:49:29.924 wait = no
11:49:29.924 input_pairs = "request"
11:49:29.924 shell_escape = yes
11:49:29.924 timeout = 10
11:49:29.924 }
11:49:29.924 # Loaded module rlm_expiration
11:49:29.924 # Loading module "expiration" from file /etc/raddb/mods-enabled/expiration
11:49:29.925 # Loaded module rlm_expr
11:49:29.925 # Loading module "expr" from file /etc/raddb/mods-enabled/expr
11:49:29.927 expr {
11:49:29.945 safe_characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /äéöüàâæçèéêëîïôœùûüaÿÄÉÖÜßÀÂÆÇÈÉÊËÎÏÔŒÙÛÜŸ"
11:49:29.945 }
11:49:29.945 # Loaded module rlm_files
11:49:29.946 # Loading module "files" from file /etc/raddb/mods-enabled/files
11:49:29.946 files {
11:49:29.946 filename = "/etc/raddb/mods-config/files/authorize"
11:49:29.947 acctusersfile = "/etc/raddb/mods-config/files/accounting"
11:49:29.948 preproxy_usersfile = "/etc/raddb/mods-config/files/pre-proxy"
11:49:29.948 }
11:49:29.949 # Loaded module rlm_linelog
11:49:29.950 # Loading module "linelog" from file /etc/raddb/mods-enabled/linelog
11:49:29.950 linelog {
11:49:29.951 filename = "/var/log/radius/linelog"
11:49:29.951 escape_filenames = no
11:49:29.952 syslog_severity = "info"
11:49:29.952 permissions = 384
11:49:29.952 format = "This is a log message for %{User-Name}"
11:49:29.952 reference = "messages.%{%{reply:Packet-Type}:-default}"
11:49:29.952 }
11:49:29.952 # Loading module "log_accounting" from file /etc/raddb/mods-enabled/linelog
11:49:29.953 linelog log_accounting {
11:49:29.953 filename = "/var/log/radius/linelog-accounting"
11:49:29.953 escape_filenames = no
11:49:29.953 syslog_severity = "info"
11:49:29.953 permissions = 384
11:49:29.954 format = ""
11:49:29.954 reference = "Accounting-Request.%{%{Acct-Status-Type}:-unknown}"
11:49:29.954 }
11:49:29.954 # Loaded module rlm_logintime
11:49:29.954 # Loading module "logintime" from file /etc/raddb/mods-enabled/logintime
11:49:29.954 logintime {
11:49:29.954 minimum_timeout = 60
11:49:29.954 }
11:49:29.955 # Loaded module rlm_mschap
11:49:29.955 # Loading module "mschap" from file /etc/raddb/mods-enabled/mschap
11:49:29.955 mschap {
11:49:29.955 use_mppe = yes
11:49:29.955 require_encryption = no
11:49:29.955 require_strong = no
11:49:29.956 with_ntdomain_hack = yes
11:49:29.956 passchange {
11:49:29.956 }
11:49:29.956 allow_retry = yes
11:49:29.956 winbind_retry_with_normalised_username = no
11:49:29.956 }
11:49:29.956 # Loading module "ntlm_auth" from file /etc/raddb/mods-enabled/ntlm_auth
11:49:29.956 exec ntlm_auth {
11:49:29.957 wait = yes
11:49:29.957 program = "/path/to/ntlm_auth --request-nt-key --domain=MYDOMAIN --username=%{mschap:User-Name} --password=%{User-Password}"
11:49:29.957 shell_escape = yes
11:49:29.957 }
11:49:29.957 # Loaded module rlm_pap
11:49:29.957 # Loading module "pap" from file /etc/raddb/mods-enabled/pap
11:49:29.962 pap {
11:49:29.962 normalise = yes
11:49:29.963 }
11:49:29.963 # Loaded module rlm_passwd
11:49:29.963 # Loading module "etc_passwd" from file /etc/raddb/mods-enabled/passwd
11:49:29.963 passwd etc_passwd {
11:49:29.963 filename = "/etc/passwd"
11:49:29.964 format = "*User-Name:Crypt-Password:"
11:49:29.964 delimiter = ":"
11:49:29.965 ignore_nislike = no
11:49:29.966 ignore_empty = yes
11:49:29.967 allow_multiple_keys = no
11:49:29.967 hash_size = 100
11:49:29.967 }
11:49:29.967 # Loaded module rlm_preprocess
11:49:29.967 # Loading module "preprocess" from file /etc/raddb/mods-enabled/preprocess
11:49:29.967 preprocess {
11:49:29.967 huntgroups = "/etc/raddb/mods-config/preprocess/huntgroups"
11:49:29.968 hints = "/etc/raddb/mods-config/preprocess/hints"
11:49:29.968 with_ascend_hack = no
11:49:29.968 ascend_channels_per_line = 23
11:49:29.968 with_ntdomain_hack = no
11:49:29.968 with_specialix_jetstream_hack = no
11:49:29.969 with_cisco_vsa_hack = no
11:49:29.969 with_alvarion_vsa_hack = no
11:49:29.969 }
11:49:29.969 # Loaded module rlm_radutmp
11:49:29.969 # Loading module "radutmp" from file /etc/raddb/mods-enabled/radutmp
11:49:29.969 radutmp {
11:49:29.969 filename = "/var/log/radius/radutmp"
11:49:29.970 username = "%{User-Name}"
11:49:29.970 case_sensitive = yes
11:49:29.970 check_with_nas = yes
11:49:29.970 permissions = 384
11:49:29.970 caller_id = yes
11:49:29.970 }
11:49:29.970 # Loaded module rlm_realm
11:49:29.971 # Loading module "IPASS" from file /etc/raddb/mods-enabled/realm
11:49:29.971 realm IPASS {
11:49:29.971 format = "prefix"
11:49:29.971 delimiter = "/"
11:49:29.971 ignore_default = no
11:49:29.971 ignore_null = no
11:49:29.971 }
11:49:29.972 # Loading module "suffix" from file /etc/raddb/mods-enabled/realm
11:49:29.972 realm suffix {
11:49:29.972 format = "suffix"
11:49:29.972 delimiter = "@"
11:49:29.972 ignore_default = no
11:49:29.972 ignore_null = no
11:49:29.972 }
11:49:29.973 # Loading module "bangpath" from file /etc/raddb/mods-enabled/realm
11:49:29.973 realm bangpath {
11:49:29.977 format = "prefix"
11:49:29.978 delimiter = "!"
11:49:29.978 ignore_default = no
11:49:29.978 ignore_null = no
11:49:29.978 }
11:49:29.978 # Loading module "realmpercent" from file /etc/raddb/mods-enabled/realm
11:49:29.978 realm realmpercent {
11:49:29.979 format = "suffix"
11:49:29.979 delimiter = "%"
11:49:29.979 ignore_default = no
11:49:29.979 ignore_null = no
11:49:29.980 }
11:49:29.980 # Loading module "ntdomain" from file /etc/raddb/mods-enabled/realm
11:49:29.980 realm ntdomain {
11:49:29.980 format = "prefix"
11:49:29.980 delimiter = "\\"
11:49:29.980 ignore_default = no
11:49:29.981 ignore_null = no
11:49:29.981 }
11:49:29.981 # Loaded module rlm_replicate
11:49:29.982 # Loading module "replicate" from file /etc/raddb/mods-enabled/replicate
11:49:29.982 # Loaded module rlm_soh
11:49:29.982 # Loading module "soh" from file /etc/raddb/mods-enabled/soh
11:49:29.983 soh {
11:49:29.983 dhcp = yes
11:49:29.983 }
11:49:29.983 # Loading module "sradutmp" from file /etc/raddb/mods-enabled/sradutmp
11:49:29.983 radutmp sradutmp {
11:49:29.983 filename = "/var/log/radius/sradutmp"
11:49:29.983 username = "%{User-Name}"
11:49:29.984 case_sensitive = yes
11:49:29.984 check_with_nas = yes
11:49:29.984 permissions = 420
11:49:29.984 caller_id = no
11:49:29.984 }
11:49:29.984 # Loaded module rlm_unix
11:49:29.984 # Loading module "unix" from file /etc/raddb/mods-enabled/unix
11:49:29.985 unix {
11:49:29.985 radwtmp = "/var/log/radius/radwtmp"
11:49:29.985 }
11:49:29.985Creating attribute Unix-Group
11:49:29.985 # Loaded module rlm_unpack
11:49:29.985 # Loading module "unpack" from file /etc/raddb/mods-enabled/unpack
11:49:29.985 # Loaded module rlm_utf8
11:49:29.985 # Loading module "utf8" from file /etc/raddb/mods-enabled/utf8
11:49:29.986 # Loaded module rlm_sql
11:49:29.986 # Loading module "sql" from file /etc/raddb/mods-enabled/sql
11:49:29.986 sql {
11:49:29.986 driver = "rlm_sql_postgresql"
11:49:29.986 server = ""
11:49:29.986 port = 0
11:49:29.986 login = ""
11:49:29.987 password = <<< secret >>>
11:49:29.991 radius_db = "dbname=tst02bbradius host=mypostgresdb.corporate.intra user=tst02bbradiususer password=password"
11:49:29.991 read_groups = yes
11:49:29.991 read_profiles = yes
11:49:29.992 read_clients = yes
11:49:29.992 delete_stale_sessions = yes
11:49:29.992 sql_user_name = "%{User-Name}"
11:49:29.992 default_user_profile = ""
11:49:29.992 client_query = "SELECT id, nasname, shortname, type, secret, server FROM nas"
11:49:29.993 authorize_check_query = "SELECT id, UserName, Attribute, Value, Op FROM radcheck WHERE Username = '%{SQL-User-Name}' ORDER BY id"
11:49:29.993 authorize_reply_query = "SELECT id, UserName, Attribute, Value, Op FROM radreply WHERE Username = '%{SQL-User-Name}' ORDER BY id"
11:49:29.994 authorize_group_check_query = "SELECT id, GroupName, Attribute, Value, op FROM radgroupcheck WHERE GroupName = '%{SQL-Group}' ORDER BY id"
11:49:29.994 authorize_group_reply_query = "SELECT id, GroupName, Attribute, Value, op FROM radgroupreply WHERE GroupName = '%{SQL-Group}' ORDER BY id"
11:49:29.995 group_membership_query = "SELECT GroupName FROM radusergroup WHERE UserName='%{SQL-User-Name}' ORDER BY priority"
11:49:29.995 simul_count_query = "SELECT COUNT(*) FROM radacct WHERE UserName='%{SQL-User-Name}' AND AcctStopTime IS NULL"
11:49:29.995 simul_verify_query = "SELECT RadAcctId, AcctSessionId, UserName, NASIPAddress, NASPortId, FramedIPAddress, CallingStationId, FramedProtocol FROM radacct WHERE UserName='%{SQL-User-Name}' AND AcctStopTime IS NULL"
11:49:29.996 safe_characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
11:49:29.997 auto_escape = no
11:49:29.997 accounting {
11:49:29.997 reference = "%{tolower:type.%{%{Acct-Status-Type}:-%{Request-Processing-Stage}}.query}"
11:49:29.998 type {
11:49:29.998 accounting-on {
11:49:29.998 query = "UPDATE radacct SET AcctStopTime = TO_TIMESTAMP(%{integer:Event-Timestamp}), AcctUpdateTime = TO_TIMESTAMP(%{integer:Event-Timestamp}), AcctSessionTime = (%{integer:Event-Timestamp} - EXTRACT(EPOCH FROM(AcctStartTime))), AcctTerminateCause = '%{%{Acct-Terminate-Cause}:-NAS-Reboot}' WHERE AcctStopTime IS NULL AND NASIPAddress= '%{%{NAS-IPv6-Address}:-%{NAS-IP-Address}}' AND AcctStartTime <= '%S'::timestamp"
11:49:29.999 }
11:49:29.999 accounting-off {
11:49:30.000 query = "UPDATE radacct SET AcctStopTime = TO_TIMESTAMP(%{integer:Event-Timestamp}), AcctUpdateTime = TO_TIMESTAMP(%{integer:Event-Timestamp}), AcctSessionTime = (%{integer:Event-Timestamp} - EXTRACT(EPOCH FROM(AcctStartTime))), AcctTerminateCause = '%{%{Acct-Terminate-Cause}:-NAS-Reboot}' WHERE AcctStopTime IS NULL AND NASIPAddress= '%{%{NAS-IPv6-Address}:-%{NAS-IP-Address}}' AND AcctStartTime <= '%S'::timestamp"
11:49:30.000 }
11:49:30.000 start {
11:49:30.001 query = "INSERT INTO radacct (AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctUpdateTime, AcctStopTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, ConnectInfo_Stop, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, AcctTerminateCause, ServiceType, FramedProtocol, FramedIpAddress, FramedIpv6Address, FramedIpv6Prefix, FramedInterfaceId, DelegatedIpv6Prefix) VALUES('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', NULLIF('%{Realm}', ''), '%{%{NAS-IPv6-Address}:-%{NAS-IP-Address}}', NULLIF('%{%{NAS-Port-ID}:-%{NAS-Port}}', ''), '%{NAS-Port-Type}', TO_TIMESTAMP(%{integer:Event-Timestamp}), TO_TIMESTAMP(%{integer:Event-Timestamp}), NULL, 0, '%{Acct-Authentic}', '%{Connect-Info}', NULL, 0, 0, '%{Called-Station-Id}', '%{Calling-Station-Id}', NULL, '%{Service-Type}', '%{Framed-Protocol}', NULLIF('%{Framed-IP-Address}', '')::inet, NULLIF('%{Framed-IPv6-Address}', '')::inet, NULLIF('%{Framed-IPv6-Prefix}', '')::inet, NULLIF('%{Framed-Interface-Id}', ''), NULLIF('%{Delegated-IPv6-Prefix}', '')::inet) ON CONFLICT (AcctUniqueId) DO UPDATE SET AcctStartTime = TO_TIMESTAMP(%{integer:Event-Timestamp}), AcctUpdateTime = TO_TIMESTAMP(%{integer:Event-Timestamp}), ConnectInfo_start = '%{Connect-Info}' WHERE radacct.AcctUniqueId = '%{Acct-Unique-Session-Id}' AND radacct.AcctStopTime IS NULL"
11:49:30.003 }
11:49:30.003 interim-update {
11:49:30.003 query = "UPDATE radacct SET FramedIPAddress = NULLIF('%{Framed-IP-Address}', '')::inet, FramedIPv6Address = NULLIF('%{Framed-IPv6-Address}', '')::inet, FramedIPv6Prefix = NULLIF('%{Framed-IPv6-Prefix}', '')::inet, FramedInterfaceId = NULLIF('%{Framed-Interface-Id}', ''), DelegatedIPv6Prefix = NULLIF('%{Delegated-IPv6-Prefix}', '')::inet, AcctSessionTime = %{%{Acct-Session-Time}:-NULL}, AcctInterval = (%{integer:Event-Timestamp} - EXTRACT(EPOCH FROM (COALESCE(AcctUpdateTime, AcctStartTime)))), AcctUpdateTime = TO_TIMESTAMP(%{integer:Event-Timestamp}), AcctInputOctets = (('%{%{Acct-Input-Gigawords}:-0}'::bigint << 32) + '%{%{Acct-Input-Octets}:-0}'::bigint), AcctOutputOctets = (('%{%{Acct-Output-Gigawords}:-0}'::bigint << 32) + '%{%{Acct-Output-Octets}:-0}'::bigint) WHERE AcctUniqueId = '%{Acct-Unique-Session-Id}' AND AcctStopTime IS NULL"
11:49:30.008 }
11:49:30.008 stop {
11:49:30.009 query = "UPDATE radacct SET AcctStopTime = TO_TIMESTAMP(%{integer:Event-Timestamp}), AcctUpdateTime = TO_TIMESTAMP(%{integer:Event-Timestamp}), AcctSessionTime = COALESCE(%{%{Acct-Session-Time}:-NULL}, (%{integer:Event-Timestamp} - EXTRACT(EPOCH FROM(AcctStartTime)))), AcctInputOctets = (('%{%{Acct-Input-Gigawords}:-0}'::bigint << 32) + '%{%{Acct-Input-Octets}:-0}'::bigint), AcctOutputOctets = (('%{%{Acct-Output-Gigawords}:-0}'::bigint << 32) + '%{%{Acct-Output-Octets}:-0}'::bigint), AcctTerminateCause = '%{Acct-Terminate-Cause}', FramedIPAddress = NULLIF('%{Framed-IP-Address}', '')::inet, FramedIPv6Address = NULLIF('%{Framed-IPv6-Address}', '')::inet, FramedIPv6Prefix = NULLIF('%{Framed-IPv6-Prefix}', '')::inet, FramedInterfaceId = NULLIF('%{Framed-Interface-Id}', ''), DelegatedIPv6Prefix = NULLIF('%{Delegated-IPv6-Prefix}', '')::inet, ConnectInfo_stop = '%{Connect-Info}' WHERE AcctUniqueId = '%{Acct-Unique-Session-Id}' AND AcctStopTime IS NULL"
11:49:30.089 }
11:49:30.095 }
11:49:30.105 }
11:49:30.111 post-auth {
11:49:30.121 reference = ".query"
11:49:30.127 query = "INSERT INTO radpostauth (username, pass, reply, authdate) VALUES('%{User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', NOW())"
11:49:30.155 }
11:49:30.168 }
11:49:30.174rlm_sql (sql): Driver rlm_sql_postgresql (module rlm_sql_postgresql) loaded and linked
11:49:30.185Creating attribute SQL-Group
11:49:30.191 # Loaded module rlm_ldap
11:49:30.201 # Loading module "ldap" from file /etc/raddb/mods-enabled/ldap
11:49:30.208 ldap {
11:49:30.225 server = "localhost"
11:49:30.238 port = 389
11:49:30.244 identity = "uid=superradius,ou=people,dc=xxxxx,dc=net"
11:49:30.254 password = <<< secret >>>
11:49:30.260 sasl {
11:49:30.271 }
11:49:30.290 user_dn = "LDAP-UserDn"
11:49:30.290 user {
11:49:30.291 scope = "sub"
11:49:30.291 access_positive = yes
11:49:30.291 sasl {
11:49:30.291 }
11:49:30.291 }
11:49:30.291 group {
11:49:30.291 filter = "(objectClass=posixGroup)"
11:49:30.293 scope = "sub"
11:49:30.293 name_attribute = "cn"
11:49:30.293 membership_attribute = "memberOf"
11:49:30.293 cacheable_name = no
11:49:30.293 cacheable_dn = no
11:49:30.293 allow_dangling_group_ref = no
11:49:30.293 }
11:49:30.293 client {
11:49:30.293 filter = "(objectClass=radiusClient)"
11:49:30.293 scope = "sub"
11:49:30.294 base_dn = "ou=people,dc=xxxxx,dc=net"
11:49:30.294 }
11:49:30.294 profile {
11:49:30.294 }
11:49:30.294 options {
11:49:30.294 ldap_debug = 40
11:49:30.294 chase_referrals = yes
11:49:30.295 rebind = yes
11:49:30.295 net_timeout = 1
11:49:30.296 res_timeout = 10
11:49:30.296 srv_timelimit = 3
11:49:30.298 idle = 60
11:49:30.298 probes = 3
11:49:30.299 interval = 3
11:49:30.299 }
11:49:30.299 tls {
11:49:30.300 start_tls = no
11:49:30.300 }
11:49:30.300 }
11:49:30.300Creating attribute LDAP-Group
11:49:30.300 instantiate {
11:49:30.300 }
11:49:30.300 # Instantiating module "reject" from file /etc/raddb/mods-enabled/always
11:49:30.300 # Instantiating module "fail" from file /etc/raddb/mods-enabled/always
11:49:30.300 # Instantiating module "ok" from file /etc/raddb/mods-enabled/always
11:49:30.300 # Instantiating module "handled" from file /etc/raddb/mods-enabled/always
11:49:30.300 # Instantiating module "invalid" from file /etc/raddb/mods-enabled/always
11:49:30.300 # Instantiating module "userlock" from file /etc/raddb/mods-enabled/always
11:49:30.301 # Instantiating module "notfound" from file /etc/raddb/mods-enabled/always
11:49:30.301 # Instantiating module "noop" from file /etc/raddb/mods-enabled/always
11:49:30.301 # Instantiating module "updated" from file /etc/raddb/mods-enabled/always
11:49:30.301 # Instantiating module "attr_filter.post-proxy" from file /etc/raddb/mods-enabled/attr_filter
11:49:30.301reading pairlist file /etc/raddb/mods-config/attr_filter/post-proxy
11:49:30.301 # Instantiating module "attr_filter.pre-proxy" from file /etc/raddb/mods-enabled/attr_filter
11:49:30.305reading pairlist file /etc/raddb/mods-config/attr_filter/pre-proxy
11:49:30.306 # Instantiating module "attr_filter.access_reject" from file /etc/raddb/mods-enabled/attr_filter
11:49:30.306reading pairlist file /etc/raddb/mods-config/attr_filter/access_reject
11:49:30.306 # Instantiating module "attr_filter.access_challenge" from file /etc/raddb/mods-enabled/attr_filter
11:49:30.306reading pairlist file /etc/raddb/mods-config/attr_filter/access_challenge
11:49:30.307 # Instantiating module "attr_filter.accounting_response" from file /etc/raddb/mods-enabled/attr_filter
11:49:30.307reading pairlist file /etc/raddb/mods-config/attr_filter/accounting_response
11:49:30.307 # Instantiating module "cache_eap" from file /etc/raddb/mods-enabled/cache_eap
11:49:30.307rlm_cache (cache_eap): Driver rlm_cache_rbtree (module rlm_cache_rbtree) loaded and linked
11:49:30.307 # Instantiating module "detail" from file /etc/raddb/mods-enabled/detail
11:49:30.307 # Instantiating module "auth_log" from file /etc/raddb/mods-enabled/detail.log
11:49:30.308rlm_detail (auth_log): 'User-Password' suppressed, will not appear in detail output
11:49:30.308 # Instantiating module "reply_log" from file /etc/raddb/mods-enabled/detail.log
11:49:30.308 # Instantiating module "pre_proxy_log" from file /etc/raddb/mods-enabled/detail.log
11:49:30.308 # Instantiating module "post_proxy_log" from file /etc/raddb/mods-enabled/detail.log
11:49:30.309 # Instantiating module "eap" from file /etc/raddb/mods-enabled/eap
11:49:30.309 # Linked to sub-module rlm_eap_md5
11:49:30.309 # Linked to sub-module rlm_eap_leap
11:49:30.309 # Linked to sub-module rlm_eap_gtc
11:49:30.309 gtc {
11:49:30.309 challenge = "Password: "
11:49:30.310 auth_type = "PAP"
11:49:30.310 }
11:49:30.310 # Linked to sub-module rlm_eap_tls
11:49:30.310 tls {
11:49:30.310 tls = "tls-common"
11:49:30.310 }
11:49:30.310 tls-config tls-common {
11:49:30.310 verify_depth = 0
11:49:30.311 ca_path = "/etc/raddb/certs"
11:49:30.311 pem_file_type = yes
11:49:30.311 private_key_file = "/etc/raddb/certs/server.pem"
11:49:30.311 certificate_file = "/etc/raddb/certs/server.pem"
11:49:30.312 ca_file = "/etc/raddb/certs/ca.pem"
11:49:30.312 private_key_password = <<< secret >>>
11:49:30.312 dh_file = "/etc/raddb/certs/dh"
11:49:30.312 fragment_size = 1024
11:49:30.313 include_length = yes
11:49:30.313 auto_chain = yes
11:49:30.313 check_crl = no
11:49:30.313 check_all_crl = no
11:49:30.313 cipher_list = "PROFILE=SYSTEM"
11:49:30.314 cipher_server_preference = no
11:49:30.314 ecdh_curve = "prime256v1"
11:49:30.314 disable_tlsv1 = yes
11:49:30.315 disable_tlsv1_1 = yes
11:49:30.315 tls_max_version = "1.2"
11:49:30.315 tls_min_version = "1.2"
11:49:30.315 cache {
11:49:30.315 enable = no
11:49:30.316 lifetime = 24
11:49:30.316 max_entries = 255
11:49:30.316 }
11:49:30.319 verify {
11:49:30.320 skip_if_ocsp_ok = no
11:49:30.320 }
11:49:30.320 ocsp {
11:49:30.320 enable = no
11:49:30.320 override_cert_url = yes
11:49:30.321 url = "http://127.0.0.1/ocsp/"
11:49:30.321 use_nonce = yes
11:49:30.321 timeout = 0
11:49:30.321 softfail = no
11:49:30.321 }
11:49:30.321 }
11:49:30.321Please use tls_min_version and tls_max_version instead of disable_tlsv1
11:49:30.322Please use tls_min_version and tls_max_version instead of disable_tlsv1_2
11:49:30.322 # Linked to sub-module rlm_eap_ttls
11:49:30.322 ttls {
11:49:30.322 tls = "tls-common"
11:49:30.322 default_eap_type = "md5"
11:49:30.323 copy_request_to_tunnel = no
11:49:30.323 use_tunneled_reply = no
11:49:30.323 virtual_server = "inner-tunnel"
11:49:30.324 include_length = yes
11:49:30.324 require_client_cert = no
11:49:30.324 }
11:49:30.324tls: Using cached TLS configuration from previous invocation
11:49:30.324 # Linked to sub-module rlm_eap_peap
11:49:30.324 peap {
11:49:30.325 tls = "tls-common"
11:49:30.325 default_eap_type = "mschapv2"
11:49:30.325 copy_request_to_tunnel = no
11:49:30.325 use_tunneled_reply = no
11:49:30.325 proxy_tunneled_request_as_eap = yes
11:49:30.326 virtual_server = "inner-tunnel"
11:49:30.326 soh = no
11:49:30.326 require_client_cert = no
11:49:30.326 }
11:49:30.327tls: Using cached TLS configuration from previous invocation
11:49:30.327 # Linked to sub-module rlm_eap_mschapv2
11:49:30.327 mschapv2 {
11:49:30.327 with_ntdomain_hack = no
11:49:30.327 send_error = no
11:49:30.328 }
11:49:30.328 # Instantiating module "expiration" from file /etc/raddb/mods-enabled/expiration
11:49:30.328 # Instantiating module "files" from file /etc/raddb/mods-enabled/files
11:49:30.328reading pairlist file /etc/raddb/mods-config/files/authorize
11:49:30.329reading pairlist file /etc/raddb/mods-config/files/accounting
11:49:30.329reading pairlist file /etc/raddb/mods-config/files/pre-proxy
11:49:30.329 # Instantiating module "linelog" from file /etc/raddb/mods-enabled/linelog
11:49:30.329 # Instantiating module "log_accounting" from file /etc/raddb/mods-enabled/linelog
11:49:30.330 # Instantiating module "logintime" from file /etc/raddb/mods-enabled/logintime
11:49:30.330 # Instantiating module "mschap" from file /etc/raddb/mods-enabled/mschap
11:49:30.330rlm_mschap (mschap): using internal authentication
11:49:30.330 # Instantiating module "pap" from file /etc/raddb/mods-enabled/pap
11:49:30.334 # Instantiating module "etc_passwd" from file /etc/raddb/mods-enabled/passwd
11:49:30.334rlm_passwd: nfields: 3 keyfield 0(User-Name) listable: no
11:49:30.335 # Instantiating module "preprocess" from file /etc/raddb/mods-enabled/preprocess
11:49:30.335reading pairlist file /etc/raddb/mods-config/preprocess/huntgroups
11:49:30.335reading pairlist file /etc/raddb/mods-config/preprocess/hints
11:49:30.335 # Instantiating module "IPASS" from file /etc/raddb/mods-enabled/realm
11:49:30.335 # Instantiating module "suffix" from file /etc/raddb/mods-enabled/realm
11:49:30.335 # Instantiating module "bangpath" from file /etc/raddb/mods-enabled/realm
11:49:30.336 # Instantiating module "realmpercent" from file /etc/raddb/mods-enabled/realm
11:49:30.336 # Instantiating module "ntdomain" from file /etc/raddb/mods-enabled/realm
11:49:30.336 # Instantiating module "sql" from file /etc/raddb/mods-enabled/sql
11:49:30.336 postgresql {
11:49:30.336 send_application_name = yes
11:49:30.336 }
11:49:30.337rlm_sql (sql): Attempting to connect to database "dbname=tst02bbradius host=mypostgresdb.corporate.intra user=tst02bbradiususer password=password"
11:49:30.337rlm_sql (sql): Initialising connection pool
11:49:30.337 pool {
11:49:30.337 start = 5
11:49:30.337 min = 3
11:49:30.337 max = 32
11:49:30.338 spare = 10
11:49:30.338 uses = 0
11:49:30.338 lifetime = 0
11:49:30.338 cleanup_interval = 30
11:49:30.339 idle_timeout = 60
11:49:30.340 retry_delay = 30
11:49:30.340 spread = no
11:49:30.340 }
11:49:30.341rlm_sql (sql): Opening additional connection (0), 1 of 32 pending slots used
11:49:30.357rlm_sql_postgresql: Connecting using parameters: dbname=tst02bbradius host=mypostgresdb.corporate.intra user=tst02bbradiususer password=password application_name='FreeRADIUS 3.0.20 - radiusd (sql)'
11:51:39.632rlm_sql_postgresql: Connection failed: could not connect to server: Connection timed out Is the server running on host "mypostgresdb.corporate.intra" (xx.xx.xx.xx) and accepting TCP/IP connections on port 5432?
11:51:39.648rlm_sql_postgresql: Socket destructor called, closing socket
11:51:39.649rlm_sql (sql): Opening connection failed (0)
11:51:39.649rlm_sql (sql): Removing connection pool
11:51:39.651/etc/raddb/mods-enabled/sql[27]: Instantiation failed for module "sql"
More information about the Freeradius-Users
mailing list