The problem when I run freeRadius server 4.0 in master: Failed adding new socket to network event loop: Failed inserting filters for FD 15: EFAULT: Bad address with libkqueue v2.6.1-28
Baudouin MESMIN DES VAUX
baudouin.mesmin-des-vaux at wifirst.fr
Tue May 16 16:31:00 UTC 2023
Hi guys,
I try to run freeradius V4.0 for tacas+.
I clone the master and do, without issue, the ./configure, make and make
install.
I’m on Ubuntu 2304 up-to-date with libkqueue v2.6.1-28.
When I do the radius -X, I got this error :
#### Opening listener interfaces ####
Network - Failed adding new socket to network event loop: Failed inserting
filters for FD 17: EFAULT: Bad address
/usr/local/etc/raddb/sites-enabled/default[209]: Opening radius I/O
interface failed
I checked the config files, but cannot find the cause.
Could anyone help to tell me how to do, thank you very much.
Thks,
Baudouin
The complete log radiusd -X:
IInfo : Copyright 1999-2022 The FreeRADIUS server project and contributors
Info : There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
Info : PARTICULAR PURPOSE
Info : You may redistribute copies of FreeRADIUS under the terms of the
Info : GNU General Public License
Info : For more information about these matters, see the file named
COPYRIGHT
Info : Starting - reading configuration files ...
Debug : Including dictionary file "/usr/local/etc/raddb/dictionary"
gctx 0x55be4a150e40 report
internal refs src/lib/server/main_config.c (1)
internal refs src/lib/server/request.c (1)
internal refs src/lib/tls/base.c (1)
including configuration file /usr/local/etc/raddb/radiusd.conf
Including files in directory "/usr/local/etc/raddb/template.d/"
including configuration file /usr/local/etc/raddb/template.d/default
including configuration file /usr/local/etc/raddb/clients.conf
Including files in directory "/usr/local/etc/raddb/global.d/"
including configuration file /usr/local/etc/raddb/global.d/ldap
Including files in directory "/usr/local/etc/raddb/mods-enabled/"
including configuration file /usr/local/etc/raddb/mods-enabled/always
including configuration file /usr/local/etc/raddb/mods-enabled/attr_filter
including configuration file /usr/local/etc/raddb/mods-enabled/cache_eap
including configuration file /usr/local/etc/raddb/mods-enabled/chap
including configuration file /usr/local/etc/raddb/mods-enabled/client
including configuration file /usr/local/etc/raddb/mods-enabled/delay
including configuration file /usr/local/etc/raddb/mods-enabled/detail
including configuration file /usr/local/etc/raddb/mods-enabled/detail.log
including configuration file /usr/local/etc/raddb/mods-enabled/digest
including configuration file /usr/local/etc/raddb/mods-enabled/eap
including configuration file /usr/local/etc/raddb/mods-enabled/eap_inner
including configuration file /usr/local/etc/raddb/mods-enabled/echo
including configuration file /usr/local/etc/raddb/mods-enabled/escape
including configuration file /usr/local/etc/raddb/mods-enabled/exec
including configuration file /usr/local/etc/raddb/mods-enabled/files
including configuration file /usr/local/etc/raddb/mods-enabled/linelog
including configuration file /usr/local/etc/raddb/mods-enabled/logintime
including configuration file /usr/local/etc/raddb/mods-enabled/mschap
including configuration file /usr/local/etc/raddb/mods-enabled/ntlm_auth
including configuration file /usr/local/etc/raddb/mods-enabled/pap
including configuration file /usr/local/etc/raddb/mods-enabled/passwd
including configuration file /usr/local/etc/raddb/mods-enabled/radutmp
including configuration file /usr/local/etc/raddb/mods-enabled/soh
including configuration file /usr/local/etc/raddb/mods-enabled/sradutmp
including configuration file /usr/local/etc/raddb/mods-enabled/stats
including configuration file /usr/local/etc/raddb/mods-enabled/unix
including configuration file /usr/local/etc/raddb/mods-enabled/unpack
including configuration file /usr/local/etc/raddb/mods-enabled/utf8
Including files in directory "/usr/local/etc/raddb/policy.d/"
including configuration file /usr/local/etc/raddb/policy.d/abfab-tr
including configuration file /usr/local/etc/raddb/policy.d/accounting
including configuration file /usr/local/etc/raddb/policy.d/canonicalisation
including configuration file /usr/local/etc/raddb/policy.d/control
including configuration file /usr/local/etc/raddb/policy.d/cui
including configuration file /usr/local/etc/raddb/policy.d/debug
including configuration file /usr/local/etc/raddb/policy.d/dhcp
including configuration file /usr/local/etc/raddb/policy.d/eap
including configuration file /usr/local/etc/raddb/policy.d/filter
including configuration file /usr/local/etc/raddb/policy.d/operator-name
including configuration file /usr/local/etc/raddb/policy.d/tacacs
including configuration file /usr/local/etc/raddb/policy.d/time
including configuration file /usr/local/etc/raddb/policy.d/vendor
Including files in directory "/usr/local/etc/raddb/sites-enabled/"
including configuration file /usr/local/etc/raddb/sites-enabled/default
Loaded module process_radius
including configuration file /usr/local/etc/raddb/sites-enabled/inner-tunnel
Parsing security rules to bootstrap UID / GID / chroot / etc.
main {
prefix = \/usr\/local
security {
allow_core_dumps = no
allow_vulnerable_openssl = no
openssl_fips_mode = no
}
name = radiusd
local_state_dir = "/usr/local/var"
run_dir = \/usr\/local\/var\/run\/radiusd
}
Parsing main configuration
main {
server default {
namespace = radius
radius {
Access-Request {
log {
stripped_names = no
auth = no
auth_badpass = no
auth_goodpass = no
msg_denied = "You are already logged in - access denied"
}
session {
timeout = 15
max = 4096
}
}
}
Loaded module proto_radius
listen {
type = Access-Request
type = Status-Server
transport = udp
Loaded module proto_radius_udp
udp {
ipv4addr = 10.0.100.11
port = 1812
networks {
allow = 127/8
allow = 46.192.0.0/15
}
max_packet_size = 4096
max_attributes = 255
}
limit {
cleanup_delay = 5.0
idle_timeout = 60.0
nak_lifetime = 30.0
max_connections = 256
max_clients = 256
max_pending_packets = 256
}
priority {
Access-Request = high
Accounting-Request = low
CoA-Request = normal
Disconnect-Request = low
Status-Server = now
}
}
listen tcp_auth {
type = Access-Request
type = Status-Server
transport = tcp
Loaded module proto_radius_tcp
tcp {
ipaddr = *
port = 1812
networks {
allow = 127/8
allow = 192.0.2/24
}
max_packet_size = 4096
max_attributes = 255
}
limit {
cleanup_delay = 5.0
idle_timeout = 30.0
nak_lifetime = 30.0
max_connections = 1024
max_clients = 256
max_pending_packets = 256
}
priority {
Access-Request = high
Accounting-Request = low
CoA-Request = normal
Disconnect-Request = low
Status-Server = now
}
}
listen udp_acct {
type = Accounting-Request
transport = udp
udp {
ipaddr = *
port = 1813
networks {
}
max_packet_size = 4096
max_attributes = 255
}
limit {
cleanup_delay = 5.0
idle_timeout = 30.0
nak_lifetime = 30.0
max_connections = 1024
max_clients = 256
max_pending_packets = 256
}
priority {
Access-Request = high
Accounting-Request = low
CoA-Request = normal
Disconnect-Request = low
Status-Server = now
}
}
}
server inner-tunnel {
namespace = radius
radius {
Access-Request {
log {
stripped_names = no
auth = no
auth_badpass = no
auth_goodpass = no
msg_denied = "You are already logged in - access denied"
}
session {
timeout = 15
max = 4096
}
}
}
listen {
type = Access-Request
transport = udp
udp {
ipaddr = 127.0.0.1
port = 18120
networks {
}
max_packet_size = 4096
max_attributes = 255
}
limit {
cleanup_delay = 5.0
idle_timeout = 30.0
nak_lifetime = 30.0
max_connections = 1024
max_clients = 256
max_pending_packets = 256
}
priority {
Access-Request = high
Accounting-Request = low
CoA-Request = normal
Disconnect-Request = low
Status-Server = now
}
}
}
security {
}
sbin_dir = "/usr/local/sbin"
logdir = \/usr\/local\/var\/log\/radius
radacctdir = \/usr\/local\/var\/log\/radius\/radacct
reverse_lookups = no
hostname_lookups = yes
max_request_time = 30
pidfile = \/usr\/local\/var\/run\/radiusd\/radiusd.pid
debug_level = 0
max_requests = 16384
log {
colourise = yes
}
resources {
}
thread pool {
num_networks = 1
num_workers = 0
Setting thread.workers = 2
openssl_async_pool_init = 64
openssl_async_pool_max = 1024
}
migrate {
}
interpret {
}
}
Switching to configured log settings
radiusd: #### Loading Clients ####
client localhost {
ipaddr = 127.0.0.1
secret = <<< secret >>>
require_message_authenticator = no
proto = *
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
client localhost_ipv6 {
ipv6addr = ::1
secret = <<< secret >>>
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30s
}
}
Debugger not attached
trigger { ... } subsection not found, triggers will be disabled
#### Instantiating libraries ####
#### Bootstrapping process modules ####
Bootstrapping process_radius "default"
Creating Auth-Type = pap
Creating Auth-Type = chap
Creating Auth-Type = mschap
Creating Auth-Type = digest
Creating Auth-Type = ldap
Creating Auth-Type = eap
Bootstrapping process_radius "inner-tunnel"
#### Bootstrapping protocol modules ####
Bootstrapping proto_radius "default.radius"
client localhost {
ipaddr = 192.0.2.1
secret = <<< secret >>>
shortname = sample
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30s
}
}
Bootstrapping proto_radius "default.tcp_auth"
Bootstrapping proto_radius "default.udp_acct"
Bootstrapping proto_radius "inner-tunnel.radius"
#### Instantiating libraries ####
#### Bootstrapping modules ####
modules {
Loaded module rlm_always
always reject {
rcode = reject
simulcount = 0
mpp = no
}
always fail {
rcode = fail
simulcount = 0
mpp = no
}
always ok {
rcode = ok
simulcount = 0
mpp = no
}
always handled {
rcode = handled
simulcount = 0
mpp = no
}
always invalid {
rcode = invalid
simulcount = 0
mpp = no
}
always disallow {
rcode = disallow
simulcount = 0
mpp = no
}
always notfound {
rcode = notfound
simulcount = 0
mpp = no
}
always noop {
rcode = noop
simulcount = 0
mpp = no
}
always updated {
rcode = updated
simulcount = 0
mpp = no
}
Loaded module rlm_attr_filter
attr_filter attr_filter.pre-proxy {
filename =
\/usr\/local\/etc\/raddb\/mods-config\/attr_filter\/pre-proxy
key = "%{Realm}"
relaxed = no
}
attr_filter attr_filter.post-proxy {
filename =
\/usr\/local\/etc\/raddb\/mods-config\/attr_filter\/post-proxy
key = "%{Realm}"
relaxed = no
}
attr_filter attr_filter.access_reject {
filename =
\/usr\/local\/etc\/raddb\/mods-config\/attr_filter\/access_reject
key = "%{User-Name}"
relaxed = no
}
attr_filter attr_filter.access_challenge {
filename =
\/usr\/local\/etc\/raddb\/mods-config\/attr_filter\/access_challenge
key = "%{User-Name}"
relaxed = no
}
attr_filter attr_filter.accounting_response {
filename =
\/usr\/local\/etc\/raddb\/mods-config\/attr_filter\/accounting_response
key = "%{User-Name}"
relaxed = no
}
Loaded module rlm_cache
cache cache_eap {
driver = rbtree
Loaded module rlm_cache_rbtree
key = %{%{control.State}:-%{%{reply.State}:-%{State}}}
ttl = 15
max_entries = 0
epoch = 0
add_stats = no
}
Loaded module rlm_chap
Loaded module rlm_client
Loaded module rlm_delay
delay {
delay = 1.0s
relative = no
force_reschedule = no
}
delay delay_reject {
delay = "%{%{reply.FreeRADIUS-Response-Delay}:-1}"
relative = yes
force_reschedule = no
}
Loaded module rlm_detail
detail {
filename =
\/usr\/local\/var\/log\/radius\/radacct\/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}\/detail-%Y-%m-%d
header = %t
permissions = 0600
locking = no
escape_filenames = no
log_packet_header = no
}
detail auth_log {
filename =
\/usr\/local\/var\/log\/radius\/radacct\/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}\/auth-detail-%Y-%m-%d
header = %t
permissions = 0600
locking = no
escape_filenames = no
log_packet_header = no
}
detail reply_log {
filename =
\/usr\/local\/var\/log\/radius\/radacct\/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}\/reply-detail-%Y-%m-%d
header = %t
permissions = 0600
locking = no
escape_filenames = no
log_packet_header = no
}
detail pre_proxy_log {
filename =
\/usr\/local\/var\/log\/radius\/radacct\/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}\/pre-proxy-detail-%Y-%m-%d
header = %t
permissions = 0600
locking = no
escape_filenames = no
log_packet_header = no
}
detail post_proxy_log {
filename =
\/usr\/local\/var\/log\/radius\/radacct\/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}\/post-proxy-detail-%Y-%m-%d
header = %t
permissions = 0600
locking = no
escape_filenames = no
log_packet_header = no
}
Loaded module rlm_digest
Loaded module rlm_eap
eap {
require_identity_realm = nai
type = md5
Loaded module rlm_eap_md5
type = gtc
Loaded module rlm_eap_gtc
gtc {
challenge = "Password: "
auth_type = PAP
}
type = tls
Loaded module rlm_eap_tls
tls {
tls = tls-common
require_client_cert = yes
include_length = yes
}
type = ttls
Loaded module rlm_eap_ttls
ttls {
tls = tls-common
virtual_server = "inner-tunnel"
include_length = yes
require_client_cert = no
}
type = mschapv2
Loaded module rlm_eap_mschapv2
mschapv2 {
with_ntdomain_hack = no
auth_type = mschap
send_error = no
}
type = peap
Loaded module rlm_eap_peap
peap {
tls = tls-common
virtual_server = "inner-tunnel"
soh = no
require_client_cert = no
}
ignore_unknown_eap_types = no
}
eap inner-eap {
require_identity_realm = nai
default_eap_type = mschapv2
type = md5
type = gtc
gtc {
challenge = "Password: "
auth_type = PAP
}
type = mschapv2
mschapv2 {
with_ntdomain_hack = no
auth_type = mschap
send_error = no
}
type = tls
tls {
tls = tls-peer
require_client_cert = yes
include_length = yes
}
ignore_unknown_eap_types = no
}
Loaded module rlm_exec
exec echo {
wait = yes
program = "/bin/echo Tmp-String-\0 := %{User-Name}"
input_pairs = &request
output_pairs = &reply
shell_escape = yes
env_inherit = no
}
Loaded module rlm_escape
escape {
safe_characters =
"@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ\0123456789.-_:
/äéöüàâæçèéêëîïôœùûüaÿÄÉÖÜßÀÂÆÇÈÉÊËÎÏÔŒÙÛÜŸ"
}
exec {
wait = yes
input_pairs = &request
shell_escape = yes
env_inherit = no
timeout = 10
}
Loaded module rlm_files
files {
filename = \/usr\/local\/etc\/raddb\/mods-config\/files\/authorize
acctusersfile =
\/usr\/local\/etc\/raddb\/mods-config\/files\/accounting
key = %{%{Stripped-User-Name}:-%{User-Name}}
}
Loaded module rlm_linelog
linelog {
destination = file
delimiter = "\n"
format = "This is a log message for %{User-Name}"
reference = "messages.%{%{reply.Packet-Type}:-default}"
file {
filename = \/usr\/local\/var\/log\/radius\/linelog
permissions = 0600
escape_filenames = no
}
syslog {
severity = "info"
}
unix {
}
tcp {
server = localhost
port = 514
timeout = 2.0
}
udp {
server = localhost
port = 514
timeout = 2.0
}
}
linelog log_accounting {
destination = file
delimiter = "\n"
format = ""
reference = "Accounting-Request.%{%{Acct-Status-Type}:-unknown}"
file {
filename = \/usr\/local\/var\/log\/radius\/linelog-accounting
permissions = 0600
escape_filenames = no
}
syslog {
severity = "info"
}
unix {
}
tcp {
timeout = 1000
}
udp {
timeout = 1000
}
}
Loaded module rlm_logintime
logintime {
minimum_timeout = 60
}
Loaded module rlm_mschap
mschap {
normalise = yes
use_mppe = yes
require_encryption = no
require_strong = no
with_ntdomain_hack = yes
passchange {
}
allow_retry = yes
winbind {
}
}
exec ntlm_auth {
wait = yes
program = "/path/to/ntlm_auth --request-nt-key --domain=MYDOMAIN
--username=%(mschap:User-Name) --password=%{User-Password}"
shell_escape = yes
env_inherit = no
}
Loaded module rlm_pap
pap {
normalise = yes
}
Loaded module rlm_passwd
passwd etc_passwd {
filename = \/etc\/passwd
format = "*User-Name:Crypt-Password:"
delimiter = ":"
ignore_nislike = no
ignore_empty = yes
allow_multiple_keys = no
hash_size = 100
}
Loaded module rlm_radutmp
radutmp {
filename = \/usr\/local\/var\/log\/radius\/radutmp
username = %{User-Name}
check_with_nas = yes
permissions = 0600
caller_id = no
}
Loaded module rlm_soh
soh {
dhcp = yes
}
radutmp sradutmp {
filename = \/usr\/local\/var\/log\/radius\/sradutmp
username = "%{User-Name}"
check_with_nas = yes
permissions = 0644
caller_id = no
}
Loaded module rlm_stats
stats {
}
Loaded module rlm_unix
unix {
}
Loaded module rlm_unpack
Loaded module rlm_utf8
#### Bootstrapping rlm modules ####
Bootstrapping rlm_cache "cache_eap"
Bootstrapping rlm_delay "delay"
Bootstrapping rlm_delay "delay_reject"
Bootstrapping rlm_always "disallow"
Bootstrapping rlm_eap "eap"
Bootstrapping rlm_exec "echo"
Bootstrapping rlm_escape "escape"
Bootstrapping rlm_exec "exec"
Bootstrapping rlm_always "fail"
Bootstrapping rlm_always "handled"
Bootstrapping rlm_eap "inner-eap"
Bootstrapping rlm_always "invalid"
Bootstrapping rlm_linelog "linelog"
Bootstrapping rlm_linelog "log_accounting"
Bootstrapping rlm_mschap "mschap"
Bootstrapping rlm_always "noop"
Bootstrapping rlm_always "notfound"
Bootstrapping rlm_exec "ntlm_auth"
Bootstrapping rlm_always "ok"
Bootstrapping rlm_always "reject"
Bootstrapping rlm_soh "soh"
Bootstrapping rlm_unix "unix"
Creating attribute Unix-Group
Bootstrapping rlm_unpack "unpack"
Bootstrapping rlm_always "updated"
} # modules
#### Instantiating listeners ####
Compiling policies in server default { ... }
Instantiating proto_radius "default.radius"
Instantiating proto_radius "default.tcp_auth"
Instantiating proto_radius "default.udp_acct"
Instantiating process_radius "default"
Compiling policies in - recv Access-Request {...}
/usr/local/etc/raddb/sites-enabled/default[793]: Ignoring "-sql" as the
"sql" module is not enabled.
/usr/local/etc/raddb/sites-enabled/default[809]: Ignoring "-ldap" as the
"ldap" module is not enabled.
Compiling policies in - send Access-Accept {...}
/usr/local/etc/raddb/sites-enabled/default[1115]: Ignoring "-sql" as the
"sql" module is not enabled.
Compiling policies in - send Access-Challenge {...}
Compiling policies in - send Access-Reject {...}
/usr/local/etc/raddb/sites-enabled/default[1228]: Ignoring "-sql" as the
"sql" module is not enabled.
Compiling policies in - recv Accounting-Request {...}
Compiling policies in - send Accounting-Response {...}
/usr/local/etc/raddb/sites-enabled/default[1443]: Ignoring "-sql" as the
"sql" module is not enabled.
Compiling policies in - recv Status-Server {...}
Compiling policies in - authenticate pap {...}
Compiling policies in - authenticate chap {...}
Compiling policies in - authenticate mschap {...}
Compiling policies in - authenticate digest {...}
Compiling policies in - authenticate ldap {...}
/usr/local/etc/raddb/sites-enabled/default[978]: Ignoring "-ldap" as the
"ldap" module is not enabled.
Compiling policies in - authenticate eap {...}
Compiling policies in - accounting Start {...}
Compiling policies in - accounting Stop {...}
Compiling policies in - accounting Alive {...}
Compiling policies in - accounting Accounting-On {...}
Compiling policies in - accounting Accounting-Off {...}
Compiling policies in - accounting Failed {...}
/usr/local/etc/raddb/sites-enabled/default[80]: radius { ... } section is
unused
Compiling policies in server inner-tunnel { ... }
Instantiating proto_radius "inner-tunnel.radius"
Instantiating process_radius "inner-tunnel"
Compiling policies in - recv Access-Request {...}
/usr/local/etc/raddb/sites-enabled/inner-tunnel[124]: Ignoring "-sql" as
the "sql" module is not enabled.
/usr/local/etc/raddb/sites-enabled/inner-tunnel[134]: Ignoring "-ldap" as
the "ldap" module is not enabled.
Compiling policies in - send Access-Accept {...}
/usr/local/etc/raddb/sites-enabled/inner-tunnel[267]: Ignoring "-sql" as
the "sql" module is not enabled.
Compiling policies in - send Access-Reject {...}
/usr/local/etc/raddb/sites-enabled/inner-tunnel[302]: Ignoring "-sql" as
the "sql" module is not enabled.
Compiling policies in - authenticate pap {...}
Compiling policies in - authenticate chap {...}
Compiling policies in - authenticate mschap {...}
Compiling policies in - authenticate eap {...}
src/lib/server/virtual_servers.c[311]: radius { ... } section is unused
#### Instantiating rlm modules ####
Instantiating rlm_attr_filter "attr_filter.access_challenge"
Reading file /usr/local/etc/raddb/mods-config/attr_filter/access_challenge
Instantiating rlm_attr_filter "attr_filter.access_reject"
Reading file /usr/local/etc/raddb/mods-config/attr_filter/access_reject
Instantiating rlm_attr_filter "attr_filter.accounting_response"
Reading file
/usr/local/etc/raddb/mods-config/attr_filter/accounting_response
Instantiating rlm_attr_filter "attr_filter.post-proxy"
Reading file /usr/local/etc/raddb/mods-config/attr_filter/post-proxy
Instantiating rlm_attr_filter "attr_filter.pre-proxy"
Reading file /usr/local/etc/raddb/mods-config/attr_filter/pre-proxy
Instantiating rlm_detail "auth_log"
auth_log - 'User-Password' suppressed, will not appear in detail output
Instantiating rlm_cache "cache_eap"
Instantiating rlm_chap "chap"
Instantiating rlm_detail "detail"
Instantiating rlm_digest "digest"
Instantiating rlm_always "disallow"
Instantiating rlm_eap "eap"
Instantiating rlm_exec "echo"
Instantiating rlm_passwd "etc_passwd"
Instantiating rlm_exec "exec"
Instantiating rlm_always "fail"
Instantiating rlm_files "files"
Reading file /usr/local/etc/raddb/mods-config/files/authorize
Reading file /usr/local/etc/raddb/mods-config/files/accounting
Instantiating rlm_always "handled"
Instantiating rlm_eap "inner-eap"
inner-eap - Failed to find 'authenticate inner-eap {...}' section. EAP
authentication will likely not work
Instantiating rlm_always "invalid"
Instantiating rlm_linelog "linelog"
Instantiating rlm_linelog "log_accounting"
Instantiating rlm_logintime "logintime"
Instantiating rlm_mschap "mschap"
mschap - Using internal authentication
Instantiating rlm_always "noop"
Instantiating rlm_always "notfound"
Instantiating rlm_exec "ntlm_auth"
Instantiating rlm_always "ok"
Instantiating rlm_pap "pap"
Instantiating rlm_detail "post_proxy_log"
Instantiating rlm_detail "pre_proxy_log"
Instantiating rlm_always "reject"
Instantiating rlm_detail "reply_log"
Instantiating rlm_stats "stats"
Instantiating rlm_always "updated"
Instantiating _cache_rbtree "cache_eap.rbtree"
Instantiating _eap_mschapv2 "eap.mschapv2"
Instantiating _eap_peap "eap.peap"
tls-config tls-common {
chain rsa {
format = pem
certificate_file =
\/usr\/local\/etc\/raddb\/certs\/rsa\/server.pem
private_key_password = <<< secret >>>
private_key_file =
\/usr\/local\/etc\/raddb\/certs\/rsa\/server.key
ca_file = \/usr\/local\/etc\/raddb\/certs\/rsa\/ca.pem
verify_mode = hard
include_root_ca = no
}
verify_depth = 0
ca_path = \/usr\/local\/etc\/raddb\/certs
ca_file = \/usr\/local\/etc\/raddb\/certs\/rsa\/ca.pem
dh_file = \/usr\/local\/etc\/raddb\/certs\/dh
fragment_size = 1024
cipher_list = "DEFAULT"
cipher_server_preference = yes
allow_renegotiation = no
ecdh_curve = prime256v1
tls_min_version = 1.2
session {
mode = auto
name = "%{EAP-Type}%{Virtual-Server}"
lifetime = 1d
require_extended_master_secret = yes
require_perfect_forward_secrecy = no
}
verify {
mode = all
attribute_mode = client-and-issuer
check_crl = no
}
}
tls - A virtual_server must be provided for stateful caching. cache.mode =
"auto" rewritten to cache.mode = "stateless"
Instantiating _eap_tls "eap.tls"
tls - Using cached TLS configuration from previous invocation
Instantiating _eap_ttls "eap.ttls"
tls - Using cached TLS configuration from previous invocation
Instantiating _eap_mschapv2 "inner-eap.mschapv2"
Instantiating _eap_tls "inner-eap.tls"
tls-config tls-peer {
chain {
format = pem
certificate_file =
\/usr\/local\/etc\/raddb\/certs\/rsa\/server.pem
private_key_password = <<< secret >>>
private_key_file =
\/usr\/local\/etc\/raddb\/certs\/rsa\/server.key
ca_file = \/usr\/local\/etc\/raddb\/certs\/rsa\/ca.pem
verify_mode = hard
include_root_ca = no
}
verify_depth = 0
ca_path = \/usr\/local\/etc\/raddb\/certs
ca_file = \/usr\/local\/etc\/raddb\/certs\/rsa\/ca.pem
dh_file = \/usr\/local\/etc\/raddb\/certs\/dh
fragment_size = 16384
cipher_server_preference = yes
allow_renegotiation = no
ecdh_curve = "prime256v1"
tls_min_version = 1.2
session {
mode = auto
name = "%{EAP-Type}%{Virtual-Server}"
lifetime = 1d
require_extended_master_secret = yes
require_perfect_forward_secrecy = no
}
verify {
mode = all
attribute_mode = client-and-issuer
check_crl = no
}
}
tls - A virtual_server must be provided for stateful caching. cache.mode =
"auto" rewritten to cache.mode = "stateless"
Scheduler created in single-threaded mode
#### Opening listener interfaces ####
Network - Failed adding new socket to network event loop: Failed inserting
filters for FD 17: EFAULT: Bad address
/usr/local/etc/raddb/sites-enabled/default[209]: Opening radius I/O
interface failed
--
*Ce message et toutes les pièces jointes (ci-après le "message") sont
établis à l’intention exclusive des destinataires désignés. Il contient des
informations confidentielles et pouvant être protégé par le secret
professionnel. Si vous recevez ce message par erreur, merci d'en avertir
immédiatement l'expéditeur et de détruire le message. Toute utilisation de
ce message non conforme à sa destination, toute diffusion ou toute
publication, totale ou partielle, est interdite, sauf autorisation expresse
de l'émetteur*
More information about the Freeradius-Users
mailing list