log

Module: Linked to sub-module rlm_eap_md5

Module: Instantiating eap-md5

Module: Linked to sub-module rlm_eap_leap

Module: Instantiating eap-leap

Module: Linked to sub-module rlm_eap_gtc

Module: Instantiating eap-gtc

gtc {

challenge = "Password: "

auth_type = "PAP"

}

Module: Linked to sub-module rlm_eap_tls

Module: Instantiating eap-tls

tls {

rsa_key_exchange = no

dh_key_exchange = yes

rsa_key_length = 512

dh_key_length = 512

verify_depth = 0

CA_path = "/etc/freeradius/certs"

pem_file_type = yes

private_key_file = "/etc/freeradius/certs/server.key"

certificate_file = "/etc/freeradius/certs/server.pem"

CA_file = "/etc/freeradius/certs/ca.pem"

private_key_password = "whatever"

dh_file = "/etc/freeradius/certs/dh"

random_file = "/dev/urandom"

fragment_size = 1024

include_length = yes

check_crl = no

cipher_list = "DEFAULT"

make_cert_command = "/etc/freeradius/certs/bootstrap"

ecdh_curve = "prime256v1"

cache {

enable = no

lifetime = 24

max_entries = 255

}

verify {

}

ocsp {

enable = no

override_cert_url = yes

url = "http://127.0.0.1/ocsp/"

}

}

Module: Linked to sub-module rlm_eap_ttls

Module: Instantiating eap-ttls

ttls {

default_eap_type = "md5"

copy_request_to_tunnel = no

use_tunneled_reply = no

virtual_server = "inner-tunnel"

include_length = yes

}

Module: Linked to sub-module rlm_eap_peap

Module: Instantiating eap-peap

peap {

default_eap_type = "mschapv2"

copy_request_to_tunnel = no

use_tunneled_reply = no

proxy_tunneled_request_as_eap = yes

virtual_server = "inner-tunnel"

soh = no

}

Module: Linked to sub-module rlm_eap_mschapv2

Module: Instantiating eap-mschapv2

mschapv2 {

with_ntdomain_hack = no

send_error = no

}

Module: Checking authorize {...} for more modules to load

Module: Linked to module rlm_preprocess

Module: Instantiating module "preprocess" from file /etc/freeradius/modules/preprocess

preprocess {

huntgroups = "/etc/freeradius/huntgroups"

hints = "/etc/freeradius/hints"

with_ascend_hack = no

ascend_channels_per_line = 23

with_ntdomain_hack = no

with_specialix_jetstream_hack = no

with_cisco_vsa_hack = no

with_alvarion_vsa_hack = no

}

Module: Linked to module rlm_realm

Module: Instantiating module "suffix" from file /etc/freeradius/modules/realm

realm suffix {

format = "suffix"

delimiter = "@"

ignore_default = no

ignore_null = no

}

Module: Linked to module rlm_files

Module: Instantiating module "files" from file /etc/freeradius/modules/files

files {

usersfile = "/etc/freeradius/users"

acctusersfile = "/etc/freeradius/acct_users"

preproxy_usersfile = "/etc/freeradius/preproxy_users"

compat = "no"

}

Module: Linked to module rlm_sql

Module: Instantiating module "sql" from file /etc/freeradius/sql.conf

sql {

driver = "rlm_sql_mysql"

server = "localhost"

port = "3306"

login = "radius"

password = "radpass"

radius_db = "radius"

read_groups = yes

sqltrace = no

sqltracefile = "/var/log/freeradius/sqltrace.sql"

readclients = yes

deletestalesessions = yes

num_sql_socks = 5

lifetime = 0

max_queries = 0

sql_user_name = "%{User-Name}"

default_user_profile = ""

nas_query = "SELECT id, nasname, shortname, type, secret, server FROM nas"

authorize_check_query = "SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id"

authorize_reply_query = "SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id"

authorize_group_check_query = "SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id"

authorize_group_reply_query = "SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id"

accounting_onoff_query = " UPDATE radacct SET acctstoptime = '%S', acctsessiontime = unix_timestamp('%S') - unix_timestamp(acctstarttime), acctterminatecause = '%{Acct-Terminate-Cause}', acctstopdelay = %{%{Acct-Delay-Time}:-0} WHERE acctstoptime IS NULL AND nasipaddress = '%{NAS-IP-Address}' AND acctstarttime <= '%S'"

accounting_update_query = " UPDATE radacct SET framedipaddress = '%{Framed-IP-Address}', acctsessiontime = '%{Acct-Session-Time}', acctinputoctets = '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}' WHERE acctsessionid = '%{Acct-Session-Id}' AND username = '%{SQL-User-Name}' AND nasipaddress = '%{NAS-IP-Address}'"

accounting_update_query_alt = " INSERT INTO radacct (acctsessionid, acctuniqueid, username, realm, nasipaddress, nasportid, nasporttype, acctstarttime, acctsessiontime, acctauthentic, connectinfo_start, acctinputoctets, acctoutputoctets, calledstationid, callingstationid, servicetype, framedprotocol, framedipaddress, acctstartdelay, xascendsessionsvrkey) VALUES ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', DATE_SUB('%S', INTERVAL (%{%{Acct-Session-Time}:-0} + %{%{Acct-Delay-Time}:-0}) SECOND), '%{Acct-Session-Time}', '%{Acct-Authentic}', '', '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}', '%{Called-Station-Id}', '%{Calling-Station-Id}', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '0', '%{X-Ascend-Session-Svr-Key}')"

accounting_start_query = " INSERT INTO radacct (acctsessionid, acctuniqueid, username, realm, nasipaddress, nasportid, nasporttype, acctstarttime, acctstoptime, acctsessiontime, acctauthentic, connectinfo_start, connectinfo_stop, acctinputoctets, acctoutputoctets, calledstationid, callingstationid, acctterminatecause, servicetype, framedprotocol, framedipaddress, acctstartdelay, acctstopdelay, xascendsessionsvrkey) VALUES ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', '%S', NULL, '0', '%{Acct-Authentic}', '%{Connect-Info}', '', '0', '0', '%{Called-Station-Id}', '%{Calling-Station-Id}', '', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '%{%{Acct-Delay-Time}:-0}', '0', '%{X-Ascend-Session-Svr-Key}')"

accounting_start_query_alt = " UPDATE radacct SET acctstarttime = '%S', acctstartdelay = '%{%{Acct-Delay-Time}:-0}', connectinfo_start = '%{Connect-Info}' WHERE acctsessionid = '%{Acct-Session-Id}' AND username = '%{SQL-User-Name}' AND nasipaddress = '%{NAS-IP-Address}'"

accounting_stop_query = " UPDATE radacct SET acctstoptime = '%S', acctsessiontime = '%{Acct-Session-Time}', acctinputoctets = '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}', acctterminatecause = '%{Acct-Terminate-Cause}', acctstopdelay = '%{%{Acct-Delay-Time}:-0}', connectinfo_stop = '%{Connect-Info}' WHERE acctsessionid = '%{Acct-Session-Id}' AND username = '%{SQL-User-Name}' AND nasipaddress = '%{NAS-IP-Address}'"

accounting_stop_query_alt = " INSERT INTO radacct (acctsessionid, acctuniqueid, username, realm, nasipaddress, nasportid, nasporttype, acctstarttime, acctstoptime, acctsessiontime, acctauthentic, connectinfo_start, connectinfo_stop, acctinputoctets, acctoutputoctets, calledstationid, callingstationid, acctterminatecause, servicetype, framedprotocol, framedipaddress, acctstartdelay, acctstopdelay) VALUES ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', DATE_SUB('%S', INTERVAL (%{%{Acct-Session-Time}:-0} + %{%{Acct-Delay-Time}:-0}) SECOND), '%S', '%{Acct-Session-Time}', '%{Acct-Authentic}', '', '%{Connect-Info}', '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}', '%{Called-Station-Id}', '%{Calling-Station-Id}', '%{Acct-Terminate-Cause}', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '0', '%{%{Acct-Delay-Time}:-0}')"

group_membership_query = "SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority"

connect_failure_retry_delay = 60

simul_count_query = ""

simul_verify_query = "SELECT radacctid, acctsessionid, username, nasipaddress, nasportid, framedipaddress, callingstationid, framedprotocol FROM radacct WHERE username = '%{SQL-User-Name}' AND acctstoptime IS NULL"

postauth_query = "INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S')"

safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"

}

rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked

rlm_sql (sql): Attempting to connect to radius@localhost:3306/radius

rlm_sql (sql): starting 0

rlm_sql (sql): Attempting to connect rlm_sql_mysql #0

rlm_sql_mysql: Starting connect to MySQL server for #0

rlm_sql (sql): Connected new DB handle, #0

rlm_sql (sql): starting 1

rlm_sql (sql): Attempting to connect rlm_sql_mysql #1

rlm_sql_mysql: Starting connect to MySQL server for #1

rlm_sql (sql): Connected new DB handle, #1

rlm_sql (sql): starting 2

rlm_sql (sql): Attempting to connect rlm_sql_mysql #2

rlm_sql_mysql: Starting connect to MySQL server for #2

rlm_sql (sql): Connected new DB handle, #2

rlm_sql (sql): starting 3

rlm_sql (sql): Attempting to connect rlm_sql_mysql #3

rlm_sql_mysql: Starting connect to MySQL server for #3

rlm_sql (sql): Connected new DB handle, #3

rlm_sql (sql): starting 4

rlm_sql (sql): Attempting to connect rlm_sql_mysql #4

rlm_sql_mysql: Starting connect to MySQL server for #4

rlm_sql (sql): Connected new DB handle, #4

rlm_sql (sql): Processing generate_sql_clients

rlm_sql (sql) in generate_sql_clients: query is SELECT id, nasname, shortname, type, secret, server FROM nas

rlm_sql (sql): Reserving sql socket id: 4

rlm_sql (sql): Released sql socket id: 4

Module: Checking preacct {...} for more modules to load

Module: Linked to module rlm_acct_unique

Module: Instantiating module "acct_unique" from file /etc/freeradius/modules/acct_unique

acct_unique {

key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port"

}

Module: Checking accounting {...} for more modules to load

Module: Linked to module rlm_detail

Module: Instantiating module "detail" from file /etc/freeradius/modules/detail

detail {

detailfile = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d"

header = "%t"

detailperm = 384

dirperm = 493

locking = no

log_packet_header = no

}

Module: Linked to module rlm_radutmp

Module: Instantiating module "radutmp" from file /etc/freeradius/modules/radutmp

radutmp {

filename = "/var/log/freeradius/radutmp"

username = "%{User-Name}"

case_sensitive = yes

check_with_nas = yes

perm = 384

callerid = yes

}

Module: Linked to module rlm_attr_filter

Module: Instantiating module "attr_filter.accounting_response" from file /etc/freeradius/modules/attr_filter

attr_filter attr_filter.accounting_response {

attrsfile = "/etc/freeradius/attrs.accounting_response"

key = "%{User-Name}"

relaxed = no

}

Module: Checking session {...} for more modules to load

Module: Checking post-proxy {...} for more modules to load

Module: Checking post-auth {...} for more modules to load

Module: Instantiating module "attr_filter.access_reject" from file /etc/freeradius/modules/attr_filter

attr_filter attr_filter.access_reject {

attrsfile = "/etc/freeradius/attrs.access_reject"

key = "%{User-Name}"

relaxed = no

}

} # modules

} # server

server inner-tunnel { # from file /etc/freeradius/sites-enabled/inner-tunnel

modules {

Module: Checking authenticate {...} for more modules to load

Module: Checking authorize {...} for more modules to load

Module: Checking session {...} for more modules to load

Module: Checking post-proxy {...} for more modules to load

Module: Checking post-auth {...} for more modules to load

} # modules

} # server

radiusd: #### Opening IP addresses and Ports ####

listen {

type = "auth"

ipaddr = *

port = 0

}

listen {

type = "acct"

ipaddr = *

port = 0

}

listen {

type = "auth"

ipaddr = 127.0.0.1

port = 18120

}

... adding new socket proxy address * port 41568

Listening on authentication address * port 1812

Listening on accounting address * port 1813

Listening on authentication address 127.0.0.1 port 18120 as server inner-tunnel

Listening on proxy address * port 1814

Ready to process requests.

rad_recv: Access-Request packet from host 127.0.0.1 port 34617, id=255, length=47

User-Name = "njunwa1"

User-Password = "0402ok"

# Executing section authorize from file /etc/freeradius/sites-enabled/default

+- entering group authorize {...}

++[preprocess] returns ok

++[chap] returns noop

++[mschap] returns noop

++[digest] returns noop

[suffix] No '@' in User-Name = "njunwa1", looking up realm NULL

[suffix] No such realm "NULL"

++[suffix] returns noop

[eap] No EAP-Message, not doing EAP

++[eap] returns noop

++[files] returns noop

[sql] expand: %{User-Name} -> njunwa1

[sql] sql_set_user escaped user --> 'njunwa1'

rlm_sql (sql): Reserving sql socket id: 3

[sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'njunwa1' ORDER BY id

[sql] User found in radcheck table

[sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'njunwa1' ORDER BY id

[sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'njunwa1' ORDER BY priority

rlm_sql (sql): Released sql socket id: 3

++[sql] returns ok

[expiration] Checking Expiration time: '9 November 2015'

++[expiration] returns ok

++[logintime] returns noop

++[pap] returns updated

Found Auth-Type = PAP

# Executing group from file /etc/freeradius/sites-enabled/default

+- entering group PAP {...}

[pap] login attempt with password "0402ok"

[pap] Using clear text password "0402ok"

[pap] User authenticated successfully

++[pap] returns ok

# Executing section post-auth from file /etc/freeradius/sites-enabled/default

+- entering group post-auth {...}

++[exec] returns noop

Sending Access-Accept of id 255 to 127.0.0.1 port 34617

Acct-Interim-Interval := 60

Session-Timeout = 3772

Finished request 0.

Going to the next request

Waking up in 4.9 seconds.

Cleaning up request 0 ID 255 with timestamp +195

Ready to process requests.