Cheers,
I´m in the testing phase of a freeradius for the EDUROAM federation; local
users are working ok authenticated against an AD, but when I proxy for the
federation, users loose attributes, like Service-Type = "Framed-User", and is
all zeros like "Message-Authenticator = 0x00000000000000000000000000000000".
Obviously the request is denied by the federation, while a radtest works fine.
In proxy.conf I have:
realm DEFAULT {
type = radius
authhost = federation_server:1812
accthost =federation_server:1813
secret = xxxxxxxx
nostrip
}
My pre-proxy at the moment is:
pre-proxy {
# files
# attr_filter.pre-proxy
# If you want to have a log of packets proxied to a home
# server, un-comment the following line, and the
# 'detail pre_proxy_log' section, above.
pre_proxy_log
# if (Packet-Type != Accounting-Request) {
# attr_filter.pre-proxy
# }
}
I´ve already tried some approaches and at the moment I am quite at loss of how
to tackle this problem. Some ideas?
Best regards,
Rui Ribeiro
Here comes the debugging:
!free
freeradius -Xxxxxx
Thu Jan 5 21:14:05 2012 : Info: FreeRADIUS Version 2.1.10, for host
i486-pc-linux-gnu, built on Nov 14 2010 at 20:41:03
Thu Jan 5 21:14:05 2012 : Info: Copyright (C) 1999-2009 The FreeRADIUS server
project and contributors.
Thu Jan 5 21:14:05 2012 : Info: There is NO warranty; not even for
MERCHANTABILITY or FITNESS FOR A
Thu Jan 5 21:14:05 2012 : Info: PARTICULAR PURPOSE.
Thu Jan 5 21:14:05 2012 : Info: You may redistribute copies of FreeRADIUS
under the terms of the
Thu Jan 5 21:14:05 2012 : Info: GNU General Public License v2.
Thu Jan 5 21:14:05 2012 : Info: Starting - reading configuration files ...
Thu Jan 5 21:14:05 2012 : Debug: including configuration file
/etc/freeradius/radiusd.conf
Thu Jan 5 21:14:05 2012 : Debug: including configuration file
/etc/freeradius/proxy.conf
Thu Jan 5 21:14:05 2012 : Debug: including configuration file
/etc/freeradius/clients.conf
Thu Jan 5 21:14:05 2012 : Debug: including files in directory
/etc/freeradius/modules/
Thu Jan 5 21:14:05 2012 : Debug: including configuration file
/etc/freeradius/modules/smsotp
Thu Jan 5 21:14:05 2012 : Debug: including configuration file
/etc/freeradius/modules/policy
Thu Jan 5 21:14:05 2012 : Debug: including configuration file
/etc/freeradius/modules/sqlcounter_expire_on_login
Thu Jan 5 21:14:05 2012 : Debug: including configuration file
/etc/freeradius/modules/counter
Thu Jan 5 21:14:05 2012 : Debug: including configuration file
/etc/freeradius/modules/checkval
Thu Jan 5 21:14:05 2012 : Debug: including configuration file
/etc/freeradius/modules/detail
Thu Jan 5 21:14:05 2012 : Debug: including configuration file
/etc/freeradius/modules/radutmp
Thu Jan 5 21:14:05 2012 : Debug: including configuration file
/etc/freeradius/modules/detail.log
Thu Jan 5 21:14:05 2012 : Debug: including configuration file
/etc/freeradius/modules/ntlm_auth
Thu Jan 5 21:14:05 2012 : Debug: including configuration file
/etc/freeradius/modules/mac2ip
Thu Jan 5 21:14:05 2012 : Debug: including configuration file
/etc/freeradius/modules/perl
Thu Jan 5 21:14:05 2012 : Debug: including configuration file
/etc/freeradius/modules/otp
Thu Jan 5 21:14:05 2012 : Debug: including configuration file
/etc/freeradius/modules/ippool
Thu Jan 5 21:14:05 2012 : Debug: including configuration file
/etc/freeradius/modules/linelog
Thu Jan 5 21:14:05 2012 : Debug: including configuration file
/etc/freeradius/modules/detail.example.com
Thu Jan 5 21:14:05 2012 : Debug: including configuration file
/etc/freeradius/modules/f_ticks
Thu Jan 5 21:14:05 2012 : Debug: including configuration file
/etc/freeradius/modules/attr_rewrite
Thu Jan 5 21:14:05 2012 : Debug: including configuration file
/etc/freeradius/modules/preprocess
Thu Jan 5 21:14:05 2012 : Debug: including configuration file
/etc/freeradius/modules/attr_filter
Thu Jan 5 21:14:05 2012 : Debug: including configuration file
/etc/freeradius/modules/always
Thu Jan 5 21:14:05 2012 : Debug: including configuration file
/etc/freeradius/modules/sql_log
Thu Jan 5 21:14:05 2012 : Debug: including configuration file
/etc/freeradius/modules/smbpasswd
Thu Jan 5 21:14:05 2012 : Debug: including configuration file
/etc/freeradius/modules/files
Thu Jan 5 21:14:05 2012 : Debug: including configuration file
/etc/freeradius/modules/unix
Thu Jan 5 21:14:05 2012 : Debug: including configuration file
/etc/freeradius/modules/ldap
Thu Jan 5 21:14:05 2012 : Debug: including configuration file
/etc/freeradius/modules/sradutmp
Thu Jan 5 21:14:05 2012 : Debug: including configuration file
/etc/freeradius/modules/expiration
Thu Jan 5 21:14:05 2012 : Debug: including configuration file
/etc/freeradius/modules/inner-eap
Thu Jan 5 21:14:05 2012 : Debug: including configuration file
/etc/freeradius/modules/mschap
Thu Jan 5 21:14:05 2012 : Debug: including configuration file
/etc/freeradius/modules/mac2vlan
Thu Jan 5 21:14:05 2012 : Debug: including configuration file
/etc/freeradius/modules/krb5
Thu Jan 5 21:14:05 2012 : Debug: including configuration file
/etc/freeradius/modules/passwd
Thu Jan 5 21:14:05 2012 : Debug: including configuration file
/etc/freeradius/modules/pam
Thu Jan 5 21:14:05 2012 : Debug: including configuration file
/etc/freeradius/modules/realm
Thu Jan 5 21:14:05 2012 : Debug: including configuration file
/etc/freeradius/modules/wimax
Thu Jan 5 21:14:05 2012 : Debug: including configuration file
/etc/freeradius/modules/chap
Thu Jan 5 21:14:05 2012 : Debug: including configuration file
/etc/freeradius/modules/exec
Thu Jan 5 21:14:05 2012 : Debug: including configuration file
/etc/freeradius/modules/expr
Thu Jan 5 21:14:05 2012 : Debug: including configuration file
/etc/freeradius/modules/acct_unique
Thu Jan 5 21:14:05 2012 : Debug: including configuration file
/etc/freeradius/modules/cui
Thu Jan 5 21:14:05 2012 : Debug: including configuration file
/etc/freeradius/modules/opendirectory
Thu Jan 5 21:14:05 2012 : Debug: including configuration file
/etc/freeradius/modules/dynamic_clients
Thu Jan 5 21:14:05 2012 : Debug: including configuration file
/etc/freeradius/modules/echo
Thu Jan 5 21:14:05 2012 : Debug: including configuration file
/etc/freeradius/modules/etc_group
Thu Jan 5 21:14:05 2012 : Debug: including configuration file
/etc/freeradius/modules/pap
Thu Jan 5 21:14:05 2012 : Debug: including configuration file
/etc/freeradius/modules/logintime
Thu Jan 5 21:14:05 2012 : Debug: including configuration file
/etc/freeradius/modules/digest
Thu Jan 5 21:14:05 2012 : Debug: including configuration file
/etc/freeradius/eap.conf
Thu Jan 5 21:14:05 2012 : Debug: including configuration file
/etc/freeradius/policy.conf
Thu Jan 5 21:14:05 2012 : Debug: including files in directory
/etc/freeradius/sites-enabled/
Thu Jan 5 21:14:05 2012 : Debug: including configuration file
/etc/freeradius/sites-enabled/teste.iscte.pt
Thu Jan 5 21:14:05 2012 : Debug: including configuration file
/etc/freeradius/sites-available/default
Thu Jan 5 21:14:05 2012 : Debug: including configuration file
/etc/freeradius/sites-enabled/status
Thu Jan 5 21:14:05 2012 : Debug: including configuration file
/etc/freeradius/sites-enabled/default
Thu Jan 5 21:14:05 2012 : Debug: including configuration file
/etc/freeradius/sites-enabled/inner-tunnel
Thu Jan 5 21:14:05 2012 : Debug: main {
Thu Jan 5 21:14:05 2012 : Debug: user = "freerad"
Thu Jan 5 21:14:05 2012 : Debug: group = "freerad"
Thu Jan 5 21:14:05 2012 : Debug: allow_core_dumps = no
Thu Jan 5 21:14:05 2012 : Debug: }
Thu Jan 5 21:14:05 2012 : Debug: including dictionary file
/etc/freeradius/dictionary
Thu Jan 5 21:14:05 2012 : Debug: main {
Thu Jan 5 21:14:05 2012 : Debug: prefix = "/usr"
Thu Jan 5 21:14:05 2012 : Debug: localstatedir = "/var"
Thu Jan 5 21:14:05 2012 : Debug: logdir = "/var/log/freeradius"
Thu Jan 5 21:14:05 2012 : Debug: libdir = "/usr/lib/freeradius"
Thu Jan 5 21:14:05 2012 : Debug: radacctdir =
"/var/log/freeradius/radacct"
Thu Jan 5 21:14:05 2012 : Debug: hostname_lookups = no
Thu Jan 5 21:14:05 2012 : Debug: max_request_time = 30
Thu Jan 5 21:14:05 2012 : Debug: cleanup_delay = 5
Thu Jan 5 21:14:05 2012 : Debug: max_requests = 256000
Thu Jan 5 21:14:05 2012 : Debug: pidfile =
"/var/run/freeradius/freeradius.pid"
Thu Jan 5 21:14:05 2012 : Debug: checkrad = "/usr/sbin/checkrad"
Thu Jan 5 21:14:05 2012 : Debug: debug_level = 0
Thu Jan 5 21:14:05 2012 : Debug: proxy_requests = yes
Thu Jan 5 21:14:05 2012 : Debug: log {
Thu Jan 5 21:14:05 2012 : Debug: stripped_names = yes
Thu Jan 5 21:14:05 2012 : Debug: auth = yes
Thu Jan 5 21:14:05 2012 : Debug: auth_badpass = yes
Thu Jan 5 21:14:05 2012 : Debug: auth_goodpass = yes
Thu Jan 5 21:14:05 2012 : Debug: }
Thu Jan 5 21:14:05 2012 : Debug: security {
Thu Jan 5 21:14:05 2012 : Debug: max_attributes = 200
Thu Jan 5 21:14:05 2012 : Debug: reject_delay = 0
Thu Jan 5 21:14:05 2012 : Debug: status_server = yes
Thu Jan 5 21:14:05 2012 : Debug: }
Thu Jan 5 21:14:05 2012 : Debug: }
Thu Jan 5 21:14:05 2012 : Debug: radiusd: #### Loading Realms and Home Servers
####
Thu Jan 5 21:14:05 2012 : Debug: proxy server {
Thu Jan 5 21:14:05 2012 : Debug: retry_delay = 5
Thu Jan 5 21:14:05 2012 : Debug: retry_count = 1
Thu Jan 5 21:14:05 2012 : Debug: default_fallback = no
Thu Jan 5 21:14:05 2012 : Debug: dead_time = 120
Thu Jan 5 21:14:05 2012 : Debug: wake_all_if_all_dead = no
Thu Jan 5 21:14:05 2012 : Debug: }
Thu Jan 5 21:14:05 2012 : Debug: realm iscte.pt {
Thu Jan 5 21:14:05 2012 : Debug: authhost = LOCAL
Thu Jan 5 21:14:05 2012 : Debug: accthost = LOCAL
Thu Jan 5 21:14:05 2012 : Debug: }
Thu Jan 5 21:14:05 2012 : Debug: realm teste.iscte.pt {
Thu Jan 5 21:14:05 2012 : Debug: authhost = LOCAL
Thu Jan 5 21:14:05 2012 : Debug: accthost = LOCAL
Thu Jan 5 21:14:05 2012 : Debug: }
Thu Jan 5 21:14:05 2012 : Debug: realm NULL {
Thu Jan 5 21:14:05 2012 : Debug: }
Thu Jan 5 21:14:05 2012 : Debug: realm DEFAULT {
Thu Jan 5 21:14:05 2012 : Debug: nostrip
Thu Jan 5 21:14:05 2012 : Debug: authhost = 193.136.192.43:1812
Thu Jan 5 21:14:05 2012 : Debug: accthost = 193.136.192.43:1813
Thu Jan 5 21:14:05 2012 : Debug: secret = xxxxxxxxxx
Thu Jan 5 21:14:05 2012 : Debug: }
Thu Jan 5 21:14:05 2012 : Debug: realm DEFAULT {
Thu Jan 5 21:14:05 2012 : Debug: authhost = 193.136.192.44:1812
Thu Jan 5 21:14:05 2012 : Debug: accthost = 193.136.192.44:1813
Thu Jan 5 21:14:05 2012 : Debug: secret = xxxxxxxxxx
Thu Jan 5 21:14:05 2012 : Debug: } # realm DEFAULT
Thu Jan 5 21:14:05 2012 : Debug: radiusd: #### Loading Clients ####
Thu Jan 5 21:14:05 2012 : Debug: client localhost {
Thu Jan 5 21:14:05 2012 : Debug: ipaddr = 127.0.0.1
Thu Jan 5 21:14:05 2012 : Debug: require_message_authenticator = no
Thu Jan 5 21:14:05 2012 : Debug: secret = "xxxxxxx"
Thu Jan 5 21:14:05 2012 : Debug: nastype = "other"
Thu Jan 5 21:14:05 2012 : Debug: }
Thu Jan 5 21:14:05 2012 : Debug: client 193.136.188.36 {
Thu Jan 5 21:14:05 2012 : Debug: ipaddr = 193.136.188.36
Thu Jan 5 21:14:05 2012 : Debug: netmask = 32
Thu Jan 5 21:14:05 2012 : Debug: require_message_authenticator = no
Thu Jan 5 21:14:05 2012 : Debug: secret = "xxxxxxx"
Thu Jan 5 21:14:05 2012 : Debug: nastype = "other"
Thu Jan 5 21:14:05 2012 : Debug: }
Thu Jan 5 21:14:05 2012 : Debug: client 10.10.32.25 {
Thu Jan 5 21:14:05 2012 : Debug: ipaddr = 10.10.32.25
Thu Jan 5 21:14:05 2012 : Debug: netmask = 32
Thu Jan 5 21:14:05 2012 : Debug: require_message_authenticator = no
Thu Jan 5 21:14:05 2012 : Debug: secret = "xxxxxxxxx"
Thu Jan 5 21:14:05 2012 : Debug: nastype = "other"
Thu Jan 5 21:14:05 2012 : Debug: }
Thu Jan 5 21:14:05 2012 : Debug: client 10.10.66.18/32 {
Thu Jan 5 21:14:05 2012 : Debug: ipaddr = 10.10.66.18
Thu Jan 5 21:14:05 2012 : Debug: netmask = 32
Thu Jan 5 21:14:05 2012 : Debug: require_message_authenticator = no
Thu Jan 5 21:14:05 2012 : Debug: secret = "xxxxxxx"
Thu Jan 5 21:14:05 2012 : Debug: shortname = "nut"
Thu Jan 5 21:14:05 2012 : Debug: nastype = "other"
Thu Jan 5 21:14:05 2012 : Debug: }
Thu Jan 5 21:14:05 2012 : Debug: client 10.10.65.0/24 {
Thu Jan 5 21:14:05 2012 : Debug: require_message_authenticator = no
Thu Jan 5 21:14:05 2012 : Debug: secret = "xxxxxxx"
Thu Jan 5 21:14:05 2012 : Debug: shortname = "rede1_aps"
Thu Jan 5 21:14:05 2012 : Debug: nastype = "cisco"
Thu Jan 5 21:14:05 2012 : Debug: }
Thu Jan 5 21:14:05 2012 : Debug: client 10.10.66.0/24 {
Thu Jan 5 21:14:05 2012 : Debug: require_message_authenticator = no
Thu Jan 5 21:14:05 2012 : Debug: secret = "xxxxxx"
Thu Jan 5 21:14:05 2012 : Debug: shortname = "rede2_aps"
Thu Jan 5 21:14:05 2012 : Debug: nastype = "cisco"
Thu Jan 5 21:14:05 2012 : Debug: }
Thu Jan 5 21:14:05 2012 : Debug: client 10.10.32.0/22 {
Thu Jan 5 21:14:05 2012 : Debug: require_message_authenticator = no
Thu Jan 5 21:14:05 2012 : Debug: secret = "xxxxxx"
Thu Jan 5 21:14:05 2012 : Debug: shortname = "eduroam2"
Thu Jan 5 21:14:05 2012 : Debug: nastype = "other"
Thu Jan 5 21:14:05 2012 : Debug: }
Thu Jan 5 21:14:05 2012 : Debug: client 193.136.192.119 {
Thu Jan 5 21:14:05 2012 : Debug: require_message_authenticator = no
Thu Jan 5 21:14:05 2012 : Debug: secret = "xxxxxxx"
Thu Jan 5 21:14:05 2012 : Debug: shortname = "proxyNacional"
Thu Jan 5 21:14:05 2012 : Debug: }
Thu Jan 5 21:14:05 2012 : Debug: client 193.136.192.43 {
Thu Jan 5 21:14:05 2012 : Debug: require_message_authenticator = no
Thu Jan 5 21:14:05 2012 : Debug: secret = "xxxxxxxx"
Thu Jan 5 21:14:05 2012 : Debug: shortname = "proxyNacional1"
Thu Jan 5 21:14:05 2012 : Debug: }
Thu Jan 5 21:14:05 2012 : Debug: client 193.136.192.44 {
Thu Jan 5 21:14:05 2012 : Debug: require_message_authenticator = no
Thu Jan 5 21:14:05 2012 : Debug: secret = "xxxxxxx"
Thu Jan 5 21:14:05 2012 : Debug: shortname = "proxyNacional2"
Thu Jan 5 21:14:05 2012 : Debug: }
Thu Jan 5 21:14:05 2012 : Debug: radiusd: #### Instantiating modules ####
Thu Jan 5 21:14:05 2012 : Debug: instantiate {
Thu Jan 5 21:14:05 2012 : Debug: (Loaded rlm_exec, checking if it's valid)
Thu Jan 5 21:14:05 2012 : Debug: Module: Linked to module rlm_exec
Thu Jan 5 21:14:05 2012 : Debug: Module: Instantiating module "exec" from
file /etc/freeradius/modules/exec
Thu Jan 5 21:14:05 2012 : Debug: exec {
Thu Jan 5 21:14:05 2012 : Debug: wait = no
Thu Jan 5 21:14:05 2012 : Debug: input_pairs = "request"
Thu Jan 5 21:14:05 2012 : Debug: shell_escape = yes
Thu Jan 5 21:14:05 2012 : Debug: }
Thu Jan 5 21:14:05 2012 : Debug: (Loaded rlm_expr, checking if it's valid)
Thu Jan 5 21:14:05 2012 : Debug: Module: Linked to module rlm_expr
Thu Jan 5 21:14:05 2012 : Debug: Module: Instantiating module "expr" from
file /etc/freeradius/modules/expr
Thu Jan 5 21:14:05 2012 : Debug: (Loaded rlm_expiration, checking if it's
valid)
Thu Jan 5 21:14:05 2012 : Debug: Module: Linked to module rlm_expiration
Thu Jan 5 21:14:05 2012 : Debug: Module: Instantiating module "expiration"
from file /etc/freeradius/modules/expiration
Thu Jan 5 21:14:05 2012 : Debug: expiration {
Thu Jan 5 21:14:05 2012 : Debug: reply-message = "Password Has Expired "
Thu Jan 5 21:14:05 2012 : Debug: }
Thu Jan 5 21:14:05 2012 : Debug: (Loaded rlm_logintime, checking if it's
valid)
Thu Jan 5 21:14:05 2012 : Debug: Module: Linked to module rlm_logintime
Thu Jan 5 21:14:05 2012 : Debug: Module: Instantiating module "logintime"
from file /etc/freeradius/modules/logintime
Thu Jan 5 21:14:05 2012 : Debug: logintime {
Thu Jan 5 21:14:05 2012 : Debug: reply-message = "You are calling
outside your allowed timespan "
Thu Jan 5 21:14:05 2012 : Debug: minimum-timeout = 60
Thu Jan 5 21:14:05 2012 : Debug: }
Thu Jan 5 21:14:05 2012 : Debug: }
Thu Jan 5 21:14:05 2012 : Debug: radiusd: #### Loading Virtual Servers ####
Thu Jan 5 21:14:05 2012 : Debug: server teste.iscte.pt { # from file
/etc/freeradius/sites-enabled/teste.iscte.pt
Thu Jan 5 21:14:05 2012 : Debug: modules {
Thu Jan 5 21:14:05 2012 : Debug: Module: Checking authenticate {...} for more
modules to load
Thu Jan 5 21:14:05 2012 : Debug: (Loaded rlm_mschap, checking if it's
valid)
Thu Jan 5 21:14:05 2012 : Debug: Module: Linked to module rlm_mschap
Thu Jan 5 21:14:05 2012 : Debug: Module: Instantiating module "mschap" from
file /etc/freeradius/modules/mschap
Thu Jan 5 21:14:05 2012 : Debug: mschap {
Thu Jan 5 21:14:05 2012 : Debug: use_mppe = yes
Thu Jan 5 21:14:05 2012 : Debug: require_encryption = yes
Thu Jan 5 21:14:05 2012 : Debug: require_strong = yes
Thu Jan 5 21:14:05 2012 : Debug: with_ntdomain_hack = yes
Thu Jan 5 21:14:05 2012 : Debug: ntlm_auth = "/usr/bin/ntlm_auth
--request-nt-key --username=%{%{Stripped-User-Name}:-%{User-Name:-None}}
--challenge=%{mschap:Challenge:-00} --domain=IUL
--nt-response=%{mschap:NT-Response:-00}"
Thu Jan 5 21:14:05 2012 : Debug: }
Thu Jan 5 21:14:05 2012 : Debug: (Loaded rlm_eap, checking if it's valid)
Thu Jan 5 21:14:05 2012 : Debug: Module: Linked to module rlm_eap
Thu Jan 5 21:14:05 2012 : Debug: Module: Instantiating module "eap" from file
/etc/freeradius/eap.conf
Thu Jan 5 21:14:05 2012 : Debug: eap {
Thu Jan 5 21:14:05 2012 : Debug: default_eap_type = "peap"
Thu Jan 5 21:14:05 2012 : Debug: timer_expire = 60
Thu Jan 5 21:14:05 2012 : Debug: ignore_unknown_eap_types = no
Thu Jan 5 21:14:05 2012 : Debug: cisco_accounting_username_bug = no
Thu Jan 5 21:14:05 2012 : Debug: max_sessions = 4096
Thu Jan 5 21:14:05 2012 : Debug: }
Thu Jan 5 21:14:05 2012 : Debug: Module: Linked to sub-module rlm_eap_mschapv2
Thu Jan 5 21:14:05 2012 : Debug: Module: Instantiating eap-mschapv2
Thu Jan 5 21:14:05 2012 : Debug: mschapv2 {
Thu Jan 5 21:14:05 2012 : Debug: with_ntdomain_hack = no
Thu Jan 5 21:14:05 2012 : Debug: }
Thu Jan 5 21:14:05 2012 : Debug: Module: Linked to sub-module rlm_eap_tls
Thu Jan 5 21:14:05 2012 : Debug: Module: Instantiating eap-tls
Thu Jan 5 21:14:05 2012 : Debug: tls {
Thu Jan 5 21:14:05 2012 : Debug: rsa_key_exchange = no
Thu Jan 5 21:14:05 2012 : Debug: dh_key_exchange = yes
Thu Jan 5 21:14:05 2012 : Debug: rsa_key_length = 512
Thu Jan 5 21:14:05 2012 : Debug: dh_key_length = 512
Thu Jan 5 21:14:05 2012 : Debug: verify_depth = 0
Thu Jan 5 21:14:05 2012 : Debug: CA_path = "/etc/freeradius/certs"
Thu Jan 5 21:14:05 2012 : Debug: pem_file_type = yes
Thu Jan 5 21:14:05 2012 : Debug: private_key_file =
"/etc/freeradius/certs/server.key"
Thu Jan 5 21:14:05 2012 : Debug: certificate_file =
"/etc/freeradius/certs/server.pem"
Thu Jan 5 21:14:05 2012 : Debug: CA_file = "/etc/freeradius/certs/ca.pem"
Thu Jan 5 21:14:05 2012 : Debug: private_key_password = "xxxxxxxxx"
Thu Jan 5 21:14:05 2012 : Debug: dh_file = "/etc/freeradius/certs/dh"
Thu Jan 5 21:14:05 2012 : Debug: random_file = "/dev/urandom"
Thu Jan 5 21:14:05 2012 : Debug: fragment_size = 1024
Thu Jan 5 21:14:05 2012 : Debug: include_length = yes
Thu Jan 5 21:14:05 2012 : Debug: check_crl = no
Thu Jan 5 21:14:05 2012 : Debug: cipher_list = "DEFAULT"
Thu Jan 5 21:14:05 2012 : Debug: make_cert_command =
"/etc/freeradius/certs/bootstrap"
Thu Jan 5 21:14:05 2012 : Debug: cache {
Thu Jan 5 21:14:05 2012 : Debug: enable = no
Thu Jan 5 21:14:05 2012 : Debug: lifetime = 24
Thu Jan 5 21:14:05 2012 : Debug: max_entries = 255
Thu Jan 5 21:14:05 2012 : Debug: }
Thu Jan 5 21:14:05 2012 : Debug: verify {
Thu Jan 5 21:14:05 2012 : Debug: }
Thu Jan 5 21:14:05 2012 : Debug: }
Thu Jan 5 21:14:05 2012 : Debug: Module: Linked to sub-module rlm_eap_ttls
Thu Jan 5 21:14:05 2012 : Debug: Module: Instantiating eap-ttls
Thu Jan 5 21:14:05 2012 : Debug: ttls {
Thu Jan 5 21:14:05 2012 : Debug: default_eap_type = "mschapv2"
Thu Jan 5 21:14:05 2012 : Debug: copy_request_to_tunnel = yes
Thu Jan 5 21:14:05 2012 : Debug: use_tunneled_reply = yes
Thu Jan 5 21:14:05 2012 : Debug: virtual_server = "inner-tunnel"
Thu Jan 5 21:14:05 2012 : Debug: include_length = yes
Thu Jan 5 21:14:05 2012 : Debug: }
Thu Jan 5 21:14:05 2012 : Debug: Module: Linked to sub-module rlm_eap_peap
Thu Jan 5 21:14:05 2012 : Debug: Module: Instantiating eap-peap
Thu Jan 5 21:14:05 2012 : Debug: peap {
Thu Jan 5 21:14:05 2012 : Debug: default_eap_type = "mschapv2"
Thu Jan 5 21:14:05 2012 : Debug: copy_request_to_tunnel = yes
Thu Jan 5 21:14:05 2012 : Debug: use_tunneled_reply = yes
Thu Jan 5 21:14:05 2012 : Debug: proxy_tunneled_request_as_eap = yes
Thu Jan 5 21:14:05 2012 : Debug: virtual_server = "inner-tunnel"
Thu Jan 5 21:14:05 2012 : Debug: }
Thu Jan 5 21:14:05 2012 : Debug: Module: Linked to sub-module rlm_eap_mschapv2
Thu Jan 5 21:14:05 2012 : Debug: Module: Instantiating eap-mschapv2
Thu Jan 5 21:14:05 2012 : Debug: mschapv2 {
Thu Jan 5 21:14:05 2012 : Debug: with_ntdomain_hack = no
Thu Jan 5 21:14:05 2012 : Debug: }
Thu Jan 5 21:14:05 2012 : Debug: Module: Checking authorize {...} for more
modules to load
Thu Jan 5 21:14:05 2012 : Debug: (Loaded rlm_preprocess, checking if it's
valid)
Thu Jan 5 21:14:05 2012 : Debug: Module: Linked to module rlm_preprocess
Thu Jan 5 21:14:05 2012 : Debug: Module: Instantiating module "preprocess"
from file /etc/freeradius/modules/preprocess
Thu Jan 5 21:14:05 2012 : Debug: preprocess {
Thu Jan 5 21:14:05 2012 : Debug: huntgroups =
"/etc/freeradius/huntgroups"
Thu Jan 5 21:14:05 2012 : Debug: hints = "/etc/freeradius/hints"
Thu Jan 5 21:14:05 2012 : Debug: with_ascend_hack = no
Thu Jan 5 21:14:05 2012 : Debug: ascend_channels_per_line = 23
Thu Jan 5 21:14:05 2012 : Debug: with_ntdomain_hack = no
Thu Jan 5 21:14:05 2012 : Debug: with_specialix_jetstream_hack = no
Thu Jan 5 21:14:05 2012 : Debug: with_cisco_vsa_hack = no
Thu Jan 5 21:14:05 2012 : Debug: with_alvarion_vsa_hack = no
Thu Jan 5 21:14:05 2012 : Debug: }
Thu Jan 5 21:14:05 2012 : Debug: (Loaded rlm_detail, checking if it's
valid)
Thu Jan 5 21:14:05 2012 : Debug: Module: Linked to module rlm_detail
Thu Jan 5 21:14:05 2012 : Debug: Module: Instantiating module "auth_log" from
file /etc/freeradius/modules/detail.log
Thu Jan 5 21:14:05 2012 : Debug: detail auth_log {
Thu Jan 5 21:14:05 2012 : Debug: detailfile =
"/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d"
Thu Jan 5 21:14:05 2012 : Debug: header = "%t"
Thu Jan 5 21:14:05 2012 : Debug: detailperm = 384
Thu Jan 5 21:14:05 2012 : Debug: dirperm = 493
Thu Jan 5 21:14:05 2012 : Debug: locking = no
Thu Jan 5 21:14:05 2012 : Debug: log_packet_header = no
Thu Jan 5 21:14:05 2012 : Debug: }
Thu Jan 5 21:14:05 2012 : Debug: (Loaded rlm_realm, checking if it's valid)
Thu Jan 5 21:14:05 2012 : Debug: Module: Linked to module rlm_realm
Thu Jan 5 21:14:05 2012 : Debug: Module: Instantiating module "suffix" from
file /etc/freeradius/modules/realm
Thu Jan 5 21:14:05 2012 : Debug: realm suffix {
Thu Jan 5 21:14:05 2012 : Debug: format = "suffix"
Thu Jan 5 21:14:05 2012 : Debug: delimiter = "@"
Thu Jan 5 21:14:05 2012 : Debug: ignore_default = no
Thu Jan 5 21:14:05 2012 : Debug: ignore_null = no
Thu Jan 5 21:14:05 2012 : Debug: }
Thu Jan 5 21:14:05 2012 : Debug: (Loaded rlm_files, checking if it's valid)
Thu Jan 5 21:14:05 2012 : Debug: Module: Linked to module rlm_files
Thu Jan 5 21:14:05 2012 : Debug: Module: Instantiating module "files" from
file /etc/freeradius/modules/files
Thu Jan 5 21:14:05 2012 : Debug: files {
Thu Jan 5 21:14:05 2012 : Debug: usersfile = "/etc/freeradius/users"
Thu Jan 5 21:14:05 2012 : Debug: acctusersfile =
"/etc/freeradius/acct_users"
Thu Jan 5 21:14:05 2012 : Debug: preproxy_usersfile =
"/etc/freeradius/preproxy_users"
Thu Jan 5 21:14:05 2012 : Debug: compat = "no"
Thu Jan 5 21:14:05 2012 : Debug: }
Thu Jan 5 21:14:05 2012 : Debug: Module: Checking preacct {...} for more
modules to load
Thu Jan 5 21:14:05 2012 : Debug: Module: Checking accounting {...} for more
modules to load
Thu Jan 5 21:14:05 2012 : Debug: Module: Instantiating module "detail" from
file /etc/freeradius/modules/detail
Thu Jan 5 21:14:05 2012 : Debug: detail {
Thu Jan 5 21:14:05 2012 : Debug: detailfile =
"/var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
Thu Jan 5 21:14:05 2012 : Debug: header = "%t"
Thu Jan 5 21:14:05 2012 : Debug: detailperm = 384
Thu Jan 5 21:14:05 2012 : Debug: dirperm = 493
Thu Jan 5 21:14:05 2012 : Debug: locking = no
Thu Jan 5 21:14:05 2012 : Debug: log_packet_header = no
Thu Jan 5 21:14:05 2012 : Debug: }
Thu Jan 5 21:14:05 2012 : Debug: (Loaded rlm_counter, checking if it's
valid)
Thu Jan 5 21:14:05 2012 : Debug: Module: Linked to module rlm_counter
Thu Jan 5 21:14:05 2012 : Debug: Module: Instantiating module "daily" from
file /etc/freeradius/modules/counter
Thu Jan 5 21:14:05 2012 : Debug: counter daily {
Thu Jan 5 21:14:05 2012 : Debug: filename = "/etc/freeradius/db.daily"
Thu Jan 5 21:14:05 2012 : Debug: key = "User-Name"
Thu Jan 5 21:14:05 2012 : Debug: reset = "daily"
Thu Jan 5 21:14:05 2012 : Debug: count-attribute = "Acct-Session-Time"
Thu Jan 5 21:14:05 2012 : Debug: counter-name = "Daily-Session-Time"
Thu Jan 5 21:14:05 2012 : Debug: check-name = "Max-Daily-Session"
Thu Jan 5 21:14:05 2012 : Debug: reply-name = "Session-Timeout"
Thu Jan 5 21:14:05 2012 : Debug: allowed-servicetype = "Framed-User"
Thu Jan 5 21:14:05 2012 : Debug: cache-size = 5000
Thu Jan 5 21:14:05 2012 : Debug: }
Thu Jan 5 21:14:05 2012 : Debug: rlm_counter: Counter attribute
Daily-Session-Time is number 11273
Thu Jan 5 21:14:05 2012 : Debug: rlm_counter: Current Time: 1325798045
[2012-01-05 21:14:05], Next reset 1325808000 [2012-01-06 00:00:00]
Thu Jan 5 21:14:05 2012 : Debug: (Loaded rlm_radutmp, checking if it's
valid)
Thu Jan 5 21:14:05 2012 : Debug: Module: Linked to module rlm_radutmp
Thu Jan 5 21:14:05 2012 : Debug: Module: Instantiating module "radutmp" from
file /etc/freeradius/modules/radutmp
Thu Jan 5 21:14:05 2012 : Debug: radutmp {
Thu Jan 5 21:14:05 2012 : Debug: filename = "/var/log/freeradius/radutmp"
Thu Jan 5 21:14:05 2012 : Debug: username = "%{User-Name}"
Thu Jan 5 21:14:05 2012 : Debug: case_sensitive = yes
Thu Jan 5 21:14:05 2012 : Debug: check_with_nas = yes
Thu Jan 5 21:14:05 2012 : Debug: perm = 384
Thu Jan 5 21:14:05 2012 : Debug: callerid = yes
Thu Jan 5 21:14:05 2012 : Debug: }
Thu Jan 5 21:14:05 2012 : Debug: Module: Instantiating module "sradutmp" from
file /etc/freeradius/modules/sradutmp
Thu Jan 5 21:14:05 2012 : Debug: radutmp sradutmp {
Thu Jan 5 21:14:05 2012 : Debug: filename =
"/var/log/freeradius/sradutmp"
Thu Jan 5 21:14:05 2012 : Debug: username = "%{User-Name}"
Thu Jan 5 21:14:05 2012 : Debug: case_sensitive = yes
Thu Jan 5 21:14:05 2012 : Debug: check_with_nas = yes
Thu Jan 5 21:14:05 2012 : Debug: perm = 420
Thu Jan 5 21:14:05 2012 : Debug: callerid = no
Thu Jan 5 21:14:05 2012 : Debug: }
Thu Jan 5 21:14:05 2012 : Debug: (Loaded rlm_always, checking if it's
valid)
Thu Jan 5 21:14:05 2012 : Debug: Module: Linked to module rlm_always
Thu Jan 5 21:14:05 2012 : Debug: Module: Instantiating module "ok" from file
/etc/freeradius/modules/always
Thu Jan 5 21:14:05 2012 : Debug: always ok {
Thu Jan 5 21:14:05 2012 : Debug: rcode = "ok"
Thu Jan 5 21:14:05 2012 : Debug: simulcount = 0
Thu Jan 5 21:14:05 2012 : Debug: mpp = no
Thu Jan 5 21:14:05 2012 : Debug: }
Thu Jan 5 21:14:05 2012 : Debug: (Loaded rlm_attr_filter, checking if it's
valid)
Thu Jan 5 21:14:05 2012 : Debug: Module: Linked to module rlm_attr_filter
Thu Jan 5 21:14:05 2012 : Debug: Module: Instantiating module
"attr_filter.accounting_response" from file /etc/freeradius/modules/attr_filter
Thu Jan 5 21:14:05 2012 : Debug: attr_filter attr_filter.accounting_response
{
Thu Jan 5 21:14:05 2012 : Debug: attrsfile =
"/etc/freeradius/attrs.accounting_response"
Thu Jan 5 21:14:05 2012 : Debug: key = "%{User-Name}"
Thu Jan 5 21:14:05 2012 : Debug: }
Thu Jan 5 21:14:05 2012 : Debug: Module: Checking session {...} for more
modules to load
Thu Jan 5 21:14:05 2012 : Debug: Module: Checking pre-proxy {...} for more
modules to load
Thu Jan 5 21:14:05 2012 : Debug: Module: Instantiating module "pre_proxy_log"
from file /etc/freeradius/modules/detail.log
Thu Jan 5 21:14:05 2012 : Debug: detail pre_proxy_log {
Thu Jan 5 21:14:05 2012 : Debug: detailfile =
"/var/log/freeradius/radacct/%{Client-IP-Address}/pre-proxy-detail-%Y%m%d"
Thu Jan 5 21:14:05 2012 : Debug: header = "%t"
Thu Jan 5 21:14:05 2012 : Debug: detailperm = 384
Thu Jan 5 21:14:05 2012 : Debug: dirperm = 493
Thu Jan 5 21:14:05 2012 : Debug: locking = no
Thu Jan 5 21:14:05 2012 : Debug: log_packet_header = no
Thu Jan 5 21:14:05 2012 : Debug: }
Thu Jan 5 21:14:05 2012 : Debug: Module: Checking post-proxy {...} for more
modules to load
Thu Jan 5 21:14:05 2012 : Debug: Module: Instantiating module
"post_proxy_log" from file /etc/freeradius/modules/detail.log
Thu Jan 5 21:14:05 2012 : Debug: detail post_proxy_log {
Thu Jan 5 21:14:05 2012 : Debug: detailfile =
"/var/log/freeradius/radacct/%{Client-IP-Address}/post-proxy-detail-%Y%m%d"
Thu Jan 5 21:14:05 2012 : Debug: header = "%t"
Thu Jan 5 21:14:05 2012 : Debug: detailperm = 384
Thu Jan 5 21:14:05 2012 : Debug: dirperm = 493
Thu Jan 5 21:14:05 2012 : Debug: locking = no
Thu Jan 5 21:14:05 2012 : Debug: log_packet_header = no
Thu Jan 5 21:14:05 2012 : Debug: }
Thu Jan 5 21:14:05 2012 : Debug: Module: Checking post-auth {...} for more
modules to load
Thu Jan 5 21:14:05 2012 : Debug: Module: Instantiating module "reply_log"
from file /etc/freeradius/modules/detail.log
Thu Jan 5 21:14:05 2012 : Debug: detail reply_log {
Thu Jan 5 21:14:05 2012 : Debug: detailfile =
"/var/log/freeradius/radacct/%{Client-IP-Address}/reply-detail-%Y%m%d"
Thu Jan 5 21:14:05 2012 : Debug: header = "%t"
Thu Jan 5 21:14:05 2012 : Debug: detailperm = 384
Thu Jan 5 21:14:05 2012 : Debug: dirperm = 493
Thu Jan 5 21:14:05 2012 : Debug: locking = no
Thu Jan 5 21:14:05 2012 : Debug: log_packet_header = no
Thu Jan 5 21:14:05 2012 : Debug: }
Thu Jan 5 21:14:05 2012 : Debug: (Loaded rlm_linelog, checking if it's
valid)
Thu Jan 5 21:14:05 2012 : Debug: Module: Linked to module rlm_linelog
Thu Jan 5 21:14:05 2012 : Debug: Module: Instantiating module "f_ticks" from
file /etc/freeradius/modules/f_ticks
Thu Jan 5 21:14:05 2012 : Debug: linelog f_ticks {
Thu Jan 5 21:14:05 2012 : Debug: filename = "syslog"
Thu Jan 5 21:14:05 2012 : Debug: format = ""
Thu Jan 5 21:14:05 2012 : Debug: reference =
"f_ticks.%{%{reply:Packet-Type}:-format}"
Thu Jan 5 21:14:05 2012 : Debug: }
Thu Jan 5 21:14:05 2012 : Debug: Module: Instantiating module
"attr_filter.access_reject" from file /etc/freeradius/modules/attr_filter
Thu Jan 5 21:14:05 2012 : Debug: attr_filter attr_filter.access_reject {
Thu Jan 5 21:14:05 2012 : Debug: attrsfile =
"/etc/freeradius/attrs.access_reject"
Thu Jan 5 21:14:05 2012 : Debug: key = "%{User-Name}"
Thu Jan 5 21:14:05 2012 : Debug: }
Thu Jan 5 21:14:05 2012 : Debug: } # modules
Thu Jan 5 21:14:05 2012 : Debug: } # server
Thu Jan 5 21:14:05 2012 : Debug: server status { # from file
/etc/freeradius/sites-enabled/status
Thu Jan 5 21:14:05 2012 : Debug: modules {
Thu Jan 5 21:14:05 2012 : Debug: Module: Checking authorize {...} for more
modules to load
Thu Jan 5 21:14:05 2012 : Debug: } # modules
Thu Jan 5 21:14:05 2012 : Debug: } # server
Thu Jan 5 21:14:05 2012 : Debug: server inner-tunnel { # from file
/etc/freeradius/sites-enabled/inner-tunnel
Thu Jan 5 21:14:05 2012 : Debug: modules {
Thu Jan 5 21:14:05 2012 : Debug: Module: Checking authenticate {...} for more
modules to load
Thu Jan 5 21:14:05 2012 : Debug: Module: Checking authorize {...} for more
modules to load
Thu Jan 5 21:14:05 2012 : Debug: Module: Checking session {...} for more
modules to load
Thu Jan 5 21:14:05 2012 : Debug: Module: Checking post-auth {...} for more
modules to load
Thu Jan 5 21:14:05 2012 : Debug: (Loaded rlm_ldap, checking if it's valid)
Thu Jan 5 21:14:05 2012 : Debug: Module: Linked to module rlm_ldap
Thu Jan 5 21:14:05 2012 : Debug: Module: Instantiating module "ldap" from
file /etc/freeradius/modules/ldap
Thu Jan 5 21:14:05 2012 : Debug: ldap {
Thu Jan 5 21:14:05 2012 : Debug: server = "x.x.x.x"
Thu Jan 5 21:14:05 2012 : Debug: port = 389
Thu Jan 5 21:14:05 2012 : Debug: password = "xxxxx"
Thu Jan 5 21:14:05 2012 : Debug: identity =
"CN=xxxxx,CN=Users,DC=xxxx,DC=xxxxx"
Thu Jan 5 21:14:05 2012 : Debug: net_timeout = 10
Thu Jan 5 21:14:05 2012 : Debug: timeout = 4
Thu Jan 5 21:14:05 2012 : Debug: timelimit = 3
Thu Jan 5 21:14:05 2012 : Debug: tls_mode = no
Thu Jan 5 21:14:05 2012 : Debug: start_tls = no
Thu Jan 5 21:14:05 2012 : Debug: tls_require_cert = "allow"
Thu Jan 5 21:14:05 2012 : Debug: tls {
Thu Jan 5 21:14:05 2012 : Debug: start_tls = no
Thu Jan 5 21:14:05 2012 : Debug: require_cert = "allow"
Thu Jan 5 21:14:05 2012 : Debug: }
Thu Jan 5 21:14:05 2012 : Debug: basedn = "cn=Users,dc=xxxxx,dc=xxxxx"
Thu Jan 5 21:14:05 2012 : Debug: filter =
"(sAMAccountName=%{%{Stripped-User-Name}:-%{User-Name}})"
Thu Jan 5 21:14:05 2012 : Debug: base_filter =
"(objectclass=radiusprofile)"
Thu Jan 5 21:14:05 2012 : Debug: auto_header = no
Thu Jan 5 21:14:05 2012 : Debug: access_attr_used_for_allow = yes
Thu Jan 5 21:14:05 2012 : Debug: rebind = yes
Thu Jan 5 21:14:05 2012 : Debug: groupname_attribute = "sAMAccountName"
Thu Jan 5 21:14:05 2012 : Debug: groupmembership_filter =
"(sAMAccountName=%{%{Stripped-User-Name}:-%{User-Name}})"
Thu Jan 5 21:14:05 2012 : Debug: groupmembership_attribute = "memberOf"
Thu Jan 5 21:14:05 2012 : Debug: dictionary_mapping =
"/etc/freeradius/ldap.attrmap"
Thu Jan 5 21:14:05 2012 : Debug: ldap_debug = 0
Thu Jan 5 21:14:05 2012 : Debug: ldap_connections_number = 5
Thu Jan 5 21:14:05 2012 : Debug: compare_check_items = no
Thu Jan 5 21:14:05 2012 : Debug: do_xlat = yes
Thu Jan 5 21:14:05 2012 : Debug: edir_account_policy_check = no
Thu Jan 5 21:14:05 2012 : Debug: set_auth_type = no
Thu Jan 5 21:14:05 2012 : Debug: }
Thu Jan 5 21:14:05 2012 : Debug: rlm_ldap: Registering ldap_groupcmp for
Ldap-Group
Thu Jan 5 21:14:05 2012 : Debug: rlm_ldap: Registering ldap_xlat with
xlat_name ldap
Thu Jan 5 21:14:05 2012 : Debug: rlm_ldap: reading ldap<->radius mappings from
file /etc/freeradius/ldap.attrmap
Thu Jan 5 21:14:05 2012 : Debug: rlm_ldap: LDAP radiusCheckItem mapped to
RADIUS $GENERIC$
Thu Jan 5 21:14:05 2012 : Debug: rlm_ldap: LDAP radiusReplyItem mapped to
RADIUS $GENERIC$
Thu Jan 5 21:14:05 2012 : Debug: rlm_ldap: LDAP radiusAuthType mapped to
RADIUS Auth-Type
Thu Jan 5 21:14:05 2012 : Debug: rlm_ldap: LDAP radiusSimultaneousUse mapped
to RADIUS Simultaneous-Use
Thu Jan 5 21:14:05 2012 : Debug: rlm_ldap: LDAP radiusCalledStationId mapped
to RADIUS Called-Station-Id
Thu Jan 5 21:14:05 2012 : Debug: rlm_ldap: LDAP radiusCallingStationId mapped
to RADIUS Calling-Station-Id
Thu Jan 5 21:14:05 2012 : Debug: rlm_ldap: LDAP lmPassword mapped to RADIUS
LM-Password
Thu Jan 5 21:14:05 2012 : Debug: rlm_ldap: LDAP ntPassword mapped to RADIUS
NT-Password
Thu Jan 5 21:14:05 2012 : Debug: rlm_ldap: LDAP sambaLmPassword mapped to
RADIUS LM-Password
Thu Jan 5 21:14:05 2012 : Debug: rlm_ldap: LDAP sambaNtPassword mapped to
RADIUS NT-Password
Thu Jan 5 21:14:05 2012 : Debug: rlm_ldap: LDAP dBCSPwd mapped to RADIUS
LM-Password
Thu Jan 5 21:14:05 2012 : Debug: rlm_ldap: LDAP userPassword mapped to RADIUS
Password-With-Header
Thu Jan 5 21:14:05 2012 : Debug: rlm_ldap: LDAP acctFlags mapped to RADIUS
SMB-Account-CTRL-TEXT
Thu Jan 5 21:14:05 2012 : Debug: rlm_ldap: LDAP radiusExpiration mapped to
RADIUS Expiration
Thu Jan 5 21:14:05 2012 : Debug: rlm_ldap: LDAP radiusNASIpAddress mapped to
RADIUS NAS-IP-Address
Thu Jan 5 21:14:05 2012 : Debug: rlm_ldap: LDAP radiusServiceType mapped to
RADIUS Service-Type
Thu Jan 5 21:14:05 2012 : Debug: rlm_ldap: LDAP radiusFramedProtocol mapped to
RADIUS Framed-Protocol
Thu Jan 5 21:14:05 2012 : Debug: rlm_ldap: LDAP radiusFramedIPAddress mapped
to RADIUS Framed-IP-Address
Thu Jan 5 21:14:05 2012 : Debug: rlm_ldap: LDAP radiusFramedIPNetmask mapped
to RADIUS Framed-IP-Netmask
Thu Jan 5 21:14:05 2012 : Debug: rlm_ldap: LDAP radiusFramedRoute mapped to
RADIUS Framed-Route
Thu Jan 5 21:14:05 2012 : Debug: rlm_ldap: LDAP radiusFramedRouting mapped to
RADIUS Framed-Routing
Thu Jan 5 21:14:05 2012 : Debug: rlm_ldap: LDAP radiusFilterId mapped to
RADIUS Filter-Id
Thu Jan 5 21:14:05 2012 : Debug: rlm_ldap: LDAP radiusFramedMTU mapped to
RADIUS Framed-MTU
Thu Jan 5 21:14:05 2012 : Debug: rlm_ldap: LDAP radiusFramedCompression mapped
to RADIUS Framed-Compression
Thu Jan 5 21:14:05 2012 : Debug: rlm_ldap: LDAP radiusLoginIPHost mapped to
RADIUS Login-IP-Host
Thu Jan 5 21:14:05 2012 : Debug: rlm_ldap: LDAP radiusLoginService mapped to
RADIUS Login-Service
Thu Jan 5 21:14:05 2012 : Debug: rlm_ldap: LDAP radiusLoginTCPPort mapped to
RADIUS Login-TCP-Port
Thu Jan 5 21:14:05 2012 : Debug: rlm_ldap: LDAP radiusCallbackNumber mapped to
RADIUS Callback-Number
Thu Jan 5 21:14:05 2012 : Debug: rlm_ldap: LDAP radiusCallbackId mapped to
RADIUS Callback-Id
Thu Jan 5 21:14:05 2012 : Debug: rlm_ldap: LDAP radiusFramedIPXNetwork mapped
to RADIUS Framed-IPX-Network
Thu Jan 5 21:14:05 2012 : Debug: rlm_ldap: LDAP radiusClass mapped to RADIUS
Class
Thu Jan 5 21:14:05 2012 : Debug: rlm_ldap: LDAP radiusSessionTimeout mapped to
RADIUS Session-Timeout
Thu Jan 5 21:14:05 2012 : Debug: rlm_ldap: LDAP radiusIdleTimeout mapped to
RADIUS Idle-Timeout
Thu Jan 5 21:14:05 2012 : Debug: rlm_ldap: LDAP radiusTerminationAction mapped
to RADIUS Termination-Action
Thu Jan 5 21:14:05 2012 : Debug: rlm_ldap: LDAP radiusLoginLATService mapped
to RADIUS Login-LAT-Service
Thu Jan 5 21:14:05 2012 : Debug: rlm_ldap: LDAP radiusLoginLATNode mapped to
RADIUS Login-LAT-Node
Thu Jan 5 21:14:05 2012 : Debug: rlm_ldap: LDAP radiusLoginLATGroup mapped to
RADIUS Login-LAT-Group
Thu Jan 5 21:14:05 2012 : Debug: rlm_ldap: LDAP radiusFramedAppleTalkLink
mapped to RADIUS Framed-AppleTalk-Link
Thu Jan 5 21:14:05 2012 : Debug: rlm_ldap: LDAP radiusFramedAppleTalkNetwork
mapped to RADIUS Framed-AppleTalk-Network
Thu Jan 5 21:14:05 2012 : Debug: rlm_ldap: LDAP radiusFramedAppleTalkZone
mapped to RADIUS Framed-AppleTalk-Zone
Thu Jan 5 21:14:05 2012 : Debug: rlm_ldap: LDAP radiusPortLimit mapped to
RADIUS Port-Limit
Thu Jan 5 21:14:05 2012 : Debug: rlm_ldap: LDAP radiusLoginLATPort mapped to
RADIUS Login-LAT-Port
Thu Jan 5 21:14:05 2012 : Debug: rlm_ldap: LDAP radiusReplyMessage mapped to
RADIUS Reply-Message
Thu Jan 5 21:14:05 2012 : Debug: rlm_ldap: LDAP radiusTunnelType mapped to
RADIUS Tunnel-Type
Thu Jan 5 21:14:05 2012 : Debug: rlm_ldap: LDAP radiusTunnelMediumType mapped
to RADIUS Tunnel-Medium-Type
Thu Jan 5 21:14:05 2012 : Debug: rlm_ldap: LDAP radiusTunnelPrivateGroupId
mapped to RADIUS Tunnel-Private-Group-Id
Thu Jan 5 21:14:05 2012 : Debug: conns: 0x97a3e38
Thu Jan 5 21:14:05 2012 : Debug: } # modules
Thu Jan 5 21:14:05 2012 : Debug: } # server
Thu Jan 5 21:14:05 2012 : Debug: server { # from file
/etc/freeradius/radiusd.conf
Thu Jan 5 21:14:05 2012 : Debug: modules {
Thu Jan 5 21:14:05 2012 : Debug: Module: Checking authenticate {...} for more
modules to load
Thu Jan 5 21:14:05 2012 : Debug: Module: Checking authorize {...} for more
modules to load
Thu Jan 5 21:14:05 2012 : Debug: Module: Checking preacct {...} for more
modules to load
Thu Jan 5 21:14:05 2012 : Debug: Module: Checking accounting {...} for more
modules to load
Thu Jan 5 21:14:05 2012 : Debug: Module: Checking session {...} for more
modules to load
Thu Jan 5 21:14:05 2012 : Debug: Module: Checking pre-proxy {...} for more
modules to load
Thu Jan 5 21:14:05 2012 : Debug: Module: Checking post-proxy {...} for more
modules to load
Thu Jan 5 21:14:05 2012 : Debug: Module: Checking post-auth {...} for more
modules to load
Thu Jan 5 21:14:05 2012 : Debug: } # modules
Thu Jan 5 21:14:05 2012 : Debug: } # server
Thu Jan 5 21:14:05 2012 : Debug: radiusd: #### Opening IP addresses and Ports
####
Thu Jan 5 21:14:05 2012 : Debug: listen {
Thu Jan 5 21:14:05 2012 : Debug: type = "auth"
Thu Jan 5 21:14:05 2012 : Debug: ipaddr = 10.10.32.25
Thu Jan 5 21:14:05 2012 : Debug: port = 0
Thu Jan 5 21:14:05 2012 : Debug: }
Thu Jan 5 21:14:05 2012 : Debug: listen {
Thu Jan 5 21:14:05 2012 : Debug: type = "acct"
Thu Jan 5 21:14:05 2012 : Debug: ipaddr = 10.10.32.25
Thu Jan 5 21:14:05 2012 : Debug: port = 0
Thu Jan 5 21:14:05 2012 : Debug: }
Thu Jan 5 21:14:05 2012 : Debug: listen {
Thu Jan 5 21:14:05 2012 : Debug: type = "auth"
Thu Jan 5 21:14:05 2012 : Debug: ipaddr = 193.136.188.36
Thu Jan 5 21:14:05 2012 : Debug: port = 0
Thu Jan 5 21:14:05 2012 : Debug: }
Thu Jan 5 21:14:05 2012 : Debug: listen {
Thu Jan 5 21:14:05 2012 : Debug: type = "acct"
Thu Jan 5 21:14:05 2012 : Debug: ipaddr = 193.136.188.36
Thu Jan 5 21:14:05 2012 : Debug: port = 0
Thu Jan 5 21:14:05 2012 : Debug: }
Thu Jan 5 21:14:05 2012 : Debug: listen {
Thu Jan 5 21:14:05 2012 : Debug: type = "status"
Thu Jan 5 21:14:05 2012 : Debug: ipaddr = *
Thu Jan 5 21:14:05 2012 : Debug: port = 18120
Thu Jan 5 21:14:05 2012 : Debug: client admin {
Thu Jan 5 21:14:05 2012 : Debug: ipaddr = 127.0.0.1
Thu Jan 5 21:14:05 2012 : Debug: require_message_authenticator = no
Thu Jan 5 21:14:05 2012 : Debug: secret = "xxxxxxx"
Thu Jan 5 21:14:05 2012 : Debug: }
Thu Jan 5 21:14:05 2012 : Debug: client admin2 {
Thu Jan 5 21:14:05 2012 : Debug: ipaddr = 10.10.32.35
Thu Jan 5 21:14:05 2012 : Debug: require_message_authenticator = no
Thu Jan 5 21:14:05 2012 : Debug: secret = "xxxxxx"
Thu Jan 5 21:14:05 2012 : Debug: }
Thu Jan 5 21:14:05 2012 : Debug: }
Thu Jan 5 21:14:05 2012 : Debug: listen {
Thu Jan 5 21:14:05 2012 : Debug: type = "auth"
Thu Jan 5 21:14:05 2012 : Debug: ipaddr = 127.0.0.1
Thu Jan 5 21:14:05 2012 : Debug: port = 1812
Thu Jan 5 21:14:05 2012 : Debug: }
Thu Jan 5 21:14:05 2012 : Debug: listen {
Thu Jan 5 21:14:05 2012 : Debug: type = "acct"
Thu Jan 5 21:14:05 2012 : Debug: ipaddr = 127.0.0.1
Thu Jan 5 21:14:05 2012 : Debug: port = 1813
Thu Jan 5 21:14:05 2012 : Debug: }
Thu Jan 5 21:14:05 2012 : Debug: Listening on authentication address
10.10.32.25 port 1812
Thu Jan 5 21:14:05 2012 : Debug: Listening on accounting interface eth0
address 10.10.32.25 port 1813
Thu Jan 5 21:14:05 2012 : Debug: Listening on authentication address
193.136.188.36 port 1812 as server teste.iscte.pt
Thu Jan 5 21:14:05 2012 : Debug: Listening on accounting address
193.136.188.36 port 1813 as server teste.iscte.pt
Thu Jan 5 21:14:05 2012 : Debug: Listening on status address * port 18120 as
server status
Thu Jan 5 21:14:05 2012 : Debug: Listening on authentication address 127.0.0.1
port 1812 as server inner-tunnel
Thu Jan 5 21:14:05 2012 : Debug: Listening on accounting address 127.0.0.1
port 1813 as server inner-tunnel
Thu Jan 5 21:14:05 2012 : Debug: Listening on proxy address 10.10.32.25 port
1814
Thu Jan 5 21:14:05 2012 : Info: Ready to process requests.
rad_recv: Access-Request packet from host 10.10.65.135 port 46611, id=93,
length=184
User-Name = "is...@roam.fccn.pt"
NAS-IP-Address = 10.10.65.135
NAS-Port = 400
Called-Station-Id = "00-0F-7D-39-2A-12:eduroam2"
Calling-Station-Id = "60-C5-47-8B-FF-46"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 13Mbps/6Mbps 802.11n"
EAP-Message = 0x020f001701697363746540726f616d2e6663636e2e7074
Message-Authenticator = 0x2012955096623bb33854fc25a46b8cde
Thu Jan 5 21:14:08 2012 : Info: # Executing section authorize from file
/etc/freeradius/sites-enabled/default
Thu Jan 5 21:14:08 2012 : Info: +- entering group authorize {...}
Thu Jan 5 21:14:08 2012 : Info: ++[preprocess] returns ok
Thu Jan 5 21:14:08 2012 : Info: [auth_log] expand:
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/var/log/freeradius/radacct/10.10.65.135/auth-detail-20120105
Thu Jan 5 21:14:08 2012 : Info: [auth_log]
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to
/var/log/freeradius/radacct/10.10.65.135/auth-detail-20120105
Thu Jan 5 21:14:08 2012 : Info: [auth_log] expand: %t -> Thu Jan 5
21:14:08 2012
Thu Jan 5 21:14:08 2012 : Info: ++[auth_log] returns ok
Thu Jan 5 21:14:08 2012 : Info: ++[mschap] returns noop
Thu Jan 5 21:14:08 2012 : Info: [eap] EAP packet type response id 15 length 23
Thu Jan 5 21:14:08 2012 : Info: [eap] No EAP Start, assuming it's an on-going
EAP conversation
Thu Jan 5 21:14:08 2012 : Info: ++[eap] returns updated
Thu Jan 5 21:14:08 2012 : Info: [suffix] Looking up realm "roam.fccn.pt" for
User-Name = "is...@roam.fccn.pt"
Thu Jan 5 21:14:08 2012 : Info: [suffix] Found realm "DEFAULT"
Thu Jan 5 21:14:08 2012 : Info: [suffix] Adding Realm = "DEFAULT"
Thu Jan 5 21:14:08 2012 : Info: [suffix] Proxying request from user iscte to
realm DEFAULT
Thu Jan 5 21:14:08 2012 : Info: [suffix] Preparing to proxy authentication
request to realm "DEFAULT"
Thu Jan 5 21:14:08 2012 : Info: ++[suffix] returns updated
Thu Jan 5 21:14:08 2012 : Info: ++[files] returns noop
Thu Jan 5 21:14:08 2012 : Info: ++[expiration] returns noop
Thu Jan 5 21:14:08 2012 : Info: ++[logintime] returns noop
Thu Jan 5 21:14:08 2012 : Info: # Executing section pre-proxy from file
/etc/freeradius/sites-enabled/default
Thu Jan 5 21:14:08 2012 : Info: +- entering group pre-proxy {...}
Thu Jan 5 21:14:08 2012 : Info: [pre_proxy_log] expand:
/var/log/freeradius/radacct/%{Client-IP-Address}/pre-proxy-detail-%Y%m%d ->
/var/log/freeradius/radacct/10.10.65.135/pre-proxy-detail-20120105
Thu Jan 5 21:14:08 2012 : Info: [pre_proxy_log]
/var/log/freeradius/radacct/%{Client-IP-Address}/pre-proxy-detail-%Y%m%d
expands to /var/log/freeradius/radacct/10.10.65.135/pre-proxy-detail-20120105
Thu Jan 5 21:14:08 2012 : Info: [pre_proxy_log] expand: %t -> Thu Jan
5 21:14:08 2012
Thu Jan 5 21:14:08 2012 : Info: ++[pre_proxy_log] returns ok
Sending Access-Request of id 4 to 193.136.192.43 port 1812
User-Name = "is...@roam.fccn.pt"
NAS-IP-Address = 10.10.65.135
NAS-Port = 400
Called-Station-Id = "00-0F-7D-39-2A-12:eduroam2"
Calling-Station-Id = "60-C5-47-8B-FF-46"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 13Mbps/6Mbps 802.11n"
EAP-Message = 0x020f001701697363746540726f616d2e6663636e2e7074
Message-Authenticator = 0x00000000000000000000000000000000
Proxy-State = 0x3933
Thu Jan 5 21:14:08 2012 : Info: Proxying request 0 to home server
193.136.192.43 port 1812
Sending Access-Request of id 4 to 193.136.192.43 port 1812
User-Name = "is...@roam.fccn.pt"
NAS-IP-Address = 10.10.65.135
NAS-Port = 400
Called-Station-Id = "00-0F-7D-39-2A-12:eduroam2"
Calling-Station-Id = "60-C5-47-8B-FF-46"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 13Mbps/6Mbps 802.11n"
EAP-Message = 0x020f001701697363746540726f616d2e6663636e2e7074
Message-Authenticator = 0x00000000000000000000000000000000
Proxy-State = 0x3933
Thu Jan 5 21:14:08 2012 : Debug: Going to the next request
Thu Jan 5 21:14:08 2012 : Debug: Waking up in 0.9 seconds.
Thu Jan 5 21:14:09 2012 : Debug: Waking up in 2.9 seconds.
Thu Jan 5 21:14:12 2012 : Error: ASSERT FAILED event.c[1181]: "We do not have
threads, but the request is marked as queued or running in a child thread" ==
NULL
Aborted
radius:/home/rui#
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
