radiusdX.log - pfSense Packages - pfSense bugtracker

Bug #12126 » radiusdX.log

radius -X logs - Alexis Pellicier, 08/24/2021 03:07 AM

       FreeRADIUS Version 3.0.22
       Copyright (C) 1999-2021 The FreeRADIUS server project and contributors
       There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
       PARTICULAR PURPOSE
       You may redistribute copies of FreeRADIUS under the terms of the
       GNU General Public License
       For more information about these matters, see the file named COPYRIGHT
       Starting - reading configuration files ...
       including dictionary file /usr/local/share/freeradius/dictionary
       including dictionary file /usr/local/share/freeradius/dictionary.dhcp
       including dictionary file /usr/local/share/freeradius/dictionary.vqp
       including dictionary file /usr/local/etc/raddb/dictionary
       including configuration file /usr/local/etc/raddb/radiusd.conf
       including configuration file /usr/local/etc/raddb/clients.conf
       including files in directory /usr/local/etc/raddb/mods-enabled/
       including configuration file /usr/local/etc/raddb/mods-enabled/attr_filter
       including configuration file /usr/local/etc/raddb/mods-enabled/cache_eap
       including configuration file /usr/local/etc/raddb/mods-enabled/chap
       including configuration file /usr/local/etc/raddb/mods-enabled/date
       including configuration file /usr/local/etc/raddb/mods-enabled/detail
       including configuration file /usr/local/etc/raddb/mods-enabled/detail.log
       including configuration file /usr/local/etc/raddb/mods-enabled/digest
       including configuration file /usr/local/etc/raddb/mods-enabled/dynamic_clients
       including configuration file /usr/local/etc/raddb/mods-enabled/eap
       including configuration file /usr/local/etc/raddb/mods-enabled/echo
       including configuration file /usr/local/etc/raddb/mods-enabled/exec
       including configuration file /usr/local/etc/raddb/mods-enabled/expiration
       including configuration file /usr/local/etc/raddb/mods-enabled/expr
       including configuration file /usr/local/etc/raddb/mods-enabled/files
       including configuration file /usr/local/etc/raddb/mods-enabled/linelog
       including configuration file /usr/local/etc/raddb/mods-enabled/logintime
       including configuration file /usr/local/etc/raddb/mods-enabled/mschap
       including configuration file /usr/local/etc/raddb/mods-enabled/realm
       including configuration file /usr/local/etc/raddb/mods-enabled/pap
       including configuration file /usr/local/etc/raddb/mods-enabled/passwd
       including configuration file /usr/local/etc/raddb/mods-enabled/preprocess
       including configuration file /usr/local/etc/raddb/mods-enabled/radutmp
       including configuration file /usr/local/etc/raddb/mods-enabled/sql
       including configuration file /usr/local/etc/raddb/mods-config/sql/main/mysql/queries.conf
       including configuration file /usr/local/etc/raddb/mods-enabled/replicate
       including configuration file /usr/local/etc/raddb/mods-enabled/soh
       including configuration file /usr/local/etc/raddb/mods-enabled/sradutmp
       including configuration file /usr/local/etc/raddb/mods-enabled/unix
       including configuration file /usr/local/etc/raddb/mods-enabled/unpack
       including configuration file /usr/local/etc/raddb/mods-enabled/utf8
       including configuration file /usr/local/etc/raddb/mods-enabled/always
       including configuration file /usr/local/etc/raddb/mods-enabled/motp
       including configuration file /usr/local/etc/raddb/mods-enabled/googleauth
       including configuration file /usr/local/etc/raddb/mods-enabled/datacounter_acct
       including configuration file /usr/local/etc/raddb/mods-enabled/sqlcounter
       including configuration file /usr/local/etc/raddb/mods-config/sql/counter/mysql/dailycounter.conf
       including configuration file /usr/local/etc/raddb/mods-config/sql/counter/mysql/monthlycounter.conf
       including configuration file /usr/local/etc/raddb/mods-config/sql/counter/mysql/noresetcounter.conf
       including configuration file /usr/local/etc/raddb/mods-config/sql/counter/mysql/expire_on_login.conf
       including files in directory /usr/local/etc/raddb/policy.d/
       including configuration file /usr/local/etc/raddb/policy.d/accounting
       including configuration file /usr/local/etc/raddb/policy.d/canonicalization
       including configuration file /usr/local/etc/raddb/policy.d/control
       including configuration file /usr/local/etc/raddb/policy.d/cui
       including configuration file /usr/local/etc/raddb/policy.d/debug
       including configuration file /usr/local/etc/raddb/policy.d/dhcp
       including configuration file /usr/local/etc/raddb/policy.d/eap
       including configuration file /usr/local/etc/raddb/policy.d/filter
       including configuration file /usr/local/etc/raddb/policy.d/moonshot-targeted-ids
       including configuration file /usr/local/etc/raddb/policy.d/operator-name
       including configuration file /usr/local/etc/raddb/policy.d/rfc7542
       including configuration file /usr/local/etc/raddb/policy.d/abfab-tr
       including configuration file /usr/local/etc/raddb/policy.d/pfs_custom_policies
       including files in directory /usr/local/etc/raddb/sites-enabled/
       including configuration file /usr/local/etc/raddb/sites-enabled/default
       including configuration file /usr/local/etc/raddb/sites-enabled/inner-tunnel-ttls
       including configuration file /usr/local/etc/raddb/sites-enabled/inner-tunnel-peap
       main {
        security {
        	allow_core_dumps = no
+       }
       	name = "radiusd"
       	prefix = "/usr/local"
       	localstatedir = "/var"
       	logdir = "/var/log"
       	run_dir = "/var/run"
+      }
       main {
       	name = "radiusd"
       	prefix = "/usr/local"
       	localstatedir = "/var"
       	sbindir = "/usr/local/sbin"
       	logdir = "/var/log"
       	run_dir = "/var/run"
       	libdir = "/usr/local/lib/freeradius-3.0.22"
       	radacctdir = "/var/log/radacct"
       	hostname_lookups = no
       	max_request_time = 30
       	cleanup_delay = 5
       	max_requests = 1024
       	pidfile = "/var/run/radiusd.pid"
       	checkrad = "/usr/local/sbin/checkrad"
       	debug_level = 0
       	proxy_requests = yes
        log {
        	stripped_names = no
        	auth = yes
        	auth_badpass = no
        	auth_goodpass = no
        	msg_badpass = ""
        	msg_goodpass = ""
        	colourise = yes
        	msg_denied = "You are already logged in - access denied"
+       }
        resources {
+       }
        security {
        	max_attributes = 200
        	reject_delay = 1.000000
        	status_server = no
+       }
+      }
       radiusd: #### Loading Realms and Home Servers ####
       radiusd: #### Loading Clients ####
        client pfsense {
        	ipaddr = 127.0.0.1
        	require_message_authenticator = no
        	secret = <<< secret >>>
        	shortname = "pfsense"
         limit {
         	max_connections = 16
         	lifetime = 0
         	idle_timeout = 30
+        }
+       }
       Debugger not attached
        # Creating Auth-Type = mschap
        # Creating Auth-Type = digest
        # Creating Auth-Type = eap
        # Creating Auth-Type = PAP
        # Creating Auth-Type = CHAP
        # Creating Auth-Type = MS-CHAP
        # Creating Auth-Type = MOTP
        # Creating Auth-Type = GOOGLEAUTH
        # Creating Autz-Type = Status-Server
        # Creating Acct-Type = Status-Server
       radiusd: #### Instantiating modules ####
        modules {
         # Loaded module rlm_attr_filter
         # Loading module "attr_filter.post-proxy" from file /usr/local/etc/raddb/mods-enabled/attr_filter
         attr_filter attr_filter.post-proxy {
         	filename = "/usr/local/etc/raddb/mods-config/attr_filter/post-proxy"
         	key = "%{Realm}"
         	relaxed = no
+        }
         # Loading module "attr_filter.pre-proxy" from file /usr/local/etc/raddb/mods-enabled/attr_filter
         attr_filter attr_filter.pre-proxy {
         	filename = "/usr/local/etc/raddb/mods-config/attr_filter/pre-proxy"
         	key = "%{Realm}"
         	relaxed = no
+        }
         # Loading module "attr_filter.access_reject" from file /usr/local/etc/raddb/mods-enabled/attr_filter
         attr_filter attr_filter.access_reject {
         	filename = "/usr/local/etc/raddb/mods-config/attr_filter/access_reject"
         	key = "%{User-Name}"
         	relaxed = no
+        }
         # Loading module "attr_filter.access_challenge" from file /usr/local/etc/raddb/mods-enabled/attr_filter
         attr_filter attr_filter.access_challenge {
         	filename = "/usr/local/etc/raddb/mods-config/attr_filter/access_challenge"
         	key = "%{User-Name}"
         	relaxed = no
+        }
         # Loading module "attr_filter.accounting_response" from file /usr/local/etc/raddb/mods-enabled/attr_filter
         attr_filter attr_filter.accounting_response {
         	filename = "/usr/local/etc/raddb/mods-config/attr_filter/accounting_response"
         	key = "%{User-Name}"
         	relaxed = no
+        }
         # Loading module "attr_filter.coa" from file /usr/local/etc/raddb/mods-enabled/attr_filter
         attr_filter attr_filter.coa {
         	filename = "/usr/local/etc/raddb/mods-config/attr_filter/coa"
         	key = "%{User-Name}"
         	relaxed = no
+        }
         # Loaded module rlm_cache
         # Loading module "cache_eap" from file /usr/local/etc/raddb/mods-enabled/cache_eap
         cache cache_eap {
         	driver = "rlm_cache_rbtree"
         	key = "%{%{control:State}:-%{%{reply:State}:-%{State}}}"
         	ttl = 15
         	max_entries = 0
         	epoch = 0
         	add_stats = no
+        }
         # Loaded module rlm_chap
         # Loading module "chap" from file /usr/local/etc/raddb/mods-enabled/chap
         # Loaded module rlm_date
         # Loading module "date" from file /usr/local/etc/raddb/mods-enabled/date
         date {
         	format = "%b %e %Y %H:%M:%S %Z"
         	utc = no
+        }
         # Loading module "wispr2date" from file /usr/local/etc/raddb/mods-enabled/date
         date wispr2date {
         	format = "%Y-%m-%dT%H:%M:%S"
         	utc = no
+        }
         # Loaded module rlm_detail
         # Loading module "detail" from file /usr/local/etc/raddb/mods-enabled/detail
         detail {
         	filename = "/var/log/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d"
         	header = "%t"
         	permissions = 384
         	locking = no
         	escape_filenames = no
         	log_packet_header = no
+        }
         # Loading module "auth_log" from file /usr/local/etc/raddb/mods-enabled/detail.log
         detail auth_log {
         	filename = "/var/log/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d"
         	header = "%t"
         	permissions = 384
         	locking = no
         	escape_filenames = no
         	log_packet_header = no
+        }
         # Loading module "reply_log" from file /usr/local/etc/raddb/mods-enabled/detail.log
         detail reply_log {
         	filename = "/var/log/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/reply-detail-%Y%m%d"
         	header = "%t"
         	permissions = 384
         	locking = no
         	escape_filenames = no
         	log_packet_header = no
+        }
         # Loading module "pre_proxy_log" from file /usr/local/etc/raddb/mods-enabled/detail.log
         detail pre_proxy_log {
         	filename = "/var/log/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/pre-proxy-detail-%Y%m%d"
         	header = "%t"
         	permissions = 384
         	locking = no
         	escape_filenames = no
         	log_packet_header = no
+        }
         # Loading module "post_proxy_log" from file /usr/local/etc/raddb/mods-enabled/detail.log
         detail post_proxy_log {
         	filename = "/var/log/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/post-proxy-detail-%Y%m%d"
         	header = "%t"
         	permissions = 384
         	locking = no
         	escape_filenames = no
         	log_packet_header = no
+        }
         # Loaded module rlm_digest
         # Loading module "digest" from file /usr/local/etc/raddb/mods-enabled/digest
         # Loaded module rlm_dynamic_clients
         # Loading module "dynamic_clients" from file /usr/local/etc/raddb/mods-enabled/dynamic_clients
         # Loaded module rlm_eap
         # Loading module "eap" from file /usr/local/etc/raddb/mods-enabled/eap
         eap {
         	default_eap_type = "md5"
         	timer_expire = 60
         	ignore_unknown_eap_types = no
         	cisco_accounting_username_bug = no
         	max_sessions = 4096
+        }
         # Loaded module rlm_exec
         # Loading module "echo" from file /usr/local/etc/raddb/mods-enabled/echo
         exec echo {
         	wait = yes
         	program = "/bin/echo %{User-Name}"
         	input_pairs = "request"
         	output_pairs = "reply"
         	shell_escape = yes
+        }
         # Loading module "exec" from file /usr/local/etc/raddb/mods-enabled/exec
         exec {
         	wait = no
         	input_pairs = "request"
         	shell_escape = yes
         	timeout = 10
+        }
         # Loaded module rlm_expiration
         # Loading module "expiration" from file /usr/local/etc/raddb/mods-enabled/expiration
         # Loaded module rlm_expr
         # Loading module "expr" from file /usr/local/etc/raddb/mods-enabled/expr
         expr {
         	safe_characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /äéöüàâæçèéêëîïôœùûüaÿÄÉÖÜßÀÂÆÇÈÉÊËÎÏÔŒÙÛÜŸ"
+        }
         # Loaded module rlm_files
         # Loading module "files" from file /usr/local/etc/raddb/mods-enabled/files
         files {
         	filename = "/usr/local/etc/raddb/mods-config/files/authorize"
         	acctusersfile = "/usr/local/etc/raddb/mods-config/files/accounting"
         	preproxy_usersfile = "/usr/local/etc/raddb/mods-config/files/pre-proxy"
+        }
         # Loaded module rlm_linelog
         # Loading module "linelog" from file /usr/local/etc/raddb/mods-enabled/linelog
         linelog {
         	filename = "/var/log/linelog"
         	escape_filenames = no
         	syslog_severity = "info"
         	permissions = 384
         	format = "This is a log message for %{User-Name}"
         	reference = "messages.%{%{reply:Packet-Type}:-default}"
+        }
         # Loading module "log_accounting" from file /usr/local/etc/raddb/mods-enabled/linelog
         linelog log_accounting {
         	filename = "/var/log/linelog-accounting"
         	escape_filenames = no
         	syslog_severity = "info"
         	permissions = 384
         	format = ""
         	reference = "Accounting-Request.%{%{Acct-Status-Type}:-unknown}"
+        }
         # Loaded module rlm_logintime
         # Loading module "logintime" from file /usr/local/etc/raddb/mods-enabled/logintime
         logintime {
         	minimum_timeout = 60
+        }
         # Loaded module rlm_mschap
         # Loading module "mschap" from file /usr/local/etc/raddb/mods-enabled/mschap
         mschap {
         	use_mppe = yes
         	require_encryption = no
         	require_strong = no
         	with_ntdomain_hack = yes
          passchange {
+         }
         	allow_retry = yes
         	winbind_retry_with_normalised_username = no
+        }
         # Loaded module rlm_realm
         # Loading module "IPASS" from file /usr/local/etc/raddb/mods-enabled/realm
         realm IPASS {
         	format = "prefix"
         	delimiter = "/"
         	ignore_default = no
         	ignore_null = yes
+        }
         # Loading module "suffix" from file /usr/local/etc/raddb/mods-enabled/realm
         realm suffix {
         	format = "suffix"
         	delimiter = "@"
         	ignore_default = no
         	ignore_null = yes
+        }
         # Loading module "realmpercent" from file /usr/local/etc/raddb/mods-enabled/realm
         realm realmpercent {
         	format = "suffix"
         	delimiter = "%"
         	ignore_default = no
         	ignore_null = yes
+        }
         # Loading module "ntdomain" from file /usr/local/etc/raddb/mods-enabled/realm
         realm ntdomain {
         	format = "prefix"
         	delimiter = "\"
         	ignore_default = no
         	ignore_null = yes
+        }
         # Loaded module rlm_pap
         # Loading module "pap" from file /usr/local/etc/raddb/mods-enabled/pap
         pap {
         	normalise = yes
+        }
         # Loaded module rlm_passwd
         # Loading module "etc_passwd" from file /usr/local/etc/raddb/mods-enabled/passwd
         passwd etc_passwd {
         	filename = "/etc/passwd"
         	format = "*User-Name:Crypt-Password:"
         	delimiter = ":"
         	ignore_nislike = no
         	ignore_empty = yes
         	allow_multiple_keys = no
         	hash_size = 100
+        }
         # Loaded module rlm_preprocess
         # Loading module "preprocess" from file /usr/local/etc/raddb/mods-enabled/preprocess
         preprocess {
         	huntgroups = "/usr/local/etc/raddb/mods-config/preprocess/huntgroups"
         	hints = "/usr/local/etc/raddb/mods-config/preprocess/hints"
         	with_ascend_hack = no
         	ascend_channels_per_line = 23
         	with_ntdomain_hack = no
         	with_specialix_jetstream_hack = no
         	with_cisco_vsa_hack = no
         	with_alvarion_vsa_hack = no
+        }
         # Loaded module rlm_radutmp
         # Loading module "radutmp" from file /usr/local/etc/raddb/mods-enabled/radutmp
         radutmp {
         	filename = "/var/log/radutmp"
         	username = "%{User-Name}"
         	case_sensitive = yes
         	check_with_nas = yes
         	permissions = 384
         	caller_id = yes
+        }
         # Loaded module rlm_sql
         # Loading module "sql1" from file /usr/local/etc/raddb/mods-enabled/sql
         sql sql1 {
         	driver = "rlm_sql_mysql"
         	server = "10.168.0.194"
         	port = 3306
         	login = "radius"
         	password = <<< secret >>>
         	radius_db = "radius"
         	read_groups = yes
         	read_profiles = yes
         	read_clients = yes
         	delete_stale_sessions = yes
         	sql_user_name = "%{User-Name}"
         	logfile = "/var/log/sqltrace.sql"
         	default_user_profile = ""
         	client_query = "SELECT id, nasname, shortname, type, secret, server FROM nas"
         	authorize_check_query = "SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id"
         	authorize_reply_query = "SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id"
         	authorize_group_check_query = "SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{sql1-SQL-Group}' ORDER BY id"
         	authorize_group_reply_query = "SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{sql1-SQL-Group}' ORDER BY id"
         	group_membership_query = "SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority"
         	simul_count_query = "SELECT COUNT(*) FROM radacct WHERE username = '%{SQL-User-Name}' AND acctstoptime IS NULL"
         	simul_verify_query = "SELECT radacctid, acctsessionid, username, nasipaddress, nasportid, framedipaddress, callingstationid, framedprotocol FROM radacct WHERE username = '%{SQL-User-Name}' AND acctstoptime IS NULL"
         	safe_characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
         	auto_escape = no
          accounting {
          	reference = "%{tolower:type.%{%{Acct-Status-Type}:-%{Request-Processing-Stage}}.query}"
           type {
            accounting-on {
            	query = "UPDATE radacct SET acctstoptime = FROM_UNIXTIME(%{%{integer:Event-Timestamp}:-%l}), acctsessiontime	= '%{%{integer:Event-Timestamp}:-%l}' - UNIX_TIMESTAMP(acctstarttime), acctterminatecause = '%{%{Acct-Terminate-Cause}:-NAS-Reboot}' WHERE acctstoptime IS NULL AND nasipaddress   = '%{NAS-IP-Address}' AND acctstarttime <= FROM_UNIXTIME(%{%{integer:Event-Timestamp}:-%l})"
+           }
            accounting-off {
            	query = "UPDATE radacct SET acctstoptime = FROM_UNIXTIME(%{%{integer:Event-Timestamp}:-%l}), acctsessiontime	= '%{%{integer:Event-Timestamp}:-%l}' - UNIX_TIMESTAMP(acctstarttime), acctterminatecause = '%{%{Acct-Terminate-Cause}:-NAS-Reboot}' WHERE acctstoptime IS NULL AND nasipaddress   = '%{NAS-IP-Address}' AND acctstarttime <= FROM_UNIXTIME(%{%{integer:Event-Timestamp}:-%l})"
+           }
            start {
            	query = "INSERT INTO radacct (acctsessionid,		acctuniqueid,		username, realm,			nasipaddress,		nasportid, nasporttype,		acctstarttime,		acctupdatetime, acctstoptime,		acctsessiontime, 	acctauthentic, connectinfo_start,	connectinfo_stop, 	acctinputoctets, acctoutputoctets,	calledstationid, 	callingstationid, acctterminatecause,	servicetype,		framedprotocol, framedipaddress,	framedipv6address,	framedipv6prefix, framedinterfaceid,	delegatedipv6prefix) VALUES ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{%{NAS-Port-ID}:-%{NAS-Port}}', '%{NAS-Port-Type}', FROM_UNIXTIME(%{%{integer:Event-Timestamp}:-%l}), FROM_UNIXTIME(%{%{integer:Event-Timestamp}:-%l}), NULL, '0', '%{Acct-Authentic}', '%{Connect-Info}', '', '0', '0', '%{Called-Station-Id}', '%{Calling-Station-Id}', '', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '%{Framed-IPv6-Address}', '%{Framed-IPv6-Prefix}', '%{Framed-Interface-Id}', '%{Delegated-IPv6-Prefix}')"
+           }
            interim-update {
            	query = "UPDATE radacct SET acctupdatetime  = (@acctupdatetime_old:=acctupdatetime), acctupdatetime  = FROM_UNIXTIME(%{%{integer:Event-Timestamp}:-%l}), acctinterval    = %{%{integer:Event-Timestamp}:-%l} - UNIX_TIMESTAMP(@acctupdatetime_old), framedipaddress = '%{Framed-IP-Address}', framedipv6address = '%{Framed-IPv6-Address}', framedipv6prefix = '%{Framed-IPv6-Prefix}', framedinterfaceid = '%{Framed-Interface-Id}', delegatedipv6prefix = '%{Delegated-IPv6-Prefix}', acctsessiontime = %{%{Acct-Session-Time}:-NULL}, acctinputoctets = '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}' WHERE AcctUniqueId = '%{Acct-Unique-Session-Id}'"
+           }
            stop {
            	query = "UPDATE radacct SET acctstoptime	= FROM_UNIXTIME(%{%{integer:Event-Timestamp}:-%l}), acctsessiontime	= %{%{Acct-Session-Time}:-NULL}, acctinputoctets	= '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}', acctterminatecause = '%{Acct-Terminate-Cause}', connectinfo_stop = '%{Connect-Info}' WHERE AcctUniqueId = '%{Acct-Unique-Session-Id}'"
+           }
+          }
+         }
          post-auth {
          	reference = ".query"
          	query = "INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{SQL-User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S.%M')"
+         }
+        }
       rlm_sql (sql1): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked
       Creating attribute sql1-SQL-Group
         # Loaded module rlm_replicate
         # Loading module "replicate" from file /usr/local/etc/raddb/mods-enabled/replicate
         # Loaded module rlm_soh
         # Loading module "soh" from file /usr/local/etc/raddb/mods-enabled/soh
         soh {
         	dhcp = yes
+        }
         # Loading module "sradutmp" from file /usr/local/etc/raddb/mods-enabled/sradutmp
         radutmp sradutmp {
         	filename = "/var/log/sradutmp"
         	username = "%{User-Name}"
         	case_sensitive = yes
         	check_with_nas = yes
         	permissions = 420
         	caller_id = no
+        }
         # Loaded module rlm_unix
         # Loading module "unix" from file /usr/local/etc/raddb/mods-enabled/unix
         unix {
         	radwtmp = "/var/log/radwtmp"
+        }
       Creating attribute Unix-Group
         # Loaded module rlm_unpack
         # Loading module "unpack" from file /usr/local/etc/raddb/mods-enabled/unpack
         # Loaded module rlm_utf8
         # Loading module "utf8" from file /usr/local/etc/raddb/mods-enabled/utf8
         # Loaded module rlm_always
         # Loading module "reject" from file /usr/local/etc/raddb/mods-enabled/always
         always reject {
         	rcode = "reject"
         	simulcount = 0
         	mpp = no
+        }
         # Loading module "fail" from file /usr/local/etc/raddb/mods-enabled/always
         always fail {
         	rcode = "fail"
         	simulcount = 0
         	mpp = no
+        }
         # Loading module "ok" from file /usr/local/etc/raddb/mods-enabled/always
         always ok {
         	rcode = "ok"
         	simulcount = 0
         	mpp = no
+        }
         # Loading module "handled" from file /usr/local/etc/raddb/mods-enabled/always
         always handled {
         	rcode = "handled"
         	simulcount = 0
         	mpp = no
+        }
         # Loading module "invalid" from file /usr/local/etc/raddb/mods-enabled/always
         always invalid {
         	rcode = "invalid"
         	simulcount = 0
         	mpp = no
+        }
         # Loading module "userlock" from file /usr/local/etc/raddb/mods-enabled/always
         always userlock {
         	rcode = "userlock"
         	simulcount = 0
         	mpp = no
+        }
         # Loading module "notfound" from file /usr/local/etc/raddb/mods-enabled/always
         always notfound {
         	rcode = "notfound"
         	simulcount = 0
         	mpp = no
+        }
         # Loading module "noop" from file /usr/local/etc/raddb/mods-enabled/always
         always noop {
         	rcode = "noop"
         	simulcount = 0
         	mpp = no
+        }
         # Loading module "updated" from file /usr/local/etc/raddb/mods-enabled/always
         always updated {
         	rcode = "updated"
         	simulcount = 0
         	mpp = no
+        }
         # Loading module "motp" from file /usr/local/etc/raddb/mods-enabled/motp
         exec motp {
         	wait = yes
         	program = "/usr/local/bin/bash /usr/local/etc/raddb/scripts/otpverify.sh %{request:User-Name} %{request:User-Password} %{reply:MOTP-Init-Secret} %{reply:MOTP-PIN} %{reply:MOTP-Offset}"
         	shell_escape = yes
+        }
         # Loading module "googleauth" from file /usr/local/etc/raddb/mods-enabled/googleauth
         exec googleauth {
         	wait = yes
         	program = "/usr/local/etc/raddb/scripts/googleauth.py %{request:User-Name} %{reply:MOTP-Init-Secret} %{reply:MOTP-PIN} %{request:User-Password}"
         	shell_escape = yes
+        }
         # Loading module "datacounterdaily" from file /usr/local/etc/raddb/mods-enabled/datacounter_acct
         exec datacounterdaily {
         	wait = yes
         	program = "/bin/sh /usr/local/etc/raddb/scripts/datacounter_acct.sh %{request:User-Name} daily %{request:Acct-Input-Octets} %{request:Acct-Output-Octets} %{request:Acct-Status-Type} %{request:Acct-Session-Id}"
         	shell_escape = yes
+        }
         # Loading module "datacounterweekly" from file /usr/local/etc/raddb/mods-enabled/datacounter_acct
         exec datacounterweekly {
         	wait = yes
         	program = "/bin/sh /usr/local/etc/raddb/scripts/datacounter_acct.sh %{request:User-Name} weekly %{request:Acct-Input-Octets} %{request:Acct-Output-Octets} %{request:Acct-Status-Type} %{request:Acct-Session-Id}"
         	shell_escape = yes
+        }
         # Loading module "datacountermonthly" from file /usr/local/etc/raddb/mods-enabled/datacounter_acct
         exec datacountermonthly {
         	wait = yes
         	program = "/bin/sh /usr/local/etc/raddb/scripts/datacounter_acct.sh %{request:User-Name} monthly %{request:Acct-Input-Octets} %{request:Acct-Output-Octets} %{request:Acct-Status-Type} %{request:Acct-Session-Id}"
         	shell_escape = yes
+        }
         # Loading module "datacounterforever" from file /usr/local/etc/raddb/mods-enabled/datacounter_acct
         exec datacounterforever {
         	wait = yes
         	program = "/bin/sh /usr/local/etc/raddb/scripts/datacounter_acct.sh %{request:User-Name} forever %{request:Acct-Input-Octets} %{request:Acct-Output-Octets} %{request:Acct-Status-Type} %{request:Acct-Session-Id}"
         	shell_escape = yes
+        }
         # Loaded module rlm_sqlcounter
         # Loading module "dailycounter" from file /usr/local/etc/raddb/mods-enabled/sqlcounter
         sqlcounter dailycounter {
         	sql_module_instance = "sql"
         	key = "User-Name"
         	query = "SELECT SUM(acctsessiontime - GREATEST((%%b - UNIX_TIMESTAMP(acctstarttime)), 0)) FROM radacct WHERE username = '%{User-Name}' AND UNIX_TIMESTAMP(acctstarttime) + acctsessiontime > '%%b'"
         	reset = "daily"
         	counter_name = "Daily-Session-Time"
         	check_name = "Max-Daily-Session"
         	reply_name = "Session-Timeout"
+        }
         # Loading module "monthlycounter" from file /usr/local/etc/raddb/mods-enabled/sqlcounter
         sqlcounter monthlycounter {
         	sql_module_instance = "sql"
         	key = "User-Name"
         	query = "SELECT SUM(acctsessiontime - GREATEST((%%b - UNIX_TIMESTAMP(acctstarttime)), 0)) FROM radacct WHERE username='%{User-Name}' AND UNIX_TIMESTAMP(acctstarttime) + acctsessiontime > '%%b'"
         	reset = "monthly"
         	counter_name = "Monthly-Session-Time"
         	check_name = "Max-Monthly-Session"
         	reply_name = "Session-Timeout"
+        }
         # Loading module "noresetcounter" from file /usr/local/etc/raddb/mods-enabled/sqlcounter
         sqlcounter noresetcounter {
         	sql_module_instance = "sql"
         	key = "User-Name"
         	query = "SELECT IFNULL(SUM(AcctSessionTime),0) FROM radacct WHERE UserName='%{User-Name}'"
         	reset = "never"
         	counter_name = "Max-All-Session-Time"
         	check_name = "Max-All-Session"
         	reply_name = "Session-Timeout"
+        }
         # Loading module "expire_on_login" from file /usr/local/etc/raddb/mods-enabled/sqlcounter
         sqlcounter expire_on_login {
         	sql_module_instance = "sql"
         	key = "User-Name"
         	query = "SELECT IFNULL( MAX(TIME_TO_SEC(TIMEDIFF(NOW(), acctstarttime))),0) FROM radacct WHERE UserName='%{User-Name}' ORDER BY acctstarttime LIMIT 1;"
         	reset = "never"
         	counter_name = "Expire-After-Initial-Login"
         	check_name = "Expire-After"
         	reply_name = "Session-Timeout"
+        }
         instantiate {
         # Instantiating module "expiration" from file /usr/local/etc/raddb/mods-enabled/expiration
         # Instantiating module "logintime" from file /usr/local/etc/raddb/mods-enabled/logintime
         # Instantiating module "sql1" from file /usr/local/etc/raddb/mods-enabled/sql
       rlm_sql_mysql: libmysql version: 5.7.34
          mysql {
           tls {
           	tls_required = no
           	check_cert = no
           	check_cert_cn = no
+          }
          	warnings = "auto"
+         }
       rlm_sql (sql1): Attempting to connect to database "radius"
       rlm_sql (sql1): Initialising connection pool
          pool {
          	start = 5
          	min = 3
          	max = 5
          	spare = 10
          	uses = 0
          	lifetime = 0
          	cleanup_interval = 30
          	idle_timeout = 60
          	retry_delay = 60
          	spread = no
+         }
       Ignoring "spare = 10", forcing to "spare = 2"
       rlm_sql (sql1): Opening additional connection (0), 1 of 5 pending slots used
       rlm_sql_mysql: Starting connect to MySQL server
       rlm_sql_mysql: Connected to database 'radius' on 10.168.0.194 via TCP/IP, server version 5.5.5-10.5.8-MariaDB, protocol version 10
       rlm_sql (sql1): Opening additional connection (1), 1 of 4 pending slots used
       rlm_sql_mysql: Starting connect to MySQL server
       rlm_sql_mysql: Connected to database 'radius' on 10.168.0.194 via TCP/IP, server version 5.5.5-10.5.8-MariaDB, protocol version 10
       rlm_sql (sql1): Opening additional connection (2), 1 of 3 pending slots used
       rlm_sql_mysql: Starting connect to MySQL server
       rlm_sql_mysql: Connected to database 'radius' on 10.168.0.194 via TCP/IP, server version 5.5.5-10.5.8-MariaDB, protocol version 10
       rlm_sql (sql1): Opening additional connection (3), 1 of 2 pending slots used
       rlm_sql_mysql: Starting connect to MySQL server
       rlm_sql_mysql: Connected to database 'radius' on 10.168.0.194 via TCP/IP, server version 5.5.5-10.5.8-MariaDB, protocol version 10
       rlm_sql (sql1): Opening additional connection (4), 1 of 1 pending slots used
       rlm_sql_mysql: Starting connect to MySQL server
       rlm_sql_mysql: Connected to database 'radius' on 10.168.0.194 via TCP/IP, server version 5.5.5-10.5.8-MariaDB, protocol version 10
       rlm_sql (sql1): Processing generate_sql_clients
       rlm_sql (sql1) in generate_sql_clients: query is SELECT id, nasname, shortname, type, secret, server FROM nas
       rlm_sql (sql1): Reserved connection (0)
       rlm_sql (sql1): Executing select query: SELECT id, nasname, shortname, type, secret, server FROM nas
       rlm_sql (sql1): Adding client 10.168.0.194 (devil) to global clients list
       rlm_sql (10.168.0.194): Client "devil" (sql1) added
       rlm_sql (sql1): Released connection (0)
+        }
         # Instantiating module "attr_filter.post-proxy" from file /usr/local/etc/raddb/mods-enabled/attr_filter
       reading pairlist file /usr/local/etc/raddb/mods-config/attr_filter/post-proxy
         # Instantiating module "attr_filter.pre-proxy" from file /usr/local/etc/raddb/mods-enabled/attr_filter
       reading pairlist file /usr/local/etc/raddb/mods-config/attr_filter/pre-proxy
         # Instantiating module "attr_filter.access_reject" from file /usr/local/etc/raddb/mods-enabled/attr_filter
       reading pairlist file /usr/local/etc/raddb/mods-config/attr_filter/access_reject
         # Instantiating module "attr_filter.access_challenge" from file /usr/local/etc/raddb/mods-enabled/attr_filter
       reading pairlist file /usr/local/etc/raddb/mods-config/attr_filter/access_challenge
         # Instantiating module "attr_filter.accounting_response" from file /usr/local/etc/raddb/mods-enabled/attr_filter
       reading pairlist file /usr/local/etc/raddb/mods-config/attr_filter/accounting_response
         # Instantiating module "attr_filter.coa" from file /usr/local/etc/raddb/mods-enabled/attr_filter
       reading pairlist file /usr/local/etc/raddb/mods-config/attr_filter/coa
         # Instantiating module "cache_eap" from file /usr/local/etc/raddb/mods-enabled/cache_eap
       rlm_cache (cache_eap): Driver rlm_cache_rbtree (module rlm_cache_rbtree) loaded and linked
         # Instantiating module "detail" from file /usr/local/etc/raddb/mods-enabled/detail
         # Instantiating module "auth_log" from file /usr/local/etc/raddb/mods-enabled/detail.log
       rlm_detail (auth_log): 'User-Password' suppressed, will not appear in detail output
         # Instantiating module "reply_log" from file /usr/local/etc/raddb/mods-enabled/detail.log
         # Instantiating module "pre_proxy_log" from file /usr/local/etc/raddb/mods-enabled/detail.log
         # Instantiating module "post_proxy_log" from file /usr/local/etc/raddb/mods-enabled/detail.log
         # Instantiating module "eap" from file /usr/local/etc/raddb/mods-enabled/eap
          # Linked to sub-module rlm_eap_md5
          # Linked to sub-module rlm_eap_gtc
          gtc {
          	challenge = "Password: "
          	auth_type = "PAP"
+         }
          # Linked to sub-module rlm_eap_tls
          tls {
          	tls = "tls-common"
+         }
          tls-config tls-common {
          	verify_depth = 0
          	ca_path = "/usr/local/etc/raddb/certs"
          	pem_file_type = yes
          	private_key_file = "/usr/local/etc/raddb/certs/server_key.pem"
          	certificate_file = "/usr/local/etc/raddb/certs/server_cert.pem"
          	ca_file = "/usr/local/etc/raddb/certs/ca_cert.pem"
          	dh_file = "/usr/local/etc/raddb/certs/dh"
          	random_file = "/dev/urandom"
          	fragment_size = 1024
          	include_length = yes
          	auto_chain = yes
          	check_crl = no
          	check_all_crl = no
          	ca_path_reload_interval = 0
          	cipher_list = "DEFAULT"
          	cipher_server_preference = no
          	ecdh_curve = "prime256v1"
          	tls_min_version = "1.0"
           cache {
           	enable = no
           	lifetime = 24
           	max_entries = 255
+          }
           verify {
           	skip_if_ocsp_ok = no
+          }
           ocsp {
           	enable = no
           	override_cert_url = no
           	url = "http://127.0.0.1/ocsp/"
           	use_nonce = yes
           	timeout = 0
           	softfail = no
+          }
+         }
          # Linked to sub-module rlm_eap_ttls
          ttls {
          	tls = "tls-common"
          	default_eap_type = "md5"
          	copy_request_to_tunnel = no
          	use_tunneled_reply = no
          	virtual_server = "inner-tunnel-ttls"
          	include_length = yes
          	require_client_cert = no
+         }
       tls: Using cached TLS configuration from previous invocation
          # Linked to sub-module rlm_eap_peap
          peap {
          	tls = "tls-common"
          	default_eap_type = "mschapv2"
          	copy_request_to_tunnel = no
          	use_tunneled_reply = no
          	proxy_tunneled_request_as_eap = yes
          	virtual_server = "inner-tunnel-peap"
          	soh = no
          	require_client_cert = no
+         }
       tls: Using cached TLS configuration from previous invocation
          # Linked to sub-module rlm_eap_mschapv2
          mschapv2 {
          	with_ntdomain_hack = no
          	send_error = no
+         }
         # Instantiating module "files" from file /usr/local/etc/raddb/mods-enabled/files
       reading pairlist file /usr/local/etc/raddb/mods-config/files/authorize
       reading pairlist file /usr/local/etc/raddb/mods-config/files/accounting
       reading pairlist file /usr/local/etc/raddb/mods-config/files/pre-proxy
         # Instantiating module "linelog" from file /usr/local/etc/raddb/mods-enabled/linelog
         # Instantiating module "log_accounting" from file /usr/local/etc/raddb/mods-enabled/linelog
         # Instantiating module "mschap" from file /usr/local/etc/raddb/mods-enabled/mschap
       rlm_mschap (mschap): using internal authentication
         # Instantiating module "IPASS" from file /usr/local/etc/raddb/mods-enabled/realm
         # Instantiating module "suffix" from file /usr/local/etc/raddb/mods-enabled/realm
         # Instantiating module "realmpercent" from file /usr/local/etc/raddb/mods-enabled/realm
         # Instantiating module "ntdomain" from file /usr/local/etc/raddb/mods-enabled/realm
         # Instantiating module "pap" from file /usr/local/etc/raddb/mods-enabled/pap
         # Instantiating module "etc_passwd" from file /usr/local/etc/raddb/mods-enabled/passwd
       rlm_passwd: nfields: 3 keyfield 0(User-Name) listable: no
         # Instantiating module "preprocess" from file /usr/local/etc/raddb/mods-enabled/preprocess
       reading pairlist file /usr/local/etc/raddb/mods-config/preprocess/huntgroups
       reading pairlist file /usr/local/etc/raddb/mods-config/preprocess/hints
         # Instantiating module "reject" from file /usr/local/etc/raddb/mods-enabled/always
         # Instantiating module "fail" from file /usr/local/etc/raddb/mods-enabled/always
         # Instantiating module "ok" from file /usr/local/etc/raddb/mods-enabled/always
         # Instantiating module "handled" from file /usr/local/etc/raddb/mods-enabled/always
         # Instantiating module "invalid" from file /usr/local/etc/raddb/mods-enabled/always
         # Instantiating module "userlock" from file /usr/local/etc/raddb/mods-enabled/always
         # Instantiating module "notfound" from file /usr/local/etc/raddb/mods-enabled/always
         # Instantiating module "noop" from file /usr/local/etc/raddb/mods-enabled/always
         # Instantiating module "updated" from file /usr/local/etc/raddb/mods-enabled/always
         # Instantiating module "dailycounter" from file /usr/local/etc/raddb/mods-enabled/sqlcounter
       rlm_sqlcounter: Current Time: 1629792140 [2021-08-24 11:02:20], Prev reset 1629752400 [2021-08-24 00:00:00]
         # Instantiating module "monthlycounter" from file /usr/local/etc/raddb/mods-enabled/sqlcounter
       rlm_sqlcounter: Current Time: 1629792140 [2021-08-24 11:02:20], Prev reset 1627765200 [2021-08-01 00:00:00]
         # Instantiating module "noresetcounter" from file /usr/local/etc/raddb/mods-enabled/sqlcounter
       rlm_sqlcounter: Current Time: 1629792140 [2021-08-24 11:02:20], Prev reset 0 [2021-08-24 11:00:00]
         # Instantiating module "expire_on_login" from file /usr/local/etc/raddb/mods-enabled/sqlcounter
       rlm_sqlcounter: Current Time: 1629792140 [2021-08-24 11:02:20], Prev reset 0 [2021-08-24 11:00:00]
        } # modules
       radiusd: #### Loading Virtual Servers ####
       server { # from file /usr/local/etc/raddb/radiusd.conf
       } # server
       server default { # from file /usr/local/etc/raddb/sites-enabled/default
        # Loading authenticate {...}
       Compiling Auth-Type PAP for attr Auth-Type
       Compiling Auth-Type CHAP for attr Auth-Type
       Compiling Auth-Type MS-CHAP for attr Auth-Type
       Compiling Auth-Type MOTP for attr Auth-Type
       Compiling Auth-Type GOOGLEAUTH for attr Auth-Type
        # Loading authorize {...}
       Compiling Autz-Type Status-Server for attr Autz-Type
        # Loading preacct {...}
        # Loading accounting {...}
       Compiling Acct-Type Status-Server for attr Acct-Type
        # Loading session {...}
        # Loading pre-proxy {...}
        # Loading post-proxy {...}
        # Loading post-auth {...}
       Compiling Post-Auth-Type REJECT for attr Post-Auth-Type
       Compiling Post-Auth-Type Challenge for attr Post-Auth-Type
       } # server default
       server inner-tunnel-ttls { # from file /usr/local/etc/raddb/sites-enabled/inner-tunnel-ttls
        # Loading authenticate {...}
       Compiling Auth-Type PAP for attr Auth-Type
       Compiling Auth-Type CHAP for attr Auth-Type
       Compiling Auth-Type MS-CHAP for attr Auth-Type
        # Loading authorize {...}
       Ignoring "sql" (see raddb/mods-available/README.rst)
       Ignoring "ldap" (see raddb/mods-available/README.rst)
        # Loading session {...}
        # Loading post-proxy {...}
        # Loading post-auth {...}
        # Skipping contents of 'if' as it is always 'false' -- /usr/local/etc/raddb/sites-enabled/inner-tunnel-ttls:63
       Compiling Post-Auth-Type REJECT for attr Post-Auth-Type
       } # server inner-tunnel-ttls
       server inner-tunnel-peap { # from file /usr/local/etc/raddb/sites-enabled/inner-tunnel-peap
        # Loading authenticate {...}
       Compiling Auth-Type PAP for attr Auth-Type
       Compiling Auth-Type CHAP for attr Auth-Type
       Compiling Auth-Type MS-CHAP for attr Auth-Type
        # Loading authorize {...}
        # Loading session {...}
        # Loading post-proxy {...}
        # Loading post-auth {...}
        # Skipping contents of 'if' as it is always 'false' -- /usr/local/etc/raddb/sites-enabled/inner-tunnel-peap:63
       Compiling Post-Auth-Type REJECT for attr Post-Auth-Type
       } # server inner-tunnel-peap
       radiusd: #### Opening IP addresses and Ports ####
       listen {
         	type = "auth"
         	ipaddr = 10.168.0.41
         	port = 1812
        client pfsense {
        	ipaddr = 127.0.0.1
        	require_message_authenticator = no
        	secret = <<< secret >>>
        	shortname = "pfsense"
         limit {
         	max_connections = 16
         	lifetime = 0
         	idle_timeout = 30
+        }
+       }
       Ignoring duplicate client 127.0.0.1
+      }
       listen {
         	type = "acct"
         	ipaddr = 10.168.0.41
         	port = 1813
+      }
       listen {
         	type = "auth"
         	ipaddr = 127.0.0.1
         	port = 18127
+      }
       listen {
         	type = "auth"
         	ipaddr = 127.0.0.1
         	port = 18128
+      }
       Listening on auth address 10.168.0.41 port 1812 bound to server default
       Listening on acct address 10.168.0.41 port 1813 bound to server default
       Listening on auth address 127.0.0.1 port 18127 bound to server inner-tunnel-ttls
       Listening on auth address 127.0.0.1 port 18128 bound to server inner-tunnel-peap
       Ready to process requests
       Ignoring request to auth address 10.168.0.41 port 1812 bound to server default from unknown client 10.168.0.194 port 43844 proto udp
       Ready to process requests

« Previous
1
2
Next »

(1-1/2)

Project

General

Profile

pfSense » pfSense Packages

Bug #12126 » radiusdX.log