Перейти к содержимому
Калькуляторы

wpa2-enterprise + freeradius2 в radacct пишется "зашифрованный" User-Name

Ответить

blowfish   

blowfish
Опубликовано · Жалоба

Имеется:

freeradius 2.1.8 собранный из исходников на debian etch (с поддержкой openssl)

dlink dwl 2100ap в качестве точки доступа и радиус клиента.

клиенты nokia e70, nokia n810 (maemo diablo)

 

радиус настроен по how-to http://www.ixbt.com/comm/prac-wpa-eap_2.shtml

 

Клиенты пормально логинятся на точку и работают в интернете, причём оба, с одним и тем-же логином.

 

В радиусе включена поддержка mysql. юзеры берутся из базы, аккаунтинг пишется в базу.

Небходиомо настроить simultaneous-use, для того чтобы ограничить одновремееные подключения с одним и тем-же username.

Вот тут начинаются проблемы:

 

00-17-b0-bd-93-c1 - это nokia e70

00-1d-6e-9b-f6-94 - это nokia n810

 

mysql> select acctsessionid, username, groupname, acctsessiontime, callingstationid, acctstarttime, acctstoptime from radacct order by radacctid;
+-----------------------+----------------------------+-----------+-----------------+-------------------+---------------------+---------------------+
| acctsessionid         | username                   | groupname | acctsessiontime | callingstationid  | acctstarttime       | acctstoptime        |
+-----------------------+----------------------------+-----------+-----------------+-------------------+---------------------+---------------------+
| 0000000006:0000000004 | testuser                   |           |            2528 | 00-17-b0-bd-93-c1 | 2010-02-09 22:50:39 | 2010-02-09 23:32:47 | 
| 0000000006:0000000006 | testuser                   |           |             423 | 00-17-b0-bd-93-c1 | 2010-02-09 23:33:14 | 2010-02-09 23:40:17 | 
| 0000000006:0000000008 | testuser                   |           |             687 | 00-17-b0-bd-93-c1 | 2010-02-09 23:58:18 | 2010-02-10 00:09:46 | 
| 0000000006:0000000011 | XnDIGXtz6FxG1Lm=264qjFTm   |           |             399 | 00-1d-6e-9b-f6-94 | 2010-02-10 00:30:00 | 2010-02-10 00:36:39 | 
| 0000000006:0000000012 | testuser                   |           |               1 | 00-17-b0-bd-93-c1 | 2010-02-10 00:36:04 | 2010-02-10 00:36:07 | 
| 0000000006:0000000013 | testuser                   |           |             166 | 00-17-b0-bd-93-c1 | 2010-02-10 00:53:08 | 2010-02-10 00:55:54 | 
| 0000000006:0000000014 | fEeNaVcZFqw6eOQmT=24VDu0   |           |               0 | 00-1d-6e-9b-f6-94 | 2010-02-10 00:53:49 | NULL                | 
| 0000000006:0000000015 | testuser                   |           |               0 | 00-17-b0-bd-93-c1 | 2010-02-10 00:55:56 | NULL                | 
| 0000000006:0000000016 | SkX5Cd=24pug04zO0=244db6bG |           |            1075 | 00-1d-6e-9b-f6-94 | 2010-02-10 01:03:20 | 2010-02-10 01:21:16 | 
| 0000000006:0000000017 | yTxQeJ9nTwhq6YzzxEeTSm     |           |               0 | 00-1d-6e-9b-f6-94 | 2010-02-10 01:21:21 | NULL                | 
| 0000000006:0000000017 |                            |           |             581 | 00-1d-6e-9b-f6-94 | 2010-02-10 01:21:22 | 2010-02-10 01:31:03 | 
| 0000000006:0000000018 | 9RkUQr9JaZr2UnRNAPiHOm     |           |               0 | 00-1d-6e-9b-f6-94 | 2010-02-10 01:32:44 | NULL                | 
| 0000000006:0000000019 | y5xPgvjzUfwR=24NlSW4hOLG   |           |             465 | 00-1d-6e-9b-f6-94 | 2010-02-10 01:49:02 | 2010-02-10 01:56:47 | 
| 0000000006:0000000021 | C5iOh=260pJzBRazjk3voZUW   |           |             306 | 00-1d-6e-9b-f6-94 | 2010-02-10 01:56:55 | 2010-02-10 02:02:02 | 
| 0000000006:0000000022 | testuser                   |           |               0 | 00-17-b0-bd-93-c1 | 2010-02-10 01:59:52 | NULL                | 
| 0000000006:0000000023 | testuser                   |           |             101 | 00-17-b0-bd-93-c1 | 2010-02-10 01:59:54 | 2010-02-10 02:01:33 | 
| 0000000006:0000000024 | kZ6ZqLNcQRpP2TT4S1x7w0     |           |            1041 | 00-1d-6e-9b-f6-94 | 2010-02-10 02:02:09 | 2010-02-10 02:19:29 | 
| 0000000006:0000000026 | TaN=2619bWZrEjPIq1qpl3Um   |           |             503 | 00-1d-6e-9b-f6-94 | 2010-02-10 02:19:32 | 2010-02-10 02:27:56 | 
| 0000000006:0000000027 | SNnQgLPI4ZsKrcQt5NjWdm     |           |             128 | 00-1d-6e-9b-f6-94 | 2010-02-10 02:27:59 | 2010-02-10 02:30:05 | 
| 0000000006:0000000028 | pgLbu3fQQsFnAGXA2dG0gm     |           |             377 | 00-1d-6e-9b-f6-94 | 2010-02-10 02:30:09 | 2010-02-10 02:36:26 | 
| 0000000006:0000000029 | BcMGdNHkt91L6a5ZFYyIO0     |           |              81 | 00-1d-6e-9b-f6-94 | 2010-02-10 02:36:31 | 2010-02-10 02:37:51 | 
| 0000000006:0000000030 | 1QLux0VjUKds86GfFpMMV0     |           |             190 | 00-1d-6e-9b-f6-94 | 2010-02-10 02:37:54 | 2010-02-10 02:41:05 | 
| 0000000006:0000000031 | zSIcExbtS=26iPOERmNlmZzm   |           |             383 | 00-1d-6e-9b-f6-94 | 2010-02-10 02:41:12 | 2010-02-10 02:47:35 | 
| 0000000006:0000000032 | x5bwXhKmLF8PCpzsg3aSG0     |           |             318 | 00-1d-6e-9b-f6-94 | 2010-02-10 02:47:38 | 2010-02-10 02:52:56 | 
| 0000000006:0000000033 | uxogNaSRcnoeya=26GOh8R90   |           |              77 | 00-1d-6e-9b-f6-94 | 2010-02-10 02:53:00 | 2010-02-10 02:54:18 | 
| 0000000006:0000000034 | ZR6fvDB=244TPMk1hcaD=26si0 |           |           41090 | 00-1d-6e-9b-f6-94 | 2010-02-10 02:54:21 | 2010-02-10 14:19:11 | 
| 0000000006:0000000035 | testuser                   |           |             121 | 00-17-b0-bd-93-c1 | 2010-02-10 14:15:47 | 2010-02-10 14:17:46 | 
| 0000000006:0000000036 | S9M2ZKPNs0fgMcNP9mZXWG     |           |            4362 | 00-1d-6e-9b-f6-94 | 2010-02-10 14:19:15 | 2010-02-10 15:31:56 | 
| 0000000006:0000000037 | testuser                   |           |               0 | 00-17-b0-bd-93-c1 | 2010-02-10 14:19:43 | NULL                | 
| 0000000006:0000000038 | testuser                   |           |            4141 | 00-17-b0-bd-93-c1 | 2010-02-10 14:19:45 | 2010-02-10 15:28:47 | 
| 0000000006:0000000039 | FBAWYhSJofC6F7P8SvJXR0     |           |               0 | 00-1d-6e-9b-f6-94 | 2010-02-10 15:31:58 | NULL                | 
| 0000000006:0000000040 | testuser                   |           |               0 | 00-17-b0-bd-93-c1 | 2010-02-10 15:35:26 | NULL                | 
| 0000000006:0000000041 | testuser                   |           |               0 | 00-17-b0-bd-93-c1 | 2010-02-10 15:35:27 | NULL                | 
+-----------------------+----------------------------+-----------+-----------------+-------------------+---------------------+---------------------+

 

Во всех пакетах в сторону радиуса при подключении n810 фигурирует этот идентификатор, при подключении e70 - открытый username.

 

 

mysql> select * from radcheck where username = 'testuser';
+----+----------+--------------------+----+----------+
| id | username | attribute          | op | value    |
+----+----------+--------------------+----+----------+
|  1 | testuser | Cleartext-Password | := | testtest | 
+----+----------+--------------------+----+----------+

 

Аутентификация проходит без проблем.

 

Вопрос в том, где радиус хранит cleartext username, и как сделать так чтобы в логи и radacct он писал именно его?

 

конфиг радиуса:

 

FreeRADIUS Version 2.1.8, for host i486-pc-linux-gnu, built on Feb  8 2010 at 17:58:40
Copyright (C) 1999-2009 The FreeRADIUS server project and contributors. 
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A 
PARTICULAR PURPOSE. 
You may redistribute copies of FreeRADIUS under the terms of the 
GNU General Public License v2. 
Starting - reading configuration files ...
including configuration file /etc/freeradius/radiusd.conf
including configuration file /etc/freeradius/proxy.conf
including configuration file /etc/freeradius/clients.conf
including configuration file /etc/freeradius/snmp.conf
including configuration file /etc/freeradius/eap.conf
including configuration file /etc/freeradius/sql.conf
including configuration file /etc/freeradius/sql/mysql/dialup.conf
including configuration file /etc/freeradius/policy.conf
including files in directory /etc/freeradius/sites-enabled/
including configuration file /etc/freeradius/sites-enabled/default
including configuration file /etc/freeradius/sites-enabled/inner-tunnel
main {
    user = "freerad"
    group = "freerad"
    allow_core_dumps = no
}
including dictionary file /etc/freeradius/dictionary
main {
    prefix = "/usr"
    localstatedir = "/var"
    logdir = "/var/log/freeradius"
    libdir = "/usr/lib/freeradius"
    radacctdir = "/var/log/freeradius/radacct"
    hostname_lookups = no
    max_request_time = 30
    cleanup_delay = 5
    max_requests = 1024
    pidfile = "/var/run/freeradius/freeradius.pid"
    checkrad = "/usr/sbin/checkrad"
    debug_level = 0
    proxy_requests = yes
log {
    stripped_names = yes
    auth = yes
    auth_badpass = yes
    auth_goodpass = yes
}
security {
    max_attributes = 200
    reject_delay = 1
    status_server = yes
}
}
radiusd: #### Loading Realms and Home Servers ####
proxy server {
    retry_delay = 5
    retry_count = 3
    default_fallback = no
    dead_time = 120
    wake_all_if_all_dead = no
}
home_server localhost {
    ipaddr = 127.0.0.1
    port = 1812
    type = "auth"
    secret = "testing123"
    response_window = 20
    max_outstanding = 65536
    require_message_authenticator = no
    zombie_period = 40
    status_check = "status-server"
    ping_interval = 30
    check_interval = 30
    num_answers_to_alive = 3
    num_pings_to_alive = 3
    revive_interval = 120
    status_check_timeout = 4
    irt = 2
    mrt = 16
    mrc = 5
    mrd = 30
}
home_server_pool my_auth_failover {
    type = fail-over
    home_server = localhost
}
realm example.com {
    auth_pool = my_auth_failover
}
realm LOCAL {
}
radiusd: #### Loading Clients ####
client localhost {
    ipaddr = 127.0.0.1
    require_message_authenticator = no
    secret = "testing123"
    nastype = "other"
}
client 192.168.0.230 {
    require_message_authenticator = no
    secret = "test"
    nastype = "other"
}
client 192.168.0.137 {
    require_message_authenticator = no
    secret = "test"
    shortname = "dlink-2100ap-1"
    nastype = "other"
}
client 192.168.0.18 {
    require_message_authenticator = no
    secret = "test"
    shortname = "dlink-2100ap-2"
    nastype = "other"
}
radiusd: #### Instantiating modules ####
instantiate {
Module: Linked to module rlm_exec
Module: Instantiating exec
  exec {
    wait = yes
    input_pairs = "request"
    shell_escape = yes
  }
Module: Linked to module rlm_expr
Module: Instantiating expr
Module: Linked to module rlm_expiration
Module: Instantiating expiration
  expiration {
    reply-message = "Password Has Expired  "
  }
Module: Linked to module rlm_logintime
Module: Instantiating logintime
  logintime {
    reply-message = "You are calling outside your allowed timespan  "
    minimum-timeout = 60
  }
}
radiusd: #### Loading Virtual Servers ####
server inner-tunnel {
modules {
Module: Checking authenticate {...} for more modules to load
Module: Linked to module rlm_pap
Module: Instantiating pap
  pap {
    encryption_scheme = "auto"
    auto_header = no
  }
Module: Linked to module rlm_chap
Module: Instantiating chap
Module: Linked to module rlm_mschap
Module: Instantiating mschap
  mschap {
    use_mppe = yes
    require_encryption = no
    require_strong = no
    with_ntdomain_hack = no
  }
Module: Linked to module rlm_unix
Module: Instantiating unix
  unix {
    radwtmp = "/var/log/freeradius/radwtmp"
  }
Module: Linked to module rlm_eap
Module: Instantiating eap
  eap {
    default_eap_type = "peap"
    timer_expire = 60
    ignore_unknown_eap_types = no
    cisco_accounting_username_bug = yes
    max_sessions = 4096
  }
Module: Linked to sub-module rlm_eap_tls
Module: Instantiating eap-tls
   tls {
    rsa_key_exchange = no
    dh_key_exchange = yes
    rsa_key_length = 512
    dh_key_length = 512
    verify_depth = 0
    pem_file_type = yes
    private_key_file = "/etc/freeradius/newcert/certificates/radius.somenet.key"
    certificate_file = "/etc/freeradius/newcert/certificates/radius.somenet.crt"
    CA_file = "/etc/freeradius/newcert/somenet-ca.crt"
    private_key_password = "testtest"
    dh_file = "/etc/freeradius/newcert/certificates/dh"
    random_file = "/etc/freeradius/newcert/certificates/random"
    fragment_size = 1024
    include_length = yes
    check_crl = no
    cipher_list = "DEFAULT"
    make_cert_command = "/etc/freeradius/newcert/certificates/bootstrap"
    cache {
    enable = no
    lifetime = 24
    max_entries = 255
    }
   }
Module: Linked to sub-module rlm_eap_ttls
Module: Instantiating eap-ttls
   ttls {
    default_eap_type = "md5"
    copy_request_to_tunnel = yes
    use_tunneled_reply = yes
    virtual_server = "inner-tunnel"
    include_length = yes
   }
Module: Linked to sub-module rlm_eap_peap
Module: Instantiating eap-peap
   peap {
    default_eap_type = "mschapv2"
    copy_request_to_tunnel = no
    use_tunneled_reply = yes
    proxy_tunneled_request_as_eap = yes
    virtual_server = "inner-tunnel"
   }
Module: Linked to sub-module rlm_eap_mschapv2
Module: Instantiating eap-mschapv2
   mschapv2 {
    with_ntdomain_hack = no
   }
Module: Checking authorize {...} for more modules to load
Module: Linked to module rlm_realm
Module: Instantiating suffix
  realm suffix {
    format = "suffix"
    delimiter = "@"
    ignore_default = no
    ignore_null = no
  }
Module: Instantiating ntdomain
  realm ntdomain {
    format = "prefix"
    delimiter = "\"
    ignore_default = no
    ignore_null = no
  }
Module: Linked to module rlm_sql
Module: Instantiating sql
  sql {
    driver = "rlm_sql_mysql"
    server = "localhost"
    port = ""
    login = "radius"
    password = "somepassword"
    radius_db = "radius"
    read_groups = yes
    sqltrace = no
    sqltracefile = "/var/log/freeradius/sqltrace.sql"
    readclients = no
    deletestalesessions = yes
    num_sql_socks = 5
    lifetime = 0
    max_queries = 0
    sql_user_name = "%{User-Name}"
    default_user_profile = ""
    nas_query = "SELECT id, nasname, shortname, type, secret FROM nas"
    authorize_check_query = "SELECT id, username, attribute, value, op           FROM radcheck           WHERE username = '%{SQL-User-Name}'           ORDER BY id"
    authorize_reply_query = "SELECT id, username, attribute, value, op           FROM radreply           WHERE username = '%{SQL-User-Name}'           ORDER BY id"
    authorize_group_check_query = "SELECT id, groupname, attribute,           Value, op           FROM radgroupcheck           WHERE groupname = '%{Sql-Group}'           ORDER BY id"
    authorize_group_reply_query = "SELECT id, groupname, attribute,           value, op           FROM radgroupreply           WHERE groupname = '%{Sql-Group}'           ORDER BY id"
    accounting_onoff_query = "          UPDATE radacct           SET              acctstoptime       =  '%S',              acctsessiontime    =  unix_timestamp('%S') -                                    unix_timestamp(acctstarttime),              acctterminatecause =  '%{Acct-Terminate-Cause}',              acctstopdelay      =  %{%{Acct-Delay-Time}:-0}           WHERE acctstoptime IS NULL           AND nasipaddress      =  '%{NAS-IP-Address}'           AND acctstarttime     <= '%S'"
    accounting_update_query = "           UPDATE radacct           SET              framedipaddress = '%{Framed-IP-Address}',              acctsessiontime     = '%{Acct-Session-Time}',              acctinputoctets     = '%{%{Acct-Input-Gigawords}:-0}'  << 32 |                                    '%{%{Acct-Input-Octets}:-0}',              acctoutputoctets    = '%{%{Acct-Output-Gigawords}:-0}' << 32 |                                    '%{%{Acct-Output-Octets}:-0}'           WHERE acctsessionid = '%{Acct-Session-Id}'           AND username        = '%{SQL-User-Name}'           AND nasipaddress    = '%{NAS-IP-Address}'"
    accounting_update_query_alt = "           INSERT INTO radacct             (acctsessionid,    acctuniqueid,      username,              realm,            nasipaddress,      nasportid,              nasporttype,      acctstarttime,     acctsessiontime,              acctauthentic,    connectinfo_start, acctinputoctets,              acctoutputoctets, calledstationid,   callingstationid,              servicetype,      framedprotocol,    framedipaddress,              acctstartdelay,   xascendsessionsvrkey)           VALUES             ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}',              '%{SQL-User-Name}',              '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}',              '%{NAS-Port-Type}',              DATE_SUB('%S',                       INTERVAL (%{%{Acct-Session-Time}:-0} +                                 %{%{Acct-Delay-Time}:-0}) SECOND),                       '%{Acct-Session-Time}',              '%{Acct-Authentic}', '',              '%{%{Acct-Input-Gigawords}:-0}' << 32 |              '%{%{Acct-Input-Octets}:-0}',              '%{%{Acct-Output-Gigawords}:-0}' << 32 |              '%{%{Acct-Output-Octets}:-0}',              '%{Called-Station-Id}', '%{Calling-Station-Id}',              '%{Service-Type}', '%{Framed-Protocol}',              '%{Framed-IP-Address}',              '0', '%{X-Ascend-Session-Svr-Key}')"
    accounting_start_query = "           INSERT INTO radacct             (acctsessionid,    acctuniqueid,     username,              realm,            nasipaddress,     nasportid,              nasporttype,      acctstarttime,    acctstoptime,              acctsessiontime,  acctauthentic,    connectinfo_start,              connectinfo_stop, acctinputoctets,  acctoutputoctets,              calledstationid,  callingstationid, acctterminatecause,              servicetype,      framedprotocol,   framedipaddress,              acctstartdelay,   acctstopdelay,    xascendsessionsvrkey)           VALUES             ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}',              '%{SQL-User-Name}',              '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}',              '%{NAS-Port-Type}', '%S', NULL,              '0', '%{Acct-Authentic}', '%{Connect-Info}',              '', '0', '0',              '%{Called-Station-Id}', '%{Calling-Station-Id}', '',              '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}',              '%{%{Acct-Delay-Time}:-0}', '0', '%{X-Ascend-Session-Svr-Key}')"
    accounting_start_query_alt = "           UPDATE radacct SET              acctstarttime     = '%S',              acctstartdelay    = '%{%{Acct-Delay-Time}:-0}',              connectinfo_start = '%{Connect-Info}'           WHERE acctsessionid  = '%{Acct-Session-Id}'           AND username         = '%{SQL-User-Name}'           AND nasipaddress     = '%{NAS-IP-Address}'"
    accounting_stop_query = "           UPDATE radacct SET              acctstoptime       = '%S',              acctsessiontime    = '%{Acct-Session-Time}',              acctinputoctets    = '%{%{Acct-Input-Gigawords}:-0}' << 32 |                                   '%{%{Acct-Input-Octets}:-0}',              acctoutputoctets   = '%{%{Acct-Output-Gigawords}:-0}' << 32 |                                   '%{%{Acct-Output-Octets}:-0}',              acctterminatecause = '%{Acct-Terminate-Cause}',              acctstopdelay      = '%{%{Acct-Delay-Time}:-0}',              connectinfo_stop   = '%{Connect-Info}'           WHERE acctsessionid   = '%{Acct-Session-Id}'           AND username          = '%{SQL-User-Name}'           AND nasipaddress      = '%{NAS-IP-Address}'"
    accounting_stop_query_alt = "           INSERT INTO radacct             (acctsessionid, acctuniqueid, username,              realm, nasipaddress, nasportid,              nasporttype, acctstarttime, acctstoptime,              acctsessiontime, acctauthentic, connectinfo_start,              connectinfo_stop, acctinputoctets, acctoutputoctets,              calledstationid, callingstationid, acctterminatecause,              servicetype, framedprotocol, framedipaddress,              acctstartdelay, acctstopdelay)           VALUES             ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}',              '%{SQL-User-Name}',              '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}',              '%{NAS-Port-Type}',              DATE_SUB('%S',                  INTERVAL (%{%{Acct-Session-Time}:-0} +                  %{%{Acct-Delay-Time}:-0}) SECOND),              '%S', '%{Acct-Session-Time}', '%{Acct-Authentic}', '',              '%{Connect-Info}',              '%{%{Acct-Input-Gigawords}:-0}' << 32 |              '%{%{Acct-Input-Octets}:-0}',              '%{%{Acct-Output-Gigawords}:-0}' << 32 |              '%{%{Acct-Output-Octets}:-0}',              '%{Called-Station-Id}', '%{Calling-Station-Id}',              '%{Acct-Terminate-Cause}',              '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}',              '0', '%{%{Acct-Delay-Time}:-0}')"
    group_membership_query = "SELECT groupname           FROM radusergroup           WHERE username = '%{SQL-User-Name}'           ORDER BY priority"
    connect_failure_retry_delay = 60
    simul_count_query = ""
    simul_verify_query = "SELECT radacctid, acctsessionid, username,                                nasipaddress, nasportid, framedipaddress,                                callingstationid, framedprotocol                                FROM radacct                                WHERE username = '%{SQL-User-Name}'                                AND acctstoptime IS NULL"
    postauth_query = "INSERT INTO radpostauth                           (username, pass, reply, authdate)                           VALUES (                           '%{User-Name}',                           '%{%{User-Password}:-%{Chap-Password}}',                           '%{reply:Packet-Type}', '%S')"
    safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
  }
rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked
rlm_sql (sql): Attempting to connect to radius@localhost:/radius
rlm_sql (sql): starting 0
rlm_sql (sql): Attempting to connect rlm_sql_mysql #0
rlm_sql_mysql: Starting connect to MySQL server for #0
rlm_sql (sql): Connected new DB handle, #0
rlm_sql (sql): starting 1
rlm_sql (sql): Attempting to connect rlm_sql_mysql #1
rlm_sql_mysql: Starting connect to MySQL server for #1
rlm_sql (sql): Connected new DB handle, #1
rlm_sql (sql): starting 2
rlm_sql (sql): Attempting to connect rlm_sql_mysql #2
rlm_sql_mysql: Starting connect to MySQL server for #2
rlm_sql (sql): Connected new DB handle, #2
rlm_sql (sql): starting 3
rlm_sql (sql): Attempting to connect rlm_sql_mysql #3
rlm_sql_mysql: Starting connect to MySQL server for #3
rlm_sql (sql): Connected new DB handle, #3
rlm_sql (sql): starting 4
rlm_sql (sql): Attempting to connect rlm_sql_mysql #4
rlm_sql_mysql: Starting connect to MySQL server for #4
rlm_sql (sql): Connected new DB handle, #4
Module: Checking session {...} for more modules to load
Module: Checking post-proxy {...} for more modules to load
Module: Checking post-auth {...} for more modules to load
Module: Linked to module rlm_sql_log
Module: Instantiating sql_log
  sql_log {
    path = "/var/log/freeradius/radacct/sql-relay"
    Post-Auth = "INSERT INTO radpostauth                            (username, pass, reply, authdate) VALUES                                     ('%{User-Name}', '%{User-Password:-Chap-Password}',                  '%{reply:Packet-Type}', '%S');"
    sql_user_name = "%{%{User-Name}:-DEFAULT}"
    utf8 = no
    safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
  }
Module: Linked to module rlm_attr_filter
Module: Instantiating attr_filter.access_reject
  attr_filter attr_filter.access_reject {
    attrsfile = "/etc/freeradius/attrs.access_reject"
    key = "%{User-Name}"
  }
} # modules
} # server
server {
modules {
Module: Checking authenticate {...} for more modules to load
Module: Checking authorize {...} for more modules to load
Module: Linked to module rlm_preprocess
Module: Instantiating preprocess
  preprocess {
    huntgroups = "/etc/freeradius/huntgroups"
    hints = "/etc/freeradius/hints"
    with_ascend_hack = no
    ascend_channels_per_line = 23
    with_ntdomain_hack = no
    with_specialix_jetstream_hack = no
    with_cisco_vsa_hack = no
    with_alvarion_vsa_hack = no
  }
Module: Linked to module rlm_detail
Module: Instantiating auth_log
  detail auth_log {
    detailfile = "/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d"
    header = "%t"
    detailperm = 384
    dirperm = 493
    locking = no
    log_packet_header = no
  }
Module: Checking preacct {...} for more modules to load
Module: Linked to module rlm_acct_unique
Module: Instantiating acct_unique
  acct_unique {
    key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port"
  }
Module: Linked to module rlm_files
Module: Instantiating files
  files {
    usersfile = "/etc/freeradius/users"
    acctusersfile = "/etc/freeradius/acct_users"
    preproxy_usersfile = "/etc/freeradius/preproxy_users"
    compat = "no"
  }
Module: Checking accounting {...} for more modules to load
Module: Instantiating attr_filter.accounting_response
  attr_filter attr_filter.accounting_response {
    attrsfile = "/etc/freeradius/attrs.accounting_response"
    key = "%{User-Name}"
  }
Module: Checking session {...} for more modules to load
Module: Checking post-proxy {...} for more modules to load
Module: Checking post-auth {...} for more modules to load
} # modules
} # server
radiusd: #### Opening IP addresses and Ports ####
listen {
    type = "auth"
    ipaddr = *
    port = 0
}
listen {
    type = "acct"
    ipaddr = *
    port = 0
}
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on proxy address * port 1814
Ready to process requests.

Поделиться сообщением

Ссылка на сообщение
Поделиться на других сайтах

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Гость
Ответить в тему...

×   Вставлено в виде отформатированного текста.   Вставить в виде обычного текста

  Разрешено не более 75 смайлов.

×   Ваша ссылка была автоматически встроена.   Отобразить как ссылку

×   Ваш предыдущий контент был восстановлен.   Очистить редактор

×   Вы не можете вставить изображения напрямую. Загрузите или вставьте изображения по ссылке.

×
Подписчики 0
Перейти к списку тем Беспроводные сети Wi-Fi, 3G/LTE/5G, LoRa...