Jump to content
Калькуляторы

wpa2-enterprise + freeradius2 в radacct пишется "зашифрованный" User-Name

Имеется:

freeradius 2.1.8 собранный из исходников на debian etch (с поддержкой openssl)

dlink dwl 2100ap в качестве точки доступа и радиус клиента.

клиенты nokia e70, nokia n810 (maemo diablo)

 

радиус настроен по how-to http://www.ixbt.com/comm/prac-wpa-eap_2.shtml

 

Клиенты пормально логинятся на точку и работают в интернете, причём оба, с одним и тем-же логином.

 

В радиусе включена поддержка mysql. юзеры берутся из базы, аккаунтинг пишется в базу.

Небходиомо настроить simultaneous-use, для того чтобы ограничить одновремееные подключения с одним и тем-же username.

Вот тут начинаются проблемы:

 

00-17-b0-bd-93-c1 - это nokia e70

00-1d-6e-9b-f6-94 - это nokia n810

 

mysql> select acctsessionid, username, groupname, acctsessiontime, callingstationid, acctstarttime, acctstoptime from radacct order by radacctid;
+-----------------------+----------------------------+-----------+-----------------+-------------------+---------------------+---------------------+
| acctsessionid         | username                   | groupname | acctsessiontime | callingstationid  | acctstarttime       | acctstoptime        |
+-----------------------+----------------------------+-----------+-----------------+-------------------+---------------------+---------------------+
| 0000000006:0000000004 | testuser                   |           |            2528 | 00-17-b0-bd-93-c1 | 2010-02-09 22:50:39 | 2010-02-09 23:32:47 | 
| 0000000006:0000000006 | testuser                   |           |             423 | 00-17-b0-bd-93-c1 | 2010-02-09 23:33:14 | 2010-02-09 23:40:17 | 
| 0000000006:0000000008 | testuser                   |           |             687 | 00-17-b0-bd-93-c1 | 2010-02-09 23:58:18 | 2010-02-10 00:09:46 | 
| 0000000006:0000000011 | XnDIGXtz6FxG1Lm=264qjFTm   |           |             399 | 00-1d-6e-9b-f6-94 | 2010-02-10 00:30:00 | 2010-02-10 00:36:39 | 
| 0000000006:0000000012 | testuser                   |           |               1 | 00-17-b0-bd-93-c1 | 2010-02-10 00:36:04 | 2010-02-10 00:36:07 | 
| 0000000006:0000000013 | testuser                   |           |             166 | 00-17-b0-bd-93-c1 | 2010-02-10 00:53:08 | 2010-02-10 00:55:54 | 
| 0000000006:0000000014 | fEeNaVcZFqw6eOQmT=24VDu0   |           |               0 | 00-1d-6e-9b-f6-94 | 2010-02-10 00:53:49 | NULL                | 
| 0000000006:0000000015 | testuser                   |           |               0 | 00-17-b0-bd-93-c1 | 2010-02-10 00:55:56 | NULL                | 
| 0000000006:0000000016 | SkX5Cd=24pug04zO0=244db6bG |           |            1075 | 00-1d-6e-9b-f6-94 | 2010-02-10 01:03:20 | 2010-02-10 01:21:16 | 
| 0000000006:0000000017 | yTxQeJ9nTwhq6YzzxEeTSm     |           |               0 | 00-1d-6e-9b-f6-94 | 2010-02-10 01:21:21 | NULL                | 
| 0000000006:0000000017 |                            |           |             581 | 00-1d-6e-9b-f6-94 | 2010-02-10 01:21:22 | 2010-02-10 01:31:03 | 
| 0000000006:0000000018 | 9RkUQr9JaZr2UnRNAPiHOm     |           |               0 | 00-1d-6e-9b-f6-94 | 2010-02-10 01:32:44 | NULL                | 
| 0000000006:0000000019 | y5xPgvjzUfwR=24NlSW4hOLG   |           |             465 | 00-1d-6e-9b-f6-94 | 2010-02-10 01:49:02 | 2010-02-10 01:56:47 | 
| 0000000006:0000000021 | C5iOh=260pJzBRazjk3voZUW   |           |             306 | 00-1d-6e-9b-f6-94 | 2010-02-10 01:56:55 | 2010-02-10 02:02:02 | 
| 0000000006:0000000022 | testuser                   |           |               0 | 00-17-b0-bd-93-c1 | 2010-02-10 01:59:52 | NULL                | 
| 0000000006:0000000023 | testuser                   |           |             101 | 00-17-b0-bd-93-c1 | 2010-02-10 01:59:54 | 2010-02-10 02:01:33 | 
| 0000000006:0000000024 | kZ6ZqLNcQRpP2TT4S1x7w0     |           |            1041 | 00-1d-6e-9b-f6-94 | 2010-02-10 02:02:09 | 2010-02-10 02:19:29 | 
| 0000000006:0000000026 | TaN=2619bWZrEjPIq1qpl3Um   |           |             503 | 00-1d-6e-9b-f6-94 | 2010-02-10 02:19:32 | 2010-02-10 02:27:56 | 
| 0000000006:0000000027 | SNnQgLPI4ZsKrcQt5NjWdm     |           |             128 | 00-1d-6e-9b-f6-94 | 2010-02-10 02:27:59 | 2010-02-10 02:30:05 | 
| 0000000006:0000000028 | pgLbu3fQQsFnAGXA2dG0gm     |           |             377 | 00-1d-6e-9b-f6-94 | 2010-02-10 02:30:09 | 2010-02-10 02:36:26 | 
| 0000000006:0000000029 | BcMGdNHkt91L6a5ZFYyIO0     |           |              81 | 00-1d-6e-9b-f6-94 | 2010-02-10 02:36:31 | 2010-02-10 02:37:51 | 
| 0000000006:0000000030 | 1QLux0VjUKds86GfFpMMV0     |           |             190 | 00-1d-6e-9b-f6-94 | 2010-02-10 02:37:54 | 2010-02-10 02:41:05 | 
| 0000000006:0000000031 | zSIcExbtS=26iPOERmNlmZzm   |           |             383 | 00-1d-6e-9b-f6-94 | 2010-02-10 02:41:12 | 2010-02-10 02:47:35 | 
| 0000000006:0000000032 | x5bwXhKmLF8PCpzsg3aSG0     |           |             318 | 00-1d-6e-9b-f6-94 | 2010-02-10 02:47:38 | 2010-02-10 02:52:56 | 
| 0000000006:0000000033 | uxogNaSRcnoeya=26GOh8R90   |           |              77 | 00-1d-6e-9b-f6-94 | 2010-02-10 02:53:00 | 2010-02-10 02:54:18 | 
| 0000000006:0000000034 | ZR6fvDB=244TPMk1hcaD=26si0 |           |           41090 | 00-1d-6e-9b-f6-94 | 2010-02-10 02:54:21 | 2010-02-10 14:19:11 | 
| 0000000006:0000000035 | testuser                   |           |             121 | 00-17-b0-bd-93-c1 | 2010-02-10 14:15:47 | 2010-02-10 14:17:46 | 
| 0000000006:0000000036 | S9M2ZKPNs0fgMcNP9mZXWG     |           |            4362 | 00-1d-6e-9b-f6-94 | 2010-02-10 14:19:15 | 2010-02-10 15:31:56 | 
| 0000000006:0000000037 | testuser                   |           |               0 | 00-17-b0-bd-93-c1 | 2010-02-10 14:19:43 | NULL                | 
| 0000000006:0000000038 | testuser                   |           |            4141 | 00-17-b0-bd-93-c1 | 2010-02-10 14:19:45 | 2010-02-10 15:28:47 | 
| 0000000006:0000000039 | FBAWYhSJofC6F7P8SvJXR0     |           |               0 | 00-1d-6e-9b-f6-94 | 2010-02-10 15:31:58 | NULL                | 
| 0000000006:0000000040 | testuser                   |           |               0 | 00-17-b0-bd-93-c1 | 2010-02-10 15:35:26 | NULL                | 
| 0000000006:0000000041 | testuser                   |           |               0 | 00-17-b0-bd-93-c1 | 2010-02-10 15:35:27 | NULL                | 
+-----------------------+----------------------------+-----------+-----------------+-------------------+---------------------+---------------------+

 

Во всех пакетах в сторону радиуса при подключении n810 фигурирует этот идентификатор, при подключении e70 - открытый username.

 

 

mysql> select * from radcheck where username = 'testuser';
+----+----------+--------------------+----+----------+
| id | username | attribute          | op | value    |
+----+----------+--------------------+----+----------+
|  1 | testuser | Cleartext-Password | := | testtest | 
+----+----------+--------------------+----+----------+

 

Аутентификация проходит без проблем.

 

Вопрос в том, где радиус хранит cleartext username, и как сделать так чтобы в логи и radacct он писал именно его?

 

конфиг радиуса:

 

FreeRADIUS Version 2.1.8, for host i486-pc-linux-gnu, built on Feb  8 2010 at 17:58:40
Copyright (C) 1999-2009 The FreeRADIUS server project and contributors. 
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A 
PARTICULAR PURPOSE. 
You may redistribute copies of FreeRADIUS under the terms of the 
GNU General Public License v2. 
Starting - reading configuration files ...
including configuration file /etc/freeradius/radiusd.conf
including configuration file /etc/freeradius/proxy.conf
including configuration file /etc/freeradius/clients.conf
including configuration file /etc/freeradius/snmp.conf
including configuration file /etc/freeradius/eap.conf
including configuration file /etc/freeradius/sql.conf
including configuration file /etc/freeradius/sql/mysql/dialup.conf
including configuration file /etc/freeradius/policy.conf
including files in directory /etc/freeradius/sites-enabled/
including configuration file /etc/freeradius/sites-enabled/default
including configuration file /etc/freeradius/sites-enabled/inner-tunnel
main {
    user = "freerad"
    group = "freerad"
    allow_core_dumps = no
}
including dictionary file /etc/freeradius/dictionary
main {
    prefix = "/usr"
    localstatedir = "/var"
    logdir = "/var/log/freeradius"
    libdir = "/usr/lib/freeradius"
    radacctdir = "/var/log/freeradius/radacct"
    hostname_lookups = no
    max_request_time = 30
    cleanup_delay = 5
    max_requests = 1024
    pidfile = "/var/run/freeradius/freeradius.pid"
    checkrad = "/usr/sbin/checkrad"
    debug_level = 0
    proxy_requests = yes
log {
    stripped_names = yes
    auth = yes
    auth_badpass = yes
    auth_goodpass = yes
}
security {
    max_attributes = 200
    reject_delay = 1
    status_server = yes
}
}
radiusd: #### Loading Realms and Home Servers ####
proxy server {
    retry_delay = 5
    retry_count = 3
    default_fallback = no
    dead_time = 120
    wake_all_if_all_dead = no
}
home_server localhost {
    ipaddr = 127.0.0.1
    port = 1812
    type = "auth"
    secret = "testing123"
    response_window = 20
    max_outstanding = 65536
    require_message_authenticator = no
    zombie_period = 40
    status_check = "status-server"
    ping_interval = 30
    check_interval = 30
    num_answers_to_alive = 3
    num_pings_to_alive = 3
    revive_interval = 120
    status_check_timeout = 4
    irt = 2
    mrt = 16
    mrc = 5
    mrd = 30
}
home_server_pool my_auth_failover {
    type = fail-over
    home_server = localhost
}
realm example.com {
    auth_pool = my_auth_failover
}
realm LOCAL {
}
radiusd: #### Loading Clients ####
client localhost {
    ipaddr = 127.0.0.1
    require_message_authenticator = no
    secret = "testing123"
    nastype = "other"
}
client 192.168.0.230 {
    require_message_authenticator = no
    secret = "test"
    nastype = "other"
}
client 192.168.0.137 {
    require_message_authenticator = no
    secret = "test"
    shortname = "dlink-2100ap-1"
    nastype = "other"
}
client 192.168.0.18 {
    require_message_authenticator = no
    secret = "test"
    shortname = "dlink-2100ap-2"
    nastype = "other"
}
radiusd: #### Instantiating modules ####
instantiate {
Module: Linked to module rlm_exec
Module: Instantiating exec
  exec {
    wait = yes
    input_pairs = "request"
    shell_escape = yes
  }
Module: Linked to module rlm_expr
Module: Instantiating expr
Module: Linked to module rlm_expiration
Module: Instantiating expiration
  expiration {
    reply-message = "Password Has Expired  "
  }
Module: Linked to module rlm_logintime
Module: Instantiating logintime
  logintime {
    reply-message = "You are calling outside your allowed timespan  "
    minimum-timeout = 60
  }
}
radiusd: #### Loading Virtual Servers ####
server inner-tunnel {
modules {
Module: Checking authenticate {...} for more modules to load
Module: Linked to module rlm_pap
Module: Instantiating pap
  pap {
    encryption_scheme = "auto"
    auto_header = no
  }
Module: Linked to module rlm_chap
Module: Instantiating chap
Module: Linked to module rlm_mschap
Module: Instantiating mschap
  mschap {
    use_mppe = yes
    require_encryption = no
    require_strong = no
    with_ntdomain_hack = no
  }
Module: Linked to module rlm_unix
Module: Instantiating unix
  unix {
    radwtmp = "/var/log/freeradius/radwtmp"
  }
Module: Linked to module rlm_eap
Module: Instantiating eap
  eap {
    default_eap_type = "peap"
    timer_expire = 60
    ignore_unknown_eap_types = no
    cisco_accounting_username_bug = yes
    max_sessions = 4096
  }
Module: Linked to sub-module rlm_eap_tls
Module: Instantiating eap-tls
   tls {
    rsa_key_exchange = no
    dh_key_exchange = yes
    rsa_key_length = 512
    dh_key_length = 512
    verify_depth = 0
    pem_file_type = yes
    private_key_file = "/etc/freeradius/newcert/certificates/radius.somenet.key"
    certificate_file = "/etc/freeradius/newcert/certificates/radius.somenet.crt"
    CA_file = "/etc/freeradius/newcert/somenet-ca.crt"
    private_key_password = "testtest"
    dh_file = "/etc/freeradius/newcert/certificates/dh"
    random_file = "/etc/freeradius/newcert/certificates/random"
    fragment_size = 1024
    include_length = yes
    check_crl = no
    cipher_list = "DEFAULT"
    make_cert_command = "/etc/freeradius/newcert/certificates/bootstrap"
    cache {
    enable = no
    lifetime = 24
    max_entries = 255
    }
   }
Module: Linked to sub-module rlm_eap_ttls
Module: Instantiating eap-ttls
   ttls {
    default_eap_type = "md5"
    copy_request_to_tunnel = yes
    use_tunneled_reply = yes
    virtual_server = "inner-tunnel"
    include_length = yes
   }
Module: Linked to sub-module rlm_eap_peap
Module: Instantiating eap-peap
   peap {
    default_eap_type = "mschapv2"
    copy_request_to_tunnel = no
    use_tunneled_reply = yes
    proxy_tunneled_request_as_eap = yes
    virtual_server = "inner-tunnel"
   }
Module: Linked to sub-module rlm_eap_mschapv2
Module: Instantiating eap-mschapv2
   mschapv2 {
    with_ntdomain_hack = no
   }
Module: Checking authorize {...} for more modules to load
Module: Linked to module rlm_realm
Module: Instantiating suffix
  realm suffix {
    format = "suffix"
    delimiter = "@"
    ignore_default = no
    ignore_null = no
  }
Module: Instantiating ntdomain
  realm ntdomain {
    format = "prefix"
    delimiter = "\"
    ignore_default = no
    ignore_null = no
  }
Module: Linked to module rlm_sql
Module: Instantiating sql
  sql {
    driver = "rlm_sql_mysql"
    server = "localhost"
    port = ""
    login = "radius"
    password = "somepassword"
    radius_db = "radius"
    read_groups = yes
    sqltrace = no
    sqltracefile = "/var/log/freeradius/sqltrace.sql"
    readclients = no
    deletestalesessions = yes
    num_sql_socks = 5
    lifetime = 0
    max_queries = 0
    sql_user_name = "%{User-Name}"
    default_user_profile = ""
    nas_query = "SELECT id, nasname, shortname, type, secret FROM nas"
    authorize_check_query = "SELECT id, username, attribute, value, op           FROM radcheck           WHERE username = '%{SQL-User-Name}'           ORDER BY id"
    authorize_reply_query = "SELECT id, username, attribute, value, op           FROM radreply           WHERE username = '%{SQL-User-Name}'           ORDER BY id"
    authorize_group_check_query = "SELECT id, groupname, attribute,           Value, op           FROM radgroupcheck           WHERE groupname = '%{Sql-Group}'           ORDER BY id"
    authorize_group_reply_query = "SELECT id, groupname, attribute,           value, op           FROM radgroupreply           WHERE groupname = '%{Sql-Group}'           ORDER BY id"
    accounting_onoff_query = "          UPDATE radacct           SET              acctstoptime       =  '%S',              acctsessiontime    =  unix_timestamp('%S') -                                    unix_timestamp(acctstarttime),              acctterminatecause =  '%{Acct-Terminate-Cause}',              acctstopdelay      =  %{%{Acct-Delay-Time}:-0}           WHERE acctstoptime IS NULL           AND nasipaddress      =  '%{NAS-IP-Address}'           AND acctstarttime     <= '%S'"
    accounting_update_query = "           UPDATE radacct           SET              framedipaddress = '%{Framed-IP-Address}',              acctsessiontime     = '%{Acct-Session-Time}',              acctinputoctets     = '%{%{Acct-Input-Gigawords}:-0}'  << 32 |                                    '%{%{Acct-Input-Octets}:-0}',              acctoutputoctets    = '%{%{Acct-Output-Gigawords}:-0}' << 32 |                                    '%{%{Acct-Output-Octets}:-0}'           WHERE acctsessionid = '%{Acct-Session-Id}'           AND username        = '%{SQL-User-Name}'           AND nasipaddress    = '%{NAS-IP-Address}'"
    accounting_update_query_alt = "           INSERT INTO radacct             (acctsessionid,    acctuniqueid,      username,              realm,            nasipaddress,      nasportid,              nasporttype,      acctstarttime,     acctsessiontime,              acctauthentic,    connectinfo_start, acctinputoctets,              acctoutputoctets, calledstationid,   callingstationid,              servicetype,      framedprotocol,    framedipaddress,              acctstartdelay,   xascendsessionsvrkey)           VALUES             ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}',              '%{SQL-User-Name}',              '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}',              '%{NAS-Port-Type}',              DATE_SUB('%S',                       INTERVAL (%{%{Acct-Session-Time}:-0} +                                 %{%{Acct-Delay-Time}:-0}) SECOND),                       '%{Acct-Session-Time}',              '%{Acct-Authentic}', '',              '%{%{Acct-Input-Gigawords}:-0}' << 32 |              '%{%{Acct-Input-Octets}:-0}',              '%{%{Acct-Output-Gigawords}:-0}' << 32 |              '%{%{Acct-Output-Octets}:-0}',              '%{Called-Station-Id}', '%{Calling-Station-Id}',              '%{Service-Type}', '%{Framed-Protocol}',              '%{Framed-IP-Address}',              '0', '%{X-Ascend-Session-Svr-Key}')"
    accounting_start_query = "           INSERT INTO radacct             (acctsessionid,    acctuniqueid,     username,              realm,            nasipaddress,     nasportid,              nasporttype,      acctstarttime,    acctstoptime,              acctsessiontime,  acctauthentic,    connectinfo_start,              connectinfo_stop, acctinputoctets,  acctoutputoctets,              calledstationid,  callingstationid, acctterminatecause,              servicetype,      framedprotocol,   framedipaddress,              acctstartdelay,   acctstopdelay,    xascendsessionsvrkey)           VALUES             ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}',              '%{SQL-User-Name}',              '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}',              '%{NAS-Port-Type}', '%S', NULL,              '0', '%{Acct-Authentic}', '%{Connect-Info}',              '', '0', '0',              '%{Called-Station-Id}', '%{Calling-Station-Id}', '',              '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}',              '%{%{Acct-Delay-Time}:-0}', '0', '%{X-Ascend-Session-Svr-Key}')"
    accounting_start_query_alt = "           UPDATE radacct SET              acctstarttime     = '%S',              acctstartdelay    = '%{%{Acct-Delay-Time}:-0}',              connectinfo_start = '%{Connect-Info}'           WHERE acctsessionid  = '%{Acct-Session-Id}'           AND username         = '%{SQL-User-Name}'           AND nasipaddress     = '%{NAS-IP-Address}'"
    accounting_stop_query = "           UPDATE radacct SET              acctstoptime       = '%S',              acctsessiontime    = '%{Acct-Session-Time}',              acctinputoctets    = '%{%{Acct-Input-Gigawords}:-0}' << 32 |                                   '%{%{Acct-Input-Octets}:-0}',              acctoutputoctets   = '%{%{Acct-Output-Gigawords}:-0}' << 32 |                                   '%{%{Acct-Output-Octets}:-0}',              acctterminatecause = '%{Acct-Terminate-Cause}',              acctstopdelay      = '%{%{Acct-Delay-Time}:-0}',              connectinfo_stop   = '%{Connect-Info}'           WHERE acctsessionid   = '%{Acct-Session-Id}'           AND username          = '%{SQL-User-Name}'           AND nasipaddress      = '%{NAS-IP-Address}'"
    accounting_stop_query_alt = "           INSERT INTO radacct             (acctsessionid, acctuniqueid, username,              realm, nasipaddress, nasportid,              nasporttype, acctstarttime, acctstoptime,              acctsessiontime, acctauthentic, connectinfo_start,              connectinfo_stop, acctinputoctets, acctoutputoctets,              calledstationid, callingstationid, acctterminatecause,              servicetype, framedprotocol, framedipaddress,              acctstartdelay, acctstopdelay)           VALUES             ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}',              '%{SQL-User-Name}',              '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}',              '%{NAS-Port-Type}',              DATE_SUB('%S',                  INTERVAL (%{%{Acct-Session-Time}:-0} +                  %{%{Acct-Delay-Time}:-0}) SECOND),              '%S', '%{Acct-Session-Time}', '%{Acct-Authentic}', '',              '%{Connect-Info}',              '%{%{Acct-Input-Gigawords}:-0}' << 32 |              '%{%{Acct-Input-Octets}:-0}',              '%{%{Acct-Output-Gigawords}:-0}' << 32 |              '%{%{Acct-Output-Octets}:-0}',              '%{Called-Station-Id}', '%{Calling-Station-Id}',              '%{Acct-Terminate-Cause}',              '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}',              '0', '%{%{Acct-Delay-Time}:-0}')"
    group_membership_query = "SELECT groupname           FROM radusergroup           WHERE username = '%{SQL-User-Name}'           ORDER BY priority"
    connect_failure_retry_delay = 60
    simul_count_query = ""
    simul_verify_query = "SELECT radacctid, acctsessionid, username,                                nasipaddress, nasportid, framedipaddress,                                callingstationid, framedprotocol                                FROM radacct                                WHERE username = '%{SQL-User-Name}'                                AND acctstoptime IS NULL"
    postauth_query = "INSERT INTO radpostauth                           (username, pass, reply, authdate)                           VALUES (                           '%{User-Name}',                           '%{%{User-Password}:-%{Chap-Password}}',                           '%{reply:Packet-Type}', '%S')"
    safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
  }
rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked
rlm_sql (sql): Attempting to connect to radius@localhost:/radius
rlm_sql (sql): starting 0
rlm_sql (sql): Attempting to connect rlm_sql_mysql #0
rlm_sql_mysql: Starting connect to MySQL server for #0
rlm_sql (sql): Connected new DB handle, #0
rlm_sql (sql): starting 1
rlm_sql (sql): Attempting to connect rlm_sql_mysql #1
rlm_sql_mysql: Starting connect to MySQL server for #1
rlm_sql (sql): Connected new DB handle, #1
rlm_sql (sql): starting 2
rlm_sql (sql): Attempting to connect rlm_sql_mysql #2
rlm_sql_mysql: Starting connect to MySQL server for #2
rlm_sql (sql): Connected new DB handle, #2
rlm_sql (sql): starting 3
rlm_sql (sql): Attempting to connect rlm_sql_mysql #3
rlm_sql_mysql: Starting connect to MySQL server for #3
rlm_sql (sql): Connected new DB handle, #3
rlm_sql (sql): starting 4
rlm_sql (sql): Attempting to connect rlm_sql_mysql #4
rlm_sql_mysql: Starting connect to MySQL server for #4
rlm_sql (sql): Connected new DB handle, #4
Module: Checking session {...} for more modules to load
Module: Checking post-proxy {...} for more modules to load
Module: Checking post-auth {...} for more modules to load
Module: Linked to module rlm_sql_log
Module: Instantiating sql_log
  sql_log {
    path = "/var/log/freeradius/radacct/sql-relay"
    Post-Auth = "INSERT INTO radpostauth                            (username, pass, reply, authdate) VALUES                                     ('%{User-Name}', '%{User-Password:-Chap-Password}',                  '%{reply:Packet-Type}', '%S');"
    sql_user_name = "%{%{User-Name}:-DEFAULT}"
    utf8 = no
    safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
  }
Module: Linked to module rlm_attr_filter
Module: Instantiating attr_filter.access_reject
  attr_filter attr_filter.access_reject {
    attrsfile = "/etc/freeradius/attrs.access_reject"
    key = "%{User-Name}"
  }
} # modules
} # server
server {
modules {
Module: Checking authenticate {...} for more modules to load
Module: Checking authorize {...} for more modules to load
Module: Linked to module rlm_preprocess
Module: Instantiating preprocess
  preprocess {
    huntgroups = "/etc/freeradius/huntgroups"
    hints = "/etc/freeradius/hints"
    with_ascend_hack = no
    ascend_channels_per_line = 23
    with_ntdomain_hack = no
    with_specialix_jetstream_hack = no
    with_cisco_vsa_hack = no
    with_alvarion_vsa_hack = no
  }
Module: Linked to module rlm_detail
Module: Instantiating auth_log
  detail auth_log {
    detailfile = "/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d"
    header = "%t"
    detailperm = 384
    dirperm = 493
    locking = no
    log_packet_header = no
  }
Module: Checking preacct {...} for more modules to load
Module: Linked to module rlm_acct_unique
Module: Instantiating acct_unique
  acct_unique {
    key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port"
  }
Module: Linked to module rlm_files
Module: Instantiating files
  files {
    usersfile = "/etc/freeradius/users"
    acctusersfile = "/etc/freeradius/acct_users"
    preproxy_usersfile = "/etc/freeradius/preproxy_users"
    compat = "no"
  }
Module: Checking accounting {...} for more modules to load
Module: Instantiating attr_filter.accounting_response
  attr_filter attr_filter.accounting_response {
    attrsfile = "/etc/freeradius/attrs.accounting_response"
    key = "%{User-Name}"
  }
Module: Checking session {...} for more modules to load
Module: Checking post-proxy {...} for more modules to load
Module: Checking post-auth {...} for more modules to load
} # modules
} # server
radiusd: #### Opening IP addresses and Ports ####
listen {
    type = "auth"
    ipaddr = *
    port = 0
}
listen {
    type = "acct"
    ipaddr = *
    port = 0
}
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on proxy address * port 1814
Ready to process requests.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this