|
1
|
root@plateforme-test:~# freeradius -X
|
|
2
|
FreeRADIUS Version 2.1.12, for host i686-pc-linux-gnu, built on Aug 26 2015 at 14:47:37
|
|
3
|
Copyright (C) 1999-2009 The FreeRADIUS server project and contributors.
|
|
4
|
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
|
|
5
|
PARTICULAR PURPOSE.
|
|
6
|
You may redistribute copies of FreeRADIUS under the terms of the
|
|
7
|
GNU General Public License v2.
|
|
8
|
Starting - reading configuration files ...
|
|
9
|
including configuration file /etc/freeradius/radiusd.conf
|
|
10
|
including configuration file /etc/freeradius/clients.conf
|
|
11
|
including files in directory /etc/freeradius/modules/
|
|
12
|
including configuration file /etc/freeradius/modules/attr_rewrite
|
|
13
|
including configuration file /etc/freeradius/modules/dynamic_clients
|
|
14
|
including configuration file /etc/freeradius/modules/mac2vlan
|
|
15
|
including configuration file /etc/freeradius/modules/sqlcounter_expire_on_login
|
|
16
|
including configuration file /etc/freeradius/modules/expiration
|
|
17
|
including configuration file /etc/freeradius/modules/opendirectory
|
|
18
|
including configuration file /etc/freeradius/modules/smsotp
|
|
19
|
including configuration file /etc/freeradius/modules/realm
|
|
20
|
including configuration file /etc/freeradius/modules/rediswho
|
|
21
|
including configuration file /etc/freeradius/modules/expr
|
|
22
|
including configuration file /etc/freeradius/modules/preprocess
|
|
23
|
including configuration file /etc/freeradius/modules/etc_group
|
|
24
|
including configuration file /etc/freeradius/modules/mac2ip
|
|
25
|
including configuration file /etc/freeradius/modules/replicate
|
|
26
|
including configuration file /etc/freeradius/modules/echo
|
|
27
|
including configuration file /etc/freeradius/modules/passwd
|
|
28
|
including configuration file /etc/freeradius/modules/attr_filter
|
|
29
|
including configuration file /etc/freeradius/modules/cui
|
|
30
|
including configuration file /etc/freeradius/modules/sql_log
|
|
31
|
including configuration file /etc/freeradius/modules/mschap.dpkg-dist
|
|
32
|
including configuration file /etc/freeradius/modules/krb5
|
|
33
|
including configuration file /etc/freeradius/modules/digest
|
|
34
|
including configuration file /etc/freeradius/modules/smbpasswd
|
|
35
|
including configuration file /etc/freeradius/modules/pap
|
|
36
|
including configuration file /etc/freeradius/modules/exec
|
|
37
|
including configuration file /etc/freeradius/modules/soh
|
|
38
|
including configuration file /etc/freeradius/modules/ldap
|
|
39
|
including configuration file /etc/freeradius/modules/otp
|
|
40
|
including configuration file /etc/freeradius/modules/chap
|
|
41
|
including configuration file /etc/freeradius/modules/counter
|
|
42
|
including configuration file /etc/freeradius/modules/linelog
|
|
43
|
including configuration file /etc/freeradius/modules/detail.example.com
|
|
44
|
including configuration file /etc/freeradius/modules/policy
|
|
45
|
including configuration file /etc/freeradius/modules/perl
|
|
46
|
including configuration file /etc/freeradius/modules/redis
|
|
47
|
including configuration file /etc/freeradius/modules/checkval
|
|
48
|
including configuration file /etc/freeradius/modules/files
|
|
49
|
including configuration file /etc/freeradius/modules/ldap.dpkg-dist
|
|
50
|
including configuration file /etc/freeradius/modules/acct_unique
|
|
51
|
including configuration file /etc/freeradius/modules/detail.log
|
|
52
|
including configuration file /etc/freeradius/modules/radutmp
|
|
53
|
including configuration file /etc/freeradius/modules/inner-eap
|
|
54
|
including configuration file /etc/freeradius/modules/mschap
|
|
55
|
including configuration file /etc/freeradius/modules/unix
|
|
56
|
including configuration file /etc/freeradius/modules/pam
|
|
57
|
including configuration file /etc/freeradius/modules/ippool
|
|
58
|
including configuration file /etc/freeradius/modules/wimax
|
|
59
|
including configuration file /etc/freeradius/modules/ntlm_auth
|
|
60
|
including configuration file /etc/freeradius/modules/always
|
|
61
|
including configuration file /etc/freeradius/modules/sradutmp
|
|
62
|
including configuration file /etc/freeradius/modules/logintime
|
|
63
|
including configuration file /etc/freeradius/modules/detail
|
|
64
|
including configuration file /etc/freeradius/eap.conf
|
|
65
|
including configuration file /etc/freeradius/policy.conf
|
|
66
|
including files in directory /etc/freeradius/sites-enabled/
|
|
67
|
including configuration file /etc/freeradius/sites-enabled/inner-tunnel
|
|
68
|
including configuration file /etc/freeradius/sites-enabled/default
|
|
69
|
main {
|
|
70
|
user = "freerad"
|
|
71
|
group = "freerad"
|
|
72
|
allow_core_dumps = no
|
|
73
|
}
|
|
74
|
including dictionary file /etc/freeradius/dictionary
|
|
75
|
main {
|
|
76
|
name = "radiusd"
|
|
77
|
prefix = "/usr"
|
|
78
|
localstatedir = "/var"
|
|
79
|
sbindir = "/usr/sbin"
|
|
80
|
logdir = "/var/log/freeradius"
|
|
81
|
run_dir = "/var/run/freeradius"
|
|
82
|
libdir = "/usr/lib/freeradius"
|
|
83
|
radacctdir = "/var/log/freeradius/radacct"
|
|
84
|
hostname_lookups = no
|
|
85
|
max_request_time = 30
|
|
86
|
cleanup_delay = 5
|
|
87
|
max_requests = 1024
|
|
88
|
pidfile = "/var/run/freeradius/freeradius.pid"
|
|
89
|
checkrad = "/usr/sbin/checkrad"
|
|
90
|
debug_level = 0
|
|
91
|
proxy_requests = no
|
|
92
|
log {
|
|
93
|
stripped_names = no
|
|
94
|
auth = no
|
|
95
|
auth_badpass = no
|
|
96
|
auth_goodpass = no
|
|
97
|
}
|
|
98
|
security {
|
|
99
|
max_attributes = 200
|
|
100
|
reject_delay = 1
|
|
101
|
status_server = yes
|
|
102
|
}
|
|
103
|
}
|
|
104
|
radiusd: #### Loading Realms and Home Servers ####
|
|
105
|
radiusd: #### Loading Clients ####
|
|
106
|
client localhost {
|
|
107
|
ipaddr = 127.0.0.1
|
|
108
|
require_message_authenticator = no
|
|
109
|
secret = "testing123"
|
|
110
|
nastype = "other"
|
|
111
|
}
|
|
112
|
client 10.169.253.59/32 {
|
|
113
|
require_message_authenticator = no
|
|
114
|
secret = "rectorat"
|
|
115
|
shortname = "AP"
|
|
116
|
}
|
|
117
|
radiusd: #### Instantiating modules ####
|
|
118
|
instantiate {
|
|
119
|
Module: Linked to module rlm_exec
|
|
120
|
Module: Instantiating module "exec" from file /etc/freeradius/modules/exec
|
|
121
|
exec {
|
|
122
|
wait = no
|
|
123
|
input_pairs = "request"
|
|
124
|
shell_escape = yes
|
|
125
|
}
|
|
126
|
Module: Linked to module rlm_expr
|
|
127
|
Module: Instantiating module "expr" from file /etc/freeradius/modules/expr
|
|
128
|
Module: Linked to module rlm_expiration
|
|
129
|
Module: Instantiating module "expiration" from file /etc/freeradius/modules/expiration
|
|
130
|
expiration {
|
|
131
|
reply-message = "Password Has Expired "
|
|
132
|
}
|
|
133
|
Module: Linked to module rlm_logintime
|
|
134
|
Module: Instantiating module "logintime" from file /etc/freeradius/modules/logintime
|
|
135
|
logintime {
|
|
136
|
reply-message = "You are calling outside your allowed timespan "
|
|
137
|
minimum-timeout = 60
|
|
138
|
}
|
|
139
|
}
|
|
140
|
radiusd: #### Loading Virtual Servers ####
|
|
141
|
server { # from file /etc/freeradius/radiusd.conf
|
|
142
|
modules {
|
|
143
|
Module: Creating Auth-Type = LDAP
|
|
144
|
Module: Creating Post-Auth-Type = REJECT
|
|
145
|
Module: Checking authenticate {...} for more modules to load
|
|
146
|
Module: Linked to module rlm_chap
|
|
147
|
Module: Instantiating module "chap" from file /etc/freeradius/modules/chap
|
|
148
|
Module: Linked to module rlm_mschap
|
|
149
|
Module: Instantiating module "mschap" from file /etc/freeradius/modules/mschap.dpkg-dist
|
|
150
|
mschap {
|
|
151
|
use_mppe = yes
|
|
152
|
require_encryption = no
|
|
153
|
require_strong = no
|
|
154
|
with_ntdomain_hack = no
|
|
155
|
allow_retry = yes
|
|
156
|
}
|
|
157
|
Module: Linked to module rlm_ldap
|
|
158
|
Module: Instantiating module "ldap" from file /etc/freeradius/modules/ldap
|
|
159
|
ldap {
|
|
160
|
server = "192.168.220.10"
|
|
161
|
port = 389
|
|
162
|
password = "6201d0f108ff66b57241fcefa6c6e80c5590fdce321ad05df8e938d3"
|
|
163
|
identity = "cn=reader,o=gouv,c=fr"
|
|
164
|
net_timeout = 1
|
|
165
|
timeout = 4
|
|
166
|
timelimit = 3
|
|
167
|
tls_mode = no
|
|
168
|
start_tls = no
|
|
169
|
tls_require_cert = "allow"
|
|
170
|
tls {
|
|
171
|
start_tls = no
|
|
172
|
require_cert = "allow"
|
|
173
|
}
|
|
174
|
basedn = "o=gouv,c=fr"
|
|
175
|
filter = "(uid=%{mschap:User-Name})"
|
|
176
|
base_filter = "(objectclass=radiusprofile)"
|
|
177
|
auto_header = no
|
|
178
|
access_attr = "uid"
|
|
179
|
access_attr_used_for_allow = yes
|
|
180
|
groupname_attribute = "cn"
|
|
181
|
groupmembership_filter = "(&(objectClass=posixGroup)(memberUid=%{mschap:User-Name}))"
|
|
182
|
groupmembership_attribute = "radiusGroupName"
|
|
183
|
dictionary_mapping = "/etc/freeradius/ldap.attrmap"
|
|
184
|
ldap_debug = 0
|
|
185
|
ldap_connections_number = 15
|
|
186
|
compare_check_items = no
|
|
187
|
do_xlat = yes
|
|
188
|
edir_account_policy_check = no
|
|
189
|
set_auth_type = yes
|
|
190
|
}
|
|
191
|
rlm_ldap: Registering ldap_groupcmp for Ldap-Group
|
|
192
|
rlm_ldap: Registering ldap_xlat with xlat_name ldap
|
|
193
|
rlm_ldap: reading ldap<->radius mappings from file /etc/freeradius/ldap.attrmap
|
|
194
|
rlm_ldap: LDAP radiusCheckItem mapped to RADIUS $GENERIC$
|
|
195
|
rlm_ldap: LDAP radiusReplyItem mapped to RADIUS $GENERIC$
|
|
196
|
rlm_ldap: LDAP radiusAuthType mapped to RADIUS Auth-Type
|
|
197
|
rlm_ldap: LDAP radiusSimultaneousUse mapped to RADIUS Simultaneous-Use
|
|
198
|
rlm_ldap: LDAP radiusCalledStationId mapped to RADIUS Called-Station-Id
|
|
199
|
rlm_ldap: LDAP radiusCallingStationId mapped to RADIUS Calling-Station-Id
|
|
200
|
rlm_ldap: LDAP lmPassword mapped to RADIUS LM-Password
|
|
201
|
rlm_ldap: LDAP ntPassword mapped to RADIUS NT-Password
|
|
202
|
rlm_ldap: LDAP sambaLmPassword mapped to RADIUS LM-Password
|
|
203
|
rlm_ldap: LDAP sambaNtPassword mapped to RADIUS NT-Password
|
|
204
|
rlm_ldap: LDAP dBCSPwd mapped to RADIUS LM-Password
|
|
205
|
rlm_ldap: LDAP userPassword mapped to RADIUS Password-With-Header
|
|
206
|
rlm_ldap: LDAP acctFlags mapped to RADIUS SMB-Account-CTRL-TEXT
|
|
207
|
rlm_ldap: LDAP radiusExpiration mapped to RADIUS Expiration
|
|
208
|
rlm_ldap: LDAP radiusNASIpAddress mapped to RADIUS NAS-IP-Address
|
|
209
|
rlm_ldap: LDAP radiusServiceType mapped to RADIUS Service-Type
|
|
210
|
rlm_ldap: LDAP radiusFramedProtocol mapped to RADIUS Framed-Protocol
|
|
211
|
rlm_ldap: LDAP radiusFramedIPAddress mapped to RADIUS Framed-IP-Address
|
|
212
|
rlm_ldap: LDAP radiusFramedIPNetmask mapped to RADIUS Framed-IP-Netmask
|
|
213
|
rlm_ldap: LDAP radiusFramedRoute mapped to RADIUS Framed-Route
|
|
214
|
rlm_ldap: LDAP radiusFramedRouting mapped to RADIUS Framed-Routing
|
|
215
|
rlm_ldap: LDAP radiusFilterId mapped to RADIUS Filter-Id
|
|
216
|
rlm_ldap: LDAP radiusFramedMTU mapped to RADIUS Framed-MTU
|
|
217
|
rlm_ldap: LDAP radiusFramedCompression mapped to RADIUS Framed-Compression
|
|
218
|
rlm_ldap: LDAP radiusLoginIPHost mapped to RADIUS Login-IP-Host
|
|
219
|
rlm_ldap: LDAP radiusLoginService mapped to RADIUS Login-Service
|
|
220
|
rlm_ldap: LDAP radiusLoginTCPPort mapped to RADIUS Login-TCP-Port
|
|
221
|
rlm_ldap: LDAP radiusCallbackNumber mapped to RADIUS Callback-Number
|
|
222
|
rlm_ldap: LDAP radiusCallbackId mapped to RADIUS Callback-Id
|
|
223
|
rlm_ldap: LDAP radiusFramedIPXNetwork mapped to RADIUS Framed-IPX-Network
|
|
224
|
rlm_ldap: LDAP radiusClass mapped to RADIUS Class
|
|
225
|
rlm_ldap: LDAP radiusSessionTimeout mapped to RADIUS Session-Timeout
|
|
226
|
rlm_ldap: LDAP radiusIdleTimeout mapped to RADIUS Idle-Timeout
|
|
227
|
rlm_ldap: LDAP radiusTerminationAction mapped to RADIUS Termination-Action
|
|
228
|
rlm_ldap: LDAP radiusLoginLATService mapped to RADIUS Login-LAT-Service
|
|
229
|
rlm_ldap: LDAP radiusLoginLATNode mapped to RADIUS Login-LAT-Node
|
|
230
|
rlm_ldap: LDAP radiusLoginLATGroup mapped to RADIUS Login-LAT-Group
|
|
231
|
rlm_ldap: LDAP radiusFramedAppleTalkLink mapped to RADIUS Framed-AppleTalk-Link
|
|
232
|
rlm_ldap: LDAP radiusFramedAppleTalkNetwork mapped to RADIUS Framed-AppleTalk-Network
|
|
233
|
rlm_ldap: LDAP radiusFramedAppleTalkZone mapped to RADIUS Framed-AppleTalk-Zone
|
|
234
|
rlm_ldap: LDAP radiusPortLimit mapped to RADIUS Port-Limit
|
|
235
|
rlm_ldap: LDAP radiusLoginLATPort mapped to RADIUS Login-LAT-Port
|
|
236
|
rlm_ldap: LDAP radiusReplyMessage mapped to RADIUS Reply-Message
|
|
237
|
rlm_ldap: LDAP radiusTunnelType mapped to RADIUS Tunnel-Type
|
|
238
|
rlm_ldap: LDAP radiusTunnelMediumType mapped to RADIUS Tunnel-Medium-Type
|
|
239
|
rlm_ldap: LDAP radiusTunnelPrivateGroupId mapped to RADIUS Tunnel-Private-Group-Id
|
|
240
|
conns: 0x95d7bd0
|
|
241
|
Module: Linked to module rlm_eap
|
|
242
|
Module: Instantiating module "eap" from file /etc/freeradius/eap.conf
|
|
243
|
eap {
|
|
244
|
default_eap_type = "ttls"
|
|
245
|
timer_expire = 60
|
|
246
|
ignore_unknown_eap_types = yes
|
|
247
|
cisco_accounting_username_bug = no
|
|
248
|
max_sessions = 2048
|
|
249
|
}
|
|
250
|
Module: Linked to sub-module rlm_eap_md5
|
|
251
|
Module: Instantiating eap-md5
|
|
252
|
Module: Linked to sub-module rlm_eap_leap
|
|
253
|
Module: Instantiating eap-leap
|
|
254
|
Module: Linked to sub-module rlm_eap_gtc
|
|
255
|
Module: Instantiating eap-gtc
|
|
256
|
gtc {
|
|
257
|
challenge = "Password: "
|
|
258
|
auth_type = "PAP"
|
|
259
|
}
|
|
260
|
Module: Linked to sub-module rlm_eap_tls
|
|
261
|
Module: Instantiating eap-tls
|
|
262
|
tls {
|
|
263
|
rsa_key_exchange = no
|
|
264
|
dh_key_exchange = yes
|
|
265
|
rsa_key_length = 512
|
|
266
|
dh_key_length = 512
|
|
267
|
verify_depth = 0
|
|
268
|
pem_file_type = yes
|
|
269
|
private_key_file = "/etc/ssl/certs/eole.key"
|
|
270
|
certificate_file = "/etc/ssl/certs/eole.crt"
|
|
271
|
CA_file = "/etc/ssl/certs/ca.crt"
|
|
272
|
dh_file = "/etc/ssl/dh"
|
|
273
|
random_file = "/dev/random"
|
|
274
|
fragment_size = 1024
|
|
275
|
include_length = yes
|
|
276
|
check_crl = no
|
|
277
|
cipher_list = "DEFAULT"
|
|
278
|
ecdh_curve = "prime256v1"
|
|
279
|
cache {
|
|
280
|
enable = no
|
|
281
|
lifetime = 24
|
|
282
|
max_entries = 255
|
|
283
|
}
|
|
284
|
}
|
|
285
|
|
|
286
|
|