Created
August 10, 2016 08:04
-
-
Save paleg/4041dfbfd2bfe997ce5b1e0345b2d232 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
FreeRADIUS Version 3.0.12 | |
Copyright (C) 1999-2016 The FreeRADIUS server project and contributors | |
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A | |
PARTICULAR PURPOSE | |
You may redistribute copies of FreeRADIUS under the terms of the | |
GNU General Public License | |
For more information about these matters, see the file named COPYRIGHT | |
Starting - reading configuration files ... | |
including dictionary file /usr/share/freeradius/dictionary | |
including dictionary file /usr/share/freeradius/dictionary.dhcp | |
including dictionary file /usr/share/freeradius/dictionary.vqp | |
including dictionary file /etc/freeradius/dictionary | |
including configuration file /etc/freeradius/radiusd.conf | |
including configuration file /etc/freeradius/proxy.conf | |
including configuration file /etc/freeradius/ivc/clients.conf | |
including files in directory /etc/freeradius/mods-enabled/ | |
including configuration file /etc/freeradius/mods-enabled/exec | |
including configuration file /etc/freeradius/mods-enabled/expr | |
including configuration file /etc/freeradius/mods-enabled/files | |
including configuration file /etc/freeradius/mods-enabled/linelog | |
including configuration file /etc/freeradius/mods-enabled/always | |
including configuration file /etc/freeradius/mods-enabled/detail.log | |
including configuration file /etc/freeradius/mods-enabled/attr_filter | |
including configuration file /etc/freeradius/mods-enabled/unpack | |
including configuration file /etc/freeradius/mods-enabled/preprocess | |
including configuration file /etc/freeradius/mods-enabled/utf8 | |
including configuration file /etc/freeradius/mods-enabled/ldap.ivc | |
including configuration file /etc/freeradius/mods-enabled/detail | |
including configuration file /etc/freeradius/mods-enabled/echo | |
including files in directory /etc/freeradius/policy.d/ | |
including configuration file /etc/freeradius/policy.d/debug | |
including configuration file /etc/freeradius/policy.d/abfab-tr | |
including configuration file /etc/freeradius/policy.d/operator-name | |
including configuration file /etc/freeradius/policy.d/canonicalization | |
including configuration file /etc/freeradius/policy.d/cui | |
including configuration file /etc/freeradius/policy.d/eap | |
including configuration file /etc/freeradius/policy.d/filter | |
including configuration file /etc/freeradius/policy.d/dhcp | |
including configuration file /etc/freeradius/policy.d/accounting | |
including configuration file /etc/freeradius/policy.d/control | |
including files in directory /etc/freeradius/sites-enabled/ | |
including configuration file /etc/freeradius/sites-enabled/ivc | |
main { | |
security { | |
user = "freerad" | |
group = "freerad" | |
allow_core_dumps = no | |
} | |
name = "freeradius" | |
prefix = "/usr" | |
localstatedir = "/var" | |
logdir = "/var/log/freeradius" | |
run_dir = "/var/run/freeradius" | |
} | |
main { | |
name = "freeradius" | |
prefix = "/usr" | |
localstatedir = "/var" | |
sbindir = "/usr/sbin" | |
logdir = "/var/log/freeradius" | |
run_dir = "/var/run/freeradius" | |
libdir = "/usr/lib/freeradius" | |
radacctdir = "/var/log/freeradius/radacct" | |
hostname_lookups = no | |
max_request_time = 30 | |
cleanup_delay = 5 | |
max_requests = 16384 | |
pidfile = "/var/run/freeradius/freeradius.pid" | |
checkrad = "/usr/sbin/checkrad" | |
debug_level = 0 | |
proxy_requests = yes | |
log { | |
stripped_names = no | |
auth = no | |
auth_badpass = no | |
auth_goodpass = no | |
colourise = yes | |
msg_denied = "You are already logged in - access denied" | |
} | |
resources { | |
} | |
security { | |
max_attributes = 200 | |
reject_delay = 1.000000 | |
status_server = yes | |
} | |
} | |
radiusd: #### Loading Realms and Home Servers #### | |
proxy server { | |
retry_delay = 5 | |
retry_count = 3 | |
default_fallback = no | |
dead_time = 120 | |
wake_all_if_all_dead = no | |
} | |
home_server localhost { | |
ipaddr = 127.0.0.1 | |
port = 1812 | |
type = "auth" | |
secret = <<< secret >>> | |
response_window = 20.000000 | |
response_timeouts = 1 | |
max_outstanding = 65536 | |
zombie_period = 40 | |
status_check = "status-server" | |
ping_interval = 30 | |
check_interval = 30 | |
check_timeout = 4 | |
num_answers_to_alive = 3 | |
revive_interval = 120 | |
limit { | |
max_connections = 16 | |
max_requests = 0 | |
lifetime = 0 | |
idle_timeout = 0 | |
} | |
coa { | |
irt = 2 | |
mrt = 16 | |
mrc = 5 | |
mrd = 30 | |
} | |
} | |
home_server_pool my_auth_failover { | |
type = fail-over | |
home_server = localhost | |
} | |
realm example.com { | |
auth_pool = my_auth_failover | |
} | |
realm LOCAL { | |
} | |
radiusd: #### Loading Clients #### | |
client xxx { | |
ipaddr = xx.xx.xx.xx | |
require_message_authenticator = no | |
secret = <<< secret >>> | |
limit { | |
max_connections = 16 | |
lifetime = 0 | |
idle_timeout = 30 | |
} | |
} | |
client xxx { | |
ipaddr = xx.xx.xx.xx | |
require_message_authenticator = no | |
secret = <<< secret >>> | |
limit { | |
max_connections = 16 | |
lifetime = 0 | |
idle_timeout = 30 | |
} | |
} | |
client xxx { | |
ipaddr = xx.xx.xx.xx | |
require_message_authenticator = no | |
secret = <<< secret >>> | |
limit { | |
max_connections = 16 | |
lifetime = 0 | |
idle_timeout = 30 | |
} | |
} | |
Debugger not attached | |
# Creating Auth-Type = LDAP | |
radiusd: #### Instantiating modules #### | |
modules { | |
# Loaded module rlm_exec | |
# Loading module "exec" from file /etc/freeradius/mods-enabled/exec | |
exec { | |
wait = no | |
input_pairs = "request" | |
shell_escape = yes | |
timeout = 10 | |
} | |
# Loaded module rlm_expr | |
# Loading module "expr" from file /etc/freeradius/mods-enabled/expr | |
expr { | |
safe_characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /äéöüàâæçèéêëîïôœùûüaÿÄÉÖÜßÀÂÆÇÈÉÊËÎÏÔŒÙÛÜŸ" | |
} | |
# Loaded module rlm_files | |
# Loading module "files" from file /etc/freeradius/mods-enabled/files | |
files { | |
filename = "/etc/freeradius/mods-config/files/authorize" | |
acctusersfile = "/etc/freeradius/mods-config/files/accounting" | |
preproxy_usersfile = "/etc/freeradius/mods-config/files/pre-proxy" | |
} | |
# Loaded module rlm_linelog | |
# Loading module "linelog" from file /etc/freeradius/mods-enabled/linelog | |
linelog { | |
filename = "/var/log/freeradius/linelog" | |
escape_filenames = no | |
syslog_severity = "info" | |
permissions = 384 | |
format = "This is a log message for %{User-Name}" | |
reference = "messages.%{%{reply:Packet-Type}:-default}" | |
} | |
# Loading module "log_accounting" from file /etc/freeradius/mods-enabled/linelog | |
linelog log_accounting { | |
filename = "/var/log/freeradius/linelog-accounting" | |
escape_filenames = no | |
syslog_severity = "info" | |
permissions = 384 | |
format = "" | |
reference = "Accounting-Request.%{%{Acct-Status-Type}:-unknown}" | |
} | |
# Loaded module rlm_always | |
# Loading module "reject" from file /etc/freeradius/mods-enabled/always | |
always reject { | |
rcode = "reject" | |
simulcount = 0 | |
mpp = no | |
} | |
# Loading module "fail" from file /etc/freeradius/mods-enabled/always | |
always fail { | |
rcode = "fail" | |
simulcount = 0 | |
mpp = no | |
} | |
# Loading module "ok" from file /etc/freeradius/mods-enabled/always | |
always ok { | |
rcode = "ok" | |
simulcount = 0 | |
mpp = no | |
} | |
# Loading module "handled" from file /etc/freeradius/mods-enabled/always | |
always handled { | |
rcode = "handled" | |
simulcount = 0 | |
mpp = no | |
} | |
# Loading module "invalid" from file /etc/freeradius/mods-enabled/always | |
always invalid { | |
rcode = "invalid" | |
simulcount = 0 | |
mpp = no | |
} | |
# Loading module "userlock" from file /etc/freeradius/mods-enabled/always | |
always userlock { | |
rcode = "userlock" | |
simulcount = 0 | |
mpp = no | |
} | |
# Loading module "notfound" from file /etc/freeradius/mods-enabled/always | |
always notfound { | |
rcode = "notfound" | |
simulcount = 0 | |
mpp = no | |
} | |
# Loading module "noop" from file /etc/freeradius/mods-enabled/always | |
always noop { | |
rcode = "noop" | |
simulcount = 0 | |
mpp = no | |
} | |
# Loading module "updated" from file /etc/freeradius/mods-enabled/always | |
always updated { | |
rcode = "updated" | |
simulcount = 0 | |
mpp = no | |
} | |
# Loaded module rlm_detail | |
# Loading module "auth_log" from file /etc/freeradius/mods-enabled/detail.log | |
detail auth_log { | |
filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d" | |
header = "%t" | |
permissions = 384 | |
locking = no | |
escape_filenames = no | |
log_packet_header = no | |
} | |
# Loading module "reply_log" from file /etc/freeradius/mods-enabled/detail.log | |
detail reply_log { | |
filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/reply-detail-%Y%m%d" | |
header = "%t" | |
permissions = 384 | |
locking = no | |
escape_filenames = no | |
log_packet_header = no | |
} | |
# Loading module "pre_proxy_log" from file /etc/freeradius/mods-enabled/detail.log | |
detail pre_proxy_log { | |
filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/pre-proxy-detail-%Y%m%d" | |
header = "%t" | |
permissions = 384 | |
locking = no | |
escape_filenames = no | |
log_packet_header = no | |
} | |
# Loading module "post_proxy_log" from file /etc/freeradius/mods-enabled/detail.log | |
detail post_proxy_log { | |
filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/post-proxy-detail-%Y%m%d" | |
header = "%t" | |
permissions = 384 | |
locking = no | |
escape_filenames = no | |
log_packet_header = no | |
} | |
# Loaded module rlm_attr_filter | |
# Loading module "attr_filter.post-proxy" from file /etc/freeradius/mods-enabled/attr_filter | |
attr_filter attr_filter.post-proxy { | |
filename = "/etc/freeradius/mods-config/attr_filter/post-proxy" | |
key = "%{Realm}" | |
relaxed = no | |
} | |
# Loading module "attr_filter.pre-proxy" from file /etc/freeradius/mods-enabled/attr_filter | |
attr_filter attr_filter.pre-proxy { | |
filename = "/etc/freeradius/mods-config/attr_filter/pre-proxy" | |
key = "%{Realm}" | |
relaxed = no | |
} | |
# Loading module "attr_filter.access_reject" from file /etc/freeradius/mods-enabled/attr_filter | |
attr_filter attr_filter.access_reject { | |
filename = "/etc/freeradius/mods-config/attr_filter/access_reject" | |
key = "%{User-Name}" | |
relaxed = no | |
} | |
# Loading module "attr_filter.access_challenge" from file /etc/freeradius/mods-enabled/attr_filter | |
attr_filter attr_filter.access_challenge { | |
filename = "/etc/freeradius/mods-config/attr_filter/access_challenge" | |
key = "%{User-Name}" | |
relaxed = no | |
} | |
# Loading module "attr_filter.accounting_response" from file /etc/freeradius/mods-enabled/attr_filter | |
attr_filter attr_filter.accounting_response { | |
filename = "/etc/freeradius/mods-config/attr_filter/accounting_response" | |
key = "%{User-Name}" | |
relaxed = no | |
} | |
# Loaded module rlm_unpack | |
# Loading module "unpack" from file /etc/freeradius/mods-enabled/unpack | |
# Loaded module rlm_preprocess | |
# Loading module "preprocess" from file /etc/freeradius/mods-enabled/preprocess | |
preprocess { | |
huntgroups = "/etc/freeradius/mods-config/preprocess/huntgroups" | |
hints = "/etc/freeradius/mods-config/preprocess/hints" | |
with_ascend_hack = no | |
ascend_channels_per_line = 23 | |
with_ntdomain_hack = no | |
with_specialix_jetstream_hack = no | |
with_cisco_vsa_hack = no | |
with_alvarion_vsa_hack = no | |
} | |
# Loaded module rlm_utf8 | |
# Loading module "utf8" from file /etc/freeradius/mods-enabled/utf8 | |
# Loaded module rlm_ldap | |
# Loading module "ldapdomain1" from file /etc/freeradius/mods-enabled/ldap.ivc | |
ldap ldapdomain1 { | |
server = "xxx" | |
identity = "xxx" | |
password = <<< secret >>> | |
sasl { | |
} | |
user { | |
scope = "sub" | |
access_positive = yes | |
sasl { | |
} | |
} | |
group { | |
scope = "sub" | |
name_attribute = "cn" | |
membership_filter = "(member:1.2.840.113556.1.4.1941:=%{control:Ldap-UserDn})" | |
cacheable_name = no | |
cacheable_dn = no | |
} | |
client { | |
scope = "sub" | |
base_dn = "" | |
} | |
profile { | |
} | |
options { | |
ldap_debug = 40 | |
chase_referrals = yes | |
rebind = yes | |
net_timeout = 10 | |
res_timeout = 10 | |
srv_timelimit = 3 | |
idle = 60 | |
probes = 3 | |
interval = 3 | |
} | |
tls { | |
start_tls = no | |
} | |
} | |
Creating attribute ldapdomain1-LDAP-Group | |
rlm_ldap (ldapdomain1): Registered group cmp: ldapdomain1-LDAP-Group | |
# Loading module "detail" from file /etc/freeradius/mods-enabled/detail | |
detail { | |
filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d" | |
header = "%t" | |
permissions = 384 | |
locking = no | |
escape_filenames = no | |
log_packet_header = no | |
} | |
# Loading module "echo" from file /etc/freeradius/mods-enabled/echo | |
exec echo { | |
wait = yes | |
program = "/bin/echo %{User-Name}" | |
input_pairs = "request" | |
output_pairs = "reply" | |
shell_escape = yes | |
} | |
instantiate { | |
} | |
# Instantiating module "files" from file /etc/freeradius/mods-enabled/files | |
reading pairlist file /etc/freeradius/mods-config/files/authorize | |
reading pairlist file /etc/freeradius/mods-config/files/accounting | |
reading pairlist file /etc/freeradius/mods-config/files/pre-proxy | |
# Instantiating module "linelog" from file /etc/freeradius/mods-enabled/linelog | |
# Instantiating module "log_accounting" from file /etc/freeradius/mods-enabled/linelog | |
# Instantiating module "reject" from file /etc/freeradius/mods-enabled/always | |
# Instantiating module "fail" from file /etc/freeradius/mods-enabled/always | |
# Instantiating module "ok" from file /etc/freeradius/mods-enabled/always | |
# Instantiating module "handled" from file /etc/freeradius/mods-enabled/always | |
# Instantiating module "invalid" from file /etc/freeradius/mods-enabled/always | |
# Instantiating module "userlock" from file /etc/freeradius/mods-enabled/always | |
# Instantiating module "notfound" from file /etc/freeradius/mods-enabled/always | |
# Instantiating module "noop" from file /etc/freeradius/mods-enabled/always | |
# Instantiating module "updated" from file /etc/freeradius/mods-enabled/always | |
# Instantiating module "auth_log" from file /etc/freeradius/mods-enabled/detail.log | |
rlm_detail (auth_log): 'User-Password' suppressed, will not appear in detail output | |
# Instantiating module "reply_log" from file /etc/freeradius/mods-enabled/detail.log | |
# Instantiating module "pre_proxy_log" from file /etc/freeradius/mods-enabled/detail.log | |
# Instantiating module "post_proxy_log" from file /etc/freeradius/mods-enabled/detail.log | |
# Instantiating module "attr_filter.post-proxy" from file /etc/freeradius/mods-enabled/attr_filter | |
reading pairlist file /etc/freeradius/mods-config/attr_filter/post-proxy | |
# Instantiating module "attr_filter.pre-proxy" from file /etc/freeradius/mods-enabled/attr_filter | |
reading pairlist file /etc/freeradius/mods-config/attr_filter/pre-proxy | |
# Instantiating module "attr_filter.access_reject" from file /etc/freeradius/mods-enabled/attr_filter | |
reading pairlist file /etc/freeradius/mods-config/attr_filter/access_reject | |
[/etc/freeradius/mods-config/attr_filter/access_reject]:11 Check item "FreeRADIUS-Response-Delay" found in filter list for realm "DEFAULT". | |
[/etc/freeradius/mods-config/attr_filter/access_reject]:11 Check item "FreeRADIUS-Response-Delay-USec" found in filter list for realm "DEFAULT". | |
# Instantiating module "attr_filter.access_challenge" from file /etc/freeradius/mods-enabled/attr_filter | |
reading pairlist file /etc/freeradius/mods-config/attr_filter/access_challenge | |
# Instantiating module "attr_filter.accounting_response" from file /etc/freeradius/mods-enabled/attr_filter | |
reading pairlist file /etc/freeradius/mods-config/attr_filter/accounting_response | |
# Instantiating module "preprocess" from file /etc/freeradius/mods-enabled/preprocess | |
reading pairlist file /etc/freeradius/mods-config/preprocess/huntgroups | |
reading pairlist file /etc/freeradius/mods-config/preprocess/hints | |
# Instantiating module "ldapdomain1" from file /etc/freeradius/mods-enabled/ldap.ivc | |
rlm_ldap: libldap vendor: OpenLDAP, version: 20440 | |
rlm_ldap (ldapdomain1): Couldn't find configuration for accounting, will return NOOP for calls from this section | |
rlm_ldap (ldapdomain1): Couldn't find configuration for post-auth, will return NOOP for calls from this section | |
rlm_ldap (ldapdomain1): Initialising connection pool | |
pool { | |
start = 5 | |
min = 3 | |
max = 32 | |
spare = 10 | |
uses = 10 | |
lifetime = 0 | |
cleanup_interval = 30 | |
idle_timeout = 60 | |
retry_delay = 30 | |
spread = no | |
} | |
rlm_ldap (ldapdomain1): Opening additional connection (0), 1 of 32 pending slots used | |
rlm_ldap (ldapdomain1): Connecting to ldap://xxx:389 ldap://xxx:389 | |
rlm_ldap (ldapdomain1): Waiting for bind result... | |
rlm_ldap (ldapdomain1): Bind successful | |
rlm_ldap (ldapdomain1): Opening additional connection (1), 1 of 31 pending slots used | |
rlm_ldap (ldapdomain1): Connecting to ldap://xxx:389 ldap://xxx:389 | |
rlm_ldap (ldapdomain1): Waiting for bind result... | |
rlm_ldap (ldapdomain1): Bind successful | |
rlm_ldap (ldapdomain1): Opening additional connection (2), 1 of 30 pending slots used | |
rlm_ldap (ldapdomain1): Connecting to ldap://xxx:389 ldap://xxx:389 | |
rlm_ldap (ldapdomain1): Waiting for bind result... | |
rlm_ldap (ldapdomain1): Bind successful | |
rlm_ldap (ldapdomain1): Opening additional connection (3), 1 of 29 pending slots used | |
rlm_ldap (ldapdomain1): Connecting to ldap://xxx:389 ldap://xxx:389 | |
rlm_ldap (ldapdomain1): Waiting for bind result... | |
rlm_ldap (ldapdomain1): Bind successful | |
rlm_ldap (ldapdomain1): Opening additional connection (4), 1 of 28 pending slots used | |
rlm_ldap (ldapdomain1): Connecting to ldap://xxx:389 ldap://xxx:389 | |
rlm_ldap (ldapdomain1): Waiting for bind result... | |
rlm_ldap (ldapdomain1): Bind successful | |
# Instantiating module "detail" from file /etc/freeradius/mods-enabled/detail | |
} # modules | |
radiusd: #### Loading Virtual Servers #### | |
server { # from file /etc/freeradius/radiusd.conf | |
} # server | |
server default { # from file /etc/freeradius/sites-enabled/ivc | |
# Loading authenticate {...} | |
# Loading authorize {...} | |
# Loading post-auth {...} | |
} # server default | |
radiusd: #### Opening IP addresses and Ports #### | |
listen { | |
type = "auth" | |
ipaddr = * | |
port = 0 | |
limit { | |
max_connections = 16 | |
lifetime = 0 | |
idle_timeout = 30 | |
} | |
} | |
Listening on auth address * port 1812 bound to server default | |
Listening on proxy address * port 60164 | |
Ready to process requests | |
(0) Received Access-Request Id 213 from xx.xx.xx.xx:55341 to xx.xx.xx.xx:1812 length 81 | |
(0) User-Name = "xxx" | |
(0) User-Password = "xxx" | |
(0) NAS-IP-Address = xxx | |
(0) NAS-Port = 0 | |
(0) Message-Authenticator = 0xfa7d34a3f82d121e98af6a072a949278 | |
(0) # Executing section authorize from file /etc/freeradius/sites-enabled/ivc | |
(0) authorize { | |
rlm_ldap (ldapdomain1): Reserved connection (0) | |
(0) ldapdomain1: EXPAND (&(objectClass=user)(objectCategory=person)(sAMAccountName=%{%{Stripped-User-Name}:-%{User-Name}})) | |
(0) ldapdomain1: --> (&(objectClass=user)(objectCategory=person)(sAMAccountName=xxx)) | |
(0) ldapdomain1: Performing search in "DC=xx" with filter "(&(objectClass=user)(objectCategory=person)(sAMAccountName=xxx))", scope "sub" | |
(0) ldapdomain1: Waiting for search result... | |
rlm_ldap (ldapdomain1): Rebinding to URL ldap://DomainDnsZones.xxx/DC=DomainDnsZones,DC=xx | |
rlm_ldap (ldapdomain1): Waiting for bind result... | |
rlm_ldap (ldapdomain1): Rebinding to URL ldap://ForestDnsZones.xxx/DC=ForestDnsZones,DC=xx | |
rlm_ldap (ldapdomain1): Waiting for bind result... | |
rlm_ldap (ldapdomain1): Rebinding to URL ldap://xxx/CN=Configuration,DC=xx | |
rlm_ldap (ldapdomain1): Waiting for bind result... | |
rlm_ldap (ldapdomain1): Bind successful | |
rlm_ldap (ldapdomain1): Bind successful | |
rlm_ldap (ldapdomain1): Bind successful | |
(0) ldapdomain1: User object found at DN "CN=xxx,DC=xx" | |
(0) ldapdomain1: Processing user attributes | |
(0) ldapdomain1: control:ms-User-Account-Control := 66048 | |
(0) ldapdomain1: reply:Framed-IP-Address := xx.xx.xx.xx | |
rlm_ldap (ldapdomain1): Deleting connection (0) | |
rlm_ldap (ldapdomain1): Need 6 more connections to reach 10 spares | |
rlm_ldap (ldapdomain1): Opening additional connection (5), 1 of 28 pending slots used | |
rlm_ldap (ldapdomain1): Connecting to ldap://xxx:389 ldap://xxx:389 | |
rlm_ldap (ldapdomain1): Waiting for bind result... | |
rlm_ldap (ldapdomain1): Bind successful | |
(0) [ldapdomain1] = updated | |
(0) if ((ok || updated) && User-Password) { | |
(0) if ((ok || updated) && User-Password) -> TRUE | |
(0) if ((ok || updated) && User-Password) { | |
(0) update { | |
(0) control:Auth-Type := LDAP | |
(0) } # update = noop | |
(0) } # if ((ok || updated) && User-Password) = noop | |
(0) } # authorize = updated | |
(0) Found Auth-Type = LDAP | |
(0) # Executing group from file /etc/freeradius/sites-enabled/ivc | |
(0) Auth-Type LDAP { | |
rlm_ldap (ldapdomain1): Reserved connection (1) | |
(0) ldapdomain1: Login attempt by "xxx" | |
(0) ldapdomain1: Using user DN from request "CN=xxx,DC=xx" | |
(0) ldapdomain1: Waiting for bind result... | |
(0) ldapdomain1: Bind successful | |
(0) ldapdomain1: Bind as user "CN=xxx,DC=xx" was successful | |
rlm_ldap (ldapdomain1): Released connection (1) | |
(0) [ldapdomain1] = ok | |
(0) } # Auth-Type LDAP = ok | |
(0) # Executing section post-auth from file /etc/freeradius/sites-enabled/ivc | |
(0) post-auth { | |
(0) if !(ldapdomain1-LDAP-Group == 'vpdn') { | |
(0) if !(ldapdomain1-LDAP-Group == 'vpdn') -> TRUE | |
(0) if !(ldapdomain1-LDAP-Group == 'vpdn') { | |
(0) update reply { | |
(0) Reply-Message += "no vpdn group" | |
(0) } # update reply = noop | |
(0) [reject] = reject | |
(0) } # if !(ldapdomain1-LDAP-Group == 'vpdn') = reject | |
(0) } # post-auth = reject | |
(0) Using Post-Auth-Type Reject | |
(0) # Executing group from file /etc/freeradius/sites-enabled/ivc | |
(0) Post-Auth-Type REJECT { | |
(0) attr_filter.access_reject: EXPAND %{User-Name} | |
(0) attr_filter.access_reject: --> xxx | |
(0) attr_filter.access_reject: Matched entry DEFAULT at line 11 | |
(0) [attr_filter.access_reject] = updated | |
(0) } # Post-Auth-Type REJECT = updated | |
(0) Delaying response for 1.000000 seconds | |
Waking up in 0.2 seconds. | |
Waking up in 0.7 seconds. | |
(0) Sending delayed response | |
(0) Sent Access-Reject Id 213 from xx.xx.xx.xx:1812 to xx.xx.xx.xx:55341 length 35 | |
(0) Reply-Message += "no vpdn group" | |
Waking up in 3.9 seconds. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment