radius accounting issue.

classic Classic list List threaded Threaded
11 messages Options
| Threaded
Open this post in threaded view
|

radius accounting issue.

slnarayanan

Dear All,

       I have a problem with accounting .Everything is working fine on  
freeradius.Login& authentication sql everything is working fine.But i  
have a problem in accounting pocket.We are using sonciwall firwall in  
our campus.Those who logged through our radius server the login  
information (Radius Accounting) information need to display on  
sonicwall user's page.The UDP pocket 1813 not send to our firewall  
ip.In the firewall i have enable policy allow to all our local  
network.I have attached my radiususd -X log to this mail.Kindly  
provide the solution for resolve my issue.The Radius Accounting  
information now shows on radacct in the phpmyadmin.

Regards.
S.Lakshmi narayanan


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

28012019 (32K) Download Attachment
| Threaded
Open this post in threaded view
|

Re: radius accounting issue.

Alan DeKok-2
On Jan 27, 2019, at 11:35 PM, [hidden email] wrote:
>
>      I have a problem with accounting .Everything is working fine on freeradius.Login& authentication sql everything is working fine.But i have a problem in accounting pocket.We are using sonciwall firwall in our campus.Those who logged through our radius server the login information (Radius Accounting) information need to display on sonicwall user's page.The UDP pocket 1813 not send to our firewall ip.In the firewall

  Then fix that.  This isn't a RADIUS problem.  It's a network problem.  No amount of poking FreeRADIUS will fix the firewall.
 
> i have enable policy allow to all our local network.I have attached my radiususd -X log to this mail.

  Which doesn't show anything useful.

> Kindly provide the solution for resolve my issue.The Radius Accounting information now shows on radacct in the phpmyadmin.
>
> Regards.
> S.Lakshmi narayanan
>
> <28012019.txt>-

  Add the debug output as text.  Don't add an attachment.

http://wiki.freeradius.org/list-help

  Alan DeKok.


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: radius accounting issue.

slnarayanan
Hi,

    As per you instruction i have given the details for radiusd -X  
report to this mail as a text.

FreeRADIUS Version 3.0.13
Copyright (C) 1999-2017 The FreeRADIUS server project and contributors
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License
For more information about these matters, see the file named COPYRIGHT
Starting - reading configuration files ...
including dictionary file /usr/share/freeradius/dictionary
including dictionary file /usr/share/freeradius/dictionary.dhcp
including dictionary file /usr/share/freeradius/dictionary.vqp
including dictionary file /etc/raddb/dictionary
including configuration file /etc/raddb/radiusd.conf
including configuration file /etc/raddb/proxy.conf
including configuration file /etc/raddb/clients.conf
including files in directory /etc/raddb/mods-enabled/
including configuration file /etc/raddb/mods-enabled/always
including configuration file /etc/raddb/mods-enabled/attr_filter
including configuration file /etc/raddb/mods-enabled/cache_eap
including configuration file /etc/raddb/mods-enabled/chap
including configuration file /etc/raddb/mods-enabled/date
including configuration file /etc/raddb/mods-enabled/detail
including configuration file /etc/raddb/mods-enabled/detail.log
including configuration file /etc/raddb/mods-enabled/dhcp
including configuration file /etc/raddb/mods-enabled/digest
including configuration file /etc/raddb/mods-enabled/dynamic_clients
including configuration file /etc/raddb/mods-enabled/eap
including configuration file /etc/raddb/mods-enabled/echo
including configuration file /etc/raddb/mods-enabled/exec
including configuration file /etc/raddb/mods-enabled/expiration
including configuration file /etc/raddb/mods-enabled/expr
including configuration file /etc/raddb/mods-enabled/files
including configuration file /etc/raddb/mods-enabled/linelog
including configuration file /etc/raddb/mods-enabled/logintime
including configuration file /etc/raddb/mods-enabled/mschap
including configuration file /etc/raddb/mods-enabled/ntlm_auth
including configuration file /etc/raddb/mods-enabled/pap
including configuration file /etc/raddb/mods-enabled/passwd
including configuration file /etc/raddb/mods-enabled/preprocess
including configuration file /etc/raddb/mods-enabled/radutmp
including configuration file /etc/raddb/mods-enabled/realm
including configuration file /etc/raddb/mods-enabled/replicate
including configuration file /etc/raddb/mods-enabled/soh
including configuration file /etc/raddb/mods-enabled/sradutmp
including configuration file /etc/raddb/mods-enabled/unix
including configuration file /etc/raddb/mods-enabled/unpack
including configuration file /etc/raddb/mods-enabled/utf8
including configuration file /etc/raddb/mods-enabled/sql
including configuration file  
/etc/raddb/mods-config/sql/main/mysql/queries.conf
including files in directory /etc/raddb/policy.d/
including configuration file /etc/raddb/policy.d/accounting
including configuration file /etc/raddb/policy.d/canonicalization
including configuration file /etc/raddb/policy.d/control
including configuration file /etc/raddb/policy.d/cui
including configuration file /etc/raddb/policy.d/debug
including configuration file /etc/raddb/policy.d/dhcp
including configuration file /etc/raddb/policy.d/eap
including configuration file /etc/raddb/policy.d/filter
including configuration file /etc/raddb/policy.d/operator-name
including files in directory /etc/raddb/sites-enabled/
including configuration file /etc/raddb/sites-enabled/default
including configuration file /etc/raddb/sites-enabled/inner-tunnel
main {
  security {
  user = "radiusd"
  group = "radiusd"
  allow_core_dumps = no
  }
        name = "radiusd"
        prefix = "/usr"
        localstatedir = "/var"
        logdir = "/var/log/radius"
        run_dir = "/var/run/radiusd"
}
main {
        name = "radiusd"
        prefix = "/usr"
        localstatedir = "/var"
        sbindir = "/usr/sbin"
        logdir = "/var/log/radius"
        run_dir = "/var/run/radiusd"
        libdir = "/usr/lib64/freeradius"
        radacctdir = "/var/log/radius/radacct"
        hostname_lookups = no
        max_request_time = 30
        cleanup_delay = 5
        max_requests = 16384
        pidfile = "/var/run/radiusd/radiusd.pid"
        checkrad = "/usr/sbin/checkrad"
        debug_level = 0
        proxy_requests = no
  log {
  stripped_names = yes
  auth = yes
  auth_badpass = yes
  auth_goodpass = yes
  colourise = yes
  msg_denied = "You are already logged in - access denied"
  }
  resources {
  }
  security {
  max_attributes = 200
  reject_delay = 1.000000
  status_server = yes
  }
}
radiusd: #### Loading Realms and Home Servers ####
  proxy server {
  retry_delay = 5
  retry_count = 3
  default_fallback = no
  dead_time = 120
  wake_all_if_all_dead = no
  }
  home_server localhost {
  ipaddr = 127.0.0.1
  port = 1812
  type = "auth"
  secret = <<< secret >>>
  response_window = 20.000000
  response_timeouts = 1
  max_outstanding = 65536
  zombie_period = 40
  status_check = "status-server"
  ping_interval = 30
  check_interval = 30
  check_timeout = 4
  num_answers_to_alive = 3
  revive_interval = 120
   limit {
    max_connections = 16
    max_requests = 0
    lifetime = 0
    idle_timeout = 0
   }
   coa {
    irt = 2
    mrt = 16
    mrc = 5
    mrd = 30
   }
  }
  home_server_pool my_auth_failover {
        type = fail-over
        home_server = localhost
  }
  realm example.com {
        auth_pool = my_auth_failover
  }
  realm LOCAL {
  }
  realm int {
        virtual_server = inner-tunnel
  }
radiusd: #### Loading Clients ####
  client localhost {
  ipv4addr = *
  require_message_authenticator = no
  secret = <<< secret >>>
  nas_type = "other"
  proto = "udp"
   limit {
    max_connections = 16
    lifetime = 0
    idle_timeout = 0
   }
  }
Debugger not attached
  # Creating Auth-Type = mschap
  # Creating Auth-Type = eap
  # Creating Auth-Type = NTLMAuth
  # Creating Auth-Type = MS-CHAP
  # Creating Autz-Type = Status-Server
  # Creating Acct-Type = Status-Server
  # Creating Auth-Type = NTLM_AUTH
radiusd: #### Instantiating modules ####
  modules {
   # Loaded module rlm_always
   # Loading module "reject" from file /etc/raddb/mods-enabled/always
   always reject {
    rcode = "reject"
    simulcount = 0
    mpp = no
   }
   # Loading module "fail" from file /etc/raddb/mods-enabled/always
   always fail {
    rcode = "fail"
    simulcount = 0
    mpp = no
   }
   # Loading module "ok" from file /etc/raddb/mods-enabled/always
   always ok {
    rcode = "ok"
    simulcount = 0
    mpp = no
   }
   # Loading module "handled" from file /etc/raddb/mods-enabled/always
   always handled {
    rcode = "handled"
    simulcount = 0
    mpp = no
   }
   # Loading module "invalid" from file /etc/raddb/mods-enabled/always
   always invalid {
    rcode = "invalid"
    simulcount = 0
    mpp = no
   }
   # Loading module "userlock" from file /etc/raddb/mods-enabled/always
   always userlock {
    rcode = "userlock"
    simulcount = 0
    mpp = no
   }
   # Loading module "notfound" from file /etc/raddb/mods-enabled/always
   always notfound {
    rcode = "notfound"
    simulcount = 0
    mpp = no
   }
   # Loading module "noop" from file /etc/raddb/mods-enabled/always
   always noop {
    rcode = "noop"
    simulcount = 0
    mpp = no
   }
   # Loading module "updated" from file /etc/raddb/mods-enabled/always
   always updated {
    rcode = "updated"
    simulcount = 0
    mpp = no
   }
   # Loaded module rlm_attr_filter
   # Loading module "attr_filter.post-proxy" from file  
/etc/raddb/mods-enabled/attr_filter
   attr_filter attr_filter.post-proxy {
    filename = "/etc/raddb/mods-config/attr_filter/post-proxy"
    key = "%{Realm}"
    relaxed = no
   }
   # Loading module "attr_filter.pre-proxy" from file  
/etc/raddb/mods-enabled/attr_filter
   attr_filter attr_filter.pre-proxy {
    filename = "/etc/raddb/mods-config/attr_filter/pre-proxy"
    key = "%{Realm}"
    relaxed = no
   }
   # Loading module "attr_filter.access_reject" from file  
/etc/raddb/mods-enabled/attr_filter
   attr_filter attr_filter.access_reject {
    filename = "/etc/raddb/mods-config/attr_filter/access_reject"
    key = "%{User-Name}"
    relaxed = no
   }
   # Loading module "attr_filter.access_challenge" from file  
/etc/raddb/mods-enabled/attr_filter
   attr_filter attr_filter.access_challenge {
    filename = "/etc/raddb/mods-config/attr_filter/access_challenge"
    key = "%{User-Name}"
    relaxed = no
   }
   # Loading module "attr_filter.accounting_response" from file  
/etc/raddb/mods-enabled/attr_filter
   attr_filter attr_filter.accounting_response {
    filename = "/etc/raddb/mods-config/attr_filter/accounting_response"
    key = "%{User-Name}"
    relaxed = no
   }
   # Loaded module rlm_cache
   # Loading module "cache_eap" from file /etc/raddb/mods-enabled/cache_eap
   cache cache_eap {
    driver = "rlm_cache_rbtree"
    key = "%{%{control:State}:-%{%{reply:State}:-%{State}}}"
    ttl = 15
    max_entries = 0
    epoch = 0
    add_stats = no
   }
   # Loaded module rlm_chap
   # Loading module "chap" from file /etc/raddb/mods-enabled/chap
   # Loaded module rlm_date
   # Loading module "date" from file /etc/raddb/mods-enabled/date
   date {
    format = "%b %e %Y %H:%M:%S %Z"
   }
   # Loaded module rlm_detail
   # Loading module "detail" from file /etc/raddb/mods-enabled/detail
   detail {
    filename =  
"/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d"
    header = "%t"
    permissions = 384
    locking = no
    escape_filenames = no
    log_packet_header = no
   }
   # Loading module "auth_log" from file /etc/raddb/mods-enabled/detail.log
   detail auth_log {
    filename =  
"/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d"
    header = "%t"
    permissions = 384
    locking = no
    escape_filenames = no
    log_packet_header = no
   }
   # Loading module "reply_log" from file /etc/raddb/mods-enabled/detail.log
   detail reply_log {
    filename =  
"/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/reply-detail-%Y%m%d"
    header = "%t"
    permissions = 384
    locking = no
    escape_filenames = no
    log_packet_header = no
   }
   # Loading module "pre_proxy_log" from file  
/etc/raddb/mods-enabled/detail.log
   detail pre_proxy_log {
    filename =  
"/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/pre-proxy-detail-%Y%m%d"
    header = "%t"
    permissions = 384
    locking = no
    escape_filenames = no
    log_packet_header = no
   }
   # Loading module "post_proxy_log" from file  
/etc/raddb/mods-enabled/detail.log
   detail post_proxy_log {
    filename =  
"/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/post-proxy-detail-%Y%m%d"
    header = "%t"
    permissions = 384
    locking = no
    escape_filenames = no
    log_packet_header = no
   }
   # Loaded module rlm_dhcp
   # Loading module "dhcp" from file /etc/raddb/mods-enabled/dhcp
   # Loaded module rlm_digest
   # Loading module "digest" from file /etc/raddb/mods-enabled/digest
   # Loaded module rlm_dynamic_clients
   # Loading module "dynamic_clients" from file  
/etc/raddb/mods-enabled/dynamic_clients
   # Loaded module rlm_eap
   # Loading module "eap" from file /etc/raddb/mods-enabled/eap
   eap {
    default_eap_type = "peap"
    timer_expire = 60
    ignore_unknown_eap_types = no
    cisco_accounting_username_bug = no
    max_sessions = 16384
   }
   # Loaded module rlm_exec
   # Loading module "echo" from file /etc/raddb/mods-enabled/echo
   exec echo {
    wait = yes
    program = "/bin/echo %{User-Name}"
    input_pairs = "request"
    output_pairs = "reply"
    shell_escape = yes
   }
   # Loading module "exec" from file /etc/raddb/mods-enabled/exec
   exec {
    wait = no
    input_pairs = "request"
    shell_escape = yes
    timeout = 10
   }
   # Loaded module rlm_expiration
   # Loading module "expiration" from file /etc/raddb/mods-enabled/expiration
   # Loaded module rlm_expr
   # Loading module "expr" from file /etc/raddb/mods-enabled/expr
   expr {
    safe_characters =  
"@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_:  
/äéöüàâæçèéêëîïôœùûüaÿÄÉÖÜßÀÂÆÇÈÉÊËÎÏÔŒÙÛÜŸ"
   }
   # Loaded module rlm_files
   # Loading module "files" from file /etc/raddb/mods-enabled/files
   files {
    filename = "/etc/raddb/mods-config/files/authorize"
    acctusersfile = "/etc/raddb/mods-config/files/accounting"
    preproxy_usersfile = "/etc/raddb/mods-config/files/pre-proxy"
   }
   # Loaded module rlm_linelog
   # Loading module "linelog" from file /etc/raddb/mods-enabled/linelog
   linelog {
    filename = "/var/log/radius/linelog"
    escape_filenames = no
    syslog_severity = "info"
    permissions = 384
    format = "This is a log message for %{User-Name}"
    reference = "messages.%{%{reply:Packet-Type}:-default}"
   }
   # Loading module "log_accounting" from file /etc/raddb/mods-enabled/linelog
   linelog log_accounting {
    filename = "/var/log/radius/linelog-accounting"
    escape_filenames = no
    syslog_severity = "info"
    permissions = 384
    format = ""
    reference = "Accounting-Request.%{%{Acct-Status-Type}:-unknown}"
   }
   # Loaded module rlm_logintime
   # Loading module "logintime" from file /etc/raddb/mods-enabled/logintime
   logintime {
    minimum_timeout = 60
   }
   # Loaded module rlm_mschap
   # Loading module "mschap" from file /etc/raddb/mods-enabled/mschap
   mschap {
    use_mppe = yes
    require_encryption = yes
    require_strong = yes
    with_ntdomain_hack = yes
    ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key  
--username=%{mschap:User-Name:-None}  
--domain=%{%{mschap:NT-Domain}:-OCTA.EDU}  
--challenge=%{mschap:Challenge:-00}  
--nt-response=%{mschap:NT-Response:-00}"
    ntlm_auth_timeout = 10
    passchange {
    ntlm_auth = "/usr/bin/ntlm_auth --helper-protocol=ntlm-change-password-1"
    ntlm_auth_username = "username: %{mschap:User-Name}"
    ntlm_auth_domain = "nt-domain: %{mschap:NT-Domain}"
    }
    allow_retry = yes
    winbind_retry_with_normalised_username = no
   }
   # Loading module "ntlm_auth" from file /etc/raddb/mods-enabled/ntlm_auth
   exec ntlm_auth {
    wait = yes
    program = "/usr/bin/ntlm_auth --request-nt-key --domain=OCTA.EDU  
--username=%{mschap:User-Name} --password=%{User-Password}"
    shell_escape = yes
   }
   # Loaded module rlm_pap
   # Loading module "pap" from file /etc/raddb/mods-enabled/pap
   pap {
    normalise = yes
   }
   # Loaded module rlm_passwd
   # Loading module "etc_passwd" from file /etc/raddb/mods-enabled/passwd
   passwd etc_passwd {
    filename = "/etc/passwd"
    format = "*User-Name:Cleartext-Password:"
    delimiter = ":"
    ignore_nislike = no
    ignore_empty = yes
    allow_multiple_keys = no
    hash_size = 100
   }
   # Loaded module rlm_preprocess
   # Loading module "preprocess" from file /etc/raddb/mods-enabled/preprocess
   preprocess {
    huntgroups = "/etc/raddb/mods-config/preprocess/huntgroups"
    hints = "/etc/raddb/mods-config/preprocess/hints"
    with_ascend_hack = no
    ascend_channels_per_line = 23
    with_ntdomain_hack = no
    with_specialix_jetstream_hack = no
    with_cisco_vsa_hack = no
    with_alvarion_vsa_hack = no
   }
   # Loaded module rlm_radutmp
   # Loading module "radutmp" from file /etc/raddb/mods-enabled/radutmp
   radutmp {
    filename = "/var/log/radius/radutmp"
    username = "%{User-Name}"
    case_sensitive = no
    check_with_nas = yes
    permissions = 384
    caller_id = yes
   }
   # Loaded module rlm_realm
   # Loading module "IPASS" from file /etc/raddb/mods-enabled/realm
   realm IPASS {
    format = "prefix"
    delimiter = "/"
    ignore_default = no
    ignore_null = no
   }
   # Loading module "suffix" from file /etc/raddb/mods-enabled/realm
   realm suffix {
    format = "suffix"
    delimiter = "@"
    ignore_default = no
    ignore_null = no
   }
   # Loading module "realmpercent" from file /etc/raddb/mods-enabled/realm
   realm realmpercent {
    format = "suffix"
    delimiter = "%"
    ignore_default = no
    ignore_null = no
   }
   # Loading module "ntdomain" from file /etc/raddb/mods-enabled/realm
   realm ntdomain {
    format = "prefix"
    delimiter = "\\"
    ignore_default = no
    ignore_null = no
   }
   # Loaded module rlm_replicate
   # Loading module "replicate" from file /etc/raddb/mods-enabled/replicate
   # Loaded module rlm_soh
   # Loading module "soh" from file /etc/raddb/mods-enabled/soh
   soh {
    dhcp = yes
   }
   # Loading module "sradutmp" from file /etc/raddb/mods-enabled/sradutmp
   radutmp sradutmp {
    filename = "/var/log/radius/sradutmp"
    username = "%{User-Name}"
    case_sensitive = yes
    check_with_nas = yes
    permissions = 420
    caller_id = no
   }
   # Loaded module rlm_unix
   # Loading module "unix" from file /etc/raddb/mods-enabled/unix
   unix {
    radwtmp = "/var/log/radius/radwtmp"
   }
Creating attribute Unix-Group
   # Loaded module rlm_unpack
   # Loading module "unpack" from file /etc/raddb/mods-enabled/unpack
   # Loaded module rlm_utf8
   # Loading module "utf8" from file /etc/raddb/mods-enabled/utf8
   # Loaded module rlm_sql
   # Loading module "sql" from file /etc/raddb/mods-enabled/sql
   sql {
    driver = "rlm_sql_mysql"
    server = "localhost"
    port = 3306
    login = "root"
    password = <<< secret >>>
    radius_db = "radius"
    read_groups = yes
    read_profiles = yes
    read_clients = yes
    delete_stale_sessions = yes
    sql_user_name = "%{User-Name}"
    logfile = "/var/log/radius/sqllog.sql"
    default_user_profile = ""
    client_query = "SELECT id, nasname, shortname, type, secret,  
server FROM nas"
    authorize_check_query = "SELECT id, username, attribute, value, op  
FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id"
    authorize_reply_query = "SELECT id, username, attribute, value, op  
FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id"
    authorize_group_check_query = "SELECT id, groupname, attribute,  
Value, op FROM radgroupcheck WHERE groupname = '%{SQL-Group}' ORDER BY  
id"
    authorize_group_reply_query = "SELECT id, groupname, attribute,  
value, op FROM radgroupreply WHERE groupname = '%{SQL-Group}' ORDER BY  
id"
    group_membership_query = "SELECT groupname FROM radusergroup WHERE  
username = '%{SQL-User-Name}' ORDER BY priority"
    simul_count_query = "SELECT COUNT(*) FROM radacct WHERE username =  
'%{SQL-User-Name}' AND acctstoptime IS NULL"
    simul_verify_query = "SELECT radacctid, acctsessionid, username,  
nasipaddress, nasportid, framedipaddress, callingstationid,  
framedprotocol FROM radacct WHERE username = '%{SQL-User-Name}' AND  
acctstoptime IS NULL"
    safe_characters =  
"@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
    accounting {
    reference = "%{tolower:type.%{Acct-Status-Type}.query}"
     type {
      accounting-on {
      query = "UPDATE radacct SET acctstoptime =  
FROM_UNIXTIME(%{integer:Event-Timestamp}), acctsessiontime =  
'%{integer:Event-Timestamp}' - UNIX_TIMESTAMP(acctstarttime),  
acctterminatecause = '%{%{Acct-Terminate-Cause}:-NAS-Reboot}' WHERE  
acctstoptime IS NULL AND nasipaddress   = '%{NAS-IP-Address}' AND  
acctstarttime <= FROM_UNIXTIME(%{integer:Event-Timestamp})"
      }
      accounting-off {
      query = "UPDATE radacct SET acctstoptime =  
FROM_UNIXTIME(%{integer:Event-Timestamp}), acctsessiontime =  
'%{integer:Event-Timestamp}' - UNIX_TIMESTAMP(acctstarttime),  
acctterminatecause = '%{%{Acct-Terminate-Cause}:-NAS-Reboot}' WHERE  
acctstoptime IS NULL AND nasipaddress   = '%{NAS-IP-Address}' AND  
acctstarttime <= FROM_UNIXTIME(%{integer:Event-Timestamp})"
      }
      start {
      query = "INSERT INTO radacct  
(acctsessionid, acctuniqueid, username,  
realm, nasipaddress, nasportid,  
nasporttype, acctstarttime, acctupdatetime,  
acctstoptime, acctsessiontime, acctauthentic,  
connectinfo_start, connectinfo_stop, acctinputoctets,  
acctoutputoctets, calledstationid, callingstationid,  
acctterminatecause, servicetype, framedprotocol, framedipaddress)  
VALUES ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}',  
'%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}',  
'%{%{NAS-Port-ID}:-%{NAS-Port}}', '%{NAS-Port-Type}',  
FROM_UNIXTIME(%{integer:Event-Timestamp}),  
FROM_UNIXTIME(%{integer:Event-Timestamp}), NULL, '0',  
'%{Acct-Authentic}', '%{Connect-Info}', '', '0', '0',  
'%{Called-Station-Id}', '%{Calling-Station-Id}', '',  
'%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}')"
      }
      interim-update {
      query = "UPDATE radacct SET acctupdatetime  =  
(@acctupdatetime_old:=acctupdatetime), acctupdatetime  =  
FROM_UNIXTIME(%{integer:Event-Timestamp}), acctinterval    =  
%{integer:Event-Timestamp} - UNIX_TIMESTAMP(@acctupdatetime_old),  
framedipaddress = '%{Framed-IP-Address}', acctsessiontime =  
%{%{Acct-Session-Time}:-NULL}, acctinputoctets =  
'%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}',  
acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' << 32 |  
'%{%{Acct-Output-Octets}:-0}' WHERE AcctUniqueId =  
'%{Acct-Unique-Session-Id}'"
      }
      stop {
      query = "UPDATE radacct SET acctstoptime =  
FROM_UNIXTIME(%{integer:Event-Timestamp}), acctsessiontime =  
%{%{Acct-Session-Time}:-NULL}, acctinputoctets =  
'%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}',  
acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' << 32 |  
'%{%{Acct-Output-Octets}:-0}', acctterminatecause =  
'%{Acct-Terminate-Cause}', connectinfo_stop = '%{Connect-Info}' WHERE  
AcctUniqueId = '%{Acct-Unique-Session-Id}'"
      }
     }
    }
    post-auth {
    reference = ".query"
    query = "INSERT INTO radpostauth (username, pass, reply,  
authdate) VALUES ( '%{SQL-User-Name}',  
'%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S')"
    }
   }
rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked
Creating attribute SQL-Group
   instantiate {
   }
   # Instantiating module "reject" from file /etc/raddb/mods-enabled/always
   # Instantiating module "fail" from file /etc/raddb/mods-enabled/always
   # Instantiating module "ok" from file /etc/raddb/mods-enabled/always
   # Instantiating module "handled" from file /etc/raddb/mods-enabled/always
   # Instantiating module "invalid" from file /etc/raddb/mods-enabled/always
   # Instantiating module "userlock" from file /etc/raddb/mods-enabled/always
   # Instantiating module "notfound" from file /etc/raddb/mods-enabled/always
   # Instantiating module "noop" from file /etc/raddb/mods-enabled/always
   # Instantiating module "updated" from file /etc/raddb/mods-enabled/always
   # Instantiating module "attr_filter.post-proxy" from file  
/etc/raddb/mods-enabled/attr_filter
reading pairlist file /etc/raddb/mods-config/attr_filter/post-proxy
   # Instantiating module "attr_filter.pre-proxy" from file  
/etc/raddb/mods-enabled/attr_filter
reading pairlist file /etc/raddb/mods-config/attr_filter/pre-proxy
   # Instantiating module "attr_filter.access_reject" from file  
/etc/raddb/mods-enabled/attr_filter
reading pairlist file /etc/raddb/mods-config/attr_filter/access_reject
[/etc/raddb/mods-config/attr_filter/access_reject]:11 Check item  
"FreeRADIUS-Response-Delay" found in filter list for realm "DEFAULT".
[/etc/raddb/mods-config/attr_filter/access_reject]:11 Check item  
"FreeRADIUS-Response-Delay-USec" found in filter list for realm  
"DEFAULT".
   # Instantiating module "attr_filter.access_challenge" from file  
/etc/raddb/mods-enabled/attr_filter
reading pairlist file /etc/raddb/mods-config/attr_filter/access_challenge
   # Instantiating module "attr_filter.accounting_response" from file  
/etc/raddb/mods-enabled/attr_filter
reading pairlist file /etc/raddb/mods-config/attr_filter/accounting_response
   # Instantiating module "cache_eap" from file  
/etc/raddb/mods-enabled/cache_eap
rlm_cache (cache_eap): Driver rlm_cache_rbtree (module  
rlm_cache_rbtree) loaded and linked
   # Instantiating module "detail" from file /etc/raddb/mods-enabled/detail
   # Instantiating module "auth_log" from file  
/etc/raddb/mods-enabled/detail.log
rlm_detail (auth_log): 'User-Password' suppressed, will not appear in  
detail output
   # Instantiating module "reply_log" from file  
/etc/raddb/mods-enabled/detail.log
   # Instantiating module "pre_proxy_log" from file  
/etc/raddb/mods-enabled/detail.log
   # Instantiating module "post_proxy_log" from file  
/etc/raddb/mods-enabled/detail.log
   # Instantiating module "eap" from file /etc/raddb/mods-enabled/eap
    # Linked to sub-module rlm_eap_tls
    tls {
    tls = "tls-common"
    }
    tls-config tls-common {
    verify_depth = 0
    ca_path = "/etc/raddb/certs"
    pem_file_type = yes
    private_key_file = "/etc/raddb/certs/server.pem"
    certificate_file = "/etc/raddb/certs/server.pem"
    ca_file = "/etc/raddb/certs/ca.pem"
    private_key_password = <<< secret >>>
    fragment_size = 1024
    include_length = yes
    auto_chain = yes
    check_crl = no
    check_all_crl = no
    cipher_list = "DEFAULT"
    cipher_server_preference = no
    ecdh_curve = "prime256v1"
     cache {
      enable = no
      lifetime = 24
      max_entries = 255
     }
     verify {
      skip_if_ocsp_ok = no
     }
     ocsp {
      enable = no
      override_cert_url = yes
      url = "http://127.0.0.1/ocsp/"
      use_nonce = yes
      timeout = 0
      softfail = no
     }
    }
    # Linked to sub-module rlm_eap_ttls
    ttls {
    tls = "tls-common"
    default_eap_type = "md5"
    copy_request_to_tunnel = no
    use_tunneled_reply = no
    virtual_server = "inner-tunnel"
    include_length = yes
    require_client_cert = no
    }
tls: Using cached TLS configuration from previous invocation
    # Linked to sub-module rlm_eap_peap
    peap {
    tls = "tls-common"
    default_eap_type = "mschapv2"
    copy_request_to_tunnel = yes
    use_tunneled_reply = yes
    proxy_tunneled_request_as_eap = no
    virtual_server = "inner-tunnel"
    soh = no
    require_client_cert = no
    }
tls: Using cached TLS configuration from previous invocation
    # Linked to sub-module rlm_eap_mschapv2
    mschapv2 {
    with_ntdomain_hack = no
    send_error = yes
    identity = "FreeRADIUS"
    }
   # Instantiating module "expiration" from file  
/etc/raddb/mods-enabled/expiration
   # Instantiating module "files" from file /etc/raddb/mods-enabled/files
reading pairlist file /etc/raddb/mods-config/files/authorize
reading pairlist file /etc/raddb/mods-config/files/accounting
reading pairlist file /etc/raddb/mods-config/files/pre-proxy
   # Instantiating module "linelog" from file /etc/raddb/mods-enabled/linelog
   # Instantiating module "log_accounting" from file  
/etc/raddb/mods-enabled/linelog
   # Instantiating module "logintime" from file  
/etc/raddb/mods-enabled/logintime
   # Instantiating module "mschap" from file /etc/raddb/mods-enabled/mschap
rlm_mschap (mschap): authenticating by calling 'ntlm_auth'
   # Instantiating module "pap" from file /etc/raddb/mods-enabled/pap
   # Instantiating module "etc_passwd" from file /etc/raddb/mods-enabled/passwd
rlm_passwd: nfields: 3 keyfield 0(User-Name) listable: no
   # Instantiating module "preprocess" from file  
/etc/raddb/mods-enabled/preprocess
reading pairlist file /etc/raddb/mods-config/preprocess/huntgroups
reading pairlist file /etc/raddb/mods-config/preprocess/hints
   # Instantiating module "IPASS" from file /etc/raddb/mods-enabled/realm
   # Instantiating module "suffix" from file /etc/raddb/mods-enabled/realm
   # Instantiating module "realmpercent" from file  
/etc/raddb/mods-enabled/realm
   # Instantiating module "ntdomain" from file /etc/raddb/mods-enabled/realm
   # Instantiating module "sql" from file /etc/raddb/mods-enabled/sql
rlm_sql_mysql: libmysql version: 10.1.37-MariaDB
    mysql {
     tls {
     }
    warnings = "auto"
    }
rlm_sql (sql): Attempting to connect to database "radius"
rlm_sql (sql): Initialising connection pool
    pool {
    start = 5
    min = 3
    max = 32
    spare = 10
    uses = 0
    lifetime = 0
    cleanup_interval = 30
    idle_timeout = 60
    retry_delay = 30
    spread = no
    }
rlm_sql (sql): Opening additional connection (0), 1 of 32 pending slots used
rlm_sql_mysql: Starting connect to MySQL server
rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX  
socket, server version 10.1.37-MariaDB, protocol version 10
rlm_sql (sql): Opening additional connection (1), 1 of 31 pending slots used
rlm_sql_mysql: Starting connect to MySQL server
rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX  
socket, server version 10.1.37-MariaDB, protocol version 10
rlm_sql (sql): Opening additional connection (2), 1 of 30 pending slots used
rlm_sql_mysql: Starting connect to MySQL server
rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX  
socket, server version 10.1.37-MariaDB, protocol version 10
rlm_sql (sql): Opening additional connection (3), 1 of 29 pending slots used
rlm_sql_mysql: Starting connect to MySQL server
rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX  
socket, server version 10.1.37-MariaDB, protocol version 10
rlm_sql (sql): Opening additional connection (4), 1 of 28 pending slots used
rlm_sql_mysql: Starting connect to MySQL server
rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX  
socket, server version 10.1.37-MariaDB, protocol version 10
rlm_sql (sql): Processing generate_sql_clients
rlm_sql (sql) in generate_sql_clients: query is SELECT id, nasname,  
shortname, type, secret, server FROM nas
rlm_sql (sql): Reserved connection (0)
rlm_sql (sql): Executing select query: SELECT id, nasname, shortname,  
type, secret, server FROM nas
rlm_sql (sql): Adding client 10.0.0.38 (domain controller) to global  
clients list
rlm_sql (10.0.0.38): Client "domain controller" (sql) added
rlm_sql (sql): Adding client 10.0.0.39 (domain contr-2) to global clients list
rlm_sql (10.0.0.39): Client "domain contr-2" (sql) added
rlm_sql (sql): Adding client 10.1.172.16 (team2) to global clients list
rlm_sql (10.1.172.16): Client "team2" (sql) added
rlm_sql (sql): Adding client 10.1.172.18 (team4) to global clients list
rlm_sql (10.1.172.18): Client "team4" (sql) added
rlm_sql (sql): Adding client 10.1.172.19 (team5) to global clients list
rlm_sql (10.1.172.19): Client "team5" (sql) added
rlm_sql (sql): Adding client 10.1.172.20 (team6) to global clients list
rlm_sql (10.1.172.20): Client "team6" (sql) added
rlm_sql (sql): Adding client 10.0.0.1 (Local network) to global clients list
rlm_sql (10.0.0.1): Client "Local network" (sql) added
rlm_sql (sql): Released connection (0)
Need 5 more connections to reach 10 spares
rlm_sql (sql): Opening additional connection (5), 1 of 27 pending slots used
rlm_sql_mysql: Starting connect to MySQL server
rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX  
socket, server version 10.1.37-MariaDB, protocol version 10
  } # modules
radiusd: #### Loading Virtual Servers ####
server { # from file /etc/raddb/radiusd.conf
} # server
server default { # from file /etc/raddb/sites-enabled/default
  # Loading authenticate {...}
  # Loading authorize {...}
Ignoring "ldap" (see raddb/mods-available/README.rst)
  # Loading preacct {...}
  # Loading accounting {...}
} # server default
server inner-tunnel { # from file /etc/raddb/sites-enabled/inner-tunnel
  # Loading authenticate {...}
  # Loading authorize {...}
  # Loading session {...}
  # Loading post-auth {...}
} # server inner-tunnel
radiusd: #### Opening IP addresses and Ports ####
listen {
    type = "auth"
    ipaddr = *
    port = 0
    limit {
    max_connections = 16
    lifetime = 0
    idle_timeout = 0
    }
Failed binding to auth address * port 1812 bound to server default:  
Address already in use
/etc/raddb/sites-enabled/default[60]: Error binding to port for  
0.0.0.0 port 1812


Regards,
S.Lakshmi narayanan
Quoting Alan DeKok <[hidden email]>:

> On Jan 27, 2019, at 11:35 PM, [hidden email] wrote:
>>
>>      I have a problem with accounting .Everything is working fine  
>> on freeradius.Login& authentication sql everything is working  
>> fine.But i have a problem in accounting pocket.We are using  
>> sonciwall firwall in our campus.Those who logged through our radius  
>> server the login information (Radius Accounting) information need  
>> to display on sonicwall user's page.The UDP pocket 1813 not send to  
>> our firewall ip.In the firewall
>
>   Then fix that.  This isn't a RADIUS problem.  It's a network  
> problem.  No amount of poking FreeRADIUS will fix the firewall.
>
>> i have enable policy allow to all our local network.I have attached  
>> my radiususd -X log to this mail.
>
>   Which doesn't show anything useful.
>
>> Kindly provide the solution for resolve my issue.The Radius  
>> Accounting information now shows on radacct in the phpmyadmin.
>>
>> Regards.
>> S.Lakshmi narayanan
>>
>> <28012019.txt>-
>
>   Add the debug output as text.  Don't add an attachment.
>
> http://wiki.freeradius.org/list-help
>
>   Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See  
> http://www.freeradius.org/list/users.html



-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: radius accounting issue.

Eero Volotinen
You can really run two instances of radius in same port. stop it first and
then run with parameter -X

Eero

On Tue, Jan 29, 2019 at 6:09 AM <[hidden email]> wrote:

> Hi,
>
>     As per you instruction i have given the details for radiusd -X
> report to this mail as a text.
>
> FreeRADIUS Version 3.0.13
> Copyright (C) 1999-2017 The FreeRADIUS server project and contributors
> There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
> PARTICULAR PURPOSE
> You may redistribute copies of FreeRADIUS under the terms of the
> GNU General Public License
> For more information about these matters, see the file named COPYRIGHT
> Starting - reading configuration files ...
> including dictionary file /usr/share/freeradius/dictionary
> including dictionary file /usr/share/freeradius/dictionary.dhcp
> including dictionary file /usr/share/freeradius/dictionary.vqp
> including dictionary file /etc/raddb/dictionary
> including configuration file /etc/raddb/radiusd.conf
> including configuration file /etc/raddb/proxy.conf
> including configuration file /etc/raddb/clients.conf
> including files in directory /etc/raddb/mods-enabled/
> including configuration file /etc/raddb/mods-enabled/always
> including configuration file /etc/raddb/mods-enabled/attr_filter
> including configuration file /etc/raddb/mods-enabled/cache_eap
> including configuration file /etc/raddb/mods-enabled/chap
> including configuration file /etc/raddb/mods-enabled/date
> including configuration file /etc/raddb/mods-enabled/detail
> including configuration file /etc/raddb/mods-enabled/detail.log
> including configuration file /etc/raddb/mods-enabled/dhcp
> including configuration file /etc/raddb/mods-enabled/digest
> including configuration file /etc/raddb/mods-enabled/dynamic_clients
> including configuration file /etc/raddb/mods-enabled/eap
> including configuration file /etc/raddb/mods-enabled/echo
> including configuration file /etc/raddb/mods-enabled/exec
> including configuration file /etc/raddb/mods-enabled/expiration
> including configuration file /etc/raddb/mods-enabled/expr
> including configuration file /etc/raddb/mods-enabled/files
> including configuration file /etc/raddb/mods-enabled/linelog
> including configuration file /etc/raddb/mods-enabled/logintime
> including configuration file /etc/raddb/mods-enabled/mschap
> including configuration file /etc/raddb/mods-enabled/ntlm_auth
> including configuration file /etc/raddb/mods-enabled/pap
> including configuration file /etc/raddb/mods-enabled/passwd
> including configuration file /etc/raddb/mods-enabled/preprocess
> including configuration file /etc/raddb/mods-enabled/radutmp
> including configuration file /etc/raddb/mods-enabled/realm
> including configuration file /etc/raddb/mods-enabled/replicate
> including configuration file /etc/raddb/mods-enabled/soh
> including configuration file /etc/raddb/mods-enabled/sradutmp
> including configuration file /etc/raddb/mods-enabled/unix
> including configuration file /etc/raddb/mods-enabled/unpack
> including configuration file /etc/raddb/mods-enabled/utf8
> including configuration file /etc/raddb/mods-enabled/sql
> including configuration file
> /etc/raddb/mods-config/sql/main/mysql/queries.conf
> including files in directory /etc/raddb/policy.d/
> including configuration file /etc/raddb/policy.d/accounting
> including configuration file /etc/raddb/policy.d/canonicalization
> including configuration file /etc/raddb/policy.d/control
> including configuration file /etc/raddb/policy.d/cui
> including configuration file /etc/raddb/policy.d/debug
> including configuration file /etc/raddb/policy.d/dhcp
> including configuration file /etc/raddb/policy.d/eap
> including configuration file /etc/raddb/policy.d/filter
> including configuration file /etc/raddb/policy.d/operator-name
> including files in directory /etc/raddb/sites-enabled/
> including configuration file /etc/raddb/sites-enabled/default
> including configuration file /etc/raddb/sites-enabled/inner-tunnel
> main {
>   security {
>         user = "radiusd"
>         group = "radiusd"
>         allow_core_dumps = no
>   }
>         name = "radiusd"
>         prefix = "/usr"
>         localstatedir = "/var"
>         logdir = "/var/log/radius"
>         run_dir = "/var/run/radiusd"
> }
> main {
>         name = "radiusd"
>         prefix = "/usr"
>         localstatedir = "/var"
>         sbindir = "/usr/sbin"
>         logdir = "/var/log/radius"
>         run_dir = "/var/run/radiusd"
>         libdir = "/usr/lib64/freeradius"
>         radacctdir = "/var/log/radius/radacct"
>         hostname_lookups = no
>         max_request_time = 30
>         cleanup_delay = 5
>         max_requests = 16384
>         pidfile = "/var/run/radiusd/radiusd.pid"
>         checkrad = "/usr/sbin/checkrad"
>         debug_level = 0
>         proxy_requests = no
>   log {
>         stripped_names = yes
>         auth = yes
>         auth_badpass = yes
>         auth_goodpass = yes
>         colourise = yes
>         msg_denied = "You are already logged in - access denied"
>   }
>   resources {
>   }
>   security {
>         max_attributes = 200
>         reject_delay = 1.000000
>         status_server = yes
>   }
> }
> radiusd: #### Loading Realms and Home Servers ####
>   proxy server {
>         retry_delay = 5
>         retry_count = 3
>         default_fallback = no
>         dead_time = 120
>         wake_all_if_all_dead = no
>   }
>   home_server localhost {
>         ipaddr = 127.0.0.1
>         port = 1812
>         type = "auth"
>         secret = <<< secret >>>
>         response_window = 20.000000
>         response_timeouts = 1
>         max_outstanding = 65536
>         zombie_period = 40
>         status_check = "status-server"
>         ping_interval = 30
>         check_interval = 30
>         check_timeout = 4
>         num_answers_to_alive = 3
>         revive_interval = 120
>    limit {
>         max_connections = 16
>         max_requests = 0
>         lifetime = 0
>         idle_timeout = 0
>    }
>    coa {
>         irt = 2
>         mrt = 16
>         mrc = 5
>         mrd = 30
>    }
>   }
>   home_server_pool my_auth_failover {
>         type = fail-over
>         home_server = localhost
>   }
>   realm example.com {
>         auth_pool = my_auth_failover
>   }
>   realm LOCAL {
>   }
>   realm int {
>         virtual_server = inner-tunnel
>   }
> radiusd: #### Loading Clients ####
>   client localhost {
>         ipv4addr = *
>         require_message_authenticator = no
>         secret = <<< secret >>>
>         nas_type = "other"
>         proto = "udp"
>    limit {
>         max_connections = 16
>         lifetime = 0
>         idle_timeout = 0
>    }
>   }
> Debugger not attached
>   # Creating Auth-Type = mschap
>   # Creating Auth-Type = eap
>   # Creating Auth-Type = NTLMAuth
>   # Creating Auth-Type = MS-CHAP
>   # Creating Autz-Type = Status-Server
>   # Creating Acct-Type = Status-Server
>   # Creating Auth-Type = NTLM_AUTH
> radiusd: #### Instantiating modules ####
>   modules {
>    # Loaded module rlm_always
>    # Loading module "reject" from file /etc/raddb/mods-enabled/always
>    always reject {
>         rcode = "reject"
>         simulcount = 0
>         mpp = no
>    }
>    # Loading module "fail" from file /etc/raddb/mods-enabled/always
>    always fail {
>         rcode = "fail"
>         simulcount = 0
>         mpp = no
>    }
>    # Loading module "ok" from file /etc/raddb/mods-enabled/always
>    always ok {
>         rcode = "ok"
>         simulcount = 0
>         mpp = no
>    }
>    # Loading module "handled" from file /etc/raddb/mods-enabled/always
>    always handled {
>         rcode = "handled"
>         simulcount = 0
>         mpp = no
>    }
>    # Loading module "invalid" from file /etc/raddb/mods-enabled/always
>    always invalid {
>         rcode = "invalid"
>         simulcount = 0
>         mpp = no
>    }
>    # Loading module "userlock" from file /etc/raddb/mods-enabled/always
>    always userlock {
>         rcode = "userlock"
>         simulcount = 0
>         mpp = no
>    }
>    # Loading module "notfound" from file /etc/raddb/mods-enabled/always
>    always notfound {
>         rcode = "notfound"
>         simulcount = 0
>         mpp = no
>    }
>    # Loading module "noop" from file /etc/raddb/mods-enabled/always
>    always noop {
>         rcode = "noop"
>         simulcount = 0
>         mpp = no
>    }
>    # Loading module "updated" from file /etc/raddb/mods-enabled/always
>    always updated {
>         rcode = "updated"
>         simulcount = 0
>         mpp = no
>    }
>    # Loaded module rlm_attr_filter
>    # Loading module "attr_filter.post-proxy" from file
> /etc/raddb/mods-enabled/attr_filter
>    attr_filter attr_filter.post-proxy {
>         filename = "/etc/raddb/mods-config/attr_filter/post-proxy"
>         key = "%{Realm}"
>         relaxed = no
>    }
>    # Loading module "attr_filter.pre-proxy" from file
> /etc/raddb/mods-enabled/attr_filter
>    attr_filter attr_filter.pre-proxy {
>         filename = "/etc/raddb/mods-config/attr_filter/pre-proxy"
>         key = "%{Realm}"
>         relaxed = no
>    }
>    # Loading module "attr_filter.access_reject" from file
> /etc/raddb/mods-enabled/attr_filter
>    attr_filter attr_filter.access_reject {
>         filename = "/etc/raddb/mods-config/attr_filter/access_reject"
>         key = "%{User-Name}"
>         relaxed = no
>    }
>    # Loading module "attr_filter.access_challenge" from file
> /etc/raddb/mods-enabled/attr_filter
>    attr_filter attr_filter.access_challenge {
>         filename = "/etc/raddb/mods-config/attr_filter/access_challenge"
>         key = "%{User-Name}"
>         relaxed = no
>    }
>    # Loading module "attr_filter.accounting_response" from file
> /etc/raddb/mods-enabled/attr_filter
>    attr_filter attr_filter.accounting_response {
>         filename = "/etc/raddb/mods-config/attr_filter/accounting_response"
>         key = "%{User-Name}"
>         relaxed = no
>    }
>    # Loaded module rlm_cache
>    # Loading module "cache_eap" from file /etc/raddb/mods-enabled/cache_eap
>    cache cache_eap {
>         driver = "rlm_cache_rbtree"
>         key = "%{%{control:State}:-%{%{reply:State}:-%{State}}}"
>         ttl = 15
>         max_entries = 0
>         epoch = 0
>         add_stats = no
>    }
>    # Loaded module rlm_chap
>    # Loading module "chap" from file /etc/raddb/mods-enabled/chap
>    # Loaded module rlm_date
>    # Loading module "date" from file /etc/raddb/mods-enabled/date
>    date {
>         format = "%b %e %Y %H:%M:%S %Z"
>    }
>    # Loaded module rlm_detail
>    # Loading module "detail" from file /etc/raddb/mods-enabled/detail
>    detail {
>         filename =
>
> "/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d"
>         header = "%t"
>         permissions = 384
>         locking = no
>         escape_filenames = no
>         log_packet_header = no
>    }
>    # Loading module "auth_log" from file /etc/raddb/mods-enabled/detail.log
>    detail auth_log {
>         filename =
>
> "/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d"
>         header = "%t"
>         permissions = 384
>         locking = no
>         escape_filenames = no
>         log_packet_header = no
>    }
>    # Loading module "reply_log" from file
> /etc/raddb/mods-enabled/detail.log
>    detail reply_log {
>         filename =
>
> "/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/reply-detail-%Y%m%d"
>         header = "%t"
>         permissions = 384
>         locking = no
>         escape_filenames = no
>         log_packet_header = no
>    }
>    # Loading module "pre_proxy_log" from file
> /etc/raddb/mods-enabled/detail.log
>    detail pre_proxy_log {
>         filename =
>
> "/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/pre-proxy-detail-%Y%m%d"
>         header = "%t"
>         permissions = 384
>         locking = no
>         escape_filenames = no
>         log_packet_header = no
>    }
>    # Loading module "post_proxy_log" from file
> /etc/raddb/mods-enabled/detail.log
>    detail post_proxy_log {
>         filename =
>
> "/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/post-proxy-detail-%Y%m%d"
>         header = "%t"
>         permissions = 384
>         locking = no
>         escape_filenames = no
>         log_packet_header = no
>    }
>    # Loaded module rlm_dhcp
>    # Loading module "dhcp" from file /etc/raddb/mods-enabled/dhcp
>    # Loaded module rlm_digest
>    # Loading module "digest" from file /etc/raddb/mods-enabled/digest
>    # Loaded module rlm_dynamic_clients
>    # Loading module "dynamic_clients" from file
> /etc/raddb/mods-enabled/dynamic_clients
>    # Loaded module rlm_eap
>    # Loading module "eap" from file /etc/raddb/mods-enabled/eap
>    eap {
>         default_eap_type = "peap"
>         timer_expire = 60
>         ignore_unknown_eap_types = no
>         cisco_accounting_username_bug = no
>         max_sessions = 16384
>    }
>    # Loaded module rlm_exec
>    # Loading module "echo" from file /etc/raddb/mods-enabled/echo
>    exec echo {
>         wait = yes
>         program = "/bin/echo %{User-Name}"
>         input_pairs = "request"
>         output_pairs = "reply"
>         shell_escape = yes
>    }
>    # Loading module "exec" from file /etc/raddb/mods-enabled/exec
>    exec {
>         wait = no
>         input_pairs = "request"
>         shell_escape = yes
>         timeout = 10
>    }
>    # Loaded module rlm_expiration
>    # Loading module "expiration" from file
> /etc/raddb/mods-enabled/expiration
>    # Loaded module rlm_expr
>    # Loading module "expr" from file /etc/raddb/mods-enabled/expr
>    expr {
>         safe_characters =
> "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_:
> /äéöüàâæçèéêëîïôœùûüaÿÄÉÖÜßÀÂÆÇÈÉÊËÎÏÔŒÙÛÜŸ"
>    }
>    # Loaded module rlm_files
>    # Loading module "files" from file /etc/raddb/mods-enabled/files
>    files {
>         filename = "/etc/raddb/mods-config/files/authorize"
>         acctusersfile = "/etc/raddb/mods-config/files/accounting"
>         preproxy_usersfile = "/etc/raddb/mods-config/files/pre-proxy"
>    }
>    # Loaded module rlm_linelog
>    # Loading module "linelog" from file /etc/raddb/mods-enabled/linelog
>    linelog {
>         filename = "/var/log/radius/linelog"
>         escape_filenames = no
>         syslog_severity = "info"
>         permissions = 384
>         format = "This is a log message for %{User-Name}"
>         reference = "messages.%{%{reply:Packet-Type}:-default}"
>    }
>    # Loading module "log_accounting" from file
> /etc/raddb/mods-enabled/linelog
>    linelog log_accounting {
>         filename = "/var/log/radius/linelog-accounting"
>         escape_filenames = no
>         syslog_severity = "info"
>         permissions = 384
>         format = ""
>         reference = "Accounting-Request.%{%{Acct-Status-Type}:-unknown}"
>    }
>    # Loaded module rlm_logintime
>    # Loading module "logintime" from file /etc/raddb/mods-enabled/logintime
>    logintime {
>         minimum_timeout = 60
>    }
>    # Loaded module rlm_mschap
>    # Loading module "mschap" from file /etc/raddb/mods-enabled/mschap
>    mschap {
>         use_mppe = yes
>         require_encryption = yes
>         require_strong = yes
>         with_ntdomain_hack = yes
>         ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key
> --username=%{mschap:User-Name:-None}
> --domain=%{%{mschap:NT-Domain}:-OCTA.EDU}
> --challenge=%{mschap:Challenge:-00}
> --nt-response=%{mschap:NT-Response:-00}"
>         ntlm_auth_timeout = 10
>     passchange {
>         ntlm_auth = "/usr/bin/ntlm_auth
> --helper-protocol=ntlm-change-password-1"
>         ntlm_auth_username = "username: %{mschap:User-Name}"
>         ntlm_auth_domain = "nt-domain: %{mschap:NT-Domain}"
>     }
>         allow_retry = yes
>         winbind_retry_with_normalised_username = no
>    }
>    # Loading module "ntlm_auth" from file /etc/raddb/mods-enabled/ntlm_auth
>    exec ntlm_auth {
>         wait = yes
>         program = "/usr/bin/ntlm_auth --request-nt-key --domain=OCTA.EDU
> --username=%{mschap:User-Name} --password=%{User-Password}"
>         shell_escape = yes
>    }
>    # Loaded module rlm_pap
>    # Loading module "pap" from file /etc/raddb/mods-enabled/pap
>    pap {
>         normalise = yes
>    }
>    # Loaded module rlm_passwd
>    # Loading module "etc_passwd" from file /etc/raddb/mods-enabled/passwd
>    passwd etc_passwd {
>         filename = "/etc/passwd"
>         format = "*User-Name:Cleartext-Password:"
>         delimiter = ":"
>         ignore_nislike = no
>         ignore_empty = yes
>         allow_multiple_keys = no
>         hash_size = 100
>    }
>    # Loaded module rlm_preprocess
>    # Loading module "preprocess" from file
> /etc/raddb/mods-enabled/preprocess
>    preprocess {
>         huntgroups = "/etc/raddb/mods-config/preprocess/huntgroups"
>         hints = "/etc/raddb/mods-config/preprocess/hints"
>         with_ascend_hack = no
>         ascend_channels_per_line = 23
>         with_ntdomain_hack = no
>         with_specialix_jetstream_hack = no
>         with_cisco_vsa_hack = no
>         with_alvarion_vsa_hack = no
>    }
>    # Loaded module rlm_radutmp
>    # Loading module "radutmp" from file /etc/raddb/mods-enabled/radutmp
>    radutmp {
>         filename = "/var/log/radius/radutmp"
>         username = "%{User-Name}"
>         case_sensitive = no
>         check_with_nas = yes
>         permissions = 384
>         caller_id = yes
>    }
>    # Loaded module rlm_realm
>    # Loading module "IPASS" from file /etc/raddb/mods-enabled/realm
>    realm IPASS {
>         format = "prefix"
>         delimiter = "/"
>         ignore_default = no
>         ignore_null = no
>    }
>    # Loading module "suffix" from file /etc/raddb/mods-enabled/realm
>    realm suffix {
>         format = "suffix"
>         delimiter = "@"
>         ignore_default = no
>         ignore_null = no
>    }
>    # Loading module "realmpercent" from file /etc/raddb/mods-enabled/realm
>    realm realmpercent {
>         format = "suffix"
>         delimiter = "%"
>         ignore_default = no
>         ignore_null = no
>    }
>    # Loading module "ntdomain" from file /etc/raddb/mods-enabled/realm
>    realm ntdomain {
>         format = "prefix"
>         delimiter = "\\"
>         ignore_default = no
>         ignore_null = no
>    }
>    # Loaded module rlm_replicate
>    # Loading module "replicate" from file /etc/raddb/mods-enabled/replicate
>    # Loaded module rlm_soh
>    # Loading module "soh" from file /etc/raddb/mods-enabled/soh
>    soh {
>         dhcp = yes
>    }
>    # Loading module "sradutmp" from file /etc/raddb/mods-enabled/sradutmp
>    radutmp sradutmp {
>         filename = "/var/log/radius/sradutmp"
>         username = "%{User-Name}"
>         case_sensitive = yes
>         check_with_nas = yes
>         permissions = 420
>         caller_id = no
>    }
>    # Loaded module rlm_unix
>    # Loading module "unix" from file /etc/raddb/mods-enabled/unix
>    unix {
>         radwtmp = "/var/log/radius/radwtmp"
>    }
> Creating attribute Unix-Group
>    # Loaded module rlm_unpack
>    # Loading module "unpack" from file /etc/raddb/mods-enabled/unpack
>    # Loaded module rlm_utf8
>    # Loading module "utf8" from file /etc/raddb/mods-enabled/utf8
>    # Loaded module rlm_sql
>    # Loading module "sql" from file /etc/raddb/mods-enabled/sql
>    sql {
>         driver = "rlm_sql_mysql"
>         server = "localhost"
>         port = 3306
>         login = "root"
>         password = <<< secret >>>
>         radius_db = "radius"
>         read_groups = yes
>         read_profiles = yes
>         read_clients = yes
>         delete_stale_sessions = yes
>         sql_user_name = "%{User-Name}"
>         logfile = "/var/log/radius/sqllog.sql"
>         default_user_profile = ""
>         client_query = "SELECT id, nasname, shortname, type, secret,
> server FROM nas"
>         authorize_check_query = "SELECT id, username, attribute, value,
> op
> FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id"
>         authorize_reply_query = "SELECT id, username, attribute, value,
> op
> FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id"
>         authorize_group_check_query = "SELECT id, groupname, attribute,
> Value, op FROM radgroupcheck WHERE groupname = '%{SQL-Group}' ORDER BY
> id"
>         authorize_group_reply_query = "SELECT id, groupname, attribute,
> value, op FROM radgroupreply WHERE groupname = '%{SQL-Group}' ORDER BY
> id"
>         group_membership_query = "SELECT groupname FROM radusergroup
> WHERE
> username = '%{SQL-User-Name}' ORDER BY priority"
>         simul_count_query = "SELECT COUNT(*) FROM radacct WHERE username
> =
> '%{SQL-User-Name}' AND acctstoptime IS NULL"
>         simul_verify_query = "SELECT radacctid, acctsessionid, username,
> nasipaddress, nasportid, framedipaddress, callingstationid,
> framedprotocol FROM radacct WHERE username = '%{SQL-User-Name}' AND
> acctstoptime IS NULL"
>         safe_characters =
> "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
>     accounting {
>         reference = "%{tolower:type.%{Acct-Status-Type}.query}"
>      type {
>       accounting-on {
>         query = "UPDATE radacct SET acctstoptime =
> FROM_UNIXTIME(%{integer:Event-Timestamp}), acctsessiontime      =
> '%{integer:Event-Timestamp}' - UNIX_TIMESTAMP(acctstarttime),
> acctterminatecause = '%{%{Acct-Terminate-Cause}:-NAS-Reboot}' WHERE
> acctstoptime IS NULL AND nasipaddress   = '%{NAS-IP-Address}' AND
> acctstarttime <= FROM_UNIXTIME(%{integer:Event-Timestamp})"
>       }
>       accounting-off {
>         query = "UPDATE radacct SET acctstoptime =
> FROM_UNIXTIME(%{integer:Event-Timestamp}), acctsessiontime      =
> '%{integer:Event-Timestamp}' - UNIX_TIMESTAMP(acctstarttime),
> acctterminatecause = '%{%{Acct-Terminate-Cause}:-NAS-Reboot}' WHERE
> acctstoptime IS NULL AND nasipaddress   = '%{NAS-IP-Address}' AND
> acctstarttime <= FROM_UNIXTIME(%{integer:Event-Timestamp})"
>       }
>       start {
>         query = "INSERT INTO radacct
> (acctsessionid,         acctuniqueid,           username,
> realm,                  nasipaddress,           nasportid,
> nasporttype,            acctstarttime,          acctupdatetime,
> acctstoptime,           acctsessiontime,        acctauthentic,
> connectinfo_start,      connectinfo_stop,       acctinputoctets,
> acctoutputoctets,       calledstationid,        callingstationid,
> acctterminatecause,     servicetype,            framedprotocol,
> framedipaddress)
> VALUES ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}',
> '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}',
> '%{%{NAS-Port-ID}:-%{NAS-Port}}', '%{NAS-Port-Type}',
> FROM_UNIXTIME(%{integer:Event-Timestamp}),
> FROM_UNIXTIME(%{integer:Event-Timestamp}), NULL, '0',
> '%{Acct-Authentic}', '%{Connect-Info}', '', '0', '0',
> '%{Called-Station-Id}', '%{Calling-Station-Id}', '',
> '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}')"
>       }
>       interim-update {
>         query = "UPDATE radacct SET acctupdatetime  =
> (@acctupdatetime_old:=acctupdatetime), acctupdatetime  =
> FROM_UNIXTIME(%{integer:Event-Timestamp}), acctinterval    =
> %{integer:Event-Timestamp} - UNIX_TIMESTAMP(@acctupdatetime_old),
> framedipaddress = '%{Framed-IP-Address}', acctsessiontime =
> %{%{Acct-Session-Time}:-NULL}, acctinputoctets =
> '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}',
> acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' << 32 |
> '%{%{Acct-Output-Octets}:-0}' WHERE AcctUniqueId =
> '%{Acct-Unique-Session-Id}'"
>       }
>       stop {
>         query = "UPDATE radacct SET acctstoptime        =
> FROM_UNIXTIME(%{integer:Event-Timestamp}), acctsessiontime      =
> %{%{Acct-Session-Time}:-NULL}, acctinputoctets  =
> '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}',
> acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' << 32 |
> '%{%{Acct-Output-Octets}:-0}', acctterminatecause =
> '%{Acct-Terminate-Cause}', connectinfo_stop = '%{Connect-Info}' WHERE
> AcctUniqueId = '%{Acct-Unique-Session-Id}'"
>       }
>      }
>     }
>     post-auth {
>         reference = ".query"
>         query = "INSERT INTO radpostauth (username, pass, reply,
> authdate) VALUES ( '%{SQL-User-Name}',
> '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S')"
>     }
>    }
> rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and
> linked
> Creating attribute SQL-Group
>    instantiate {
>    }
>    # Instantiating module "reject" from file /etc/raddb/mods-enabled/always
>    # Instantiating module "fail" from file /etc/raddb/mods-enabled/always
>    # Instantiating module "ok" from file /etc/raddb/mods-enabled/always
>    # Instantiating module "handled" from file
> /etc/raddb/mods-enabled/always
>    # Instantiating module "invalid" from file
> /etc/raddb/mods-enabled/always
>    # Instantiating module "userlock" from file
> /etc/raddb/mods-enabled/always
>    # Instantiating module "notfound" from file
> /etc/raddb/mods-enabled/always
>    # Instantiating module "noop" from file /etc/raddb/mods-enabled/always
>    # Instantiating module "updated" from file
> /etc/raddb/mods-enabled/always
>    # Instantiating module "attr_filter.post-proxy" from file
> /etc/raddb/mods-enabled/attr_filter
> reading pairlist file /etc/raddb/mods-config/attr_filter/post-proxy
>    # Instantiating module "attr_filter.pre-proxy" from file
> /etc/raddb/mods-enabled/attr_filter
> reading pairlist file /etc/raddb/mods-config/attr_filter/pre-proxy
>    # Instantiating module "attr_filter.access_reject" from file
> /etc/raddb/mods-enabled/attr_filter
> reading pairlist file /etc/raddb/mods-config/attr_filter/access_reject
> [/etc/raddb/mods-config/attr_filter/access_reject]:11 Check item
> "FreeRADIUS-Response-Delay"     found in filter list for realm "DEFAULT".
> [/etc/raddb/mods-config/attr_filter/access_reject]:11 Check item
> "FreeRADIUS-Response-Delay-USec"        found in filter list for realm
> "DEFAULT".
>    # Instantiating module "attr_filter.access_challenge" from file
> /etc/raddb/mods-enabled/attr_filter
> reading pairlist file /etc/raddb/mods-config/attr_filter/access_challenge
>    # Instantiating module "attr_filter.accounting_response" from file
> /etc/raddb/mods-enabled/attr_filter
> reading pairlist file
> /etc/raddb/mods-config/attr_filter/accounting_response
>    # Instantiating module "cache_eap" from file
> /etc/raddb/mods-enabled/cache_eap
> rlm_cache (cache_eap): Driver rlm_cache_rbtree (module
> rlm_cache_rbtree) loaded and linked
>    # Instantiating module "detail" from file /etc/raddb/mods-enabled/detail
>    # Instantiating module "auth_log" from file
> /etc/raddb/mods-enabled/detail.log
> rlm_detail (auth_log): 'User-Password' suppressed, will not appear in
> detail output
>    # Instantiating module "reply_log" from file
> /etc/raddb/mods-enabled/detail.log
>    # Instantiating module "pre_proxy_log" from file
> /etc/raddb/mods-enabled/detail.log
>    # Instantiating module "post_proxy_log" from file
> /etc/raddb/mods-enabled/detail.log
>    # Instantiating module "eap" from file /etc/raddb/mods-enabled/eap
>     # Linked to sub-module rlm_eap_tls
>     tls {
>         tls = "tls-common"
>     }
>     tls-config tls-common {
>         verify_depth = 0
>         ca_path = "/etc/raddb/certs"
>         pem_file_type = yes
>         private_key_file = "/etc/raddb/certs/server.pem"
>         certificate_file = "/etc/raddb/certs/server.pem"
>         ca_file = "/etc/raddb/certs/ca.pem"
>         private_key_password = <<< secret >>>
>         fragment_size = 1024
>         include_length = yes
>         auto_chain = yes
>         check_crl = no
>         check_all_crl = no
>         cipher_list = "DEFAULT"
>         cipher_server_preference = no
>         ecdh_curve = "prime256v1"
>      cache {
>         enable = no
>         lifetime = 24
>         max_entries = 255
>      }
>      verify {
>         skip_if_ocsp_ok = no
>      }
>      ocsp {
>         enable = no
>         override_cert_url = yes
>         url = "http://127.0.0.1/ocsp/"
>         use_nonce = yes
>         timeout = 0
>         softfail = no
>      }
>     }
>     # Linked to sub-module rlm_eap_ttls
>     ttls {
>         tls = "tls-common"
>         default_eap_type = "md5"
>         copy_request_to_tunnel = no
>         use_tunneled_reply = no
>         virtual_server = "inner-tunnel"
>         include_length = yes
>         require_client_cert = no
>     }
> tls: Using cached TLS configuration from previous invocation
>     # Linked to sub-module rlm_eap_peap
>     peap {
>         tls = "tls-common"
>         default_eap_type = "mschapv2"
>         copy_request_to_tunnel = yes
>         use_tunneled_reply = yes
>         proxy_tunneled_request_as_eap = no
>         virtual_server = "inner-tunnel"
>         soh = no
>         require_client_cert = no
>     }
> tls: Using cached TLS configuration from previous invocation
>     # Linked to sub-module rlm_eap_mschapv2
>     mschapv2 {
>         with_ntdomain_hack = no
>         send_error = yes
>         identity = "FreeRADIUS"
>     }
>    # Instantiating module "expiration" from file
> /etc/raddb/mods-enabled/expiration
>    # Instantiating module "files" from file /etc/raddb/mods-enabled/files
> reading pairlist file /etc/raddb/mods-config/files/authorize
> reading pairlist file /etc/raddb/mods-config/files/accounting
> reading pairlist file /etc/raddb/mods-config/files/pre-proxy
>    # Instantiating module "linelog" from file
> /etc/raddb/mods-enabled/linelog
>    # Instantiating module "log_accounting" from file
> /etc/raddb/mods-enabled/linelog
>    # Instantiating module "logintime" from file
> /etc/raddb/mods-enabled/logintime
>    # Instantiating module "mschap" from file /etc/raddb/mods-enabled/mschap
> rlm_mschap (mschap): authenticating by calling 'ntlm_auth'
>    # Instantiating module "pap" from file /etc/raddb/mods-enabled/pap
>    # Instantiating module "etc_passwd" from file
> /etc/raddb/mods-enabled/passwd
> rlm_passwd: nfields: 3 keyfield 0(User-Name) listable: no
>    # Instantiating module "preprocess" from file
> /etc/raddb/mods-enabled/preprocess
> reading pairlist file /etc/raddb/mods-config/preprocess/huntgroups
> reading pairlist file /etc/raddb/mods-config/preprocess/hints
>    # Instantiating module "IPASS" from file /etc/raddb/mods-enabled/realm
>    # Instantiating module "suffix" from file /etc/raddb/mods-enabled/realm
>    # Instantiating module "realmpercent" from file
> /etc/raddb/mods-enabled/realm
>    # Instantiating module "ntdomain" from file
> /etc/raddb/mods-enabled/realm
>    # Instantiating module "sql" from file /etc/raddb/mods-enabled/sql
> rlm_sql_mysql: libmysql version: 10.1.37-MariaDB
>     mysql {
>      tls {
>      }
>         warnings = "auto"
>     }
> rlm_sql (sql): Attempting to connect to database "radius"
> rlm_sql (sql): Initialising connection pool
>     pool {
>         start = 5
>         min = 3
>         max = 32
>         spare = 10
>         uses = 0
>         lifetime = 0
>         cleanup_interval = 30
>         idle_timeout = 60
>         retry_delay = 30
>         spread = no
>     }
> rlm_sql (sql): Opening additional connection (0), 1 of 32 pending slots
> used
> rlm_sql_mysql: Starting connect to MySQL server
> rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX
> socket, server version 10.1.37-MariaDB, protocol version 10
> rlm_sql (sql): Opening additional connection (1), 1 of 31 pending slots
> used
> rlm_sql_mysql: Starting connect to MySQL server
> rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX
> socket, server version 10.1.37-MariaDB, protocol version 10
> rlm_sql (sql): Opening additional connection (2), 1 of 30 pending slots
> used
> rlm_sql_mysql: Starting connect to MySQL server
> rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX
> socket, server version 10.1.37-MariaDB, protocol version 10
> rlm_sql (sql): Opening additional connection (3), 1 of 29 pending slots
> used
> rlm_sql_mysql: Starting connect to MySQL server
> rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX
> socket, server version 10.1.37-MariaDB, protocol version 10
> rlm_sql (sql): Opening additional connection (4), 1 of 28 pending slots
> used
> rlm_sql_mysql: Starting connect to MySQL server
> rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX
> socket, server version 10.1.37-MariaDB, protocol version 10
> rlm_sql (sql): Processing generate_sql_clients
> rlm_sql (sql) in generate_sql_clients: query is SELECT id, nasname,
> shortname, type, secret, server FROM nas
> rlm_sql (sql): Reserved connection (0)
> rlm_sql (sql): Executing select query: SELECT id, nasname, shortname,
> type, secret, server FROM nas
> rlm_sql (sql): Adding client 10.0.0.38 (domain controller) to global
> clients list
> rlm_sql (10.0.0.38): Client "domain controller" (sql) added
> rlm_sql (sql): Adding client 10.0.0.39 (domain contr-2) to global clients
> list
> rlm_sql (10.0.0.39): Client "domain contr-2" (sql) added
> rlm_sql (sql): Adding client 10.1.172.16 (team2) to global clients list
> rlm_sql (10.1.172.16): Client "team2" (sql) added
> rlm_sql (sql): Adding client 10.1.172.18 (team4) to global clients list
> rlm_sql (10.1.172.18): Client "team4" (sql) added
> rlm_sql (sql): Adding client 10.1.172.19 (team5) to global clients list
> rlm_sql (10.1.172.19): Client "team5" (sql) added
> rlm_sql (sql): Adding client 10.1.172.20 (team6) to global clients list
> rlm_sql (10.1.172.20): Client "team6" (sql) added
> rlm_sql (sql): Adding client 10.0.0.1 (Local network) to global clients
> list
> rlm_sql (10.0.0.1): Client "Local network" (sql) added
> rlm_sql (sql): Released connection (0)
> Need 5 more connections to reach 10 spares
> rlm_sql (sql): Opening additional connection (5), 1 of 27 pending slots
> used
> rlm_sql_mysql: Starting connect to MySQL server
> rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX
> socket, server version 10.1.37-MariaDB, protocol version 10
>   } # modules
> radiusd: #### Loading Virtual Servers ####
> server { # from file /etc/raddb/radiusd.conf
> } # server
> server default { # from file /etc/raddb/sites-enabled/default
>   # Loading authenticate {...}
>   # Loading authorize {...}
> Ignoring "ldap" (see raddb/mods-available/README.rst)
>   # Loading preacct {...}
>   # Loading accounting {...}
> } # server default
> server inner-tunnel { # from file /etc/raddb/sites-enabled/inner-tunnel
>   # Loading authenticate {...}
>   # Loading authorize {...}
>   # Loading session {...}
>   # Loading post-auth {...}
> } # server inner-tunnel
> radiusd: #### Opening IP addresses and Ports ####
> listen {
>         type = "auth"
>         ipaddr = *
>         port = 0
>     limit {
>         max_connections = 16
>         lifetime = 0
>         idle_timeout = 0
>     }
> Failed binding to auth address * port 1812 bound to server default:
> Address already in use
> /etc/raddb/sites-enabled/default[60]: Error binding to port for
> 0.0.0.0 port 1812
>
>
> Regards,
> S.Lakshmi narayanan
> Quoting Alan DeKok <[hidden email]>:
>
> > On Jan 27, 2019, at 11:35 PM, [hidden email] wrote:
> >>
> >>      I have a problem with accounting .Everything is working fine
> >> on freeradius.Login& authentication sql everything is working
> >> fine.But i have a problem in accounting pocket.We are using
> >> sonciwall firwall in our campus.Those who logged through our radius
> >> server the login information (Radius Accounting) information need
> >> to display on sonicwall user's page.The UDP pocket 1813 not send to
> >> our firewall ip.In the firewall
> >
> >   Then fix that.  This isn't a RADIUS problem.  It's a network
> > problem.  No amount of poking FreeRADIUS will fix the firewall.
> >
> >> i have enable policy allow to all our local network.I have attached
> >> my radiususd -X log to this mail.
> >
> >   Which doesn't show anything useful.
> >
> >> Kindly provide the solution for resolve my issue.The Radius
> >> Accounting information now shows on radacct in the phpmyadmin.
> >>
> >> Regards.
> >> S.Lakshmi narayanan
> >>
> >> <28012019.txt>-
> >
> >   Add the debug output as text.  Don't add an attachment.
> >
> > http://wiki.freeradius.org/list-help
> >
> >   Alan DeKok.
> >
> >
> > -
> > List info/subscribe/unsubscribe? See
> > http://www.freeradius.org/list/users.html
>
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: radius accounting issue.

slnarayanan
Hai,

    As per your instruction i have given the details for radiusd -X  
report to this mail as a text

FreeRADIUS Version 3.0.13
Copyright (C) 1999-2017 The FreeRADIUS server project and contributors
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License
For more information about these matters, see the file named COPYRIGHT
Starting - reading configuration files ...
including dictionary file /usr/share/freeradius/dictionary
including dictionary file /usr/share/freeradius/dictionary.dhcp
including dictionary file /usr/share/freeradius/dictionary.vqp
including dictionary file /etc/raddb/dictionary
including configuration file /etc/raddb/radiusd.conf
including configuration file /etc/raddb/proxy.conf
including configuration file /etc/raddb/clients.conf
including files in directory /etc/raddb/mods-enabled/
including configuration file /etc/raddb/mods-enabled/always
including configuration file /etc/raddb/mods-enabled/attr_filter
including configuration file /etc/raddb/mods-enabled/cache_eap
including configuration file /etc/raddb/mods-enabled/chap
including configuration file /etc/raddb/mods-enabled/date
including configuration file /etc/raddb/mods-enabled/detail
including configuration file /etc/raddb/mods-enabled/detail.log
including configuration file /etc/raddb/mods-enabled/dhcp
including configuration file /etc/raddb/mods-enabled/digest
including configuration file /etc/raddb/mods-enabled/dynamic_clients
including configuration file /etc/raddb/mods-enabled/eap
including configuration file /etc/raddb/mods-enabled/echo
including configuration file /etc/raddb/mods-enabled/exec
including configuration file /etc/raddb/mods-enabled/expiration
including configuration file /etc/raddb/mods-enabled/expr
including configuration file /etc/raddb/mods-enabled/files
including configuration file /etc/raddb/mods-enabled/linelog
including configuration file /etc/raddb/mods-enabled/logintime
including configuration file /etc/raddb/mods-enabled/mschap
including configuration file /etc/raddb/mods-enabled/ntlm_auth
including configuration file /etc/raddb/mods-enabled/pap
including configuration file /etc/raddb/mods-enabled/passwd
including configuration file /etc/raddb/mods-enabled/preprocess
including configuration file /etc/raddb/mods-enabled/radutmp
including configuration file /etc/raddb/mods-enabled/realm
including configuration file /etc/raddb/mods-enabled/replicate
including configuration file /etc/raddb/mods-enabled/soh
including configuration file /etc/raddb/mods-enabled/sradutmp
including configuration file /etc/raddb/mods-enabled/unix
including configuration file /etc/raddb/mods-enabled/unpack
including configuration file /etc/raddb/mods-enabled/utf8
including configuration file /etc/raddb/mods-enabled/sql
including configuration file  
/etc/raddb/mods-config/sql/main/mysql/queries.conf
including files in directory /etc/raddb/policy.d/
including configuration file /etc/raddb/policy.d/accounting
including configuration file /etc/raddb/policy.d/canonicalization
including configuration file /etc/raddb/policy.d/control
including configuration file /etc/raddb/policy.d/cui
including configuration file /etc/raddb/policy.d/debug
including configuration file /etc/raddb/policy.d/dhcp
including configuration file /etc/raddb/policy.d/eap
including configuration file /etc/raddb/policy.d/filter
including configuration file /etc/raddb/policy.d/operator-name
including files in directory /etc/raddb/sites-enabled/
including configuration file /etc/raddb/sites-enabled/default
including configuration file /etc/raddb/sites-enabled/inner-tunnel
main {
  security {
  user = "radiusd"
  group = "radiusd"
  allow_core_dumps = no
  }
        name = "radiusd"
        prefix = "/usr"
        localstatedir = "/var"
        logdir = "/var/log/radius"
        run_dir = "/var/run/radiusd"
}
main {
        name = "radiusd"
        prefix = "/usr"
        localstatedir = "/var"
        sbindir = "/usr/sbin"
        logdir = "/var/log/radius"
        run_dir = "/var/run/radiusd"
        libdir = "/usr/lib64/freeradius"
        radacctdir = "/var/log/radius/radacct"
        hostname_lookups = no
        max_request_time = 30
        cleanup_delay = 5
        max_requests = 16384
        pidfile = "/var/run/radiusd/radiusd.pid"
        checkrad = "/usr/sbin/checkrad"
        debug_level = 0
        proxy_requests = no
  log {
  stripped_names = yes
  auth = yes
  auth_badpass = yes
  auth_goodpass = yes
  colourise = yes
  msg_denied = "You are already logged in - access denied"
  }
  resources {
  }
  security {
  max_attributes = 200
  reject_delay = 1.000000
  status_server = yes
  }
}
radiusd: #### Loading Realms and Home Servers ####
  proxy server {
  retry_delay = 5
  retry_count = 3
  default_fallback = no
  dead_time = 120
  wake_all_if_all_dead = no
  }
  home_server localhost {
  ipaddr = 127.0.0.1
  port = 1812
  type = "auth"
  secret = <<< secret >>>
  response_window = 20.000000
  response_timeouts = 1
  max_outstanding = 65536
  zombie_period = 40
  status_check = "status-server"
  ping_interval = 30
  check_interval = 30
  check_timeout = 4
  num_answers_to_alive = 3
  revive_interval = 120
   limit {
    max_connections = 16
    max_requests = 0
    lifetime = 0
    idle_timeout = 0
   }
   coa {
    irt = 2
    mrt = 16
    mrc = 5
    mrd = 30
   }
  }
  home_server_pool my_auth_failover {
        type = fail-over
        home_server = localhost
  }
  realm example.com {
        auth_pool = my_auth_failover
  }
  realm LOCAL {
  }
  realm int {
        virtual_server = inner-tunnel
  }
radiusd: #### Loading Clients ####
  client localhost {
  ipv4addr = *
  require_message_authenticator = no
  secret = <<< secret >>>
  nas_type = "other"
  proto = "udp"
   limit {
    max_connections = 16
    lifetime = 0
    idle_timeout = 0
   }
  }
Debugger not attached
  # Creating Auth-Type = mschap
  # Creating Auth-Type = eap
  # Creating Auth-Type = NTLMAuth
  # Creating Auth-Type = MS-CHAP
  # Creating Autz-Type = Status-Server
  # Creating Acct-Type = Status-Server
  # Creating Auth-Type = NTLM_AUTH
radiusd: #### Instantiating modules ####
  modules {
   # Loaded module rlm_always
   # Loading module "reject" from file /etc/raddb/mods-enabled/always
   always reject {
    rcode = "reject"
    simulcount = 0
    mpp = no
   }
   # Loading module "fail" from file /etc/raddb/mods-enabled/always
   always fail {
    rcode = "fail"
    simulcount = 0
    mpp = no
   }
   # Loading module "ok" from file /etc/raddb/mods-enabled/always
   always ok {
    rcode = "ok"
    simulcount = 0
    mpp = no
   }
   # Loading module "handled" from file /etc/raddb/mods-enabled/always
   always handled {
    rcode = "handled"
    simulcount = 0
    mpp = no
   }
   # Loading module "invalid" from file /etc/raddb/mods-enabled/always
   always invalid {
    rcode = "invalid"
    simulcount = 0
    mpp = no
   }
   # Loading module "userlock" from file /etc/raddb/mods-enabled/always
   always userlock {
    rcode = "userlock"
    simulcount = 0
    mpp = no
   }
   # Loading module "notfound" from file /etc/raddb/mods-enabled/always
   always notfound {
    rcode = "notfound"
    simulcount = 0
    mpp = no
   }
   # Loading module "noop" from file /etc/raddb/mods-enabled/always
   always noop {
    rcode = "noop"
    simulcount = 0
    mpp = no
   }
   # Loading module "updated" from file /etc/raddb/mods-enabled/always
   always updated {
    rcode = "updated"
    simulcount = 0
    mpp = no
   }
   # Loaded module rlm_attr_filter
   # Loading module "attr_filter.post-proxy" from file  
/etc/raddb/mods-enabled/attr_filter
   attr_filter attr_filter.post-proxy {
    filename = "/etc/raddb/mods-config/attr_filter/post-proxy"
    key = "%{Realm}"
    relaxed = no
   }
   # Loading module "attr_filter.pre-proxy" from file  
/etc/raddb/mods-enabled/attr_filter
   attr_filter attr_filter.pre-proxy {
    filename = "/etc/raddb/mods-config/attr_filter/pre-proxy"
    key = "%{Realm}"
    relaxed = no
   }
   # Loading module "attr_filter.access_reject" from file  
/etc/raddb/mods-enabled/attr_filter
   attr_filter attr_filter.access_reject {
    filename = "/etc/raddb/mods-config/attr_filter/access_reject"
    key = "%{User-Name}"
    relaxed = no
   }
   # Loading module "attr_filter.access_challenge" from file  
/etc/raddb/mods-enabled/attr_filter
   attr_filter attr_filter.access_challenge {
    filename = "/etc/raddb/mods-config/attr_filter/access_challenge"
    key = "%{User-Name}"
    relaxed = no
   }
   # Loading module "attr_filter.accounting_response" from file  
/etc/raddb/mods-enabled/attr_filter
   attr_filter attr_filter.accounting_response {
    filename = "/etc/raddb/mods-config/attr_filter/accounting_response"
    key = "%{User-Name}"
    relaxed = no
   }
   # Loaded module rlm_cache
   # Loading module "cache_eap" from file /etc/raddb/mods-enabled/cache_eap
   cache cache_eap {
    driver = "rlm_cache_rbtree"
    key = "%{%{control:State}:-%{%{reply:State}:-%{State}}}"
    ttl = 15
    max_entries = 0
    epoch = 0
    add_stats = no
   }
   # Loaded module rlm_chap
   # Loading module "chap" from file /etc/raddb/mods-enabled/chap
   # Loaded module rlm_date
   # Loading module "date" from file /etc/raddb/mods-enabled/date
   date {
    format = "%b %e %Y %H:%M:%S %Z"
   }
   # Loaded module rlm_detail
   # Loading module "detail" from file /etc/raddb/mods-enabled/detail
   detail {
    filename =  
"/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d"
    header = "%t"
    permissions = 384
    locking = no
    escape_filenames = no
    log_packet_header = no
   }
   # Loading module "auth_log" from file /etc/raddb/mods-enabled/detail.log
   detail auth_log {
    filename =  
"/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d"
    header = "%t"
    permissions = 384
    locking = no
    escape_filenames = no
    log_packet_header = no
   }
   # Loading module "reply_log" from file /etc/raddb/mods-enabled/detail.log
   detail reply_log {
    filename =  
"/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/reply-detail-%Y%m%d"
    header = "%t"
    permissions = 384
    locking = no
    escape_filenames = no
    log_packet_header = no
   }
   # Loading module "pre_proxy_log" from file  
/etc/raddb/mods-enabled/detail.log
   detail pre_proxy_log {
    filename =  
"/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/pre-proxy-detail-%Y%m%d"
    header = "%t"
    permissions = 384
    locking = no
    escape_filenames = no
    log_packet_header = no
   }
   # Loading module "post_proxy_log" from file  
/etc/raddb/mods-enabled/detail.log
   detail post_proxy_log {
    filename =  
"/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/post-proxy-detail-%Y%m%d"
    header = "%t"
    permissions = 384
    locking = no
    escape_filenames = no
    log_packet_header = no
   }
   # Loaded module rlm_dhcp
   # Loading module "dhcp" from file /etc/raddb/mods-enabled/dhcp
   # Loaded module rlm_digest
   # Loading module "digest" from file /etc/raddb/mods-enabled/digest
   # Loaded module rlm_dynamic_clients
   # Loading module "dynamic_clients" from file  
/etc/raddb/mods-enabled/dynamic_clients
   # Loaded module rlm_eap
   # Loading module "eap" from file /etc/raddb/mods-enabled/eap
   eap {
    default_eap_type = "peap"
    timer_expire = 60
    ignore_unknown_eap_types = no
    cisco_accounting_username_bug = no
    max_sessions = 16384
   }
   # Loaded module rlm_exec
   # Loading module "echo" from file /etc/raddb/mods-enabled/echo
   exec echo {
    wait = yes
    program = "/bin/echo %{User-Name}"
    input_pairs = "request"
    output_pairs = "reply"
    shell_escape = yes
   }
   # Loading module "exec" from file /etc/raddb/mods-enabled/exec
   exec {
    wait = no
    input_pairs = "request"
    shell_escape = yes
    timeout = 10
   }
   # Loaded module rlm_expiration
   # Loading module "expiration" from file /etc/raddb/mods-enabled/expiration
   # Loaded module rlm_expr
   # Loading module "expr" from file /etc/raddb/mods-enabled/expr
   expr {
    safe_characters =  
"@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_:  
/äéöüàâæçèéêëîïôœùûüaÿÄÉÖÜßÀÂÆÇÈÉÊËÎÏÔŒÙÛÜŸ"
   }
   # Loaded module rlm_files
   # Loading module "files" from file /etc/raddb/mods-enabled/files
   files {
    filename = "/etc/raddb/mods-config/files/authorize"
    acctusersfile = "/etc/raddb/mods-config/files/accounting"
    preproxy_usersfile = "/etc/raddb/mods-config/files/pre-proxy"
   }
   # Loaded module rlm_linelog
   # Loading module "linelog" from file /etc/raddb/mods-enabled/linelog
   linelog {
    filename = "/var/log/radius/linelog"
    escape_filenames = no
    syslog_severity = "info"
    permissions = 384
    format = "This is a log message for %{User-Name}"
    reference = "messages.%{%{reply:Packet-Type}:-default}"
   }
   # Loading module "log_accounting" from file /etc/raddb/mods-enabled/linelog
   linelog log_accounting {
    filename = "/var/log/radius/linelog-accounting"
    escape_filenames = no
    syslog_severity = "info"
    permissions = 384
    format = ""
    reference = "Accounting-Request.%{%{Acct-Status-Type}:-unknown}"
   }
   # Loaded module rlm_logintime
   # Loading module "logintime" from file /etc/raddb/mods-enabled/logintime
   logintime {
    minimum_timeout = 60
   }
   # Loaded module rlm_mschap
   # Loading module "mschap" from file /etc/raddb/mods-enabled/mschap
   mschap {
    use_mppe = yes
    require_encryption = yes
    require_strong = yes
    with_ntdomain_hack = yes
    ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key  
--username=%{mschap:User-Name:-None}  
--domain=%{%{mschap:NT-Domain}:-OCTA.EDU}  
--challenge=%{mschap:Challenge:-00}  
--nt-response=%{mschap:NT-Response:-00}"
    ntlm_auth_timeout = 10
    passchange {
    ntlm_auth = "/usr/bin/ntlm_auth --helper-protocol=ntlm-change-password-1"
    ntlm_auth_username = "username: %{mschap:User-Name}"
    ntlm_auth_domain = "nt-domain: %{mschap:NT-Domain}"
    }
    allow_retry = yes
    winbind_retry_with_normalised_username = no
   }
   # Loading module "ntlm_auth" from file /etc/raddb/mods-enabled/ntlm_auth
   exec ntlm_auth {
    wait = yes
    program = "/usr/bin/ntlm_auth --request-nt-key --domain=OCTA.EDU  
--username=%{mschap:User-Name} --password=%{User-Password}"
    shell_escape = yes
   }
   # Loaded module rlm_pap
   # Loading module "pap" from file /etc/raddb/mods-enabled/pap
   pap {
    normalise = yes
   }
   # Loaded module rlm_passwd
   # Loading module "etc_passwd" from file /etc/raddb/mods-enabled/passwd
   passwd etc_passwd {
    filename = "/etc/passwd"
    format = "*User-Name:Cleartext-Password:"
    delimiter = ":"
    ignore_nislike = no
    ignore_empty = yes
    allow_multiple_keys = no
    hash_size = 100
   }
   # Loaded module rlm_preprocess
   # Loading module "preprocess" from file /etc/raddb/mods-enabled/preprocess
   preprocess {
    huntgroups = "/etc/raddb/mods-config/preprocess/huntgroups"
    hints = "/etc/raddb/mods-config/preprocess/hints"
    with_ascend_hack = no
    ascend_channels_per_line = 23
    with_ntdomain_hack = no
    with_specialix_jetstream_hack = no
    with_cisco_vsa_hack = no
    with_alvarion_vsa_hack = no
   }
   # Loaded module rlm_radutmp
   # Loading module "radutmp" from file /etc/raddb/mods-enabled/radutmp
   radutmp {
    filename = "/var/log/radius/radutmp"
    username = "%{User-Name}"
    case_sensitive = no
    check_with_nas = yes
    permissions = 384
    caller_id = yes
   }
   # Loaded module rlm_realm
   # Loading module "IPASS" from file /etc/raddb/mods-enabled/realm
   realm IPASS {
    format = "prefix"
    delimiter = "/"
    ignore_default = no
    ignore_null = no
   }
   # Loading module "suffix" from file /etc/raddb/mods-enabled/realm
   realm suffix {
    format = "suffix"
    delimiter = "@"
    ignore_default = no
    ignore_null = no
   }
   # Loading module "realmpercent" from file /etc/raddb/mods-enabled/realm
   realm realmpercent {
    format = "suffix"
    delimiter = "%"
    ignore_default = no
    ignore_null = no
   }
   # Loading module "ntdomain" from file /etc/raddb/mods-enabled/realm
   realm ntdomain {
    format = "prefix"
    delimiter = "\\"
    ignore_default = no
    ignore_null = no
   }
   # Loaded module rlm_replicate
   # Loading module "replicate" from file /etc/raddb/mods-enabled/replicate
   # Loaded module rlm_soh
   # Loading module "soh" from file /etc/raddb/mods-enabled/soh
   soh {
    dhcp = yes
   }
   # Loading module "sradutmp" from file /etc/raddb/mods-enabled/sradutmp
   radutmp sradutmp {
    filename = "/var/log/radius/sradutmp"
    username = "%{User-Name}"
    case_sensitive = yes
    check_with_nas = yes
    permissions = 420
    caller_id = no
   }
   # Loaded module rlm_unix
   # Loading module "unix" from file /etc/raddb/mods-enabled/unix
   unix {
    radwtmp = "/var/log/radius/radwtmp"
   }
Creating attribute Unix-Group
   # Loaded module rlm_unpack
   # Loading module "unpack" from file /etc/raddb/mods-enabled/unpack
   # Loaded module rlm_utf8
   # Loading module "utf8" from file /etc/raddb/mods-enabled/utf8
   # Loaded module rlm_sql
   # Loading module "sql" from file /etc/raddb/mods-enabled/sql
   sql {
    driver = "rlm_sql_mysql"
    server = "localhost"
    port = 3306
    login = "root"
    password = <<< secret >>>
    radius_db = "radius"
    read_groups = yes
    read_profiles = yes
    read_clients = yes
    delete_stale_sessions = yes
    sql_user_name = "%{User-Name}"
    logfile = "/var/log/radius/sqllog.sql"
    default_user_profile = ""
    client_query = "SELECT id, nasname, shortname, type, secret,  
server FROM nas"
    authorize_check_query = "SELECT id, username, attribute, value, op  
FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id"
    authorize_reply_query = "SELECT id, username, attribute, value, op  
FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id"
    authorize_group_check_query = "SELECT id, groupname, attribute,  
Value, op FROM radgroupcheck WHERE groupname = '%{SQL-Group}' ORDER BY  
id"
    authorize_group_reply_query = "SELECT id, groupname, attribute,  
value, op FROM radgroupreply WHERE groupname = '%{SQL-Group}' ORDER BY  
id"
    group_membership_query = "SELECT groupname FROM radusergroup WHERE  
username = '%{SQL-User-Name}' ORDER BY priority"
    simul_count_query = "SELECT COUNT(*) FROM radacct WHERE username =  
'%{SQL-User-Name}' AND acctstoptime IS NULL"
    simul_verify_query = "SELECT radacctid, acctsessionid, username,  
nasipaddress, nasportid, framedipaddress, callingstationid,  
framedprotocol FROM radacct WHERE username = '%{SQL-User-Name}' AND  
acctstoptime IS NULL"
    safe_characters =  
"@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
    accounting {
    reference = "%{tolower:type.%{Acct-Status-Type}.query}"
     type {
      accounting-on {
      query = "UPDATE radacct SET acctstoptime =  
FROM_UNIXTIME(%{integer:Event-Timestamp}), acctsessiontime =  
'%{integer:Event-Timestamp}' - UNIX_TIMESTAMP(acctstarttime),  
acctterminatecause = '%{%{Acct-Terminate-Cause}:-NAS-Reboot}' WHERE  
acctstoptime IS NULL AND nasipaddress   = '%{NAS-IP-Address}' AND  
acctstarttime <= FROM_UNIXTIME(%{integer:Event-Timestamp})"
      }
      accounting-off {
      query = "UPDATE radacct SET acctstoptime =  
FROM_UNIXTIME(%{integer:Event-Timestamp}), acctsessiontime =  
'%{integer:Event-Timestamp}' - UNIX_TIMESTAMP(acctstarttime),  
acctterminatecause = '%{%{Acct-Terminate-Cause}:-NAS-Reboot}' WHERE  
acctstoptime IS NULL AND nasipaddress   = '%{NAS-IP-Address}' AND  
acctstarttime <= FROM_UNIXTIME(%{integer:Event-Timestamp})"
      }
      start {
      query = "INSERT INTO radacct  
(acctsessionid, acctuniqueid, username,  
realm, nasipaddress, nasportid,  
nasporttype, acctstarttime, acctupdatetime,  
acctstoptime, acctsessiontime, acctauthentic,  
connectinfo_start, connectinfo_stop, acctinputoctets,  
acctoutputoctets, calledstationid, callingstationid,  
acctterminatecause, servicetype, framedprotocol, framedipaddress)  
VALUES ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}',  
'%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}',  
'%{%{NAS-Port-ID}:-%{NAS-Port}}', '%{NAS-Port-Type}',  
FROM_UNIXTIME(%{integer:Event-Timestamp}),  
FROM_UNIXTIME(%{integer:Event-Timestamp}), NULL, '0',  
'%{Acct-Authentic}', '%{Connect-Info}', '', '0', '0',  
'%{Called-Station-Id}', '%{Calling-Station-Id}', '',  
'%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}')"
      }
      interim-update {
      query = "UPDATE radacct SET acctupdatetime  =  
(@acctupdatetime_old:=acctupdatetime), acctupdatetime  =  
FROM_UNIXTIME(%{integer:Event-Timestamp}), acctinterval    =  
%{integer:Event-Timestamp} - UNIX_TIMESTAMP(@acctupdatetime_old),  
framedipaddress = '%{Framed-IP-Address}', acctsessiontime =  
%{%{Acct-Session-Time}:-NULL}, acctinputoctets =  
'%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}',  
acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' << 32 |  
'%{%{Acct-Output-Octets}:-0}' WHERE AcctUniqueId =  
'%{Acct-Unique-Session-Id}'"
      }
      stop {
      query = "UPDATE radacct SET acctstoptime =  
FROM_UNIXTIME(%{integer:Event-Timestamp}), acctsessiontime =  
%{%{Acct-Session-Time}:-NULL}, acctinputoctets =  
'%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}',  
acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' << 32 |  
'%{%{Acct-Output-Octets}:-0}', acctterminatecause =  
'%{Acct-Terminate-Cause}', connectinfo_stop = '%{Connect-Info}' WHERE  
AcctUniqueId = '%{Acct-Unique-Session-Id}'"
      }
     }
    }
    post-auth {
    reference = ".query"
    query = "INSERT INTO radpostauth (username, pass, reply,  
authdate) VALUES ( '%{SQL-User-Name}',  
'%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S')"
    }
   }
rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked
Creating attribute SQL-Group
   instantiate {
   }
   # Instantiating module "reject" from file /etc/raddb/mods-enabled/always
   # Instantiating module "fail" from file /etc/raddb/mods-enabled/always
   # Instantiating module "ok" from file /etc/raddb/mods-enabled/always
   # Instantiating module "handled" from file /etc/raddb/mods-enabled/always
   # Instantiating module "invalid" from file /etc/raddb/mods-enabled/always
   # Instantiating module "userlock" from file /etc/raddb/mods-enabled/always
   # Instantiating module "notfound" from file /etc/raddb/mods-enabled/always
   # Instantiating module "noop" from file /etc/raddb/mods-enabled/always
   # Instantiating module "updated" from file /etc/raddb/mods-enabled/always
   # Instantiating module "attr_filter.post-proxy" from file  
/etc/raddb/mods-enabled/attr_filter
reading pairlist file /etc/raddb/mods-config/attr_filter/post-proxy
   # Instantiating module "attr_filter.pre-proxy" from file  
/etc/raddb/mods-enabled/attr_filter
reading pairlist file /etc/raddb/mods-config/attr_filter/pre-proxy
   # Instantiating module "attr_filter.access_reject" from file  
/etc/raddb/mods-enabled/attr_filter
reading pairlist file /etc/raddb/mods-config/attr_filter/access_reject
[/etc/raddb/mods-config/attr_filter/access_reject]:11 Check item  
"FreeRADIUS-Response-Delay" found in filter list for realm "DEFAULT".
[/etc/raddb/mods-config/attr_filter/access_reject]:11 Check item  
"FreeRADIUS-Response-Delay-USec" found in filter list for realm  
"DEFAULT".
   # Instantiating module "attr_filter.access_challenge" from file  
/etc/raddb/mods-enabled/attr_filter
reading pairlist file /etc/raddb/mods-config/attr_filter/access_challenge
   # Instantiating module "attr_filter.accounting_response" from file  
/etc/raddb/mods-enabled/attr_filter
reading pairlist file /etc/raddb/mods-config/attr_filter/accounting_response
   # Instantiating module "cache_eap" from file  
/etc/raddb/mods-enabled/cache_eap
rlm_cache (cache_eap): Driver rlm_cache_rbtree (module  
rlm_cache_rbtree) loaded and linked
   # Instantiating module "detail" from file /etc/raddb/mods-enabled/detail
   # Instantiating module "auth_log" from file  
/etc/raddb/mods-enabled/detail.log
rlm_detail (auth_log): 'User-Password' suppressed, will not appear in  
detail output
   # Instantiating module "reply_log" from file  
/etc/raddb/mods-enabled/detail.log
   # Instantiating module "pre_proxy_log" from file  
/etc/raddb/mods-enabled/detail.log
   # Instantiating module "post_proxy_log" from file  
/etc/raddb/mods-enabled/detail.log
   # Instantiating module "eap" from file /etc/raddb/mods-enabled/eap
    # Linked to sub-module rlm_eap_tls
    tls {
    tls = "tls-common"
    }
    tls-config tls-common {
    verify_depth = 0
    ca_path = "/etc/raddb/certs"
    pem_file_type = yes
    private_key_file = "/etc/raddb/certs/server.pem"
    certificate_file = "/etc/raddb/certs/server.pem"
    ca_file = "/etc/raddb/certs/ca.pem"
    private_key_password = <<< secret >>>
    fragment_size = 1024
    include_length = yes
    auto_chain = yes
    check_crl = no
    check_all_crl = no
    cipher_list = "DEFAULT"
    cipher_server_preference = no
    ecdh_curve = "prime256v1"
     cache {
      enable = no
      lifetime = 24
      max_entries = 255
     }
     verify {
      skip_if_ocsp_ok = no
     }
     ocsp {
      enable = no
      override_cert_url = yes
      url = "http://127.0.0.1/ocsp/"
      use_nonce = yes
      timeout = 0
      softfail = no
     }
    }
    # Linked to sub-module rlm_eap_ttls
    ttls {
    tls = "tls-common"
    default_eap_type = "md5"
    copy_request_to_tunnel = no
    use_tunneled_reply = no
    virtual_server = "inner-tunnel"
    include_length = yes
    require_client_cert = no
    }
tls: Using cached TLS configuration from previous invocation
    # Linked to sub-module rlm_eap_peap
    peap {
    tls = "tls-common"
    default_eap_type = "mschapv2"
    copy_request_to_tunnel = yes
    use_tunneled_reply = yes
    proxy_tunneled_request_as_eap = no
    virtual_server = "inner-tunnel"
    soh = no
    require_client_cert = no
    }
tls: Using cached TLS configuration from previous invocation
    # Linked to sub-module rlm_eap_mschapv2
    mschapv2 {
    with_ntdomain_hack = no
    send_error = yes
    identity = "FreeRADIUS"
    }
   # Instantiating module "expiration" from file  
/etc/raddb/mods-enabled/expiration
   # Instantiating module "files" from file /etc/raddb/mods-enabled/files
reading pairlist file /etc/raddb/mods-config/files/authorize
reading pairlist file /etc/raddb/mods-config/files/accounting
reading pairlist file /etc/raddb/mods-config/files/pre-proxy
   # Instantiating module "linelog" from file /etc/raddb/mods-enabled/linelog
   # Instantiating module "log_accounting" from file  
/etc/raddb/mods-enabled/linelog
   # Instantiating module "logintime" from file  
/etc/raddb/mods-enabled/logintime
   # Instantiating module "mschap" from file /etc/raddb/mods-enabled/mschap
rlm_mschap (mschap): authenticating by calling 'ntlm_auth'
   # Instantiating module "pap" from file /etc/raddb/mods-enabled/pap
   # Instantiating module "etc_passwd" from file /etc/raddb/mods-enabled/passwd
rlm_passwd: nfields: 3 keyfield 0(User-Name) listable: no
   # Instantiating module "preprocess" from file  
/etc/raddb/mods-enabled/preprocess
reading pairlist file /etc/raddb/mods-config/preprocess/huntgroups
reading pairlist file /etc/raddb/mods-config/preprocess/hints
   # Instantiating module "IPASS" from file /etc/raddb/mods-enabled/realm
   # Instantiating module "suffix" from file /etc/raddb/mods-enabled/realm
   # Instantiating module "realmpercent" from file  
/etc/raddb/mods-enabled/realm
   # Instantiating module "ntdomain" from file /etc/raddb/mods-enabled/realm
   # Instantiating module "sql" from file /etc/raddb/mods-enabled/sql
rlm_sql_mysql: libmysql version: 10.1.37-MariaDB
    mysql {
     tls {
     }
    warnings = "auto"
    }
rlm_sql (sql): Attempting to connect to database "radius"
rlm_sql (sql): Initialising connection pool
    pool {
    start = 5
    min = 3
    max = 32
    spare = 10
    uses = 0
    lifetime = 0
    cleanup_interval = 30
    idle_timeout = 60
    retry_delay = 30
    spread = no
    }
rlm_sql (sql): Opening additional connection (0), 1 of 32 pending slots used
rlm_sql_mysql: Starting connect to MySQL server
rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX  
socket, server version 10.1.37-MariaDB, protocol version 10
rlm_sql (sql): Opening additional connection (1), 1 of 31 pending slots used
rlm_sql_mysql: Starting connect to MySQL server
rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX  
socket, server version 10.1.37-MariaDB, protocol version 10
rlm_sql (sql): Opening additional connection (2), 1 of 30 pending slots used
rlm_sql_mysql: Starting connect to MySQL server
rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX  
socket, server version 10.1.37-MariaDB, protocol version 10
rlm_sql (sql): Opening additional connection (3), 1 of 29 pending slots used
rlm_sql_mysql: Starting connect to MySQL server
rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX  
socket, server version 10.1.37-MariaDB, protocol version 10
rlm_sql (sql): Opening additional connection (4), 1 of 28 pending slots used
rlm_sql_mysql: Starting connect to MySQL server
rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX  
socket, server version 10.1.37-MariaDB, protocol version 10
rlm_sql (sql): Processing generate_sql_clients
rlm_sql (sql) in generate_sql_clients: query is SELECT id, nasname,  
shortname, type, secret, server FROM nas
rlm_sql (sql): Reserved connection (0)
rlm_sql (sql): Executing select query: SELECT id, nasname, shortname,  
type, secret, server FROM nas
rlm_sql (sql): Adding client 10.0.0.38 (domain controller) to global  
clients list
rlm_sql (10.0.0.38): Client "domain controller" (sql) added
rlm_sql (sql): Adding client 10.0.0.39 (domain contr-2) to global clients list
rlm_sql (10.0.0.39): Client "domain contr-2" (sql) added
rlm_sql (sql): Adding client 10.1.172.16 (team2) to global clients list
rlm_sql (10.1.172.16): Client "team2" (sql) added
rlm_sql (sql): Adding client 10.1.172.18 (team4) to global clients list
rlm_sql (10.1.172.18): Client "team4" (sql) added
rlm_sql (sql): Adding client 10.1.172.19 (team5) to global clients list
rlm_sql (10.1.172.19): Client "team5" (sql) added
rlm_sql (sql): Adding client 10.1.172.20 (team6) to global clients list
rlm_sql (10.1.172.20): Client "team6" (sql) added
rlm_sql (sql): Adding client 10.0.0.1 (Local network) to global clients list
rlm_sql (10.0.0.1): Client "Local network" (sql) added
rlm_sql (sql): Released connection (0)
Need 5 more connections to reach 10 spares
rlm_sql (sql): Opening additional connection (5), 1 of 27 pending slots used
rlm_sql_mysql: Starting connect to MySQL server
rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX  
socket, server version 10.1.37-MariaDB, protocol version 10
  } # modules
radiusd: #### Loading Virtual Servers ####
server { # from file /etc/raddb/radiusd.conf
} # server
server default { # from file /etc/raddb/sites-enabled/default
  # Loading authenticate {...}
  # Loading authorize {...}
Ignoring "ldap" (see raddb/mods-available/README.rst)
  # Loading preacct {...}
  # Loading accounting {...}
} # server default
server inner-tunnel { # from file /etc/raddb/sites-enabled/inner-tunnel
  # Loading authenticate {...}
  # Loading authorize {...}
  # Loading session {...}
  # Loading post-auth {...}
} # server inner-tunnel
radiusd: #### Opening IP addresses and Ports ####
listen {
    type = "auth"
    ipaddr = *
    port = 0
    limit {
    max_connections = 16
    lifetime = 0
    idle_timeout = 0
    }
}
listen {
    type = "acct"
    ipaddr = *
    port = 0
    limit {
    max_connections = 16
    lifetime = 0
    idle_timeout = 30
    }
}
listen {
    type = "auth"
    ipv6addr = ::
    port = 0
    limit {
    max_connections = 16
    lifetime = 0
    idle_timeout = 30
    }
}
listen {
    type = "acct"
    ipv6addr = ::
    port = 0
    limit {
    max_connections = 16
    lifetime = 0
    idle_timeout = 30
    }
}
listen {
    type = "auth"
    ipaddr = 127.0.0.1
    port = 18120
}
Listening on auth address * port 1812 bound to server default
Listening on acct address * port 1813 bound to server default
Listening on auth address :: port 1812 bound to server default
Listening on acct address :: port 1813 bound to server default
Listening on auth address 127.0.0.1 port 18120 bound to server inner-tunnel
Ready to process requests


Regards,
S.Lakshmi narayanan

Quoting Eero Volotinen <[hidden email]>:

> You can really run two instances of radius in same port. stop it first and
> then run with parameter -X
>
> Eero
>
> On Tue, Jan 29, 2019 at 6:09 AM <[hidden email]> wrote:
>
>> Hi,
>>
>>     As per you instruction i have given the details for radiusd -X
>> report to this mail as a text.
>>
>> FreeRADIUS Version 3.0.13
>> Copyright (C) 1999-2017 The FreeRADIUS server project and contributors
>> There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
>> PARTICULAR PURPOSE
>> You may redistribute copies of FreeRADIUS under the terms of the
>> GNU General Public License
>> For more information about these matters, see the file named COPYRIGHT
>> Starting - reading configuration files ...
>> including dictionary file /usr/share/freeradius/dictionary
>> including dictionary file /usr/share/freeradius/dictionary.dhcp
>> including dictionary file /usr/share/freeradius/dictionary.vqp
>> including dictionary file /etc/raddb/dictionary
>> including configuration file /etc/raddb/radiusd.conf
>> including configuration file /etc/raddb/proxy.conf
>> including configuration file /etc/raddb/clients.conf
>> including files in directory /etc/raddb/mods-enabled/
>> including configuration file /etc/raddb/mods-enabled/always
>> including configuration file /etc/raddb/mods-enabled/attr_filter
>> including configuration file /etc/raddb/mods-enabled/cache_eap
>> including configuration file /etc/raddb/mods-enabled/chap
>> including configuration file /etc/raddb/mods-enabled/date
>> including configuration file /etc/raddb/mods-enabled/detail
>> including configuration file /etc/raddb/mods-enabled/detail.log
>> including configuration file /etc/raddb/mods-enabled/dhcp
>> including configuration file /etc/raddb/mods-enabled/digest
>> including configuration file /etc/raddb/mods-enabled/dynamic_clients
>> including configuration file /etc/raddb/mods-enabled/eap
>> including configuration file /etc/raddb/mods-enabled/echo
>> including configuration file /etc/raddb/mods-enabled/exec
>> including configuration file /etc/raddb/mods-enabled/expiration
>> including configuration file /etc/raddb/mods-enabled/expr
>> including configuration file /etc/raddb/mods-enabled/files
>> including configuration file /etc/raddb/mods-enabled/linelog
>> including configuration file /etc/raddb/mods-enabled/logintime
>> including configuration file /etc/raddb/mods-enabled/mschap
>> including configuration file /etc/raddb/mods-enabled/ntlm_auth
>> including configuration file /etc/raddb/mods-enabled/pap
>> including configuration file /etc/raddb/mods-enabled/passwd
>> including configuration file /etc/raddb/mods-enabled/preprocess
>> including configuration file /etc/raddb/mods-enabled/radutmp
>> including configuration file /etc/raddb/mods-enabled/realm
>> including configuration file /etc/raddb/mods-enabled/replicate
>> including configuration file /etc/raddb/mods-enabled/soh
>> including configuration file /etc/raddb/mods-enabled/sradutmp
>> including configuration file /etc/raddb/mods-enabled/unix
>> including configuration file /etc/raddb/mods-enabled/unpack
>> including configuration file /etc/raddb/mods-enabled/utf8
>> including configuration file /etc/raddb/mods-enabled/sql
>> including configuration file
>> /etc/raddb/mods-config/sql/main/mysql/queries.conf
>> including files in directory /etc/raddb/policy.d/
>> including configuration file /etc/raddb/policy.d/accounting
>> including configuration file /etc/raddb/policy.d/canonicalization
>> including configuration file /etc/raddb/policy.d/control
>> including configuration file /etc/raddb/policy.d/cui
>> including configuration file /etc/raddb/policy.d/debug
>> including configuration file /etc/raddb/policy.d/dhcp
>> including configuration file /etc/raddb/policy.d/eap
>> including configuration file /etc/raddb/policy.d/filter
>> including configuration file /etc/raddb/policy.d/operator-name
>> including files in directory /etc/raddb/sites-enabled/
>> including configuration file /etc/raddb/sites-enabled/default
>> including configuration file /etc/raddb/sites-enabled/inner-tunnel
>> main {
>>   security {
>>         user = "radiusd"
>>         group = "radiusd"
>>         allow_core_dumps = no
>>   }
>>         name = "radiusd"
>>         prefix = "/usr"
>>         localstatedir = "/var"
>>         logdir = "/var/log/radius"
>>         run_dir = "/var/run/radiusd"
>> }
>> main {
>>         name = "radiusd"
>>         prefix = "/usr"
>>         localstatedir = "/var"
>>         sbindir = "/usr/sbin"
>>         logdir = "/var/log/radius"
>>         run_dir = "/var/run/radiusd"
>>         libdir = "/usr/lib64/freeradius"
>>         radacctdir = "/var/log/radius/radacct"
>>         hostname_lookups = no
>>         max_request_time = 30
>>         cleanup_delay = 5
>>         max_requests = 16384
>>         pidfile = "/var/run/radiusd/radiusd.pid"
>>         checkrad = "/usr/sbin/checkrad"
>>         debug_level = 0
>>         proxy_requests = no
>>   log {
>>         stripped_names = yes
>>         auth = yes
>>         auth_badpass = yes
>>         auth_goodpass = yes
>>         colourise = yes
>>         msg_denied = "You are already logged in - access denied"
>>   }
>>   resources {
>>   }
>>   security {
>>         max_attributes = 200
>>         reject_delay = 1.000000
>>         status_server = yes
>>   }
>> }
>> radiusd: #### Loading Realms and Home Servers ####
>>   proxy server {
>>         retry_delay = 5
>>         retry_count = 3
>>         default_fallback = no
>>         dead_time = 120
>>         wake_all_if_all_dead = no
>>   }
>>   home_server localhost {
>>         ipaddr = 127.0.0.1
>>         port = 1812
>>         type = "auth"
>>         secret = <<< secret >>>
>>         response_window = 20.000000
>>         response_timeouts = 1
>>         max_outstanding = 65536
>>         zombie_period = 40
>>         status_check = "status-server"
>>         ping_interval = 30
>>         check_interval = 30
>>         check_timeout = 4
>>         num_answers_to_alive = 3
>>         revive_interval = 120
>>    limit {
>>         max_connections = 16
>>         max_requests = 0
>>         lifetime = 0
>>         idle_timeout = 0
>>    }
>>    coa {
>>         irt = 2
>>         mrt = 16
>>         mrc = 5
>>         mrd = 30
>>    }
>>   }
>>   home_server_pool my_auth_failover {
>>         type = fail-over
>>         home_server = localhost
>>   }
>>   realm example.com {
>>         auth_pool = my_auth_failover
>>   }
>>   realm LOCAL {
>>   }
>>   realm int {
>>         virtual_server = inner-tunnel
>>   }
>> radiusd: #### Loading Clients ####
>>   client localhost {
>>         ipv4addr = *
>>         require_message_authenticator = no
>>         secret = <<< secret >>>
>>         nas_type = "other"
>>         proto = "udp"
>>    limit {
>>         max_connections = 16
>>         lifetime = 0
>>         idle_timeout = 0
>>    }
>>   }
>> Debugger not attached
>>   # Creating Auth-Type = mschap
>>   # Creating Auth-Type = eap
>>   # Creating Auth-Type = NTLMAuth
>>   # Creating Auth-Type = MS-CHAP
>>   # Creating Autz-Type = Status-Server
>>   # Creating Acct-Type = Status-Server
>>   # Creating Auth-Type = NTLM_AUTH
>> radiusd: #### Instantiating modules ####
>>   modules {
>>    # Loaded module rlm_always
>>    # Loading module "reject" from file /etc/raddb/mods-enabled/always
>>    always reject {
>>         rcode = "reject"
>>         simulcount = 0
>>         mpp = no
>>    }
>>    # Loading module "fail" from file /etc/raddb/mods-enabled/always
>>    always fail {
>>         rcode = "fail"
>>         simulcount = 0
>>         mpp = no
>>    }
>>    # Loading module "ok" from file /etc/raddb/mods-enabled/always
>>    always ok {
>>         rcode = "ok"
>>         simulcount = 0
>>         mpp = no
>>    }
>>    # Loading module "handled" from file /etc/raddb/mods-enabled/always
>>    always handled {
>>         rcode = "handled"
>>         simulcount = 0
>>         mpp = no
>>    }
>>    # Loading module "invalid" from file /etc/raddb/mods-enabled/always
>>    always invalid {
>>         rcode = "invalid"
>>         simulcount = 0
>>         mpp = no
>>    }
>>    # Loading module "userlock" from file /etc/raddb/mods-enabled/always
>>    always userlock {
>>         rcode = "userlock"
>>         simulcount = 0
>>         mpp = no
>>    }
>>    # Loading module "notfound" from file /etc/raddb/mods-enabled/always
>>    always notfound {
>>         rcode = "notfound"
>>         simulcount = 0
>>         mpp = no
>>    }
>>    # Loading module "noop" from file /etc/raddb/mods-enabled/always
>>    always noop {
>>         rcode = "noop"
>>         simulcount = 0
>>         mpp = no
>>    }
>>    # Loading module "updated" from file /etc/raddb/mods-enabled/always
>>    always updated {
>>         rcode = "updated"
>>         simulcount = 0
>>         mpp = no
>>    }
>>    # Loaded module rlm_attr_filter
>>    # Loading module "attr_filter.post-proxy" from file
>> /etc/raddb/mods-enabled/attr_filter
>>    attr_filter attr_filter.post-proxy {
>>         filename = "/etc/raddb/mods-config/attr_filter/post-proxy"
>>         key = "%{Realm}"
>>         relaxed = no
>>    }
>>    # Loading module "attr_filter.pre-proxy" from file
>> /etc/raddb/mods-enabled/attr_filter
>>    attr_filter attr_filter.pre-proxy {
>>         filename = "/etc/raddb/mods-config/attr_filter/pre-proxy"
>>         key = "%{Realm}"
>>         relaxed = no
>>    }
>>    # Loading module "attr_filter.access_reject" from file
>> /etc/raddb/mods-enabled/attr_filter
>>    attr_filter attr_filter.access_reject {
>>         filename = "/etc/raddb/mods-config/attr_filter/access_reject"
>>         key = "%{User-Name}"
>>         relaxed = no
>>    }
>>    # Loading module "attr_filter.access_challenge" from file
>> /etc/raddb/mods-enabled/attr_filter
>>    attr_filter attr_filter.access_challenge {
>>         filename = "/etc/raddb/mods-config/attr_filter/access_challenge"
>>         key = "%{User-Name}"
>>         relaxed = no
>>    }
>>    # Loading module "attr_filter.accounting_response" from file
>> /etc/raddb/mods-enabled/attr_filter
>>    attr_filter attr_filter.accounting_response {
>>         filename = "/etc/raddb/mods-config/attr_filter/accounting_response"
>>         key = "%{User-Name}"
>>         relaxed = no
>>    }
>>    # Loaded module rlm_cache
>>    # Loading module "cache_eap" from file /etc/raddb/mods-enabled/cache_eap
>>    cache cache_eap {
>>         driver = "rlm_cache_rbtree"
>>         key = "%{%{control:State}:-%{%{reply:State}:-%{State}}}"
>>         ttl = 15
>>         max_entries = 0
>>         epoch = 0
>>         add_stats = no
>>    }
>>    # Loaded module rlm_chap
>>    # Loading module "chap" from file /etc/raddb/mods-enabled/chap
>>    # Loaded module rlm_date
>>    # Loading module "date" from file /etc/raddb/mods-enabled/date
>>    date {
>>         format = "%b %e %Y %H:%M:%S %Z"
>>    }
>>    # Loaded module rlm_detail
>>    # Loading module "detail" from file /etc/raddb/mods-enabled/detail
>>    detail {
>>         filename =
>>
>> "/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d"
>>         header = "%t"
>>         permissions = 384
>>         locking = no
>>         escape_filenames = no
>>         log_packet_header = no
>>    }
>>    # Loading module "auth_log" from file /etc/raddb/mods-enabled/detail.log
>>    detail auth_log {
>>         filename =
>>
>> "/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d"
>>         header = "%t"
>>         permissions = 384
>>         locking = no
>>         escape_filenames = no
>>         log_packet_header = no
>>    }
>>    # Loading module "reply_log" from file
>> /etc/raddb/mods-enabled/detail.log
>>    detail reply_log {
>>         filename =
>>
>> "/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/reply-detail-%Y%m%d"
>>         header = "%t"
>>         permissions = 384
>>         locking = no
>>         escape_filenames = no
>>         log_packet_header = no
>>    }
>>    # Loading module "pre_proxy_log" from file
>> /etc/raddb/mods-enabled/detail.log
>>    detail pre_proxy_log {
>>         filename =
>>
>> "/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/pre-proxy-detail-%Y%m%d"
>>         header = "%t"
>>         permissions = 384
>>         locking = no
>>         escape_filenames = no
>>         log_packet_header = no
>>    }
>>    # Loading module "post_proxy_log" from file
>> /etc/raddb/mods-enabled/detail.log
>>    detail post_proxy_log {
>>         filename =
>>
>> "/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/post-proxy-detail-%Y%m%d"
>>         header = "%t"
>>         permissions = 384
>>         locking = no
>>         escape_filenames = no
>>         log_packet_header = no
>>    }
>>    # Loaded module rlm_dhcp
>>    # Loading module "dhcp" from file /etc/raddb/mods-enabled/dhcp
>>    # Loaded module rlm_digest
>>    # Loading module "digest" from file /etc/raddb/mods-enabled/digest
>>    # Loaded module rlm_dynamic_clients
>>    # Loading module "dynamic_clients" from file
>> /etc/raddb/mods-enabled/dynamic_clients
>>    # Loaded module rlm_eap
>>    # Loading module "eap" from file /etc/raddb/mods-enabled/eap
>>    eap {
>>         default_eap_type = "peap"
>>         timer_expire = 60
>>         ignore_unknown_eap_types = no
>>         cisco_accounting_username_bug = no
>>         max_sessions = 16384
>>    }
>>    # Loaded module rlm_exec
>>    # Loading module "echo" from file /etc/raddb/mods-enabled/echo
>>    exec echo {
>>         wait = yes
>>         program = "/bin/echo %{User-Name}"
>>         input_pairs = "request"
>>         output_pairs = "reply"
>>         shell_escape = yes
>>    }
>>    # Loading module "exec" from file /etc/raddb/mods-enabled/exec
>>    exec {
>>         wait = no
>>         input_pairs = "request"
>>         shell_escape = yes
>>         timeout = 10
>>    }
>>    # Loaded module rlm_expiration
>>    # Loading module "expiration" from file
>> /etc/raddb/mods-enabled/expiration
>>    # Loaded module rlm_expr
>>    # Loading module "expr" from file /etc/raddb/mods-enabled/expr
>>    expr {
>>         safe_characters =
>> "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_:
>> /äéöüàâæçèéêëîïôœùûüaÿÄÉÖÜßÀÂÆÇÈÉÊËÎÏÔŒÙÛÜŸ"
>>    }
>>    # Loaded module rlm_files
>>    # Loading module "files" from file /etc/raddb/mods-enabled/files
>>    files {
>>         filename = "/etc/raddb/mods-config/files/authorize"
>>         acctusersfile = "/etc/raddb/mods-config/files/accounting"
>>         preproxy_usersfile = "/etc/raddb/mods-config/files/pre-proxy"
>>    }
>>    # Loaded module rlm_linelog
>>    # Loading module "linelog" from file /etc/raddb/mods-enabled/linelog
>>    linelog {
>>         filename = "/var/log/radius/linelog"
>>         escape_filenames = no
>>         syslog_severity = "info"
>>         permissions = 384
>>         format = "This is a log message for %{User-Name}"
>>         reference = "messages.%{%{reply:Packet-Type}:-default}"
>>    }
>>    # Loading module "log_accounting" from file
>> /etc/raddb/mods-enabled/linelog
>>    linelog log_accounting {
>>         filename = "/var/log/radius/linelog-accounting"
>>         escape_filenames = no
>>         syslog_severity = "info"
>>         permissions = 384
>>         format = ""
>>         reference = "Accounting-Request.%{%{Acct-Status-Type}:-unknown}"
>>    }
>>    # Loaded module rlm_logintime
>>    # Loading module "logintime" from file /etc/raddb/mods-enabled/logintime
>>    logintime {
>>         minimum_timeout = 60
>>    }
>>    # Loaded module rlm_mschap
>>    # Loading module "mschap" from file /etc/raddb/mods-enabled/mschap
>>    mschap {
>>         use_mppe = yes
>>         require_encryption = yes
>>         require_strong = yes
>>         with_ntdomain_hack = yes
>>         ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key
>> --username=%{mschap:User-Name:-None}
>> --domain=%{%{mschap:NT-Domain}:-OCTA.EDU}
>> --challenge=%{mschap:Challenge:-00}
>> --nt-response=%{mschap:NT-Response:-00}"
>>         ntlm_auth_timeout = 10
>>     passchange {
>>         ntlm_auth = "/usr/bin/ntlm_auth
>> --helper-protocol=ntlm-change-password-1"
>>         ntlm_auth_username = "username: %{mschap:User-Name}"
>>         ntlm_auth_domain = "nt-domain: %{mschap:NT-Domain}"
>>     }
>>         allow_retry = yes
>>         winbind_retry_with_normalised_username = no
>>    }
>>    # Loading module "ntlm_auth" from file /etc/raddb/mods-enabled/ntlm_auth
>>    exec ntlm_auth {
>>         wait = yes
>>         program = "/usr/bin/ntlm_auth --request-nt-key --domain=OCTA.EDU
>> --username=%{mschap:User-Name} --password=%{User-Password}"
>>         shell_escape = yes
>>    }
>>    # Loaded module rlm_pap
>>    # Loading module "pap" from file /etc/raddb/mods-enabled/pap
>>    pap {
>>         normalise = yes
>>    }
>>    # Loaded module rlm_passwd
>>    # Loading module "etc_passwd" from file /etc/raddb/mods-enabled/passwd
>>    passwd etc_passwd {
>>         filename = "/etc/passwd"
>>         format = "*User-Name:Cleartext-Password:"
>>         delimiter = ":"
>>         ignore_nislike = no
>>         ignore_empty = yes
>>         allow_multiple_keys = no
>>         hash_size = 100
>>    }
>>    # Loaded module rlm_preprocess
>>    # Loading module "preprocess" from file
>> /etc/raddb/mods-enabled/preprocess
>>    preprocess {
>>         huntgroups = "/etc/raddb/mods-config/preprocess/huntgroups"
>>         hints = "/etc/raddb/mods-config/preprocess/hints"
>>         with_ascend_hack = no
>>         ascend_channels_per_line = 23
>>         with_ntdomain_hack = no
>>         with_specialix_jetstream_hack = no
>>         with_cisco_vsa_hack = no
>>         with_alvarion_vsa_hack = no
>>    }
>>    # Loaded module rlm_radutmp
>>    # Loading module "radutmp" from file /etc/raddb/mods-enabled/radutmp
>>    radutmp {
>>         filename = "/var/log/radius/radutmp"
>>         username = "%{User-Name}"
>>         case_sensitive = no
>>         check_with_nas = yes
>>         permissions = 384
>>         caller_id = yes
>>    }
>>    # Loaded module rlm_realm
>>    # Loading module "IPASS" from file /etc/raddb/mods-enabled/realm
>>    realm IPASS {
>>         format = "prefix"
>>         delimiter = "/"
>>         ignore_default = no
>>         ignore_null = no
>>    }
>>    # Loading module "suffix" from file /etc/raddb/mods-enabled/realm
>>    realm suffix {
>>         format = "suffix"
>>         delimiter = "@"
>>         ignore_default = no
>>         ignore_null = no
>>    }
>>    # Loading module "realmpercent" from file /etc/raddb/mods-enabled/realm
>>    realm realmpercent {
>>         format = "suffix"
>>         delimiter = "%"
>>         ignore_default = no
>>         ignore_null = no
>>    }
>>    # Loading module "ntdomain" from file /etc/raddb/mods-enabled/realm
>>    realm ntdomain {
>>         format = "prefix"
>>         delimiter = "\\"
>>         ignore_default = no
>>         ignore_null = no
>>    }
>>    # Loaded module rlm_replicate
>>    # Loading module "replicate" from file /etc/raddb/mods-enabled/replicate
>>    # Loaded module rlm_soh
>>    # Loading module "soh" from file /etc/raddb/mods-enabled/soh
>>    soh {
>>         dhcp = yes
>>    }
>>    # Loading module "sradutmp" from file /etc/raddb/mods-enabled/sradutmp
>>    radutmp sradutmp {
>>         filename = "/var/log/radius/sradutmp"
>>         username = "%{User-Name}"
>>         case_sensitive = yes
>>         check_with_nas = yes
>>         permissions = 420
>>         caller_id = no
>>    }
>>    # Loaded module rlm_unix
>>    # Loading module "unix" from file /etc/raddb/mods-enabled/unix
>>    unix {
>>         radwtmp = "/var/log/radius/radwtmp"
>>    }
>> Creating attribute Unix-Group
>>    # Loaded module rlm_unpack
>>    # Loading module "unpack" from file /etc/raddb/mods-enabled/unpack
>>    # Loaded module rlm_utf8
>>    # Loading module "utf8" from file /etc/raddb/mods-enabled/utf8
>>    # Loaded module rlm_sql
>>    # Loading module "sql" from file /etc/raddb/mods-enabled/sql
>>    sql {
>>         driver = "rlm_sql_mysql"
>>         server = "localhost"
>>         port = 3306
>>         login = "root"
>>         password = <<< secret >>>
>>         radius_db = "radius"
>>         read_groups = yes
>>         read_profiles = yes
>>         read_clients = yes
>>         delete_stale_sessions = yes
>>         sql_user_name = "%{User-Name}"
>>         logfile = "/var/log/radius/sqllog.sql"
>>         default_user_profile = ""
>>         client_query = "SELECT id, nasname, shortname, type, secret,
>> server FROM nas"
>>         authorize_check_query = "SELECT id, username, attribute, value,
>> op
>> FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id"
>>         authorize_reply_query = "SELECT id, username, attribute, value,
>> op
>> FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id"
>>         authorize_group_check_query = "SELECT id, groupname, attribute,
>> Value, op FROM radgroupcheck WHERE groupname = '%{SQL-Group}' ORDER BY
>> id"
>>         authorize_group_reply_query = "SELECT id, groupname, attribute,
>> value, op FROM radgroupreply WHERE groupname = '%{SQL-Group}' ORDER BY
>> id"
>>         group_membership_query = "SELECT groupname FROM radusergroup
>> WHERE
>> username = '%{SQL-User-Name}' ORDER BY priority"
>>         simul_count_query = "SELECT COUNT(*) FROM radacct WHERE username
>> =
>> '%{SQL-User-Name}' AND acctstoptime IS NULL"
>>         simul_verify_query = "SELECT radacctid, acctsessionid, username,
>> nasipaddress, nasportid, framedipaddress, callingstationid,
>> framedprotocol FROM radacct WHERE username = '%{SQL-User-Name}' AND
>> acctstoptime IS NULL"
>>         safe_characters =
>> "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
>>     accounting {
>>         reference = "%{tolower:type.%{Acct-Status-Type}.query}"
>>      type {
>>       accounting-on {
>>         query = "UPDATE radacct SET acctstoptime =
>> FROM_UNIXTIME(%{integer:Event-Timestamp}), acctsessiontime      =
>> '%{integer:Event-Timestamp}' - UNIX_TIMESTAMP(acctstarttime),
>> acctterminatecause = '%{%{Acct-Terminate-Cause}:-NAS-Reboot}' WHERE
>> acctstoptime IS NULL AND nasipaddress   = '%{NAS-IP-Address}' AND
>> acctstarttime <= FROM_UNIXTIME(%{integer:Event-Timestamp})"
>>       }
>>       accounting-off {
>>         query = "UPDATE radacct SET acctstoptime =
>> FROM_UNIXTIME(%{integer:Event-Timestamp}), acctsessiontime      =
>> '%{integer:Event-Timestamp}' - UNIX_TIMESTAMP(acctstarttime),
>> acctterminatecause = '%{%{Acct-Terminate-Cause}:-NAS-Reboot}' WHERE
>> acctstoptime IS NULL AND nasipaddress   = '%{NAS-IP-Address}' AND
>> acctstarttime <= FROM_UNIXTIME(%{integer:Event-Timestamp})"
>>       }
>>       start {
>>         query = "INSERT INTO radacct
>> (acctsessionid,         acctuniqueid,           username,
>> realm,                  nasipaddress,           nasportid,
>> nasporttype,            acctstarttime,          acctupdatetime,
>> acctstoptime,           acctsessiontime,        acctauthentic,
>> connectinfo_start,      connectinfo_stop,       acctinputoctets,
>> acctoutputoctets,       calledstationid,        callingstationid,
>> acctterminatecause,     servicetype,            framedprotocol,
>> framedipaddress)
>> VALUES ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}',
>> '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}',
>> '%{%{NAS-Port-ID}:-%{NAS-Port}}', '%{NAS-Port-Type}',
>> FROM_UNIXTIME(%{integer:Event-Timestamp}),
>> FROM_UNIXTIME(%{integer:Event-Timestamp}), NULL, '0',
>> '%{Acct-Authentic}', '%{Connect-Info}', '', '0', '0',
>> '%{Called-Station-Id}', '%{Calling-Station-Id}', '',
>> '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}')"
>>       }
>>       interim-update {
>>         query = "UPDATE radacct SET acctupdatetime  =
>> (@acctupdatetime_old:=acctupdatetime), acctupdatetime  =
>> FROM_UNIXTIME(%{integer:Event-Timestamp}), acctinterval    =
>> %{integer:Event-Timestamp} - UNIX_TIMESTAMP(@acctupdatetime_old),
>> framedipaddress = '%{Framed-IP-Address}', acctsessiontime =
>> %{%{Acct-Session-Time}:-NULL}, acctinputoctets =
>> '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}',
>> acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' << 32 |
>> '%{%{Acct-Output-Octets}:-0}' WHERE AcctUniqueId =
>> '%{Acct-Unique-Session-Id}'"
>>       }
>>       stop {
>>         query = "UPDATE radacct SET acctstoptime        =
>> FROM_UNIXTIME(%{integer:Event-Timestamp}), acctsessiontime      =
>> %{%{Acct-Session-Time}:-NULL}, acctinputoctets  =
>> '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}',
>> acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' << 32 |
>> '%{%{Acct-Output-Octets}:-0}', acctterminatecause =
>> '%{Acct-Terminate-Cause}', connectinfo_stop = '%{Connect-Info}' WHERE
>> AcctUniqueId = '%{Acct-Unique-Session-Id}'"
>>       }
>>      }
>>     }
>>     post-auth {
>>         reference = ".query"
>>         query = "INSERT INTO radpostauth (username, pass, reply,
>> authdate) VALUES ( '%{SQL-User-Name}',
>> '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S')"
>>     }
>>    }
>> rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and
>> linked
>> Creating attribute SQL-Group
>>    instantiate {
>>    }
>>    # Instantiating module "reject" from file /etc/raddb/mods-enabled/always
>>    # Instantiating module "fail" from file /etc/raddb/mods-enabled/always
>>    # Instantiating module "ok" from file /etc/raddb/mods-enabled/always
>>    # Instantiating module "handled" from file
>> /etc/raddb/mods-enabled/always
>>    # Instantiating module "invalid" from file
>> /etc/raddb/mods-enabled/always
>>    # Instantiating module "userlock" from file
>> /etc/raddb/mods-enabled/always
>>    # Instantiating module "notfound" from file
>> /etc/raddb/mods-enabled/always
>>    # Instantiating module "noop" from file /etc/raddb/mods-enabled/always
>>    # Instantiating module "updated" from file
>> /etc/raddb/mods-enabled/always
>>    # Instantiating module "attr_filter.post-proxy" from file
>> /etc/raddb/mods-enabled/attr_filter
>> reading pairlist file /etc/raddb/mods-config/attr_filter/post-proxy
>>    # Instantiating module "attr_filter.pre-proxy" from file
>> /etc/raddb/mods-enabled/attr_filter
>> reading pairlist file /etc/raddb/mods-config/attr_filter/pre-proxy
>>    # Instantiating module "attr_filter.access_reject" from file
>> /etc/raddb/mods-enabled/attr_filter
>> reading pairlist file /etc/raddb/mods-config/attr_filter/access_reject
>> [/etc/raddb/mods-config/attr_filter/access_reject]:11 Check item
>> "FreeRADIUS-Response-Delay"     found in filter list for realm "DEFAULT".
>> [/etc/raddb/mods-config/attr_filter/access_reject]:11 Check item
>> "FreeRADIUS-Response-Delay-USec"        found in filter list for realm
>> "DEFAULT".
>>    # Instantiating module "attr_filter.access_challenge" from file
>> /etc/raddb/mods-enabled/attr_filter
>> reading pairlist file /etc/raddb/mods-config/attr_filter/access_challenge
>>    # Instantiating module "attr_filter.accounting_response" from file
>> /etc/raddb/mods-enabled/attr_filter
>> reading pairlist file
>> /etc/raddb/mods-config/attr_filter/accounting_response
>>    # Instantiating module "cache_eap" from file
>> /etc/raddb/mods-enabled/cache_eap
>> rlm_cache (cache_eap): Driver rlm_cache_rbtree (module
>> rlm_cache_rbtree) loaded and linked
>>    # Instantiating module "detail" from file /etc/raddb/mods-enabled/detail
>>    # Instantiating module "auth_log" from file
>> /etc/raddb/mods-enabled/detail.log
>> rlm_detail (auth_log): 'User-Password' suppressed, will not appear in
>> detail output
>>    # Instantiating module "reply_log" from file
>> /etc/raddb/mods-enabled/detail.log
>>    # Instantiating module "pre_proxy_log" from file
>> /etc/raddb/mods-enabled/detail.log
>>    # Instantiating module "post_proxy_log" from file
>> /etc/raddb/mods-enabled/detail.log
>>    # Instantiating module "eap" from file /etc/raddb/mods-enabled/eap
>>     # Linked to sub-module rlm_eap_tls
>>     tls {
>>         tls = "tls-common"
>>     }
>>     tls-config tls-common {
>>         verify_depth = 0
>>         ca_path = "/etc/raddb/certs"
>>         pem_file_type = yes
>>         private_key_file = "/etc/raddb/certs/server.pem"
>>         certificate_file = "/etc/raddb/certs/server.pem"
>>         ca_file = "/etc/raddb/certs/ca.pem"
>>         private_key_password = <<< secret >>>
>>         fragment_size = 1024
>>         include_length = yes
>>         auto_chain = yes
>>         check_crl = no
>>         check_all_crl = no
>>         cipher_list = "DEFAULT"
>>         cipher_server_preference = no
>>         ecdh_curve = "prime256v1"
>>      cache {
>>         enable = no
>>         lifetime = 24
>>         max_entries = 255
>>      }
>>      verify {
>>         skip_if_ocsp_ok = no
>>      }
>>      ocsp {
>>         enable = no
>>         override_cert_url = yes
>>         url = "http://127.0.0.1/ocsp/"
>>         use_nonce = yes
>>         timeout = 0
>>         softfail = no
>>      }
>>     }
>>     # Linked to sub-module rlm_eap_ttls
>>     ttls {
>>         tls = "tls-common"
>>         default_eap_type = "md5"
>>         copy_request_to_tunnel = no
>>         use_tunneled_reply = no
>>         virtual_server = "inner-tunnel"
>>         include_length = yes
>>         require_client_cert = no
>>     }
>> tls: Using cached TLS configuration from previous invocation
>>     # Linked to sub-module rlm_eap_peap
>>     peap {
>>         tls = "tls-common"
>>         default_eap_type = "mschapv2"
>>         copy_request_to_tunnel = yes
>>         use_tunneled_reply = yes
>>         proxy_tunneled_request_as_eap = no
>>         virtual_server = "inner-tunnel"
>>         soh = no
>>         require_client_cert = no
>>     }
>> tls: Using cached TLS configuration from previous invocation
>>     # Linked to sub-module rlm_eap_mschapv2
>>     mschapv2 {
>>         with_ntdomain_hack = no
>>         send_error = yes
>>         identity = "FreeRADIUS"
>>     }
>>    # Instantiating module "expiration" from file
>> /etc/raddb/mods-enabled/expiration
>>    # Instantiating module "files" from file /etc/raddb/mods-enabled/files
>> reading pairlist file /etc/raddb/mods-config/files/authorize
>> reading pairlist file /etc/raddb/mods-config/files/accounting
>> reading pairlist file /etc/raddb/mods-config/files/pre-proxy
>>    # Instantiating module "linelog" from file
>> /etc/raddb/mods-enabled/linelog
>>    # Instantiating module "log_accounting" from file
>> /etc/raddb/mods-enabled/linelog
>>    # Instantiating module "logintime" from file
>> /etc/raddb/mods-enabled/logintime
>>    # Instantiating module "mschap" from file /etc/raddb/mods-enabled/mschap
>> rlm_mschap (mschap): authenticating by calling 'ntlm_auth'
>>    # Instantiating module "pap" from file /etc/raddb/mods-enabled/pap
>>    # Instantiating module "etc_passwd" from file
>> /etc/raddb/mods-enabled/passwd
>> rlm_passwd: nfields: 3 keyfield 0(User-Name) listable: no
>>    # Instantiating module "preprocess" from file
>> /etc/raddb/mods-enabled/preprocess
>> reading pairlist file /etc/raddb/mods-config/preprocess/huntgroups
>> reading pairlist file /etc/raddb/mods-config/preprocess/hints
>>    # Instantiating module "IPASS" from file /etc/raddb/mods-enabled/realm
>>    # Instantiating module "suffix" from file /etc/raddb/mods-enabled/realm
>>    # Instantiating module "realmpercent" from file
>> /etc/raddb/mods-enabled/realm
>>    # Instantiating module "ntdomain" from file
>> /etc/raddb/mods-enabled/realm
>>    # Instantiating module "sql" from file /etc/raddb/mods-enabled/sql
>> rlm_sql_mysql: libmysql version: 10.1.37-MariaDB
>>     mysql {
>>      tls {
>>      }
>>         warnings = "auto"
>>     }
>> rlm_sql (sql): Attempting to connect to database "radius"
>> rlm_sql (sql): Initialising connection pool
>>     pool {
>>         start = 5
>>         min = 3
>>         max = 32
>>         spare = 10
>>         uses = 0
>>         lifetime = 0
>>         cleanup_interval = 30
>>         idle_timeout = 60
>>         retry_delay = 30
>>         spread = no
>>     }
>> rlm_sql (sql): Opening additional connection (0), 1 of 32 pending slots
>> used
>> rlm_sql_mysql: Starting connect to MySQL server
>> rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX
>> socket, server version 10.1.37-MariaDB, protocol version 10
>> rlm_sql (sql): Opening additional connection (1), 1 of 31 pending slots
>> used
>> rlm_sql_mysql: Starting connect to MySQL server
>> rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX
>> socket, server version 10.1.37-MariaDB, protocol version 10
>> rlm_sql (sql): Opening additional connection (2), 1 of 30 pending slots
>> used
>> rlm_sql_mysql: Starting connect to MySQL server
>> rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX
>> socket, server version 10.1.37-MariaDB, protocol version 10
>> rlm_sql (sql): Opening additional connection (3), 1 of 29 pending slots
>> used
>> rlm_sql_mysql: Starting connect to MySQL server
>> rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX
>> socket, server version 10.1.37-MariaDB, protocol version 10
>> rlm_sql (sql): Opening additional connection (4), 1 of 28 pending slots
>> used
>> rlm_sql_mysql: Starting connect to MySQL server
>> rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX
>> socket, server version 10.1.37-MariaDB, protocol version 10
>> rlm_sql (sql): Processing generate_sql_clients
>> rlm_sql (sql) in generate_sql_clients: query is SELECT id, nasname,
>> shortname, type, secret, server FROM nas
>> rlm_sql (sql): Reserved connection (0)
>> rlm_sql (sql): Executing select query: SELECT id, nasname, shortname,
>> type, secret, server FROM nas
>> rlm_sql (sql): Adding client 10.0.0.38 (domain controller) to global
>> clients list
>> rlm_sql (10.0.0.38): Client "domain controller" (sql) added
>> rlm_sql (sql): Adding client 10.0.0.39 (domain contr-2) to global clients
>> list
>> rlm_sql (10.0.0.39): Client "domain contr-2" (sql) added
>> rlm_sql (sql): Adding client 10.1.172.16 (team2) to global clients list
>> rlm_sql (10.1.172.16): Client "team2" (sql) added
>> rlm_sql (sql): Adding client 10.1.172.18 (team4) to global clients list
>> rlm_sql (10.1.172.18): Client "team4" (sql) added
>> rlm_sql (sql): Adding client 10.1.172.19 (team5) to global clients list
>> rlm_sql (10.1.172.19): Client "team5" (sql) added
>> rlm_sql (sql): Adding client 10.1.172.20 (team6) to global clients list
>> rlm_sql (10.1.172.20): Client "team6" (sql) added
>> rlm_sql (sql): Adding client 10.0.0.1 (Local network) to global clients
>> list
>> rlm_sql (10.0.0.1): Client "Local network" (sql) added
>> rlm_sql (sql): Released connection (0)
>> Need 5 more connections to reach 10 spares
>> rlm_sql (sql): Opening additional connection (5), 1 of 27 pending slots
>> used
>> rlm_sql_mysql: Starting connect to MySQL server
>> rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX
>> socket, server version 10.1.37-MariaDB, protocol version 10
>>   } # modules
>> radiusd: #### Loading Virtual Servers ####
>> server { # from file /etc/raddb/radiusd.conf
>> } # server
>> server default { # from file /etc/raddb/sites-enabled/default
>>   # Loading authenticate {...}
>>   # Loading authorize {...}
>> Ignoring "ldap" (see raddb/mods-available/README.rst)
>>   # Loading preacct {...}
>>   # Loading accounting {...}
>> } # server default
>> server inner-tunnel { # from file /etc/raddb/sites-enabled/inner-tunnel
>>   # Loading authenticate {...}
>>   # Loading authorize {...}
>>   # Loading session {...}
>>   # Loading post-auth {...}
>> } # server inner-tunnel
>> radiusd: #### Opening IP addresses and Ports ####
>> listen {
>>         type = "auth"
>>         ipaddr = *
>>         port = 0
>>     limit {
>>         max_connections = 16
>>         lifetime = 0
>>         idle_timeout = 0
>>     }
>> Failed binding to auth address * port 1812 bound to server default:
>> Address already in use
>> /etc/raddb/sites-enabled/default[60]: Error binding to port for
>> 0.0.0.0 port 1812
>>
>>
>> Regards,
>> S.Lakshmi narayanan
>> Quoting Alan DeKok <[hidden email]>:
>>
>> > On Jan 27, 2019, at 11:35 PM, [hidden email] wrote:
>> >>
>> >>      I have a problem with accounting .Everything is working fine
>> >> on freeradius.Login& authentication sql everything is working
>> >> fine.But i have a problem in accounting pocket.We are using
>> >> sonciwall firwall in our campus.Those who logged through our radius
>> >> server the login information (Radius Accounting) information need
>> >> to display on sonicwall user's page.The UDP pocket 1813 not send to
>> >> our firewall ip.In the firewall
>> >
>> >   Then fix that.  This isn't a RADIUS problem.  It's a network
>> > problem.  No amount of poking FreeRADIUS will fix the firewall.
>> >
>> >> i have enable policy allow to all our local network.I have attached
>> >> my radiususd -X log to this mail.
>> >
>> >   Which doesn't show anything useful.
>> >
>> >> Kindly provide the solution for resolve my issue.The Radius
>> >> Accounting information now shows on radacct in the phpmyadmin.
>> >>
>> >> Regards.
>> >> S.Lakshmi narayanan
>> >>
>> >> <28012019.txt>-
>> >
>> >   Add the debug output as text.  Don't add an attachment.
>> >
>> > http://wiki.freeradius.org/list-help
>> >
>> >   Alan DeKok.
>> >
>> >
>> > -
>> > List info/subscribe/unsubscribe? See
>> > http://www.freeradius.org/list/users.html
>>
>>
>>
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
> -
> List info/subscribe/unsubscribe? See  
> http://www.freeradius.org/list/users.html



-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: radius accounting issue.

Alan DeKok-2


> On Jan 30, 2019, at 1:08 AM, [hidden email] wrote:
>
> Hai,
>
>   As per your instruction i have given the details for radiusd -X report to this mail as a text

  Which shows the RADIUS server not receiving any packets.

  As I said, you can't fix a network problem by changing the FreeRADIUS configuration.

  Look elsewhere for the solution.  The firewall, the client, etc.

  Alan DeKok.


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

rlm_sql

Aurélio de Souza Ribeiro Neto
In reply to this post by Alan DeKok-2
Hello,

     How can I disable rlm_sql Info messages from my logfile?

     Info: rlm_sql (sql)

     Thanks

Aurelio


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: rlm_sql

Alan DeKok-2


> On Jan 30, 2019, at 3:07 PM, Aurélio de Souza Ribeiro Neto <[hidden email]> wrote:
>
> Hello,
>
>     How can I disable rlm_sql Info messages from my logfile?
>
>     Info: rlm_sql (sql)

  Upgrade to a recent version.  This was fixed a while ago.

  Alan DeKok.


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: rlm_sql

Aurélio de Souza Ribeiro Neto
Hello Alan,

>    Upgrade to a recent version.  This was fixed a while ago.
>
     I'm using freeradius3-3.0.17_3 and the messages is in my log

Thu Jan 31 08:14:13 2019 : Info: rlm_sql (sql): Opening additional
connection (882), 1 of 29 pending slots used
Thu Jan 31 08:14:24 2019 : Info: Need 2 more connections to reach 35 spares
Thu Jan 31 08:14:24 2019 : Info: rlm_sql (sql): Opening additional
connection (883), 1 of 28 pending slots used
Thu Jan 31 08:14:56 2019 : Info: rlm_sql (sql): Closing connection
(871), from 2 unused connections
Thu Jan 31 08:15:09 2019 : Info: rlm_sql (sql): Closing connection
(862), from 1 unused connections
Thu Jan 31 08:15:24 2019 : Info: Need 1 more connections to reach 35 spares
Thu Jan 31 08:15:24 2019 : Info: rlm_sql (sql): Opening additional
connection (884), 1 of 29 pending slots used
Thu Jan 31 08:15:56 2019 : Info: rlm_sql (sql): Closing connection
(826), from 1 unused connections


     Any hint?


Aurélio



-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: rlm_sql

Alan DeKok-2
On Jan 31, 2019, at 5:18 AM, Aurélio de Souza Ribeiro Neto <[hidden email]> wrote:
>
> Hello Alan,
>
>>   Upgrade to a recent version.  This was fixed a while ago.
>>
>     I'm using freeradius3-3.0.17_3 and the messages is in my log
>
> Thu Jan 31 08:14:13 2019 : Info: rlm_sql (sql): Opening additional connection (882), 1 of 29 pending slots used
> Thu Jan 31 08:14:24 2019 : Info: Need 2 more connections to reach 35 spares

  Hmm... I guess other INFO messages were fixed.

  I'll go poke this before 3.0.18 is released.

  Alan DeKok.


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: rlm_sql

Aurélio de Souza Ribeiro Neto
Alan,

>> Hello Alan,
>>
>>>    Upgrade to a recent version.  This was fixed a while ago.
>>>
>>      I'm using freeradius3-3.0.17_3 and the messages is in my log
>>
>> Thu Jan 31 08:14:13 2019 : Info: rlm_sql (sql): Opening additional connection (882), 1 of 29 pending slots used
>> Thu Jan 31 08:14:24 2019 : Info: Need 2 more connections to reach 35 spares
>    Hmm... I guess other INFO messages were fixed.
>
>    I'll go poke this before 3.0.18 is released.
>
     Thank you, please keep me informed.

Aurélio



-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html