freeradius+mysql not starting with mysql authorization BUG#7965 and 7947

pfadmin

 /usr/local/etc/raddb/radiusd.conf
prefix = /usr/local
exec_prefix = ${prefix}
sysconfdir = ${prefix}/etc
localstatedir = /var
sbindir = ${exec_prefix}/sbin
logdir = ${localstatedir}/log
raddbdir = ${sysconfdir}/raddb
radacctdir = ${logdir}/radacct
name = radiusd
confdir = ${raddbdir}
modconfdir = ${confdir}/mods-config
certdir = ${confdir}/certs
cadir = ${confdir}/certs
run_dir = ${localstatedir}/run
db_dir = ${raddbdir}
libdir = /usr/local/lib/freeradius-3.0.15
pidfile = ${run_dir}/${name}.pid
max_request_time = 30
cleanup_delay = 5
max_requests = 1024
hostname_lookups = no
regular_expressions = yes
extended_expressions = yes

log {
	destination = syslog
	colourise = yes
	file = ${logdir}/radius.log
	syslog_facility = daemon
	stripped_names = no
	auth = yes
	auth_badpass = no
	auth_goodpass = no
	msg_goodpass = ""
	msg_badpass = ""
	msg_denied = "You are already logged in - access denied"
}

checkrad = ${sbindir}/checkrad
security {
	allow_core_dumps = yes
	max_attributes = 200
	reject_delay = 1
	status_server = no
	# Disable this check since it may not be accurate due to how FreeBSD patches OpenSSL
	allow_vulnerable_openssl = yes
}

$INCLUDE  clients.conf
thread pool {
	start_servers = 5
	max_servers = 32
	min_spare_servers = 3
	max_spare_servers = 10
	max_queue_size = 65536
	max_requests_per_server = 0
	auto_limit_acct = no
}

modules {
	$INCLUDE ${confdir}/mods-enabled/
}

instantiate {
	exec
	expr
	expiration
	logintime
	### Dis-/Enable sql instatiate

	redundant sql {
		sql1
		### sql2 DISABLED ###
	}

}
policy {
	$INCLUDE policy.d/
}
$INCLUDE sites-enabled/

/usr/local/etc/raddb/mods-enabled/eap
### EAP
eap {
	default_eap_type = md5
	timer_expire     = 60
	ignore_unknown_eap_types = no
	cisco_accounting_username_bug = no
	max_sessions = 4096

	md5 {
	}
	leap {
	}
	gtc {
		#challenge = "Password: "
		auth_type = PAP
	}


#	pwd {
#		group = 19
#		server_id = theserver@example.com
#		fragment_size = 1020
#		virtual_server = "inner-tunnel"
#	}

	tls-config tls-common {
		# private_key_password = whatever
		private_key_file = ${certdir}/server_key.pem
		certificate_file = ${certdir}/server_cert.pem
		ca_path = ${confdir}/certs
		ca_file = ${ca_path}/ca_cert.pem
	#	auto_chain = yes
	#	psk_identity = "test"
	#	psk_hexphrase = "036363823"
		dh_file = ${certdir}/dh
		random_file = /dev/urandom
		fragment_size = 1024
		include_length = yes
		check_crl = no
		### check_cert_issuer = "/C=GB/ST=Berkshire/L=Newbury/O=My Company Ltd/emailAddress=test@mycomp.com/CN=myca" ###
		### check_cert_cn = %{User-Name} ###
		cipher_list = "DEFAULT"
		cipher_server_preference = no
#		disable_tlsv1_2 = no
		ecdh_curve = "prime256v1"
		cache {
			enable = no
			lifetime = 24
			max_entries = 255
			#name = "EAP module"
			#persist_dir = "/tlscache"
		}
		verify {
	#		skip_if_ocsp_ok = no
	#		tmpdir = /tmp/radiusd
	#		client = "/path/to/openssl verify -CApath ${..ca_path} %{TLS-Client-Cert-Filename}"
		}
		ocsp {
			enable = no
			override_cert_url = no
			url = "http://127.0.0.1/ocsp/"
			# use_nonce = yes
			# timeout = 0
			# softfail = no
		}
	}
	tls {
		tls = tls-common
	#	virtual_server = check-eap-tls
	}
	ttls {
		tls = tls-common
		default_eap_type = md5
		copy_request_to_tunnel = no
		include_length = yes
	#	require_client_cert = yes
		virtual_server = "inner-tunnel-ttls"
		#use_tunneled_reply is deprecated, new method happens in virtual-server
	}	### end ttls
	peap {
		tls = tls-common
		default_eap_type = mschapv2
		copy_request_to_tunnel = no
	#	proxy_tunneled_request_as_eap = yes
	#	require_client_cert = yes
### MS SoH Server is disabled ###

		virtual_server = "inner-tunnel-peap"
		#use_tunneled_reply is deprecated, new method happens in virtual-server
	}
	mschapv2 {
#		send_error = no
#		identity = "FreeRADIUS"
	}
#	fast {
#		tls = tls-common
#		pac_lifetime = 604800
#		authority_identity = "1234"
#		pac_opaque_key = "0123456789abcdef0123456789ABCDEF"
#		virtual_server = inner-tunnel
#	}
}

/usr/local/etc/raddb/mods-enabled/sql

sql sql1 {
	database = "mysql"
	driver = "rlm_sql_${database}"
	dialect = "${database}"
	server = "localhost"
	port = 3306
	login = "radius"
	password = "radpass"
	radius_db = "radius"
	acct_table1 = "radacct"
	acct_table2 = "radacct"
	postauth_table = "radpostauth"
	authcheck_table = "radcheck"
	authreply_table = "radreply"
	groupcheck_table = "radgroupcheck"
	groupreply_table = "radgroupreply"
	usergroup_table = "radusergroup"
	read_groups = yes
	delete_stale_sessions = yes
	logfile = ${logdir}/sqltrace.sql
	read_clients = yes
	client_table = "nas"
	pool {
		start = ${thread[pool].start_servers}
		min = ${thread[pool].min_spare_servers}
		max = 5
		spare = ${thread[pool].max_spare_servers}
		uses = 0
		retry_delay = 60
		lifetime = 0
		idle_timeout = 60
	}
	group_attribute = "${.:instance}-SQL-Group"
	$INCLUDE ${modconfdir}/${.:name}/main/${dialect}/queries.conf
}

/usr/local/etc/raddb/clients.conf

client "ruckus" {
	ipaddr = 172.16.100.80
	proto = udp
	secret = 'blablablub'
	require_message_authenticator = yes
	nas_type = other
	### login = !root ###
	### password = someadminpass ###
	limit {
		max_connections = 16
		lifetime = 0
		idle_timeout = 30
	}
}

client "tester" {
	ipaddr = 127.0.0.1
	proto = udp
	secret = 'SuperTest'
	require_message_authenticator = no
	nas_type = other
	### login = !root ###
	### password = someadminpass ###
	limit {
		max_connections = 16
		lifetime = 0
		idle_timeout = 30
	}
}

/usr/local/etc/raddb/users

"testu" Cleartext-Password := "testp", Max-Daily-Session := 120

	Session-Timeout := 60,
	Tunnel-Type = VLAN,
	Tunnel-Medium-Type = IEEE-802,
	Tunnel-Private-Group-ID = "70"

/usr/local/etc/raddb/authorized_macs

/usr/local/etc/raddb/sites-enabled/default
server default {
listen {
	type = auth
	ipaddr = 127.0.0.1
	port = 1812
}
listen {
	type = acct
	ipaddr = 127.0.0.1
	port = 1813
}

authorize {
#	filter_username
#	filter_password
	preprocess
#	operator-name
#	cui
##### AUTHORIZE FOR PLAIN MAC-AUTH IS DISABLED #####
#	auth_log
	chap
	mschap
	digest
#	wimax
#	IPASS
	suffix
	ntdomain
	eap {
		ok = return
#		updated = return
	}
#	unix
	files

	redundant sql {
		sql1
		### sql2 DISABLED ###
	}

#	smbpasswd
### ldap ###
	# Formerly checkval
	if (&request:Calling-Station-Id == &control:Calling-Station-Id) {
		ok
	}
	expiration
	logintime
	pap
	Autz-Type Status-Server {

	}
}

authenticate {
	Auth-Type PAP {
		pap
	}
	Auth-Type CHAP {
		chap
	}
	Auth-Type MS-CHAP {
		mschap
	}
	mschap
	Auth-Type MOTP {
		motp
	}
	Auth-Type GOOGLEAUTH {
		googleauth
	}
	digest
#	pam
#	unix

	#Auth-Type LDAP {
		#ldap
		#### ldap2 disabled ###
	#}

	eap
#	Auth-Type eap {
#		eap {
#			handled = 1
#		}
#		if (handled && (Response-Packet-Type == Access-Challenge)) {
#			attr_filter.access_challenge.post-auth
#			handled  # override the "updated" code from attr_filter
#		}
#	}
}

preacct {
	preprocess
##### ACCOUNTING FOR PLAIN MAC-AUTH DISABLED #####
#	acct_counters64
	update request {
		&FreeRADIUS-Acct-Session-Start-Time = "%{expr: %l - %{%{Acct-Session-Time}:-0} - %{%{Acct-Delay-Time}:-0}}"
	}
##### DISABLE acct_unique DISABLE #####
#	IPASS
	suffix
	ntdomain
	files
}

accounting {
#	cui
	detail
	### This makes it possible to run the datacounter_acct module only on accounting-stop and interim-updates
	if ((request:Acct-Status-Type == Stop) || (request:Acct-Status-Type == Interim-Update)) {
		datacounterdaily
		datacounterweekly
		datacountermonthly
		datacounterforever
	}
#	unix
	radutmp
#	sradutmp
#	main_pool

	redundant sql {
		sql1
		### sql2 DISABLED ###
	}

#	if (noop) {
#		ok
#	}
#	pgsql-voip
	exec
	attr_filter.accounting_response
	Acct-Type Status-Server {

	}
}

session {
#	radutmp
	
	redundant sql {
		sql1
		### sql2 DISABLED ###
	}

}

post-auth {
#	if (!&reply:State) {
#		update reply {
#			State := "0x%{randstr:16h}"
#		}
#	}
	update {
		&reply: += &session-state:
	}
#	main_pool
#	cui
#	reply_log

	redundant sql {
		sql1
		### sql2 DISABLED ###
	}

#	ldap
	exec
#	wimax
#	update reply {
#		Reply-Message += "%{TLS-Cert-Serial}"
#		Reply-Message += "%{TLS-Cert-Expiration}"
#		Reply-Message += "%{TLS-Cert-Subject}"
#		Reply-Message += "%{TLS-Cert-Issuer}"
#		Reply-Message += "%{TLS-Cert-Common-Name}"
#		Reply-Message += "%{TLS-Cert-Subject-Alt-Name-Email}"
#
#		Reply-Message += "%{TLS-Client-Cert-Serial}"
#		Reply-Message += "%{TLS-Client-Cert-Expiration}"
#		Reply-Message += "%{TLS-Client-Cert-Subject}"
#		Reply-Message += "%{TLS-Client-Cert-Issuer}"
#		Reply-Message += "%{TLS-Client-Cert-Common-Name}"
#		Reply-Message += "%{TLS-Client-Cert-Subject-Alt-Name-Email}"
#	}
#	insert_acct_class
#	if (&reply:EAP-Session-Id) {
#		update reply {
#			EAP-Key-Name := &reply:EAP-Session-Id
#		}
#	}
	remove_reply_message_if_eap
	Post-Auth-Type REJECT {
		# log failed authentications in SQL, too.
		sql
		attr_filter.access_reject
		eap
		remove_reply_message_if_eap
	}
	Post-Auth-Type Challenge {

	}
}

pre-proxy {
#	operator-name
#	cui
#	files
	attr_filter.pre-proxy
#	pre_proxy_log
}

post-proxy {

#	post_proxy_log
	attr_filter.post-proxy
	eap
#	Post-Proxy-Type Fail-Accounting {
#			detail
#	}
}
}

So my initial goal was to kick out some kids after an amount of time without mysql. But freeradius did nothing with the stop paket. It counts megabytes if I want but no time. captive portal is configured a special way with freeradius but its not usefull to me. Now I want to use mysql only for accounting to kick out my kids after some time.

Thanks for your work

pfadmin

jimp

I really need to see the pfSense settings instead (Screenshots of the pfSense package screens and/or the config.xml contents). Seeing the FreeRADIUS config doesn't necessarily tell me what settings you used to get into this state.

pfadmin

@jimp said in freeradius+mysql not starting with mysql authorization BUG#7965 and 7947:

to get into this state.

Ui. Hope this is enougth, I deleted most of all other stuff.

<?xml version="1.0"?>
<pfsense>
	<version>18.0</version>
	<lastchange></lastchange>
	<system>
		<optimization>normal</optimization>
		<hostname>pfSense2</hostname>
		<domain>matthias.lan</domain>
		<group>
			<name>all</name>
			<description><![CDATA[All Users]]></description>
			<scope>system</scope>
			<gid>1998</gid>
			<member>0</member>
		</group>
		<group>
			<name>admins</name>
			<description><![CDATA[System Administrators]]></description>
			<scope>system</scope>
			<gid>1999</gid>
			<member>0</member>
			<priv>page-all</priv>
		</group>
		<user>
			<name>admin</name>
			<descr><![CDATA[System Administrator]]></descr>
			<scope>system</scope>
			<groupname>admins</groupname>
			<bcrypt-hash>xxx</bcrypt-hash>
			<uid>0</uid>
			<priv>user-shell-access</priv>
		</user>
		<nextuid>2000</nextuid>
		<nextgid>2000</nextgid>
		<timeservers>0.pfsense.pool.ntp.org</timeservers>
	<installedpackages>
		<package>
			<name>freeradius3</name>
			<website>http://www.freeradius.org/</website>
			<descr><![CDATA[A free implementation of the RADIUS protocol.&lt;br /&gt;
			Supports MySQL, PostgreSQL, LDAP, Kerberos.]]></descr>
			<pkginfolink>https://doc.pfsense.org/index.php/FreeRADIUS_2.x_package</pkginfolink>
			<version>0.15.5_2</version>
			<configurationfile>freeradius.xml</configurationfile>
			<tabs>
				<tab>
					<text><![CDATA[Users]]></text>
					<url>/pkg.php?xml=freeradius.xml</url>
					<active></active>
				</tab>
				<tab>
					<text><![CDATA[MACs]]></text>
					<url>/pkg.php?xml=freeradiusauthorizedmacs.xml</url>
				</tab>
				<tab>
					<text><![CDATA[NAS / Clients]]></text>
					<url>/pkg.php?xml=freeradiusclients.xml</url>
				</tab>
				<tab>
					<text><![CDATA[Interfaces]]></text>
					<url>/pkg.php?xml=freeradiusinterfaces.xml</url>
				</tab>
				<tab>
					<text><![CDATA[Settings]]></text>
					<url>/pkg_edit.php?xml=freeradiussettings.xml&amp;id=0</url>
				</tab>
				<tab>
					<text><![CDATA[EAP]]></text>
					<url>/pkg_edit.php?xml=freeradiuseapconf.xml&amp;id=0</url>
				</tab>
				<tab>
					<text><![CDATA[SQL]]></text>
					<url>/pkg_edit.php?xml=freeradiussqlconf.xml&amp;id=0</url>
				</tab>
				<tab>
					<text><![CDATA[LDAP]]></text>
					<url>/pkg_edit.php?xml=freeradiusmodulesldap.xml&amp;id=0</url>
				</tab>
				<tab>
					<text><![CDATA[View config]]></text>
					<url>/freeradius_view_config.php</url>
				</tab>
				<tab>
					<text><![CDATA[XMLRPC Sync]]></text>
					<url>/pkg_edit.php?xml=freeradiussync.xml&amp;id=0</url>
				</tab>
			</tabs>
			<include_file>/usr/local/pkg/freeradius.inc</include_file>
		</package>
		<package>
			<name>pfBlockerNG</name>
			<descr><![CDATA[pfBlockerNG is the Next Generation of pfBlocker.&lt;br /&gt;
			Manage IPv4/v6 List Sources into 'Deny, Permit or Match' formats.&lt;br /&gt;
			GeoIP database by MaxMind Inc. (GeoLite2 Free version).&lt;br /&gt;
			De-Duplication, Suppression, and Reputation enhancements.&lt;br /&gt;
			Provision to download from diverse List formats.&lt;br /&gt;
			Advanced Integration for Proofpoint ET IQRisk IP Reputation Threat Sources.&lt;br /&gt;
			Domain Name (DNSBL) blocking via Unbound DNS Resolver.]]></descr>
			<pkginfolink>https://forum.pfsense.org/index.php?topic=102470.0</pkginfolink>
			<version>2.1.4_8</version>
			<configurationfile>pfblockerng.xml</configurationfile>
			<tabs>
				<tab>
					<text><![CDATA[General]]></text>
					<url>/pkg_edit.php?xml=pfblockerng.xml</url>
					<active></active>
				</tab>
				<tab>
					<text><![CDATA[Update]]></text>
					<url>/pfblockerng/pfblockerng_update.php</url>
				</tab>
				<tab>
					<text><![CDATA[Alerts]]></text>
					<url>/pfblockerng/pfblockerng_alerts.php</url>
				</tab>
				<tab>
					<text><![CDATA[Reputation]]></text>
					<url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_reputation.xml</url>
				</tab>
				<tab>
					<text><![CDATA[IPv4]]></text>
					<url>/pkg.php?xml=/pfblockerng/pfblockerng_v4lists.xml</url>
				</tab>
				<tab>
					<text><![CDATA[IPv6]]></text>
					<url>/pkg.php?xml=/pfblockerng/pfblockerng_v6lists.xml</url>
				</tab>
				<tab>
					<text><![CDATA[DNSBL]]></text>
					<url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_dnsbl.xml</url>
				</tab>
				<tab>
					<text><![CDATA[GeoIP]]></text>
					<url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_TopSpammers.xml</url>
				</tab>
				<tab>
					<text><![CDATA[Logs]]></text>
					<url>/pfblockerng/pfblockerng_log.php</url>
				</tab>
				<tab>
					<text><![CDATA[Sync]]></text>
					<url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_sync.xml</url>
				</tab>
			</tabs>
			<include_file>/usr/local/pkg/pfblockerng/pfblockerng.inc</include_file>
		</package>
		<package>
			<name>squid3</name>
			<internal_name>squid</internal_name>
			<descr><![CDATA[High performance web proxy cache (3.4 branch). It combines Squid as a proxy server with its capabilities of acting as a HTTP / HTTPS reverse proxy.&lt;br /&gt;
			It includes an Exchange-Web-Access (OWA) Assistant, SSL filtering and antivirus integration via C-ICAP.]]></descr>
			<pkginfolink>https://forum.pfsense.org/index.php?board=60.0</pkginfolink>
			<website>http://www.squid-cache.org/</website>
			<version>0.4.43_1</version>
			<configurationfile>squid.xml</configurationfile>
			<filter_rule_function>squid_generate_rules</filter_rule_function>
			<tabs>
				<tab>
					<text><![CDATA[General]]></text>
					<url>/pkg_edit.php?xml=squid.xml&amp;id=0</url>
					<active></active>
				</tab>
				<tab>
					<text><![CDATA[Remote Cache]]></text>
					<url>/pkg.php?xml=squid_upstream.xml</url>
				</tab>
				<tab>
					<text><![CDATA[Local Cache]]></text>
					<url>/pkg_edit.php?xml=squid_cache.xml&amp;id=0</url>
				</tab>
				<tab>
					<text><![CDATA[Antivirus]]></text>
					<url>/pkg_edit.php?xml=squid_antivirus.xml&amp;id=0</url>
				</tab>
				<tab>
					<text><![CDATA[ACLs]]></text>
					<url>/pkg_edit.php?xml=squid_nac.xml&amp;id=0</url>
				</tab>
				<tab>
					<text><![CDATA[Traffic Mgmt]]></text>
					<url>/pkg_edit.php?xml=squid_traffic.xml&amp;id=0</url>
				</tab>
				<tab>
					<text><![CDATA[Authentication]]></text>
					<url>/pkg_edit.php?xml=squid_auth.xml&amp;id=0</url>
				</tab>
				<tab>
					<text><![CDATA[Users]]></text>
					<url>/pkg.php?xml=squid_users.xml</url>
				</tab>
				<tab>
					<text><![CDATA[Real Time]]></text>
					<url>/squid_monitor.php</url>
				</tab>
				<tab>
					<text><![CDATA[Sync]]></text>
					<url>/pkg_edit.php?xml=squid_sync.xml</url>
				</tab>
			</tabs>
			<include_file>/usr/local/pkg/squid.inc</include_file>
		</package>
		<package>
			<name>squidGuard</name>
			<descr><![CDATA[High performance web proxy URL filter.&lt;br/&gt;
			&lt;strong&gt;Works with both Squid (2.7 legacy branch) and Squid3 (3.4 branch) packages.&lt;/strong&gt;]]></descr>
			<website>http://www.squidGuard.org/</website>
			<version>1.16.4</version>
			<configurationfile>squidguard.xml</configurationfile>
			<after_install_info>Please visit Services - SquidGuard Proxy Filter - Target Categories and set up at least one category there before enabling SquidGuard. See https://forum.pfsense.org/index.php?topic=94312.0 for details.</after_install_info>
			<tabs>
				<tab>
					<text><![CDATA[General settings]]></text>
					<url>/pkg_edit.php?xml=squidguard.xml&amp;id=0</url>
					<active></active>
				</tab>
				<tab>
					<text><![CDATA[Common ACL]]></text>
					<url>/pkg_edit.php?xml=squidguard_default.xml&amp;id=0</url>
				</tab>
				<tab>
					<text><![CDATA[Groups ACL]]></text>
					<url>/pkg.php?xml=squidguard_acl.xml</url>
				</tab>
				<tab>
					<text><![CDATA[Target categories]]></text>
					<url>/pkg.php?xml=squidguard_dest.xml</url>
				</tab>
				<tab>
					<text><![CDATA[Times]]></text>
					<url>/pkg.php?xml=squidguard_time.xml</url>
				</tab>
				<tab>
					<text><![CDATA[Rewrites]]></text>
					<url>/pkg.php?xml=squidguard_rewr.xml</url>
				</tab>
				<tab>
					<text><![CDATA[Blacklist]]></text>
					<url>/squidGuard/squidguard_blacklist.php</url>
				</tab>
				<tab>
					<text><![CDATA[Log]]></text>
					<url>/squidGuard/squidguard_log.php</url>
				</tab>
				<tab>
					<text><![CDATA[XMLRPC Sync]]></text>
					<url>/pkg_edit.php?xml=squidguard_sync.xml</url>
				</tab>
			</tabs>
			<include_file>/usr/local/pkg/squidguard.inc</include_file>
		</package>
		<package>
			<name>Lightsquid</name>
			<descr><![CDATA[LightSquid is a high performance web proxy reporting tool. Includes proxy realtime statistics (SQStat).
			&lt;strong&gt;Requires Squid package.&lt;/strong&gt;]]></descr>
			<website>http://lightsquid.sf.net/</website>
			<version>3.0.6_4</version>
			<configurationfile>lightsquid.xml</configurationfile>
			<noembedded>true</noembedded>
			<include_file>/usr/local/pkg/lightsquid.inc</include_file>
		</package>
		<package>
			<name>OpenVPN Client Export Utility</name>
			<internal_name>openvpn-client-export</internal_name>
			<descr><![CDATA[Allows a pre-configured OpenVPN Windows Client or Mac OS X's Viscosity configuration bundle to be exported directly from pfSense.]]></descr>
			<version>1.4.17</version>
			<configurationfile>openvpn-client-export.xml</configurationfile>
			<tabs>
				<tab>
					<name>Client Export</name>
					<tabgroup>OpenVPN</tabgroup>
					<url>/vpn_openvpn_export.php</url>
				</tab>
				<tab>
					<name>Shared Key Export</name>
					<tabgroup>OpenVPN</tabgroup>
					<url>/vpn_openvpn_export_shared.php</url>
				</tab>
			</tabs>
			<include_file>/usr/local/pkg/openvpn-client-export.inc</include_file>
		</package>
		<package>
			<name>Cron</name>
			<descr><![CDATA[The cron utility is used to manage commands on a schedule.]]></descr>
			<version>0.3.7_2</version>
			<configurationfile>cron.xml</configurationfile>
			<include_file>/usr/local/pkg/cron.inc</include_file>
		</package>
		<freeradiuseapconf>
			<config>
				<ssl_ca_cert>5a58aa23547f7</ssl_ca_cert>
				<ssl_server_cert>5a58aa237e1d4</ssl_server_cert>
			</config>
		</freeradiuseapconf>
		<menu>
			<name>SquidGuard Proxy Filter</name>
			<tooltiptext>Modify the proxy server's filter settings</tooltiptext>
			<section>Services</section>
			<url>/pkg_edit.php?xml=squidguard.xml&amp;id=0</url>
		</menu>
		<menu>
			<name>Squid Proxy Reports</name>
			<section>Status</section>
			<url>/pkg_edit.php?xml=lightsquid.xml</url>
		</menu>
		<menu>
			<name>Squid Proxy Server</name>
			<tooltiptext>Modify the proxy server settings</tooltiptext>
			<section>Services</section>
			<url>/pkg_edit.php?xml=squid.xml&amp;id=0</url>
		</menu>
		<menu>
			<name>Squid Reverse Proxy</name>
			<tooltiptext>Modify the reverse proxy server settings</tooltiptext>
			<section>Services</section>
			<url>/pkg_edit.php?xml=squid_reverse_general.xml&amp;id=0</url>
		</menu>
		<menu>
			<name>FreeRADIUS</name>
			<section>Services</section>
			<url>/pkg.php?xml=freeradius.xml</url>
		</menu>
		<menu>
			<name>pfBlockerNG</name>
			<configfile>pfblockerng.xml</configfile>
			<section>Firewall</section>
			<url>/pkg_edit.php?xml=pfblockerng.xml</url>
		</menu>
		<menu>
			<name>Cron</name>
			<section>Services</section>
			<configfile>cron.xml</configfile>
			<url>/packages/cron/cron.php</url>
		</menu>
		<service>
			<name>squidGuard</name>
			<description><![CDATA[Proxy server filter Service]]></description>
			<executable>squidGuard</executable>
		</service>
		<service>
			<name>lightsquid_web</name>
			<rcfile>lighttpd_ls.sh</rcfile>
			<executable>lighttpd_ls</executable>
			<description><![CDATA[Lightsquid Web Server]]></description>
		</service>
		<service>
			<name>squid</name>
			<rcfile>squid.sh</rcfile>
			<executable>squid</executable>
			<description><![CDATA[Squid Proxy Server Service]]></description>
		</service>
		<service>
			<name>clamd</name>
			<rcfile>clamd.sh</rcfile>
			<executable>clamd</executable>
			<description><![CDATA[ClamAV Antivirus]]></description>
		</service>
		<service>
			<name>c-icap</name>
			<rcfile>c-icap.sh</rcfile>
			<executable>c-icap</executable>
			<description><![CDATA[ICAP Inteface for Squid and ClamAV integration]]></description>
		</service>
		<service>
			<name>radiusd</name>
			<rcfile>radiusd.sh</rcfile>
			<executable>radiusd</executable>
			<description><![CDATA[FreeRADIUS Server]]></description>
		</service>
		<service>
			<name>dnsbl</name>
			<rcfile>dnsbl.sh</rcfile>
			<executable>lighttpd_pfb</executable>
			<description><![CDATA[pfBlockerNG DNSBL Web Server]]></description>
		</service>
		<freeradius>
			<config>
				<sortable></sortable>
				<varusersusername>testu</varusersusername>
				<varuserspassword>testp</varuserspassword>
				<varuserspasswordencryption>Cleartext-Password</varuserspasswordencryption>
				<varusersmotpenable></varusersmotpenable>
				<varusersauthmethod>motp</varusersauthmethod>
				<varusersmotpinitsecret></varusersmotpinitsecret>
				<varusersmotppin></varusersmotppin>
				<varusersmotpoffset></varusersmotpoffset>
				<qrcodetext></qrcodetext>
				<varuserswisprredirectionurl></varuserswisprredirectionurl>
				<varuserssimultaneousconnect></varuserssimultaneousconnect>
				<description></description>
				<varusersframedipaddress></varusersframedipaddress>
				<varusersframedipnetmask></varusersframedipnetmask>
				<varusersframedroute></varusersframedroute>
				<varusersvlanid>70</varusersvlanid>
				<varusersexpiration></varusersexpiration>
				<varuserssessiontimeout>60</varuserssessiontimeout>
				<varuserslogintime></varuserslogintime>
				<varusersamountoftime>2</varusersamountoftime>
				<varuserspointoftime>Daily</varuserspointoftime>
				<varusersmaxtotaloctets></varusersmaxtotaloctets>
				<varusersmaxtotaloctetstimerange>daily</varusersmaxtotaloctetstimerange>
				<varusersmaxbandwidthdown></varusersmaxbandwidthdown>
				<varusersmaxbandwidthup></varusersmaxbandwidthup>
				<varusersacctinteriminterval></varusersacctinteriminterval>
				<varuserstopadditionaloptions></varuserstopadditionaloptions>
				<varuserscheckitemsadditionaloptions></varuserscheckitemsadditionaloptions>
				<varusersreplyitemsadditionaloptions></varusersreplyitemsadditionaloptions>
			</config>
		</freeradius>
		<squidcache></squidcache>
		<squidremote></squidremote>
		<squidauth>
			<config>
				<auth_method>none</auth_method>
			</config>
		</squidauth>
		<pfblockerngdnsbl>
			<config>
				<aliasname>Ads</aliasname>
				<description><![CDATA[Werbefilter]]></description>
				<infolists></infolists>
				<row>
					<format>auto</format>
					<state><![CDATA[Enabled]]></state>
					<url>http://hosts-file.net/ad_servers.txt</url>
					<header>hphosts</header>
				</row>
				<row>
					<format>auto</format>
					<state><![CDATA[Enabled]]></state>
					<url>http://pgl.yoyo.org/adservers/serverlist.php?hostformat=hosts&amp;mimetype=plaintext</url>
					<header>yoyo</header>
				</row>
				<row>
					<format>auto</format>
					<state><![CDATA[Enabled]]></state>
					<url>https://adaway.org/hosts.txt</url>
					<header>adaway</header>
				</row>
				<row>
					<format>auto</format>
					<state><![CDATA[Enabled]]></state>
					<url>http://sysctl.org/cameleon/hosts</url>
					<header>cameleon</header>
				</row>
				<row>
					<format>auto</format>
					<state><![CDATA[Enabled]]></state>
					<url>http://hosts-file.net/download/hosts.zip</url>
					<header>hphosts</header>
				</row>
				<row>
					<format>auto</format>
					<state><![CDATA[Enabled]]></state>
					<url>http://winhelp2002.mvps.org/hosts.txt</url>
					<header>mvps</header>
				</row>
				<action>unbound</action>
				<cron>EveryDay</cron>
				<dow>7</dow>
				<filter_alexa></filter_alexa>
				<custom></custom>
				<custom_update>disabled</custom_update>
			</config>
			<config>
				<aliasname>Malicious</aliasname>
				<description><![CDATA[gef&auml;hrliche Sites]]></description>
				<infolists></infolists>
				<row>
					<format>auto</format>
					<state><![CDATA[Enabled]]></state>
					<url>http://mirror1.malwaredomains.com/files/justdomains</url>
					<header>malewaredomains</header>
				</row>
				<row>
					<format>auto</format>
					<state><![CDATA[Enabled]]></state>
					<url>http://www.malwaredomainlist.com/hostslist/hosts.txt</url>
					<header>malewarelists</header>
				</row>
				<row>
					<format>auto</format>
					<state><![CDATA[Enabled]]></state>
					<url>http://osint.bambenekconsulting.com/feeds/dga-feed.gz</url>
					<header>bambenek</header>
				</row>
				<row>
					<format>auto</format>
					<state><![CDATA[Enabled]]></state>
					<url>http://data.phishtank.com/data/online-valid.csv.gz</url>
					<header>pishtank</header>
				</row>
				<row>
					<format>auto</format>
					<state><![CDATA[Enabled]]></state>
					<url>https://www.openphish.com/feed.txt</url>
					<header>openfish</header>
				</row>
				<action>unbound</action>
				<cron>EveryDay</cron>
				<dow>1</dow>
				<filter_alexa></filter_alexa>
				<custom></custom>
				<custom_update>disabled</custom_update>
			</config>
			<config>
				<aliasname>Suspicious</aliasname>
				<description><![CDATA[suspekte Domains]]></description>
				<infolists></infolists>
				<row>
					<format>auto</format>
					<state><![CDATA[Disabled]]></state>
					<url>https://isc.sans.edu/suspicious_domains.html</url>
					<header>sans</header>
				</row>
				<row>
					<format>auto</format>
					<state><![CDATA[Enabled]]></state>
					<url>https://dshield.org/feeds/suspiciousdomains_High.txt</url>
					<header>dshield_high</header>
				</row>
				<row>
					<format>auto</format>
					<state><![CDATA[Enabled]]></state>
					<url>https://dshield.org/feeds/suspiciousdomains_Medium.txt</url>
					<header>dshield_medium</header>
				</row>
				<action>Disabled</action>
				<cron>06hours</cron>
				<dow>1</dow>
				<filter_alexa></filter_alexa>
				<custom></custom>
				<custom_update>disabled</custom_update>
			</config>
			<config>
				<aliasname>Virus</aliasname>
				<description><![CDATA[Virusdomains]]></description>
				<infolists></infolists>
				<row>
					<format>auto</format>
					<state><![CDATA[Disabled]]></state>
					<url>http://www.wael.name/wael.list.p2p.gz</url>
					<header>wael</header>
				</row>
				<action>Disabled</action>
				<cron>EveryDay</cron>
				<dow>1</dow>
				<filter_alexa></filter_alexa>
				<custom></custom>
				<custom_update>disabled</custom_update>
			</config>
			<config>
				<aliasname>Microsoft_Telemetrie</aliasname>
				<description><![CDATA[Microsofts Telemetrieserver]]></description>
				<infolists></infolists>
				<row>
					<format>auto</format>
					<state><![CDATA[Enabled]]></state>
					<url>https://raw.githubusercontent.com/WindowsLies/BlockWindows/master/hostslist</url>
					<header>githubliste</header>
				</row>
				<action>unbound</action>
				<cron>Weekly</cron>
				<dow>1</dow>
				<filter_alexa></filter_alexa>
				<custom></custom>
				<custom_update>disabled</custom_update>
			</config>
			<config>
				<aliasname>eigeneBlocks</aliasname>
				<description><![CDATA[eigene Blockings]]></description>
				<infolists></infolists>
				<row>
					<format>auto</format>
					<state><![CDATA[Enabled]]></state>
					<url></url>
					<header></header>
				</row>
				<action>Disabled</action>
				<cron>Never</cron>
				<dow>1</dow>
				<filter_alexa></filter_alexa>
				<custom>LmdhbWJsaW5nLmNvbQ==</custom>
				<custom_update>disabled</custom_update>
			</config>
		</pfblockerngdnsbl>
		<freeradiusauthorizedmacs></freeradiusauthorizedmacs>
		<freeradiusclients>
			<config>
				<varclientip>172.16.100.80</varclientip>
				<varclientipversion>ipaddr</varclientipversion>
				<varclientshortname>ruckus</varclientshortname>
				<varclientsharedsecret>blablablub</varclientsharedsecret>
				<varclientproto>udp</varclientproto>
				<varclientnastype>other</varclientnastype>
				<varrequiremessageauthenticator>yes</varrequiremessageauthenticator>
				<varclientmaxconnections>16</varclientmaxconnections>
				<varclientlogininput></varclientlogininput>
				<varclientpasswordinput></varclientpasswordinput>
				<description><![CDATA[ruckus]]></description>
			</config>
			<config>
				<varclientip>172.16.100.10</varclientip>
				<varclientipversion>ipaddr</varclientipversion>
				<varclientshortname>zyxel</varclientshortname>
				<varclientsharedsecret>smje7598z3oht2o</varclientsharedsecret>
				<varclientproto>udp</varclientproto>
				<varclientnastype>other</varclientnastype>
				<varrequiremessageauthenticator>no</varrequiremessageauthenticator>
				<varclientmaxconnections>16</varclientmaxconnections>
				<varclientlogininput></varclientlogininput>
				<varclientpasswordinput></varclientpasswordinput>
				<description><![CDATA[zyxel]]></description>
			</config>
			<config>
				<varclientip>172.16.0.100</varclientip>
				<varclientipversion>ipaddr</varclientipversion>
				<varclientshortname>NTRadPing</varclientshortname>
				<varclientsharedsecret>123456</varclientsharedsecret>
				<varclientproto>udp</varclientproto>
				<varclientnastype>other</varclientnastype>
				<varrequiremessageauthenticator>no</varrequiremessageauthenticator>
				<varclientmaxconnections>16</varclientmaxconnections>
				<varclientlogininput></varclientlogininput>
				<varclientpasswordinput></varclientpasswordinput>
				<description><![CDATA[NTRadPing]]></description>
			</config>
			<config>
				<varclientip>127.0.0.1</varclientip>
				<varclientipversion>ipaddr</varclientipversion>
				<varclientshortname>tester</varclientshortname>
				<varclientsharedsecret>SuperTest</varclientsharedsecret>
				<varclientproto>udp</varclientproto>
				<varclientnastype>other</varclientnastype>
				<varrequiremessageauthenticator>no</varrequiremessageauthenticator>
				<varclientmaxconnections>16</varclientmaxconnections>
				<varclientlogininput></varclientlogininput>
				<varclientpasswordinput></varclientpasswordinput>
				<description></description>
			</config>
		</freeradiusclients>
		<freeradiusinterfaces>
			<config>
				<varinterfaceip>127.0.0.1</varinterfaceip>
				<varinterfaceport>1812</varinterfaceport>
				<varinterfacetype>auth</varinterfacetype>
				<varinterfaceipversion>ipaddr</varinterfaceipversion>
				<description></description>
			</config>
			<config>
				<varinterfaceip>127.0.0.1</varinterfaceip>
				<varinterfaceport>1813</varinterfaceport>
				<varinterfacetype>acct</varinterfacetype>
				<varinterfaceipversion>ipaddr</varinterfaceipversion>
				<description></description>
			</config>
		</freeradiusinterfaces>
		<freeradiussettings>
			<config>
				<varsettingsmaxrequests>1024</varsettingsmaxrequests>
				<varsettingsmaxrequesttime>30</varsettingsmaxrequesttime>
				<varsettingscleanupdelay>5</varsettingscleanupdelay>
				<varsettingsallowcoredumps>yes</varsettingsallowcoredumps>
				<varsettingsregularexpressions>yes</varsettingsregularexpressions>
				<varsettingsextendedexpressions>yes</varsettingsextendedexpressions>
				<varsettingslogdir>syslog</varsettingslogdir>
				<varsettingsauth>yes</varsettingsauth>
				<varsettingsauthbadpass>no</varsettingsauthbadpass>
				<varsettingsauthbadpassmessage></varsettingsauthbadpassmessage>
				<varsettingsauthgoodpass>no</varsettingsauthgoodpass>
				<varsettingsauthgoodpassmessage></varsettingsauthgoodpassmessage>
				<varsettingsstrippednames>no</varsettingsstrippednames>
				<varsettingshostnamelookups>no</varsettingshostnamelookups>
				<varsettingsmaxattributes>200</varsettingsmaxattributes>
				<varsettingsrejectdelay>1</varsettingsrejectdelay>
				<varsettingsstartservers>5</varsettingsstartservers>
				<varsettingsmaxservers>32</varsettingsmaxservers>
				<varsettingsminspareservers>3</varsettingsminspareservers>
				<varsettingsmaxspareservers>10</varsettingsmaxspareservers>
				<varsettingsmaxqueuesize>65536</varsettingsmaxqueuesize>
				<varsettingsmaxrequestsperserver>0</varsettingsmaxrequestsperserver>
				<varsettingsmotpenable></varsettingsmotpenable>
				<varsettingsmotptimespan></varsettingsmotptimespan>
				<varsettingsmotppasswordattempts></varsettingsmotppasswordattempts>
				<varsettingsmotpchecksumtype>md5</varsettingsmotpchecksumtype>
				<varsettingsmotptokenlength></varsettingsmotptokenlength>
				<varsettingsenablemacauth></varsettingsenablemacauth>
				<varsettingsenableacctunique>on</varsettingsenableacctunique>
			</config>
		</freeradiussettings>
		<freeradiussqlconf>
			<config>
				<varsqlconfincludeenable>on</varsqlconfincludeenable>
				<varsqlconfenableauthorize>Disable</varsqlconfenableauthorize>
				<varsqlconfenableaccounting>Enable</varsqlconfenableaccounting>
				<varsqlconfenablesession>Enable</varsqlconfenablesession>
				<varsqlconfenablepostauth>Enable</varsqlconfenablepostauth>
				<varsqlconfdatabase>mysql</varsqlconfdatabase>
				<varsqlconfserver>localhost</varsqlconfserver>
				<varsqlconfport>3306</varsqlconfport>
				<varsqlconflogin>radius</varsqlconflogin>
				<varsqlconfpassword>radpass</varsqlconfpassword>
				<varsqlconfradiusdb>radius</varsqlconfradiusdb>
				<varsqlconfaccttable1>radacct</varsqlconfaccttable1>
				<varsqlconfaccttable2>radacct</varsqlconfaccttable2>
				<varsqlconfpostauthtable>radpostauth</varsqlconfpostauthtable>
				<varsqlconfauthchecktable>radcheck</varsqlconfauthchecktable>
				<varsqlconfauthreplytable>radreply</varsqlconfauthreplytable>
				<varsqlconfgroupchecktable>radgroupcheck</varsqlconfgroupchecktable>
				<varsqlconfgroupreplytable>radgroupreply</varsqlconfgroupreplytable>
				<varsqlconfusergrouptable>radusergroup</varsqlconfusergrouptable>
				<varsqlconfreadgroups>yes</varsqlconfreadgroups>
				<varsqlconfdeletestalesessions>yes</varsqlconfdeletestalesessions>
				<varsqlconfsqltrace>no</varsqlconfsqltrace>
				<varsqlconfnumsqlsocks></varsqlconfnumsqlsocks>
				<varsqlconfconnectfailureretrydelay></varsqlconfconnectfailureretrydelay>
				<varsqlconflifetime></varsqlconflifetime>
				<varsqlconfmaxqueries></varsqlconfmaxqueries>
				<varsqlconfreadclients>yes</varsqlconfreadclients>
				<varsqlconfnastable>nas</varsqlconfnastable>
				<varsqlconf2failover>redundant</varsqlconf2failover>
				<varsqlconf2includeenable></varsqlconf2includeenable>
				<varsqlconf2enableauthorize>Disable</varsqlconf2enableauthorize>
				<varsqlconf2enableaccounting>Disable</varsqlconf2enableaccounting>
				<varsqlconf2enablesession>Disable</varsqlconf2enablesession>
				<varsqlconf2enablepostauth>Disable</varsqlconf2enablepostauth>
				<varsqlconf2database>mysql</varsqlconf2database>
				<varsqlconf2server></varsqlconf2server>
				<varsqlconf2port></varsqlconf2port>
				<varsqlconf2login></varsqlconf2login>
				<varsqlconf2password></varsqlconf2password>
				<varsqlconf2radiusdb></varsqlconf2radiusdb>
				<varsqlconf2accttable1></varsqlconf2accttable1>
				<varsqlconf2accttable2></varsqlconf2accttable2>
				<varsqlconf2postauthtable></varsqlconf2postauthtable>
				<varsqlconf2authchecktable></varsqlconf2authchecktable>
				<varsqlconf2authreplytable></varsqlconf2authreplytable>
				<varsqlconf2groupchecktable></varsqlconf2groupchecktable>
				<varsqlconf2groupreplytable></varsqlconf2groupreplytable>
				<varsqlconf2usergrouptable></varsqlconf2usergrouptable>
				<varsqlconf2readgroups>yes</varsqlconf2readgroups>
				<varsqlconf2deletestalesessions>yes</varsqlconf2deletestalesessions>
				<varsqlconf2sqltrace>no</varsqlconf2sqltrace>
				<varsqlconf2numsqlsocks></varsqlconf2numsqlsocks>
				<varsqlconf2connectfailureretrydelay></varsqlconf2connectfailureretrydelay>
				<varsqlconf2lifetime></varsqlconf2lifetime>
				<varsqlconf2maxqueries></varsqlconf2maxqueries>
				<varsqlconf2readclients>yes</varsqlconf2readclients>
				<varsqlconf2nastable></varsqlconf2nastable>
			</config>
		</freeradiussqlconf>
	</installedpackages>
	<virtualip>
		<vip>
			<mode>ipalias</mode>
			<interface>lan</interface>
			<descr><![CDATA[pfB DNSBL - DO NOT EDIT]]></descr>
			<type>single</type>
			<subnet_bits>32</subnet_bits>
			<subnet>10.10.10.2</subnet>
		</vip>
	</virtualip>
</pfsense>

This doesn't work.

pfadmin

@jimp

This work/freeradius starts:

<?xml version="1.0"?>
<pfsense>
	<version>18.0</version>
	<lastchange></lastchange>
	<system>
		<optimization>normal</optimization>
		<hostname>pfSense2</hostname>
		<domain>matthias.lan</domain>
		<group>
			<name>all</name>
			<description><![CDATA[All Users]]></description>
			<scope>system</scope>
			<gid>1998</gid>
			<member>0</member>
		</group>
		<group>
			<name>admins</name>
			<description><![CDATA[System Administrators]]></description>
			<scope>system</scope>
			<gid>1999</gid>
			<member>0</member>
			<priv>page-all</priv>
		</group>
		<user>
			<name>admin</name>
			<descr><![CDATA[System Administrator]]></descr>
			<scope>system</scope>
			<groupname>admins</groupname>
			<bcrypt-hash>xxx</bcrypt-hash>
			<uid>0</uid>
			<priv>user-shell-access</priv>
		</user>
		<nextuid>2000</nextuid>
		<nextgid>2000</nextgid>
	<installedpackages>
		<package>
			<name>freeradius3</name>
			<website>http://www.freeradius.org/</website>
			<descr><![CDATA[A free implementation of the RADIUS protocol.&lt;br /&gt;
			Supports MySQL, PostgreSQL, LDAP, Kerberos.]]></descr>
			<pkginfolink>https://doc.pfsense.org/index.php/FreeRADIUS_2.x_package</pkginfolink>
			<version>0.15.5_2</version>
			<configurationfile>freeradius.xml</configurationfile>
			<tabs>
				<tab>
					<text><![CDATA[Users]]></text>
					<url>/pkg.php?xml=freeradius.xml</url>
					<active></active>
				</tab>
				<tab>
					<text><![CDATA[MACs]]></text>
					<url>/pkg.php?xml=freeradiusauthorizedmacs.xml</url>
				</tab>
				<tab>
					<text><![CDATA[NAS / Clients]]></text>
					<url>/pkg.php?xml=freeradiusclients.xml</url>
				</tab>
				<tab>
					<text><![CDATA[Interfaces]]></text>
					<url>/pkg.php?xml=freeradiusinterfaces.xml</url>
				</tab>
				<tab>
					<text><![CDATA[Settings]]></text>
					<url>/pkg_edit.php?xml=freeradiussettings.xml&amp;id=0</url>
				</tab>
				<tab>
					<text><![CDATA[EAP]]></text>
					<url>/pkg_edit.php?xml=freeradiuseapconf.xml&amp;id=0</url>
				</tab>
				<tab>
					<text><![CDATA[SQL]]></text>
					<url>/pkg_edit.php?xml=freeradiussqlconf.xml&amp;id=0</url>
				</tab>
				<tab>
					<text><![CDATA[LDAP]]></text>
					<url>/pkg_edit.php?xml=freeradiusmodulesldap.xml&amp;id=0</url>
				</tab>
				<tab>
					<text><![CDATA[View config]]></text>
					<url>/freeradius_view_config.php</url>
				</tab>
				<tab>
					<text><![CDATA[XMLRPC Sync]]></text>
					<url>/pkg_edit.php?xml=freeradiussync.xml&amp;id=0</url>
				</tab>
			</tabs>
			<include_file>/usr/local/pkg/freeradius.inc</include_file>
		</package>
		<package>
			<name>pfBlockerNG</name>
			<descr><![CDATA[pfBlockerNG is the Next Generation of pfBlocker.&lt;br /&gt;
			Manage IPv4/v6 List Sources into 'Deny, Permit or Match' formats.&lt;br /&gt;
			GeoIP database by MaxMind Inc. (GeoLite2 Free version).&lt;br /&gt;
			De-Duplication, Suppression, and Reputation enhancements.&lt;br /&gt;
			Provision to download from diverse List formats.&lt;br /&gt;
			Advanced Integration for Proofpoint ET IQRisk IP Reputation Threat Sources.&lt;br /&gt;
			Domain Name (DNSBL) blocking via Unbound DNS Resolver.]]></descr>
			<pkginfolink>https://forum.pfsense.org/index.php?topic=102470.0</pkginfolink>
			<version>2.1.4_8</version>
			<configurationfile>pfblockerng.xml</configurationfile>
			<tabs>
				<tab>
					<text><![CDATA[General]]></text>
					<url>/pkg_edit.php?xml=pfblockerng.xml</url>
					<active></active>
				</tab>
				<tab>
					<text><![CDATA[Update]]></text>
					<url>/pfblockerng/pfblockerng_update.php</url>
				</tab>
				<tab>
					<text><![CDATA[Alerts]]></text>
					<url>/pfblockerng/pfblockerng_alerts.php</url>
				</tab>
				<tab>
					<text><![CDATA[Reputation]]></text>
					<url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_reputation.xml</url>
				</tab>
				<tab>
					<text><![CDATA[IPv4]]></text>
					<url>/pkg.php?xml=/pfblockerng/pfblockerng_v4lists.xml</url>
				</tab>
				<tab>
					<text><![CDATA[IPv6]]></text>
					<url>/pkg.php?xml=/pfblockerng/pfblockerng_v6lists.xml</url>
				</tab>
				<tab>
					<text><![CDATA[DNSBL]]></text>
					<url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_dnsbl.xml</url>
				</tab>
				<tab>
					<text><![CDATA[GeoIP]]></text>
					<url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_TopSpammers.xml</url>
				</tab>
				<tab>
					<text><![CDATA[Logs]]></text>
					<url>/pfblockerng/pfblockerng_log.php</url>
				</tab>
				<tab>
					<text><![CDATA[Sync]]></text>
					<url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_sync.xml</url>
				</tab>
			</tabs>
			<include_file>/usr/local/pkg/pfblockerng/pfblockerng.inc</include_file>
		</package>
		<package>
			<name>squid3</name>
			<internal_name>squid</internal_name>
			<descr><![CDATA[High performance web proxy cache (3.4 branch). It combines Squid as a proxy server with its capabilities of acting as a HTTP / HTTPS reverse proxy.&lt;br /&gt;
			It includes an Exchange-Web-Access (OWA) Assistant, SSL filtering and antivirus integration via C-ICAP.]]></descr>
			<pkginfolink>https://forum.pfsense.org/index.php?board=60.0</pkginfolink>
			<website>http://www.squid-cache.org/</website>
			<version>0.4.43_1</version>
			<configurationfile>squid.xml</configurationfile>
			<filter_rule_function>squid_generate_rules</filter_rule_function>
			<tabs>
				<tab>
					<text><![CDATA[General]]></text>
					<url>/pkg_edit.php?xml=squid.xml&amp;id=0</url>
					<active></active>
				</tab>
				<tab>
					<text><![CDATA[Remote Cache]]></text>
					<url>/pkg.php?xml=squid_upstream.xml</url>
				</tab>
				<tab>
					<text><![CDATA[Local Cache]]></text>
					<url>/pkg_edit.php?xml=squid_cache.xml&amp;id=0</url>
				</tab>
				<tab>
					<text><![CDATA[Antivirus]]></text>
					<url>/pkg_edit.php?xml=squid_antivirus.xml&amp;id=0</url>
				</tab>
				<tab>
					<text><![CDATA[ACLs]]></text>
					<url>/pkg_edit.php?xml=squid_nac.xml&amp;id=0</url>
				</tab>
				<tab>
					<text><![CDATA[Traffic Mgmt]]></text>
					<url>/pkg_edit.php?xml=squid_traffic.xml&amp;id=0</url>
				</tab>
				<tab>
					<text><![CDATA[Authentication]]></text>
					<url>/pkg_edit.php?xml=squid_auth.xml&amp;id=0</url>
				</tab>
				<tab>
					<text><![CDATA[Users]]></text>
					<url>/pkg.php?xml=squid_users.xml</url>
				</tab>
				<tab>
					<text><![CDATA[Real Time]]></text>
					<url>/squid_monitor.php</url>
				</tab>
				<tab>
					<text><![CDATA[Sync]]></text>
					<url>/pkg_edit.php?xml=squid_sync.xml</url>
				</tab>
			</tabs>
			<include_file>/usr/local/pkg/squid.inc</include_file>
		</package>
		<package>
			<name>squidGuard</name>
			<descr><![CDATA[High performance web proxy URL filter.&lt;br/&gt;
			&lt;strong&gt;Works with both Squid (2.7 legacy branch) and Squid3 (3.4 branch) packages.&lt;/strong&gt;]]></descr>
			<website>http://www.squidGuard.org/</website>
			<version>1.16.4</version>
			<configurationfile>squidguard.xml</configurationfile>
			<after_install_info>Please visit Services - SquidGuard Proxy Filter - Target Categories and set up at least one category there before enabling SquidGuard. See https://forum.pfsense.org/index.php?topic=94312.0 for details.</after_install_info>
			<tabs>
				<tab>
					<text><![CDATA[General settings]]></text>
					<url>/pkg_edit.php?xml=squidguard.xml&amp;id=0</url>
					<active></active>
				</tab>
				<tab>
					<text><![CDATA[Common ACL]]></text>
					<url>/pkg_edit.php?xml=squidguard_default.xml&amp;id=0</url>
				</tab>
				<tab>
					<text><![CDATA[Groups ACL]]></text>
					<url>/pkg.php?xml=squidguard_acl.xml</url>
				</tab>
				<tab>
					<text><![CDATA[Target categories]]></text>
					<url>/pkg.php?xml=squidguard_dest.xml</url>
				</tab>
				<tab>
					<text><![CDATA[Times]]></text>
					<url>/pkg.php?xml=squidguard_time.xml</url>
				</tab>
				<tab>
					<text><![CDATA[Rewrites]]></text>
					<url>/pkg.php?xml=squidguard_rewr.xml</url>
				</tab>
				<tab>
					<text><![CDATA[Blacklist]]></text>
					<url>/squidGuard/squidguard_blacklist.php</url>
				</tab>
				<tab>
					<text><![CDATA[Log]]></text>
					<url>/squidGuard/squidguard_log.php</url>
				</tab>
				<tab>
					<text><![CDATA[XMLRPC Sync]]></text>
					<url>/pkg_edit.php?xml=squidguard_sync.xml</url>
				</tab>
			</tabs>
			<include_file>/usr/local/pkg/squidguard.inc</include_file>
		</package>
		<package>
			<name>Lightsquid</name>
			<descr><![CDATA[LightSquid is a high performance web proxy reporting tool. Includes proxy realtime statistics (SQStat).
			&lt;strong&gt;Requires Squid package.&lt;/strong&gt;]]></descr>
			<website>http://lightsquid.sf.net/</website>
			<version>3.0.6_4</version>
			<configurationfile>lightsquid.xml</configurationfile>
			<noembedded>true</noembedded>
			<include_file>/usr/local/pkg/lightsquid.inc</include_file>
		</package>
		<package>
			<name>OpenVPN Client Export Utility</name>
			<internal_name>openvpn-client-export</internal_name>
			<descr><![CDATA[Allows a pre-configured OpenVPN Windows Client or Mac OS X's Viscosity configuration bundle to be exported directly from pfSense.]]></descr>
			<version>1.4.17</version>
			<configurationfile>openvpn-client-export.xml</configurationfile>
			<tabs>
				<tab>
					<name>Client Export</name>
					<tabgroup>OpenVPN</tabgroup>
					<url>/vpn_openvpn_export.php</url>
				</tab>
				<tab>
					<name>Shared Key Export</name>
					<tabgroup>OpenVPN</tabgroup>
					<url>/vpn_openvpn_export_shared.php</url>
				</tab>
			</tabs>
			<include_file>/usr/local/pkg/openvpn-client-export.inc</include_file>
		</package>
		<package>
			<name>Cron</name>
			<descr><![CDATA[The cron utility is used to manage commands on a schedule.]]></descr>
			<version>0.3.7_2</version>
			<configurationfile>cron.xml</configurationfile>
			<include_file>/usr/local/pkg/cron.inc</include_file>
		</package>
		<freeradiuseapconf>
			<config>
				<ssl_ca_cert>5a58aa23547f7</ssl_ca_cert>
				<ssl_server_cert>5a58aa237e1d4</ssl_server_cert>
			</config>
		</freeradiuseapconf>
		<menu>
			<name>SquidGuard Proxy Filter</name>
			<tooltiptext>Modify the proxy server's filter settings</tooltiptext>
			<section>Services</section>
			<url>/pkg_edit.php?xml=squidguard.xml&amp;id=0</url>
		</menu>
		<menu>
			<name>Squid Proxy Reports</name>
			<section>Status</section>
			<url>/pkg_edit.php?xml=lightsquid.xml</url>
		</menu>
		<menu>
			<name>Squid Proxy Server</name>
			<tooltiptext>Modify the proxy server settings</tooltiptext>
			<section>Services</section>
			<url>/pkg_edit.php?xml=squid.xml&amp;id=0</url>
		</menu>
		<menu>
			<name>Squid Reverse Proxy</name>
			<tooltiptext>Modify the reverse proxy server settings</tooltiptext>
			<section>Services</section>
			<url>/pkg_edit.php?xml=squid_reverse_general.xml&amp;id=0</url>
		</menu>
		<menu>
			<name>FreeRADIUS</name>
			<section>Services</section>
			<url>/pkg.php?xml=freeradius.xml</url>
		</menu>
		<menu>
			<name>pfBlockerNG</name>
			<configfile>pfblockerng.xml</configfile>
			<section>Firewall</section>
			<url>/pkg_edit.php?xml=pfblockerng.xml</url>
		</menu>
		<menu>
			<name>Cron</name>
			<section>Services</section>
			<configfile>cron.xml</configfile>
			<url>/packages/cron/cron.php</url>
		</menu>
		<service>
			<name>squidGuard</name>
			<description><![CDATA[Proxy server filter Service]]></description>
			<executable>squidGuard</executable>
		</service>
		<service>
			<name>lightsquid_web</name>
			<rcfile>lighttpd_ls.sh</rcfile>
			<executable>lighttpd_ls</executable>
			<description><![CDATA[Lightsquid Web Server]]></description>
		</service>
		<service>
			<name>squid</name>
			<rcfile>squid.sh</rcfile>
			<executable>squid</executable>
			<description><![CDATA[Squid Proxy Server Service]]></description>
		</service>
		<service>
			<name>clamd</name>
			<rcfile>clamd.sh</rcfile>
			<executable>clamd</executable>
			<description><![CDATA[ClamAV Antivirus]]></description>
		</service>
		<service>
			<name>c-icap</name>
			<rcfile>c-icap.sh</rcfile>
			<executable>c-icap</executable>
			<description><![CDATA[ICAP Inteface for Squid and ClamAV integration]]></description>
		</service>
		<service>
			<name>radiusd</name>
			<rcfile>radiusd.sh</rcfile>
			<executable>radiusd</executable>
			<description><![CDATA[FreeRADIUS Server]]></description>
		</service>
		<service>
			<name>dnsbl</name>
			<rcfile>dnsbl.sh</rcfile>
			<executable>lighttpd_pfb</executable>
			<description><![CDATA[pfBlockerNG DNSBL Web Server]]></description>
		</service>
		<freeradius>
			<config>
				<sortable></sortable>
				<varusersusername>testu</varusersusername>
				<varuserspassword>testp</varuserspassword>
				<varuserspasswordencryption>Cleartext-Password</varuserspasswordencryption>
				<varusersmotpenable></varusersmotpenable>
				<varusersauthmethod>motp</varusersauthmethod>
				<varusersmotpinitsecret></varusersmotpinitsecret>
				<varusersmotppin></varusersmotppin>
				<varusersmotpoffset></varusersmotpoffset>
				<qrcodetext></qrcodetext>
				<varuserswisprredirectionurl></varuserswisprredirectionurl>
				<varuserssimultaneousconnect></varuserssimultaneousconnect>
				<description></description>
				<varusersframedipaddress></varusersframedipaddress>
				<varusersframedipnetmask></varusersframedipnetmask>
				<varusersframedroute></varusersframedroute>
				<varusersvlanid>70</varusersvlanid>
				<varusersexpiration></varusersexpiration>
				<varuserssessiontimeout>60</varuserssessiontimeout>
				<varuserslogintime></varuserslogintime>
				<varusersamountoftime>2</varusersamountoftime>
				<varuserspointoftime>Daily</varuserspointoftime>
				<varusersmaxtotaloctets></varusersmaxtotaloctets>
				<varusersmaxtotaloctetstimerange>daily</varusersmaxtotaloctetstimerange>
				<varusersmaxbandwidthdown></varusersmaxbandwidthdown>
				<varusersmaxbandwidthup></varusersmaxbandwidthup>
				<varusersacctinteriminterval></varusersacctinteriminterval>
				<varuserstopadditionaloptions></varuserstopadditionaloptions>
				<varuserscheckitemsadditionaloptions></varuserscheckitemsadditionaloptions>
				<varusersreplyitemsadditionaloptions></varusersreplyitemsadditionaloptions>
			</config>
		</freeradius>
		<squidcache></squidcache>
		<squidremote></squidremote>
		<squidauth>
			<config>
				<auth_method>none</auth_method>
			</config>
		</squidauth>
		<pfblockerngdnsbl>
			<config>
				<aliasname>Ads</aliasname>
				<description><![CDATA[Werbefilter]]></description>
				<infolists></infolists>
				<row>
					<format>auto</format>
					<state><![CDATA[Enabled]]></state>
					<url>http://hosts-file.net/ad_servers.txt</url>
					<header>hphosts</header>
				</row>
				<row>
					<format>auto</format>
					<state><![CDATA[Enabled]]></state>
					<url>http://pgl.yoyo.org/adservers/serverlist.php?hostformat=hosts&amp;mimetype=plaintext</url>
					<header>yoyo</header>
				</row>
				<row>
					<format>auto</format>
					<state><![CDATA[Enabled]]></state>
					<url>https://adaway.org/hosts.txt</url>
					<header>adaway</header>
				</row>
				<row>
					<format>auto</format>
					<state><![CDATA[Enabled]]></state>
					<url>http://sysctl.org/cameleon/hosts</url>
					<header>cameleon</header>
				</row>
				<row>
					<format>auto</format>
					<state><![CDATA[Enabled]]></state>
					<url>http://hosts-file.net/download/hosts.zip</url>
					<header>hphosts</header>
				</row>
				<row>
					<format>auto</format>
					<state><![CDATA[Enabled]]></state>
					<url>http://winhelp2002.mvps.org/hosts.txt</url>
					<header>mvps</header>
				</row>
				<action>unbound</action>
				<cron>EveryDay</cron>
				<dow>7</dow>
				<filter_alexa></filter_alexa>
				<custom></custom>
				<custom_update>disabled</custom_update>
			</config>
			<config>
				<aliasname>Malicious</aliasname>
				<description><![CDATA[gef&auml;hrliche Sites]]></description>
				<infolists></infolists>
				<row>
					<format>auto</format>
					<state><![CDATA[Enabled]]></state>
					<url>http://mirror1.malwaredomains.com/files/justdomains</url>
					<header>malewaredomains</header>
				</row>
				<row>
					<format>auto</format>
					<state><![CDATA[Enabled]]></state>
					<url>http://www.malwaredomainlist.com/hostslist/hosts.txt</url>
					<header>malewarelists</header>
				</row>
				<row>
					<format>auto</format>
					<state><![CDATA[Enabled]]></state>
					<url>http://osint.bambenekconsulting.com/feeds/dga-feed.gz</url>
					<header>bambenek</header>
				</row>
				<row>
					<format>auto</format>
					<state><![CDATA[Enabled]]></state>
					<url>http://data.phishtank.com/data/online-valid.csv.gz</url>
					<header>pishtank</header>
				</row>
				<row>
					<format>auto</format>
					<state><![CDATA[Enabled]]></state>
					<url>https://www.openphish.com/feed.txt</url>
					<header>openfish</header>
				</row>
				<action>unbound</action>
				<cron>EveryDay</cron>
				<dow>1</dow>
				<filter_alexa></filter_alexa>
				<custom></custom>
				<custom_update>disabled</custom_update>
			</config>
			<config>
				<aliasname>Suspicious</aliasname>
				<description><![CDATA[suspekte Domains]]></description>
				<infolists></infolists>
				<row>
					<format>auto</format>
					<state><![CDATA[Disabled]]></state>
					<url>https://isc.sans.edu/suspicious_domains.html</url>
					<header>sans</header>
				</row>
				<row>
					<format>auto</format>
					<state><![CDATA[Enabled]]></state>
					<url>https://dshield.org/feeds/suspiciousdomains_High.txt</url>
					<header>dshield_high</header>
				</row>
				<row>
					<format>auto</format>
					<state><![CDATA[Enabled]]></state>
					<url>https://dshield.org/feeds/suspiciousdomains_Medium.txt</url>
					<header>dshield_medium</header>
				</row>
				<action>Disabled</action>
				<cron>06hours</cron>
				<dow>1</dow>
				<filter_alexa></filter_alexa>
				<custom></custom>
				<custom_update>disabled</custom_update>
			</config>
			<config>
				<aliasname>Virus</aliasname>
				<description><![CDATA[Virusdomains]]></description>
				<infolists></infolists>
				<row>
					<format>auto</format>
					<state><![CDATA[Disabled]]></state>
					<url>http://www.wael.name/wael.list.p2p.gz</url>
					<header>wael</header>
				</row>
				<action>Disabled</action>
				<cron>EveryDay</cron>
				<dow>1</dow>
				<filter_alexa></filter_alexa>
				<custom></custom>
				<custom_update>disabled</custom_update>
			</config>
			<config>
				<aliasname>Microsoft_Telemetrie</aliasname>
				<description><![CDATA[Microsofts Telemetrieserver]]></description>
				<infolists></infolists>
				<row>
					<format>auto</format>
					<state><![CDATA[Enabled]]></state>
					<url>https://raw.githubusercontent.com/WindowsLies/BlockWindows/master/hostslist</url>
					<header>githubliste</header>
				</row>
				<action>unbound</action>
				<cron>Weekly</cron>
				<dow>1</dow>
				<filter_alexa></filter_alexa>
				<custom></custom>
				<custom_update>disabled</custom_update>
			</config>
			<config>
				<aliasname>eigeneBlocks</aliasname>
				<description><![CDATA[eigene Blockings]]></description>
				<infolists></infolists>
				<row>
					<format>auto</format>
					<state><![CDATA[Enabled]]></state>
					<url></url>
					<header></header>
				</row>
				<action>Disabled</action>
				<cron>Never</cron>
				<dow>1</dow>
				<filter_alexa></filter_alexa>
				<custom>LmdhbWJsaW5nLmNvbQ==</custom>
				<custom_update>disabled</custom_update>
			</config>
		</pfblockerngdnsbl>
		<freeradiusauthorizedmacs></freeradiusauthorizedmacs>
		<freeradiusclients>
			<config>
				<varclientip>172.16.100.80</varclientip>
				<varclientipversion>ipaddr</varclientipversion>
				<varclientshortname>ruckus</varclientshortname>
				<varclientsharedsecret>blablablub</varclientsharedsecret>
				<varclientproto>udp</varclientproto>
				<varclientnastype>other</varclientnastype>
				<varrequiremessageauthenticator>yes</varrequiremessageauthenticator>
				<varclientmaxconnections>16</varclientmaxconnections>
				<varclientlogininput></varclientlogininput>
				<varclientpasswordinput></varclientpasswordinput>
				<description><![CDATA[ruckus]]></description>
			</config>
			<config>
				<varclientip>172.16.100.10</varclientip>
				<varclientipversion>ipaddr</varclientipversion>
				<varclientshortname>zyxel</varclientshortname>
				<varclientsharedsecret>smje7598z3oht2o</varclientsharedsecret>
				<varclientproto>udp</varclientproto>
				<varclientnastype>other</varclientnastype>
				<varrequiremessageauthenticator>no</varrequiremessageauthenticator>
				<varclientmaxconnections>16</varclientmaxconnections>
				<varclientlogininput></varclientlogininput>
				<varclientpasswordinput></varclientpasswordinput>
				<description><![CDATA[zyxel]]></description>
			</config>
			<config>
				<varclientip>172.16.0.100</varclientip>
				<varclientipversion>ipaddr</varclientipversion>
				<varclientshortname>NTRadPing</varclientshortname>
				<varclientsharedsecret>123456</varclientsharedsecret>
				<varclientproto>udp</varclientproto>
				<varclientnastype>other</varclientnastype>
				<varrequiremessageauthenticator>no</varrequiremessageauthenticator>
				<varclientmaxconnections>16</varclientmaxconnections>
				<varclientlogininput></varclientlogininput>
				<varclientpasswordinput></varclientpasswordinput>
				<description><![CDATA[NTRadPing]]></description>
			</config>
			<config>
				<varclientip>127.0.0.1</varclientip>
				<varclientipversion>ipaddr</varclientipversion>
				<varclientshortname>tester</varclientshortname>
				<varclientsharedsecret>SuperTest</varclientsharedsecret>
				<varclientproto>udp</varclientproto>
				<varclientnastype>other</varclientnastype>
				<varrequiremessageauthenticator>no</varrequiremessageauthenticator>
				<varclientmaxconnections>16</varclientmaxconnections>
				<varclientlogininput></varclientlogininput>
				<varclientpasswordinput></varclientpasswordinput>
				<description></description>
			</config>
		</freeradiusclients>
		<freeradiusinterfaces>
			<config>
				<varinterfaceip>127.0.0.1</varinterfaceip>
				<varinterfaceport>1812</varinterfaceport>
				<varinterfacetype>auth</varinterfacetype>
				<varinterfaceipversion>ipaddr</varinterfaceipversion>
				<description></description>
			</config>
			<config>
				<varinterfaceip>127.0.0.1</varinterfaceip>
				<varinterfaceport>1813</varinterfaceport>
				<varinterfacetype>acct</varinterfacetype>
				<varinterfaceipversion>ipaddr</varinterfaceipversion>
				<description></description>
			</config>
		</freeradiusinterfaces>
		<freeradiussettings>
			<config>
				<varsettingsmaxrequests>1024</varsettingsmaxrequests>
				<varsettingsmaxrequesttime>30</varsettingsmaxrequesttime>
				<varsettingscleanupdelay>5</varsettingscleanupdelay>
				<varsettingsallowcoredumps>yes</varsettingsallowcoredumps>
				<varsettingsregularexpressions>yes</varsettingsregularexpressions>
				<varsettingsextendedexpressions>yes</varsettingsextendedexpressions>
				<varsettingslogdir>syslog</varsettingslogdir>
				<varsettingsauth>yes</varsettingsauth>
				<varsettingsauthbadpass>no</varsettingsauthbadpass>
				<varsettingsauthbadpassmessage></varsettingsauthbadpassmessage>
				<varsettingsauthgoodpass>no</varsettingsauthgoodpass>
				<varsettingsauthgoodpassmessage></varsettingsauthgoodpassmessage>
				<varsettingsstrippednames>no</varsettingsstrippednames>
				<varsettingshostnamelookups>no</varsettingshostnamelookups>
				<varsettingsmaxattributes>200</varsettingsmaxattributes>
				<varsettingsrejectdelay>1</varsettingsrejectdelay>
				<varsettingsstartservers>5</varsettingsstartservers>
				<varsettingsmaxservers>32</varsettingsmaxservers>
				<varsettingsminspareservers>3</varsettingsminspareservers>
				<varsettingsmaxspareservers>10</varsettingsmaxspareservers>
				<varsettingsmaxqueuesize>65536</varsettingsmaxqueuesize>
				<varsettingsmaxrequestsperserver>0</varsettingsmaxrequestsperserver>
				<varsettingsmotpenable></varsettingsmotpenable>
				<varsettingsmotptimespan></varsettingsmotptimespan>
				<varsettingsmotppasswordattempts></varsettingsmotppasswordattempts>
				<varsettingsmotpchecksumtype>md5</varsettingsmotpchecksumtype>
				<varsettingsmotptokenlength></varsettingsmotptokenlength>
				<varsettingsenablemacauth></varsettingsenablemacauth>
				<varsettingsenableacctunique>on</varsettingsenableacctunique>
			</config>
		</freeradiussettings>
		<freeradiussqlconf>
			<config>
				<varsqlconfincludeenable>on</varsqlconfincludeenable>
				<varsqlconfenableauthorize>Enable</varsqlconfenableauthorize>
				<varsqlconfenableaccounting>Enable</varsqlconfenableaccounting>
				<varsqlconfenablesession>Enable</varsqlconfenablesession>
				<varsqlconfenablepostauth>Enable</varsqlconfenablepostauth>
				<varsqlconfdatabase>mysql</varsqlconfdatabase>
				<varsqlconfserver>localhost</varsqlconfserver>
				<varsqlconfport>3306</varsqlconfport>
				<varsqlconflogin>radius</varsqlconflogin>
				<varsqlconfpassword>radpass</varsqlconfpassword>
				<varsqlconfradiusdb>radius</varsqlconfradiusdb>
				<varsqlconfaccttable1>radacct</varsqlconfaccttable1>
				<varsqlconfaccttable2>radacct</varsqlconfaccttable2>
				<varsqlconfpostauthtable>radpostauth</varsqlconfpostauthtable>
				<varsqlconfauthchecktable>radcheck</varsqlconfauthchecktable>
				<varsqlconfauthreplytable>radreply</varsqlconfauthreplytable>
				<varsqlconfgroupchecktable>radgroupcheck</varsqlconfgroupchecktable>
				<varsqlconfgroupreplytable>radgroupreply</varsqlconfgroupreplytable>
				<varsqlconfusergrouptable>radusergroup</varsqlconfusergrouptable>
				<varsqlconfreadgroups>yes</varsqlconfreadgroups>
				<varsqlconfdeletestalesessions>yes</varsqlconfdeletestalesessions>
				<varsqlconfsqltrace>no</varsqlconfsqltrace>
				<varsqlconfnumsqlsocks></varsqlconfnumsqlsocks>
				<varsqlconfconnectfailureretrydelay></varsqlconfconnectfailureretrydelay>
				<varsqlconflifetime></varsqlconflifetime>
				<varsqlconfmaxqueries></varsqlconfmaxqueries>
				<varsqlconfreadclients>yes</varsqlconfreadclients>
				<varsqlconfnastable>nas</varsqlconfnastable>
				<varsqlconf2failover>redundant</varsqlconf2failover>
				<varsqlconf2includeenable></varsqlconf2includeenable>
				<varsqlconf2enableauthorize>Disable</varsqlconf2enableauthorize>
				<varsqlconf2enableaccounting>Disable</varsqlconf2enableaccounting>
				<varsqlconf2enablesession>Disable</varsqlconf2enablesession>
				<varsqlconf2enablepostauth>Disable</varsqlconf2enablepostauth>
				<varsqlconf2database>mysql</varsqlconf2database>
				<varsqlconf2server></varsqlconf2server>
				<varsqlconf2port></varsqlconf2port>
				<varsqlconf2login></varsqlconf2login>
				<varsqlconf2password></varsqlconf2password>
				<varsqlconf2radiusdb></varsqlconf2radiusdb>
				<varsqlconf2accttable1></varsqlconf2accttable1>
				<varsqlconf2accttable2></varsqlconf2accttable2>
				<varsqlconf2postauthtable></varsqlconf2postauthtable>
				<varsqlconf2authchecktable></varsqlconf2authchecktable>
				<varsqlconf2authreplytable></varsqlconf2authreplytable>
				<varsqlconf2groupchecktable></varsqlconf2groupchecktable>
				<varsqlconf2groupreplytable></varsqlconf2groupreplytable>
				<varsqlconf2usergrouptable></varsqlconf2usergrouptable>
				<varsqlconf2readgroups>yes</varsqlconf2readgroups>
				<varsqlconf2deletestalesessions>yes</varsqlconf2deletestalesessions>
				<varsqlconf2sqltrace>no</varsqlconf2sqltrace>
				<varsqlconf2numsqlsocks></varsqlconf2numsqlsocks>
				<varsqlconf2connectfailureretrydelay></varsqlconf2connectfailureretrydelay>
				<varsqlconf2lifetime></varsqlconf2lifetime>
				<varsqlconf2maxqueries></varsqlconf2maxqueries>
				<varsqlconf2readclients>yes</varsqlconf2readclients>
				<varsqlconf2nastable></varsqlconf2nastable>
			</config>
		</freeradiussqlconf>
	</installedpackages>
	<virtualip>
		<vip>
			<mode>ipalias</mode>
			<interface>lan</interface>
			<descr><![CDATA[pfB DNSBL - DO NOT EDIT]]></descr>
			<type>single</type>
			<subnet_bits>32</subnet_bits>
			<subnet>10.10.10.2</subnet>
		</vip>
	</virtualip>
</pfsense>

Only thing changed is  from Disabled to Enabled and save

Hope now its correct for you :-)

pfadmin

FreeRADIUS Version 3.0.15
Copyright (C) 1999-2017 The FreeRADIUS server project and contributors
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License
For more information about these matters, see the file named COPYRIGHT
Starting - reading configuration files ...
including dictionary file /usr/local/share/freeradius/dictionary
including dictionary file /usr/local/share/freeradius/dictionary.dhcp
including dictionary file /usr/local/share/freeradius/dictionary.vqp
including dictionary file /usr/local/etc/raddb/dictionary
including configuration file /usr/local/etc/raddb/radiusd.conf
including configuration file /usr/local/etc/raddb/clients.conf
including files in directory /usr/local/etc/raddb/mods-enabled/
including configuration file /usr/local/etc/raddb/mods-enabled/pap
including configuration file /usr/local/etc/raddb/mods-enabled/digest
including configuration file /usr/local/etc/raddb/mods-enabled/eap
including configuration file /usr/local/etc/raddb/mods-enabled/dhcp
including configuration file /usr/local/etc/raddb/mods-enabled/detail
including configuration file /usr/local/etc/raddb/mods-enabled/replicate
including configuration file /usr/local/etc/raddb/mods-enabled/utf8
including configuration file /usr/local/etc/raddb/mods-enabled/mschap
including configuration file /usr/local/etc/raddb/mods-enabled/logintime
including configuration file /usr/local/etc/raddb/mods-enabled/echo
including configuration file /usr/local/etc/raddb/mods-enabled/googleauth
including configuration file /usr/local/etc/raddb/mods-enabled/dynamic_clients
including configuration file /usr/local/etc/raddb/mods-enabled/unpack
including configuration file /usr/local/etc/raddb/mods-enabled/motp
including configuration file /usr/local/etc/raddb/mods-enabled/detail.log
including configuration file /usr/local/etc/raddb/mods-enabled/sql
including configuration file /usr/local/etc/raddb/mods-config/sql/main/mysql/queries.conf
including configuration file /usr/local/etc/raddb/mods-enabled/sradutmp
including configuration file /usr/local/etc/raddb/mods-enabled/datacounter_acct
including configuration file /usr/local/etc/raddb/mods-enabled/exec
including configuration file /usr/local/etc/raddb/mods-enabled/unix
including configuration file /usr/local/etc/raddb/mods-enabled/soh
including configuration file /usr/local/etc/raddb/mods-enabled/expr
including configuration file /usr/local/etc/raddb/mods-enabled/preprocess
including configuration file /usr/local/etc/raddb/mods-enabled/attr_filter
including configuration file /usr/local/etc/raddb/mods-enabled/realm
including configuration file /usr/local/etc/raddb/mods-enabled/passwd
including configuration file /usr/local/etc/raddb/mods-enabled/chap
including configuration file /usr/local/etc/raddb/mods-enabled/date
including configuration file /usr/local/etc/raddb/mods-enabled/cache_eap
including configuration file /usr/local/etc/raddb/mods-enabled/always
including configuration file /usr/local/etc/raddb/mods-enabled/expiration
including configuration file /usr/local/etc/raddb/mods-enabled/files
including configuration file /usr/local/etc/raddb/mods-enabled/sqlcounter
including configuration file /usr/local/etc/raddb/mods-config/sql/counter/mysql/dailycounter.conf
including configuration file /usr/local/etc/raddb/mods-config/sql/counter/mysql/monthlycounter.conf
including configuration file /usr/local/etc/raddb/mods-config/sql/counter/mysql/noresetcounter.conf
including configuration file /usr/local/etc/raddb/mods-config/sql/counter/mysql/expire_on_login.conf
including configuration file /usr/local/etc/raddb/mods-enabled/linelog
including configuration file /usr/local/etc/raddb/mods-enabled/radutmp
including files in directory /usr/local/etc/raddb/policy.d/
including configuration file /usr/local/etc/raddb/policy.d/moonshot-targeted-ids
including configuration file /usr/local/etc/raddb/policy.d/canonicalization
including configuration file /usr/local/etc/raddb/policy.d/pfs_custom_policies
including configuration file /usr/local/etc/raddb/policy.d/operator-name
including configuration file /usr/local/etc/raddb/policy.d/control
including configuration file /usr/local/etc/raddb/policy.d/cui
including configuration file /usr/local/etc/raddb/policy.d/abfab-tr
including configuration file /usr/local/etc/raddb/policy.d/dhcp
including configuration file /usr/local/etc/raddb/policy.d/eap
including configuration file /usr/local/etc/raddb/policy.d/debug
including configuration file /usr/local/etc/raddb/policy.d/filter
including configuration file /usr/local/etc/raddb/policy.d/accounting
including files in directory /usr/local/etc/raddb/sites-enabled/
including configuration file /usr/local/etc/raddb/sites-enabled/inner-tunnel-ttls
including configuration file /usr/local/etc/raddb/sites-enabled/default
including configuration file /usr/local/etc/raddb/sites-enabled/inner-tunnel-peap
main {
 security {
        allow_core_dumps = yes
 }
        name = "radiusd"
        prefix = "/usr/local"
        localstatedir = "/var"
        logdir = "/var/log"
        run_dir = "/var/run"
}
Changing value of PR_DUMPABLE not supported on this system
Core dumps are enabled
main {
        name = "radiusd"
        prefix = "/usr/local"
        localstatedir = "/var"
        sbindir = "/usr/local/sbin"
        logdir = "/var/log"
        run_dir = "/var/run"
        libdir = "/usr/local/lib/freeradius-3.0.15"
        radacctdir = "/var/log/radacct"
        hostname_lookups = no
        max_request_time = 30
        cleanup_delay = 5
        max_requests = 1024
        pidfile = "/var/run/radiusd.pid"
        checkrad = "/usr/local/sbin/checkrad"
        debug_level = 0
        proxy_requests = yes
 log {
        stripped_names = no
        auth = yes
        auth_badpass = no
        auth_goodpass = no
        msg_badpass = ""
        msg_goodpass = ""
        colourise = yes
        msg_denied = "You are already logged in - access denied"
 }
 resources {
 }
 security {
        max_attributes = 200
        reject_delay = 1.000000
        status_server = no
 }
}
radiusd: #### Loading Realms and Home Servers ####
radiusd: #### Loading Clients ####
 client ruckus {
        ipaddr = 172.16.100.80
        require_message_authenticator = yes
        secret = <<< secret >>>
        nas_type = "other"
        proto = "udp"
  limit {
        max_connections = 16
        lifetime = 0
        idle_timeout = 30
  }
 }
 client zyxel {
        ipaddr = 172.16.100.10
        require_message_authenticator = no
        secret = <<< secret >>>
        nas_type = "other"
        proto = "udp"
  limit {
        max_connections = 16
        lifetime = 0
        idle_timeout = 30
  }
 }
 client NTRadPing {
        ipaddr = 172.16.0.100
        require_message_authenticator = no
        secret = <<< secret >>>
        nas_type = "other"
        proto = "udp"
  limit {
        max_connections = 16
        lifetime = 0
        idle_timeout = 30
  }
 }
 client tester {
        ipaddr = 127.0.0.1
        require_message_authenticator = no
        secret = <<< secret >>>
        nas_type = "other"
        proto = "udp"
  limit {
        max_connections = 16
        lifetime = 0
        idle_timeout = 30
  }
 }
Debugger not attached
 # Creating Auth-Type = mschap
 # Creating Auth-Type = eap
 # Creating Auth-Type = PAP
 # Creating Auth-Type = CHAP
 # Creating Auth-Type = MS-CHAP
 # Creating Auth-Type = digest
 # Creating Auth-Type = MOTP
 # Creating Auth-Type = GOOGLEAUTH
 # Creating Autz-Type = Status-Server
 # Creating Acct-Type = Status-Server
radiusd: #### Instantiating modules ####
 modules {
  # Loaded module rlm_pap
  # Loading module "pap" from file /usr/local/etc/raddb/mods-enabled/pap
  pap {
        normalise = yes
  }
  # Loaded module rlm_digest
  # Loading module "digest" from file /usr/local/etc/raddb/mods-enabled/digest
  # Loaded module rlm_eap
  # Loading module "eap" from file /usr/local/etc/raddb/mods-enabled/eap
  eap {
        default_eap_type = "md5"
        timer_expire = 60
        ignore_unknown_eap_types = no
        cisco_accounting_username_bug = no
        max_sessions = 4096
  }
  # Loaded module rlm_dhcp
  # Loading module "dhcp" from file /usr/local/etc/raddb/mods-enabled/dhcp
  # Loaded module rlm_detail
  # Loading module "detail" from file /usr/local/etc/raddb/mods-enabled/detail
  detail {
        filename = "/var/log/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d"
        header = "%t"
        permissions = 384
        locking = no
        escape_filenames = no
        log_packet_header = no
  }
  # Loaded module rlm_replicate
  # Loading module "replicate" from file /usr/local/etc/raddb/mods-enabled/replicate
  # Loaded module rlm_utf8
  # Loading module "utf8" from file /usr/local/etc/raddb/mods-enabled/utf8
  # Loaded module rlm_mschap
  # Loading module "mschap" from file /usr/local/etc/raddb/mods-enabled/mschap
  mschap {
        use_mppe = yes
        require_encryption = no
        require_strong = no
        with_ntdomain_hack = yes
   passchange {
   }
        allow_retry = yes
        winbind_retry_with_normalised_username = no
  }
  # Loaded module rlm_logintime
  # Loading module "logintime" from file /usr/local/etc/raddb/mods-enabled/logintime
  logintime {
        minimum_timeout = 60
  }
  # Loaded module rlm_exec
  # Loading module "echo" from file /usr/local/etc/raddb/mods-enabled/echo
  exec echo {
        wait = yes
        program = "/bin/echo %{User-Name}"
        input_pairs = "request"
        output_pairs = "reply"
        shell_escape = yes
  }
  # Loading module "googleauth" from file /usr/local/etc/raddb/mods-enabled/googleauth
  exec googleauth {
        wait = yes
        program = "/usr/local/etc/raddb/scripts/googleauth.py %{request:User-Name} %{reply:MOTP-Init-Secret} %{reply:MOTP-PIN} %{request:User-Password}"
        shell_escape = yes
  }
  # Loaded module rlm_dynamic_clients
  # Loading module "dynamic_clients" from file /usr/local/etc/raddb/mods-enabled/dynamic_clients
  # Loaded module rlm_unpack
  # Loading module "unpack" from file /usr/local/etc/raddb/mods-enabled/unpack
  # Loading module "motp" from file /usr/local/etc/raddb/mods-enabled/motp
  exec motp {
        wait = yes
        program = "/usr/local/bin/bash /usr/local/etc/raddb/scripts/otpverify.sh %{request:User-Name} %{request:User-Password} %{reply:MOTP-Init-Secret} %{reply:MOTP-PIN} %{reply:MOTP-Offset}"
        shell_escape = yes
  }
  # Loading module "auth_log" from file /usr/local/etc/raddb/mods-enabled/detail.log
  detail auth_log {
        filename = "/var/log/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d"
        header = "%t"
        permissions = 384
        locking = no
        escape_filenames = no
        log_packet_header = no
  }
  # Loading module "reply_log" from file /usr/local/etc/raddb/mods-enabled/detail.log
  detail reply_log {
        filename = "/var/log/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/reply-detail-%Y%m%d"
        header = "%t"
        permissions = 384
        locking = no
        escape_filenames = no
        log_packet_header = no
  }
  # Loading module "pre_proxy_log" from file /usr/local/etc/raddb/mods-enabled/detail.log
  detail pre_proxy_log {
        filename = "/var/log/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/pre-proxy-detail-%Y%m%d"
        header = "%t"
        permissions = 384
        locking = no
        escape_filenames = no
        log_packet_header = no
  }
  # Loading module "post_proxy_log" from file /usr/local/etc/raddb/mods-enabled/detail.log
  detail post_proxy_log {
        filename = "/var/log/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/post-proxy-detail-%Y%m%d"
        header = "%t"
        permissions = 384
        locking = no
        escape_filenames = no
        log_packet_header = no
  }
  # Loaded module rlm_sql
  # Loading module "sql1" from file /usr/local/etc/raddb/mods-enabled/sql
  sql sql1 {
        driver = "rlm_sql_mysql"
        server = "localhost"
        port = 3306
        login = "radius"
        password = <<< secret >>>
        radius_db = "radius"
        read_groups = yes
        read_profiles = yes
        read_clients = yes
        delete_stale_sessions = yes
        sql_user_name = "%{User-Name}"
        logfile = "/var/log/sqltrace.sql"
        default_user_profile = ""
        client_query = "SELECT id, nasname, shortname, type, secret, server FROM nas"
        authorize_check_query = "SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id"
        authorize_reply_query = "SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id"
        authorize_group_check_query = "SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{sql1-SQL-Group}' ORDER BY id"
        authorize_group_reply_query = "SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{sql1-SQL-Group}' ORDER BY id"
        group_membership_query = "SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority"
        simul_count_query = "SELECT COUNT(*) FROM radacct WHERE username = '%{SQL-User-Name}' AND acctstoptime IS NULL"
        simul_verify_query = "SELECT radacctid, acctsessionid, username, nasipaddress, nasportid, framedipaddress, callingstationid, framedprotocol FROM radacct WHERE username = '%{SQL-User-Name}' AND acctstoptime IS NULL"
        safe_characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
   accounting {
        reference = "%{tolower:type.%{Acct-Status-Type}.query}"
    type {
     accounting-on {
        query = "UPDATE radacct SET acctstoptime = FROM_UNIXTIME(%{integer:Event-Timestamp}), acctsessiontime   = '%{integer:Event-Timestamp}' - UNIX_TIMESTAMP(acctstarttime), acctterminatecause = '%{%{Acct-Terminate-Cause}:-NAS-Reboot}' WHERE acctstoptime IS NULL AND nasipaddress   = '%{NAS-IP-Address}' AND acctstarttime <= FROM_UNIXTIME(%{integer:Event-Timestamp})"
     }
     accounting-off {
        query = "UPDATE radacct SET acctstoptime = FROM_UNIXTIME(%{integer:Event-Timestamp}), acctsessiontime   = '%{integer:Event-Timestamp}' - UNIX_TIMESTAMP(acctstarttime), acctterminatecause = '%{%{Acct-Terminate-Cause}:-NAS-Reboot}' WHERE acctstoptime IS NULL AND nasipaddress   = '%{NAS-IP-Address}' AND acctstarttime <= FROM_UNIXTIME(%{integer:Event-Timestamp})"
     }
     start {
        query = "INSERT INTO radacct (acctsessionid,            acctuniqueid,           username, realm,                        nasipaddress,           nasportid, nasporttype,         acctstarttime,          acctupdatetime, acctstoptime,           acctsessiontime,       acctauthentic, connectinfo_start,        connectinfo_stop,       acctinputoctets, acctoutputoctets,      calledstationid,        callingstationid, acctterminatecause,   servicetype,            framedprotocol, framedipaddress) VALUES ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{%{NAS-Port-ID}:-%{NAS-Port}}', '%{NAS-Port-Type}', FROM_UNIXTIME(%{integer:Event-Timestamp}), FROM_UNIXTIME(%{integer:Event-Timestamp}), NULL, '0', '%{Acct-Authentic}', '%{Connect-Info}', '', '0', '0', '%{Called-Station-Id}', '%{Calling-Station-Id}', '', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}')"
     }
     interim-update {
        query = "UPDATE radacct SET acctupdatetime  = (@acctupdatetime_old:=acctupdatetime), acctupdatetime  = FROM_UNIXTIME(%{integer:Event-Timestamp}), acctinterval    = %{integer:Event-Timestamp} - UNIX_TIMESTAMP(@acctupdatetime_old), framedipaddress = '%{Framed-IP-Address}', acctsessiontime = %{%{Acct-Session-Time}:-NULL}, acctinputoctets = '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}' WHERE AcctUniqueId = '%{Acct-Unique-Session-Id}'"
     }
     stop {
        query = "UPDATE radacct SET acctstoptime        = FROM_UNIXTIME(%{integer:Event-Timestamp}), acctsessiontime    = %{%{Acct-Session-Time}:-NULL}, acctinputoctets        = '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}', acctterminatecause = '%{Acct-Terminate-Cause}', connectinfo_stop = '%{Connect-Info}' WHERE AcctUniqueId = '%{Acct-Unique-Session-Id}'"
     }
    }
   }
   post-auth {
        reference = ".query"
        query = "INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{SQL-User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S')"
   }
  }
rlm_sql (sql1): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked
Creating attribute sql1-SQL-Group
  # Loaded module rlm_radutmp
  # Loading module "sradutmp" from file /usr/local/etc/raddb/mods-enabled/sradutmp
  radutmp sradutmp {
        filename = "/var/log/sradutmp"
        username = "%{User-Name}"
        case_sensitive = yes
        check_with_nas = yes
        permissions = 420
        caller_id = no
  }
  # Loading module "datacounterdaily" from file /usr/local/etc/raddb/mods-enabled/datacounter_acct
  exec datacounterdaily {
        wait = yes
        program = "/bin/sh /usr/local/etc/raddb/scripts/datacounter_acct.sh %{request:User-Name} daily %{request:Acct-Input-Octets} %{request:Acct-Output-Octets} %{request:Acct-Status-Type} %{request:Acct-Session-Id}"
        shell_escape = yes
  }
  # Loading module "datacounterweekly" from file /usr/local/etc/raddb/mods-enabled/datacounter_acct
  exec datacounterweekly {
        wait = yes
        program = "/bin/sh /usr/local/etc/raddb/scripts/datacounter_acct.sh %{request:User-Name} weekly %{request:Acct-Input-Octets} %{request:Acct-Output-Octets} %{request:Acct-Status-Type} %{request:Acct-Session-Id}"
        shell_escape = yes
  }
  # Loading module "datacountermonthly" from file /usr/local/etc/raddb/mods-enabled/datacounter_acct
  exec datacountermonthly {
        wait = yes
        program = "/bin/sh /usr/local/etc/raddb/scripts/datacounter_acct.sh %{request:User-Name} monthly %{request:Acct-Input-Octets} %{request:Acct-Output-Octets} %{request:Acct-Status-Type} %{request:Acct-Session-Id}"
        shell_escape = yes
  }
  # Loading module "datacounterforever" from file /usr/local/etc/raddb/mods-enabled/datacounter_acct
  exec datacounterforever {
        wait = yes
        program = "/bin/sh /usr/local/etc/raddb/scripts/datacounter_acct.sh %{request:User-Name} forever %{request:Acct-Input-Octets} %{request:Acct-Output-Octets} %{request:Acct-Status-Type} %{request:Acct-Session-Id}"
        shell_escape = yes
  }
  # Loading module "exec" from file /usr/local/etc/raddb/mods-enabled/exec
  exec {
        wait = no
        input_pairs = "request"
        shell_escape = yes
        timeout = 10
  }
  # Loaded module rlm_unix
  # Loading module "unix" from file /usr/local/etc/raddb/mods-enabled/unix
  unix {
        radwtmp = "/var/log/radwtmp"
  }
Creating attribute Unix-Group
  # Loaded module rlm_soh
  # Loading module "soh" from file /usr/local/etc/raddb/mods-enabled/soh
  soh {
        dhcp = yes
  }
  # Loaded module rlm_expr
  # Loading module "expr" from file /usr/local/etc/raddb/mods-enabled/expr
  expr {
        safe_characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /äéöüàâæçèéêëîïôœùûüaÿÄÉÖÜßÀÂÆÇÈÉÊËÎÏÔŒÙÛÜŸ"
  }
  # Loaded module rlm_preprocess
  # Loading module "preprocess" from file /usr/local/etc/raddb/mods-enabled/preprocess
  preprocess {
        huntgroups = "/usr/local/etc/raddb/mods-config/preprocess/huntgroups"
        hints = "/usr/local/etc/raddb/mods-config/preprocess/hints"
        with_ascend_hack = no
        ascend_channels_per_line = 23
        with_ntdomain_hack = no
        with_specialix_jetstream_hack = no
        with_cisco_vsa_hack = no
        with_alvarion_vsa_hack = no
  }
  # Loaded module rlm_attr_filter
  # Loading module "attr_filter.post-proxy" from file /usr/local/etc/raddb/mods-enabled/attr_filter
  attr_filter attr_filter.post-proxy {
        filename = "/usr/local/etc/raddb/mods-config/attr_filter/post-proxy"
        key = "%{Realm}"
        relaxed = no
  }
  # Loading module "attr_filter.pre-proxy" from file /usr/local/etc/raddb/mods-enabled/attr_filter
  attr_filter attr_filter.pre-proxy {
        filename = "/usr/local/etc/raddb/mods-config/attr_filter/pre-proxy"
        key = "%{Realm}"
        relaxed = no
  }
  # Loading module "attr_filter.access_reject" from file /usr/local/etc/raddb/mods-enabled/attr_filter
  attr_filter attr_filter.access_reject {
        filename = "/usr/local/etc/raddb/mods-config/attr_filter/access_reject"
        key = "%{User-Name}"
        relaxed = no
  }
  # Loading module "attr_filter.access_challenge" from file /usr/local/etc/raddb/mods-enabled/attr_filter
  attr_filter attr_filter.access_challenge {
        filename = "/usr/local/etc/raddb/mods-config/attr_filter/access_challenge"
        key = "%{User-Name}"
        relaxed = no
  }
  # Loading module "attr_filter.accounting_response" from file /usr/local/etc/raddb/mods-enabled/attr_filter
  attr_filter attr_filter.accounting_response {
        filename = "/usr/local/etc/raddb/mods-config/attr_filter/accounting_response"
        key = "%{User-Name}"
        relaxed = no
  }
  # Loaded module rlm_realm
  # Loading module "IPASS" from file /usr/local/etc/raddb/mods-enabled/realm
  realm IPASS {
        format = "prefix"
        delimiter = "/"
        ignore_default = no
        ignore_null = yes
  }
  # Loading module "suffix" from file /usr/local/etc/raddb/mods-enabled/realm
  realm suffix {
        format = "suffix"
        delimiter = "@"
        ignore_default = no
        ignore_null = yes
  }
  # Loading module "realmpercent" from file /usr/local/etc/raddb/mods-enabled/realm
  realm realmpercent {
        format = "suffix"
        delimiter = "%"
        ignore_default = no
        ignore_null = yes
  }
  # Loading module "ntdomain" from file /usr/local/etc/raddb/mods-enabled/realm
  realm ntdomain {
        format = "prefix"
        delimiter = "\"
        ignore_default = no
        ignore_null = yes
  }
  # Loaded module rlm_passwd
  # Loading module "etc_passwd" from file /usr/local/etc/raddb/mods-enabled/passwd
  passwd etc_passwd {
        filename = "/etc/passwd"
        format = "*User-Name:Crypt-Password:"
        delimiter = ":"
        ignore_nislike = no
        ignore_empty = yes
        allow_multiple_keys = no
        hash_size = 100
  }
  # Loaded module rlm_chap
  # Loading module "chap" from file /usr/local/etc/raddb/mods-enabled/chap
  # Loaded module rlm_date
  # Loading module "date" from file /usr/local/etc/raddb/mods-enabled/date
  date {
        format = "%b %e %Y %H:%M:%S %Z"
        utc = no
  }
  # Loaded module rlm_cache
  # Loading module "cache_eap" from file /usr/local/etc/raddb/mods-enabled/cache_eap
  cache cache_eap {
        driver = "rlm_cache_rbtree"
        key = "%{%{control:State}:-%{%{reply:State}:-%{State}}}"
        ttl = 15
        max_entries = 0
        epoch = 0
        add_stats = no
  }
  # Loaded module rlm_always
  # Loading module "reject" from file /usr/local/etc/raddb/mods-enabled/always
  always reject {
        rcode = "reject"
        simulcount = 0
        mpp = no
  }
  # Loading module "fail" from file /usr/local/etc/raddb/mods-enabled/always
  always fail {
        rcode = "fail"
        simulcount = 0
        mpp = no
  }
  # Loading module "ok" from file /usr/local/etc/raddb/mods-enabled/always
  always ok {
        rcode = "ok"
        simulcount = 0
        mpp = no
  }
  # Loading module "handled" from file /usr/local/etc/raddb/mods-enabled/always
  always handled {
        rcode = "handled"
        simulcount = 0
        mpp = no
  }
  # Loading module "invalid" from file /usr/local/etc/raddb/mods-enabled/always
  always invalid {
        rcode = "invalid"
        simulcount = 0
        mpp = no
  }
  # Loading module "userlock" from file /usr/local/etc/raddb/mods-enabled/always
  always userlock {
        rcode = "userlock"
        simulcount = 0
        mpp = no
  }
  # Loading module "notfound" from file /usr/local/etc/raddb/mods-enabled/always
  always notfound {
        rcode = "notfound"
        simulcount = 0
        mpp = no
  }
  # Loading module "noop" from file /usr/local/etc/raddb/mods-enabled/always
  always noop {
        rcode = "noop"
        simulcount = 0
        mpp = no
  }
  # Loading module "updated" from file /usr/local/etc/raddb/mods-enabled/always
  always updated {
        rcode = "updated"
        simulcount = 0
        mpp = no
  }
  # Loaded module rlm_expiration
  # Loading module "expiration" from file /usr/local/etc/raddb/mods-enabled/expiration
  # Loaded module rlm_files
  # Loading module "files" from file /usr/local/etc/raddb/mods-enabled/files
  files {
        filename = "/usr/local/etc/raddb/mods-config/files/authorize"
        acctusersfile = "/usr/local/etc/raddb/mods-config/files/accounting"
        preproxy_usersfile = "/usr/local/etc/raddb/mods-config/files/pre-proxy"
  }
  # Loaded module rlm_sqlcounter
  # Loading module "dailycounter" from file /usr/local/etc/raddb/mods-enabled/sqlcounter
  sqlcounter dailycounter {
        sql_module_instance = "sql"
        key = "User-Name"
        query = "SELECT SUM(acctsessiontime - GREATEST((%%b - UNIX_TIMESTAMP(acctstarttime)), 0)) FROM radacct WHERE username = '%{User-Name}' AND UNIX_TIMESTAMP(acctstarttime) + acctsessiontime > '%%b'"
        reset = "daily"
        counter_name = "Daily-Session-Time"
        check_name = "Max-Daily-Session"
        reply_name = "Session-Timeout"
  }
  # Loading module "monthlycounter" from file /usr/local/etc/raddb/mods-enabled/sqlcounter
  sqlcounter monthlycounter {
        sql_module_instance = "sql"
        key = "User-Name"
        query = "SELECT SUM(acctsessiontime - GREATEST((%%b - UNIX_TIMESTAMP(acctstarttime)), 0)) FROM radacct WHERE username='%{User-Name}' AND UNIX_TIMESTAMP(acctstarttime) + acctsessiontime > '%%b'"
        reset = "monthly"
        counter_name = "Monthly-Session-Time"
        check_name = "Max-Monthly-Session"
        reply_name = "Session-Timeout"
  }
  # Loading module "noresetcounter" from file /usr/local/etc/raddb/mods-enabled/sqlcounter
  sqlcounter noresetcounter {
        sql_module_instance = "sql"
        key = "User-Name"
        query = "SELECT IFNULL(SUM(AcctSessionTime),0) FROM radacct WHERE UserName='%{User-Name}'"
        reset = "never"
        counter_name = "Max-All-Session-Time"
        check_name = "Max-All-Session"
        reply_name = "Session-Timeout"
  }
  # Loading module "expire_on_login" from file /usr/local/etc/raddb/mods-enabled/sqlcounter
  sqlcounter expire_on_login {
        sql_module_instance = "sql"
        key = "User-Name"
        query = "SELECT IFNULL( MAX(TIME_TO_SEC(TIMEDIFF(NOW(), acctstarttime))),0) FROM radacct WHERE UserName='%{User-Name}' ORDER BY acctstarttime LIMIT 1;"
        reset = "never"
        counter_name = "Expire-After-Initial-Login"
        check_name = "Expire-After"
        reply_name = "Session-Timeout"
  }

pfadmin

  # Loaded module rlm_linelog
  # Loading module "linelog" from file /usr/local/etc/raddb/mods-enabled/linelog
  linelog {
        filename = "/var/log/linelog"
        escape_filenames = no
        syslog_severity = "info"
        permissions = 384
        format = "This is a log message for %{User-Name}"
        reference = "messages.%{%{reply:Packet-Type}:-default}"
  }
  # Loading module "log_accounting" from file /usr/local/etc/raddb/mods-enabled/linelog
  linelog log_accounting {
        filename = "/var/log/linelog-accounting"
        escape_filenames = no
        syslog_severity = "info"
        permissions = 384
        format = ""
        reference = "Accounting-Request.%{%{Acct-Status-Type}:-unknown}"
  }
  # Loading module "radutmp" from file /usr/local/etc/raddb/mods-enabled/radutmp
  radutmp {
        filename = "/var/log/radutmp"
        username = "%{User-Name}"
        case_sensitive = yes
        check_with_nas = yes
        permissions = 384
        caller_id = yes
  }
  instantiate {
  # Instantiating module "expiration" from file /usr/local/etc/raddb/mods-enabled/expiration
  # Instantiating module "logintime" from file /usr/local/etc/raddb/mods-enabled/logintime
  # Instantiating module "sql1" from file /usr/local/etc/raddb/mods-enabled/sql
rlm_sql_mysql: libmysql version: 5.6.39
   mysql {
    tls {
    }
        warnings = "auto"
   }
rlm_sql (sql1): Attempting to connect to database "radius"
rlm_sql (sql1): Initialising connection pool
   pool {
        start = 5
        min = 3
        max = 5
        spare = 10
        uses = 0
        lifetime = 0
        cleanup_interval = 30
        idle_timeout = 60
        retry_delay = 60
        spread = no
   }
WARNING: Ignoring "spare = 10", forcing to "spare = 2"
rlm_sql (sql1): Opening additional connection (0), 1 of 5 pending slots used
rlm_sql_mysql: Starting connect to MySQL server
rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX socket, server version 5.6.40, protocol version 10
rlm_sql (sql1): Opening additional connection (1), 1 of 4 pending slots used
rlm_sql_mysql: Starting connect to MySQL server
rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX socket, server version 5.6.40, protocol version 10
rlm_sql (sql1): Opening additional connection (2), 1 of 3 pending slots used
rlm_sql_mysql: Starting connect to MySQL server
rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX socket, server version 5.6.40, protocol version 10
rlm_sql (sql1): Opening additional connection (3), 1 of 2 pending slots used
rlm_sql_mysql: Starting connect to MySQL server
rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX socket, server version 5.6.40, protocol version 10
rlm_sql (sql1): Opening additional connection (4), 1 of 1 pending slots used
rlm_sql_mysql: Starting connect to MySQL server
rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX socket, server version 5.6.40, protocol version 10
rlm_sql (sql1): Processing generate_sql_clients
rlm_sql (sql1) in generate_sql_clients: query is SELECT id, nasname, shortname, type, secret, server FROM nas
rlm_sql (sql1): Reserved connection (0)
rlm_sql (sql1): Executing select query: SELECT id, nasname, shortname, type, secret, server FROM nas
rlm_sql (sql1): Released connection (0)
  }
  # Instantiating module "pap" from file /usr/local/etc/raddb/mods-enabled/pap
  # Instantiating module "eap" from file /usr/local/etc/raddb/mods-enabled/eap
   # Linked to sub-module rlm_eap_md5
   # Linked to sub-module rlm_eap_leap
   # Linked to sub-module rlm_eap_gtc
   gtc {
        challenge = "Password: "
        auth_type = "PAP"
   }
   # Linked to sub-module rlm_eap_tls
   tls {
        tls = "tls-common"
   }
   tls-config tls-common {
        verify_depth = 0
        ca_path = "/usr/local/etc/raddb/certs"
        pem_file_type = yes
        private_key_file = "/usr/local/etc/raddb/certs/server_key.pem"
        certificate_file = "/usr/local/etc/raddb/certs/server_cert.pem"
        ca_file = "/usr/local/etc/raddb/certs/ca_cert.pem"
        dh_file = "/usr/local/etc/raddb/certs/dh"
        random_file = "/dev/urandom"
        fragment_size = 1024
        include_length = yes
        auto_chain = yes
        check_crl = no
        check_all_crl = no
        cipher_list = "DEFAULT"
        cipher_server_preference = no
        ecdh_curve = "prime256v1"
    cache {
        enable = no
        lifetime = 24
        max_entries = 255
    }
    verify {
        skip_if_ocsp_ok = no
    }
    ocsp {
        enable = no
        override_cert_url = no
        url = "http://127.0.0.1/ocsp/"
        use_nonce = yes
        timeout = 0
        softfail = no
    }
   }
   # Linked to sub-module rlm_eap_ttls
   ttls {
        tls = "tls-common"
        default_eap_type = "md5"
        copy_request_to_tunnel = no
        use_tunneled_reply = no
        virtual_server = "inner-tunnel-ttls"
        include_length = yes
        require_client_cert = no
   }
tls: Using cached TLS configuration from previous invocation
   # Linked to sub-module rlm_eap_peap
   peap {
        tls = "tls-common"
        default_eap_type = "mschapv2"
        copy_request_to_tunnel = no
        use_tunneled_reply = no
        proxy_tunneled_request_as_eap = yes
        virtual_server = "inner-tunnel-peap"
        soh = no
        require_client_cert = no
   }
tls: Using cached TLS configuration from previous invocation
   # Linked to sub-module rlm_eap_mschapv2
   mschapv2 {
        with_ntdomain_hack = no
        send_error = no
   }
  # Instantiating module "detail" from file /usr/local/etc/raddb/mods-enabled/detail
  # Instantiating module "mschap" from file /usr/local/etc/raddb/mods-enabled/mschap
rlm_mschap (mschap): using internal authentication
  # Instantiating module "auth_log" from file /usr/local/etc/raddb/mods-enabled/detail.log
rlm_detail (auth_log): 'User-Password' suppressed, will not appear in detail output
  # Instantiating module "reply_log" from file /usr/local/etc/raddb/mods-enabled/detail.log
  # Instantiating module "pre_proxy_log" from file /usr/local/etc/raddb/mods-enabled/detail.log
  # Instantiating module "post_proxy_log" from file /usr/local/etc/raddb/mods-enabled/detail.log
  # Instantiating module "preprocess" from file /usr/local/etc/raddb/mods-enabled/preprocess
reading pairlist file /usr/local/etc/raddb/mods-config/preprocess/huntgroups
reading pairlist file /usr/local/etc/raddb/mods-config/preprocess/hints
  # Instantiating module "attr_filter.post-proxy" from file /usr/local/etc/raddb/mods-enabled/attr_filter
reading pairlist file /usr/local/etc/raddb/mods-config/attr_filter/post-proxy
  # Instantiating module "attr_filter.pre-proxy" from file /usr/local/etc/raddb/mods-enabled/attr_filter
reading pairlist file /usr/local/etc/raddb/mods-config/attr_filter/pre-proxy
  # Instantiating module "attr_filter.access_reject" from file /usr/local/etc/raddb/mods-enabled/attr_filter
reading pairlist file /usr/local/etc/raddb/mods-config/attr_filter/access_reject
[/usr/local/etc/raddb/mods-config/attr_filter/access_reject]:11 Check item "FreeRADIUS-Response-Delay"  found in filter list for realm "DEFAULT".
[/usr/local/etc/raddb/mods-config/attr_filter/access_reject]:11 Check item "FreeRADIUS-Response-Delay-USec"     found in filter list for realm "DEFAULT".
  # Instantiating module "attr_filter.access_challenge" from file /usr/local/etc/raddb/mods-enabled/attr_filter
reading pairlist file /usr/local/etc/raddb/mods-config/attr_filter/access_challenge
  # Instantiating module "attr_filter.accounting_response" from file /usr/local/etc/raddb/mods-enabled/attr_filter
reading pairlist file /usr/local/etc/raddb/mods-config/attr_filter/accounting_response
  # Instantiating module "IPASS" from file /usr/local/etc/raddb/mods-enabled/realm
  # Instantiating module "suffix" from file /usr/local/etc/raddb/mods-enabled/realm
  # Instantiating module "realmpercent" from file /usr/local/etc/raddb/mods-enabled/realm
  # Instantiating module "ntdomain" from file /usr/local/etc/raddb/mods-enabled/realm
  # Instantiating module "etc_passwd" from file /usr/local/etc/raddb/mods-enabled/passwd
rlm_passwd: nfields: 3 keyfield 0(User-Name) listable: no
  # Instantiating module "cache_eap" from file /usr/local/etc/raddb/mods-enabled/cache_eap
rlm_cache (cache_eap): Driver rlm_cache_rbtree (module rlm_cache_rbtree) loaded and linked
  # Instantiating module "reject" from file /usr/local/etc/raddb/mods-enabled/always
  # Instantiating module "fail" from file /usr/local/etc/raddb/mods-enabled/always
  # Instantiating module "ok" from file /usr/local/etc/raddb/mods-enabled/always
  # Instantiating module "handled" from file /usr/local/etc/raddb/mods-enabled/always
  # Instantiating module "invalid" from file /usr/local/etc/raddb/mods-enabled/always
  # Instantiating module "userlock" from file /usr/local/etc/raddb/mods-enabled/always
  # Instantiating module "notfound" from file /usr/local/etc/raddb/mods-enabled/always
  # Instantiating module "noop" from file /usr/local/etc/raddb/mods-enabled/always
  # Instantiating module "updated" from file /usr/local/etc/raddb/mods-enabled/always
  # Instantiating module "files" from file /usr/local/etc/raddb/mods-enabled/files
reading pairlist file /usr/local/etc/raddb/mods-config/files/authorize
reading pairlist file /usr/local/etc/raddb/mods-config/files/accounting
reading pairlist file /usr/local/etc/raddb/mods-config/files/pre-proxy
  # Instantiating module "dailycounter" from file /usr/local/etc/raddb/mods-enabled/sqlcounter
rlm_sqlcounter: Current Time: 1534343054 [2018-08-15 16:24:14], Prev reset 1534284000 [2018-08-15 00:00:00]
  # Instantiating module "monthlycounter" from file /usr/local/etc/raddb/mods-enabled/sqlcounter
rlm_sqlcounter: Current Time: 1534343054 [2018-08-15 16:24:14], Prev reset 1533074400 [2018-08-01 00:00:00]
  # Instantiating module "noresetcounter" from file /usr/local/etc/raddb/mods-enabled/sqlcounter
rlm_sqlcounter: Current Time: 1534343054 [2018-08-15 16:24:14], Prev reset 0 [2018-08-15 16:00:00]
  # Instantiating module "expire_on_login" from file /usr/local/etc/raddb/mods-enabled/sqlcounter
rlm_sqlcounter: Current Time: 1534343054 [2018-08-15 16:24:14], Prev reset 0 [2018-08-15 16:00:00]
  # Instantiating module "linelog" from file /usr/local/etc/raddb/mods-enabled/linelog
  # Instantiating module "log_accounting" from file /usr/local/etc/raddb/mods-enabled/linelog
 } # modules
radiusd: #### Loading Virtual Servers ####
server { # from file /usr/local/etc/raddb/radiusd.conf
} # server
server inner-tunnel-ttls { # from file /usr/local/etc/raddb/sites-enabled/inner-tunnel-ttls
 # Loading authenticate {...}
 # Loading authorize {...}
Ignoring "sql" (see raddb/mods-available/README.rst)
Ignoring "ldap" (see raddb/mods-available/README.rst)
 # Loading session {...}
 # Loading post-proxy {...}
 # Loading post-auth {...}
 # Skipping contents of 'if' as it is always 'false' -- /usr/local/etc/raddb/sites-enabled/inner-tunnel-ttls:63
} # server inner-tunnel-ttls
server default { # from file /usr/local/etc/raddb/sites-enabled/default
 # Loading authenticate {...}
 # Loading authorize {...}
/usr/local/etc/raddb/sites-enabled/default[35]: Failed to find "daily" as a module or policy.
/usr/local/etc/raddb/sites-enabled/default[35]: Please verify that the configuration exists in /usr/local/etc/raddb/mods-enabled/daily.
/usr/local/etc/raddb/sites-enabled/default[13]: Errors parsing authorize section.

pfadmin

@jimp Hey Jim, is it in progress or did you give it up to tell me what you really need to fix the problem :-)

jimp

I haven't had time to try it out and see if I could tell what was wrong. I haven't spent much time working on that package in months and I've got my hands full at the moment. Might be a while before I can take a look deep enough to fix anything in that package.

pfadmin

@jimp Ok, thanks

kramtw

hi
i am able to get freeradius working with the captive portal but when i enable the sql freeradius stops working is this the right place to ask this question?

thanks

Gertjan

@kramtw : This thread is about freeradius not starting.
Your question is about mysql not starting ?

pfadmin

@kramtw No, not the right thread because I 'm not using Captive Portal. It's only about Freeradius with accounting in mysql but not authentication in mysql.