freeradius+mysql not starting with mysql authorization BUG#7965 and 7947
-
I really need to see the pfSense settings instead (Screenshots of the pfSense package screens and/or the config.xml contents). Seeing the FreeRADIUS config doesn't necessarily tell me what settings you used to get into this state.
-
@jimp said in freeradius+mysql not starting with mysql authorization BUG#7965 and 7947:
to get into this state.
Ui. Hope this is enougth, I deleted most of all other stuff.
<?xml version="1.0"?> <pfsense> <version>18.0</version> <lastchange></lastchange> <system> <optimization>normal</optimization> <hostname>pfSense2</hostname> <domain>matthias.lan</domain> <group> <name>all</name> <description><![CDATA[All Users]]></description> <scope>system</scope> <gid>1998</gid> <member>0</member> </group> <group> <name>admins</name> <description><![CDATA[System Administrators]]></description> <scope>system</scope> <gid>1999</gid> <member>0</member> <priv>page-all</priv> </group> <user> <name>admin</name> <descr><![CDATA[System Administrator]]></descr> <scope>system</scope> <groupname>admins</groupname> <bcrypt-hash>xxx</bcrypt-hash> <uid>0</uid> <priv>user-shell-access</priv> </user> <nextuid>2000</nextuid> <nextgid>2000</nextgid> <timeservers>0.pfsense.pool.ntp.org</timeservers> <installedpackages> <package> <name>freeradius3</name> <website>http://www.freeradius.org/</website> <descr><![CDATA[A free implementation of the RADIUS protocol.<br /> Supports MySQL, PostgreSQL, LDAP, Kerberos.]]></descr> <pkginfolink>https://doc.pfsense.org/index.php/FreeRADIUS_2.x_package</pkginfolink> <version>0.15.5_2</version> <configurationfile>freeradius.xml</configurationfile> <tabs> <tab> <text><![CDATA[Users]]></text> <url>/pkg.php?xml=freeradius.xml</url> <active></active> </tab> <tab> <text><![CDATA[MACs]]></text> <url>/pkg.php?xml=freeradiusauthorizedmacs.xml</url> </tab> <tab> <text><![CDATA[NAS / Clients]]></text> <url>/pkg.php?xml=freeradiusclients.xml</url> </tab> <tab> <text><![CDATA[Interfaces]]></text> <url>/pkg.php?xml=freeradiusinterfaces.xml</url> </tab> <tab> <text><![CDATA[Settings]]></text> <url>/pkg_edit.php?xml=freeradiussettings.xml&id=0</url> </tab> <tab> <text><![CDATA[EAP]]></text> <url>/pkg_edit.php?xml=freeradiuseapconf.xml&id=0</url> </tab> <tab> <text><![CDATA[SQL]]></text> <url>/pkg_edit.php?xml=freeradiussqlconf.xml&id=0</url> </tab> <tab> <text><![CDATA[LDAP]]></text> <url>/pkg_edit.php?xml=freeradiusmodulesldap.xml&id=0</url> </tab> <tab> <text><![CDATA[View config]]></text> <url>/freeradius_view_config.php</url> </tab> <tab> <text><![CDATA[XMLRPC Sync]]></text> <url>/pkg_edit.php?xml=freeradiussync.xml&id=0</url> </tab> </tabs> <include_file>/usr/local/pkg/freeradius.inc</include_file> </package> <package> <name>pfBlockerNG</name> <descr><![CDATA[pfBlockerNG is the Next Generation of pfBlocker.<br /> Manage IPv4/v6 List Sources into 'Deny, Permit or Match' formats.<br /> GeoIP database by MaxMind Inc. (GeoLite2 Free version).<br /> De-Duplication, Suppression, and Reputation enhancements.<br /> Provision to download from diverse List formats.<br /> Advanced Integration for Proofpoint ET IQRisk IP Reputation Threat Sources.<br /> Domain Name (DNSBL) blocking via Unbound DNS Resolver.]]></descr> <pkginfolink>https://forum.pfsense.org/index.php?topic=102470.0</pkginfolink> <version>2.1.4_8</version> <configurationfile>pfblockerng.xml</configurationfile> <tabs> <tab> <text><![CDATA[General]]></text> <url>/pkg_edit.php?xml=pfblockerng.xml</url> <active></active> </tab> <tab> <text><![CDATA[Update]]></text> <url>/pfblockerng/pfblockerng_update.php</url> </tab> <tab> <text><![CDATA[Alerts]]></text> <url>/pfblockerng/pfblockerng_alerts.php</url> </tab> <tab> <text><![CDATA[Reputation]]></text> <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_reputation.xml</url> </tab> <tab> <text><![CDATA[IPv4]]></text> <url>/pkg.php?xml=/pfblockerng/pfblockerng_v4lists.xml</url> </tab> <tab> <text><![CDATA[IPv6]]></text> <url>/pkg.php?xml=/pfblockerng/pfblockerng_v6lists.xml</url> </tab> <tab> <text><![CDATA[DNSBL]]></text> <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_dnsbl.xml</url> </tab> <tab> <text><![CDATA[GeoIP]]></text> <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_TopSpammers.xml</url> </tab> <tab> <text><![CDATA[Logs]]></text> <url>/pfblockerng/pfblockerng_log.php</url> </tab> <tab> <text><![CDATA[Sync]]></text> <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_sync.xml</url> </tab> </tabs> <include_file>/usr/local/pkg/pfblockerng/pfblockerng.inc</include_file> </package> <package> <name>squid3</name> <internal_name>squid</internal_name> <descr><![CDATA[High performance web proxy cache (3.4 branch). It combines Squid as a proxy server with its capabilities of acting as a HTTP / HTTPS reverse proxy.<br /> It includes an Exchange-Web-Access (OWA) Assistant, SSL filtering and antivirus integration via C-ICAP.]]></descr> <pkginfolink>https://forum.pfsense.org/index.php?board=60.0</pkginfolink> <website>http://www.squid-cache.org/</website> <version>0.4.43_1</version> <configurationfile>squid.xml</configurationfile> <filter_rule_function>squid_generate_rules</filter_rule_function> <tabs> <tab> <text><![CDATA[General]]></text> <url>/pkg_edit.php?xml=squid.xml&id=0</url> <active></active> </tab> <tab> <text><![CDATA[Remote Cache]]></text> <url>/pkg.php?xml=squid_upstream.xml</url> </tab> <tab> <text><![CDATA[Local Cache]]></text> <url>/pkg_edit.php?xml=squid_cache.xml&id=0</url> </tab> <tab> <text><![CDATA[Antivirus]]></text> <url>/pkg_edit.php?xml=squid_antivirus.xml&id=0</url> </tab> <tab> <text><![CDATA[ACLs]]></text> <url>/pkg_edit.php?xml=squid_nac.xml&id=0</url> </tab> <tab> <text><![CDATA[Traffic Mgmt]]></text> <url>/pkg_edit.php?xml=squid_traffic.xml&id=0</url> </tab> <tab> <text><![CDATA[Authentication]]></text> <url>/pkg_edit.php?xml=squid_auth.xml&id=0</url> </tab> <tab> <text><![CDATA[Users]]></text> <url>/pkg.php?xml=squid_users.xml</url> </tab> <tab> <text><![CDATA[Real Time]]></text> <url>/squid_monitor.php</url> </tab> <tab> <text><![CDATA[Sync]]></text> <url>/pkg_edit.php?xml=squid_sync.xml</url> </tab> </tabs> <include_file>/usr/local/pkg/squid.inc</include_file> </package> <package> <name>squidGuard</name> <descr><![CDATA[High performance web proxy URL filter.<br/> <strong>Works with both Squid (2.7 legacy branch) and Squid3 (3.4 branch) packages.</strong>]]></descr> <website>http://www.squidGuard.org/</website> <version>1.16.4</version> <configurationfile>squidguard.xml</configurationfile> <after_install_info>Please visit Services - SquidGuard Proxy Filter - Target Categories and set up at least one category there before enabling SquidGuard. See https://forum.pfsense.org/index.php?topic=94312.0 for details.</after_install_info> <tabs> <tab> <text><![CDATA[General settings]]></text> <url>/pkg_edit.php?xml=squidguard.xml&id=0</url> <active></active> </tab> <tab> <text><![CDATA[Common ACL]]></text> <url>/pkg_edit.php?xml=squidguard_default.xml&id=0</url> </tab> <tab> <text><![CDATA[Groups ACL]]></text> <url>/pkg.php?xml=squidguard_acl.xml</url> </tab> <tab> <text><![CDATA[Target categories]]></text> <url>/pkg.php?xml=squidguard_dest.xml</url> </tab> <tab> <text><![CDATA[Times]]></text> <url>/pkg.php?xml=squidguard_time.xml</url> </tab> <tab> <text><![CDATA[Rewrites]]></text> <url>/pkg.php?xml=squidguard_rewr.xml</url> </tab> <tab> <text><![CDATA[Blacklist]]></text> <url>/squidGuard/squidguard_blacklist.php</url> </tab> <tab> <text><![CDATA[Log]]></text> <url>/squidGuard/squidguard_log.php</url> </tab> <tab> <text><![CDATA[XMLRPC Sync]]></text> <url>/pkg_edit.php?xml=squidguard_sync.xml</url> </tab> </tabs> <include_file>/usr/local/pkg/squidguard.inc</include_file> </package> <package> <name>Lightsquid</name> <descr><![CDATA[LightSquid is a high performance web proxy reporting tool. Includes proxy realtime statistics (SQStat). <strong>Requires Squid package.</strong>]]></descr> <website>http://lightsquid.sf.net/</website> <version>3.0.6_4</version> <configurationfile>lightsquid.xml</configurationfile> <noembedded>true</noembedded> <include_file>/usr/local/pkg/lightsquid.inc</include_file> </package> <package> <name>OpenVPN Client Export Utility</name> <internal_name>openvpn-client-export</internal_name> <descr><![CDATA[Allows a pre-configured OpenVPN Windows Client or Mac OS X's Viscosity configuration bundle to be exported directly from pfSense.]]></descr> <version>1.4.17</version> <configurationfile>openvpn-client-export.xml</configurationfile> <tabs> <tab> <name>Client Export</name> <tabgroup>OpenVPN</tabgroup> <url>/vpn_openvpn_export.php</url> </tab> <tab> <name>Shared Key Export</name> <tabgroup>OpenVPN</tabgroup> <url>/vpn_openvpn_export_shared.php</url> </tab> </tabs> <include_file>/usr/local/pkg/openvpn-client-export.inc</include_file> </package> <package> <name>Cron</name> <descr><![CDATA[The cron utility is used to manage commands on a schedule.]]></descr> <version>0.3.7_2</version> <configurationfile>cron.xml</configurationfile> <include_file>/usr/local/pkg/cron.inc</include_file> </package> <freeradiuseapconf> <config> <ssl_ca_cert>5a58aa23547f7</ssl_ca_cert> <ssl_server_cert>5a58aa237e1d4</ssl_server_cert> </config> </freeradiuseapconf> <menu> <name>SquidGuard Proxy Filter</name> <tooltiptext>Modify the proxy server's filter settings</tooltiptext> <section>Services</section> <url>/pkg_edit.php?xml=squidguard.xml&id=0</url> </menu> <menu> <name>Squid Proxy Reports</name> <section>Status</section> <url>/pkg_edit.php?xml=lightsquid.xml</url> </menu> <menu> <name>Squid Proxy Server</name> <tooltiptext>Modify the proxy server settings</tooltiptext> <section>Services</section> <url>/pkg_edit.php?xml=squid.xml&id=0</url> </menu> <menu> <name>Squid Reverse Proxy</name> <tooltiptext>Modify the reverse proxy server settings</tooltiptext> <section>Services</section> <url>/pkg_edit.php?xml=squid_reverse_general.xml&id=0</url> </menu> <menu> <name>FreeRADIUS</name> <section>Services</section> <url>/pkg.php?xml=freeradius.xml</url> </menu> <menu> <name>pfBlockerNG</name> <configfile>pfblockerng.xml</configfile> <section>Firewall</section> <url>/pkg_edit.php?xml=pfblockerng.xml</url> </menu> <menu> <name>Cron</name> <section>Services</section> <configfile>cron.xml</configfile> <url>/packages/cron/cron.php</url> </menu> <service> <name>squidGuard</name> <description><![CDATA[Proxy server filter Service]]></description> <executable>squidGuard</executable> </service> <service> <name>lightsquid_web</name> <rcfile>lighttpd_ls.sh</rcfile> <executable>lighttpd_ls</executable> <description><![CDATA[Lightsquid Web Server]]></description> </service> <service> <name>squid</name> <rcfile>squid.sh</rcfile> <executable>squid</executable> <description><![CDATA[Squid Proxy Server Service]]></description> </service> <service> <name>clamd</name> <rcfile>clamd.sh</rcfile> <executable>clamd</executable> <description><![CDATA[ClamAV Antivirus]]></description> </service> <service> <name>c-icap</name> <rcfile>c-icap.sh</rcfile> <executable>c-icap</executable> <description><![CDATA[ICAP Inteface for Squid and ClamAV integration]]></description> </service> <service> <name>radiusd</name> <rcfile>radiusd.sh</rcfile> <executable>radiusd</executable> <description><![CDATA[FreeRADIUS Server]]></description> </service> <service> <name>dnsbl</name> <rcfile>dnsbl.sh</rcfile> <executable>lighttpd_pfb</executable> <description><![CDATA[pfBlockerNG DNSBL Web Server]]></description> </service> <freeradius> <config> <sortable></sortable> <varusersusername>testu</varusersusername> <varuserspassword>testp</varuserspassword> <varuserspasswordencryption>Cleartext-Password</varuserspasswordencryption> <varusersmotpenable></varusersmotpenable> <varusersauthmethod>motp</varusersauthmethod> <varusersmotpinitsecret></varusersmotpinitsecret> <varusersmotppin></varusersmotppin> <varusersmotpoffset></varusersmotpoffset> <qrcodetext></qrcodetext> <varuserswisprredirectionurl></varuserswisprredirectionurl> <varuserssimultaneousconnect></varuserssimultaneousconnect> <description></description> <varusersframedipaddress></varusersframedipaddress> <varusersframedipnetmask></varusersframedipnetmask> <varusersframedroute></varusersframedroute> <varusersvlanid>70</varusersvlanid> <varusersexpiration></varusersexpiration> <varuserssessiontimeout>60</varuserssessiontimeout> <varuserslogintime></varuserslogintime> <varusersamountoftime>2</varusersamountoftime> <varuserspointoftime>Daily</varuserspointoftime> <varusersmaxtotaloctets></varusersmaxtotaloctets> <varusersmaxtotaloctetstimerange>daily</varusersmaxtotaloctetstimerange> <varusersmaxbandwidthdown></varusersmaxbandwidthdown> <varusersmaxbandwidthup></varusersmaxbandwidthup> <varusersacctinteriminterval></varusersacctinteriminterval> <varuserstopadditionaloptions></varuserstopadditionaloptions> <varuserscheckitemsadditionaloptions></varuserscheckitemsadditionaloptions> <varusersreplyitemsadditionaloptions></varusersreplyitemsadditionaloptions> </config> </freeradius> <squidcache></squidcache> <squidremote></squidremote> <squidauth> <config> <auth_method>none</auth_method> </config> </squidauth> <pfblockerngdnsbl> <config> <aliasname>Ads</aliasname> <description><![CDATA[Werbefilter]]></description> <infolists></infolists> <row> <format>auto</format> <state><![CDATA[Enabled]]></state> <url>http://hosts-file.net/ad_servers.txt</url> <header>hphosts</header> </row> <row> <format>auto</format> <state><![CDATA[Enabled]]></state> <url>http://pgl.yoyo.org/adservers/serverlist.php?hostformat=hosts&mimetype=plaintext</url> <header>yoyo</header> </row> <row> <format>auto</format> <state><![CDATA[Enabled]]></state> <url>https://adaway.org/hosts.txt</url> <header>adaway</header> </row> <row> <format>auto</format> <state><![CDATA[Enabled]]></state> <url>http://sysctl.org/cameleon/hosts</url> <header>cameleon</header> </row> <row> <format>auto</format> <state><![CDATA[Enabled]]></state> <url>http://hosts-file.net/download/hosts.zip</url> <header>hphosts</header> </row> <row> <format>auto</format> <state><![CDATA[Enabled]]></state> <url>http://winhelp2002.mvps.org/hosts.txt</url> <header>mvps</header> </row> <action>unbound</action> <cron>EveryDay</cron> <dow>7</dow> <filter_alexa></filter_alexa> <custom></custom> <custom_update>disabled</custom_update> </config> <config> <aliasname>Malicious</aliasname> <description><![CDATA[gefährliche Sites]]></description> <infolists></infolists> <row> <format>auto</format> <state><![CDATA[Enabled]]></state> <url>http://mirror1.malwaredomains.com/files/justdomains</url> <header>malewaredomains</header> </row> <row> <format>auto</format> <state><![CDATA[Enabled]]></state> <url>http://www.malwaredomainlist.com/hostslist/hosts.txt</url> <header>malewarelists</header> </row> <row> <format>auto</format> <state><![CDATA[Enabled]]></state> <url>http://osint.bambenekconsulting.com/feeds/dga-feed.gz</url> <header>bambenek</header> </row> <row> <format>auto</format> <state><![CDATA[Enabled]]></state> <url>http://data.phishtank.com/data/online-valid.csv.gz</url> <header>pishtank</header> </row> <row> <format>auto</format> <state><![CDATA[Enabled]]></state> <url>https://www.openphish.com/feed.txt</url> <header>openfish</header> </row> <action>unbound</action> <cron>EveryDay</cron> <dow>1</dow> <filter_alexa></filter_alexa> <custom></custom> <custom_update>disabled</custom_update> </config> <config> <aliasname>Suspicious</aliasname> <description><![CDATA[suspekte Domains]]></description> <infolists></infolists> <row> <format>auto</format> <state><![CDATA[Disabled]]></state> <url>https://isc.sans.edu/suspicious_domains.html</url> <header>sans</header> </row> <row> <format>auto</format> <state><![CDATA[Enabled]]></state> <url>https://dshield.org/feeds/suspiciousdomains_High.txt</url> <header>dshield_high</header> </row> <row> <format>auto</format> <state><![CDATA[Enabled]]></state> <url>https://dshield.org/feeds/suspiciousdomains_Medium.txt</url> <header>dshield_medium</header> </row> <action>Disabled</action> <cron>06hours</cron> <dow>1</dow> <filter_alexa></filter_alexa> <custom></custom> <custom_update>disabled</custom_update> </config> <config> <aliasname>Virus</aliasname> <description><![CDATA[Virusdomains]]></description> <infolists></infolists> <row> <format>auto</format> <state><![CDATA[Disabled]]></state> <url>http://www.wael.name/wael.list.p2p.gz</url> <header>wael</header> </row> <action>Disabled</action> <cron>EveryDay</cron> <dow>1</dow> <filter_alexa></filter_alexa> <custom></custom> <custom_update>disabled</custom_update> </config> <config> <aliasname>Microsoft_Telemetrie</aliasname> <description><![CDATA[Microsofts Telemetrieserver]]></description> <infolists></infolists> <row> <format>auto</format> <state><![CDATA[Enabled]]></state> <url>https://raw.githubusercontent.com/WindowsLies/BlockWindows/master/hostslist</url> <header>githubliste</header> </row> <action>unbound</action> <cron>Weekly</cron> <dow>1</dow> <filter_alexa></filter_alexa> <custom></custom> <custom_update>disabled</custom_update> </config> <config> <aliasname>eigeneBlocks</aliasname> <description><![CDATA[eigene Blockings]]></description> <infolists></infolists> <row> <format>auto</format> <state><![CDATA[Enabled]]></state> <url></url> <header></header> </row> <action>Disabled</action> <cron>Never</cron> <dow>1</dow> <filter_alexa></filter_alexa> <custom>LmdhbWJsaW5nLmNvbQ==</custom> <custom_update>disabled</custom_update> </config> </pfblockerngdnsbl> <freeradiusauthorizedmacs></freeradiusauthorizedmacs> <freeradiusclients> <config> <varclientip>172.16.100.80</varclientip> <varclientipversion>ipaddr</varclientipversion> <varclientshortname>ruckus</varclientshortname> <varclientsharedsecret>blablablub</varclientsharedsecret> <varclientproto>udp</varclientproto> <varclientnastype>other</varclientnastype> <varrequiremessageauthenticator>yes</varrequiremessageauthenticator> <varclientmaxconnections>16</varclientmaxconnections> <varclientlogininput></varclientlogininput> <varclientpasswordinput></varclientpasswordinput> <description><![CDATA[ruckus]]></description> </config> <config> <varclientip>172.16.100.10</varclientip> <varclientipversion>ipaddr</varclientipversion> <varclientshortname>zyxel</varclientshortname> <varclientsharedsecret>smje7598z3oht2o</varclientsharedsecret> <varclientproto>udp</varclientproto> <varclientnastype>other</varclientnastype> <varrequiremessageauthenticator>no</varrequiremessageauthenticator> <varclientmaxconnections>16</varclientmaxconnections> <varclientlogininput></varclientlogininput> <varclientpasswordinput></varclientpasswordinput> <description><![CDATA[zyxel]]></description> </config> <config> <varclientip>172.16.0.100</varclientip> <varclientipversion>ipaddr</varclientipversion> <varclientshortname>NTRadPing</varclientshortname> <varclientsharedsecret>123456</varclientsharedsecret> <varclientproto>udp</varclientproto> <varclientnastype>other</varclientnastype> <varrequiremessageauthenticator>no</varrequiremessageauthenticator> <varclientmaxconnections>16</varclientmaxconnections> <varclientlogininput></varclientlogininput> <varclientpasswordinput></varclientpasswordinput> <description><![CDATA[NTRadPing]]></description> </config> <config> <varclientip>127.0.0.1</varclientip> <varclientipversion>ipaddr</varclientipversion> <varclientshortname>tester</varclientshortname> <varclientsharedsecret>SuperTest</varclientsharedsecret> <varclientproto>udp</varclientproto> <varclientnastype>other</varclientnastype> <varrequiremessageauthenticator>no</varrequiremessageauthenticator> <varclientmaxconnections>16</varclientmaxconnections> <varclientlogininput></varclientlogininput> <varclientpasswordinput></varclientpasswordinput> <description></description> </config> </freeradiusclients> <freeradiusinterfaces> <config> <varinterfaceip>127.0.0.1</varinterfaceip> <varinterfaceport>1812</varinterfaceport> <varinterfacetype>auth</varinterfacetype> <varinterfaceipversion>ipaddr</varinterfaceipversion> <description></description> </config> <config> <varinterfaceip>127.0.0.1</varinterfaceip> <varinterfaceport>1813</varinterfaceport> <varinterfacetype>acct</varinterfacetype> <varinterfaceipversion>ipaddr</varinterfaceipversion> <description></description> </config> </freeradiusinterfaces> <freeradiussettings> <config> <varsettingsmaxrequests>1024</varsettingsmaxrequests> <varsettingsmaxrequesttime>30</varsettingsmaxrequesttime> <varsettingscleanupdelay>5</varsettingscleanupdelay> <varsettingsallowcoredumps>yes</varsettingsallowcoredumps> <varsettingsregularexpressions>yes</varsettingsregularexpressions> <varsettingsextendedexpressions>yes</varsettingsextendedexpressions> <varsettingslogdir>syslog</varsettingslogdir> <varsettingsauth>yes</varsettingsauth> <varsettingsauthbadpass>no</varsettingsauthbadpass> <varsettingsauthbadpassmessage></varsettingsauthbadpassmessage> <varsettingsauthgoodpass>no</varsettingsauthgoodpass> <varsettingsauthgoodpassmessage></varsettingsauthgoodpassmessage> <varsettingsstrippednames>no</varsettingsstrippednames> <varsettingshostnamelookups>no</varsettingshostnamelookups> <varsettingsmaxattributes>200</varsettingsmaxattributes> <varsettingsrejectdelay>1</varsettingsrejectdelay> <varsettingsstartservers>5</varsettingsstartservers> <varsettingsmaxservers>32</varsettingsmaxservers> <varsettingsminspareservers>3</varsettingsminspareservers> <varsettingsmaxspareservers>10</varsettingsmaxspareservers> <varsettingsmaxqueuesize>65536</varsettingsmaxqueuesize> <varsettingsmaxrequestsperserver>0</varsettingsmaxrequestsperserver> <varsettingsmotpenable></varsettingsmotpenable> <varsettingsmotptimespan></varsettingsmotptimespan> <varsettingsmotppasswordattempts></varsettingsmotppasswordattempts> <varsettingsmotpchecksumtype>md5</varsettingsmotpchecksumtype> <varsettingsmotptokenlength></varsettingsmotptokenlength> <varsettingsenablemacauth></varsettingsenablemacauth> <varsettingsenableacctunique>on</varsettingsenableacctunique> </config> </freeradiussettings> <freeradiussqlconf> <config> <varsqlconfincludeenable>on</varsqlconfincludeenable> <varsqlconfenableauthorize>Disable</varsqlconfenableauthorize> <varsqlconfenableaccounting>Enable</varsqlconfenableaccounting> <varsqlconfenablesession>Enable</varsqlconfenablesession> <varsqlconfenablepostauth>Enable</varsqlconfenablepostauth> <varsqlconfdatabase>mysql</varsqlconfdatabase> <varsqlconfserver>localhost</varsqlconfserver> <varsqlconfport>3306</varsqlconfport> <varsqlconflogin>radius</varsqlconflogin> <varsqlconfpassword>radpass</varsqlconfpassword> <varsqlconfradiusdb>radius</varsqlconfradiusdb> <varsqlconfaccttable1>radacct</varsqlconfaccttable1> <varsqlconfaccttable2>radacct</varsqlconfaccttable2> <varsqlconfpostauthtable>radpostauth</varsqlconfpostauthtable> <varsqlconfauthchecktable>radcheck</varsqlconfauthchecktable> <varsqlconfauthreplytable>radreply</varsqlconfauthreplytable> <varsqlconfgroupchecktable>radgroupcheck</varsqlconfgroupchecktable> <varsqlconfgroupreplytable>radgroupreply</varsqlconfgroupreplytable> <varsqlconfusergrouptable>radusergroup</varsqlconfusergrouptable> <varsqlconfreadgroups>yes</varsqlconfreadgroups> <varsqlconfdeletestalesessions>yes</varsqlconfdeletestalesessions> <varsqlconfsqltrace>no</varsqlconfsqltrace> <varsqlconfnumsqlsocks></varsqlconfnumsqlsocks> <varsqlconfconnectfailureretrydelay></varsqlconfconnectfailureretrydelay> <varsqlconflifetime></varsqlconflifetime> <varsqlconfmaxqueries></varsqlconfmaxqueries> <varsqlconfreadclients>yes</varsqlconfreadclients> <varsqlconfnastable>nas</varsqlconfnastable> <varsqlconf2failover>redundant</varsqlconf2failover> <varsqlconf2includeenable></varsqlconf2includeenable> <varsqlconf2enableauthorize>Disable</varsqlconf2enableauthorize> <varsqlconf2enableaccounting>Disable</varsqlconf2enableaccounting> <varsqlconf2enablesession>Disable</varsqlconf2enablesession> <varsqlconf2enablepostauth>Disable</varsqlconf2enablepostauth> <varsqlconf2database>mysql</varsqlconf2database> <varsqlconf2server></varsqlconf2server> <varsqlconf2port></varsqlconf2port> <varsqlconf2login></varsqlconf2login> <varsqlconf2password></varsqlconf2password> <varsqlconf2radiusdb></varsqlconf2radiusdb> <varsqlconf2accttable1></varsqlconf2accttable1> <varsqlconf2accttable2></varsqlconf2accttable2> <varsqlconf2postauthtable></varsqlconf2postauthtable> <varsqlconf2authchecktable></varsqlconf2authchecktable> <varsqlconf2authreplytable></varsqlconf2authreplytable> <varsqlconf2groupchecktable></varsqlconf2groupchecktable> <varsqlconf2groupreplytable></varsqlconf2groupreplytable> <varsqlconf2usergrouptable></varsqlconf2usergrouptable> <varsqlconf2readgroups>yes</varsqlconf2readgroups> <varsqlconf2deletestalesessions>yes</varsqlconf2deletestalesessions> <varsqlconf2sqltrace>no</varsqlconf2sqltrace> <varsqlconf2numsqlsocks></varsqlconf2numsqlsocks> <varsqlconf2connectfailureretrydelay></varsqlconf2connectfailureretrydelay> <varsqlconf2lifetime></varsqlconf2lifetime> <varsqlconf2maxqueries></varsqlconf2maxqueries> <varsqlconf2readclients>yes</varsqlconf2readclients> <varsqlconf2nastable></varsqlconf2nastable> </config> </freeradiussqlconf> </installedpackages> <virtualip> <vip> <mode>ipalias</mode> <interface>lan</interface> <descr><![CDATA[pfB DNSBL - DO NOT EDIT]]></descr> <type>single</type> <subnet_bits>32</subnet_bits> <subnet>10.10.10.2</subnet> </vip> </virtualip> </pfsense>This doesn't work.
-
This work/freeradius starts:
<?xml version="1.0"?> <pfsense> <version>18.0</version> <lastchange></lastchange> <system> <optimization>normal</optimization> <hostname>pfSense2</hostname> <domain>matthias.lan</domain> <group> <name>all</name> <description><![CDATA[All Users]]></description> <scope>system</scope> <gid>1998</gid> <member>0</member> </group> <group> <name>admins</name> <description><![CDATA[System Administrators]]></description> <scope>system</scope> <gid>1999</gid> <member>0</member> <priv>page-all</priv> </group> <user> <name>admin</name> <descr><![CDATA[System Administrator]]></descr> <scope>system</scope> <groupname>admins</groupname> <bcrypt-hash>xxx</bcrypt-hash> <uid>0</uid> <priv>user-shell-access</priv> </user> <nextuid>2000</nextuid> <nextgid>2000</nextgid> <installedpackages> <package> <name>freeradius3</name> <website>http://www.freeradius.org/</website> <descr><![CDATA[A free implementation of the RADIUS protocol.<br /> Supports MySQL, PostgreSQL, LDAP, Kerberos.]]></descr> <pkginfolink>https://doc.pfsense.org/index.php/FreeRADIUS_2.x_package</pkginfolink> <version>0.15.5_2</version> <configurationfile>freeradius.xml</configurationfile> <tabs> <tab> <text><![CDATA[Users]]></text> <url>/pkg.php?xml=freeradius.xml</url> <active></active> </tab> <tab> <text><![CDATA[MACs]]></text> <url>/pkg.php?xml=freeradiusauthorizedmacs.xml</url> </tab> <tab> <text><![CDATA[NAS / Clients]]></text> <url>/pkg.php?xml=freeradiusclients.xml</url> </tab> <tab> <text><![CDATA[Interfaces]]></text> <url>/pkg.php?xml=freeradiusinterfaces.xml</url> </tab> <tab> <text><![CDATA[Settings]]></text> <url>/pkg_edit.php?xml=freeradiussettings.xml&id=0</url> </tab> <tab> <text><![CDATA[EAP]]></text> <url>/pkg_edit.php?xml=freeradiuseapconf.xml&id=0</url> </tab> <tab> <text><![CDATA[SQL]]></text> <url>/pkg_edit.php?xml=freeradiussqlconf.xml&id=0</url> </tab> <tab> <text><![CDATA[LDAP]]></text> <url>/pkg_edit.php?xml=freeradiusmodulesldap.xml&id=0</url> </tab> <tab> <text><![CDATA[View config]]></text> <url>/freeradius_view_config.php</url> </tab> <tab> <text><![CDATA[XMLRPC Sync]]></text> <url>/pkg_edit.php?xml=freeradiussync.xml&id=0</url> </tab> </tabs> <include_file>/usr/local/pkg/freeradius.inc</include_file> </package> <package> <name>pfBlockerNG</name> <descr><![CDATA[pfBlockerNG is the Next Generation of pfBlocker.<br /> Manage IPv4/v6 List Sources into 'Deny, Permit or Match' formats.<br /> GeoIP database by MaxMind Inc. (GeoLite2 Free version).<br /> De-Duplication, Suppression, and Reputation enhancements.<br /> Provision to download from diverse List formats.<br /> Advanced Integration for Proofpoint ET IQRisk IP Reputation Threat Sources.<br /> Domain Name (DNSBL) blocking via Unbound DNS Resolver.]]></descr> <pkginfolink>https://forum.pfsense.org/index.php?topic=102470.0</pkginfolink> <version>2.1.4_8</version> <configurationfile>pfblockerng.xml</configurationfile> <tabs> <tab> <text><![CDATA[General]]></text> <url>/pkg_edit.php?xml=pfblockerng.xml</url> <active></active> </tab> <tab> <text><![CDATA[Update]]></text> <url>/pfblockerng/pfblockerng_update.php</url> </tab> <tab> <text><![CDATA[Alerts]]></text> <url>/pfblockerng/pfblockerng_alerts.php</url> </tab> <tab> <text><![CDATA[Reputation]]></text> <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_reputation.xml</url> </tab> <tab> <text><![CDATA[IPv4]]></text> <url>/pkg.php?xml=/pfblockerng/pfblockerng_v4lists.xml</url> </tab> <tab> <text><![CDATA[IPv6]]></text> <url>/pkg.php?xml=/pfblockerng/pfblockerng_v6lists.xml</url> </tab> <tab> <text><![CDATA[DNSBL]]></text> <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_dnsbl.xml</url> </tab> <tab> <text><![CDATA[GeoIP]]></text> <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_TopSpammers.xml</url> </tab> <tab> <text><![CDATA[Logs]]></text> <url>/pfblockerng/pfblockerng_log.php</url> </tab> <tab> <text><![CDATA[Sync]]></text> <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_sync.xml</url> </tab> </tabs> <include_file>/usr/local/pkg/pfblockerng/pfblockerng.inc</include_file> </package> <package> <name>squid3</name> <internal_name>squid</internal_name> <descr><![CDATA[High performance web proxy cache (3.4 branch). It combines Squid as a proxy server with its capabilities of acting as a HTTP / HTTPS reverse proxy.<br /> It includes an Exchange-Web-Access (OWA) Assistant, SSL filtering and antivirus integration via C-ICAP.]]></descr> <pkginfolink>https://forum.pfsense.org/index.php?board=60.0</pkginfolink> <website>http://www.squid-cache.org/</website> <version>0.4.43_1</version> <configurationfile>squid.xml</configurationfile> <filter_rule_function>squid_generate_rules</filter_rule_function> <tabs> <tab> <text><![CDATA[General]]></text> <url>/pkg_edit.php?xml=squid.xml&id=0</url> <active></active> </tab> <tab> <text><![CDATA[Remote Cache]]></text> <url>/pkg.php?xml=squid_upstream.xml</url> </tab> <tab> <text><![CDATA[Local Cache]]></text> <url>/pkg_edit.php?xml=squid_cache.xml&id=0</url> </tab> <tab> <text><![CDATA[Antivirus]]></text> <url>/pkg_edit.php?xml=squid_antivirus.xml&id=0</url> </tab> <tab> <text><![CDATA[ACLs]]></text> <url>/pkg_edit.php?xml=squid_nac.xml&id=0</url> </tab> <tab> <text><![CDATA[Traffic Mgmt]]></text> <url>/pkg_edit.php?xml=squid_traffic.xml&id=0</url> </tab> <tab> <text><![CDATA[Authentication]]></text> <url>/pkg_edit.php?xml=squid_auth.xml&id=0</url> </tab> <tab> <text><![CDATA[Users]]></text> <url>/pkg.php?xml=squid_users.xml</url> </tab> <tab> <text><![CDATA[Real Time]]></text> <url>/squid_monitor.php</url> </tab> <tab> <text><![CDATA[Sync]]></text> <url>/pkg_edit.php?xml=squid_sync.xml</url> </tab> </tabs> <include_file>/usr/local/pkg/squid.inc</include_file> </package> <package> <name>squidGuard</name> <descr><![CDATA[High performance web proxy URL filter.<br/> <strong>Works with both Squid (2.7 legacy branch) and Squid3 (3.4 branch) packages.</strong>]]></descr> <website>http://www.squidGuard.org/</website> <version>1.16.4</version> <configurationfile>squidguard.xml</configurationfile> <after_install_info>Please visit Services - SquidGuard Proxy Filter - Target Categories and set up at least one category there before enabling SquidGuard. See https://forum.pfsense.org/index.php?topic=94312.0 for details.</after_install_info> <tabs> <tab> <text><![CDATA[General settings]]></text> <url>/pkg_edit.php?xml=squidguard.xml&id=0</url> <active></active> </tab> <tab> <text><![CDATA[Common ACL]]></text> <url>/pkg_edit.php?xml=squidguard_default.xml&id=0</url> </tab> <tab> <text><![CDATA[Groups ACL]]></text> <url>/pkg.php?xml=squidguard_acl.xml</url> </tab> <tab> <text><![CDATA[Target categories]]></text> <url>/pkg.php?xml=squidguard_dest.xml</url> </tab> <tab> <text><![CDATA[Times]]></text> <url>/pkg.php?xml=squidguard_time.xml</url> </tab> <tab> <text><![CDATA[Rewrites]]></text> <url>/pkg.php?xml=squidguard_rewr.xml</url> </tab> <tab> <text><![CDATA[Blacklist]]></text> <url>/squidGuard/squidguard_blacklist.php</url> </tab> <tab> <text><![CDATA[Log]]></text> <url>/squidGuard/squidguard_log.php</url> </tab> <tab> <text><![CDATA[XMLRPC Sync]]></text> <url>/pkg_edit.php?xml=squidguard_sync.xml</url> </tab> </tabs> <include_file>/usr/local/pkg/squidguard.inc</include_file> </package> <package> <name>Lightsquid</name> <descr><![CDATA[LightSquid is a high performance web proxy reporting tool. Includes proxy realtime statistics (SQStat). <strong>Requires Squid package.</strong>]]></descr> <website>http://lightsquid.sf.net/</website> <version>3.0.6_4</version> <configurationfile>lightsquid.xml</configurationfile> <noembedded>true</noembedded> <include_file>/usr/local/pkg/lightsquid.inc</include_file> </package> <package> <name>OpenVPN Client Export Utility</name> <internal_name>openvpn-client-export</internal_name> <descr><![CDATA[Allows a pre-configured OpenVPN Windows Client or Mac OS X's Viscosity configuration bundle to be exported directly from pfSense.]]></descr> <version>1.4.17</version> <configurationfile>openvpn-client-export.xml</configurationfile> <tabs> <tab> <name>Client Export</name> <tabgroup>OpenVPN</tabgroup> <url>/vpn_openvpn_export.php</url> </tab> <tab> <name>Shared Key Export</name> <tabgroup>OpenVPN</tabgroup> <url>/vpn_openvpn_export_shared.php</url> </tab> </tabs> <include_file>/usr/local/pkg/openvpn-client-export.inc</include_file> </package> <package> <name>Cron</name> <descr><![CDATA[The cron utility is used to manage commands on a schedule.]]></descr> <version>0.3.7_2</version> <configurationfile>cron.xml</configurationfile> <include_file>/usr/local/pkg/cron.inc</include_file> </package> <freeradiuseapconf> <config> <ssl_ca_cert>5a58aa23547f7</ssl_ca_cert> <ssl_server_cert>5a58aa237e1d4</ssl_server_cert> </config> </freeradiuseapconf> <menu> <name>SquidGuard Proxy Filter</name> <tooltiptext>Modify the proxy server's filter settings</tooltiptext> <section>Services</section> <url>/pkg_edit.php?xml=squidguard.xml&id=0</url> </menu> <menu> <name>Squid Proxy Reports</name> <section>Status</section> <url>/pkg_edit.php?xml=lightsquid.xml</url> </menu> <menu> <name>Squid Proxy Server</name> <tooltiptext>Modify the proxy server settings</tooltiptext> <section>Services</section> <url>/pkg_edit.php?xml=squid.xml&id=0</url> </menu> <menu> <name>Squid Reverse Proxy</name> <tooltiptext>Modify the reverse proxy server settings</tooltiptext> <section>Services</section> <url>/pkg_edit.php?xml=squid_reverse_general.xml&id=0</url> </menu> <menu> <name>FreeRADIUS</name> <section>Services</section> <url>/pkg.php?xml=freeradius.xml</url> </menu> <menu> <name>pfBlockerNG</name> <configfile>pfblockerng.xml</configfile> <section>Firewall</section> <url>/pkg_edit.php?xml=pfblockerng.xml</url> </menu> <menu> <name>Cron</name> <section>Services</section> <configfile>cron.xml</configfile> <url>/packages/cron/cron.php</url> </menu> <service> <name>squidGuard</name> <description><![CDATA[Proxy server filter Service]]></description> <executable>squidGuard</executable> </service> <service> <name>lightsquid_web</name> <rcfile>lighttpd_ls.sh</rcfile> <executable>lighttpd_ls</executable> <description><![CDATA[Lightsquid Web Server]]></description> </service> <service> <name>squid</name> <rcfile>squid.sh</rcfile> <executable>squid</executable> <description><![CDATA[Squid Proxy Server Service]]></description> </service> <service> <name>clamd</name> <rcfile>clamd.sh</rcfile> <executable>clamd</executable> <description><![CDATA[ClamAV Antivirus]]></description> </service> <service> <name>c-icap</name> <rcfile>c-icap.sh</rcfile> <executable>c-icap</executable> <description><![CDATA[ICAP Inteface for Squid and ClamAV integration]]></description> </service> <service> <name>radiusd</name> <rcfile>radiusd.sh</rcfile> <executable>radiusd</executable> <description><![CDATA[FreeRADIUS Server]]></description> </service> <service> <name>dnsbl</name> <rcfile>dnsbl.sh</rcfile> <executable>lighttpd_pfb</executable> <description><![CDATA[pfBlockerNG DNSBL Web Server]]></description> </service> <freeradius> <config> <sortable></sortable> <varusersusername>testu</varusersusername> <varuserspassword>testp</varuserspassword> <varuserspasswordencryption>Cleartext-Password</varuserspasswordencryption> <varusersmotpenable></varusersmotpenable> <varusersauthmethod>motp</varusersauthmethod> <varusersmotpinitsecret></varusersmotpinitsecret> <varusersmotppin></varusersmotppin> <varusersmotpoffset></varusersmotpoffset> <qrcodetext></qrcodetext> <varuserswisprredirectionurl></varuserswisprredirectionurl> <varuserssimultaneousconnect></varuserssimultaneousconnect> <description></description> <varusersframedipaddress></varusersframedipaddress> <varusersframedipnetmask></varusersframedipnetmask> <varusersframedroute></varusersframedroute> <varusersvlanid>70</varusersvlanid> <varusersexpiration></varusersexpiration> <varuserssessiontimeout>60</varuserssessiontimeout> <varuserslogintime></varuserslogintime> <varusersamountoftime>2</varusersamountoftime> <varuserspointoftime>Daily</varuserspointoftime> <varusersmaxtotaloctets></varusersmaxtotaloctets> <varusersmaxtotaloctetstimerange>daily</varusersmaxtotaloctetstimerange> <varusersmaxbandwidthdown></varusersmaxbandwidthdown> <varusersmaxbandwidthup></varusersmaxbandwidthup> <varusersacctinteriminterval></varusersacctinteriminterval> <varuserstopadditionaloptions></varuserstopadditionaloptions> <varuserscheckitemsadditionaloptions></varuserscheckitemsadditionaloptions> <varusersreplyitemsadditionaloptions></varusersreplyitemsadditionaloptions> </config> </freeradius> <squidcache></squidcache> <squidremote></squidremote> <squidauth> <config> <auth_method>none</auth_method> </config> </squidauth> <pfblockerngdnsbl> <config> <aliasname>Ads</aliasname> <description><![CDATA[Werbefilter]]></description> <infolists></infolists> <row> <format>auto</format> <state><![CDATA[Enabled]]></state> <url>http://hosts-file.net/ad_servers.txt</url> <header>hphosts</header> </row> <row> <format>auto</format> <state><![CDATA[Enabled]]></state> <url>http://pgl.yoyo.org/adservers/serverlist.php?hostformat=hosts&mimetype=plaintext</url> <header>yoyo</header> </row> <row> <format>auto</format> <state><![CDATA[Enabled]]></state> <url>https://adaway.org/hosts.txt</url> <header>adaway</header> </row> <row> <format>auto</format> <state><![CDATA[Enabled]]></state> <url>http://sysctl.org/cameleon/hosts</url> <header>cameleon</header> </row> <row> <format>auto</format> <state><![CDATA[Enabled]]></state> <url>http://hosts-file.net/download/hosts.zip</url> <header>hphosts</header> </row> <row> <format>auto</format> <state><![CDATA[Enabled]]></state> <url>http://winhelp2002.mvps.org/hosts.txt</url> <header>mvps</header> </row> <action>unbound</action> <cron>EveryDay</cron> <dow>7</dow> <filter_alexa></filter_alexa> <custom></custom> <custom_update>disabled</custom_update> </config> <config> <aliasname>Malicious</aliasname> <description><![CDATA[gefährliche Sites]]></description> <infolists></infolists> <row> <format>auto</format> <state><![CDATA[Enabled]]></state> <url>http://mirror1.malwaredomains.com/files/justdomains</url> <header>malewaredomains</header> </row> <row> <format>auto</format> <state><![CDATA[Enabled]]></state> <url>http://www.malwaredomainlist.com/hostslist/hosts.txt</url> <header>malewarelists</header> </row> <row> <format>auto</format> <state><![CDATA[Enabled]]></state> <url>http://osint.bambenekconsulting.com/feeds/dga-feed.gz</url> <header>bambenek</header> </row> <row> <format>auto</format> <state><![CDATA[Enabled]]></state> <url>http://data.phishtank.com/data/online-valid.csv.gz</url> <header>pishtank</header> </row> <row> <format>auto</format> <state><![CDATA[Enabled]]></state> <url>https://www.openphish.com/feed.txt</url> <header>openfish</header> </row> <action>unbound</action> <cron>EveryDay</cron> <dow>1</dow> <filter_alexa></filter_alexa> <custom></custom> <custom_update>disabled</custom_update> </config> <config> <aliasname>Suspicious</aliasname> <description><![CDATA[suspekte Domains]]></description> <infolists></infolists> <row> <format>auto</format> <state><![CDATA[Disabled]]></state> <url>https://isc.sans.edu/suspicious_domains.html</url> <header>sans</header> </row> <row> <format>auto</format> <state><![CDATA[Enabled]]></state> <url>https://dshield.org/feeds/suspiciousdomains_High.txt</url> <header>dshield_high</header> </row> <row> <format>auto</format> <state><![CDATA[Enabled]]></state> <url>https://dshield.org/feeds/suspiciousdomains_Medium.txt</url> <header>dshield_medium</header> </row> <action>Disabled</action> <cron>06hours</cron> <dow>1</dow> <filter_alexa></filter_alexa> <custom></custom> <custom_update>disabled</custom_update> </config> <config> <aliasname>Virus</aliasname> <description><![CDATA[Virusdomains]]></description> <infolists></infolists> <row> <format>auto</format> <state><![CDATA[Disabled]]></state> <url>http://www.wael.name/wael.list.p2p.gz</url> <header>wael</header> </row> <action>Disabled</action> <cron>EveryDay</cron> <dow>1</dow> <filter_alexa></filter_alexa> <custom></custom> <custom_update>disabled</custom_update> </config> <config> <aliasname>Microsoft_Telemetrie</aliasname> <description><![CDATA[Microsofts Telemetrieserver]]></description> <infolists></infolists> <row> <format>auto</format> <state><![CDATA[Enabled]]></state> <url>https://raw.githubusercontent.com/WindowsLies/BlockWindows/master/hostslist</url> <header>githubliste</header> </row> <action>unbound</action> <cron>Weekly</cron> <dow>1</dow> <filter_alexa></filter_alexa> <custom></custom> <custom_update>disabled</custom_update> </config> <config> <aliasname>eigeneBlocks</aliasname> <description><![CDATA[eigene Blockings]]></description> <infolists></infolists> <row> <format>auto</format> <state><![CDATA[Enabled]]></state> <url></url> <header></header> </row> <action>Disabled</action> <cron>Never</cron> <dow>1</dow> <filter_alexa></filter_alexa> <custom>LmdhbWJsaW5nLmNvbQ==</custom> <custom_update>disabled</custom_update> </config> </pfblockerngdnsbl> <freeradiusauthorizedmacs></freeradiusauthorizedmacs> <freeradiusclients> <config> <varclientip>172.16.100.80</varclientip> <varclientipversion>ipaddr</varclientipversion> <varclientshortname>ruckus</varclientshortname> <varclientsharedsecret>blablablub</varclientsharedsecret> <varclientproto>udp</varclientproto> <varclientnastype>other</varclientnastype> <varrequiremessageauthenticator>yes</varrequiremessageauthenticator> <varclientmaxconnections>16</varclientmaxconnections> <varclientlogininput></varclientlogininput> <varclientpasswordinput></varclientpasswordinput> <description><![CDATA[ruckus]]></description> </config> <config> <varclientip>172.16.100.10</varclientip> <varclientipversion>ipaddr</varclientipversion> <varclientshortname>zyxel</varclientshortname> <varclientsharedsecret>smje7598z3oht2o</varclientsharedsecret> <varclientproto>udp</varclientproto> <varclientnastype>other</varclientnastype> <varrequiremessageauthenticator>no</varrequiremessageauthenticator> <varclientmaxconnections>16</varclientmaxconnections> <varclientlogininput></varclientlogininput> <varclientpasswordinput></varclientpasswordinput> <description><![CDATA[zyxel]]></description> </config> <config> <varclientip>172.16.0.100</varclientip> <varclientipversion>ipaddr</varclientipversion> <varclientshortname>NTRadPing</varclientshortname> <varclientsharedsecret>123456</varclientsharedsecret> <varclientproto>udp</varclientproto> <varclientnastype>other</varclientnastype> <varrequiremessageauthenticator>no</varrequiremessageauthenticator> <varclientmaxconnections>16</varclientmaxconnections> <varclientlogininput></varclientlogininput> <varclientpasswordinput></varclientpasswordinput> <description><![CDATA[NTRadPing]]></description> </config> <config> <varclientip>127.0.0.1</varclientip> <varclientipversion>ipaddr</varclientipversion> <varclientshortname>tester</varclientshortname> <varclientsharedsecret>SuperTest</varclientsharedsecret> <varclientproto>udp</varclientproto> <varclientnastype>other</varclientnastype> <varrequiremessageauthenticator>no</varrequiremessageauthenticator> <varclientmaxconnections>16</varclientmaxconnections> <varclientlogininput></varclientlogininput> <varclientpasswordinput></varclientpasswordinput> <description></description> </config> </freeradiusclients> <freeradiusinterfaces> <config> <varinterfaceip>127.0.0.1</varinterfaceip> <varinterfaceport>1812</varinterfaceport> <varinterfacetype>auth</varinterfacetype> <varinterfaceipversion>ipaddr</varinterfaceipversion> <description></description> </config> <config> <varinterfaceip>127.0.0.1</varinterfaceip> <varinterfaceport>1813</varinterfaceport> <varinterfacetype>acct</varinterfacetype> <varinterfaceipversion>ipaddr</varinterfaceipversion> <description></description> </config> </freeradiusinterfaces> <freeradiussettings> <config> <varsettingsmaxrequests>1024</varsettingsmaxrequests> <varsettingsmaxrequesttime>30</varsettingsmaxrequesttime> <varsettingscleanupdelay>5</varsettingscleanupdelay> <varsettingsallowcoredumps>yes</varsettingsallowcoredumps> <varsettingsregularexpressions>yes</varsettingsregularexpressions> <varsettingsextendedexpressions>yes</varsettingsextendedexpressions> <varsettingslogdir>syslog</varsettingslogdir> <varsettingsauth>yes</varsettingsauth> <varsettingsauthbadpass>no</varsettingsauthbadpass> <varsettingsauthbadpassmessage></varsettingsauthbadpassmessage> <varsettingsauthgoodpass>no</varsettingsauthgoodpass> <varsettingsauthgoodpassmessage></varsettingsauthgoodpassmessage> <varsettingsstrippednames>no</varsettingsstrippednames> <varsettingshostnamelookups>no</varsettingshostnamelookups> <varsettingsmaxattributes>200</varsettingsmaxattributes> <varsettingsrejectdelay>1</varsettingsrejectdelay> <varsettingsstartservers>5</varsettingsstartservers> <varsettingsmaxservers>32</varsettingsmaxservers> <varsettingsminspareservers>3</varsettingsminspareservers> <varsettingsmaxspareservers>10</varsettingsmaxspareservers> <varsettingsmaxqueuesize>65536</varsettingsmaxqueuesize> <varsettingsmaxrequestsperserver>0</varsettingsmaxrequestsperserver> <varsettingsmotpenable></varsettingsmotpenable> <varsettingsmotptimespan></varsettingsmotptimespan> <varsettingsmotppasswordattempts></varsettingsmotppasswordattempts> <varsettingsmotpchecksumtype>md5</varsettingsmotpchecksumtype> <varsettingsmotptokenlength></varsettingsmotptokenlength> <varsettingsenablemacauth></varsettingsenablemacauth> <varsettingsenableacctunique>on</varsettingsenableacctunique> </config> </freeradiussettings> <freeradiussqlconf> <config> <varsqlconfincludeenable>on</varsqlconfincludeenable> <varsqlconfenableauthorize>Enable</varsqlconfenableauthorize> <varsqlconfenableaccounting>Enable</varsqlconfenableaccounting> <varsqlconfenablesession>Enable</varsqlconfenablesession> <varsqlconfenablepostauth>Enable</varsqlconfenablepostauth> <varsqlconfdatabase>mysql</varsqlconfdatabase> <varsqlconfserver>localhost</varsqlconfserver> <varsqlconfport>3306</varsqlconfport> <varsqlconflogin>radius</varsqlconflogin> <varsqlconfpassword>radpass</varsqlconfpassword> <varsqlconfradiusdb>radius</varsqlconfradiusdb> <varsqlconfaccttable1>radacct</varsqlconfaccttable1> <varsqlconfaccttable2>radacct</varsqlconfaccttable2> <varsqlconfpostauthtable>radpostauth</varsqlconfpostauthtable> <varsqlconfauthchecktable>radcheck</varsqlconfauthchecktable> <varsqlconfauthreplytable>radreply</varsqlconfauthreplytable> <varsqlconfgroupchecktable>radgroupcheck</varsqlconfgroupchecktable> <varsqlconfgroupreplytable>radgroupreply</varsqlconfgroupreplytable> <varsqlconfusergrouptable>radusergroup</varsqlconfusergrouptable> <varsqlconfreadgroups>yes</varsqlconfreadgroups> <varsqlconfdeletestalesessions>yes</varsqlconfdeletestalesessions> <varsqlconfsqltrace>no</varsqlconfsqltrace> <varsqlconfnumsqlsocks></varsqlconfnumsqlsocks> <varsqlconfconnectfailureretrydelay></varsqlconfconnectfailureretrydelay> <varsqlconflifetime></varsqlconflifetime> <varsqlconfmaxqueries></varsqlconfmaxqueries> <varsqlconfreadclients>yes</varsqlconfreadclients> <varsqlconfnastable>nas</varsqlconfnastable> <varsqlconf2failover>redundant</varsqlconf2failover> <varsqlconf2includeenable></varsqlconf2includeenable> <varsqlconf2enableauthorize>Disable</varsqlconf2enableauthorize> <varsqlconf2enableaccounting>Disable</varsqlconf2enableaccounting> <varsqlconf2enablesession>Disable</varsqlconf2enablesession> <varsqlconf2enablepostauth>Disable</varsqlconf2enablepostauth> <varsqlconf2database>mysql</varsqlconf2database> <varsqlconf2server></varsqlconf2server> <varsqlconf2port></varsqlconf2port> <varsqlconf2login></varsqlconf2login> <varsqlconf2password></varsqlconf2password> <varsqlconf2radiusdb></varsqlconf2radiusdb> <varsqlconf2accttable1></varsqlconf2accttable1> <varsqlconf2accttable2></varsqlconf2accttable2> <varsqlconf2postauthtable></varsqlconf2postauthtable> <varsqlconf2authchecktable></varsqlconf2authchecktable> <varsqlconf2authreplytable></varsqlconf2authreplytable> <varsqlconf2groupchecktable></varsqlconf2groupchecktable> <varsqlconf2groupreplytable></varsqlconf2groupreplytable> <varsqlconf2usergrouptable></varsqlconf2usergrouptable> <varsqlconf2readgroups>yes</varsqlconf2readgroups> <varsqlconf2deletestalesessions>yes</varsqlconf2deletestalesessions> <varsqlconf2sqltrace>no</varsqlconf2sqltrace> <varsqlconf2numsqlsocks></varsqlconf2numsqlsocks> <varsqlconf2connectfailureretrydelay></varsqlconf2connectfailureretrydelay> <varsqlconf2lifetime></varsqlconf2lifetime> <varsqlconf2maxqueries></varsqlconf2maxqueries> <varsqlconf2readclients>yes</varsqlconf2readclients> <varsqlconf2nastable></varsqlconf2nastable> </config> </freeradiussqlconf> </installedpackages> <virtualip> <vip> <mode>ipalias</mode> <interface>lan</interface> <descr><![CDATA[pfB DNSBL - DO NOT EDIT]]></descr> <type>single</type> <subnet_bits>32</subnet_bits> <subnet>10.10.10.2</subnet> </vip> </virtualip> </pfsense>Only thing changed is 
Bild Link) from Disabled to Enabled and saveHope now its correct for you :-)
-
FreeRADIUS Version 3.0.15 Copyright (C) 1999-2017 The FreeRADIUS server project and contributors There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License For more information about these matters, see the file named COPYRIGHT Starting - reading configuration files ... including dictionary file /usr/local/share/freeradius/dictionary including dictionary file /usr/local/share/freeradius/dictionary.dhcp including dictionary file /usr/local/share/freeradius/dictionary.vqp including dictionary file /usr/local/etc/raddb/dictionary including configuration file /usr/local/etc/raddb/radiusd.conf including configuration file /usr/local/etc/raddb/clients.conf including files in directory /usr/local/etc/raddb/mods-enabled/ including configuration file /usr/local/etc/raddb/mods-enabled/pap including configuration file /usr/local/etc/raddb/mods-enabled/digest including configuration file /usr/local/etc/raddb/mods-enabled/eap including configuration file /usr/local/etc/raddb/mods-enabled/dhcp including configuration file /usr/local/etc/raddb/mods-enabled/detail including configuration file /usr/local/etc/raddb/mods-enabled/replicate including configuration file /usr/local/etc/raddb/mods-enabled/utf8 including configuration file /usr/local/etc/raddb/mods-enabled/mschap including configuration file /usr/local/etc/raddb/mods-enabled/logintime including configuration file /usr/local/etc/raddb/mods-enabled/echo including configuration file /usr/local/etc/raddb/mods-enabled/googleauth including configuration file /usr/local/etc/raddb/mods-enabled/dynamic_clients including configuration file /usr/local/etc/raddb/mods-enabled/unpack including configuration file /usr/local/etc/raddb/mods-enabled/motp including configuration file /usr/local/etc/raddb/mods-enabled/detail.log including configuration file /usr/local/etc/raddb/mods-enabled/sql including configuration file /usr/local/etc/raddb/mods-config/sql/main/mysql/queries.conf including configuration file /usr/local/etc/raddb/mods-enabled/sradutmp including configuration file /usr/local/etc/raddb/mods-enabled/datacounter_acct including configuration file /usr/local/etc/raddb/mods-enabled/exec including configuration file /usr/local/etc/raddb/mods-enabled/unix including configuration file /usr/local/etc/raddb/mods-enabled/soh including configuration file /usr/local/etc/raddb/mods-enabled/expr including configuration file /usr/local/etc/raddb/mods-enabled/preprocess including configuration file /usr/local/etc/raddb/mods-enabled/attr_filter including configuration file /usr/local/etc/raddb/mods-enabled/realm including configuration file /usr/local/etc/raddb/mods-enabled/passwd including configuration file /usr/local/etc/raddb/mods-enabled/chap including configuration file /usr/local/etc/raddb/mods-enabled/date including configuration file /usr/local/etc/raddb/mods-enabled/cache_eap including configuration file /usr/local/etc/raddb/mods-enabled/always including configuration file /usr/local/etc/raddb/mods-enabled/expiration including configuration file /usr/local/etc/raddb/mods-enabled/files including configuration file /usr/local/etc/raddb/mods-enabled/sqlcounter including configuration file /usr/local/etc/raddb/mods-config/sql/counter/mysql/dailycounter.conf including configuration file /usr/local/etc/raddb/mods-config/sql/counter/mysql/monthlycounter.conf including configuration file /usr/local/etc/raddb/mods-config/sql/counter/mysql/noresetcounter.conf including configuration file /usr/local/etc/raddb/mods-config/sql/counter/mysql/expire_on_login.conf including configuration file /usr/local/etc/raddb/mods-enabled/linelog including configuration file /usr/local/etc/raddb/mods-enabled/radutmp including files in directory /usr/local/etc/raddb/policy.d/ including configuration file /usr/local/etc/raddb/policy.d/moonshot-targeted-ids including configuration file /usr/local/etc/raddb/policy.d/canonicalization including configuration file /usr/local/etc/raddb/policy.d/pfs_custom_policies including configuration file /usr/local/etc/raddb/policy.d/operator-name including configuration file /usr/local/etc/raddb/policy.d/control including configuration file /usr/local/etc/raddb/policy.d/cui including configuration file /usr/local/etc/raddb/policy.d/abfab-tr including configuration file /usr/local/etc/raddb/policy.d/dhcp including configuration file /usr/local/etc/raddb/policy.d/eap including configuration file /usr/local/etc/raddb/policy.d/debug including configuration file /usr/local/etc/raddb/policy.d/filter including configuration file /usr/local/etc/raddb/policy.d/accounting including files in directory /usr/local/etc/raddb/sites-enabled/ including configuration file /usr/local/etc/raddb/sites-enabled/inner-tunnel-ttls including configuration file /usr/local/etc/raddb/sites-enabled/default including configuration file /usr/local/etc/raddb/sites-enabled/inner-tunnel-peap main { security { allow_core_dumps = yes } name = "radiusd" prefix = "/usr/local" localstatedir = "/var" logdir = "/var/log" run_dir = "/var/run" } Changing value of PR_DUMPABLE not supported on this system Core dumps are enabled main { name = "radiusd" prefix = "/usr/local" localstatedir = "/var" sbindir = "/usr/local/sbin" logdir = "/var/log" run_dir = "/var/run" libdir = "/usr/local/lib/freeradius-3.0.15" radacctdir = "/var/log/radacct" hostname_lookups = no max_request_time = 30 cleanup_delay = 5 max_requests = 1024 pidfile = "/var/run/radiusd.pid" checkrad = "/usr/local/sbin/checkrad" debug_level = 0 proxy_requests = yes log { stripped_names = no auth = yes auth_badpass = no auth_goodpass = no msg_badpass = "" msg_goodpass = "" colourise = yes msg_denied = "You are already logged in - access denied" } resources { } security { max_attributes = 200 reject_delay = 1.000000 status_server = no } } radiusd: #### Loading Realms and Home Servers #### radiusd: #### Loading Clients #### client ruckus { ipaddr = 172.16.100.80 require_message_authenticator = yes secret = <<< secret >>> nas_type = "other" proto = "udp" limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client zyxel { ipaddr = 172.16.100.10 require_message_authenticator = no secret = <<< secret >>> nas_type = "other" proto = "udp" limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client NTRadPing { ipaddr = 172.16.0.100 require_message_authenticator = no secret = <<< secret >>> nas_type = "other" proto = "udp" limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client tester { ipaddr = 127.0.0.1 require_message_authenticator = no secret = <<< secret >>> nas_type = "other" proto = "udp" limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } Debugger not attached # Creating Auth-Type = mschap # Creating Auth-Type = eap # Creating Auth-Type = PAP # Creating Auth-Type = CHAP # Creating Auth-Type = MS-CHAP # Creating Auth-Type = digest # Creating Auth-Type = MOTP # Creating Auth-Type = GOOGLEAUTH # Creating Autz-Type = Status-Server # Creating Acct-Type = Status-Server radiusd: #### Instantiating modules #### modules { # Loaded module rlm_pap # Loading module "pap" from file /usr/local/etc/raddb/mods-enabled/pap pap { normalise = yes } # Loaded module rlm_digest # Loading module "digest" from file /usr/local/etc/raddb/mods-enabled/digest # Loaded module rlm_eap # Loading module "eap" from file /usr/local/etc/raddb/mods-enabled/eap eap { default_eap_type = "md5" timer_expire = 60 ignore_unknown_eap_types = no cisco_accounting_username_bug = no max_sessions = 4096 } # Loaded module rlm_dhcp # Loading module "dhcp" from file /usr/local/etc/raddb/mods-enabled/dhcp # Loaded module rlm_detail # Loading module "detail" from file /usr/local/etc/raddb/mods-enabled/detail detail { filename = "/var/log/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d" header = "%t" permissions = 384 locking = no escape_filenames = no log_packet_header = no } # Loaded module rlm_replicate # Loading module "replicate" from file /usr/local/etc/raddb/mods-enabled/replicate # Loaded module rlm_utf8 # Loading module "utf8" from file /usr/local/etc/raddb/mods-enabled/utf8 # Loaded module rlm_mschap # Loading module "mschap" from file /usr/local/etc/raddb/mods-enabled/mschap mschap { use_mppe = yes require_encryption = no require_strong = no with_ntdomain_hack = yes passchange { } allow_retry = yes winbind_retry_with_normalised_username = no } # Loaded module rlm_logintime # Loading module "logintime" from file /usr/local/etc/raddb/mods-enabled/logintime logintime { minimum_timeout = 60 } # Loaded module rlm_exec # Loading module "echo" from file /usr/local/etc/raddb/mods-enabled/echo exec echo { wait = yes program = "/bin/echo %{User-Name}" input_pairs = "request" output_pairs = "reply" shell_escape = yes } # Loading module "googleauth" from file /usr/local/etc/raddb/mods-enabled/googleauth exec googleauth { wait = yes program = "/usr/local/etc/raddb/scripts/googleauth.py %{request:User-Name} %{reply:MOTP-Init-Secret} %{reply:MOTP-PIN} %{request:User-Password}" shell_escape = yes } # Loaded module rlm_dynamic_clients # Loading module "dynamic_clients" from file /usr/local/etc/raddb/mods-enabled/dynamic_clients # Loaded module rlm_unpack # Loading module "unpack" from file /usr/local/etc/raddb/mods-enabled/unpack # Loading module "motp" from file /usr/local/etc/raddb/mods-enabled/motp exec motp { wait = yes program = "/usr/local/bin/bash /usr/local/etc/raddb/scripts/otpverify.sh %{request:User-Name} %{request:User-Password} %{reply:MOTP-Init-Secret} %{reply:MOTP-PIN} %{reply:MOTP-Offset}" shell_escape = yes } # Loading module "auth_log" from file /usr/local/etc/raddb/mods-enabled/detail.log detail auth_log { filename = "/var/log/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d" header = "%t" permissions = 384 locking = no escape_filenames = no log_packet_header = no } # Loading module "reply_log" from file /usr/local/etc/raddb/mods-enabled/detail.log detail reply_log { filename = "/var/log/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/reply-detail-%Y%m%d" header = "%t" permissions = 384 locking = no escape_filenames = no log_packet_header = no } # Loading module "pre_proxy_log" from file /usr/local/etc/raddb/mods-enabled/detail.log detail pre_proxy_log { filename = "/var/log/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/pre-proxy-detail-%Y%m%d" header = "%t" permissions = 384 locking = no escape_filenames = no log_packet_header = no } # Loading module "post_proxy_log" from file /usr/local/etc/raddb/mods-enabled/detail.log detail post_proxy_log { filename = "/var/log/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/post-proxy-detail-%Y%m%d" header = "%t" permissions = 384 locking = no escape_filenames = no log_packet_header = no } # Loaded module rlm_sql # Loading module "sql1" from file /usr/local/etc/raddb/mods-enabled/sql sql sql1 { driver = "rlm_sql_mysql" server = "localhost" port = 3306 login = "radius" password = <<< secret >>> radius_db = "radius" read_groups = yes read_profiles = yes read_clients = yes delete_stale_sessions = yes sql_user_name = "%{User-Name}" logfile = "/var/log/sqltrace.sql" default_user_profile = "" client_query = "SELECT id, nasname, shortname, type, secret, server FROM nas" authorize_check_query = "SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id" authorize_reply_query = "SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id" authorize_group_check_query = "SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{sql1-SQL-Group}' ORDER BY id" authorize_group_reply_query = "SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{sql1-SQL-Group}' ORDER BY id" group_membership_query = "SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority" simul_count_query = "SELECT COUNT(*) FROM radacct WHERE username = '%{SQL-User-Name}' AND acctstoptime IS NULL" simul_verify_query = "SELECT radacctid, acctsessionid, username, nasipaddress, nasportid, framedipaddress, callingstationid, framedprotocol FROM radacct WHERE username = '%{SQL-User-Name}' AND acctstoptime IS NULL" safe_characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /" accounting { reference = "%{tolower:type.%{Acct-Status-Type}.query}" type { accounting-on { query = "UPDATE radacct SET acctstoptime = FROM_UNIXTIME(%{integer:Event-Timestamp}), acctsessiontime = '%{integer:Event-Timestamp}' - UNIX_TIMESTAMP(acctstarttime), acctterminatecause = '%{%{Acct-Terminate-Cause}:-NAS-Reboot}' WHERE acctstoptime IS NULL AND nasipaddress = '%{NAS-IP-Address}' AND acctstarttime <= FROM_UNIXTIME(%{integer:Event-Timestamp})" } accounting-off { query = "UPDATE radacct SET acctstoptime = FROM_UNIXTIME(%{integer:Event-Timestamp}), acctsessiontime = '%{integer:Event-Timestamp}' - UNIX_TIMESTAMP(acctstarttime), acctterminatecause = '%{%{Acct-Terminate-Cause}:-NAS-Reboot}' WHERE acctstoptime IS NULL AND nasipaddress = '%{NAS-IP-Address}' AND acctstarttime <= FROM_UNIXTIME(%{integer:Event-Timestamp})" } start { query = "INSERT INTO radacct (acctsessionid, acctuniqueid, username, realm, nasipaddress, nasportid, nasporttype, acctstarttime, acctupdatetime, acctstoptime, acctsessiontime, acctauthentic, connectinfo_start, connectinfo_stop, acctinputoctets, acctoutputoctets, calledstationid, callingstationid, acctterminatecause, servicetype, framedprotocol, framedipaddress) VALUES ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{%{NAS-Port-ID}:-%{NAS-Port}}', '%{NAS-Port-Type}', FROM_UNIXTIME(%{integer:Event-Timestamp}), FROM_UNIXTIME(%{integer:Event-Timestamp}), NULL, '0', '%{Acct-Authentic}', '%{Connect-Info}', '', '0', '0', '%{Called-Station-Id}', '%{Calling-Station-Id}', '', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}')" } interim-update { query = "UPDATE radacct SET acctupdatetime = (@acctupdatetime_old:=acctupdatetime), acctupdatetime = FROM_UNIXTIME(%{integer:Event-Timestamp}), acctinterval = %{integer:Event-Timestamp} - UNIX_TIMESTAMP(@acctupdatetime_old), framedipaddress = '%{Framed-IP-Address}', acctsessiontime = %{%{Acct-Session-Time}:-NULL}, acctinputoctets = '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}' WHERE AcctUniqueId = '%{Acct-Unique-Session-Id}'" } stop { query = "UPDATE radacct SET acctstoptime = FROM_UNIXTIME(%{integer:Event-Timestamp}), acctsessiontime = %{%{Acct-Session-Time}:-NULL}, acctinputoctets = '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}', acctterminatecause = '%{Acct-Terminate-Cause}', connectinfo_stop = '%{Connect-Info}' WHERE AcctUniqueId = '%{Acct-Unique-Session-Id}'" } } } post-auth { reference = ".query" query = "INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{SQL-User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S')" } } rlm_sql (sql1): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked Creating attribute sql1-SQL-Group # Loaded module rlm_radutmp # Loading module "sradutmp" from file /usr/local/etc/raddb/mods-enabled/sradutmp radutmp sradutmp { filename = "/var/log/sradutmp" username = "%{User-Name}" case_sensitive = yes check_with_nas = yes permissions = 420 caller_id = no } # Loading module "datacounterdaily" from file /usr/local/etc/raddb/mods-enabled/datacounter_acct exec datacounterdaily { wait = yes program = "/bin/sh /usr/local/etc/raddb/scripts/datacounter_acct.sh %{request:User-Name} daily %{request:Acct-Input-Octets} %{request:Acct-Output-Octets} %{request:Acct-Status-Type} %{request:Acct-Session-Id}" shell_escape = yes } # Loading module "datacounterweekly" from file /usr/local/etc/raddb/mods-enabled/datacounter_acct exec datacounterweekly { wait = yes program = "/bin/sh /usr/local/etc/raddb/scripts/datacounter_acct.sh %{request:User-Name} weekly %{request:Acct-Input-Octets} %{request:Acct-Output-Octets} %{request:Acct-Status-Type} %{request:Acct-Session-Id}" shell_escape = yes } # Loading module "datacountermonthly" from file /usr/local/etc/raddb/mods-enabled/datacounter_acct exec datacountermonthly { wait = yes program = "/bin/sh /usr/local/etc/raddb/scripts/datacounter_acct.sh %{request:User-Name} monthly %{request:Acct-Input-Octets} %{request:Acct-Output-Octets} %{request:Acct-Status-Type} %{request:Acct-Session-Id}" shell_escape = yes } # Loading module "datacounterforever" from file /usr/local/etc/raddb/mods-enabled/datacounter_acct exec datacounterforever { wait = yes program = "/bin/sh /usr/local/etc/raddb/scripts/datacounter_acct.sh %{request:User-Name} forever %{request:Acct-Input-Octets} %{request:Acct-Output-Octets} %{request:Acct-Status-Type} %{request:Acct-Session-Id}" shell_escape = yes } # Loading module "exec" from file /usr/local/etc/raddb/mods-enabled/exec exec { wait = no input_pairs = "request" shell_escape = yes timeout = 10 } # Loaded module rlm_unix # Loading module "unix" from file /usr/local/etc/raddb/mods-enabled/unix unix { radwtmp = "/var/log/radwtmp" } Creating attribute Unix-Group # Loaded module rlm_soh # Loading module "soh" from file /usr/local/etc/raddb/mods-enabled/soh soh { dhcp = yes } # Loaded module rlm_expr # Loading module "expr" from file /usr/local/etc/raddb/mods-enabled/expr expr { safe_characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /äéöüàâæçèéêëîïôœùûüaÿÄÉÖÜßÀÂÆÇÈÉÊËÎÏÔŒÙÛÜŸ" } # Loaded module rlm_preprocess # Loading module "preprocess" from file /usr/local/etc/raddb/mods-enabled/preprocess preprocess { huntgroups = "/usr/local/etc/raddb/mods-config/preprocess/huntgroups" hints = "/usr/local/etc/raddb/mods-config/preprocess/hints" with_ascend_hack = no ascend_channels_per_line = 23 with_ntdomain_hack = no with_specialix_jetstream_hack = no with_cisco_vsa_hack = no with_alvarion_vsa_hack = no } # Loaded module rlm_attr_filter # Loading module "attr_filter.post-proxy" from file /usr/local/etc/raddb/mods-enabled/attr_filter attr_filter attr_filter.post-proxy { filename = "/usr/local/etc/raddb/mods-config/attr_filter/post-proxy" key = "%{Realm}" relaxed = no } # Loading module "attr_filter.pre-proxy" from file /usr/local/etc/raddb/mods-enabled/attr_filter attr_filter attr_filter.pre-proxy { filename = "/usr/local/etc/raddb/mods-config/attr_filter/pre-proxy" key = "%{Realm}" relaxed = no } # Loading module "attr_filter.access_reject" from file /usr/local/etc/raddb/mods-enabled/attr_filter attr_filter attr_filter.access_reject { filename = "/usr/local/etc/raddb/mods-config/attr_filter/access_reject" key = "%{User-Name}" relaxed = no } # Loading module "attr_filter.access_challenge" from file /usr/local/etc/raddb/mods-enabled/attr_filter attr_filter attr_filter.access_challenge { filename = "/usr/local/etc/raddb/mods-config/attr_filter/access_challenge" key = "%{User-Name}" relaxed = no } # Loading module "attr_filter.accounting_response" from file /usr/local/etc/raddb/mods-enabled/attr_filter attr_filter attr_filter.accounting_response { filename = "/usr/local/etc/raddb/mods-config/attr_filter/accounting_response" key = "%{User-Name}" relaxed = no } # Loaded module rlm_realm # Loading module "IPASS" from file /usr/local/etc/raddb/mods-enabled/realm realm IPASS { format = "prefix" delimiter = "/" ignore_default = no ignore_null = yes } # Loading module "suffix" from file /usr/local/etc/raddb/mods-enabled/realm realm suffix { format = "suffix" delimiter = "@" ignore_default = no ignore_null = yes } # Loading module "realmpercent" from file /usr/local/etc/raddb/mods-enabled/realm realm realmpercent { format = "suffix" delimiter = "%" ignore_default = no ignore_null = yes } # Loading module "ntdomain" from file /usr/local/etc/raddb/mods-enabled/realm realm ntdomain { format = "prefix" delimiter = "\" ignore_default = no ignore_null = yes } # Loaded module rlm_passwd # Loading module "etc_passwd" from file /usr/local/etc/raddb/mods-enabled/passwd passwd etc_passwd { filename = "/etc/passwd" format = "*User-Name:Crypt-Password:" delimiter = ":" ignore_nislike = no ignore_empty = yes allow_multiple_keys = no hash_size = 100 } # Loaded module rlm_chap # Loading module "chap" from file /usr/local/etc/raddb/mods-enabled/chap # Loaded module rlm_date # Loading module "date" from file /usr/local/etc/raddb/mods-enabled/date date { format = "%b %e %Y %H:%M:%S %Z" utc = no } # Loaded module rlm_cache # Loading module "cache_eap" from file /usr/local/etc/raddb/mods-enabled/cache_eap cache cache_eap { driver = "rlm_cache_rbtree" key = "%{%{control:State}:-%{%{reply:State}:-%{State}}}" ttl = 15 max_entries = 0 epoch = 0 add_stats = no } # Loaded module rlm_always # Loading module "reject" from file /usr/local/etc/raddb/mods-enabled/always always reject { rcode = "reject" simulcount = 0 mpp = no } # Loading module "fail" from file /usr/local/etc/raddb/mods-enabled/always always fail { rcode = "fail" simulcount = 0 mpp = no } # Loading module "ok" from file /usr/local/etc/raddb/mods-enabled/always always ok { rcode = "ok" simulcount = 0 mpp = no } # Loading module "handled" from file /usr/local/etc/raddb/mods-enabled/always always handled { rcode = "handled" simulcount = 0 mpp = no } # Loading module "invalid" from file /usr/local/etc/raddb/mods-enabled/always always invalid { rcode = "invalid" simulcount = 0 mpp = no } # Loading module "userlock" from file /usr/local/etc/raddb/mods-enabled/always always userlock { rcode = "userlock" simulcount = 0 mpp = no } # Loading module "notfound" from file /usr/local/etc/raddb/mods-enabled/always always notfound { rcode = "notfound" simulcount = 0 mpp = no } # Loading module "noop" from file /usr/local/etc/raddb/mods-enabled/always always noop { rcode = "noop" simulcount = 0 mpp = no } # Loading module "updated" from file /usr/local/etc/raddb/mods-enabled/always always updated { rcode = "updated" simulcount = 0 mpp = no } # Loaded module rlm_expiration # Loading module "expiration" from file /usr/local/etc/raddb/mods-enabled/expiration # Loaded module rlm_files # Loading module "files" from file /usr/local/etc/raddb/mods-enabled/files files { filename = "/usr/local/etc/raddb/mods-config/files/authorize" acctusersfile = "/usr/local/etc/raddb/mods-config/files/accounting" preproxy_usersfile = "/usr/local/etc/raddb/mods-config/files/pre-proxy" } # Loaded module rlm_sqlcounter # Loading module "dailycounter" from file /usr/local/etc/raddb/mods-enabled/sqlcounter sqlcounter dailycounter { sql_module_instance = "sql" key = "User-Name" query = "SELECT SUM(acctsessiontime - GREATEST((%%b - UNIX_TIMESTAMP(acctstarttime)), 0)) FROM radacct WHERE username = '%{User-Name}' AND UNIX_TIMESTAMP(acctstarttime) + acctsessiontime > '%%b'" reset = "daily" counter_name = "Daily-Session-Time" check_name = "Max-Daily-Session" reply_name = "Session-Timeout" } # Loading module "monthlycounter" from file /usr/local/etc/raddb/mods-enabled/sqlcounter sqlcounter monthlycounter { sql_module_instance = "sql" key = "User-Name" query = "SELECT SUM(acctsessiontime - GREATEST((%%b - UNIX_TIMESTAMP(acctstarttime)), 0)) FROM radacct WHERE username='%{User-Name}' AND UNIX_TIMESTAMP(acctstarttime) + acctsessiontime > '%%b'" reset = "monthly" counter_name = "Monthly-Session-Time" check_name = "Max-Monthly-Session" reply_name = "Session-Timeout" } # Loading module "noresetcounter" from file /usr/local/etc/raddb/mods-enabled/sqlcounter sqlcounter noresetcounter { sql_module_instance = "sql" key = "User-Name" query = "SELECT IFNULL(SUM(AcctSessionTime),0) FROM radacct WHERE UserName='%{User-Name}'" reset = "never" counter_name = "Max-All-Session-Time" check_name = "Max-All-Session" reply_name = "Session-Timeout" } # Loading module "expire_on_login" from file /usr/local/etc/raddb/mods-enabled/sqlcounter sqlcounter expire_on_login { sql_module_instance = "sql" key = "User-Name" query = "SELECT IFNULL( MAX(TIME_TO_SEC(TIMEDIFF(NOW(), acctstarttime))),0) FROM radacct WHERE UserName='%{User-Name}' ORDER BY acctstarttime LIMIT 1;" reset = "never" counter_name = "Expire-After-Initial-Login" check_name = "Expire-After" reply_name = "Session-Timeout" } -
# Loaded module rlm_linelog # Loading module "linelog" from file /usr/local/etc/raddb/mods-enabled/linelog linelog { filename = "/var/log/linelog" escape_filenames = no syslog_severity = "info" permissions = 384 format = "This is a log message for %{User-Name}" reference = "messages.%{%{reply:Packet-Type}:-default}" } # Loading module "log_accounting" from file /usr/local/etc/raddb/mods-enabled/linelog linelog log_accounting { filename = "/var/log/linelog-accounting" escape_filenames = no syslog_severity = "info" permissions = 384 format = "" reference = "Accounting-Request.%{%{Acct-Status-Type}:-unknown}" } # Loading module "radutmp" from file /usr/local/etc/raddb/mods-enabled/radutmp radutmp { filename = "/var/log/radutmp" username = "%{User-Name}" case_sensitive = yes check_with_nas = yes permissions = 384 caller_id = yes } instantiate { # Instantiating module "expiration" from file /usr/local/etc/raddb/mods-enabled/expiration # Instantiating module "logintime" from file /usr/local/etc/raddb/mods-enabled/logintime # Instantiating module "sql1" from file /usr/local/etc/raddb/mods-enabled/sql rlm_sql_mysql: libmysql version: 5.6.39 mysql { tls { } warnings = "auto" } rlm_sql (sql1): Attempting to connect to database "radius" rlm_sql (sql1): Initialising connection pool pool { start = 5 min = 3 max = 5 spare = 10 uses = 0 lifetime = 0 cleanup_interval = 30 idle_timeout = 60 retry_delay = 60 spread = no } WARNING: Ignoring "spare = 10", forcing to "spare = 2" rlm_sql (sql1): Opening additional connection (0), 1 of 5 pending slots used rlm_sql_mysql: Starting connect to MySQL server rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX socket, server version 5.6.40, protocol version 10 rlm_sql (sql1): Opening additional connection (1), 1 of 4 pending slots used rlm_sql_mysql: Starting connect to MySQL server rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX socket, server version 5.6.40, protocol version 10 rlm_sql (sql1): Opening additional connection (2), 1 of 3 pending slots used rlm_sql_mysql: Starting connect to MySQL server rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX socket, server version 5.6.40, protocol version 10 rlm_sql (sql1): Opening additional connection (3), 1 of 2 pending slots used rlm_sql_mysql: Starting connect to MySQL server rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX socket, server version 5.6.40, protocol version 10 rlm_sql (sql1): Opening additional connection (4), 1 of 1 pending slots used rlm_sql_mysql: Starting connect to MySQL server rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX socket, server version 5.6.40, protocol version 10 rlm_sql (sql1): Processing generate_sql_clients rlm_sql (sql1) in generate_sql_clients: query is SELECT id, nasname, shortname, type, secret, server FROM nas rlm_sql (sql1): Reserved connection (0) rlm_sql (sql1): Executing select query: SELECT id, nasname, shortname, type, secret, server FROM nas rlm_sql (sql1): Released connection (0) } # Instantiating module "pap" from file /usr/local/etc/raddb/mods-enabled/pap # Instantiating module "eap" from file /usr/local/etc/raddb/mods-enabled/eap # Linked to sub-module rlm_eap_md5 # Linked to sub-module rlm_eap_leap # Linked to sub-module rlm_eap_gtc gtc { challenge = "Password: " auth_type = "PAP" } # Linked to sub-module rlm_eap_tls tls { tls = "tls-common" } tls-config tls-common { verify_depth = 0 ca_path = "/usr/local/etc/raddb/certs" pem_file_type = yes private_key_file = "/usr/local/etc/raddb/certs/server_key.pem" certificate_file = "/usr/local/etc/raddb/certs/server_cert.pem" ca_file = "/usr/local/etc/raddb/certs/ca_cert.pem" dh_file = "/usr/local/etc/raddb/certs/dh" random_file = "/dev/urandom" fragment_size = 1024 include_length = yes auto_chain = yes check_crl = no check_all_crl = no cipher_list = "DEFAULT" cipher_server_preference = no ecdh_curve = "prime256v1" cache { enable = no lifetime = 24 max_entries = 255 } verify { skip_if_ocsp_ok = no } ocsp { enable = no override_cert_url = no url = "http://127.0.0.1/ocsp/" use_nonce = yes timeout = 0 softfail = no } } # Linked to sub-module rlm_eap_ttls ttls { tls = "tls-common" default_eap_type = "md5" copy_request_to_tunnel = no use_tunneled_reply = no virtual_server = "inner-tunnel-ttls" include_length = yes require_client_cert = no } tls: Using cached TLS configuration from previous invocation # Linked to sub-module rlm_eap_peap peap { tls = "tls-common" default_eap_type = "mschapv2" copy_request_to_tunnel = no use_tunneled_reply = no proxy_tunneled_request_as_eap = yes virtual_server = "inner-tunnel-peap" soh = no require_client_cert = no } tls: Using cached TLS configuration from previous invocation # Linked to sub-module rlm_eap_mschapv2 mschapv2 { with_ntdomain_hack = no send_error = no } # Instantiating module "detail" from file /usr/local/etc/raddb/mods-enabled/detail # Instantiating module "mschap" from file /usr/local/etc/raddb/mods-enabled/mschap rlm_mschap (mschap): using internal authentication # Instantiating module "auth_log" from file /usr/local/etc/raddb/mods-enabled/detail.log rlm_detail (auth_log): 'User-Password' suppressed, will not appear in detail output # Instantiating module "reply_log" from file /usr/local/etc/raddb/mods-enabled/detail.log # Instantiating module "pre_proxy_log" from file /usr/local/etc/raddb/mods-enabled/detail.log # Instantiating module "post_proxy_log" from file /usr/local/etc/raddb/mods-enabled/detail.log # Instantiating module "preprocess" from file /usr/local/etc/raddb/mods-enabled/preprocess reading pairlist file /usr/local/etc/raddb/mods-config/preprocess/huntgroups reading pairlist file /usr/local/etc/raddb/mods-config/preprocess/hints # Instantiating module "attr_filter.post-proxy" from file /usr/local/etc/raddb/mods-enabled/attr_filter reading pairlist file /usr/local/etc/raddb/mods-config/attr_filter/post-proxy # Instantiating module "attr_filter.pre-proxy" from file /usr/local/etc/raddb/mods-enabled/attr_filter reading pairlist file /usr/local/etc/raddb/mods-config/attr_filter/pre-proxy # Instantiating module "attr_filter.access_reject" from file /usr/local/etc/raddb/mods-enabled/attr_filter reading pairlist file /usr/local/etc/raddb/mods-config/attr_filter/access_reject [/usr/local/etc/raddb/mods-config/attr_filter/access_reject]:11 Check item "FreeRADIUS-Response-Delay" found in filter list for realm "DEFAULT". [/usr/local/etc/raddb/mods-config/attr_filter/access_reject]:11 Check item "FreeRADIUS-Response-Delay-USec" found in filter list for realm "DEFAULT". # Instantiating module "attr_filter.access_challenge" from file /usr/local/etc/raddb/mods-enabled/attr_filter reading pairlist file /usr/local/etc/raddb/mods-config/attr_filter/access_challenge # Instantiating module "attr_filter.accounting_response" from file /usr/local/etc/raddb/mods-enabled/attr_filter reading pairlist file /usr/local/etc/raddb/mods-config/attr_filter/accounting_response # Instantiating module "IPASS" from file /usr/local/etc/raddb/mods-enabled/realm # Instantiating module "suffix" from file /usr/local/etc/raddb/mods-enabled/realm # Instantiating module "realmpercent" from file /usr/local/etc/raddb/mods-enabled/realm # Instantiating module "ntdomain" from file /usr/local/etc/raddb/mods-enabled/realm # Instantiating module "etc_passwd" from file /usr/local/etc/raddb/mods-enabled/passwd rlm_passwd: nfields: 3 keyfield 0(User-Name) listable: no # Instantiating module "cache_eap" from file /usr/local/etc/raddb/mods-enabled/cache_eap rlm_cache (cache_eap): Driver rlm_cache_rbtree (module rlm_cache_rbtree) loaded and linked # Instantiating module "reject" from file /usr/local/etc/raddb/mods-enabled/always # Instantiating module "fail" from file /usr/local/etc/raddb/mods-enabled/always # Instantiating module "ok" from file /usr/local/etc/raddb/mods-enabled/always # Instantiating module "handled" from file /usr/local/etc/raddb/mods-enabled/always # Instantiating module "invalid" from file /usr/local/etc/raddb/mods-enabled/always # Instantiating module "userlock" from file /usr/local/etc/raddb/mods-enabled/always # Instantiating module "notfound" from file /usr/local/etc/raddb/mods-enabled/always # Instantiating module "noop" from file /usr/local/etc/raddb/mods-enabled/always # Instantiating module "updated" from file /usr/local/etc/raddb/mods-enabled/always # Instantiating module "files" from file /usr/local/etc/raddb/mods-enabled/files reading pairlist file /usr/local/etc/raddb/mods-config/files/authorize reading pairlist file /usr/local/etc/raddb/mods-config/files/accounting reading pairlist file /usr/local/etc/raddb/mods-config/files/pre-proxy # Instantiating module "dailycounter" from file /usr/local/etc/raddb/mods-enabled/sqlcounter rlm_sqlcounter: Current Time: 1534343054 [2018-08-15 16:24:14], Prev reset 1534284000 [2018-08-15 00:00:00] # Instantiating module "monthlycounter" from file /usr/local/etc/raddb/mods-enabled/sqlcounter rlm_sqlcounter: Current Time: 1534343054 [2018-08-15 16:24:14], Prev reset 1533074400 [2018-08-01 00:00:00] # Instantiating module "noresetcounter" from file /usr/local/etc/raddb/mods-enabled/sqlcounter rlm_sqlcounter: Current Time: 1534343054 [2018-08-15 16:24:14], Prev reset 0 [2018-08-15 16:00:00] # Instantiating module "expire_on_login" from file /usr/local/etc/raddb/mods-enabled/sqlcounter rlm_sqlcounter: Current Time: 1534343054 [2018-08-15 16:24:14], Prev reset 0 [2018-08-15 16:00:00] # Instantiating module "linelog" from file /usr/local/etc/raddb/mods-enabled/linelog # Instantiating module "log_accounting" from file /usr/local/etc/raddb/mods-enabled/linelog } # modules radiusd: #### Loading Virtual Servers #### server { # from file /usr/local/etc/raddb/radiusd.conf } # server server inner-tunnel-ttls { # from file /usr/local/etc/raddb/sites-enabled/inner-tunnel-ttls # Loading authenticate {...} # Loading authorize {...} Ignoring "sql" (see raddb/mods-available/README.rst) Ignoring "ldap" (see raddb/mods-available/README.rst) # Loading session {...} # Loading post-proxy {...} # Loading post-auth {...} # Skipping contents of 'if' as it is always 'false' -- /usr/local/etc/raddb/sites-enabled/inner-tunnel-ttls:63 } # server inner-tunnel-ttls server default { # from file /usr/local/etc/raddb/sites-enabled/default # Loading authenticate {...} # Loading authorize {...} /usr/local/etc/raddb/sites-enabled/default[35]: Failed to find "daily" as a module or policy. /usr/local/etc/raddb/sites-enabled/default[35]: Please verify that the configuration exists in /usr/local/etc/raddb/mods-enabled/daily. /usr/local/etc/raddb/sites-enabled/default[13]: Errors parsing authorize section. -
@jimp Hey Jim, is it in progress or did you give it up to tell me what you really need to fix the problem :-)
-
I haven't had time to try it out and see if I could tell what was wrong. I haven't spent much time working on that package in months and I've got my hands full at the moment. Might be a while before I can take a look deep enough to fix anything in that package.
-
@jimp Ok, thanks
-
hi
i am able to get freeradius working with the captive portal but when i enable the sql freeradius stops working is this the right place to ask this question?thanks
-
@kramtw : This thread is about freeradius not starting.
Your question is about mysql not starting ? -
@kramtw No, not the right thread because I 'm not using Captive Portal. It's only about Freeradius with accounting in mysql but not authentication in mysql.
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.