Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    freeradius+mysql not starting with mysql authorization BUG#7965 and 7947

    Scheduled Pinned Locked Moved pfSense Packages
    14 Posts 4 Posters 4.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • jimpJ
      jimp Rebel Alliance Developer Netgate
      last edited by

      I can start it here in either mode, with or without mysql.

      You'll have to post all of your FreeRADIUS settings, either screenshots of every tab or all of the entries in config.xml. You can hide any private info like passwords, of course. Something in your settings is causing it to fail, but it isn't clear what that might be from the errors.

      Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

      Need help fast? Netgate Global Support!

      Do not Chat/PM for help!

      1 Reply Last reply Reply Quote 0
      • P
        pfadmin
        last edited by

         /usr/local/etc/raddb/radiusd.conf
        prefix = /usr/local
        exec_prefix = ${prefix}
        sysconfdir = ${prefix}/etc
        localstatedir = /var
        sbindir = ${exec_prefix}/sbin
        logdir = ${localstatedir}/log
        raddbdir = ${sysconfdir}/raddb
        radacctdir = ${logdir}/radacct
        name = radiusd
        confdir = ${raddbdir}
        modconfdir = ${confdir}/mods-config
        certdir = ${confdir}/certs
        cadir = ${confdir}/certs
        run_dir = ${localstatedir}/run
        db_dir = ${raddbdir}
        libdir = /usr/local/lib/freeradius-3.0.15
        pidfile = ${run_dir}/${name}.pid
        max_request_time = 30
        cleanup_delay = 5
        max_requests = 1024
        hostname_lookups = no
        regular_expressions = yes
        extended_expressions = yes
        
        log {
        	destination = syslog
        	colourise = yes
        	file = ${logdir}/radius.log
        	syslog_facility = daemon
        	stripped_names = no
        	auth = yes
        	auth_badpass = no
        	auth_goodpass = no
        	msg_goodpass = ""
        	msg_badpass = ""
        	msg_denied = "You are already logged in - access denied"
        }
        
        checkrad = ${sbindir}/checkrad
        security {
        	allow_core_dumps = yes
        	max_attributes = 200
        	reject_delay = 1
        	status_server = no
        	# Disable this check since it may not be accurate due to how FreeBSD patches OpenSSL
        	allow_vulnerable_openssl = yes
        }
        
        $INCLUDE  clients.conf
        thread pool {
        	start_servers = 5
        	max_servers = 32
        	min_spare_servers = 3
        	max_spare_servers = 10
        	max_queue_size = 65536
        	max_requests_per_server = 0
        	auto_limit_acct = no
        }
        
        modules {
        	$INCLUDE ${confdir}/mods-enabled/
        }
        
        instantiate {
        	exec
        	expr
        	expiration
        	logintime
        	### Dis-/Enable sql instatiate
        
        	redundant sql {
        		sql1
        		### sql2 DISABLED ###
        	}
        
        }
        policy {
        	$INCLUDE policy.d/
        }
        $INCLUDE sites-enabled/
        
        /usr/local/etc/raddb/mods-enabled/eap
        ### EAP
        eap {
        	default_eap_type = md5
        	timer_expire     = 60
        	ignore_unknown_eap_types = no
        	cisco_accounting_username_bug = no
        	max_sessions = 4096
        
        	md5 {
        	}
        	leap {
        	}
        	gtc {
        		#challenge = "Password: "
        		auth_type = PAP
        	}
        
        
        #	pwd {
        #		group = 19
        #		server_id = theserver@example.com
        #		fragment_size = 1020
        #		virtual_server = "inner-tunnel"
        #	}
        
        	tls-config tls-common {
        		# private_key_password = whatever
        		private_key_file = ${certdir}/server_key.pem
        		certificate_file = ${certdir}/server_cert.pem
        		ca_path = ${confdir}/certs
        		ca_file = ${ca_path}/ca_cert.pem
        	#	auto_chain = yes
        	#	psk_identity = "test"
        	#	psk_hexphrase = "036363823"
        		dh_file = ${certdir}/dh
        		random_file = /dev/urandom
        		fragment_size = 1024
        		include_length = yes
        		check_crl = no
        		### check_cert_issuer = "/C=GB/ST=Berkshire/L=Newbury/O=My Company Ltd/emailAddress=test@mycomp.com/CN=myca" ###
        		### check_cert_cn = %{User-Name} ###
        		cipher_list = "DEFAULT"
        		cipher_server_preference = no
        #		disable_tlsv1_2 = no
        		ecdh_curve = "prime256v1"
        		cache {
        			enable = no
        			lifetime = 24
        			max_entries = 255
        			#name = "EAP module"
        			#persist_dir = "/tlscache"
        		}
        		verify {
        	#		skip_if_ocsp_ok = no
        	#		tmpdir = /tmp/radiusd
        	#		client = "/path/to/openssl verify -CApath ${..ca_path} %{TLS-Client-Cert-Filename}"
        		}
        		ocsp {
        			enable = no
        			override_cert_url = no
        			url = "http://127.0.0.1/ocsp/"
        			# use_nonce = yes
        			# timeout = 0
        			# softfail = no
        		}
        	}
        	tls {
        		tls = tls-common
        	#	virtual_server = check-eap-tls
        	}
        	ttls {
        		tls = tls-common
        		default_eap_type = md5
        		copy_request_to_tunnel = no
        		include_length = yes
        	#	require_client_cert = yes
        		virtual_server = "inner-tunnel-ttls"
        		#use_tunneled_reply is deprecated, new method happens in virtual-server
        	}	### end ttls
        	peap {
        		tls = tls-common
        		default_eap_type = mschapv2
        		copy_request_to_tunnel = no
        	#	proxy_tunneled_request_as_eap = yes
        	#	require_client_cert = yes
        ### MS SoH Server is disabled ###
        
        		virtual_server = "inner-tunnel-peap"
        		#use_tunneled_reply is deprecated, new method happens in virtual-server
        	}
        	mschapv2 {
        #		send_error = no
        #		identity = "FreeRADIUS"
        	}
        #	fast {
        #		tls = tls-common
        #		pac_lifetime = 604800
        #		authority_identity = "1234"
        #		pac_opaque_key = "0123456789abcdef0123456789ABCDEF"
        #		virtual_server = inner-tunnel
        #	}
        }
        
        /usr/local/etc/raddb/mods-enabled/sql
        
        sql sql1 {
        	database = "mysql"
        	driver = "rlm_sql_${database}"
        	dialect = "${database}"
        	server = "localhost"
        	port = 3306
        	login = "radius"
        	password = "radpass"
        	radius_db = "radius"
        	acct_table1 = "radacct"
        	acct_table2 = "radacct"
        	postauth_table = "radpostauth"
        	authcheck_table = "radcheck"
        	authreply_table = "radreply"
        	groupcheck_table = "radgroupcheck"
        	groupreply_table = "radgroupreply"
        	usergroup_table = "radusergroup"
        	read_groups = yes
        	delete_stale_sessions = yes
        	logfile = ${logdir}/sqltrace.sql
        	read_clients = yes
        	client_table = "nas"
        	pool {
        		start = ${thread[pool].start_servers}
        		min = ${thread[pool].min_spare_servers}
        		max = 5
        		spare = ${thread[pool].max_spare_servers}
        		uses = 0
        		retry_delay = 60
        		lifetime = 0
        		idle_timeout = 60
        	}
        	group_attribute = "${.:instance}-SQL-Group"
        	$INCLUDE ${modconfdir}/${.:name}/main/${dialect}/queries.conf
        }
        
        /usr/local/etc/raddb/clients.conf
        
        client "ruckus" {
        	ipaddr = 172.16.100.80
        	proto = udp
        	secret = 'blablablub'
        	require_message_authenticator = yes
        	nas_type = other
        	### login = !root ###
        	### password = someadminpass ###
        	limit {
        		max_connections = 16
        		lifetime = 0
        		idle_timeout = 30
        	}
        }
        
        client "tester" {
        	ipaddr = 127.0.0.1
        	proto = udp
        	secret = 'SuperTest'
        	require_message_authenticator = no
        	nas_type = other
        	### login = !root ###
        	### password = someadminpass ###
        	limit {
        		max_connections = 16
        		lifetime = 0
        		idle_timeout = 30
        	}
        }
        
        /usr/local/etc/raddb/users
        
        "testu" Cleartext-Password := "testp", Max-Daily-Session := 120
        
        	Session-Timeout := 60,
        	Tunnel-Type = VLAN,
        	Tunnel-Medium-Type = IEEE-802,
        	Tunnel-Private-Group-ID = "70"
        
        /usr/local/etc/raddb/authorized_macs
        
        /usr/local/etc/raddb/sites-enabled/default
        server default {
        listen {
        	type = auth
        	ipaddr = 127.0.0.1
        	port = 1812
        }
        listen {
        	type = acct
        	ipaddr = 127.0.0.1
        	port = 1813
        }
        
        authorize {
        #	filter_username
        #	filter_password
        	preprocess
        #	operator-name
        #	cui
        ##### AUTHORIZE FOR PLAIN MAC-AUTH IS DISABLED #####
        #	auth_log
        	chap
        	mschap
        	digest
        #	wimax
        #	IPASS
        	suffix
        	ntdomain
        	eap {
        		ok = return
        #		updated = return
        	}
        #	unix
        	files
        
        	redundant sql {
        		sql1
        		### sql2 DISABLED ###
        	}
        
        #	smbpasswd
        ### ldap ###
        	# Formerly checkval
        	if (&request:Calling-Station-Id == &control:Calling-Station-Id) {
        		ok
        	}
        	expiration
        	logintime
        	pap
        	Autz-Type Status-Server {
        
        	}
        }
        
        authenticate {
        	Auth-Type PAP {
        		pap
        	}
        	Auth-Type CHAP {
        		chap
        	}
        	Auth-Type MS-CHAP {
        		mschap
        	}
        	mschap
        	Auth-Type MOTP {
        		motp
        	}
        	Auth-Type GOOGLEAUTH {
        		googleauth
        	}
        	digest
        #	pam
        #	unix
        
        	#Auth-Type LDAP {
        		#ldap
        		#### ldap2 disabled ###
        	#}
        
        	eap
        #	Auth-Type eap {
        #		eap {
        #			handled = 1
        #		}
        #		if (handled && (Response-Packet-Type == Access-Challenge)) {
        #			attr_filter.access_challenge.post-auth
        #			handled  # override the "updated" code from attr_filter
        #		}
        #	}
        }
        
        preacct {
        	preprocess
        ##### ACCOUNTING FOR PLAIN MAC-AUTH DISABLED #####
        #	acct_counters64
        	update request {
        		&FreeRADIUS-Acct-Session-Start-Time = "%{expr: %l - %{%{Acct-Session-Time}:-0} - %{%{Acct-Delay-Time}:-0}}"
        	}
        ##### DISABLE acct_unique DISABLE #####
        #	IPASS
        	suffix
        	ntdomain
        	files
        }
        
        accounting {
        #	cui
        	detail
        	### This makes it possible to run the datacounter_acct module only on accounting-stop and interim-updates
        	if ((request:Acct-Status-Type == Stop) || (request:Acct-Status-Type == Interim-Update)) {
        		datacounterdaily
        		datacounterweekly
        		datacountermonthly
        		datacounterforever
        	}
        #	unix
        	radutmp
        #	sradutmp
        #	main_pool
        
        	redundant sql {
        		sql1
        		### sql2 DISABLED ###
        	}
        
        #	if (noop) {
        #		ok
        #	}
        #	pgsql-voip
        	exec
        	attr_filter.accounting_response
        	Acct-Type Status-Server {
        
        	}
        }
        
        session {
        #	radutmp
        	
        	redundant sql {
        		sql1
        		### sql2 DISABLED ###
        	}
        
        }
        
        post-auth {
        #	if (!&reply:State) {
        #		update reply {
        #			State := "0x%{randstr:16h}"
        #		}
        #	}
        	update {
        		&reply: += &session-state:
        	}
        #	main_pool
        #	cui
        #	reply_log
        
        	redundant sql {
        		sql1
        		### sql2 DISABLED ###
        	}
        
        #	ldap
        	exec
        #	wimax
        #	update reply {
        #		Reply-Message += "%{TLS-Cert-Serial}"
        #		Reply-Message += "%{TLS-Cert-Expiration}"
        #		Reply-Message += "%{TLS-Cert-Subject}"
        #		Reply-Message += "%{TLS-Cert-Issuer}"
        #		Reply-Message += "%{TLS-Cert-Common-Name}"
        #		Reply-Message += "%{TLS-Cert-Subject-Alt-Name-Email}"
        #
        #		Reply-Message += "%{TLS-Client-Cert-Serial}"
        #		Reply-Message += "%{TLS-Client-Cert-Expiration}"
        #		Reply-Message += "%{TLS-Client-Cert-Subject}"
        #		Reply-Message += "%{TLS-Client-Cert-Issuer}"
        #		Reply-Message += "%{TLS-Client-Cert-Common-Name}"
        #		Reply-Message += "%{TLS-Client-Cert-Subject-Alt-Name-Email}"
        #	}
        #	insert_acct_class
        #	if (&reply:EAP-Session-Id) {
        #		update reply {
        #			EAP-Key-Name := &reply:EAP-Session-Id
        #		}
        #	}
        	remove_reply_message_if_eap
        	Post-Auth-Type REJECT {
        		# log failed authentications in SQL, too.
        		sql
        		attr_filter.access_reject
        		eap
        		remove_reply_message_if_eap
        	}
        	Post-Auth-Type Challenge {
        
        	}
        }
        
        pre-proxy {
        #	operator-name
        #	cui
        #	files
        	attr_filter.pre-proxy
        #	pre_proxy_log
        }
        
        post-proxy {
        
        #	post_proxy_log
        	attr_filter.post-proxy
        	eap
        #	Post-Proxy-Type Fail-Accounting {
        #			detail
        #	}
        }
        }
        

        So my initial goal was to kick out some kids after an amount of time without mysql. But freeradius did nothing with the stop paket. It counts megabytes if I want but no time. captive portal is configured a special way with freeradius but its not usefull to me. Now I want to use mysql only for accounting to kick out my kids after some time.

        Thanks for your work

        pfadmin

        1 Reply Last reply Reply Quote 0
        • jimpJ
          jimp Rebel Alliance Developer Netgate
          last edited by

          I really need to see the pfSense settings instead (Screenshots of the pfSense package screens and/or the config.xml contents). Seeing the FreeRADIUS config doesn't necessarily tell me what settings you used to get into this state.

          Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

          Need help fast? Netgate Global Support!

          Do not Chat/PM for help!

          P 3 Replies Last reply Reply Quote 0
          • P
            pfadmin
            last edited by

            @jimp said in freeradius+mysql not starting with mysql authorization BUG#7965 and 7947:

            to get into this state.

            Ui. Hope this is enougth, I deleted most of all other stuff.

            <?xml version="1.0"?>
            <pfsense>
            	<version>18.0</version>
            	<lastchange></lastchange>
            	<system>
            		<optimization>normal</optimization>
            		<hostname>pfSense2</hostname>
            		<domain>matthias.lan</domain>
            		<group>
            			<name>all</name>
            			<description><![CDATA[All Users]]></description>
            			<scope>system</scope>
            			<gid>1998</gid>
            			<member>0</member>
            		</group>
            		<group>
            			<name>admins</name>
            			<description><![CDATA[System Administrators]]></description>
            			<scope>system</scope>
            			<gid>1999</gid>
            			<member>0</member>
            			<priv>page-all</priv>
            		</group>
            		<user>
            			<name>admin</name>
            			<descr><![CDATA[System Administrator]]></descr>
            			<scope>system</scope>
            			<groupname>admins</groupname>
            			<bcrypt-hash>xxx</bcrypt-hash>
            			<uid>0</uid>
            			<priv>user-shell-access</priv>
            		</user>
            		<nextuid>2000</nextuid>
            		<nextgid>2000</nextgid>
            		<timeservers>0.pfsense.pool.ntp.org</timeservers>
            	<installedpackages>
            		<package>
            			<name>freeradius3</name>
            			<website>http://www.freeradius.org/</website>
            			<descr><![CDATA[A free implementation of the RADIUS protocol.&lt;br /&gt;
            			Supports MySQL, PostgreSQL, LDAP, Kerberos.]]></descr>
            			<pkginfolink>https://doc.pfsense.org/index.php/FreeRADIUS_2.x_package</pkginfolink>
            			<version>0.15.5_2</version>
            			<configurationfile>freeradius.xml</configurationfile>
            			<tabs>
            				<tab>
            					<text><![CDATA[Users]]></text>
            					<url>/pkg.php?xml=freeradius.xml</url>
            					<active></active>
            				</tab>
            				<tab>
            					<text><![CDATA[MACs]]></text>
            					<url>/pkg.php?xml=freeradiusauthorizedmacs.xml</url>
            				</tab>
            				<tab>
            					<text><![CDATA[NAS / Clients]]></text>
            					<url>/pkg.php?xml=freeradiusclients.xml</url>
            				</tab>
            				<tab>
            					<text><![CDATA[Interfaces]]></text>
            					<url>/pkg.php?xml=freeradiusinterfaces.xml</url>
            				</tab>
            				<tab>
            					<text><![CDATA[Settings]]></text>
            					<url>/pkg_edit.php?xml=freeradiussettings.xml&amp;id=0</url>
            				</tab>
            				<tab>
            					<text><![CDATA[EAP]]></text>
            					<url>/pkg_edit.php?xml=freeradiuseapconf.xml&amp;id=0</url>
            				</tab>
            				<tab>
            					<text><![CDATA[SQL]]></text>
            					<url>/pkg_edit.php?xml=freeradiussqlconf.xml&amp;id=0</url>
            				</tab>
            				<tab>
            					<text><![CDATA[LDAP]]></text>
            					<url>/pkg_edit.php?xml=freeradiusmodulesldap.xml&amp;id=0</url>
            				</tab>
            				<tab>
            					<text><![CDATA[View config]]></text>
            					<url>/freeradius_view_config.php</url>
            				</tab>
            				<tab>
            					<text><![CDATA[XMLRPC Sync]]></text>
            					<url>/pkg_edit.php?xml=freeradiussync.xml&amp;id=0</url>
            				</tab>
            			</tabs>
            			<include_file>/usr/local/pkg/freeradius.inc</include_file>
            		</package>
            		<package>
            			<name>pfBlockerNG</name>
            			<descr><![CDATA[pfBlockerNG is the Next Generation of pfBlocker.&lt;br /&gt;
            			Manage IPv4/v6 List Sources into 'Deny, Permit or Match' formats.&lt;br /&gt;
            			GeoIP database by MaxMind Inc. (GeoLite2 Free version).&lt;br /&gt;
            			De-Duplication, Suppression, and Reputation enhancements.&lt;br /&gt;
            			Provision to download from diverse List formats.&lt;br /&gt;
            			Advanced Integration for Proofpoint ET IQRisk IP Reputation Threat Sources.&lt;br /&gt;
            			Domain Name (DNSBL) blocking via Unbound DNS Resolver.]]></descr>
            			<pkginfolink>https://forum.pfsense.org/index.php?topic=102470.0</pkginfolink>
            			<version>2.1.4_8</version>
            			<configurationfile>pfblockerng.xml</configurationfile>
            			<tabs>
            				<tab>
            					<text><![CDATA[General]]></text>
            					<url>/pkg_edit.php?xml=pfblockerng.xml</url>
            					<active></active>
            				</tab>
            				<tab>
            					<text><![CDATA[Update]]></text>
            					<url>/pfblockerng/pfblockerng_update.php</url>
            				</tab>
            				<tab>
            					<text><![CDATA[Alerts]]></text>
            					<url>/pfblockerng/pfblockerng_alerts.php</url>
            				</tab>
            				<tab>
            					<text><![CDATA[Reputation]]></text>
            					<url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_reputation.xml</url>
            				</tab>
            				<tab>
            					<text><![CDATA[IPv4]]></text>
            					<url>/pkg.php?xml=/pfblockerng/pfblockerng_v4lists.xml</url>
            				</tab>
            				<tab>
            					<text><![CDATA[IPv6]]></text>
            					<url>/pkg.php?xml=/pfblockerng/pfblockerng_v6lists.xml</url>
            				</tab>
            				<tab>
            					<text><![CDATA[DNSBL]]></text>
            					<url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_dnsbl.xml</url>
            				</tab>
            				<tab>
            					<text><![CDATA[GeoIP]]></text>
            					<url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_TopSpammers.xml</url>
            				</tab>
            				<tab>
            					<text><![CDATA[Logs]]></text>
            					<url>/pfblockerng/pfblockerng_log.php</url>
            				</tab>
            				<tab>
            					<text><![CDATA[Sync]]></text>
            					<url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_sync.xml</url>
            				</tab>
            			</tabs>
            			<include_file>/usr/local/pkg/pfblockerng/pfblockerng.inc</include_file>
            		</package>
            		<package>
            			<name>squid3</name>
            			<internal_name>squid</internal_name>
            			<descr><![CDATA[High performance web proxy cache (3.4 branch). It combines Squid as a proxy server with its capabilities of acting as a HTTP / HTTPS reverse proxy.&lt;br /&gt;
            			It includes an Exchange-Web-Access (OWA) Assistant, SSL filtering and antivirus integration via C-ICAP.]]></descr>
            			<pkginfolink>https://forum.pfsense.org/index.php?board=60.0</pkginfolink>
            			<website>http://www.squid-cache.org/</website>
            			<version>0.4.43_1</version>
            			<configurationfile>squid.xml</configurationfile>
            			<filter_rule_function>squid_generate_rules</filter_rule_function>
            			<tabs>
            				<tab>
            					<text><![CDATA[General]]></text>
            					<url>/pkg_edit.php?xml=squid.xml&amp;id=0</url>
            					<active></active>
            				</tab>
            				<tab>
            					<text><![CDATA[Remote Cache]]></text>
            					<url>/pkg.php?xml=squid_upstream.xml</url>
            				</tab>
            				<tab>
            					<text><![CDATA[Local Cache]]></text>
            					<url>/pkg_edit.php?xml=squid_cache.xml&amp;id=0</url>
            				</tab>
            				<tab>
            					<text><![CDATA[Antivirus]]></text>
            					<url>/pkg_edit.php?xml=squid_antivirus.xml&amp;id=0</url>
            				</tab>
            				<tab>
            					<text><![CDATA[ACLs]]></text>
            					<url>/pkg_edit.php?xml=squid_nac.xml&amp;id=0</url>
            				</tab>
            				<tab>
            					<text><![CDATA[Traffic Mgmt]]></text>
            					<url>/pkg_edit.php?xml=squid_traffic.xml&amp;id=0</url>
            				</tab>
            				<tab>
            					<text><![CDATA[Authentication]]></text>
            					<url>/pkg_edit.php?xml=squid_auth.xml&amp;id=0</url>
            				</tab>
            				<tab>
            					<text><![CDATA[Users]]></text>
            					<url>/pkg.php?xml=squid_users.xml</url>
            				</tab>
            				<tab>
            					<text><![CDATA[Real Time]]></text>
            					<url>/squid_monitor.php</url>
            				</tab>
            				<tab>
            					<text><![CDATA[Sync]]></text>
            					<url>/pkg_edit.php?xml=squid_sync.xml</url>
            				</tab>
            			</tabs>
            			<include_file>/usr/local/pkg/squid.inc</include_file>
            		</package>
            		<package>
            			<name>squidGuard</name>
            			<descr><![CDATA[High performance web proxy URL filter.&lt;br/&gt;
            			&lt;strong&gt;Works with both Squid (2.7 legacy branch) and Squid3 (3.4 branch) packages.&lt;/strong&gt;]]></descr>
            			<website>http://www.squidGuard.org/</website>
            			<version>1.16.4</version>
            			<configurationfile>squidguard.xml</configurationfile>
            			<after_install_info>Please visit Services - SquidGuard Proxy Filter - Target Categories and set up at least one category there before enabling SquidGuard. See https://forum.pfsense.org/index.php?topic=94312.0 for details.</after_install_info>
            			<tabs>
            				<tab>
            					<text><![CDATA[General settings]]></text>
            					<url>/pkg_edit.php?xml=squidguard.xml&amp;id=0</url>
            					<active></active>
            				</tab>
            				<tab>
            					<text><![CDATA[Common ACL]]></text>
            					<url>/pkg_edit.php?xml=squidguard_default.xml&amp;id=0</url>
            				</tab>
            				<tab>
            					<text><![CDATA[Groups ACL]]></text>
            					<url>/pkg.php?xml=squidguard_acl.xml</url>
            				</tab>
            				<tab>
            					<text><![CDATA[Target categories]]></text>
            					<url>/pkg.php?xml=squidguard_dest.xml</url>
            				</tab>
            				<tab>
            					<text><![CDATA[Times]]></text>
            					<url>/pkg.php?xml=squidguard_time.xml</url>
            				</tab>
            				<tab>
            					<text><![CDATA[Rewrites]]></text>
            					<url>/pkg.php?xml=squidguard_rewr.xml</url>
            				</tab>
            				<tab>
            					<text><![CDATA[Blacklist]]></text>
            					<url>/squidGuard/squidguard_blacklist.php</url>
            				</tab>
            				<tab>
            					<text><![CDATA[Log]]></text>
            					<url>/squidGuard/squidguard_log.php</url>
            				</tab>
            				<tab>
            					<text><![CDATA[XMLRPC Sync]]></text>
            					<url>/pkg_edit.php?xml=squidguard_sync.xml</url>
            				</tab>
            			</tabs>
            			<include_file>/usr/local/pkg/squidguard.inc</include_file>
            		</package>
            		<package>
            			<name>Lightsquid</name>
            			<descr><![CDATA[LightSquid is a high performance web proxy reporting tool. Includes proxy realtime statistics (SQStat).
            			&lt;strong&gt;Requires Squid package.&lt;/strong&gt;]]></descr>
            			<website>http://lightsquid.sf.net/</website>
            			<version>3.0.6_4</version>
            			<configurationfile>lightsquid.xml</configurationfile>
            			<noembedded>true</noembedded>
            			<include_file>/usr/local/pkg/lightsquid.inc</include_file>
            		</package>
            		<package>
            			<name>OpenVPN Client Export Utility</name>
            			<internal_name>openvpn-client-export</internal_name>
            			<descr><![CDATA[Allows a pre-configured OpenVPN Windows Client or Mac OS X's Viscosity configuration bundle to be exported directly from pfSense.]]></descr>
            			<version>1.4.17</version>
            			<configurationfile>openvpn-client-export.xml</configurationfile>
            			<tabs>
            				<tab>
            					<name>Client Export</name>
            					<tabgroup>OpenVPN</tabgroup>
            					<url>/vpn_openvpn_export.php</url>
            				</tab>
            				<tab>
            					<name>Shared Key Export</name>
            					<tabgroup>OpenVPN</tabgroup>
            					<url>/vpn_openvpn_export_shared.php</url>
            				</tab>
            			</tabs>
            			<include_file>/usr/local/pkg/openvpn-client-export.inc</include_file>
            		</package>
            		<package>
            			<name>Cron</name>
            			<descr><![CDATA[The cron utility is used to manage commands on a schedule.]]></descr>
            			<version>0.3.7_2</version>
            			<configurationfile>cron.xml</configurationfile>
            			<include_file>/usr/local/pkg/cron.inc</include_file>
            		</package>
            		<freeradiuseapconf>
            			<config>
            				<ssl_ca_cert>5a58aa23547f7</ssl_ca_cert>
            				<ssl_server_cert>5a58aa237e1d4</ssl_server_cert>
            			</config>
            		</freeradiuseapconf>
            		<menu>
            			<name>SquidGuard Proxy Filter</name>
            			<tooltiptext>Modify the proxy server's filter settings</tooltiptext>
            			<section>Services</section>
            			<url>/pkg_edit.php?xml=squidguard.xml&amp;id=0</url>
            		</menu>
            		<menu>
            			<name>Squid Proxy Reports</name>
            			<section>Status</section>
            			<url>/pkg_edit.php?xml=lightsquid.xml</url>
            		</menu>
            		<menu>
            			<name>Squid Proxy Server</name>
            			<tooltiptext>Modify the proxy server settings</tooltiptext>
            			<section>Services</section>
            			<url>/pkg_edit.php?xml=squid.xml&amp;id=0</url>
            		</menu>
            		<menu>
            			<name>Squid Reverse Proxy</name>
            			<tooltiptext>Modify the reverse proxy server settings</tooltiptext>
            			<section>Services</section>
            			<url>/pkg_edit.php?xml=squid_reverse_general.xml&amp;id=0</url>
            		</menu>
            		<menu>
            			<name>FreeRADIUS</name>
            			<section>Services</section>
            			<url>/pkg.php?xml=freeradius.xml</url>
            		</menu>
            		<menu>
            			<name>pfBlockerNG</name>
            			<configfile>pfblockerng.xml</configfile>
            			<section>Firewall</section>
            			<url>/pkg_edit.php?xml=pfblockerng.xml</url>
            		</menu>
            		<menu>
            			<name>Cron</name>
            			<section>Services</section>
            			<configfile>cron.xml</configfile>
            			<url>/packages/cron/cron.php</url>
            		</menu>
            		<service>
            			<name>squidGuard</name>
            			<description><![CDATA[Proxy server filter Service]]></description>
            			<executable>squidGuard</executable>
            		</service>
            		<service>
            			<name>lightsquid_web</name>
            			<rcfile>lighttpd_ls.sh</rcfile>
            			<executable>lighttpd_ls</executable>
            			<description><![CDATA[Lightsquid Web Server]]></description>
            		</service>
            		<service>
            			<name>squid</name>
            			<rcfile>squid.sh</rcfile>
            			<executable>squid</executable>
            			<description><![CDATA[Squid Proxy Server Service]]></description>
            		</service>
            		<service>
            			<name>clamd</name>
            			<rcfile>clamd.sh</rcfile>
            			<executable>clamd</executable>
            			<description><![CDATA[ClamAV Antivirus]]></description>
            		</service>
            		<service>
            			<name>c-icap</name>
            			<rcfile>c-icap.sh</rcfile>
            			<executable>c-icap</executable>
            			<description><![CDATA[ICAP Inteface for Squid and ClamAV integration]]></description>
            		</service>
            		<service>
            			<name>radiusd</name>
            			<rcfile>radiusd.sh</rcfile>
            			<executable>radiusd</executable>
            			<description><![CDATA[FreeRADIUS Server]]></description>
            		</service>
            		<service>
            			<name>dnsbl</name>
            			<rcfile>dnsbl.sh</rcfile>
            			<executable>lighttpd_pfb</executable>
            			<description><![CDATA[pfBlockerNG DNSBL Web Server]]></description>
            		</service>
            		<freeradius>
            			<config>
            				<sortable></sortable>
            				<varusersusername>testu</varusersusername>
            				<varuserspassword>testp</varuserspassword>
            				<varuserspasswordencryption>Cleartext-Password</varuserspasswordencryption>
            				<varusersmotpenable></varusersmotpenable>
            				<varusersauthmethod>motp</varusersauthmethod>
            				<varusersmotpinitsecret></varusersmotpinitsecret>
            				<varusersmotppin></varusersmotppin>
            				<varusersmotpoffset></varusersmotpoffset>
            				<qrcodetext></qrcodetext>
            				<varuserswisprredirectionurl></varuserswisprredirectionurl>
            				<varuserssimultaneousconnect></varuserssimultaneousconnect>
            				<description></description>
            				<varusersframedipaddress></varusersframedipaddress>
            				<varusersframedipnetmask></varusersframedipnetmask>
            				<varusersframedroute></varusersframedroute>
            				<varusersvlanid>70</varusersvlanid>
            				<varusersexpiration></varusersexpiration>
            				<varuserssessiontimeout>60</varuserssessiontimeout>
            				<varuserslogintime></varuserslogintime>
            				<varusersamountoftime>2</varusersamountoftime>
            				<varuserspointoftime>Daily</varuserspointoftime>
            				<varusersmaxtotaloctets></varusersmaxtotaloctets>
            				<varusersmaxtotaloctetstimerange>daily</varusersmaxtotaloctetstimerange>
            				<varusersmaxbandwidthdown></varusersmaxbandwidthdown>
            				<varusersmaxbandwidthup></varusersmaxbandwidthup>
            				<varusersacctinteriminterval></varusersacctinteriminterval>
            				<varuserstopadditionaloptions></varuserstopadditionaloptions>
            				<varuserscheckitemsadditionaloptions></varuserscheckitemsadditionaloptions>
            				<varusersreplyitemsadditionaloptions></varusersreplyitemsadditionaloptions>
            			</config>
            		</freeradius>
            		<squidcache></squidcache>
            		<squidremote></squidremote>
            		<squidauth>
            			<config>
            				<auth_method>none</auth_method>
            			</config>
            		</squidauth>
            		<pfblockerngdnsbl>
            			<config>
            				<aliasname>Ads</aliasname>
            				<description><![CDATA[Werbefilter]]></description>
            				<infolists></infolists>
            				<row>
            					<format>auto</format>
            					<state><![CDATA[Enabled]]></state>
            					<url>http://hosts-file.net/ad_servers.txt</url>
            					<header>hphosts</header>
            				</row>
            				<row>
            					<format>auto</format>
            					<state><![CDATA[Enabled]]></state>
            					<url>http://pgl.yoyo.org/adservers/serverlist.php?hostformat=hosts&amp;mimetype=plaintext</url>
            					<header>yoyo</header>
            				</row>
            				<row>
            					<format>auto</format>
            					<state><![CDATA[Enabled]]></state>
            					<url>https://adaway.org/hosts.txt</url>
            					<header>adaway</header>
            				</row>
            				<row>
            					<format>auto</format>
            					<state><![CDATA[Enabled]]></state>
            					<url>http://sysctl.org/cameleon/hosts</url>
            					<header>cameleon</header>
            				</row>
            				<row>
            					<format>auto</format>
            					<state><![CDATA[Enabled]]></state>
            					<url>http://hosts-file.net/download/hosts.zip</url>
            					<header>hphosts</header>
            				</row>
            				<row>
            					<format>auto</format>
            					<state><![CDATA[Enabled]]></state>
            					<url>http://winhelp2002.mvps.org/hosts.txt</url>
            					<header>mvps</header>
            				</row>
            				<action>unbound</action>
            				<cron>EveryDay</cron>
            				<dow>7</dow>
            				<filter_alexa></filter_alexa>
            				<custom></custom>
            				<custom_update>disabled</custom_update>
            			</config>
            			<config>
            				<aliasname>Malicious</aliasname>
            				<description><![CDATA[gef&auml;hrliche Sites]]></description>
            				<infolists></infolists>
            				<row>
            					<format>auto</format>
            					<state><![CDATA[Enabled]]></state>
            					<url>http://mirror1.malwaredomains.com/files/justdomains</url>
            					<header>malewaredomains</header>
            				</row>
            				<row>
            					<format>auto</format>
            					<state><![CDATA[Enabled]]></state>
            					<url>http://www.malwaredomainlist.com/hostslist/hosts.txt</url>
            					<header>malewarelists</header>
            				</row>
            				<row>
            					<format>auto</format>
            					<state><![CDATA[Enabled]]></state>
            					<url>http://osint.bambenekconsulting.com/feeds/dga-feed.gz</url>
            					<header>bambenek</header>
            				</row>
            				<row>
            					<format>auto</format>
            					<state><![CDATA[Enabled]]></state>
            					<url>http://data.phishtank.com/data/online-valid.csv.gz</url>
            					<header>pishtank</header>
            				</row>
            				<row>
            					<format>auto</format>
            					<state><![CDATA[Enabled]]></state>
            					<url>https://www.openphish.com/feed.txt</url>
            					<header>openfish</header>
            				</row>
            				<action>unbound</action>
            				<cron>EveryDay</cron>
            				<dow>1</dow>
            				<filter_alexa></filter_alexa>
            				<custom></custom>
            				<custom_update>disabled</custom_update>
            			</config>
            			<config>
            				<aliasname>Suspicious</aliasname>
            				<description><![CDATA[suspekte Domains]]></description>
            				<infolists></infolists>
            				<row>
            					<format>auto</format>
            					<state><![CDATA[Disabled]]></state>
            					<url>https://isc.sans.edu/suspicious_domains.html</url>
            					<header>sans</header>
            				</row>
            				<row>
            					<format>auto</format>
            					<state><![CDATA[Enabled]]></state>
            					<url>https://dshield.org/feeds/suspiciousdomains_High.txt</url>
            					<header>dshield_high</header>
            				</row>
            				<row>
            					<format>auto</format>
            					<state><![CDATA[Enabled]]></state>
            					<url>https://dshield.org/feeds/suspiciousdomains_Medium.txt</url>
            					<header>dshield_medium</header>
            				</row>
            				<action>Disabled</action>
            				<cron>06hours</cron>
            				<dow>1</dow>
            				<filter_alexa></filter_alexa>
            				<custom></custom>
            				<custom_update>disabled</custom_update>
            			</config>
            			<config>
            				<aliasname>Virus</aliasname>
            				<description><![CDATA[Virusdomains]]></description>
            				<infolists></infolists>
            				<row>
            					<format>auto</format>
            					<state><![CDATA[Disabled]]></state>
            					<url>http://www.wael.name/wael.list.p2p.gz</url>
            					<header>wael</header>
            				</row>
            				<action>Disabled</action>
            				<cron>EveryDay</cron>
            				<dow>1</dow>
            				<filter_alexa></filter_alexa>
            				<custom></custom>
            				<custom_update>disabled</custom_update>
            			</config>
            			<config>
            				<aliasname>Microsoft_Telemetrie</aliasname>
            				<description><![CDATA[Microsofts Telemetrieserver]]></description>
            				<infolists></infolists>
            				<row>
            					<format>auto</format>
            					<state><![CDATA[Enabled]]></state>
            					<url>https://raw.githubusercontent.com/WindowsLies/BlockWindows/master/hostslist</url>
            					<header>githubliste</header>
            				</row>
            				<action>unbound</action>
            				<cron>Weekly</cron>
            				<dow>1</dow>
            				<filter_alexa></filter_alexa>
            				<custom></custom>
            				<custom_update>disabled</custom_update>
            			</config>
            			<config>
            				<aliasname>eigeneBlocks</aliasname>
            				<description><![CDATA[eigene Blockings]]></description>
            				<infolists></infolists>
            				<row>
            					<format>auto</format>
            					<state><![CDATA[Enabled]]></state>
            					<url></url>
            					<header></header>
            				</row>
            				<action>Disabled</action>
            				<cron>Never</cron>
            				<dow>1</dow>
            				<filter_alexa></filter_alexa>
            				<custom>LmdhbWJsaW5nLmNvbQ==</custom>
            				<custom_update>disabled</custom_update>
            			</config>
            		</pfblockerngdnsbl>
            		<freeradiusauthorizedmacs></freeradiusauthorizedmacs>
            		<freeradiusclients>
            			<config>
            				<varclientip>172.16.100.80</varclientip>
            				<varclientipversion>ipaddr</varclientipversion>
            				<varclientshortname>ruckus</varclientshortname>
            				<varclientsharedsecret>blablablub</varclientsharedsecret>
            				<varclientproto>udp</varclientproto>
            				<varclientnastype>other</varclientnastype>
            				<varrequiremessageauthenticator>yes</varrequiremessageauthenticator>
            				<varclientmaxconnections>16</varclientmaxconnections>
            				<varclientlogininput></varclientlogininput>
            				<varclientpasswordinput></varclientpasswordinput>
            				<description><![CDATA[ruckus]]></description>
            			</config>
            			<config>
            				<varclientip>172.16.100.10</varclientip>
            				<varclientipversion>ipaddr</varclientipversion>
            				<varclientshortname>zyxel</varclientshortname>
            				<varclientsharedsecret>smje7598z3oht2o</varclientsharedsecret>
            				<varclientproto>udp</varclientproto>
            				<varclientnastype>other</varclientnastype>
            				<varrequiremessageauthenticator>no</varrequiremessageauthenticator>
            				<varclientmaxconnections>16</varclientmaxconnections>
            				<varclientlogininput></varclientlogininput>
            				<varclientpasswordinput></varclientpasswordinput>
            				<description><![CDATA[zyxel]]></description>
            			</config>
            			<config>
            				<varclientip>172.16.0.100</varclientip>
            				<varclientipversion>ipaddr</varclientipversion>
            				<varclientshortname>NTRadPing</varclientshortname>
            				<varclientsharedsecret>123456</varclientsharedsecret>
            				<varclientproto>udp</varclientproto>
            				<varclientnastype>other</varclientnastype>
            				<varrequiremessageauthenticator>no</varrequiremessageauthenticator>
            				<varclientmaxconnections>16</varclientmaxconnections>
            				<varclientlogininput></varclientlogininput>
            				<varclientpasswordinput></varclientpasswordinput>
            				<description><![CDATA[NTRadPing]]></description>
            			</config>
            			<config>
            				<varclientip>127.0.0.1</varclientip>
            				<varclientipversion>ipaddr</varclientipversion>
            				<varclientshortname>tester</varclientshortname>
            				<varclientsharedsecret>SuperTest</varclientsharedsecret>
            				<varclientproto>udp</varclientproto>
            				<varclientnastype>other</varclientnastype>
            				<varrequiremessageauthenticator>no</varrequiremessageauthenticator>
            				<varclientmaxconnections>16</varclientmaxconnections>
            				<varclientlogininput></varclientlogininput>
            				<varclientpasswordinput></varclientpasswordinput>
            				<description></description>
            			</config>
            		</freeradiusclients>
            		<freeradiusinterfaces>
            			<config>
            				<varinterfaceip>127.0.0.1</varinterfaceip>
            				<varinterfaceport>1812</varinterfaceport>
            				<varinterfacetype>auth</varinterfacetype>
            				<varinterfaceipversion>ipaddr</varinterfaceipversion>
            				<description></description>
            			</config>
            			<config>
            				<varinterfaceip>127.0.0.1</varinterfaceip>
            				<varinterfaceport>1813</varinterfaceport>
            				<varinterfacetype>acct</varinterfacetype>
            				<varinterfaceipversion>ipaddr</varinterfaceipversion>
            				<description></description>
            			</config>
            		</freeradiusinterfaces>
            		<freeradiussettings>
            			<config>
            				<varsettingsmaxrequests>1024</varsettingsmaxrequests>
            				<varsettingsmaxrequesttime>30</varsettingsmaxrequesttime>
            				<varsettingscleanupdelay>5</varsettingscleanupdelay>
            				<varsettingsallowcoredumps>yes</varsettingsallowcoredumps>
            				<varsettingsregularexpressions>yes</varsettingsregularexpressions>
            				<varsettingsextendedexpressions>yes</varsettingsextendedexpressions>
            				<varsettingslogdir>syslog</varsettingslogdir>
            				<varsettingsauth>yes</varsettingsauth>
            				<varsettingsauthbadpass>no</varsettingsauthbadpass>
            				<varsettingsauthbadpassmessage></varsettingsauthbadpassmessage>
            				<varsettingsauthgoodpass>no</varsettingsauthgoodpass>
            				<varsettingsauthgoodpassmessage></varsettingsauthgoodpassmessage>
            				<varsettingsstrippednames>no</varsettingsstrippednames>
            				<varsettingshostnamelookups>no</varsettingshostnamelookups>
            				<varsettingsmaxattributes>200</varsettingsmaxattributes>
            				<varsettingsrejectdelay>1</varsettingsrejectdelay>
            				<varsettingsstartservers>5</varsettingsstartservers>
            				<varsettingsmaxservers>32</varsettingsmaxservers>
            				<varsettingsminspareservers>3</varsettingsminspareservers>
            				<varsettingsmaxspareservers>10</varsettingsmaxspareservers>
            				<varsettingsmaxqueuesize>65536</varsettingsmaxqueuesize>
            				<varsettingsmaxrequestsperserver>0</varsettingsmaxrequestsperserver>
            				<varsettingsmotpenable></varsettingsmotpenable>
            				<varsettingsmotptimespan></varsettingsmotptimespan>
            				<varsettingsmotppasswordattempts></varsettingsmotppasswordattempts>
            				<varsettingsmotpchecksumtype>md5</varsettingsmotpchecksumtype>
            				<varsettingsmotptokenlength></varsettingsmotptokenlength>
            				<varsettingsenablemacauth></varsettingsenablemacauth>
            				<varsettingsenableacctunique>on</varsettingsenableacctunique>
            			</config>
            		</freeradiussettings>
            		<freeradiussqlconf>
            			<config>
            				<varsqlconfincludeenable>on</varsqlconfincludeenable>
            				<varsqlconfenableauthorize>Disable</varsqlconfenableauthorize>
            				<varsqlconfenableaccounting>Enable</varsqlconfenableaccounting>
            				<varsqlconfenablesession>Enable</varsqlconfenablesession>
            				<varsqlconfenablepostauth>Enable</varsqlconfenablepostauth>
            				<varsqlconfdatabase>mysql</varsqlconfdatabase>
            				<varsqlconfserver>localhost</varsqlconfserver>
            				<varsqlconfport>3306</varsqlconfport>
            				<varsqlconflogin>radius</varsqlconflogin>
            				<varsqlconfpassword>radpass</varsqlconfpassword>
            				<varsqlconfradiusdb>radius</varsqlconfradiusdb>
            				<varsqlconfaccttable1>radacct</varsqlconfaccttable1>
            				<varsqlconfaccttable2>radacct</varsqlconfaccttable2>
            				<varsqlconfpostauthtable>radpostauth</varsqlconfpostauthtable>
            				<varsqlconfauthchecktable>radcheck</varsqlconfauthchecktable>
            				<varsqlconfauthreplytable>radreply</varsqlconfauthreplytable>
            				<varsqlconfgroupchecktable>radgroupcheck</varsqlconfgroupchecktable>
            				<varsqlconfgroupreplytable>radgroupreply</varsqlconfgroupreplytable>
            				<varsqlconfusergrouptable>radusergroup</varsqlconfusergrouptable>
            				<varsqlconfreadgroups>yes</varsqlconfreadgroups>
            				<varsqlconfdeletestalesessions>yes</varsqlconfdeletestalesessions>
            				<varsqlconfsqltrace>no</varsqlconfsqltrace>
            				<varsqlconfnumsqlsocks></varsqlconfnumsqlsocks>
            				<varsqlconfconnectfailureretrydelay></varsqlconfconnectfailureretrydelay>
            				<varsqlconflifetime></varsqlconflifetime>
            				<varsqlconfmaxqueries></varsqlconfmaxqueries>
            				<varsqlconfreadclients>yes</varsqlconfreadclients>
            				<varsqlconfnastable>nas</varsqlconfnastable>
            				<varsqlconf2failover>redundant</varsqlconf2failover>
            				<varsqlconf2includeenable></varsqlconf2includeenable>
            				<varsqlconf2enableauthorize>Disable</varsqlconf2enableauthorize>
            				<varsqlconf2enableaccounting>Disable</varsqlconf2enableaccounting>
            				<varsqlconf2enablesession>Disable</varsqlconf2enablesession>
            				<varsqlconf2enablepostauth>Disable</varsqlconf2enablepostauth>
            				<varsqlconf2database>mysql</varsqlconf2database>
            				<varsqlconf2server></varsqlconf2server>
            				<varsqlconf2port></varsqlconf2port>
            				<varsqlconf2login></varsqlconf2login>
            				<varsqlconf2password></varsqlconf2password>
            				<varsqlconf2radiusdb></varsqlconf2radiusdb>
            				<varsqlconf2accttable1></varsqlconf2accttable1>
            				<varsqlconf2accttable2></varsqlconf2accttable2>
            				<varsqlconf2postauthtable></varsqlconf2postauthtable>
            				<varsqlconf2authchecktable></varsqlconf2authchecktable>
            				<varsqlconf2authreplytable></varsqlconf2authreplytable>
            				<varsqlconf2groupchecktable></varsqlconf2groupchecktable>
            				<varsqlconf2groupreplytable></varsqlconf2groupreplytable>
            				<varsqlconf2usergrouptable></varsqlconf2usergrouptable>
            				<varsqlconf2readgroups>yes</varsqlconf2readgroups>
            				<varsqlconf2deletestalesessions>yes</varsqlconf2deletestalesessions>
            				<varsqlconf2sqltrace>no</varsqlconf2sqltrace>
            				<varsqlconf2numsqlsocks></varsqlconf2numsqlsocks>
            				<varsqlconf2connectfailureretrydelay></varsqlconf2connectfailureretrydelay>
            				<varsqlconf2lifetime></varsqlconf2lifetime>
            				<varsqlconf2maxqueries></varsqlconf2maxqueries>
            				<varsqlconf2readclients>yes</varsqlconf2readclients>
            				<varsqlconf2nastable></varsqlconf2nastable>
            			</config>
            		</freeradiussqlconf>
            	</installedpackages>
            	<virtualip>
            		<vip>
            			<mode>ipalias</mode>
            			<interface>lan</interface>
            			<descr><![CDATA[pfB DNSBL - DO NOT EDIT]]></descr>
            			<type>single</type>
            			<subnet_bits>32</subnet_bits>
            			<subnet>10.10.10.2</subnet>
            		</vip>
            	</virtualip>
            </pfsense>
            
            

            This doesn't work.

            1 Reply Last reply Reply Quote 0
            • P
              pfadmin @jimp
              last edited by

              @jimp

              This work/freeradius starts:

              <?xml version="1.0"?>
              <pfsense>
              	<version>18.0</version>
              	<lastchange></lastchange>
              	<system>
              		<optimization>normal</optimization>
              		<hostname>pfSense2</hostname>
              		<domain>matthias.lan</domain>
              		<group>
              			<name>all</name>
              			<description><![CDATA[All Users]]></description>
              			<scope>system</scope>
              			<gid>1998</gid>
              			<member>0</member>
              		</group>
              		<group>
              			<name>admins</name>
              			<description><![CDATA[System Administrators]]></description>
              			<scope>system</scope>
              			<gid>1999</gid>
              			<member>0</member>
              			<priv>page-all</priv>
              		</group>
              		<user>
              			<name>admin</name>
              			<descr><![CDATA[System Administrator]]></descr>
              			<scope>system</scope>
              			<groupname>admins</groupname>
              			<bcrypt-hash>xxx</bcrypt-hash>
              			<uid>0</uid>
              			<priv>user-shell-access</priv>
              		</user>
              		<nextuid>2000</nextuid>
              		<nextgid>2000</nextgid>
              	<installedpackages>
              		<package>
              			<name>freeradius3</name>
              			<website>http://www.freeradius.org/</website>
              			<descr><![CDATA[A free implementation of the RADIUS protocol.&lt;br /&gt;
              			Supports MySQL, PostgreSQL, LDAP, Kerberos.]]></descr>
              			<pkginfolink>https://doc.pfsense.org/index.php/FreeRADIUS_2.x_package</pkginfolink>
              			<version>0.15.5_2</version>
              			<configurationfile>freeradius.xml</configurationfile>
              			<tabs>
              				<tab>
              					<text><![CDATA[Users]]></text>
              					<url>/pkg.php?xml=freeradius.xml</url>
              					<active></active>
              				</tab>
              				<tab>
              					<text><![CDATA[MACs]]></text>
              					<url>/pkg.php?xml=freeradiusauthorizedmacs.xml</url>
              				</tab>
              				<tab>
              					<text><![CDATA[NAS / Clients]]></text>
              					<url>/pkg.php?xml=freeradiusclients.xml</url>
              				</tab>
              				<tab>
              					<text><![CDATA[Interfaces]]></text>
              					<url>/pkg.php?xml=freeradiusinterfaces.xml</url>
              				</tab>
              				<tab>
              					<text><![CDATA[Settings]]></text>
              					<url>/pkg_edit.php?xml=freeradiussettings.xml&amp;id=0</url>
              				</tab>
              				<tab>
              					<text><![CDATA[EAP]]></text>
              					<url>/pkg_edit.php?xml=freeradiuseapconf.xml&amp;id=0</url>
              				</tab>
              				<tab>
              					<text><![CDATA[SQL]]></text>
              					<url>/pkg_edit.php?xml=freeradiussqlconf.xml&amp;id=0</url>
              				</tab>
              				<tab>
              					<text><![CDATA[LDAP]]></text>
              					<url>/pkg_edit.php?xml=freeradiusmodulesldap.xml&amp;id=0</url>
              				</tab>
              				<tab>
              					<text><![CDATA[View config]]></text>
              					<url>/freeradius_view_config.php</url>
              				</tab>
              				<tab>
              					<text><![CDATA[XMLRPC Sync]]></text>
              					<url>/pkg_edit.php?xml=freeradiussync.xml&amp;id=0</url>
              				</tab>
              			</tabs>
              			<include_file>/usr/local/pkg/freeradius.inc</include_file>
              		</package>
              		<package>
              			<name>pfBlockerNG</name>
              			<descr><![CDATA[pfBlockerNG is the Next Generation of pfBlocker.&lt;br /&gt;
              			Manage IPv4/v6 List Sources into 'Deny, Permit or Match' formats.&lt;br /&gt;
              			GeoIP database by MaxMind Inc. (GeoLite2 Free version).&lt;br /&gt;
              			De-Duplication, Suppression, and Reputation enhancements.&lt;br /&gt;
              			Provision to download from diverse List formats.&lt;br /&gt;
              			Advanced Integration for Proofpoint ET IQRisk IP Reputation Threat Sources.&lt;br /&gt;
              			Domain Name (DNSBL) blocking via Unbound DNS Resolver.]]></descr>
              			<pkginfolink>https://forum.pfsense.org/index.php?topic=102470.0</pkginfolink>
              			<version>2.1.4_8</version>
              			<configurationfile>pfblockerng.xml</configurationfile>
              			<tabs>
              				<tab>
              					<text><![CDATA[General]]></text>
              					<url>/pkg_edit.php?xml=pfblockerng.xml</url>
              					<active></active>
              				</tab>
              				<tab>
              					<text><![CDATA[Update]]></text>
              					<url>/pfblockerng/pfblockerng_update.php</url>
              				</tab>
              				<tab>
              					<text><![CDATA[Alerts]]></text>
              					<url>/pfblockerng/pfblockerng_alerts.php</url>
              				</tab>
              				<tab>
              					<text><![CDATA[Reputation]]></text>
              					<url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_reputation.xml</url>
              				</tab>
              				<tab>
              					<text><![CDATA[IPv4]]></text>
              					<url>/pkg.php?xml=/pfblockerng/pfblockerng_v4lists.xml</url>
              				</tab>
              				<tab>
              					<text><![CDATA[IPv6]]></text>
              					<url>/pkg.php?xml=/pfblockerng/pfblockerng_v6lists.xml</url>
              				</tab>
              				<tab>
              					<text><![CDATA[DNSBL]]></text>
              					<url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_dnsbl.xml</url>
              				</tab>
              				<tab>
              					<text><![CDATA[GeoIP]]></text>
              					<url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_TopSpammers.xml</url>
              				</tab>
              				<tab>
              					<text><![CDATA[Logs]]></text>
              					<url>/pfblockerng/pfblockerng_log.php</url>
              				</tab>
              				<tab>
              					<text><![CDATA[Sync]]></text>
              					<url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_sync.xml</url>
              				</tab>
              			</tabs>
              			<include_file>/usr/local/pkg/pfblockerng/pfblockerng.inc</include_file>
              		</package>
              		<package>
              			<name>squid3</name>
              			<internal_name>squid</internal_name>
              			<descr><![CDATA[High performance web proxy cache (3.4 branch). It combines Squid as a proxy server with its capabilities of acting as a HTTP / HTTPS reverse proxy.&lt;br /&gt;
              			It includes an Exchange-Web-Access (OWA) Assistant, SSL filtering and antivirus integration via C-ICAP.]]></descr>
              			<pkginfolink>https://forum.pfsense.org/index.php?board=60.0</pkginfolink>
              			<website>http://www.squid-cache.org/</website>
              			<version>0.4.43_1</version>
              			<configurationfile>squid.xml</configurationfile>
              			<filter_rule_function>squid_generate_rules</filter_rule_function>
              			<tabs>
              				<tab>
              					<text><![CDATA[General]]></text>
              					<url>/pkg_edit.php?xml=squid.xml&amp;id=0</url>
              					<active></active>
              				</tab>
              				<tab>
              					<text><![CDATA[Remote Cache]]></text>
              					<url>/pkg.php?xml=squid_upstream.xml</url>
              				</tab>
              				<tab>
              					<text><![CDATA[Local Cache]]></text>
              					<url>/pkg_edit.php?xml=squid_cache.xml&amp;id=0</url>
              				</tab>
              				<tab>
              					<text><![CDATA[Antivirus]]></text>
              					<url>/pkg_edit.php?xml=squid_antivirus.xml&amp;id=0</url>
              				</tab>
              				<tab>
              					<text><![CDATA[ACLs]]></text>
              					<url>/pkg_edit.php?xml=squid_nac.xml&amp;id=0</url>
              				</tab>
              				<tab>
              					<text><![CDATA[Traffic Mgmt]]></text>
              					<url>/pkg_edit.php?xml=squid_traffic.xml&amp;id=0</url>
              				</tab>
              				<tab>
              					<text><![CDATA[Authentication]]></text>
              					<url>/pkg_edit.php?xml=squid_auth.xml&amp;id=0</url>
              				</tab>
              				<tab>
              					<text><![CDATA[Users]]></text>
              					<url>/pkg.php?xml=squid_users.xml</url>
              				</tab>
              				<tab>
              					<text><![CDATA[Real Time]]></text>
              					<url>/squid_monitor.php</url>
              				</tab>
              				<tab>
              					<text><![CDATA[Sync]]></text>
              					<url>/pkg_edit.php?xml=squid_sync.xml</url>
              				</tab>
              			</tabs>
              			<include_file>/usr/local/pkg/squid.inc</include_file>
              		</package>
              		<package>
              			<name>squidGuard</name>
              			<descr><![CDATA[High performance web proxy URL filter.&lt;br/&gt;
              			&lt;strong&gt;Works with both Squid (2.7 legacy branch) and Squid3 (3.4 branch) packages.&lt;/strong&gt;]]></descr>
              			<website>http://www.squidGuard.org/</website>
              			<version>1.16.4</version>
              			<configurationfile>squidguard.xml</configurationfile>
              			<after_install_info>Please visit Services - SquidGuard Proxy Filter - Target Categories and set up at least one category there before enabling SquidGuard. See https://forum.pfsense.org/index.php?topic=94312.0 for details.</after_install_info>
              			<tabs>
              				<tab>
              					<text><![CDATA[General settings]]></text>
              					<url>/pkg_edit.php?xml=squidguard.xml&amp;id=0</url>
              					<active></active>
              				</tab>
              				<tab>
              					<text><![CDATA[Common ACL]]></text>
              					<url>/pkg_edit.php?xml=squidguard_default.xml&amp;id=0</url>
              				</tab>
              				<tab>
              					<text><![CDATA[Groups ACL]]></text>
              					<url>/pkg.php?xml=squidguard_acl.xml</url>
              				</tab>
              				<tab>
              					<text><![CDATA[Target categories]]></text>
              					<url>/pkg.php?xml=squidguard_dest.xml</url>
              				</tab>
              				<tab>
              					<text><![CDATA[Times]]></text>
              					<url>/pkg.php?xml=squidguard_time.xml</url>
              				</tab>
              				<tab>
              					<text><![CDATA[Rewrites]]></text>
              					<url>/pkg.php?xml=squidguard_rewr.xml</url>
              				</tab>
              				<tab>
              					<text><![CDATA[Blacklist]]></text>
              					<url>/squidGuard/squidguard_blacklist.php</url>
              				</tab>
              				<tab>
              					<text><![CDATA[Log]]></text>
              					<url>/squidGuard/squidguard_log.php</url>
              				</tab>
              				<tab>
              					<text><![CDATA[XMLRPC Sync]]></text>
              					<url>/pkg_edit.php?xml=squidguard_sync.xml</url>
              				</tab>
              			</tabs>
              			<include_file>/usr/local/pkg/squidguard.inc</include_file>
              		</package>
              		<package>
              			<name>Lightsquid</name>
              			<descr><![CDATA[LightSquid is a high performance web proxy reporting tool. Includes proxy realtime statistics (SQStat).
              			&lt;strong&gt;Requires Squid package.&lt;/strong&gt;]]></descr>
              			<website>http://lightsquid.sf.net/</website>
              			<version>3.0.6_4</version>
              			<configurationfile>lightsquid.xml</configurationfile>
              			<noembedded>true</noembedded>
              			<include_file>/usr/local/pkg/lightsquid.inc</include_file>
              		</package>
              		<package>
              			<name>OpenVPN Client Export Utility</name>
              			<internal_name>openvpn-client-export</internal_name>
              			<descr><![CDATA[Allows a pre-configured OpenVPN Windows Client or Mac OS X's Viscosity configuration bundle to be exported directly from pfSense.]]></descr>
              			<version>1.4.17</version>
              			<configurationfile>openvpn-client-export.xml</configurationfile>
              			<tabs>
              				<tab>
              					<name>Client Export</name>
              					<tabgroup>OpenVPN</tabgroup>
              					<url>/vpn_openvpn_export.php</url>
              				</tab>
              				<tab>
              					<name>Shared Key Export</name>
              					<tabgroup>OpenVPN</tabgroup>
              					<url>/vpn_openvpn_export_shared.php</url>
              				</tab>
              			</tabs>
              			<include_file>/usr/local/pkg/openvpn-client-export.inc</include_file>
              		</package>
              		<package>
              			<name>Cron</name>
              			<descr><![CDATA[The cron utility is used to manage commands on a schedule.]]></descr>
              			<version>0.3.7_2</version>
              			<configurationfile>cron.xml</configurationfile>
              			<include_file>/usr/local/pkg/cron.inc</include_file>
              		</package>
              		<freeradiuseapconf>
              			<config>
              				<ssl_ca_cert>5a58aa23547f7</ssl_ca_cert>
              				<ssl_server_cert>5a58aa237e1d4</ssl_server_cert>
              			</config>
              		</freeradiuseapconf>
              		<menu>
              			<name>SquidGuard Proxy Filter</name>
              			<tooltiptext>Modify the proxy server's filter settings</tooltiptext>
              			<section>Services</section>
              			<url>/pkg_edit.php?xml=squidguard.xml&amp;id=0</url>
              		</menu>
              		<menu>
              			<name>Squid Proxy Reports</name>
              			<section>Status</section>
              			<url>/pkg_edit.php?xml=lightsquid.xml</url>
              		</menu>
              		<menu>
              			<name>Squid Proxy Server</name>
              			<tooltiptext>Modify the proxy server settings</tooltiptext>
              			<section>Services</section>
              			<url>/pkg_edit.php?xml=squid.xml&amp;id=0</url>
              		</menu>
              		<menu>
              			<name>Squid Reverse Proxy</name>
              			<tooltiptext>Modify the reverse proxy server settings</tooltiptext>
              			<section>Services</section>
              			<url>/pkg_edit.php?xml=squid_reverse_general.xml&amp;id=0</url>
              		</menu>
              		<menu>
              			<name>FreeRADIUS</name>
              			<section>Services</section>
              			<url>/pkg.php?xml=freeradius.xml</url>
              		</menu>
              		<menu>
              			<name>pfBlockerNG</name>
              			<configfile>pfblockerng.xml</configfile>
              			<section>Firewall</section>
              			<url>/pkg_edit.php?xml=pfblockerng.xml</url>
              		</menu>
              		<menu>
              			<name>Cron</name>
              			<section>Services</section>
              			<configfile>cron.xml</configfile>
              			<url>/packages/cron/cron.php</url>
              		</menu>
              		<service>
              			<name>squidGuard</name>
              			<description><![CDATA[Proxy server filter Service]]></description>
              			<executable>squidGuard</executable>
              		</service>
              		<service>
              			<name>lightsquid_web</name>
              			<rcfile>lighttpd_ls.sh</rcfile>
              			<executable>lighttpd_ls</executable>
              			<description><![CDATA[Lightsquid Web Server]]></description>
              		</service>
              		<service>
              			<name>squid</name>
              			<rcfile>squid.sh</rcfile>
              			<executable>squid</executable>
              			<description><![CDATA[Squid Proxy Server Service]]></description>
              		</service>
              		<service>
              			<name>clamd</name>
              			<rcfile>clamd.sh</rcfile>
              			<executable>clamd</executable>
              			<description><![CDATA[ClamAV Antivirus]]></description>
              		</service>
              		<service>
              			<name>c-icap</name>
              			<rcfile>c-icap.sh</rcfile>
              			<executable>c-icap</executable>
              			<description><![CDATA[ICAP Inteface for Squid and ClamAV integration]]></description>
              		</service>
              		<service>
              			<name>radiusd</name>
              			<rcfile>radiusd.sh</rcfile>
              			<executable>radiusd</executable>
              			<description><![CDATA[FreeRADIUS Server]]></description>
              		</service>
              		<service>
              			<name>dnsbl</name>
              			<rcfile>dnsbl.sh</rcfile>
              			<executable>lighttpd_pfb</executable>
              			<description><![CDATA[pfBlockerNG DNSBL Web Server]]></description>
              		</service>
              		<freeradius>
              			<config>
              				<sortable></sortable>
              				<varusersusername>testu</varusersusername>
              				<varuserspassword>testp</varuserspassword>
              				<varuserspasswordencryption>Cleartext-Password</varuserspasswordencryption>
              				<varusersmotpenable></varusersmotpenable>
              				<varusersauthmethod>motp</varusersauthmethod>
              				<varusersmotpinitsecret></varusersmotpinitsecret>
              				<varusersmotppin></varusersmotppin>
              				<varusersmotpoffset></varusersmotpoffset>
              				<qrcodetext></qrcodetext>
              				<varuserswisprredirectionurl></varuserswisprredirectionurl>
              				<varuserssimultaneousconnect></varuserssimultaneousconnect>
              				<description></description>
              				<varusersframedipaddress></varusersframedipaddress>
              				<varusersframedipnetmask></varusersframedipnetmask>
              				<varusersframedroute></varusersframedroute>
              				<varusersvlanid>70</varusersvlanid>
              				<varusersexpiration></varusersexpiration>
              				<varuserssessiontimeout>60</varuserssessiontimeout>
              				<varuserslogintime></varuserslogintime>
              				<varusersamountoftime>2</varusersamountoftime>
              				<varuserspointoftime>Daily</varuserspointoftime>
              				<varusersmaxtotaloctets></varusersmaxtotaloctets>
              				<varusersmaxtotaloctetstimerange>daily</varusersmaxtotaloctetstimerange>
              				<varusersmaxbandwidthdown></varusersmaxbandwidthdown>
              				<varusersmaxbandwidthup></varusersmaxbandwidthup>
              				<varusersacctinteriminterval></varusersacctinteriminterval>
              				<varuserstopadditionaloptions></varuserstopadditionaloptions>
              				<varuserscheckitemsadditionaloptions></varuserscheckitemsadditionaloptions>
              				<varusersreplyitemsadditionaloptions></varusersreplyitemsadditionaloptions>
              			</config>
              		</freeradius>
              		<squidcache></squidcache>
              		<squidremote></squidremote>
              		<squidauth>
              			<config>
              				<auth_method>none</auth_method>
              			</config>
              		</squidauth>
              		<pfblockerngdnsbl>
              			<config>
              				<aliasname>Ads</aliasname>
              				<description><![CDATA[Werbefilter]]></description>
              				<infolists></infolists>
              				<row>
              					<format>auto</format>
              					<state><![CDATA[Enabled]]></state>
              					<url>http://hosts-file.net/ad_servers.txt</url>
              					<header>hphosts</header>
              				</row>
              				<row>
              					<format>auto</format>
              					<state><![CDATA[Enabled]]></state>
              					<url>http://pgl.yoyo.org/adservers/serverlist.php?hostformat=hosts&amp;mimetype=plaintext</url>
              					<header>yoyo</header>
              				</row>
              				<row>
              					<format>auto</format>
              					<state><![CDATA[Enabled]]></state>
              					<url>https://adaway.org/hosts.txt</url>
              					<header>adaway</header>
              				</row>
              				<row>
              					<format>auto</format>
              					<state><![CDATA[Enabled]]></state>
              					<url>http://sysctl.org/cameleon/hosts</url>
              					<header>cameleon</header>
              				</row>
              				<row>
              					<format>auto</format>
              					<state><![CDATA[Enabled]]></state>
              					<url>http://hosts-file.net/download/hosts.zip</url>
              					<header>hphosts</header>
              				</row>
              				<row>
              					<format>auto</format>
              					<state><![CDATA[Enabled]]></state>
              					<url>http://winhelp2002.mvps.org/hosts.txt</url>
              					<header>mvps</header>
              				</row>
              				<action>unbound</action>
              				<cron>EveryDay</cron>
              				<dow>7</dow>
              				<filter_alexa></filter_alexa>
              				<custom></custom>
              				<custom_update>disabled</custom_update>
              			</config>
              			<config>
              				<aliasname>Malicious</aliasname>
              				<description><![CDATA[gef&auml;hrliche Sites]]></description>
              				<infolists></infolists>
              				<row>
              					<format>auto</format>
              					<state><![CDATA[Enabled]]></state>
              					<url>http://mirror1.malwaredomains.com/files/justdomains</url>
              					<header>malewaredomains</header>
              				</row>
              				<row>
              					<format>auto</format>
              					<state><![CDATA[Enabled]]></state>
              					<url>http://www.malwaredomainlist.com/hostslist/hosts.txt</url>
              					<header>malewarelists</header>
              				</row>
              				<row>
              					<format>auto</format>
              					<state><![CDATA[Enabled]]></state>
              					<url>http://osint.bambenekconsulting.com/feeds/dga-feed.gz</url>
              					<header>bambenek</header>
              				</row>
              				<row>
              					<format>auto</format>
              					<state><![CDATA[Enabled]]></state>
              					<url>http://data.phishtank.com/data/online-valid.csv.gz</url>
              					<header>pishtank</header>
              				</row>
              				<row>
              					<format>auto</format>
              					<state><![CDATA[Enabled]]></state>
              					<url>https://www.openphish.com/feed.txt</url>
              					<header>openfish</header>
              				</row>
              				<action>unbound</action>
              				<cron>EveryDay</cron>
              				<dow>1</dow>
              				<filter_alexa></filter_alexa>
              				<custom></custom>
              				<custom_update>disabled</custom_update>
              			</config>
              			<config>
              				<aliasname>Suspicious</aliasname>
              				<description><![CDATA[suspekte Domains]]></description>
              				<infolists></infolists>
              				<row>
              					<format>auto</format>
              					<state><![CDATA[Disabled]]></state>
              					<url>https://isc.sans.edu/suspicious_domains.html</url>
              					<header>sans</header>
              				</row>
              				<row>
              					<format>auto</format>
              					<state><![CDATA[Enabled]]></state>
              					<url>https://dshield.org/feeds/suspiciousdomains_High.txt</url>
              					<header>dshield_high</header>
              				</row>
              				<row>
              					<format>auto</format>
              					<state><![CDATA[Enabled]]></state>
              					<url>https://dshield.org/feeds/suspiciousdomains_Medium.txt</url>
              					<header>dshield_medium</header>
              				</row>
              				<action>Disabled</action>
              				<cron>06hours</cron>
              				<dow>1</dow>
              				<filter_alexa></filter_alexa>
              				<custom></custom>
              				<custom_update>disabled</custom_update>
              			</config>
              			<config>
              				<aliasname>Virus</aliasname>
              				<description><![CDATA[Virusdomains]]></description>
              				<infolists></infolists>
              				<row>
              					<format>auto</format>
              					<state><![CDATA[Disabled]]></state>
              					<url>http://www.wael.name/wael.list.p2p.gz</url>
              					<header>wael</header>
              				</row>
              				<action>Disabled</action>
              				<cron>EveryDay</cron>
              				<dow>1</dow>
              				<filter_alexa></filter_alexa>
              				<custom></custom>
              				<custom_update>disabled</custom_update>
              			</config>
              			<config>
              				<aliasname>Microsoft_Telemetrie</aliasname>
              				<description><![CDATA[Microsofts Telemetrieserver]]></description>
              				<infolists></infolists>
              				<row>
              					<format>auto</format>
              					<state><![CDATA[Enabled]]></state>
              					<url>https://raw.githubusercontent.com/WindowsLies/BlockWindows/master/hostslist</url>
              					<header>githubliste</header>
              				</row>
              				<action>unbound</action>
              				<cron>Weekly</cron>
              				<dow>1</dow>
              				<filter_alexa></filter_alexa>
              				<custom></custom>
              				<custom_update>disabled</custom_update>
              			</config>
              			<config>
              				<aliasname>eigeneBlocks</aliasname>
              				<description><![CDATA[eigene Blockings]]></description>
              				<infolists></infolists>
              				<row>
              					<format>auto</format>
              					<state><![CDATA[Enabled]]></state>
              					<url></url>
              					<header></header>
              				</row>
              				<action>Disabled</action>
              				<cron>Never</cron>
              				<dow>1</dow>
              				<filter_alexa></filter_alexa>
              				<custom>LmdhbWJsaW5nLmNvbQ==</custom>
              				<custom_update>disabled</custom_update>
              			</config>
              		</pfblockerngdnsbl>
              		<freeradiusauthorizedmacs></freeradiusauthorizedmacs>
              		<freeradiusclients>
              			<config>
              				<varclientip>172.16.100.80</varclientip>
              				<varclientipversion>ipaddr</varclientipversion>
              				<varclientshortname>ruckus</varclientshortname>
              				<varclientsharedsecret>blablablub</varclientsharedsecret>
              				<varclientproto>udp</varclientproto>
              				<varclientnastype>other</varclientnastype>
              				<varrequiremessageauthenticator>yes</varrequiremessageauthenticator>
              				<varclientmaxconnections>16</varclientmaxconnections>
              				<varclientlogininput></varclientlogininput>
              				<varclientpasswordinput></varclientpasswordinput>
              				<description><![CDATA[ruckus]]></description>
              			</config>
              			<config>
              				<varclientip>172.16.100.10</varclientip>
              				<varclientipversion>ipaddr</varclientipversion>
              				<varclientshortname>zyxel</varclientshortname>
              				<varclientsharedsecret>smje7598z3oht2o</varclientsharedsecret>
              				<varclientproto>udp</varclientproto>
              				<varclientnastype>other</varclientnastype>
              				<varrequiremessageauthenticator>no</varrequiremessageauthenticator>
              				<varclientmaxconnections>16</varclientmaxconnections>
              				<varclientlogininput></varclientlogininput>
              				<varclientpasswordinput></varclientpasswordinput>
              				<description><![CDATA[zyxel]]></description>
              			</config>
              			<config>
              				<varclientip>172.16.0.100</varclientip>
              				<varclientipversion>ipaddr</varclientipversion>
              				<varclientshortname>NTRadPing</varclientshortname>
              				<varclientsharedsecret>123456</varclientsharedsecret>
              				<varclientproto>udp</varclientproto>
              				<varclientnastype>other</varclientnastype>
              				<varrequiremessageauthenticator>no</varrequiremessageauthenticator>
              				<varclientmaxconnections>16</varclientmaxconnections>
              				<varclientlogininput></varclientlogininput>
              				<varclientpasswordinput></varclientpasswordinput>
              				<description><![CDATA[NTRadPing]]></description>
              			</config>
              			<config>
              				<varclientip>127.0.0.1</varclientip>
              				<varclientipversion>ipaddr</varclientipversion>
              				<varclientshortname>tester</varclientshortname>
              				<varclientsharedsecret>SuperTest</varclientsharedsecret>
              				<varclientproto>udp</varclientproto>
              				<varclientnastype>other</varclientnastype>
              				<varrequiremessageauthenticator>no</varrequiremessageauthenticator>
              				<varclientmaxconnections>16</varclientmaxconnections>
              				<varclientlogininput></varclientlogininput>
              				<varclientpasswordinput></varclientpasswordinput>
              				<description></description>
              			</config>
              		</freeradiusclients>
              		<freeradiusinterfaces>
              			<config>
              				<varinterfaceip>127.0.0.1</varinterfaceip>
              				<varinterfaceport>1812</varinterfaceport>
              				<varinterfacetype>auth</varinterfacetype>
              				<varinterfaceipversion>ipaddr</varinterfaceipversion>
              				<description></description>
              			</config>
              			<config>
              				<varinterfaceip>127.0.0.1</varinterfaceip>
              				<varinterfaceport>1813</varinterfaceport>
              				<varinterfacetype>acct</varinterfacetype>
              				<varinterfaceipversion>ipaddr</varinterfaceipversion>
              				<description></description>
              			</config>
              		</freeradiusinterfaces>
              		<freeradiussettings>
              			<config>
              				<varsettingsmaxrequests>1024</varsettingsmaxrequests>
              				<varsettingsmaxrequesttime>30</varsettingsmaxrequesttime>
              				<varsettingscleanupdelay>5</varsettingscleanupdelay>
              				<varsettingsallowcoredumps>yes</varsettingsallowcoredumps>
              				<varsettingsregularexpressions>yes</varsettingsregularexpressions>
              				<varsettingsextendedexpressions>yes</varsettingsextendedexpressions>
              				<varsettingslogdir>syslog</varsettingslogdir>
              				<varsettingsauth>yes</varsettingsauth>
              				<varsettingsauthbadpass>no</varsettingsauthbadpass>
              				<varsettingsauthbadpassmessage></varsettingsauthbadpassmessage>
              				<varsettingsauthgoodpass>no</varsettingsauthgoodpass>
              				<varsettingsauthgoodpassmessage></varsettingsauthgoodpassmessage>
              				<varsettingsstrippednames>no</varsettingsstrippednames>
              				<varsettingshostnamelookups>no</varsettingshostnamelookups>
              				<varsettingsmaxattributes>200</varsettingsmaxattributes>
              				<varsettingsrejectdelay>1</varsettingsrejectdelay>
              				<varsettingsstartservers>5</varsettingsstartservers>
              				<varsettingsmaxservers>32</varsettingsmaxservers>
              				<varsettingsminspareservers>3</varsettingsminspareservers>
              				<varsettingsmaxspareservers>10</varsettingsmaxspareservers>
              				<varsettingsmaxqueuesize>65536</varsettingsmaxqueuesize>
              				<varsettingsmaxrequestsperserver>0</varsettingsmaxrequestsperserver>
              				<varsettingsmotpenable></varsettingsmotpenable>
              				<varsettingsmotptimespan></varsettingsmotptimespan>
              				<varsettingsmotppasswordattempts></varsettingsmotppasswordattempts>
              				<varsettingsmotpchecksumtype>md5</varsettingsmotpchecksumtype>
              				<varsettingsmotptokenlength></varsettingsmotptokenlength>
              				<varsettingsenablemacauth></varsettingsenablemacauth>
              				<varsettingsenableacctunique>on</varsettingsenableacctunique>
              			</config>
              		</freeradiussettings>
              		<freeradiussqlconf>
              			<config>
              				<varsqlconfincludeenable>on</varsqlconfincludeenable>
              				<varsqlconfenableauthorize>Enable</varsqlconfenableauthorize>
              				<varsqlconfenableaccounting>Enable</varsqlconfenableaccounting>
              				<varsqlconfenablesession>Enable</varsqlconfenablesession>
              				<varsqlconfenablepostauth>Enable</varsqlconfenablepostauth>
              				<varsqlconfdatabase>mysql</varsqlconfdatabase>
              				<varsqlconfserver>localhost</varsqlconfserver>
              				<varsqlconfport>3306</varsqlconfport>
              				<varsqlconflogin>radius</varsqlconflogin>
              				<varsqlconfpassword>radpass</varsqlconfpassword>
              				<varsqlconfradiusdb>radius</varsqlconfradiusdb>
              				<varsqlconfaccttable1>radacct</varsqlconfaccttable1>
              				<varsqlconfaccttable2>radacct</varsqlconfaccttable2>
              				<varsqlconfpostauthtable>radpostauth</varsqlconfpostauthtable>
              				<varsqlconfauthchecktable>radcheck</varsqlconfauthchecktable>
              				<varsqlconfauthreplytable>radreply</varsqlconfauthreplytable>
              				<varsqlconfgroupchecktable>radgroupcheck</varsqlconfgroupchecktable>
              				<varsqlconfgroupreplytable>radgroupreply</varsqlconfgroupreplytable>
              				<varsqlconfusergrouptable>radusergroup</varsqlconfusergrouptable>
              				<varsqlconfreadgroups>yes</varsqlconfreadgroups>
              				<varsqlconfdeletestalesessions>yes</varsqlconfdeletestalesessions>
              				<varsqlconfsqltrace>no</varsqlconfsqltrace>
              				<varsqlconfnumsqlsocks></varsqlconfnumsqlsocks>
              				<varsqlconfconnectfailureretrydelay></varsqlconfconnectfailureretrydelay>
              				<varsqlconflifetime></varsqlconflifetime>
              				<varsqlconfmaxqueries></varsqlconfmaxqueries>
              				<varsqlconfreadclients>yes</varsqlconfreadclients>
              				<varsqlconfnastable>nas</varsqlconfnastable>
              				<varsqlconf2failover>redundant</varsqlconf2failover>
              				<varsqlconf2includeenable></varsqlconf2includeenable>
              				<varsqlconf2enableauthorize>Disable</varsqlconf2enableauthorize>
              				<varsqlconf2enableaccounting>Disable</varsqlconf2enableaccounting>
              				<varsqlconf2enablesession>Disable</varsqlconf2enablesession>
              				<varsqlconf2enablepostauth>Disable</varsqlconf2enablepostauth>
              				<varsqlconf2database>mysql</varsqlconf2database>
              				<varsqlconf2server></varsqlconf2server>
              				<varsqlconf2port></varsqlconf2port>
              				<varsqlconf2login></varsqlconf2login>
              				<varsqlconf2password></varsqlconf2password>
              				<varsqlconf2radiusdb></varsqlconf2radiusdb>
              				<varsqlconf2accttable1></varsqlconf2accttable1>
              				<varsqlconf2accttable2></varsqlconf2accttable2>
              				<varsqlconf2postauthtable></varsqlconf2postauthtable>
              				<varsqlconf2authchecktable></varsqlconf2authchecktable>
              				<varsqlconf2authreplytable></varsqlconf2authreplytable>
              				<varsqlconf2groupchecktable></varsqlconf2groupchecktable>
              				<varsqlconf2groupreplytable></varsqlconf2groupreplytable>
              				<varsqlconf2usergrouptable></varsqlconf2usergrouptable>
              				<varsqlconf2readgroups>yes</varsqlconf2readgroups>
              				<varsqlconf2deletestalesessions>yes</varsqlconf2deletestalesessions>
              				<varsqlconf2sqltrace>no</varsqlconf2sqltrace>
              				<varsqlconf2numsqlsocks></varsqlconf2numsqlsocks>
              				<varsqlconf2connectfailureretrydelay></varsqlconf2connectfailureretrydelay>
              				<varsqlconf2lifetime></varsqlconf2lifetime>
              				<varsqlconf2maxqueries></varsqlconf2maxqueries>
              				<varsqlconf2readclients>yes</varsqlconf2readclients>
              				<varsqlconf2nastable></varsqlconf2nastable>
              			</config>
              		</freeradiussqlconf>
              	</installedpackages>
              	<virtualip>
              		<vip>
              			<mode>ipalias</mode>
              			<interface>lan</interface>
              			<descr><![CDATA[pfB DNSBL - DO NOT EDIT]]></descr>
              			<type>single</type>
              			<subnet_bits>32</subnet_bits>
              			<subnet>10.10.10.2</subnet>
              		</vip>
              	</virtualip>
              </pfsense>
              
              

              Only thing changed is ![Bild Text](0_1534271815260_22b7bc65-92e1-4711-a2f1-8c90641f8a3a-grafik.png Bild Link) from Disabled to Enabled and save

              Hope now its correct for you :-)

              1 Reply Last reply Reply Quote 0
              • P
                pfadmin @jimp
                last edited by

                FreeRADIUS Version 3.0.15
                Copyright (C) 1999-2017 The FreeRADIUS server project and contributors
                There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
                PARTICULAR PURPOSE
                You may redistribute copies of FreeRADIUS under the terms of the
                GNU General Public License
                For more information about these matters, see the file named COPYRIGHT
                Starting - reading configuration files ...
                including dictionary file /usr/local/share/freeradius/dictionary
                including dictionary file /usr/local/share/freeradius/dictionary.dhcp
                including dictionary file /usr/local/share/freeradius/dictionary.vqp
                including dictionary file /usr/local/etc/raddb/dictionary
                including configuration file /usr/local/etc/raddb/radiusd.conf
                including configuration file /usr/local/etc/raddb/clients.conf
                including files in directory /usr/local/etc/raddb/mods-enabled/
                including configuration file /usr/local/etc/raddb/mods-enabled/pap
                including configuration file /usr/local/etc/raddb/mods-enabled/digest
                including configuration file /usr/local/etc/raddb/mods-enabled/eap
                including configuration file /usr/local/etc/raddb/mods-enabled/dhcp
                including configuration file /usr/local/etc/raddb/mods-enabled/detail
                including configuration file /usr/local/etc/raddb/mods-enabled/replicate
                including configuration file /usr/local/etc/raddb/mods-enabled/utf8
                including configuration file /usr/local/etc/raddb/mods-enabled/mschap
                including configuration file /usr/local/etc/raddb/mods-enabled/logintime
                including configuration file /usr/local/etc/raddb/mods-enabled/echo
                including configuration file /usr/local/etc/raddb/mods-enabled/googleauth
                including configuration file /usr/local/etc/raddb/mods-enabled/dynamic_clients
                including configuration file /usr/local/etc/raddb/mods-enabled/unpack
                including configuration file /usr/local/etc/raddb/mods-enabled/motp
                including configuration file /usr/local/etc/raddb/mods-enabled/detail.log
                including configuration file /usr/local/etc/raddb/mods-enabled/sql
                including configuration file /usr/local/etc/raddb/mods-config/sql/main/mysql/queries.conf
                including configuration file /usr/local/etc/raddb/mods-enabled/sradutmp
                including configuration file /usr/local/etc/raddb/mods-enabled/datacounter_acct
                including configuration file /usr/local/etc/raddb/mods-enabled/exec
                including configuration file /usr/local/etc/raddb/mods-enabled/unix
                including configuration file /usr/local/etc/raddb/mods-enabled/soh
                including configuration file /usr/local/etc/raddb/mods-enabled/expr
                including configuration file /usr/local/etc/raddb/mods-enabled/preprocess
                including configuration file /usr/local/etc/raddb/mods-enabled/attr_filter
                including configuration file /usr/local/etc/raddb/mods-enabled/realm
                including configuration file /usr/local/etc/raddb/mods-enabled/passwd
                including configuration file /usr/local/etc/raddb/mods-enabled/chap
                including configuration file /usr/local/etc/raddb/mods-enabled/date
                including configuration file /usr/local/etc/raddb/mods-enabled/cache_eap
                including configuration file /usr/local/etc/raddb/mods-enabled/always
                including configuration file /usr/local/etc/raddb/mods-enabled/expiration
                including configuration file /usr/local/etc/raddb/mods-enabled/files
                including configuration file /usr/local/etc/raddb/mods-enabled/sqlcounter
                including configuration file /usr/local/etc/raddb/mods-config/sql/counter/mysql/dailycounter.conf
                including configuration file /usr/local/etc/raddb/mods-config/sql/counter/mysql/monthlycounter.conf
                including configuration file /usr/local/etc/raddb/mods-config/sql/counter/mysql/noresetcounter.conf
                including configuration file /usr/local/etc/raddb/mods-config/sql/counter/mysql/expire_on_login.conf
                including configuration file /usr/local/etc/raddb/mods-enabled/linelog
                including configuration file /usr/local/etc/raddb/mods-enabled/radutmp
                including files in directory /usr/local/etc/raddb/policy.d/
                including configuration file /usr/local/etc/raddb/policy.d/moonshot-targeted-ids
                including configuration file /usr/local/etc/raddb/policy.d/canonicalization
                including configuration file /usr/local/etc/raddb/policy.d/pfs_custom_policies
                including configuration file /usr/local/etc/raddb/policy.d/operator-name
                including configuration file /usr/local/etc/raddb/policy.d/control
                including configuration file /usr/local/etc/raddb/policy.d/cui
                including configuration file /usr/local/etc/raddb/policy.d/abfab-tr
                including configuration file /usr/local/etc/raddb/policy.d/dhcp
                including configuration file /usr/local/etc/raddb/policy.d/eap
                including configuration file /usr/local/etc/raddb/policy.d/debug
                including configuration file /usr/local/etc/raddb/policy.d/filter
                including configuration file /usr/local/etc/raddb/policy.d/accounting
                including files in directory /usr/local/etc/raddb/sites-enabled/
                including configuration file /usr/local/etc/raddb/sites-enabled/inner-tunnel-ttls
                including configuration file /usr/local/etc/raddb/sites-enabled/default
                including configuration file /usr/local/etc/raddb/sites-enabled/inner-tunnel-peap
                main {
                 security {
                        allow_core_dumps = yes
                 }
                        name = "radiusd"
                        prefix = "/usr/local"
                        localstatedir = "/var"
                        logdir = "/var/log"
                        run_dir = "/var/run"
                }
                Changing value of PR_DUMPABLE not supported on this system
                Core dumps are enabled
                main {
                        name = "radiusd"
                        prefix = "/usr/local"
                        localstatedir = "/var"
                        sbindir = "/usr/local/sbin"
                        logdir = "/var/log"
                        run_dir = "/var/run"
                        libdir = "/usr/local/lib/freeradius-3.0.15"
                        radacctdir = "/var/log/radacct"
                        hostname_lookups = no
                        max_request_time = 30
                        cleanup_delay = 5
                        max_requests = 1024
                        pidfile = "/var/run/radiusd.pid"
                        checkrad = "/usr/local/sbin/checkrad"
                        debug_level = 0
                        proxy_requests = yes
                 log {
                        stripped_names = no
                        auth = yes
                        auth_badpass = no
                        auth_goodpass = no
                        msg_badpass = ""
                        msg_goodpass = ""
                        colourise = yes
                        msg_denied = "You are already logged in - access denied"
                 }
                 resources {
                 }
                 security {
                        max_attributes = 200
                        reject_delay = 1.000000
                        status_server = no
                 }
                }
                radiusd: #### Loading Realms and Home Servers ####
                radiusd: #### Loading Clients ####
                 client ruckus {
                        ipaddr = 172.16.100.80
                        require_message_authenticator = yes
                        secret = <<< secret >>>
                        nas_type = "other"
                        proto = "udp"
                  limit {
                        max_connections = 16
                        lifetime = 0
                        idle_timeout = 30
                  }
                 }
                 client zyxel {
                        ipaddr = 172.16.100.10
                        require_message_authenticator = no
                        secret = <<< secret >>>
                        nas_type = "other"
                        proto = "udp"
                  limit {
                        max_connections = 16
                        lifetime = 0
                        idle_timeout = 30
                  }
                 }
                 client NTRadPing {
                        ipaddr = 172.16.0.100
                        require_message_authenticator = no
                        secret = <<< secret >>>
                        nas_type = "other"
                        proto = "udp"
                  limit {
                        max_connections = 16
                        lifetime = 0
                        idle_timeout = 30
                  }
                 }
                 client tester {
                        ipaddr = 127.0.0.1
                        require_message_authenticator = no
                        secret = <<< secret >>>
                        nas_type = "other"
                        proto = "udp"
                  limit {
                        max_connections = 16
                        lifetime = 0
                        idle_timeout = 30
                  }
                 }
                Debugger not attached
                 # Creating Auth-Type = mschap
                 # Creating Auth-Type = eap
                 # Creating Auth-Type = PAP
                 # Creating Auth-Type = CHAP
                 # Creating Auth-Type = MS-CHAP
                 # Creating Auth-Type = digest
                 # Creating Auth-Type = MOTP
                 # Creating Auth-Type = GOOGLEAUTH
                 # Creating Autz-Type = Status-Server
                 # Creating Acct-Type = Status-Server
                radiusd: #### Instantiating modules ####
                 modules {
                  # Loaded module rlm_pap
                  # Loading module "pap" from file /usr/local/etc/raddb/mods-enabled/pap
                  pap {
                        normalise = yes
                  }
                  # Loaded module rlm_digest
                  # Loading module "digest" from file /usr/local/etc/raddb/mods-enabled/digest
                  # Loaded module rlm_eap
                  # Loading module "eap" from file /usr/local/etc/raddb/mods-enabled/eap
                  eap {
                        default_eap_type = "md5"
                        timer_expire = 60
                        ignore_unknown_eap_types = no
                        cisco_accounting_username_bug = no
                        max_sessions = 4096
                  }
                  # Loaded module rlm_dhcp
                  # Loading module "dhcp" from file /usr/local/etc/raddb/mods-enabled/dhcp
                  # Loaded module rlm_detail
                  # Loading module "detail" from file /usr/local/etc/raddb/mods-enabled/detail
                  detail {
                        filename = "/var/log/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d"
                        header = "%t"
                        permissions = 384
                        locking = no
                        escape_filenames = no
                        log_packet_header = no
                  }
                  # Loaded module rlm_replicate
                  # Loading module "replicate" from file /usr/local/etc/raddb/mods-enabled/replicate
                  # Loaded module rlm_utf8
                  # Loading module "utf8" from file /usr/local/etc/raddb/mods-enabled/utf8
                  # Loaded module rlm_mschap
                  # Loading module "mschap" from file /usr/local/etc/raddb/mods-enabled/mschap
                  mschap {
                        use_mppe = yes
                        require_encryption = no
                        require_strong = no
                        with_ntdomain_hack = yes
                   passchange {
                   }
                        allow_retry = yes
                        winbind_retry_with_normalised_username = no
                  }
                  # Loaded module rlm_logintime
                  # Loading module "logintime" from file /usr/local/etc/raddb/mods-enabled/logintime
                  logintime {
                        minimum_timeout = 60
                  }
                  # Loaded module rlm_exec
                  # Loading module "echo" from file /usr/local/etc/raddb/mods-enabled/echo
                  exec echo {
                        wait = yes
                        program = "/bin/echo %{User-Name}"
                        input_pairs = "request"
                        output_pairs = "reply"
                        shell_escape = yes
                  }
                  # Loading module "googleauth" from file /usr/local/etc/raddb/mods-enabled/googleauth
                  exec googleauth {
                        wait = yes
                        program = "/usr/local/etc/raddb/scripts/googleauth.py %{request:User-Name} %{reply:MOTP-Init-Secret} %{reply:MOTP-PIN} %{request:User-Password}"
                        shell_escape = yes
                  }
                  # Loaded module rlm_dynamic_clients
                  # Loading module "dynamic_clients" from file /usr/local/etc/raddb/mods-enabled/dynamic_clients
                  # Loaded module rlm_unpack
                  # Loading module "unpack" from file /usr/local/etc/raddb/mods-enabled/unpack
                  # Loading module "motp" from file /usr/local/etc/raddb/mods-enabled/motp
                  exec motp {
                        wait = yes
                        program = "/usr/local/bin/bash /usr/local/etc/raddb/scripts/otpverify.sh %{request:User-Name} %{request:User-Password} %{reply:MOTP-Init-Secret} %{reply:MOTP-PIN} %{reply:MOTP-Offset}"
                        shell_escape = yes
                  }
                  # Loading module "auth_log" from file /usr/local/etc/raddb/mods-enabled/detail.log
                  detail auth_log {
                        filename = "/var/log/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d"
                        header = "%t"
                        permissions = 384
                        locking = no
                        escape_filenames = no
                        log_packet_header = no
                  }
                  # Loading module "reply_log" from file /usr/local/etc/raddb/mods-enabled/detail.log
                  detail reply_log {
                        filename = "/var/log/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/reply-detail-%Y%m%d"
                        header = "%t"
                        permissions = 384
                        locking = no
                        escape_filenames = no
                        log_packet_header = no
                  }
                  # Loading module "pre_proxy_log" from file /usr/local/etc/raddb/mods-enabled/detail.log
                  detail pre_proxy_log {
                        filename = "/var/log/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/pre-proxy-detail-%Y%m%d"
                        header = "%t"
                        permissions = 384
                        locking = no
                        escape_filenames = no
                        log_packet_header = no
                  }
                  # Loading module "post_proxy_log" from file /usr/local/etc/raddb/mods-enabled/detail.log
                  detail post_proxy_log {
                        filename = "/var/log/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/post-proxy-detail-%Y%m%d"
                        header = "%t"
                        permissions = 384
                        locking = no
                        escape_filenames = no
                        log_packet_header = no
                  }
                  # Loaded module rlm_sql
                  # Loading module "sql1" from file /usr/local/etc/raddb/mods-enabled/sql
                  sql sql1 {
                        driver = "rlm_sql_mysql"
                        server = "localhost"
                        port = 3306
                        login = "radius"
                        password = <<< secret >>>
                        radius_db = "radius"
                        read_groups = yes
                        read_profiles = yes
                        read_clients = yes
                        delete_stale_sessions = yes
                        sql_user_name = "%{User-Name}"
                        logfile = "/var/log/sqltrace.sql"
                        default_user_profile = ""
                        client_query = "SELECT id, nasname, shortname, type, secret, server FROM nas"
                        authorize_check_query = "SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id"
                        authorize_reply_query = "SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id"
                        authorize_group_check_query = "SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{sql1-SQL-Group}' ORDER BY id"
                        authorize_group_reply_query = "SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{sql1-SQL-Group}' ORDER BY id"
                        group_membership_query = "SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority"
                        simul_count_query = "SELECT COUNT(*) FROM radacct WHERE username = '%{SQL-User-Name}' AND acctstoptime IS NULL"
                        simul_verify_query = "SELECT radacctid, acctsessionid, username, nasipaddress, nasportid, framedipaddress, callingstationid, framedprotocol FROM radacct WHERE username = '%{SQL-User-Name}' AND acctstoptime IS NULL"
                        safe_characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
                   accounting {
                        reference = "%{tolower:type.%{Acct-Status-Type}.query}"
                    type {
                     accounting-on {
                        query = "UPDATE radacct SET acctstoptime = FROM_UNIXTIME(%{integer:Event-Timestamp}), acctsessiontime   = '%{integer:Event-Timestamp}' - UNIX_TIMESTAMP(acctstarttime), acctterminatecause = '%{%{Acct-Terminate-Cause}:-NAS-Reboot}' WHERE acctstoptime IS NULL AND nasipaddress   = '%{NAS-IP-Address}' AND acctstarttime <= FROM_UNIXTIME(%{integer:Event-Timestamp})"
                     }
                     accounting-off {
                        query = "UPDATE radacct SET acctstoptime = FROM_UNIXTIME(%{integer:Event-Timestamp}), acctsessiontime   = '%{integer:Event-Timestamp}' - UNIX_TIMESTAMP(acctstarttime), acctterminatecause = '%{%{Acct-Terminate-Cause}:-NAS-Reboot}' WHERE acctstoptime IS NULL AND nasipaddress   = '%{NAS-IP-Address}' AND acctstarttime <= FROM_UNIXTIME(%{integer:Event-Timestamp})"
                     }
                     start {
                        query = "INSERT INTO radacct (acctsessionid,            acctuniqueid,           username, realm,                        nasipaddress,           nasportid, nasporttype,         acctstarttime,          acctupdatetime, acctstoptime,           acctsessiontime,       acctauthentic, connectinfo_start,        connectinfo_stop,       acctinputoctets, acctoutputoctets,      calledstationid,        callingstationid, acctterminatecause,   servicetype,            framedprotocol, framedipaddress) VALUES ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{%{NAS-Port-ID}:-%{NAS-Port}}', '%{NAS-Port-Type}', FROM_UNIXTIME(%{integer:Event-Timestamp}), FROM_UNIXTIME(%{integer:Event-Timestamp}), NULL, '0', '%{Acct-Authentic}', '%{Connect-Info}', '', '0', '0', '%{Called-Station-Id}', '%{Calling-Station-Id}', '', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}')"
                     }
                     interim-update {
                        query = "UPDATE radacct SET acctupdatetime  = (@acctupdatetime_old:=acctupdatetime), acctupdatetime  = FROM_UNIXTIME(%{integer:Event-Timestamp}), acctinterval    = %{integer:Event-Timestamp} - UNIX_TIMESTAMP(@acctupdatetime_old), framedipaddress = '%{Framed-IP-Address}', acctsessiontime = %{%{Acct-Session-Time}:-NULL}, acctinputoctets = '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}' WHERE AcctUniqueId = '%{Acct-Unique-Session-Id}'"
                     }
                     stop {
                        query = "UPDATE radacct SET acctstoptime        = FROM_UNIXTIME(%{integer:Event-Timestamp}), acctsessiontime    = %{%{Acct-Session-Time}:-NULL}, acctinputoctets        = '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}', acctterminatecause = '%{Acct-Terminate-Cause}', connectinfo_stop = '%{Connect-Info}' WHERE AcctUniqueId = '%{Acct-Unique-Session-Id}'"
                     }
                    }
                   }
                   post-auth {
                        reference = ".query"
                        query = "INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{SQL-User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S')"
                   }
                  }
                rlm_sql (sql1): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked
                Creating attribute sql1-SQL-Group
                  # Loaded module rlm_radutmp
                  # Loading module "sradutmp" from file /usr/local/etc/raddb/mods-enabled/sradutmp
                  radutmp sradutmp {
                        filename = "/var/log/sradutmp"
                        username = "%{User-Name}"
                        case_sensitive = yes
                        check_with_nas = yes
                        permissions = 420
                        caller_id = no
                  }
                  # Loading module "datacounterdaily" from file /usr/local/etc/raddb/mods-enabled/datacounter_acct
                  exec datacounterdaily {
                        wait = yes
                        program = "/bin/sh /usr/local/etc/raddb/scripts/datacounter_acct.sh %{request:User-Name} daily %{request:Acct-Input-Octets} %{request:Acct-Output-Octets} %{request:Acct-Status-Type} %{request:Acct-Session-Id}"
                        shell_escape = yes
                  }
                  # Loading module "datacounterweekly" from file /usr/local/etc/raddb/mods-enabled/datacounter_acct
                  exec datacounterweekly {
                        wait = yes
                        program = "/bin/sh /usr/local/etc/raddb/scripts/datacounter_acct.sh %{request:User-Name} weekly %{request:Acct-Input-Octets} %{request:Acct-Output-Octets} %{request:Acct-Status-Type} %{request:Acct-Session-Id}"
                        shell_escape = yes
                  }
                  # Loading module "datacountermonthly" from file /usr/local/etc/raddb/mods-enabled/datacounter_acct
                  exec datacountermonthly {
                        wait = yes
                        program = "/bin/sh /usr/local/etc/raddb/scripts/datacounter_acct.sh %{request:User-Name} monthly %{request:Acct-Input-Octets} %{request:Acct-Output-Octets} %{request:Acct-Status-Type} %{request:Acct-Session-Id}"
                        shell_escape = yes
                  }
                  # Loading module "datacounterforever" from file /usr/local/etc/raddb/mods-enabled/datacounter_acct
                  exec datacounterforever {
                        wait = yes
                        program = "/bin/sh /usr/local/etc/raddb/scripts/datacounter_acct.sh %{request:User-Name} forever %{request:Acct-Input-Octets} %{request:Acct-Output-Octets} %{request:Acct-Status-Type} %{request:Acct-Session-Id}"
                        shell_escape = yes
                  }
                  # Loading module "exec" from file /usr/local/etc/raddb/mods-enabled/exec
                  exec {
                        wait = no
                        input_pairs = "request"
                        shell_escape = yes
                        timeout = 10
                  }
                  # Loaded module rlm_unix
                  # Loading module "unix" from file /usr/local/etc/raddb/mods-enabled/unix
                  unix {
                        radwtmp = "/var/log/radwtmp"
                  }
                Creating attribute Unix-Group
                  # Loaded module rlm_soh
                  # Loading module "soh" from file /usr/local/etc/raddb/mods-enabled/soh
                  soh {
                        dhcp = yes
                  }
                  # Loaded module rlm_expr
                  # Loading module "expr" from file /usr/local/etc/raddb/mods-enabled/expr
                  expr {
                        safe_characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /äéöüàâæçèéêëîïôœùûüaÿÄÉÖÜßÀÂÆÇÈÉÊËÎÏÔŒÙÛÜŸ"
                  }
                  # Loaded module rlm_preprocess
                  # Loading module "preprocess" from file /usr/local/etc/raddb/mods-enabled/preprocess
                  preprocess {
                        huntgroups = "/usr/local/etc/raddb/mods-config/preprocess/huntgroups"
                        hints = "/usr/local/etc/raddb/mods-config/preprocess/hints"
                        with_ascend_hack = no
                        ascend_channels_per_line = 23
                        with_ntdomain_hack = no
                        with_specialix_jetstream_hack = no
                        with_cisco_vsa_hack = no
                        with_alvarion_vsa_hack = no
                  }
                  # Loaded module rlm_attr_filter
                  # Loading module "attr_filter.post-proxy" from file /usr/local/etc/raddb/mods-enabled/attr_filter
                  attr_filter attr_filter.post-proxy {
                        filename = "/usr/local/etc/raddb/mods-config/attr_filter/post-proxy"
                        key = "%{Realm}"
                        relaxed = no
                  }
                  # Loading module "attr_filter.pre-proxy" from file /usr/local/etc/raddb/mods-enabled/attr_filter
                  attr_filter attr_filter.pre-proxy {
                        filename = "/usr/local/etc/raddb/mods-config/attr_filter/pre-proxy"
                        key = "%{Realm}"
                        relaxed = no
                  }
                  # Loading module "attr_filter.access_reject" from file /usr/local/etc/raddb/mods-enabled/attr_filter
                  attr_filter attr_filter.access_reject {
                        filename = "/usr/local/etc/raddb/mods-config/attr_filter/access_reject"
                        key = "%{User-Name}"
                        relaxed = no
                  }
                  # Loading module "attr_filter.access_challenge" from file /usr/local/etc/raddb/mods-enabled/attr_filter
                  attr_filter attr_filter.access_challenge {
                        filename = "/usr/local/etc/raddb/mods-config/attr_filter/access_challenge"
                        key = "%{User-Name}"
                        relaxed = no
                  }
                  # Loading module "attr_filter.accounting_response" from file /usr/local/etc/raddb/mods-enabled/attr_filter
                  attr_filter attr_filter.accounting_response {
                        filename = "/usr/local/etc/raddb/mods-config/attr_filter/accounting_response"
                        key = "%{User-Name}"
                        relaxed = no
                  }
                  # Loaded module rlm_realm
                  # Loading module "IPASS" from file /usr/local/etc/raddb/mods-enabled/realm
                  realm IPASS {
                        format = "prefix"
                        delimiter = "/"
                        ignore_default = no
                        ignore_null = yes
                  }
                  # Loading module "suffix" from file /usr/local/etc/raddb/mods-enabled/realm
                  realm suffix {
                        format = "suffix"
                        delimiter = "@"
                        ignore_default = no
                        ignore_null = yes
                  }
                  # Loading module "realmpercent" from file /usr/local/etc/raddb/mods-enabled/realm
                  realm realmpercent {
                        format = "suffix"
                        delimiter = "%"
                        ignore_default = no
                        ignore_null = yes
                  }
                  # Loading module "ntdomain" from file /usr/local/etc/raddb/mods-enabled/realm
                  realm ntdomain {
                        format = "prefix"
                        delimiter = "\"
                        ignore_default = no
                        ignore_null = yes
                  }
                  # Loaded module rlm_passwd
                  # Loading module "etc_passwd" from file /usr/local/etc/raddb/mods-enabled/passwd
                  passwd etc_passwd {
                        filename = "/etc/passwd"
                        format = "*User-Name:Crypt-Password:"
                        delimiter = ":"
                        ignore_nislike = no
                        ignore_empty = yes
                        allow_multiple_keys = no
                        hash_size = 100
                  }
                  # Loaded module rlm_chap
                  # Loading module "chap" from file /usr/local/etc/raddb/mods-enabled/chap
                  # Loaded module rlm_date
                  # Loading module "date" from file /usr/local/etc/raddb/mods-enabled/date
                  date {
                        format = "%b %e %Y %H:%M:%S %Z"
                        utc = no
                  }
                  # Loaded module rlm_cache
                  # Loading module "cache_eap" from file /usr/local/etc/raddb/mods-enabled/cache_eap
                  cache cache_eap {
                        driver = "rlm_cache_rbtree"
                        key = "%{%{control:State}:-%{%{reply:State}:-%{State}}}"
                        ttl = 15
                        max_entries = 0
                        epoch = 0
                        add_stats = no
                  }
                  # Loaded module rlm_always
                  # Loading module "reject" from file /usr/local/etc/raddb/mods-enabled/always
                  always reject {
                        rcode = "reject"
                        simulcount = 0
                        mpp = no
                  }
                  # Loading module "fail" from file /usr/local/etc/raddb/mods-enabled/always
                  always fail {
                        rcode = "fail"
                        simulcount = 0
                        mpp = no
                  }
                  # Loading module "ok" from file /usr/local/etc/raddb/mods-enabled/always
                  always ok {
                        rcode = "ok"
                        simulcount = 0
                        mpp = no
                  }
                  # Loading module "handled" from file /usr/local/etc/raddb/mods-enabled/always
                  always handled {
                        rcode = "handled"
                        simulcount = 0
                        mpp = no
                  }
                  # Loading module "invalid" from file /usr/local/etc/raddb/mods-enabled/always
                  always invalid {
                        rcode = "invalid"
                        simulcount = 0
                        mpp = no
                  }
                  # Loading module "userlock" from file /usr/local/etc/raddb/mods-enabled/always
                  always userlock {
                        rcode = "userlock"
                        simulcount = 0
                        mpp = no
                  }
                  # Loading module "notfound" from file /usr/local/etc/raddb/mods-enabled/always
                  always notfound {
                        rcode = "notfound"
                        simulcount = 0
                        mpp = no
                  }
                  # Loading module "noop" from file /usr/local/etc/raddb/mods-enabled/always
                  always noop {
                        rcode = "noop"
                        simulcount = 0
                        mpp = no
                  }
                  # Loading module "updated" from file /usr/local/etc/raddb/mods-enabled/always
                  always updated {
                        rcode = "updated"
                        simulcount = 0
                        mpp = no
                  }
                  # Loaded module rlm_expiration
                  # Loading module "expiration" from file /usr/local/etc/raddb/mods-enabled/expiration
                  # Loaded module rlm_files
                  # Loading module "files" from file /usr/local/etc/raddb/mods-enabled/files
                  files {
                        filename = "/usr/local/etc/raddb/mods-config/files/authorize"
                        acctusersfile = "/usr/local/etc/raddb/mods-config/files/accounting"
                        preproxy_usersfile = "/usr/local/etc/raddb/mods-config/files/pre-proxy"
                  }
                  # Loaded module rlm_sqlcounter
                  # Loading module "dailycounter" from file /usr/local/etc/raddb/mods-enabled/sqlcounter
                  sqlcounter dailycounter {
                        sql_module_instance = "sql"
                        key = "User-Name"
                        query = "SELECT SUM(acctsessiontime - GREATEST((%%b - UNIX_TIMESTAMP(acctstarttime)), 0)) FROM radacct WHERE username = '%{User-Name}' AND UNIX_TIMESTAMP(acctstarttime) + acctsessiontime > '%%b'"
                        reset = "daily"
                        counter_name = "Daily-Session-Time"
                        check_name = "Max-Daily-Session"
                        reply_name = "Session-Timeout"
                  }
                  # Loading module "monthlycounter" from file /usr/local/etc/raddb/mods-enabled/sqlcounter
                  sqlcounter monthlycounter {
                        sql_module_instance = "sql"
                        key = "User-Name"
                        query = "SELECT SUM(acctsessiontime - GREATEST((%%b - UNIX_TIMESTAMP(acctstarttime)), 0)) FROM radacct WHERE username='%{User-Name}' AND UNIX_TIMESTAMP(acctstarttime) + acctsessiontime > '%%b'"
                        reset = "monthly"
                        counter_name = "Monthly-Session-Time"
                        check_name = "Max-Monthly-Session"
                        reply_name = "Session-Timeout"
                  }
                  # Loading module "noresetcounter" from file /usr/local/etc/raddb/mods-enabled/sqlcounter
                  sqlcounter noresetcounter {
                        sql_module_instance = "sql"
                        key = "User-Name"
                        query = "SELECT IFNULL(SUM(AcctSessionTime),0) FROM radacct WHERE UserName='%{User-Name}'"
                        reset = "never"
                        counter_name = "Max-All-Session-Time"
                        check_name = "Max-All-Session"
                        reply_name = "Session-Timeout"
                  }
                  # Loading module "expire_on_login" from file /usr/local/etc/raddb/mods-enabled/sqlcounter
                  sqlcounter expire_on_login {
                        sql_module_instance = "sql"
                        key = "User-Name"
                        query = "SELECT IFNULL( MAX(TIME_TO_SEC(TIMEDIFF(NOW(), acctstarttime))),0) FROM radacct WHERE UserName='%{User-Name}' ORDER BY acctstarttime LIMIT 1;"
                        reset = "never"
                        counter_name = "Expire-After-Initial-Login"
                        check_name = "Expire-After"
                        reply_name = "Session-Timeout"
                  }
                
                
                1 Reply Last reply Reply Quote 0
                • P
                  pfadmin
                  last edited by

                    # Loaded module rlm_linelog
                    # Loading module "linelog" from file /usr/local/etc/raddb/mods-enabled/linelog
                    linelog {
                          filename = "/var/log/linelog"
                          escape_filenames = no
                          syslog_severity = "info"
                          permissions = 384
                          format = "This is a log message for %{User-Name}"
                          reference = "messages.%{%{reply:Packet-Type}:-default}"
                    }
                    # Loading module "log_accounting" from file /usr/local/etc/raddb/mods-enabled/linelog
                    linelog log_accounting {
                          filename = "/var/log/linelog-accounting"
                          escape_filenames = no
                          syslog_severity = "info"
                          permissions = 384
                          format = ""
                          reference = "Accounting-Request.%{%{Acct-Status-Type}:-unknown}"
                    }
                    # Loading module "radutmp" from file /usr/local/etc/raddb/mods-enabled/radutmp
                    radutmp {
                          filename = "/var/log/radutmp"
                          username = "%{User-Name}"
                          case_sensitive = yes
                          check_with_nas = yes
                          permissions = 384
                          caller_id = yes
                    }
                    instantiate {
                    # Instantiating module "expiration" from file /usr/local/etc/raddb/mods-enabled/expiration
                    # Instantiating module "logintime" from file /usr/local/etc/raddb/mods-enabled/logintime
                    # Instantiating module "sql1" from file /usr/local/etc/raddb/mods-enabled/sql
                  rlm_sql_mysql: libmysql version: 5.6.39
                     mysql {
                      tls {
                      }
                          warnings = "auto"
                     }
                  rlm_sql (sql1): Attempting to connect to database "radius"
                  rlm_sql (sql1): Initialising connection pool
                     pool {
                          start = 5
                          min = 3
                          max = 5
                          spare = 10
                          uses = 0
                          lifetime = 0
                          cleanup_interval = 30
                          idle_timeout = 60
                          retry_delay = 60
                          spread = no
                     }
                  WARNING: Ignoring "spare = 10", forcing to "spare = 2"
                  rlm_sql (sql1): Opening additional connection (0), 1 of 5 pending slots used
                  rlm_sql_mysql: Starting connect to MySQL server
                  rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX socket, server version 5.6.40, protocol version 10
                  rlm_sql (sql1): Opening additional connection (1), 1 of 4 pending slots used
                  rlm_sql_mysql: Starting connect to MySQL server
                  rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX socket, server version 5.6.40, protocol version 10
                  rlm_sql (sql1): Opening additional connection (2), 1 of 3 pending slots used
                  rlm_sql_mysql: Starting connect to MySQL server
                  rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX socket, server version 5.6.40, protocol version 10
                  rlm_sql (sql1): Opening additional connection (3), 1 of 2 pending slots used
                  rlm_sql_mysql: Starting connect to MySQL server
                  rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX socket, server version 5.6.40, protocol version 10
                  rlm_sql (sql1): Opening additional connection (4), 1 of 1 pending slots used
                  rlm_sql_mysql: Starting connect to MySQL server
                  rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX socket, server version 5.6.40, protocol version 10
                  rlm_sql (sql1): Processing generate_sql_clients
                  rlm_sql (sql1) in generate_sql_clients: query is SELECT id, nasname, shortname, type, secret, server FROM nas
                  rlm_sql (sql1): Reserved connection (0)
                  rlm_sql (sql1): Executing select query: SELECT id, nasname, shortname, type, secret, server FROM nas
                  rlm_sql (sql1): Released connection (0)
                    }
                    # Instantiating module "pap" from file /usr/local/etc/raddb/mods-enabled/pap
                    # Instantiating module "eap" from file /usr/local/etc/raddb/mods-enabled/eap
                     # Linked to sub-module rlm_eap_md5
                     # Linked to sub-module rlm_eap_leap
                     # Linked to sub-module rlm_eap_gtc
                     gtc {
                          challenge = "Password: "
                          auth_type = "PAP"
                     }
                     # Linked to sub-module rlm_eap_tls
                     tls {
                          tls = "tls-common"
                     }
                     tls-config tls-common {
                          verify_depth = 0
                          ca_path = "/usr/local/etc/raddb/certs"
                          pem_file_type = yes
                          private_key_file = "/usr/local/etc/raddb/certs/server_key.pem"
                          certificate_file = "/usr/local/etc/raddb/certs/server_cert.pem"
                          ca_file = "/usr/local/etc/raddb/certs/ca_cert.pem"
                          dh_file = "/usr/local/etc/raddb/certs/dh"
                          random_file = "/dev/urandom"
                          fragment_size = 1024
                          include_length = yes
                          auto_chain = yes
                          check_crl = no
                          check_all_crl = no
                          cipher_list = "DEFAULT"
                          cipher_server_preference = no
                          ecdh_curve = "prime256v1"
                      cache {
                          enable = no
                          lifetime = 24
                          max_entries = 255
                      }
                      verify {
                          skip_if_ocsp_ok = no
                      }
                      ocsp {
                          enable = no
                          override_cert_url = no
                          url = "http://127.0.0.1/ocsp/"
                          use_nonce = yes
                          timeout = 0
                          softfail = no
                      }
                     }
                     # Linked to sub-module rlm_eap_ttls
                     ttls {
                          tls = "tls-common"
                          default_eap_type = "md5"
                          copy_request_to_tunnel = no
                          use_tunneled_reply = no
                          virtual_server = "inner-tunnel-ttls"
                          include_length = yes
                          require_client_cert = no
                     }
                  tls: Using cached TLS configuration from previous invocation
                     # Linked to sub-module rlm_eap_peap
                     peap {
                          tls = "tls-common"
                          default_eap_type = "mschapv2"
                          copy_request_to_tunnel = no
                          use_tunneled_reply = no
                          proxy_tunneled_request_as_eap = yes
                          virtual_server = "inner-tunnel-peap"
                          soh = no
                          require_client_cert = no
                     }
                  tls: Using cached TLS configuration from previous invocation
                     # Linked to sub-module rlm_eap_mschapv2
                     mschapv2 {
                          with_ntdomain_hack = no
                          send_error = no
                     }
                    # Instantiating module "detail" from file /usr/local/etc/raddb/mods-enabled/detail
                    # Instantiating module "mschap" from file /usr/local/etc/raddb/mods-enabled/mschap
                  rlm_mschap (mschap): using internal authentication
                    # Instantiating module "auth_log" from file /usr/local/etc/raddb/mods-enabled/detail.log
                  rlm_detail (auth_log): 'User-Password' suppressed, will not appear in detail output
                    # Instantiating module "reply_log" from file /usr/local/etc/raddb/mods-enabled/detail.log
                    # Instantiating module "pre_proxy_log" from file /usr/local/etc/raddb/mods-enabled/detail.log
                    # Instantiating module "post_proxy_log" from file /usr/local/etc/raddb/mods-enabled/detail.log
                    # Instantiating module "preprocess" from file /usr/local/etc/raddb/mods-enabled/preprocess
                  reading pairlist file /usr/local/etc/raddb/mods-config/preprocess/huntgroups
                  reading pairlist file /usr/local/etc/raddb/mods-config/preprocess/hints
                    # Instantiating module "attr_filter.post-proxy" from file /usr/local/etc/raddb/mods-enabled/attr_filter
                  reading pairlist file /usr/local/etc/raddb/mods-config/attr_filter/post-proxy
                    # Instantiating module "attr_filter.pre-proxy" from file /usr/local/etc/raddb/mods-enabled/attr_filter
                  reading pairlist file /usr/local/etc/raddb/mods-config/attr_filter/pre-proxy
                    # Instantiating module "attr_filter.access_reject" from file /usr/local/etc/raddb/mods-enabled/attr_filter
                  reading pairlist file /usr/local/etc/raddb/mods-config/attr_filter/access_reject
                  [/usr/local/etc/raddb/mods-config/attr_filter/access_reject]:11 Check item "FreeRADIUS-Response-Delay"  found in filter list for realm "DEFAULT".
                  [/usr/local/etc/raddb/mods-config/attr_filter/access_reject]:11 Check item "FreeRADIUS-Response-Delay-USec"     found in filter list for realm "DEFAULT".
                    # Instantiating module "attr_filter.access_challenge" from file /usr/local/etc/raddb/mods-enabled/attr_filter
                  reading pairlist file /usr/local/etc/raddb/mods-config/attr_filter/access_challenge
                    # Instantiating module "attr_filter.accounting_response" from file /usr/local/etc/raddb/mods-enabled/attr_filter
                  reading pairlist file /usr/local/etc/raddb/mods-config/attr_filter/accounting_response
                    # Instantiating module "IPASS" from file /usr/local/etc/raddb/mods-enabled/realm
                    # Instantiating module "suffix" from file /usr/local/etc/raddb/mods-enabled/realm
                    # Instantiating module "realmpercent" from file /usr/local/etc/raddb/mods-enabled/realm
                    # Instantiating module "ntdomain" from file /usr/local/etc/raddb/mods-enabled/realm
                    # Instantiating module "etc_passwd" from file /usr/local/etc/raddb/mods-enabled/passwd
                  rlm_passwd: nfields: 3 keyfield 0(User-Name) listable: no
                    # Instantiating module "cache_eap" from file /usr/local/etc/raddb/mods-enabled/cache_eap
                  rlm_cache (cache_eap): Driver rlm_cache_rbtree (module rlm_cache_rbtree) loaded and linked
                    # Instantiating module "reject" from file /usr/local/etc/raddb/mods-enabled/always
                    # Instantiating module "fail" from file /usr/local/etc/raddb/mods-enabled/always
                    # Instantiating module "ok" from file /usr/local/etc/raddb/mods-enabled/always
                    # Instantiating module "handled" from file /usr/local/etc/raddb/mods-enabled/always
                    # Instantiating module "invalid" from file /usr/local/etc/raddb/mods-enabled/always
                    # Instantiating module "userlock" from file /usr/local/etc/raddb/mods-enabled/always
                    # Instantiating module "notfound" from file /usr/local/etc/raddb/mods-enabled/always
                    # Instantiating module "noop" from file /usr/local/etc/raddb/mods-enabled/always
                    # Instantiating module "updated" from file /usr/local/etc/raddb/mods-enabled/always
                    # Instantiating module "files" from file /usr/local/etc/raddb/mods-enabled/files
                  reading pairlist file /usr/local/etc/raddb/mods-config/files/authorize
                  reading pairlist file /usr/local/etc/raddb/mods-config/files/accounting
                  reading pairlist file /usr/local/etc/raddb/mods-config/files/pre-proxy
                    # Instantiating module "dailycounter" from file /usr/local/etc/raddb/mods-enabled/sqlcounter
                  rlm_sqlcounter: Current Time: 1534343054 [2018-08-15 16:24:14], Prev reset 1534284000 [2018-08-15 00:00:00]
                    # Instantiating module "monthlycounter" from file /usr/local/etc/raddb/mods-enabled/sqlcounter
                  rlm_sqlcounter: Current Time: 1534343054 [2018-08-15 16:24:14], Prev reset 1533074400 [2018-08-01 00:00:00]
                    # Instantiating module "noresetcounter" from file /usr/local/etc/raddb/mods-enabled/sqlcounter
                  rlm_sqlcounter: Current Time: 1534343054 [2018-08-15 16:24:14], Prev reset 0 [2018-08-15 16:00:00]
                    # Instantiating module "expire_on_login" from file /usr/local/etc/raddb/mods-enabled/sqlcounter
                  rlm_sqlcounter: Current Time: 1534343054 [2018-08-15 16:24:14], Prev reset 0 [2018-08-15 16:00:00]
                    # Instantiating module "linelog" from file /usr/local/etc/raddb/mods-enabled/linelog
                    # Instantiating module "log_accounting" from file /usr/local/etc/raddb/mods-enabled/linelog
                   } # modules
                  radiusd: #### Loading Virtual Servers ####
                  server { # from file /usr/local/etc/raddb/radiusd.conf
                  } # server
                  server inner-tunnel-ttls { # from file /usr/local/etc/raddb/sites-enabled/inner-tunnel-ttls
                   # Loading authenticate {...}
                   # Loading authorize {...}
                  Ignoring "sql" (see raddb/mods-available/README.rst)
                  Ignoring "ldap" (see raddb/mods-available/README.rst)
                   # Loading session {...}
                   # Loading post-proxy {...}
                   # Loading post-auth {...}
                   # Skipping contents of 'if' as it is always 'false' -- /usr/local/etc/raddb/sites-enabled/inner-tunnel-ttls:63
                  } # server inner-tunnel-ttls
                  server default { # from file /usr/local/etc/raddb/sites-enabled/default
                   # Loading authenticate {...}
                   # Loading authorize {...}
                  /usr/local/etc/raddb/sites-enabled/default[35]: Failed to find "daily" as a module or policy.
                  /usr/local/etc/raddb/sites-enabled/default[35]: Please verify that the configuration exists in /usr/local/etc/raddb/mods-enabled/daily.
                  /usr/local/etc/raddb/sites-enabled/default[13]: Errors parsing authorize section.
                  
                  1 Reply Last reply Reply Quote 0
                  • P
                    pfadmin @jimp
                    last edited by

                    @jimp Hey Jim, is it in progress or did you give it up to tell me what you really need to fix the problem :-)

                    1 Reply Last reply Reply Quote 0
                    • jimpJ
                      jimp Rebel Alliance Developer Netgate
                      last edited by

                      I haven't had time to try it out and see if I could tell what was wrong. I haven't spent much time working on that package in months and I've got my hands full at the moment. Might be a while before I can take a look deep enough to fix anything in that package.

                      Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                      Need help fast? Netgate Global Support!

                      Do not Chat/PM for help!

                      P 1 Reply Last reply Reply Quote 0
                      • P
                        pfadmin @jimp
                        last edited by

                        @jimp Ok, thanks 👍

                        1 Reply Last reply Reply Quote 0
                        • K
                          kramtw
                          last edited by

                          hi
                          i am able to get freeradius working with the captive portal but when i enable the sql freeradius stops working is this the right place to ask this question?

                          thanks

                          P 1 Reply Last reply Reply Quote 0
                          • GertjanG
                            Gertjan
                            last edited by Gertjan

                            @kramtw : This thread is about freeradius not starting.
                            Your question is about mysql not starting ?

                            No "help me" PM's please. Use the forum, the community will thank you.
                            Edit : and where are the logs ??

                            1 Reply Last reply Reply Quote 0
                            • P
                              pfadmin @kramtw
                              last edited by

                              @kramtw No, not the right thread because I 'm not using Captive Portal. It's only about Freeradius with accounting in mysql but not authentication in mysql.

                              1 Reply Last reply Reply Quote 0
                              • First post
                                Last post
                              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.