search

FreeRADIUS / freeradius-server

FreeRADIUS - A multi-protocol policy server.
http://freeradius.org
GNU General Public License v2.0
2.11k stars 1.08k forks source link

[defect]: Typo preventing section in EAP-SIM from being used #4395

Closed forwardpointer closed 2 years ago

forwardpointer commented 2 years ago

What type of defect/bug is this?

Unexpected behaviour (obvious or verified by project member)

How can the issue be reproduced?

The typo can be found in the master branch.

In the default configuration file provided in raddb/sites-available/eap-aka-sim, there are optional sections called Start-Request and Start-Response 

#   send Start-Request {
#       ok
#   }

#   recv Start-Response {
#       ok
#   }

However, the corresponding name that freeradius looks for is found in src/process/eap_sim/base.c

    /*
     *  Optional override sections if the user *really*
     *  wants to apply special policies for subsequent
     *  request/response rounds.
     */
    {
        .name = "send", 
        .name2 = "Start", //                                            <------------ should be Start-Request
        .component = MOD_AUTHORIZE,
        .offset = offsetof(eap_aka_sim_process_conf_t, actions.send_sim_start_request)
    },
    {
        .name = "recv",
        .name2 = "Start", //                                            <------------ should be Start-Response
        .component = MOD_AUTHORIZE,
        .offset = offsetof(eap_aka_sim_process_conf_t, actions.recv_sim_start_response)
    },

If the user wants to apply special policies for EAP-SIM then the default configuration file provided would not work for them.

Log output from the FreeRADIUS daemon

Info  : FreeRADIUS Version 4.0.0
Info  : Copyright 1999-2021 The FreeRADIUS server project and contributors
Info  : There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
Info  : PARTICULAR PURPOSE
Info  : You may redistribute copies of FreeRADIUS under the terms of the
Info  : GNU General Public License
Info  : For more information about these matters, see the file named COPYRIGHT
Info  : Starting - reading configuration files ...
Debug : Including dictionary file "/etc/freeradius/dictionary"
Debug : including configuration file /etc/freeradius/radiusd.conf
Debug : Including files in directory "/etc/freeradius/template.d/"
Debug : including configuration file /etc/freeradius/template.d/default
Debug : including configuration file /etc/freeradius/clients.conf
Debug : Including files in directory "/etc/freeradius/mods-enabled/"
Debug : including configuration file /etc/freeradius/mods-enabled/always
Debug : including configuration file /etc/freeradius/mods-enabled/attr_filter
Debug : including configuration file /etc/freeradius/mods-enabled/cache_eap
Debug : including configuration file /etc/freeradius/mods-enabled/chap
Debug : including configuration file /etc/freeradius/mods-enabled/client
Debug : including configuration file /etc/freeradius/mods-enabled/delay
Debug : including configuration file /etc/freeradius/mods-enabled/detail
Debug : including configuration file /etc/freeradius/mods-enabled/detail.log
Debug : including configuration file /etc/freeradius/mods-enabled/dhcpv4
Debug : including configuration file /etc/freeradius/mods-enabled/digest
Debug : including configuration file /etc/freeradius/mods-enabled/eap
Debug : including configuration file /etc/freeradius/mods-enabled/eap_inner
Debug : including configuration file /etc/freeradius/mods-enabled/echo
Debug : including configuration file /etc/freeradius/mods-enabled/exec
Debug : including configuration file /etc/freeradius/mods-enabled/expiration
Debug : including configuration file /etc/freeradius/mods-enabled/expr
Debug : including configuration file /etc/freeradius/mods-enabled/files
Debug : including configuration file /etc/freeradius/mods-enabled/linelog
Debug : including configuration file /etc/freeradius/mods-enabled/logintime
Debug : including configuration file /etc/freeradius/mods-enabled/mschap
Debug : including configuration file /etc/freeradius/mods-enabled/ntlm_auth
Debug : including configuration file /etc/freeradius/mods-enabled/pam
Debug : including configuration file /etc/freeradius/mods-enabled/pap
Debug : including configuration file /etc/freeradius/mods-enabled/passwd
Debug : including configuration file /etc/freeradius/mods-enabled/radutmp
Debug : including configuration file /etc/freeradius/mods-enabled/soh
Debug : including configuration file /etc/freeradius/mods-enabled/sradutmp
Debug : including configuration file /etc/freeradius/mods-enabled/stats
Debug : including configuration file /etc/freeradius/mods-enabled/unix
Debug : including configuration file /etc/freeradius/mods-enabled/unpack
Debug : including configuration file /etc/freeradius/mods-enabled/utf8
Debug : Including files in directory "/etc/freeradius/policy.d/"
Debug : including configuration file /etc/freeradius/policy.d/abfab-tr
Debug : including configuration file /etc/freeradius/policy.d/accounting
Debug : including configuration file /etc/freeradius/policy.d/canonicalisation
Debug : including configuration file /etc/freeradius/policy.d/control
Debug : including configuration file /etc/freeradius/policy.d/cui
Debug : including configuration file /etc/freeradius/policy.d/debug
Debug : including configuration file /etc/freeradius/policy.d/dhcp
Debug : including configuration file /etc/freeradius/policy.d/eap
Debug : including configuration file /etc/freeradius/policy.d/filter
Debug : including configuration file /etc/freeradius/policy.d/operator-name
Debug : including configuration file /etc/freeradius/policy.d/tacacs
Debug : including configuration file /etc/freeradius/policy.d/time
Debug : including configuration file /etc/freeradius/policy.d/vendor
Debug : Including files in directory "/etc/freeradius/sites-enabled/"
Debug : including configuration file /etc/freeradius/sites-enabled/default
Info  : Loaded module "process_radius"
Info  : Loaded module "proto_radius"
Debug : including configuration file /etc/freeradius/sites-enabled/eap-aka-sim
Info  : Loaded module "process_eap_aka"
Debug : including configuration file /etc/freeradius/sites-enabled/inner-tunnel
Debug : Parsing security rules to bootstrap UID / GID / chroot / etc.
Debug : main {
Debug :   prefix = /usr
Debug :   security {
Debug :     user = freerad
Debug :     group = freerad
Debug :     allow_core_dumps = no
Debug :     openssl_fips_mode = no
Debug :   }
Debug :   name = freeradius
Debug :   local_state_dir = "/usr/var"
Debug :   run_dir = /var/run/freeradius
Debug : }
Debug : Parsing main configuration.
Debug : main {
Debug :   server default {
Debug :     namespace = radius
Debug :     radius {
Debug :       Access-Request {
Debug :         log {
Debug :           stripped_names = no
Debug :           auth = no
Debug :           auth_badpass = no
Debug :           auth_goodpass = no
Debug :           msg_denied = "You are already logged in - access denied"
Debug :         }
Debug :         session {
Debug :           timeout = 15
Debug :           max = 4096
Debug :         }
Debug :       }
Debug :     }
Debug :     listen {
Debug :       type = Access-Request
Debug :       type = Status-Server
Debug :       transport = udp
Info  : Loaded module "proto_radius_udp"
Debug :       udp {
Debug :         ipaddr = *
Debug :         port = 1812
Debug :         networks {
Debug :           allow = 127/8
Debug :           allow = 192.0.2/24
Debug :         }
Debug :         max_packet_size = 4096
Debug :         max_attributes = 255
Debug :       }
Debug :       limit {
Debug :         cleanup_delay = 5
Debug :         idle_timeout = 60
Debug :         nak_lifetime = 30
Debug :         max_connections = 256
Debug :         max_clients = 256
Debug :         max_pending_packets = 256
Debug :       }
Debug :       priority {
Debug :         Access-Request = high
Debug :         Accounting-Request = low
Debug :         CoA-Request = normal
Debug :         Disconnect-Request = low
Debug :         Status-Server = now
Debug :       }
Debug :     }
Debug :     listen {
Debug :       type = Access-Request
Debug :       type = Status-Server
Debug :       transport = tcp
Info  : Loaded module "proto_radius_tcp"
Debug :       tcp {
Debug :         ipaddr = *
Debug :         port = 1812
Debug :         networks {
Debug :           allow = 127/8
Debug :           allow = 192.0.2/24
Debug :         }
Debug :         max_packet_size = 4096
Debug :         max_attributes = 255
Debug :       }
Debug :       limit {
Debug :         cleanup_delay = 5
Debug :         idle_timeout = 30
Debug :         nak_lifetime = 30
Debug :         max_connections = 1024
Debug :         max_clients = 256
Debug :         max_pending_packets = 256
Debug :       }
Debug :       priority {
Debug :         Access-Request = high
Debug :         Accounting-Request = low
Debug :         CoA-Request = normal
Debug :         Disconnect-Request = low
Debug :         Status-Server = now
Debug :       }
Debug :     }
Debug :     listen {
Debug :       type = Accounting-Request
Debug :       transport = udp
Debug :       udp {
Debug :         ipaddr = *
Debug :         port = 1813
Debug :         networks {
Debug :         }
Debug :         max_packet_size = 4096
Debug :         max_attributes = 255
Debug :       }
Debug :       limit {
Debug :         cleanup_delay = 5
Debug :         idle_timeout = 30
Debug :         nak_lifetime = 30
Debug :         max_connections = 1024
Debug :         max_clients = 256
Debug :         max_pending_packets = 256
Debug :       }
Debug :       priority {
Debug :         Access-Request = high
Debug :         Accounting-Request = low
Debug :         CoA-Request = normal
Debug :         Disconnect-Request = low
Debug :         Status-Server = now
Debug :       }
Debug :     }
Debug :   }
Debug :   server eap-aka-sim {
Debug :     namespace = eap-aka
Debug :     eap-aka {
Debug :       strip_permanent_identity_hint = yes
Debug :       ephemeral_id_length = 14
Debug :       protected_success = no
Debug :     }
Debug :   }
Debug :   server inner-tunnel {
Debug :     namespace = radius
Debug :     radius {
Debug :       Access-Request {
Debug :         log {
Debug :           stripped_names = no
Debug :           auth = no
Debug :           auth_badpass = no
Debug :           auth_goodpass = no
Debug :           msg_denied = "You are already logged in - access denied"
Debug :         }
Debug :         session {
Debug :           timeout = 15
Debug :           max = 4096
Debug :         }
Debug :       }
Debug :     }
Debug :     listen {
Debug :       type = Access-Request
Debug :       transport = udp
Debug :       udp {
Debug :         ipaddr = 127.0.0.1
Debug :         port = 18120
Debug :         networks {
Debug :         }
Debug :         max_packet_size = 4096
Debug :         max_attributes = 255
Debug :       }
Debug :       limit {
Debug :         cleanup_delay = 5
Debug :         idle_timeout = 30
Debug :         nak_lifetime = 30
Debug :         max_connections = 1024
Debug :         max_clients = 256
Debug :         max_pending_packets = 256
Debug :       }
Debug :       priority {
Debug :         Access-Request = high
Debug :         Accounting-Request = low
Debug :         CoA-Request = normal
Debug :         Disconnect-Request = low
Debug :         Status-Server = now
Debug :       }
Debug :     }
Debug :   }
Debug :   security {
Debug :   }
Debug :   sbin_dir = "/usr/sbin"
Debug :   logdir = /var/log/freeradius
Debug :   radacctdir = /var/log/freeradius/radacct
Debug :   reverse_lookups = no
Debug :   hostname_lookups = yes
Debug :   max_request_time = 30
Debug :   pidfile = /var/run/freeradius/freeradius.pid
Debug :   debug_level = 0
Debug :   max_requests = 16384
Debug :   log {
Debug :     colourise = yes
Debug :   }
Debug :   resources {
Debug :   }
Debug :   thread pool {
Debug :     num_networks = 1
Debug :     num_workers = 4
Debug :   }
Debug : }
Info  : Switching to configured log settings
Debug : freeradius: #### Loading Clients ####
Debug :   client localhost {
Debug :     ipaddr = 127.0.0.1
Debug :     require_message_authenticator = no
Debug :     secret = <<< secret >>>
Debug :     proto = *
Debug :     limit {
Debug :       max_connections = 16
Debug :       lifetime = 0
Debug :       idle_timeout = 30
Debug :     }
Debug :   }
Debug :   client localhost_ipv6 {
Debug :     ipv6addr = ::1
Debug :     require_message_authenticator = no
Debug :     secret = <<< secret >>>
Debug :     limit {
Debug :       max_connections = 16
Debug :       lifetime = 0
Debug :       idle_timeout = 30
Debug :     }
Debug :   }
Debug :   client example.org {
Debug :     ipaddr = 0.0.0.0/0
Debug :     require_message_authenticator = no
Debug :     secret = <<< secret >>>
Debug :     limit {
Debug :       max_connections = 16
Debug :       lifetime = 0
Debug :       idle_timeout = 30
Debug :     }
Debug :   }
Info  : Debugger not attached
Info  : systemd watchdog is disabled
Warn  : trigger { ... } subsection not found, triggers will be disabled
Debug : #### Bootstrapping listeners ####
Debug :     client localhost {
Debug :       ipaddr = 192.0.2.1
Debug :       require_message_authenticator = no
Debug :       secret = <<< secret >>>
Debug :       shortname = sample
Debug :       limit {
Debug :         max_connections = 16
Debug :         lifetime = 0
Debug :         idle_timeout = 30
Debug :       }
Debug :     }
Debug : Creating Auth-Type = pap
Debug : Creating Auth-Type = chap
Debug : Creating Auth-Type = mschap
Debug : Creating Auth-Type = digest
Debug : Creating Auth-Type = ldap
Debug : Creating Auth-Type = eap
Debug : #### Bootstrapping modules ####
Debug :  modules {
Info  : Loaded module "rlm_always"
Debug :     always reject {
Debug :       rcode = reject
Debug :       simulcount = 0
Debug :       mpp = no
Debug :     }
Debug : Bootstrapping module "reject"
Debug :     always fail {
Debug :       rcode = fail
Debug :       simulcount = 0
Debug :       mpp = no
Debug :     }
Debug : Bootstrapping module "fail"
Debug :     always ok {
Debug :       rcode = ok
Debug :       simulcount = 0
Debug :       mpp = no
Debug :     }
Debug : Bootstrapping module "ok"
Debug :     always handled {
Debug :       rcode = handled
Debug :       simulcount = 0
Debug :       mpp = no
Debug :     }
Debug : Bootstrapping module "handled"
Debug :     always invalid {
Debug :       rcode = invalid
Debug :       simulcount = 0
Debug :       mpp = no
Debug :     }
Debug : Bootstrapping module "invalid"
Debug :     always disallow {
Debug :       rcode = disallow
Debug :       simulcount = 0
Debug :       mpp = no
Debug :     }
Debug : Bootstrapping module "disallow"
Debug :     always notfound {
Debug :       rcode = notfound
Debug :       simulcount = 0
Debug :       mpp = no
Debug :     }
Debug : Bootstrapping module "notfound"
Debug :     always noop {
Debug :       rcode = noop
Debug :       simulcount = 0
Debug :       mpp = no
Debug :     }
Debug : Bootstrapping module "noop"
Debug :     always updated {
Debug :       rcode = updated
Debug :       simulcount = 0
Debug :       mpp = no
Debug :     }
Debug : Bootstrapping module "updated"
Info  : Loaded module "rlm_attr_filter"
Debug :     attr_filter attr_filter.pre-proxy {
Debug :       filename = /etc/freeradius/mods-config/attr_filter/pre-proxy
Debug :       key = "%{Realm}"
Debug :       relaxed = no
Debug :     }
Debug :     attr_filter attr_filter.post-proxy {
Debug :       filename = /etc/freeradius/mods-config/attr_filter/post-proxy
Debug :       key = "%{Realm}"
Debug :       relaxed = no
Debug :     }
Debug :     attr_filter attr_filter.access_reject {
Debug :       filename = /etc/freeradius/mods-config/attr_filter/access_reject
Debug :       key = "%{User-Name}"
Debug :       relaxed = no
Debug :     }
Debug :     attr_filter attr_filter.access_challenge {
Debug :       filename = /etc/freeradius/mods-config/attr_filter/access_challenge
Debug :       key = "%{User-Name}"
Debug :       relaxed = no
Debug :     }
Debug :     attr_filter attr_filter.accounting_response {
Debug :       filename = /etc/freeradius/mods-config/attr_filter/accounting_response
Debug :       key = "%{User-Name}"
Debug :       relaxed = no
Debug :     }
Info  : Loaded module "rlm_cache"
Debug :     cache cache_eap {
Debug :       driver = "rlm_cache_rbtree"
Debug :       key = "%{%{control.State}:-%{%{reply.State}:-%{State}}}"
Debug :       ttl = 15
Debug :       max_entries = 0
Debug :       epoch = 0
Debug :       add_stats = no
Debug :     }
Debug : Bootstrapping module "cache_eap"
Info  : Loaded module "rlm_cache_rbtree"
Info  : Loaded module "rlm_chap"
Debug : Bootstrapping module "chap"
Info  : Loaded module "rlm_client"
Debug : Bootstrapping module "client"
Info  : Loaded module "rlm_delay"
Debug :     delay {
Debug :       delay = 1.0
Debug :       relative = no
Debug :       force_reschedule = no
Debug :     }
Debug : Bootstrapping module "delay"
Debug :     delay delay_reject {
Debug :       delay = "%{%{reply.FreeRADIUS-Response-Delay}:-1}"
Debug :       relative = yes
Debug :       force_reschedule = no
Debug :     }
Debug : Bootstrapping module "delay_reject"
Info  : Loaded module "rlm_detail"
Debug :     detail {
Debug :       filename = /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y-%m-%d
Debug :       header = "%t"
Debug :       permissions = 384
Debug :       locking = no
Debug :       escape_filenames = no
Debug :       log_packet_header = no
Debug :     }
Debug :     detail auth_log {
Debug :       filename = /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y-%m-%d
Debug :       header = "%t"
Debug :       permissions = 384
Debug :       locking = no
Debug :       escape_filenames = no
Debug :       log_packet_header = no
Debug :     }
Debug :     detail reply_log {
Debug :       filename = /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/reply-detail-%Y-%m-%d
Debug :       header = "%t"
Debug :       permissions = 384
Debug :       locking = no
Debug :       escape_filenames = no
Debug :       log_packet_header = no
Debug :     }
Debug :     detail pre_proxy_log {
Debug :       filename = /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/pre-proxy-detail-%Y-%m-%d
Debug :       header = "%t"
Debug :       permissions = 384
Debug :       locking = no
Debug :       escape_filenames = no
Debug :       log_packet_header = no
Debug :     }
Debug :     detail post_proxy_log {
Debug :       filename = /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/post-proxy-detail-%Y-%m-%d
Debug :       header = "%t"
Debug :       permissions = 384
Debug :       locking = no
Debug :       escape_filenames = no
Debug :       log_packet_header = no
Debug :     }
Info  : Loaded module "rlm_dhcpv4"
Info  : Loaded module "rlm_digest"
Debug : Bootstrapping module "digest"
Info  : Loaded module "rlm_eap"
Debug :     eap {
Debug :       default_eap_type = aka
Debug :       type = md5
Debug :       type = gtc
Debug :       type = tls
Debug :       type = ttls
Debug :       type = mschapv2
Debug :       type = peap
Debug :       type = aka
Debug :       ignore_unknown_eap_types = no
Debug :       cisco_accounting_username_bug = no
Debug :     }
Debug : Bootstrapping module "eap"
Info  : Loaded module "rlm_eap_md5"
Info  : Loaded module "rlm_eap_gtc"
Debug :       gtc {
Debug :         challenge = "Password: "
Debug :         auth_type = PAP
Debug :       }
Info  : Loaded module "rlm_eap_tls"
Debug :       tls {
Debug :         tls = tls-common
Debug :         require_client_cert = yes
Debug :         include_length = yes
Debug :       }
Info  : Loaded module "rlm_eap_ttls"
Debug :       ttls {
Debug :         tls = tls-common
Debug :         virtual_server = "inner-tunnel"
Debug :         include_length = yes
Debug :         require_client_cert = no
Debug :       }
Info  : Loaded module "rlm_eap_mschapv2"
Debug :       mschapv2 {
Debug :         with_ntdomain_hack = no
Debug :         auth_type = mschap
Debug :         send_error = no
Debug :       }
Info  : Loaded module "rlm_eap_peap"
Debug :       peap {
Debug :         tls = tls-common
Debug :         virtual_server = "inner-tunnel"
Debug :         soh = no
Debug :         require_client_cert = no
Debug :       }
Info  : Loaded module "rlm_eap_aka"
Debug :       aka {
Debug :         virtual_server = eap-aka-sim
Debug :         prefer_aka_prime = no
Debug :       }
Debug :     eap inner-eap {
Debug :       default_eap_type = mschapv2
Debug :       type = md5
Debug :       type = gtc
Debug :       type = mschapv2
Debug :       type = tls
Debug :       ignore_unknown_eap_types = no
Debug :       cisco_accounting_username_bug = no
Debug :     }
Debug : Bootstrapping module "inner-eap"
Debug :       gtc {
Debug :         challenge = "Password: "
Debug :         auth_type = PAP
Debug :       }
Debug :       mschapv2 {
Debug :         with_ntdomain_hack = no
Debug :         auth_type = mschap
Debug :         send_error = no
Debug :       }
Debug :       tls {
Debug :         tls = tls-peer
Debug :         require_client_cert = yes
Debug :         include_length = yes
Debug :       }
Info  : Loaded module "rlm_exec"
Debug :     exec echo {
Debug :       wait = yes
Debug :       program = "/bin/echo %{User-Name}"
Debug :       input_pairs = request
Debug :       output_pairs = reply
Debug :       shell_escape = yes
Debug :     }
Debug : Bootstrapping module "echo"
Debug :     exec {
Debug :       wait = yes
Debug :       input_pairs = request
Debug :       shell_escape = yes
Debug :       timeout = 10
Debug :     }
Debug : Bootstrapping module "exec"
Info  : Loaded module "rlm_expiration"
Info  : Loaded module "rlm_expr"
Debug : Bootstrapping module "expr"
Info  : Loaded module "rlm_files"
Debug :     files {
Debug :       filename = /etc/freeradius/mods-config/files/authorize
Debug :       acctusersfile = /etc/freeradius/mods-config/files/accounting
Debug :       key = "%{%{Stripped-User-Name}:-%{User-Name}}"
Debug :     }
Info  : Loaded module "rlm_linelog"
Debug :     linelog {
Debug :       destination = file
Debug :       delimiter = "\n"
Debug :       format = "This is a log message for %{User-Name}"
Debug :       reference = "messages.%{%{reply.Packet-Type}:-default}"
Debug :       file {
Debug :         filename = /var/log/freeradius/linelog
Debug :         permissions = 384
Debug :         escape_filenames = no
Debug :       }
Debug :       syslog {
Debug :         severity = "info"
Debug :       }
Debug :       unix {
Debug :       }
Debug :       tcp {
Debug :         server = localhost IPv4 address [127.0.0.1]
Debug :         port = 514
Debug :         timeout = 2
Debug :       }
Debug :       udp {
Debug :         server = localhost IPv4 address [127.0.0.1]
Debug :         port = 514
Debug :         timeout = 2
Debug :       }
Debug :     }
Debug :     linelog log_accounting {
Debug :       destination = file
Debug :       delimiter = "\n"
Debug :       format = ""
Debug :       reference = "Accounting-Request.%{%{Acct-Status-Type}:-unknown}"
Debug :       file {
Debug :         filename = /var/log/freeradius/linelog-accounting
Debug :         permissions = 384
Debug :         escape_filenames = no
Debug :       }
Debug :       syslog {
Debug :         severity = "info"
Debug :       }
Debug :       unix {
Debug :       }
Debug :       tcp {
Debug :         timeout = 1000
Debug :       }
Debug :       udp {
Debug :         timeout = 1000
Debug :       }
Debug :     }
Info  : Loaded module "rlm_logintime"
Debug :     logintime {
Debug :       minimum_timeout = 60
Debug :     }
Info  : Loaded module "rlm_mschap"
Debug :     mschap {
Debug :       normalise = yes
Debug :       use_mppe = yes
Debug :       require_encryption = no
Debug :       require_strong = no
Debug :       with_ntdomain_hack = yes
Debug :       passchange {
Debug :       }
Debug :       allow_retry = yes
Debug :       winbind {
Debug :         retry_with_normalised_username = no
Debug :       }
Debug :     }
Debug : Bootstrapping module "mschap"
Debug :     exec ntlm_auth {
Debug :       wait = yes
Debug :       program = "/path/to/ntlm_auth --request-nt-key --domain=MYDOMAIN --username=%{mschap:User-Name} --password=%{User-Password}"
Debug :       shell_escape = yes
Debug :     }
Debug : Bootstrapping module "ntlm_auth"
Info  : Loaded module "rlm_pam"
Debug :     pam {
Debug :       pam_auth = radiusd
Debug :     }
Info  : Loaded module "rlm_pap"
Debug :     pap {
Debug :       normalise = yes
Debug :     }
Debug : Bootstrapping module "pap"
Info  : Loaded module "rlm_passwd"
Debug :     passwd etc_passwd {
Debug :       filename = /etc/passwd
Debug :       format = "*User-Name:Crypt-Password:"
Debug :       delimiter = ":"
Debug :       ignore_nislike = no
Debug :       ignore_empty = yes
Debug :       allow_multiple_keys = no
Debug :       hash_size = 100
Debug :     }
Info  : Loaded module "rlm_radutmp"
Debug :     radutmp {
Debug :       filename = /var/log/freeradius/radutmp
Debug :       username = "%{User-Name}"
Debug :       check_with_nas = yes
Debug :       permissions = 384
Debug :       caller_id = no
Debug :     }
Info  : Loaded module "rlm_soh"
Debug :     soh {
Debug :       dhcp = yes
Debug :     }
Debug : Bootstrapping module "soh"
Debug :     radutmp sradutmp {
Debug :       filename = /var/log/freeradius/sradutmp
Debug :       username = "%{User-Name}"
Debug :       check_with_nas = yes
Debug :       permissions = 420
Debug :       caller_id = no
Debug :     }
Info  : Loaded module "rlm_stats"
Debug :     stats {
Debug :     }
Info  : Loaded module "rlm_unix"
Debug :     unix {
Debug :     }
Debug : Bootstrapping module "unix"
Debug : Creating attribute Unix-Group
Info  : Loaded module "rlm_unpack"
Debug : Bootstrapping module "unpack"
Info  : Loaded module "rlm_utf8"
Debug :   instantiate {
Debug :   }
Debug :  } # modules
Debug : #### Instantiating listeners ####
Debug : Compiling policies in server default { ... }
Debug : Compiling policies in - recv Access-Request {...}
Warn  : /etc/freeradius/sites-enabled/default[795]: Ignoring "-sql" as the "sql" module is not enabled.
Warn  : /etc/freeradius/sites-enabled/default[811]: Ignoring "-ldap" as the "ldap" module is not enabled.
Debug : Compiling policies in - send Access-Accept {...}
Warn  : /etc/freeradius/sites-enabled/default[1122]: Ignoring "-sql" as the "sql" module is not enabled.
Warn  : /etc/freeradius/policy.d/eap[78]: Please use the 'filter' keyword for attribute filtering
Debug : Compiling policies in - send Access-Challenge {...}
Debug : Compiling policies in - send Access-Reject {...}
Warn  : /etc/freeradius/sites-enabled/default[1246]: Ignoring "-sql" as the "sql" module is not enabled.
Warn  : /etc/freeradius/policy.d/eap[78]: Please use the 'filter' keyword for attribute filtering
Debug : Compiling policies in - recv Accounting-Request {...}
Debug : Compiling policies in - send Accounting-Response {...}
Warn  : /etc/freeradius/sites-enabled/default[1465]: Ignoring "-sql" as the "sql" module is not enabled.
Debug : Compiling policies in - recv Status-Server {...}
Debug : Compiling policies in - authenticate pap {...}
Debug : Compiling policies in - authenticate chap {...}
Debug : Compiling policies in - authenticate mschap {...}
Debug : Compiling policies in - authenticate digest {...}
Debug : Compiling policies in - authenticate ldap {...}
Warn  : /etc/freeradius/sites-enabled/default[981]: Ignoring "-ldap" as the "ldap" module is not enabled.
Debug : Compiling policies in - authenticate eap {...}
Warn  : /etc/freeradius/sites-enabled/default[80]: radius  { ... } section is unused
Warn  : /etc/freeradius/sites-enabled/default[1354]: accounting Start { ... } section is unused
Warn  : /etc/freeradius/sites-enabled/default[1361]: accounting Stop { ... } section is unused
Warn  : /etc/freeradius/sites-enabled/default[1368]: accounting Alive { ... } section is unused
Warn  : /etc/freeradius/sites-enabled/default[1375]: accounting Accounting-On { ... } section is unused
Warn  : /etc/freeradius/sites-enabled/default[1382]: accounting Accounting-Off { ... } section is unused
Warn  : /etc/freeradius/sites-enabled/default[1389]: accounting Failed { ... } section is unused
Debug : Compiling policies in server eap-aka-sim { ... }
Debug : Compiling policies in - recv Identity-Response {...}
Debug : Compiling policies in - send Identity-Request {...}
Debug : Compiling policies in - send Challenge-Request {...}
Debug : Compiling policies in - recv Challenge-Response {...}
Debug : Compiling policies in - send Reauthentication-Request {...}
Debug : Compiling policies in - recv Reauthentication-Response {...}
Debug : Compiling policies in - recv Client-Error {...}
Debug : Compiling policies in - recv Authentication-Reject {...}
Debug : Compiling policies in - send Failure-Notification {...}
Debug : Compiling policies in - recv Failure-Notification-ACK {...}
Debug : Compiling policies in - send Success-Notification {...}
Debug : Compiling policies in - recv Success-Notification-ACK {...}
Debug : Compiling policies in - send EAP-Success {...}
Debug : Compiling policies in - store session {...}
Debug : Compiling policies in - load session {...}
Debug : Compiling policies in - clear session {...}
Debug : Compiling policies in - store pseudonym {...}
Debug : Compiling policies in - load pseudonym {...}
Debug : Compiling policies in - clear pseudonym {...}
Warn  : /etc/freeradius/sites-enabled/eap-aka-sim[214]: send Start-Request { ... } section is unused
Warn  : /etc/freeradius/sites-enabled/eap-aka-sim[231]: recv Start-Response { ... } section is unused
Warn  : /etc/freeradius/sites-enabled/eap-aka-sim[525]: recv Synchronization-Failure { ... } section is unused
Warn  : /etc/freeradius/sites-enabled/eap-aka-sim[583]: recv EAP-Failure { ... } section is unused
Warn  : eap-aka  { ... } section is unused
Debug : Compiling policies in server inner-tunnel { ... }
Debug : Compiling policies in - recv Access-Request {...}
Warn  : /etc/freeradius/sites-enabled/inner-tunnel[124]: Ignoring "-sql" as the "sql" module is not enabled.
Warn  : /etc/freeradius/sites-enabled/inner-tunnel[134]: Ignoring "-ldap" as the "ldap" module is not enabled.
Debug : Compiling policies in - send Access-Accept {...}
Warn  : /etc/freeradius/sites-enabled/inner-tunnel[269]: Ignoring "-sql" as the "sql" module is not enabled.
Debug : Compiling policies in - send Access-Reject {...}
Warn  : /etc/freeradius/sites-enabled/inner-tunnel[304]: Ignoring "-sql" as the "sql" module is not enabled.
Debug : Compiling policies in - authenticate pap {...}
Debug : Compiling policies in - authenticate chap {...}
Debug : Compiling policies in - authenticate mschap {...}
Debug : Compiling policies in - authenticate eap {...}
Warn  : radius  { ... } section is unused
Debug : #### Instantiating modules ####
Debug : Instantiating module "attr_filter.access_challenge"
Debug : Reading file /etc/freeradius/mods-config/attr_filter/access_challenge
Debug : Instantiating module "attr_filter.access_reject"
Debug : Reading file /etc/freeradius/mods-config/attr_filter/access_reject
Debug : Instantiating module "attr_filter.accounting_response"
Debug : Reading file /etc/freeradius/mods-config/attr_filter/accounting_response
Debug : Instantiating module "attr_filter.post-proxy"
Debug : Reading file /etc/freeradius/mods-config/attr_filter/post-proxy
Debug : Instantiating module "attr_filter.pre-proxy"
Debug : Reading file /etc/freeradius/mods-config/attr_filter/pre-proxy
Debug : Instantiating module "auth_log"
Debug : rlm_detail (auth_log) - 'User-Password' suppressed, will not appear in detail output
Debug : Instantiating module "cache_eap"
Debug : Instantiating module "chap"
Debug : Instantiating module "detail"
Debug : Instantiating module "digest"
Debug : Instantiating module "disallow"
Debug : Instantiating module "eap"
Debug : Instantiating module "echo"
Debug : Instantiating module "etc_passwd"
Debug : Instantiating module "exec"
Debug : Instantiating module "expiration"
Debug : Instantiating module "fail"
Debug : Instantiating module "files"
Debug : Reading file /etc/freeradius/mods-config/files/authorize
Debug : Reading file /etc/freeradius/mods-config/files/accounting
Debug : Instantiating module "handled"
Debug : Instantiating module "inner-eap"
Warn  : rlm_eap (inner-eap) - Failed to find 'authenticate inner-eap {...}' section.  EAP authentication will likely not work
Debug : Instantiating module "invalid"
Debug : Instantiating module "linelog"
Debug : Instantiating module "log_accounting"
Debug : Instantiating module "logintime"
Debug : Instantiating module "mschap"
Debug : rlm_mschap (mschap) - Using internal authentication
Debug : Instantiating module "noop"
Debug : Instantiating module "notfound"
Debug : Instantiating module "ntlm_auth"
Debug : Instantiating module "ok"
Debug : Instantiating module "pam"
Debug : Instantiating module "pap"
Debug : Instantiating module "post_proxy_log"
Debug : Instantiating module "pre_proxy_log"
Debug : Instantiating module "reject"
Debug : Instantiating module "reply_log"
Debug : Instantiating module "stats"
Debug : Instantiating module "updated"
Debug : Instantiating module "cache_eap.rbtree"
Debug : Instantiating module "eap.aka"
Debug : Instantiating module "eap.mschapv2"
Debug : Instantiating module "eap.peap"
Debug :       tls-config tls-common {
Debug :         auto_chain = yes
Debug :         chain rsa {
Debug :           format = pem
Debug :           certificate_file = /etc/freeradius/certs/rsa/server.pem
Debug :           private_key_password = <<< secret >>>
Debug :           private_key_file = /etc/freeradius/certs/rsa/server.key
Debug :           ca_file = /etc/freeradius/certs/rsa/ca.pem
Debug :           verify_mode = hard
Debug :           include_root_ca = no
Debug :         }
Debug :         verify_depth = 0
Debug :         ca_path = /etc/freeradius/certs
Debug :         ca_file = /etc/freeradius/certs/rsa/ca.pem
Debug :         dh_file = /etc/freeradius/certs/dh
Debug :         fragment_size = 1024
Debug :         check_crl = no
Debug :         cipher_list = "DEFAULT"
Debug :         cipher_server_preference = yes
Debug :         allow_renegotiation = no
Debug :         ecdh_curve = prime256v1
Debug :         tls_min_version = 1.200000
Debug :         cache {
Debug :           name = "%{EAP-Type}%{Virtual-Server}"
Debug :           lifetime = 86400
Debug :           verify = no
Debug :           require_extended_master_secret = yes
Debug :           require_perfect_forward_secrecy = no
Debug :         }
Debug :         verify {
Debug :         }
Debug :         ocsp {
Debug :           enable = no
Debug :           override_cert_url = yes
Debug :           url = "http://127.0.0.1/ocsp/"
Debug :           use_nonce = yes
Debug :           timeout = 0
Debug :           softfail = no
Debug :         }
Debug :         staple {
Debug :           enable = no
Debug :           override_cert_url = yes
Debug :           url = "http://127.0.0.1/ocsp/"
Debug :           use_nonce = yes
Debug :           timeout = 0
Debug :           softfail = no
Debug :         }
Debug :       }
Debug : Instantiating module "eap.tls"
Debug : tls - Using cached TLS configuration from previous invocation
Debug : Instantiating module "eap.ttls"
Debug : tls - Using cached TLS configuration from previous invocation
Debug : Instantiating module "inner-eap.mschapv2"
Debug : Instantiating module "inner-eap.tls"
Debug :       tls-config tls-peer {
Debug :         auto_chain = yes
Debug :         chain {
Debug :           format = pem
Debug :           certificate_file = /etc/freeradius/certs/rsa/server.pem
Debug :           private_key_password = <<< secret >>>
Debug :           private_key_file = /etc/freeradius/certs/rsa/server.key
Debug :           ca_file = /etc/freeradius/certs/rsa/ca.pem
Debug :           verify_mode = hard
Debug :           include_root_ca = no
Debug :         }
Debug :         verify_depth = 0
Debug :         ca_path = /etc/freeradius/certs
Debug :         ca_file = /etc/freeradius/certs/rsa/ca.pem
Debug :         dh_file = /etc/freeradius/certs/dh
Debug :         fragment_size = 16384
Debug :         check_crl = no
Debug :         cipher_server_preference = yes
Debug :         allow_renegotiation = no
Debug :         ecdh_curve = "prime256v1"
Debug :         tls_min_version = 1.200000
Debug :         cache {
Debug :           name = "%{EAP-Type}%{Virtual-Server}"
Debug :           lifetime = 86400
Debug :           verify = no
Debug :           require_extended_master_secret = yes
Debug :           require_perfect_forward_secrecy = no
Debug :         }
Debug :         verify {
Debug :         }
Debug :         ocsp {
Debug :           enable = no
Debug :           override_cert_url = no
Debug :           use_nonce = yes
Debug :           timeout = 0
Debug :           softfail = no
Debug :         }
Debug :         staple {
Debug :           enable = no
Debug :           override_cert_url = no
Debug :           use_nonce = yes
Debug :           timeout = 0
Debug :           softfail = no
Debug :         }
Debug :       }
Debug : Scheduler created in single-threaded mode
Debug : #### Opening listener interfaces ####
Info  : Ready to process requests
Debug : Listening on radius_udp server * port 1812 bound to virtual server default
Debug : Listening on radius_tcp server * port 1812 bound to virtual server default
Debug : Listening on radius_udp server * port 1813 bound to virtual server default
Debug : Listening on radius_udp server 127.0.0.1 port 18120 bound to virtual server inner-tunnel
Info  : Signalled to terminate
Info  : Exiting normally

Relevant log output from client utilities

No response

Backtrace from LLDB or GDB

No response

arr2036 commented 2 years ago

They've changed names a few times. Thanks for opening an issue for this, I've pushed a fix.