18,825
社区成员
发帖
与我相关
我的任务
分享急!在debian上配置radius server
本人最近因工作原因,需要在debian系统上配置radius server。根据网上的资料已经成功安装了,在本地上运行radtest也成功了。但在真实的环境中,当AP端选择LEAP认证的时候,运行到一半就停止了。望高手能够给小弟指点一下,谢谢!!
eap.conf的配置如下:
eap {
# Invoke the default supported EAP type when
# EAP-Identity response is received.
#
# The incoming EAP messages DO NOT specify which EAP
# type they will be using, so it MUST be set here.
#
# For now, only one default EAP type may be used at a time.
#
# If the EAP-Type attribute is set by another module,
# then that EAP type takes precedence over the
# default type configured here.
#
default_eap_type = leap (仅仅修改这里,其他地方默认)
# A list is maintained to correlate EAP-Response
# packets with EAP-Request packets. After a
# configurable length of time, entries in the list
# expire, and are deleted.
#
timer_expire = 60
.........
运行 radiusd -X 输出如下:
rad_recv: Access-Request packet from host 10.1.40.10 port 2049, id=195, length=156
User-Name = "testUser"
NAS-IP-Address = 192.168.2.1
NAS-Port = 0
Called-Station-Id = "94-0C-6D-B2-58-00:Cisco_AP"
Calling-Station-Id = "00-12-7B-40-50-B2"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 0Mbps 802.11"
EAP-Message = 0x0201000d017465737455736572
Message-Authenticator = 0x1dccd7334c7facade1e7672ea0380174
# Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "testUser", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 1 length 13
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[files] users: Matched entry testUser at line 117
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING: Auth-Type already set. Not setting to PAP
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type leap
rlm_eap_leap: Stage 2
rlm_eap_leap: Issuing AP Challenge
rlm_eap_leap: Successfully initiated
++[eap] returns handled
Sending Access-Challenge of id 195 to 10.1.40.10 port 2049
EAP-Message = 0x0102001811010008064c322b33d5f88e7465737455736572
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x5b27cd685b25dc32d66e535f7484c06d
Finished request 23.
Going to the next request
Waking up in 7.9 seconds.
rad_recv: Access-Request packet from host 10.1.40.10 port 2049, id=196, length=201
User-Name = "testUser"
NAS-IP-Address = 192.168.2.1
NAS-Port = 0
Called-Station-Id = "94-0C-6D-B2-58-00:Cisco_AP"
Calling-Station-Id = "00-12-7B-40-50-B2"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 0Mbps 802.11"
EAP-Message = 0x0202002811010018dacbf44b3c8517d27d7b5e26e1aa2d81f3531dfc8301e0757465737455736572
State = 0x5b27cd685b25dc32d66e535f7484c06d
Message-Authenticator = 0x8bf6a1951edf3300e38a788f4fbae612
# Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "testUser", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 2 length 40
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[files] users: Matched entry testUser at line 117
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING: Auth-Type already set. Not setting to PAP
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/leap
[eap] processing type leap
rlm_eap_leap: Stage 4
rlm_eap_leap: NtChallengeResponse from AP is valid
[eap] Underlying EAP-Type set EAP ID to 3
++[eap] returns ok
expand: Login Successed! -> Login Successed!
Login OK: [testUser/<via Auth-Type = EAP>] (from client myTest port 0 cli 00-12-7B-40-50-B2) Login Successed!
# Executing section post-auth from file /usr/local/etc/raddb/sites-enabled/default
+- entering group post-auth {...}
expand: %{TLS-Cert-Serial} ->
++[reply] returns noop
Sending Access-Challenge of id 196 to 10.1.40.10 port 2049
EAP-Message = 0x03030004
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x5b27cd685a24dc32d66e535f7484c06d
Reply-Message = ""
Finished request 24.
Going to the next request
Waking up in 7.9 seconds.
Cleaning up request 23 ID 195 with timestamp +377
Cleaning up request 24 ID 196 with timestamp +377
Ready to process requests.
原理上来说,LEAP应该要进入stage6,但接下来都没有收到任何包了,这是为什么呢?
是不是哪里配置错误了呢?不吝赐教!!
eap.conf的配置如下:
eap {
# Invoke the default supported EAP type when
# EAP-Identity response is received.
#
# The incoming EAP messages DO NOT specify which EAP
# type they will be using, so it MUST be set here.
#
# For now, only one default EAP type may be used at a time.
#
# If the EAP-Type attribute is set by another module,
# then that EAP type takes precedence over the
# default type configured here.
#
default_eap_type = leap (仅仅修改这里,其他地方默认)
# A list is maintained to correlate EAP-Response
# packets with EAP-Request packets. After a
# configurable length of time, entries in the list
# expire, and are deleted.
#
timer_expire = 60
.........
运行 radiusd -X 输出如下:
rad_recv: Access-Request packet from host 10.1.40.10 port 2049, id=195, length=156
User-Name = "testUser"
NAS-IP-Address = 192.168.2.1
NAS-Port = 0
Called-Station-Id = "94-0C-6D-B2-58-00:Cisco_AP"
Calling-Station-Id = "00-12-7B-40-50-B2"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 0Mbps 802.11"
EAP-Message = 0x0201000d017465737455736572
Message-Authenticator = 0x1dccd7334c7facade1e7672ea0380174
# Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "testUser", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 1 length 13
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[files] users: Matched entry testUser at line 117
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING: Auth-Type already set. Not setting to PAP
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type leap
rlm_eap_leap: Stage 2
rlm_eap_leap: Issuing AP Challenge
rlm_eap_leap: Successfully initiated
++[eap] returns handled
Sending Access-Challenge of id 195 to 10.1.40.10 port 2049
EAP-Message = 0x0102001811010008064c322b33d5f88e7465737455736572
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x5b27cd685b25dc32d66e535f7484c06d
Finished request 23.
Going to the next request
Waking up in 7.9 seconds.
rad_recv: Access-Request packet from host 10.1.40.10 port 2049, id=196, length=201
User-Name = "testUser"
NAS-IP-Address = 192.168.2.1
NAS-Port = 0
Called-Station-Id = "94-0C-6D-B2-58-00:Cisco_AP"
Calling-Station-Id = "00-12-7B-40-50-B2"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 0Mbps 802.11"
EAP-Message = 0x0202002811010018dacbf44b3c8517d27d7b5e26e1aa2d81f3531dfc8301e0757465737455736572
State = 0x5b27cd685b25dc32d66e535f7484c06d
Message-Authenticator = 0x8bf6a1951edf3300e38a788f4fbae612
# Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "testUser", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 2 length 40
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[files] users: Matched entry testUser at line 117
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING: Auth-Type already set. Not setting to PAP
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/leap
[eap] processing type leap
rlm_eap_leap: Stage 4
rlm_eap_leap: NtChallengeResponse from AP is valid
[eap] Underlying EAP-Type set EAP ID to 3
++[eap] returns ok
expand: Login Successed! -> Login Successed!
Login OK: [testUser/<via Auth-Type = EAP>] (from client myTest port 0 cli 00-12-7B-40-50-B2) Login Successed!
# Executing section post-auth from file /usr/local/etc/raddb/sites-enabled/default
+- entering group post-auth {...}
expand: %{TLS-Cert-Serial} ->
++[reply] returns noop
Sending Access-Challenge of id 196 to 10.1.40.10 port 2049
EAP-Message = 0x03030004
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x5b27cd685a24dc32d66e535f7484c06d
Reply-Message = ""
Finished request 24.
Going to the next request
Waking up in 7.9 seconds.
Cleaning up request 23 ID 195 with timestamp +377
Cleaning up request 24 ID 196 with timestamp +377
Ready to process requests.
原理上来说,LEAP应该要进入stage6,但接下来都没有收到任何包了,这是为什么呢?
是不是哪里配置错误了呢?不吝赐教!!
...全文
请发表友善的回复…
发表回复
