紧急求教(freeradius)服务器高手!!(SOS)

weixin_38051538 2004-09-15 10:31:31

客户端是xp,用的xp自带的802.1x客户端,采用md5质询。
NAS是一台2层交换机,采用的是将eap封装到radius消息的
eap-message方式,作为通路,在客户端和后台freeradius服务器
进行认证。freeradius采用的是1.0,并且我用ldap来进行athority,
用eap(缺省使用md5)来进行authenticate。
ldap服务器配置肯定正确。在radius.conf中的athority中,
没有采用其他athority方案,就是eap,ldap(eap前,ldap后),
在authenticate中,那些pap,chap,等等全部删除了,只有eap!

当我拨号时,radiusd -X 抓到的信息如下启动信息就没写了,直接写的
认证过程中的调试信息):
Ready to process requests.(本句上面是radius启动的信息,正常,就没写了,接下来是接收到认证过程的调试信息)
rad_recv: Access-Request packet from host 192.168.60.253:4828, id=20, length=117
        User-Name = "uuu"
        NAS-IP-Address = 192.168.60.253
        NAS-Port = 15
        NAS-Identifier = "NAS58"
        Service-Type = Framed-User
        Framed-Protocol = PPP
        Called-Station-Id = "00-50-FC-91-E7-C8"
        Framed-MTU = 1400
        NAS-Port-Type = Ethernet
        Connect-Info = ""
        EAP-Message = 0x0244000801757575
        Message-Authenticator = 0x55375b3ae0e18a6f751529adc7dce13d
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
  modcall[authorize]: module "preprocess" returns ok for request 0
radius_xlat:  '/usr/local/var/log/radius/radacct/192.168.60.253/auth-detail-20040915'
rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/192.168.60.253/auth-detail-20040915
  modcall[authorize]: module "auth_log" returns ok for request 0
    rlm_realm: No '@' in User-Name = "uuu", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 0
  rlm_eap: EAP packet type response id 68 length 8
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 0
rlm_ldap: - authorize
rlm_ldap: performing user authorization for uuu
radius_xlat:  '(uid=uuu)'
radius_xlat:  'dc=sccm'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to localhost:389, authentication 0
rlm_ldap: bind as cn=wx,dc=sccm/secret to localhost:389
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind was successful
rlm_ldap: performing search in dc=sccm, with filter (uid=uuu)
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user uuu authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
  modcall[authorize]: module "ldap" returns ok for request 0
modcall: group authorize returns updated for request 0
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 0
  rlm_eap: EAP Identity
  rlm_eap: processing type md5
rlm_eap_md5: Issuing Challenge
  modcall[authenticate]: module "eap" returns handled for request 0
modcall: group authenticate returns handled for request 0
Sending Access-Challenge of id 20 to 192.168.60.253:4828
        EAP-Message = 0x01450016041079d587b7f0bd941e81dff4b42372baaa
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x0e4f82c4e05b2926eff06b9860651ef3
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.60.253:4828, id=22, length=165
        User-Name = "uuu"
        NAS-IP-Address = 192.168.60.253
        NAS-Port = 15
        Called-Station-Id = "00-50-FC-91-E7-C8"
        NAS-Identifier = "NAS58"
        Service-Type = Framed-User
        Framed-Protocol = PPP
        Called-Station-Id = "00-50-FC-91-E7-C8"
        NAS-Port-Type = Ethernet
        Connect-Info = ""
        State = 0x0e4f82c4e05b2926eff06b9860651ef3
        EAP-Message = 0x024500190410cefc156e2008b2049c07ea7813d4a296757575
        Message-Authenticator = 0x1fa393598ccc61bea40064d558b8b9d0
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
  modcall[authorize]: module "preprocess" returns ok for request 1
radius_xlat:  '/usr/local/var/log/radius/radacct/192.168.60.253/auth-detail-20040915'
rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/192.168.60.253/auth-detail-20040915
  modcall[authorize]: module "auth_log" returns ok for request 1
    rlm_realm: No '@' in User-Name = "uuu", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 1
  rlm_eap: EAP packet type response id 69 length 25
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 1
rlm_ldap: - authorize
rlm_ldap: performing user authorization for uuu
radius_xlat:  '(uid=uuu)'
radius_xlat:  'dc=sccm'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in dc=sccm, with filter (uid=uuu)
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user uuu authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
  modcall[authorize]: module "ldap" returns ok for request 1
modcall: group authorize returns updated for request 1
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 1
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/md5
  rlm_eap: processing type md5
rlm_eap_md5: User-Password is required for EAP-MD5 authentication
rlm_eap: Handler failed in EAP/md5
  rlm_eap: Failed in EAP select
  modcall[authenticate]: module "eap" returns invalid for request 1
modcall: group authenticate returns invalid for request 1
auth: Failed to validate the user.
Delaying request 1 for 1 seconds
Finished request 1
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 22 to 192.168.60.253:4828
        EAP-Message = 0x04450004
        Message-Authenticator = 0x00000000000000000000000000000000
Waking up in 2 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 20 with timestamp 4147a2aa
Waking up in 2 seconds...
--- Walking the entire request list ---
Cleaning up request 1 ID 22 with timestamp 4147a2ac
Nothing to do.  Sleeping until we see a request.
...全文
41 2 打赏 收藏 转发到动态 举报
写回复
用AI写文章
2 条回复
切换为时间正序
请发表友善的回复…
发表回复
FreeRadius 服务器环境搭建(PAP 版)
FreeRADIUS 是一个高性能和高可配置的多协议策略服务器,支持RADIUS,DHCPv4 DHCPv6、TACACS+ 和 VMPS。源码: FreeRADIUS/freeradius-server:FreeRADIUS - 一个多协议策略服务器。2.1. 修改 /etc/raddb/mods-config/files/authorize 文件,添加认证用户信息。安装配置测试文档:Getting Started (freeradius.org)4.2. Java client 测试代码。
Freeradius服务器的搭建流程
Radius、Firewall 安装配置 1、说明 使用 freeradius 和 mariadb 配置 Radius 认证服务器 2、安装命令 使用在线 yum 源安装,保证网络畅通,执行以下命令等待安装完成 yum install -y freeradius freeradius-utils freeradius-mysql mariadb-server 验证安装,使用如下命令,如...
FreeRADIUS服务器搭建及配置
FreeRADIUS服务器搭建及配置 最近公司搭建FreeRadius服务器用于入网电脑管控,开始着手搭建服务器及配置安装 一、什么是FreeRADIUS 首先需了解什么是FreeRADIUSFreeRADIUS作為一套開源免費的網絡準入認證系統,支持SQL數據庫驗證,可有效對網絡進行管控及授權。 二、环境 操作系统:CenterOS 7.5 平台: FreeRadius:3.0....
FreeRadius 服务器环境搭建(CHAP 版)
FreeRADIUS 是一个高性能和高可配置的多协议策略服务器,支持RADIUS,DHCPv4 DHCPv6、TACACS+ 和 VMPS。它是根据 GNU GPLv2 的条款提供的。使用 RADIUS 允许对网络进行身份验证和授权 集中化,并最大限度地减少必须 在向网络添加或删除新用户时完成。CHAP:Challenge Handshake Authentication Protocol,挑战握手认证协议。
搭建FreeRadius认证服务器
1.yum源安装 shell>yum install freeradius 2.编辑认证用户信息 shell>vi /etc/raddb/mods-config/files/authorize 最上方加入如下两行,testing用户名,密码123456,认证成功则返回“Hello,testing,认证成功!” testing Cleartext-Password := "1234...
其他技术讨论专区

437

社区成员

791,268

社区内容

发帖
与我相关
我的任务
社区描述
其他技术讨论专区
其他 技术论坛(原bbs)
社区管理员
  • 其他技术讨论专区社区
加入社区
  • 近7日
  • 近30日
  • 至今

加载中

查看更多榜单
社区公告
暂无公告

试试用AI创作助手写篇文章吧

+ 用AI写文章