freeradius认证后出错 用户名前面出现一段莫名其妙的字符串
错误开始出现在红字部分,蓝字是错误1.在ubuntu上安装了freeradius 和mysql。
本地认证可以成功:radtest hanna 123456 localhost 0 testing123
2.配置了mysql,添加了用户:xukai密码:123456,代码如下:
mysql -uroot -p123456 radius
INSERT INTO radcheck (username,attribute,op,VALUE) VALUES('xukai','Cleartext-Password',':=','123456');
将用户hanna加入VIP1用户组
INSERT INTO radusergroup (username,groupname) VALUES('demo','VIP1');
限制同时登陆人数,注意是在radgroupcheck表
INSERT INTO radgroupcheck (groupname,attribute,op,VALUE)VALUES ('normal','Simultaneous-Use',':=','1');
认证回应reply
INSERT INTO radgroupreply (groupname,attribute,op,VALUE)VALUES ('VIP1','Auth-Type',':=','Local');
INSERT INTO radgroupreply (groupname,attribute,op,VALUE)VALUES ('VIP1','Service-Type',':=','Framed-User');
INSERT INTO radgroupreply (groupname,attribute,op,VALUE)VALUES ('VIP1','Framed-Protocol',':=','PPP');
INSERT INTO radgroupreply (groupname,attribute,op,VALUE)VALUES ('VIP1','Framed-MTU',':=','1500');
INSERT INTO radgroupreply (groupname,attribute,op,VALUE)VALUES ('VIP1','Framed-Compression',':=','Van-Jacobson-TCP-IP');
配置了交换机支持802.1X,选用eap方法
3.在xclient客户端登录后,server认证失败,代码如下
rad_recv: Access-Request packet from host 192.168.1.200 port 1812, id=29, length=176
NAS-IP-Address = 192.168.1.200
NAS-Identifier = "Quidway"
NAS-Port = 4097
NAS-Port-Type = Ethernet
Framed-IP-Address = 192.168.1.100
User-Name = "\006\007Hwp/M1dxdmxtSBhzaREMZXK8g0c=xukai"
Calling-Station-Id = "0026-9e93-9b0b"
Service-Type = Framed-User
Framed-MTU = 1500
EAP-Message = 0x020200240106074877702f4d316478646d78745342687a6152454d5a584b386730633d20
Message-Authenticator = 0x72663088a5d139d6c4e6bf303f6415f0
# Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
+group authorize {
++ = ok
++ = noop
++ = noop
++ = noop
No '@' in User-Name = "??Hwp/M1dxdmxtSBhzaREMZXK8g0c=xukai", looking up realm NULL
No such realm "NULL"
++ = noop
EAP packet type response id 2 length 36
No EAP Start, assuming it's an on-going EAP conversation
++ = updated
expand: %{User-Name} -> \006\007Hwp/M1dxdmxtSBhzaREMZXK8g0c=xukai
sql_set_user escaped user --> '\006\007Hwp/M1dxdmxtSBhzaREMZXK8g0c=xukai'
rlm_sql (sql): Reserving sql socket id: 17
expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = '=5C=5C006=5C=5C007Hwp/M1dxdmxtSBhzaREMZXK8g0c=3Dxukai' ORDER BY id
rlm_sql_mysql: MYSQL check_error: 2006, returning SQL_DOWN
rlm_sql (sql): Attempting to connect rlm_sql_mysql #17
rlm_sql_mysql: Starting connect to MySQL server for #17
rlm_sql (sql): Connected new DB handle, #17
expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = '=5C=5C006=5C=5C007Hwp/M1dxdmxtSBhzaREMZXK8g0c=3Dxukai' ORDER BY priority
rlm_sql (sql): Released sql socket id: 17
User \006\007Hwp/M1dxdmxtSBhzaREMZXK8g0c=xukai not found
++ = notfound
++ = noop
++ = noop
WARNING! No "known good" password found for the user.Authentication may fail because of this.
++ = noop
+} # group authorize = updated
Found Auth-Type = EAP
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+group authenticate {
Identity does not match User-Name, setting from EAP Identity.
Failed in handler
++ = invalid
+} # group authenticate = invalid
Failed to authenticate the user.
Using Post-Auth-Type REJECT
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+group REJECT {
expand: %{User-Name} -> \006\007Hwp/M1dxdmxtSBhzaREMZXK8g0c=xukai
sql_set_user escaped user --> '\006\007Hwp/M1dxdmxtSBhzaREMZXK8g0c=xukai'
expand: %{User-Password} ->
... expanding second conditional
expand: %{Chap-Password} ->
expand: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{replyacket-Type}', '%S') -> INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '=5C006=5C007Hwp/M1dxdmxtSBhzaREMZXK8g0c=3Dxukai', '', 'Access-Reject', '2015-04-16 20:06:49')
rlm_sql (sql) in sql_postauth: query is INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '=5C006=5C007Hwp/M1dxdmxtSBhzaREMZXK8g0c=3Dxukai', '', 'Access-Reject', '2015-04-16 20:06:49')
rlm_sql (sql): Reserving sql socket id: 16
rlm_sql_mysql: MYSQL check_error: 2006, returning SQL_DOWN
rlm_sql (sql): Attempting to connect rlm_sql_mysql #16
rlm_sql_mysql: Starting connect to MySQL server for #16
rlm_sql (sql): Connected new DB handle, #16
rlm_sql (sql): Released sql socket id: 16
++ = ok
expand: %{User-Name} -> \006\007Hwp/M1dxdmxtSBhzaREMZXK8g0c=xukai
attr_filter: Matched entry DEFAULT at line 11
++ = updated
+} # group REJECT = updated
Delaying reject of request 100 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 100
Sending Access-Reject of id 29 to 192.168.1.200 port 1812
Waking up in 4.9 seconds.
配置的时候,就是用户名xukai,怎么显示的是一堆字符串和用户名呢?
哪位朋友了解吗?谢谢啦
页:
[1]