Chinaunix

标题: 请教一个freeradius的问题，谢谢。 [打印本页]

---

作者: hjp0021    时间: 2009-02-05 19:12
标题: 请教一个freeradius的问题，谢谢。
最近在玩FreeRadius，有个问题向大家请教，详述如下：
fedora下配置FreeRadius，采用users进行验证；
使用系统用户/密码，验证可以通过；
编辑users，在其中添加test1用户，则验证失败。
不知原因出在哪里？

1. [root@Radius raddb]# radiusd -v
   
2. radiusd: FreeRADIUS Version 2.1.3, for host i686-pc-linux-gnu, built on Jan 24 2009 at 17:21:45
   
3. Copyright (C) 1999-2008 The FreeRADIUS server project and contributors.
   
4. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
   
5. PARTICULAR PURPOSE.
   
6. You may redistribute copies of FreeRADIUS under the terms of the
   
7. GNU General Public License.
   
8. For more information about these matters, see the file named COPYRIGHT.
   
9. [root@Radius raddb]#

复制代码

使用系统用户authen时。

1. [root@Radius ~]#   radtest test test 127.0.0.1:1812 2001 testing123  
   
2. Sending Access-Request of id 75 to 127.0.0.1 port 1812
   
3.         User-Name = "test"
   
4.         User-Password = "test"
   
5.         NAS-IP-Address = 127.0.0.1
   
6.         NAS-Port = 2001
   
7. rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=75, length=20
   
8. [root@Radius ~]#

复制代码

radius -X，启动debug模式无报错，输出如下。

1. rad_recv: Access-Request packet from host 127.0.0.1 port 37646, id=75, length=56
   
2.         User-Name = "test"
   
3.         User-Password = "test"
   
4.         NAS-IP-Address = 127.0.0.1
   
5.         NAS-Port = 2001
   
6. +- entering group authorize {...}
   
7. ++[preprocess] returns ok
   
8. ++[chap] returns noop
   
9. ++[mschap] returns noop
   
10. [suffix] No '@' in User-Name = "test", looking up realm NULL
    
11. [suffix] No such realm "NULL"
    
12. ++[suffix] returns noop
    
13. [eap] No EAP-Message, not doing EAP
    
14. ++[eap] returns noop
    
15. ++[unix] returns updated
    
16. ++[files] returns noop
    
17. ++[expiration] returns noop
    
18. ++[logintime] returns noop
    
19. ++[pap] returns updated
    
20. Found Auth-Type = PAP
    
21. +- entering group PAP {...}
    
22. [pap] login attempt with password "test"
    
23. [pap] Using CRYPT encryption.
    
24. [pap] User authenticated successfully
    
25. ++[pap] returns ok
    
26. +- entering group post-auth {...}
    
27. ++[exec] returns noop
    
28. Sending Access-Accept of id 75 to 127.0.0.1 port 37646
    
29. Finished request 1.
    
30. Going to the next request
    
31. Waking up in 4.9 seconds.
    
32. Cleaning up request 1 ID 75 with timestamp +107
    
33. Ready to process requests.

复制代码

---------------------------------------------------------------------------------------
使用users验证时：

在users中添加如下：

1. "test1" Auth-Type = Local,Password == "test1"
   
2.         Fall-Through = Yes
   

复制代码

radius -X，启动debug模式无报错，输出如下。

1. [root@Radius ~]#   radtest test1 test1 127.0.0.1:1812 2001 testing123
   
2. Sending Access-Request of id 50 to 127.0.0.1 port 1812
   
3.         User-Name = "test1"
   
4.         User-Password = "test1"
   
5.         NAS-IP-Address = 127.0.0.1
   
6.         NAS-Port = 2001
   
7. rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=50, length=20
   
8. [root@Radius ~]#

复制代码

1.     rad_recv: Access-Request packet from host 127.0.0.1 port 52926, id=50, length=57
   
2.         User-Name = "test1"
   
3.         User-Password = "test1"
   
4.         NAS-IP-Address = 127.0.0.1
   
5.         NAS-Port = 2001
   
6. +- entering group authorize {...}
   
7. ++[preprocess] returns ok
   
8. ++[chap] returns noop
   
9. ++[mschap] returns noop
   
10. [suffix] No '@' in User-Name = "test1", looking up realm NULL
    
11. [suffix] No such realm "NULL"
    
12. ++[suffix] returns noop
    
13. [eap] No EAP-Message, not doing EAP
    
14. ++[eap] returns noop
    
15. ++[unix] returns notfound
    
16. WARNING: Found User-Password == "...".
    
17. WARNING: Are you sure you don't mean Cleartext-Password?
    
18. WARNING: See "man rlm_pap" for more information.
    
19. [files] users: Matched entry test1 at line 61
    
20. ++[files] returns ok
    
21. ++[expiration] returns noop
    
22. ++[logintime] returns noop
    
23. [pap] WARNING! No "known good" password found for the user.  Authentication may fail because of this.
    
24. ++[pap] returns noop
    
25. Found Auth-Type = Local
    
26. WARNING: Please update your configuration, and remove 'Auth-Type = Local'
    
27. WARNING: Use the PAP or CHAP modules instead.
    
28. No "known good" password was configured for the user.
    
29. As a result, we cannot authenticate the user.
    
30. Failed to authenticate the user.
    
31. Using Post-Auth-Type Reject
    
32. +- entering group REJECT {...}
    
33. [attr_filter.access_reject]     expand: %{User-Name} -> test1
    
34. attr_filter: Matched entry DEFAULT at line 11
    
35. ++[attr_filter.access_reject] returns updated
    
36. Delaying reject of request 2 for 1 seconds
    
37. Going to the next request
    
38. Waking up in 0.9 seconds.
    
39. Sending delayed reject for request 2
    
40. Sending Access-Reject of id 50 to 127.0.0.1 port 52926
    
41. Waking up in 4.9 seconds.
    
42. Cleaning up request 2 ID 50 with timestamp +418
    
43. Ready to process requests.
    

复制代码

[ 本帖最后由 hjp0021 于 2009-2-5 19:13 编辑 ]

---

作者: hjp0021    时间: 2009-02-06 02:02
已经搞定了，是users文件的语法问题，修改后就OK。

---

作者: coldface    时间: 2009-05-19 14:28
麻烦请教下LZ,具体问题是什么?我也出现这样的问题了.
另外为什么验证的时候,里面出现的NAS-IP-ADDRESS会是一个公网地址,而不是127.0.0.1的?
我刚make install,然后创建了账户就测试的.

---

作者: coffee777    时间: 2009-12-01 19:30
也遇到同样问题了，请楼主解答

---

作者: chenyx    时间: 2009-12-01 21:39
楼主把解决过程写下来

---

作者: wendaozhe    时间: 2009-12-02 08:10
强烈支持！

---

作者: bestlihj    时间: 2009-12-15 12:58
标题: 能否具体说说USERS 如何正确添加用户，谢谢。
能否具体说说USERS 如何正确添加用户，谢谢。

---

作者: kns1024wh    时间: 2009-12-15 14:09
标题: 回复 #1 hjp0021 的帖子
使用文本方式测试 仅需要取消文件中的注释信息

---

作者: bestlihj    时间: 2009-12-15 14:35
标题: 回复 #7 coffee777 的帖子
coffee777    能不能把你得users文件发到我得邮箱2002goods@163.com,登陆你得MSN，交流哈

---

作者: coffee777    时间: 2009-12-15 15:42

test1  Cleartext-Password := "test"
       Service-Type = Framed-User,
       Framed-Protocol = PPP,
       Framed-IP-Address = 255.255.255.254,
       Framed-IP-Netmask = 255.255.255.0
DEFAULT Framed-Protocol == PPP
        Framed-Protocol = PPP,
        Framed-Compression = Van-Jacobson-TCP-IP
DEFAULT Hint == "CSLIP"
        Framed-Protocol = SLIP,
        Framed-Compression = Van-Jacobson-TCP-IP
DEFAULT Hint == "SLIP"
        Framed-Protocol = SLIP

我的users文件，希望对你有帮助

[ 本帖最后由 coffee777 于 2009-12-15 15:53 编辑 ]

---

作者: bestlihj    时间: 2009-12-15 15:55
标题: 回复 #11 coffee777 的帖子
谢谢 coffee777 兄弟

---

作者: sem001    时间: 2010-08-18 19:20
回复 1# hjp0021


    我也遇到同样的问题。不知道楼上几位说的 user中的语法错误是指哪个user。。 我用的是mysql数据库方式。账号不知是不是在


这个表中，并且这样添加用户是否正确。

在线等。 望指点

---

欢迎光临 Chinaunix (http://bbs.chinaunix.net/)

Powered by Discuz! X3.2