- 论坛徽章:
- 0
|
错误开始出现在红字部分,蓝字是错误
1.在ubuntu上安装了freeradius 和mysql。
本地认证可以成功:radtest hanna 123456 localhost 0 testing123
2.配置了mysql,添加了用户:xukai 密码:123456,代码如下:
mysql -uroot -p123456 radius
INSERT INTO radcheck (username,attribute,op,VALUE) VALUES ('xukai','Cleartext-Password',':=','123456');
将用户hanna加入VIP1用户组
INSERT INTO radusergroup (username,groupname) VALUES ('demo','VIP1');
限制同时登陆人数,注意是在radgroupcheck表
INSERT INTO radgroupcheck (groupname,attribute,op,VALUE) VALUES ('normal','Simultaneous-Use',':=','1');
认证回应reply
INSERT INTO radgroupreply (groupname,attribute,op,VALUE) VALUES ('VIP1','Auth-Type',':=','Local');
INSERT INTO radgroupreply (groupname,attribute,op,VALUE) VALUES ('VIP1','Service-Type',':=','Framed-User');
INSERT INTO radgroupreply (groupname,attribute,op,VALUE) VALUES ('VIP1','Framed-Protocol',':=','PPP');
INSERT INTO radgroupreply (groupname,attribute,op,VALUE) VALUES ('VIP1','Framed-MTU',':=','1500');
INSERT INTO radgroupreply (groupname,attribute,op,VALUE) VALUES ('VIP1','Framed-Compression',':=','Van-Jacobson-TCP-IP');
配置了交换机支持802.1X,选用eap方法
3.在xclient客户端登录后,server认证失败,代码如下
rad_recv: Access-Request packet from host 192.168.1.200 port 1812, id=29, length=176
NAS-IP-Address = 192.168.1.200
NAS-Identifier = "Quidway"
NAS-Port = 4097
NAS-Port-Type = Ethernet
Framed-IP-Address = 192.168.1.100
User-Name = "\006\007Hwp/M1dxdmxtSBhzaREMZXK8g0c= xukai"
Calling-Station-Id = "0026-9e93-9b0b"
Service-Type = Framed-User
Framed-MTU = 1500
EAP-Message = 0x020200240106074877702f4d316478646d78745342687a6152454d5a584b386730633d20
Message-Authenticator = 0x72663088a5d139d6c4e6bf303f6415f0
# Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
+group authorize {
++[preprocess] = ok
++[chap] = noop
++[mschap] = noop
++[digest] = noop
[suffix] No '@' in User-Name = "??Hwp/M1dxdmxtSBhzaREMZXK8g0c= xukai", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] = noop
[eap] EAP packet type response id 2 length 36
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] = updated
[sql] expand: %{User-Name} -> \006\007Hwp/M1dxdmxtSBhzaREMZXK8g0c= xukai
[sql] sql_set_user escaped user --> '\006\007Hwp/M1dxdmxtSBhzaREMZXK8g0c= xukai'
rlm_sql (sql): Reserving sql socket id: 17
[sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = '=5C=5C006=5C=5C007Hwp/M1dxdmxtSBhzaREMZXK8g0c=3D xukai' ORDER BY id
rlm_sql_mysql: MYSQL check_error: 2006, returning SQL_DOWN
rlm_sql (sql): Attempting to connect rlm_sql_mysql #17
rlm_sql_mysql: Starting connect to MySQL server for #17
rlm_sql (sql): Connected new DB handle, #17
[sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = '=5C=5C006=5C=5C007Hwp/M1dxdmxtSBhzaREMZXK8g0c=3D xukai' ORDER BY priority
rlm_sql (sql): Released sql socket id: 17
[sql] User \006\007Hwp/M1dxdmxtSBhzaREMZXK8g0c= xukai not found
++[sql] = notfound
++[expiration] = noop
++[logintime] = noop
[pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.
++[pap] = noop
+} # group authorize = updated
Found Auth-Type = EAP
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+group authenticate {
[eap] Identity does not match User-Name, setting from EAP Identity.
[eap] Failed in handler
++[eap] = invalid
+} # group authenticate = invalid
Failed to authenticate the user.
Using Post-Auth-Type REJECT
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+group REJECT {
[sql] expand: %{User-Name} -> \006\007Hwp/M1dxdmxtSBhzaREMZXK8g0c= xukai
[sql] sql_set_user escaped user --> '\006\007Hwp/M1dxdmxtSBhzaREMZXK8g0c= xukai'
[sql] expand: %{User-Password} ->
[sql] ... expanding second conditional
[sql] expand: %{Chap-Password} ->
[sql] expand: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{replyacket-Type}', '%S') -> INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '=5C006=5C007Hwp/M1dxdmxtSBhzaREMZXK8g0c=3D xukai', '', 'Access-Reject', '2015-04-16 20:06:49')
rlm_sql (sql) in sql_postauth: query is INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '=5C006=5C007Hwp/M1dxdmxtSBhzaREMZXK8g0c=3D xukai', '', 'Access-Reject', '2015-04-16 20:06:49')
rlm_sql (sql): Reserving sql socket id: 16
rlm_sql_mysql: MYSQL check_error: 2006, returning SQL_DOWN
rlm_sql (sql): Attempting to connect rlm_sql_mysql #16
rlm_sql_mysql: Starting connect to MySQL server for #16
rlm_sql (sql): Connected new DB handle, #16
rlm_sql (sql): Released sql socket id: 16
++[sql] = ok
[attr_filter.access_reject] expand: %{User-Name} -> \006\007Hwp/M1dxdmxtSBhzaREMZXK8g0c= xukai
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] = updated
+} # group REJECT = updated
Delaying reject of request 100 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 100
Sending Access-Reject of id 29 to 192.168.1.200 port 1812
Waking up in 4.9 seconds.
配置的时候,就是用户名xukai,怎么显示的是一堆字符串和用户名呢?
哪位朋友了解吗?谢谢啦 |
|
免费注册
发表于 2015-04-16 22:33