- 论坛徽章:
- 0
|
各位大侠:
俺遇到一个问题,
CentOS搭建Freeradius + mysql 实现802.1x认证,通过windows自带的802.1x认证工具(即修改网卡,启用802.1x身份认证),使用MD5+质询 点击确定后,提示输入用户名密码,在输入凭据窗口中输入用户名和密码,点击确定,网络显示“网络已连接”,并正常获取到了IP地址,大概1秒钟左右,网络连接状态从“已连接上”立即变成“尝试身份验证“,接着网卡图标变成获取地址状态(一个光色的小球在转动),接着就一直处于身份验证失败。
在freeradius调试窗口显示认证成功,信息如下:
rad_recv: Access-Request packet from host 10.150.10.41 port 2740, id=0, length=192
User-Name = "bob"
CHAP-Password = 0x02ea1f176f0d518a40827e6144ef92eb67
CHAP-Challenge = 0x5daf295da20c9f8f72f25656e49dbfb4
NAS-IP-Address = 10.150.10.41
NAS-Identifier = "JieRu"
NAS-Port = 16781413
NAS-Port-Id = "slot=1;subslot=0;port=1;vlanid=101"
NAS-Port-Type = Ethernet
Service-Type = Framed-User
Framed-Protocol = PPP
Calling-Station-Id = "D4-3D-7E-3D-35-63"
Huawei-Connect-ID = 6225921
Huawei-Product-ID = "H3C S5120-24P-EI-D"
Huawei-Startup-Stamp = 956750404
......
Sending Access-Accept of id 0 to 10.150.10.41 port 2740
Framed-Protocol = PPP
Framed-Compression = Van-Jacobson-TCP-IP
Reply-Message = "Hello Bob!"
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Type:0 = VLAN
Tunnel-Private-Group-Id:0 = "1101"
Finished request 43.
Going to the next request
尝试采用802.1x客户端进行认证,但是新的问题出现
使用了 H3C的iNode 和xClient 均出现,radius收到的认证请求中,用户名字段的签名有一段”\006\007“开头的一串字符,而且每次的前缀都不一样,导致认证失败
rad_recv: Access-Request packet from host 10.150.10.41 port 2740, id=0, length=224
User-Name = "\006\007SQsoN1Mmdzo7SU93bUYNM9SlPDY= bob"
CHAP-Password = 0x02bcf304be0529837426408b166107c3e5
CHAP-Challenge = 0x443efcde846a18e2bbeec76bf8799cde
NAS-IP-Address = 10.150.10.41
NAS-Identifier = "JieRu"
NAS-Port = 16781413
NAS-Port-Id = "slot=1;subslot=0;port=1;vlanid=101"
NAS-Port-Type = Ethernet
Service-Type = Framed-User
Framed-Protocol = PPP
Calling-Station-Id = "D4-3D-7E-3D-35-63"
Huawei-Connect-ID = 5963777
Huawei-Product-ID = "H3C S5120-24P-EI-D"
Huawei-Startup-Stamp = 956750404
求指点,谢谢。 |
|
免费注册
发表于 2015-06-13 16:28