Freeradius 总是拒绝访问请求
Freeradius always rejects Access-Requests
我正在尝试在 Raspberry-Pi B 上设置一个与 WLAN 接入点连接的 FreeRadius-Server。
我按照自述文件中的描述创建了证书。当我尝试登录接入点时,我从服务器获得以下调试输出。
... adding new socket proxy address * port 60940
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on authentication address 127.0.0.1 port 18120 as server inner-tunnel
Listening on proxy address * port 1814
Ready to process requests.
rad_recv: Access-Request packet from host 192.168.155.44 port 3072, id=239, length=174
User-Name = "14cc20-1a6f73"
User-Password = "2G'538460\t2ZE36N"
NAS-Identifier = "Access-Point"
NAS-IP-Address = 192.168.155.44
Called-Station-Id = "EC-E5-55-FF-D2-B8:Access-Point"
NAS-Port-Type = Wireless-802.11
Service-Type = Framed-User
NAS-Port = 1
NAS-Port-Id = "1"
Calling-Station-Id = "14-CC-20-1A-6F-73"
Connect-Info = "CONNECT 150 Mbps 802.11g/n"
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "14cc20-1a6f73", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.
++[pap] returns noop
ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user
Failed to authenticate the user.
WARNING: Unprintable characters in the password. Double-check the shared secret on the server and the NAS!
Using Post-Auth-Type Reject
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} -> 14cc20-1a6f73
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 0 for 1 seconds
Going to the next request
我将用户写到用户文件中
ExampleUser Cleartext-Password := "PASSWORD"
令我困扰的是用户密码和用户名似乎以加密格式发送到服务器,这可能是它不起作用的原因,但我不知道是什么原因造成的。
我正在尝试在 Xubuntu 上使用 PEAP V0 MSCHAPv2 登录 WPA/WPA2 Enterprise,这应该可以。如果我选择动态 WEP (802.1x),Radius-Server 甚至不会收到请求(我正在使用 tshark 监控流量)。
用户名不是以加密格式从服务器发送的,用户密码是。 FreeRADIUS 无法检查解密是否成功,因此您唯一知道的方法是解密后的密码是否与用户密码匹配。
一个很好的提示是,如果密码包含很多不可打印的字符,就像上面的那样,那么很可能是 RADIUS 服务器和 NAS 之间的秘密不正确。
如果你解决了这个问题,你应该会在调试输出中看到实际的密码,然后你就可以让服务器发送一个接受。
我正在尝试在 Raspberry-Pi B 上设置一个与 WLAN 接入点连接的 FreeRadius-Server。 我按照自述文件中的描述创建了证书。当我尝试登录接入点时,我从服务器获得以下调试输出。
... adding new socket proxy address * port 60940
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on authentication address 127.0.0.1 port 18120 as server inner-tunnel
Listening on proxy address * port 1814
Ready to process requests.
rad_recv: Access-Request packet from host 192.168.155.44 port 3072, id=239, length=174
User-Name = "14cc20-1a6f73"
User-Password = "2G'538460\t2ZE36N"
NAS-Identifier = "Access-Point"
NAS-IP-Address = 192.168.155.44
Called-Station-Id = "EC-E5-55-FF-D2-B8:Access-Point"
NAS-Port-Type = Wireless-802.11
Service-Type = Framed-User
NAS-Port = 1
NAS-Port-Id = "1"
Calling-Station-Id = "14-CC-20-1A-6F-73"
Connect-Info = "CONNECT 150 Mbps 802.11g/n"
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "14cc20-1a6f73", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.
++[pap] returns noop
ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user
Failed to authenticate the user.
WARNING: Unprintable characters in the password. Double-check the shared secret on the server and the NAS!
Using Post-Auth-Type Reject
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} -> 14cc20-1a6f73
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 0 for 1 seconds
Going to the next request
我将用户写到用户文件中
ExampleUser Cleartext-Password := "PASSWORD"
令我困扰的是用户密码和用户名似乎以加密格式发送到服务器,这可能是它不起作用的原因,但我不知道是什么原因造成的。 我正在尝试在 Xubuntu 上使用 PEAP V0 MSCHAPv2 登录 WPA/WPA2 Enterprise,这应该可以。如果我选择动态 WEP (802.1x),Radius-Server 甚至不会收到请求(我正在使用 tshark 监控流量)。
用户名不是以加密格式从服务器发送的,用户密码是。 FreeRADIUS 无法检查解密是否成功,因此您唯一知道的方法是解密后的密码是否与用户密码匹配。
一个很好的提示是,如果密码包含很多不可打印的字符,就像上面的那样,那么很可能是 RADIUS 服务器和 NAS 之间的秘密不正确。
如果你解决了这个问题,你应该会在调试输出中看到实际的密码,然后你就可以让服务器发送一个接受。