我在这个 freeradius 配置中缺少什么吗?
Is there something I'm missing in this freeradius configuration?
我已经在 kubernetes 集群中设置了一个 freeradius 服务器。我已按照说明设置测试用户以使用 radtest 进行测试,但是,当我 运行 测试时,我仍然得到 "Access-Reject"。
这里是用户文件的开头,我把测试用户放在最上面:
testing Cleartext-Password := "password"
#
# Configuration file for the rlm_files module.
# Please see rlm_files(5) manpage for more information.
#
# This file contains authentication security and configuration
# information for each user. Accounting requests are NOT processed
# through this file. Instead, see 'accounting', in this directory.
这里是我运行测试的命令:
radtest testing password 127.0.0.1 1812 password
其中"testing"为用户名,"password"为用户密码,127.0.0.1为服务器地址(本地测试)1812为端口,第二个"password" 是客户端和服务器之间的预共享秘密。
这是该命令的输出:
Sent Access-Request Id 24 from 0.0.0.0:53513 to 127.0.0.1:1812 length 77
User-Name = "testing"
User-Password = "password"
NAS-IP-Address = 10.233.64.70
NAS-Port = 1812
Message-Authenticator = 0x00
Cleartext-Password = "password"
Received Access-Reject Id 24 from 127.0.0.1:1812 to 127.0.0.1:53513 length 20
(0) -: Expected Access-Accept got Access-Reject
此外,即使容器应该在调试模式下启动 freeradius,当我在容器中打开 bash shell 时,我实际上并没有看到任何调试消息进入 STDOUT Kubernetes.
原来LDAP配置的一部分意味着禁用用户文件。对不起,我应该提到它。
我已经在 kubernetes 集群中设置了一个 freeradius 服务器。我已按照说明设置测试用户以使用 radtest 进行测试,但是,当我 运行 测试时,我仍然得到 "Access-Reject"。
这里是用户文件的开头,我把测试用户放在最上面:
testing Cleartext-Password := "password"
#
# Configuration file for the rlm_files module.
# Please see rlm_files(5) manpage for more information.
#
# This file contains authentication security and configuration
# information for each user. Accounting requests are NOT processed
# through this file. Instead, see 'accounting', in this directory.
这里是我运行测试的命令:
radtest testing password 127.0.0.1 1812 password
其中"testing"为用户名,"password"为用户密码,127.0.0.1为服务器地址(本地测试)1812为端口,第二个"password" 是客户端和服务器之间的预共享秘密。 这是该命令的输出:
Sent Access-Request Id 24 from 0.0.0.0:53513 to 127.0.0.1:1812 length 77
User-Name = "testing"
User-Password = "password"
NAS-IP-Address = 10.233.64.70
NAS-Port = 1812
Message-Authenticator = 0x00
Cleartext-Password = "password"
Received Access-Reject Id 24 from 127.0.0.1:1812 to 127.0.0.1:53513 length 20
(0) -: Expected Access-Accept got Access-Reject
此外,即使容器应该在调试模式下启动 freeradius,当我在容器中打开 bash shell 时,我实际上并没有看到任何调试消息进入 STDOUT Kubernetes.
原来LDAP配置的一部分意味着禁用用户文件。对不起,我应该提到它。