当前时区为 UTC + 8 小时



发表新帖 回复这个主题  [ 1 篇帖子 ] 
作者 内容
1 楼 
 文章标题 : 请教:Radius运行radeapclient -x换其它机做Client后authenticate fail是怎么回事
帖子发表于 : 2010-01-24 17:16 

注册: 2010-01-09 18:50
帖子: 3
送出感谢: 0 次
接收感谢: 0 次
如题,我在Ubuntu下运行如下命令后可顺利收到EAP-ID = 211 EAP-Code = Success的信息
( echo User-Name = \"kevin\";
echo Cleartext-Password = \"kevin123\";
echo NAS-IP-Address = 10.57.50.220;
echo EAP-Code = Response;
echo EAP-Id = 210;
echo EAP-Type-Identity = \"kevin\";
echo Message-Authenticator = 0x00;
echo NAS-Port = 0 ) >req.txt
radeapclient -x localhost auth maemo123 <req.txt

但当我用另一个安装了Freeradius的机器作为Client运行时却收到EAP-ID = 211 EAP-Code = Failure的信息,此时在Server的Radiusd -X输出信息如下,我用该Cleint运行radtest可正常收到Access-Accept的信息,似乎是在MD5加密处理过程中出了问题,请熟悉的朋友帮忙看看是怎么回事,谢谢了
rad_recv: Access-Request packet from host 10.57.50.97 port 53213, id=168, length=57
User-Name = "kevin"
Message-Authenticator = 0x0988981c1c22ad30579c981dff959fee
EAP-Message = 0x02d2000a016b6576696e
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/a
uth-detail-%Y%m%d -> /usr/local/var/log/radius/radacct/10.57.50.97/auth-detail-2
0100124
[auth_log] /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y
%m%d expands to /usr/local/var/log/radius/radacct/10.57.50.97/auth-detail-201001
24
[auth_log] expand: %t -> Sun Jan 24 17:03:25 2010
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "kevin", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 210 length 10
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
[files] users: Matched entry kevin at line 76
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type md5
rlm_eap_md5: Issuing Challenge
++[eap] returns handled
Sending Access-Challenge of id 168 to 10.57.50.97 port 53213
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-IP-Address = 10.57.50.97
Framed-IP-Netmask = 255.255.255.0
EAP-Message = 0x01d300160410c6aea445e5b84f711c491dfa17dd7b67
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x0b2f82f60bfc8651a81d8b32968f03ee
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
=87
User-Name = "kevin"
Message-Authenticator = 0xb6d8a3ef9892fda06c276afcdd40edb0
State = 0x0b2f82f60bfc8651a81d8b32968f03ee
EAP-Message = 0x02d300160410421f5021e46f037c339dc01f85ba849e
+- entering group authorize {...}
++[preprocess] returns ok
0100124
24
[auth_log] expand: %t -> Sun Jan 24 17:03:25 2010
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "kevin", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 211 length 22
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
[files] users: Matched entry kevin at line 76
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/md5
[eap] processing type md5
[eap] Freeing handler
++[eap] returns reject
Failed to authenticate the user.
Login incorrect: [kevin/<via Auth-Type = EAP>] (from client 10.57.50.97 port 0)
Using Post-Auth-Type Reject
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} -> kevin
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 1 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 1
Sending Access-Reject of id 169 to 10.57.50.97 port 53213
EAP-Message = 0x04d30004
Message-Authenticator = 0x00000000000000000000000000000000
Waking up in 3.9 seconds.
Cleaning up request 0 ID 168 with timestamp +7
Waking up in 0.9 seconds.
Cleaning up request 1 ID 169 with timestamp +7
Ready to process requests.


页首
 用户资料  
 
显示帖子 :  排序  
发表新帖 回复这个主题  [ 1 篇帖子 ] 

当前时区为 UTC + 8 小时


在线用户

正在浏览此版面的用户:没有注册用户 和 4 位游客


不能 在这个版面发表主题
不能 在这个版面回复主题
不能 在这个版面编辑帖子
不能 在这个版面删除帖子
不能 在这个版面提交附件

前往 :  
本站点为公益性站点,用于推广开源自由软件,由 DiaHosting VPSBudgetVM VPS 提供服务。
我们认为:软件应可免费取得,软件工具在各种语言环境下皆可使用,且不会有任何功能上的差异;
人们应有定制和修改软件的自由,且方式不受限制,只要他们自认为合适。

Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
简体中文语系由 王笑宇 翻译