Yakon Posted September 14, 2016 · Report post Доброго времени суток! Необходимо перейти от авторизации через hotspot на WPA2-EAP причём обязательно c поддержкой PEAP В NPS в типах EAP разрешено "Защищенные EAP (PEAP)" /caps-man security print 1 name="security-eduroam" authentication-types=wpa2-eap encryption=aes-ccm eap-methods=passthrough eap-radius-accounting=yes Из логов NPS: <Event> <Timestamp data_type="4">09/14/2016 10:45:25.252</Timestamp> <Computer-Name data_type="1">DC2</Computer-Name> <Event-Source data_type="1">IAS</Event-Source> <Service-Type data_type="0">2</Service-Type> <Framed-MTU data_type="0">1400</Framed-MTU> <User-Name data_type="1">NES\kkuyukov</User-Name> <NAS-Port-Id data_type="1">RB951G-2HnD-18-1-3</NAS-Port-Id> <NAS-Port-Type data_type="0">19</NAS-Port-Type> <Acct-Session-Id data_type="1">82500001</Acct-Session-Id> <Calling-Station-Id data_type="1">C0-4A-00-27-B7-33</Calling-Station-Id> <Called-Station-Id data_type="1">4E-5E-0C-33-88-D7:eduroam-test</Called-Station-Id> <NAS-Identifier data_type="1">RB1100Hx2-Skolkovo</NAS-Identifier> <NAS-IP-Address data_type="3">192.168.32.1</NAS-IP-Address> <Client-IP-Address data_type="3">192.168.32.1</Client-IP-Address> <Client-Vendor data_type="0">0</Client-Vendor> <Client-Friendly-Name data_type="1">Mikrotik</Client-Friendly-Name> <Proxy-Policy-Name data_type="1">Use Windows authentication for all users</Proxy-Policy-Name> <Provider-Type data_type="0">1</Provider-Type> <SAM-Account-Name data_type="1">NES\kkuyukov</SAM-Account-Name> <Class data_type="1">311 1 192.168.32.6 09/12/2016 11:43:17 548</Class> <Fully-Qualifed-User-Name data_type="1">NES.RU/itdept/Kuyukov Konstantin</Fully-Qualifed-User-Name> <Authentication-Type data_type="0">5</Authentication-Type> <NP-Policy-Name data_type="1">Mikrotik-VPN</NP-Policy-Name> <Quarantine-Update-Non-Compliant data_type="0">1</Quarantine-Update-Non-Compliant> <Packet-Type data_type="0">1</Packet-Type> <Reason-Code data_type="0">0</Reason-Code> </Event> <Event> <Timestamp data_type="4">09/14/2016 10:45:25.252</Timestamp> <Computer-Name data_type="1">DC2</Computer-Name> <Event-Source data_type="1">IAS</Event-Source> <Class data_type="1">311 1 192.168.32.6 09/12/2016 11:43:17 548</Class> <Fully-Qualifed-User-Name data_type="1">NES.RU/itdept/Kuyukov Konstantin</Fully-Qualifed-User-Name> <Quarantine-Update-Non-Compliant data_type="0">1</Quarantine-Update-Non-Compliant> <Acct-Session-Id data_type="1">82500001</Acct-Session-Id> <NP-Policy-Name data_type="1">Mikrotik-VPN</NP-Policy-Name> <Client-IP-Address data_type="3">192.168.32.1</Client-IP-Address> <Client-Vendor data_type="0">0</Client-Vendor> <Client-Friendly-Name data_type="1">Mikrotik</Client-Friendly-Name> <Proxy-Policy-Name data_type="1">Use Windows authentication for all users</Proxy-Policy-Name> <Provider-Type data_type="0">1</Provider-Type> <SAM-Account-Name data_type="1">NES\kkuyukov</SAM-Account-Name> <Authentication-Type data_type="0">5</Authentication-Type> <Packet-Type data_type="0">3</Packet-Type> <Reason-Code data_type="0">66</Reason-Code> </Event> Из логов Микротик: 10:45:21 radius,debug,packet Signature = 0x0f2f6c8191f4d34c407bb556e9f8f271 10:45:21 radius,debug,packet Service-Type = 2 10:45:21 radius,debug,packet Framed-MTU = 1400 10:45:21 radius,debug,packet User-Name = "host/KKuyukov-new.NES.RU" 10:45:21 radius,debug,packet NAS-Port-Id = "RB951G-2HnD-18-1-3" 10:45:21 radius,debug,packet NAS-Port-Type = 19 10:45:21 radius,debug,packet Acct-Session-Id = "82500000" 10:45:21 radius,debug,packet Calling-Station-Id = "C0-4A-00-27-B7-33" 10:45:21 radius,debug,packet Called-Station-Id = "4E-5E-0C-33-88-D7:eduroam-test" 10:45:21 radius,debug,packet EAP-Message = 0x0201001d01686f73742f4b4b7579756b 10:45:21 radius,debug,packet 6f762d6e65772e4e45532e5255 10:45:21 radius,debug,packet Message-Authenticator = 0x9e539a771dc29fa3ca0c9288c06d1a1d 10:45:21 radius,debug,packet NAS-Identifier = "RB1100Hx2-Skolkovo" 10:45:21 radius,debug,packet NAS-IP-Address = 192.168.32.1 10:45:21 radius,debug,packet received Access-Reject with id 4 from 192.168.32.6:1812 10:45:21 radius,debug,packet Signature = 0x5b0fb9f981ab6af22c0e30089d137268 10:45:21 radius,debug,packet EAP-Message = 0x04010004 10:45:21 radius,debug,packet Message-Authenticator = 0x3fd7e0a106283cb37c2c34359a9693cf 10:45:21 radius,debug received reply for 58:9d 10:45:25 radius,debug new request 58:9e code=Access-Request service=wireless called-id=4E-5E-0C-33-88-D7:eduroam-test 10:45:25 radius,debug sending 58:9e to 192.168.32.6:1812 10:45:25 radius,debug,packet sending Access-Request with id 5 to 192.168.32.6:1812 10:45:25 radius,debug,packet Signature = 0x1b42edc2b4e81394cbd5b0f5f5b85ac2 10:45:25 radius,debug,packet Service-Type = 2 10:45:25 radius,debug,packet Framed-MTU = 1400 10:45:25 radius,debug,packet User-Name = "NES\kkuyukov" 10:45:25 radius,debug,packet NAS-Port-Id = "RB951G-2HnD-18-1-3" 10:45:25 radius,debug,packet NAS-Port-Type = 19 10:45:25 radius,debug,packet Acct-Session-Id = "82500001" 10:45:25 radius,debug,packet Calling-Station-Id = "C0-4A-00-27-B7-33" 10:45:25 radius,debug,packet Called-Station-Id = "4E-5E-0C-33-88-D7:eduroam-test" 10:45:25 radius,debug,packet EAP-Message = 0x02010011014e45535c6b6b7579756b6f 10:45:25 radius,debug,packet 76 10:45:25 radius,debug,packet Message-Authenticator = 0x7f18ac5cd7f77d07e18b12f6e68ebe74 10:45:25 radius,debug,packet NAS-Identifier = "RB1100Hx2-Skolkovo" 10:45:25 radius,debug,packet NAS-IP-Address = 192.168.32.1 10:45:25 radius,debug,packet received Access-Reject with id 5 from 192.168.32.6:1812 10:45:25 radius,debug,packet Signature = 0x33bdd0f8e404fac878cac49e7cce8457 10:45:25 radius,debug,packet EAP-Message = 0x04010004 10:45:25 radius,debug,packet Message-Authenticator = 0xa4eadb45fb5cdb1500e89508b87e206a 10:45:25 radius,debug received reply for 58:9e Подскажите, плиз, как наладить авторизацию Вставить ник Quote Ответить с цитированием Share this post Link to post Share on other sites More sharing options...