Jump to content
Калькуляторы

ошибка авторизации radtest Freeradius и MySQL

помогите не проходит авторизация при radtest:

ubilling@ubilling:/var/log# radtest 00001 5o3d40yo 127.0.0.1 0 dec0071981b1

Sending Access-Request of id 163 to 127.0.0.1 port 1812

User-Name = "0001"

User-Password = "5o3d40yo"

NAS-IP-Address = 127.0.0.1

NAS-Port = 0

Message-Authenticator = 0x00000000000000000000000000000000

rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=163, length=20

ubilling@ubilling:/var/log#

 

 

 

в логах при загрузке

 

Tue Jun 6 15:28:47 2017 : Info: Signalled to terminate

Tue Jun 6 15:28:47 2017 : Info: Exiting normally.

Tue Jun 6 15:28:47 2017 : Info: rlm_sql (sql): Closing sqlsocket 4

Tue Jun 6 15:28:47 2017 : Info: rlm_sql (sql): Closing sqlsocket 3

Tue Jun 6 15:28:47 2017 : Info: rlm_sql (sql): Closing sqlsocket 2

Tue Jun 6 15:28:47 2017 : Info: rlm_sql (sql): Closing sqlsocket 1

Tue Jun 6 15:28:47 2017 : Info: rlm_sql (sql): Closing sqlsocket 0

Tue Jun 6 15:30:38 2017 : Info: rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked

Tue Jun 6 15:30:38 2017 : Info: rlm_sql (sql): Attempting to connect to root@localhost:3306/stg

Tue Jun 6 15:30:38 2017 : Info: rlm_sql (sql): Attempting to connect rlm_sql_mysql #0

Tue Jun 6 15:30:38 2017 : Info: rlm_sql_mysql: Starting connect to MySQL server for #0

Tue Jun 6 15:30:38 2017 : Info: rlm_sql (sql): Connected new DB handle, #0

Tue Jun 6 15:30:38 2017 : Info: rlm_sql (sql): Attempting to connect rlm_sql_mysql #1

Tue Jun 6 15:30:38 2017 : Info: rlm_sql_mysql: Starting connect to MySQL server for #1

Tue Jun 6 15:30:38 2017 : Info: rlm_sql (sql): Connected new DB handle, #1

Tue Jun 6 15:30:38 2017 : Info: rlm_sql (sql): Attempting to connect rlm_sql_mysql #2

Tue Jun 6 15:30:38 2017 : Info: rlm_sql_mysql: Starting connect to MySQL server for #2

Tue Jun 6 15:30:38 2017 : Info: rlm_sql (sql): Connected new DB handle, #2

Tue Jun 6 15:30:38 2017 : Info: rlm_sql (sql): Attempting to connect rlm_sql_mysql #3

Tue Jun 6 15:30:38 2017 : Info: rlm_sql_mysql: Starting connect to MySQL server for #3

Tue Jun 6 15:30:38 2017 : Info: rlm_sql (sql): Connected new DB handle, #3

Tue Jun 6 15:30:38 2017 : Info: rlm_sql (sql): Attempting to connect rlm_sql_mysql #4

Tue Jun 6 15:30:38 2017 : Info: rlm_sql_mysql: Starting connect to MySQL server for #4

Tue Jun 6 15:30:38 2017 : Info: rlm_sql (sql): Connected new DB handle, #4

Tue Jun 6 15:30:39 2017 : Info: Loaded virtual server <default>

Tue Jun 6 15:30:39 2017 : Info: Loaded virtual server inner-tunnel

Tue Jun 6 15:30:39 2017 : Info: Ready to process requests.

 

 

 

может ошибаюсь, помоему нет связи и базой данных

driver = "rlm_sql_${database}"^M

^M

# Connection info:^M

server = "localhost"^M

port = 3306^M

login = "root"^M

password = "mys0c7c86b1"^M

^M

Share this post


Link to post
Share on other sites

может ошибаюсь, помоему нет связи и базой данных

Так проверте, попробуйте соедениться клиентом mysql к базе.

судя по

Connected new DB handle, #4

соеденяется, как я понял.

Ошибок то нет.

Share this post


Link to post
Share on other sites

может ошибаюсь, помоему нет связи и базой данных

Так проверте, попробуйте соедениться клиентом mysql к базе.

судя по

Connected new DB handle, #4

соеденяется, как я понял.

Ошибок то нет.

да соединяется, запуск radiusd -X

# radiusd -X

radiusd: FreeRADIUS Version 2.2.9, for host amd64-portbld-freebsd10.3, built on Apr 24 2017 at 17:47:58

Copyright © 1999-2015 The FreeRADIUS server project and contributors.

There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A

PARTICULAR PURPOSE.

You may redistribute copies of FreeRADIUS under the terms of the

GNU General Public License.

For more information about these matters, see the file named COPYRIGHT.

Starting - reading configuration files ...

including configuration file /usr/local/etc/raddb/radiusd.conf

including files in directory /usr/local/etc/raddb/modules/

including configuration file /usr/local/etc/raddb/modules/always

including configuration file /usr/local/etc/raddb/modules/attr_filter

including configuration file /usr/local/etc/raddb/modules/attr_rewrite

including configuration file /usr/local/etc/raddb/modules/cache

including configuration file /usr/local/etc/raddb/modules/chap

including configuration file /usr/local/etc/raddb/modules/checkval

including configuration file /usr/local/etc/raddb/modules/counter

including configuration file /usr/local/etc/raddb/modules/cui

including configuration file /usr/local/etc/raddb/modules/detail

including configuration file /usr/local/etc/raddb/modules/detail.example.com

including configuration file /usr/local/etc/raddb/modules/detail.log

including configuration file /usr/local/etc/raddb/modules/dhcp_sqlippool

including configuration file /usr/local/etc/raddb/sql/mysql/ippool-dhcp.conf

including configuration file /usr/local/etc/raddb/modules/digest

including configuration file /usr/local/etc/raddb/modules/dynamic_clients

including configuration file /usr/local/etc/raddb/modules/echo

including configuration file /usr/local/etc/raddb/modules/etc_group

including configuration file /usr/local/etc/raddb/modules/exec

including configuration file /usr/local/etc/raddb/modules/expiration

including configuration file /usr/local/etc/raddb/modules/expr

including configuration file /usr/local/etc/raddb/modules/files

including configuration file /usr/local/etc/raddb/modules/inner-eap

including configuration file /usr/local/etc/raddb/modules/ippool

including configuration file /usr/local/etc/raddb/modules/krb5

including configuration file /usr/local/etc/raddb/modules/ldap

including configuration file /usr/local/etc/raddb/modules/linelog

including configuration file /usr/local/etc/raddb/modules/logintime

including configuration file /usr/local/etc/raddb/modules/otp

including configuration file /usr/local/etc/raddb/modules/mac2ip

including configuration file /usr/local/etc/raddb/modules/mac2vlan

including configuration file /usr/local/etc/raddb/modules/mschap

including configuration file /usr/local/etc/raddb/modules/ntlm_auth

including configuration file /usr/local/etc/raddb/modules/opendirectory

including configuration file /usr/local/etc/raddb/modules/pam

including configuration file /usr/local/etc/raddb/modules/pap

including configuration file /usr/local/etc/raddb/modules/passwd

including configuration file /usr/local/etc/raddb/modules/perl

including configuration file /usr/local/etc/raddb/modules/policy

including configuration file /usr/local/etc/raddb/modules/preprocess

including configuration file /usr/local/etc/raddb/modules/radrelay

including configuration file /usr/local/etc/raddb/modules/radutmp

including configuration file /usr/local/etc/raddb/modules/realm

including configuration file /usr/local/etc/raddb/modules/redis

including configuration file /usr/local/etc/raddb/modules/rediswho

including configuration file /usr/local/etc/raddb/modules/replicate

including configuration file /usr/local/etc/raddb/modules/smbpasswd

including configuration file /usr/local/etc/raddb/modules/smsotp

including configuration file /usr/local/etc/raddb/modules/soh

including configuration file /usr/local/etc/raddb/modules/sql_log

including configuration file /usr/local/etc/raddb/modules/sqlcounter_expire_on_login

including configuration file /usr/local/etc/raddb/modules/sradutmp

including configuration file /usr/local/etc/raddb/modules/unix

including configuration file /usr/local/etc/raddb/modules/wimax

including configuration file /usr/local/etc/raddb/modules/acct_unique

including configuration file /usr/local/etc/raddb/eap.conf

including configuration file /usr/local/etc/raddb/sql.conf

including configuration file /usr/local/etc/raddb/sql/mysql/dialup.conf

including files in directory /usr/local/etc/raddb/sites-enabled/

including configuration file /usr/local/etc/raddb/sites-enabled/default

including configuration file /usr/local/etc/raddb/sites-enabled/inner-tunnel

including configuration file /usr/local/etc/raddb/sites-enabled/control-socket

main {

user = "freeradius"

group = "freeradius"

allow_core_dumps = no

}

including dictionary file /usr/local/etc/raddb/dictionary

main {

name = "radiusd"

prefix = "/usr/local"

localstatedir = "/var"

sbindir = "/usr/local/sbin"

logdir = "/var/log"

run_dir = "/var/run/radiusd"

libdir = "/usr/local/lib/freeradius-2.2.0"

radacctdir = "/var/log/radacct"

hostname_lookups = no

max_request_time = 30

cleanup_delay = 5

max_requests = 1024

pidfile = "/var/run/radiusd/radiusd.pid"

checkrad = "/usr/local/sbin/checkrad"

debug_level = 0

proxy_requests = yes

log {

stripped_names = yes

auth = yes

auth_badpass = yes

auth_goodpass = no

}

security {

max_attributes = 200

reject_delay = 1

status_server = yes

allow_vulnerable_openssl = no

}

}

radiusd: #### Loading Realms and Home Servers ####

radiusd: #### Loading Clients ####

radiusd: #### Instantiating modules ####

instantiate {

Module: Linked to module rlm_exec

Module: Instantiating module "exec" from file /usr/local/etc/raddb/modules/exec

exec {

wait = no

input_pairs = "request"

shell_escape = yes

timeout = 10

}

Module: Linked to module rlm_expr

Module: Instantiating module "expr" from file /usr/local/etc/raddb/modules/expr

}

radiusd: #### Loading Virtual Servers ####

server { # from file /usr/local/etc/raddb/radiusd.conf

modules {

Module: Creating Auth-Type = digest

Module: Checking authenticate {...} for more modules to load

Module: Linked to module rlm_pap

Module: Instantiating module "pap" from file /usr/local/etc/raddb/modules/pap

pap {

encryption_scheme = "auto"

auto_header = no

}

Module: Linked to module rlm_chap

Module: Instantiating module "chap" from file /usr/local/etc/raddb/modules/chap

Module: Linked to module rlm_mschap

Module: Instantiating module "mschap" from file /usr/local/etc/raddb/modules/mschap

mschap {

use_mppe = yes

require_encryption = no

require_strong = no

with_ntdomain_hack = no

allow_retry = yes

}

Module: Linked to module rlm_digest

Module: Instantiating module "digest" from file /usr/local/etc/raddb/modules/digest

Module: Linked to module rlm_unix

Module: Instantiating module "unix" from file /usr/local/etc/raddb/modules/unix

unix {

radwtmp = "/var/log/radwtmp"

}

Module: Linked to module rlm_eap

Module: Instantiating module "eap" from file /usr/local/etc/raddb/eap.conf

eap {

default_eap_type = "md5"

timer_expire = 60

ignore_unknown_eap_types = no

cisco_accounting_username_bug = no

max_sessions = 1024

}

Module: Linked to sub-module rlm_eap_md5

Module: Instantiating eap-md5

Module: Linked to sub-module rlm_eap_leap

Module: Instantiating eap-leap

Module: Linked to sub-module rlm_eap_gtc

Module: Instantiating eap-gtc

gtc {

challenge = "Password: "

auth_type = "PAP"

}

Module: Linked to sub-module rlm_eap_tls

Module: Instantiating eap-tls

tls {

rsa_key_exchange = no

dh_key_exchange = yes

rsa_key_length = 512

dh_key_length = 512

verify_depth = 0

CA_path = "/usr/local/etc/raddb/certs"

pem_file_type = yes

private_key_file = "/usr/local/etc/raddb/certs/server.pem"

certificate_file = "/usr/local/etc/raddb/certs/server.pem"

CA_file = "/usr/local/etc/raddb/certs/ca.pem"

private_key_password = "whatever"

dh_file = "/usr/local/etc/raddb/certs/dh"

fragment_size = 1024

include_length = yes

check_crl = no

check_all_crl = no

cipher_list = "DEFAULT"

make_cert_command = "/usr/local/etc/raddb/certs/bootstrap"

ecdh_curve = "prime256v1"

cache {

enable = no

lifetime = 24

max_entries = 255

}

verify {

}

ocsp {

enable = no

override_cert_url = yes

url = "http://127.0.0.1/ocsp/"

use_nonce = yes

timeout = 0

softfail = no

}

}

Module: Linked to sub-module rlm_eap_ttls

Module: Instantiating eap-ttls

ttls {

default_eap_type = "md5"

copy_request_to_tunnel = no

use_tunneled_reply = no

virtual_server = "inner-tunnel"

include_length = yes

}

Module: Linked to sub-module rlm_eap_peap

Module: Instantiating eap-peap

peap {

default_eap_type = "mschapv2"

copy_request_to_tunnel = no

use_tunneled_reply = no

proxy_tunneled_request_as_eap = yes

virtual_server = "inner-tunnel"

soh = no

}

Module: Linked to sub-module rlm_eap_mschapv2

Module: Instantiating eap-mschapv2

mschapv2 {

with_ntdomain_hack = no

send_error = no

}

Module: Checking authorize {...} for more modules to load

Module: Linked to module rlm_preprocess

Module: Instantiating module "preprocess" from file /usr/local/etc/raddb/modules/preprocess

preprocess {

huntgroups = "/usr/local/etc/raddb/huntgroups"

hints = "/usr/local/etc/raddb/hints"

with_ascend_hack = no

ascend_channels_per_line = 23

with_ntdomain_hack = no

with_specialix_jetstream_hack = no

with_cisco_vsa_hack = no

with_alvarion_vsa_hack = no

}

reading pairlist file /usr/local/etc/raddb/huntgroups

reading pairlist file /usr/local/etc/raddb/hints

Module: Linked to module rlm_sql

Module: Instantiating module "sql" from file /usr/local/etc/raddb/sql.conf

sql {

driver = "rlm_sql_mysql"

server = "localhost"

port = "3306"

login = "root"

password = "mys0c7c86b1"

radius_db = "stg"

read_groups = yes

sqltrace = no

sqltracefile = "/var/log/sqltrace.sql"

readclients = yes

deletestalesessions = yes

num_sql_socks = 5

lifetime = 0

max_queries = 0

sql_user_name = "%{User-Name}"

default_user_profile = ""

nas_query = "SELECT (@cnt := @cnt + 1) AS `id`, `nasname`, `shortname`, `type`, `secret`, `server` FROM `radius_clients` CROSS JOIN (SELECT @cnt := 0) AS `dummy` ORDER BY `id`"

authorize_check_query = "SELECT (@cnt := @cnt + 1) AS `id`, `UserName`, `Attribute`, `Value`, `op` FROM `radius_check` CROSS JOIN (SELECT @cnt := 0) AS `dummy` WHERE `UserName` = '%{SQL-User-Name}' ORDER BY `id`"

authorize_reply_query = "SELECT (@cnt := @cnt + 1) AS `id`, `UserName`, `Attribute`, `Value`, `op` FROM `radius_reply` CROSS JOIN (SELECT @cnt := 0) AS `dummy` WHERE `UserName` = '%{SQL-User-Name}' ORDER BY `id`"

authorize_group_check_query = "SELECT (@cnt := @cnt + 1) AS `id`, `GroupName`, `Attribute`, `Value`, `op` FROM `radius_groupcheck` CROSS JOIN (SELECT @cnt := 0) AS `dummy` WHERE `GroupName` = '%{Sql-Group}' ORDER BY `id`"

authorize_group_reply_query = "SELECT (@cnt := @cnt + 1) AS `id`, `GroupName`, `Attribute`, `Value`, `op` FROM `radius_groupreply` CROSS JOIN (SELECT @cnt := 0) AS `dummy` WHERE `GroupName` = '%{Sql-Group}' ORDER BY `id`"

accounting_onoff_query = " UPDATE radius_acct SET acctstoptime = '%S', acctsessiontime = unix_timestamp('%S') - unix_timestamp(acctstarttime), acctterminatecause = '%{Acct-Terminate-Cause}', acctstopdelay = %{%{Acct-Delay-Time}:-0} WHERE acctstoptime IS NULL AND nasipaddress = '%{NAS-IP-Address}' AND acctstarttime <= '%S'"

accounting_update_query = " UPDATE radius_acct SET framedipaddress = '%{Framed-IP-Address}', acctsessiontime = '%{Acct-Session-Time}', acctinputoctets = '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}' WHERE acctsessionid = '%{Acct-Session-Id}' AND username = '%{SQL-User-Name}' AND nasipaddress = '%{NAS-IP-Address}'"

accounting_update_query_alt = " INSERT INTO radius_acct (acctsessionid, acctuniqueid, username, realm, nasipaddress, nasportid, nasporttype, acctstarttime, acctsessiontime, acctauthentic, connectinfo_start, acctinputoctets, acctoutputoctets, calledstationid, callingstationid, servicetype, framedprotocol, framedipaddress, acctstartdelay, xascendsessionsvrkey) VALUES ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', DATE_SUB('%S', INTERVAL (%{%{Acct-Session-Time}:-0} + %{%{Acct-Delay-Time}:-0}) SECOND), '%{Acct-Session-Time}', '%{Acct-Authentic}', '', '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}', '%{Called-Station-Id}', '%{Calling-Station-Id}', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '0', '%{X-Ascend-Session-Svr-Key}')"

accounting_start_query = " INSERT INTO radius_acct (acctsessionid, acctuniqueid, username, realm, nasipaddress, nasportid, nasporttype, acctstarttime, acctstoptime, acctsessiontime, acctauthentic, connectinfo_start, connectinfo_stop, acctinputoctets, acctoutputoctets, calledstationid, callingstationid, acctterminatecause, servicetype, framedprotocol, framedipaddress, acctstartdelay, acctstopdelay, xascendsessionsvrkey) VALUES ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', '%S', NULL, '0', '%{Acct-Authentic}', '%{Connect-Info}', '', '0', '0', '%{Called-Station-Id}', '%{Calling-Station-Id}', '', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '%{%{Acct-Delay-Time}:-0}', '0', '%{X-Ascend-Session-Svr-Key}')"

accounting_start_query_alt = " UPDATE radius_acct SET acctstarttime = '%S', acctstartdelay = '%{%{Acct-Delay-Time}:-0}', connectinfo_start = '%{Connect-Info}' WHERE acctsessionid = '%{Acct-Session-Id}' AND username = '%{SQL-User-Name}' AND nasipaddress = '%{NAS-IP-Address}'"

accounting_stop_query = " UPDATE radius_acct SET acctstoptime = '%S', acctsessiontime = '%{Acct-Session-Time}', acctinputoctets = '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}', acctterminatecause = '%{Acct-Terminate-Cause}', acctstopdelay = '%{%{Acct-Delay-Time}:-0}', connectinfo_stop = '%{Connect-Info}' WHERE acctsessionid = '%{Acct-Session-Id}' AND username = '%{SQL-User-Name}' AND nasipaddress = '%{NAS-IP-Address}'"

accounting_stop_query_alt = " INSERT INTO radius_acct (acctsessionid, acctuniqueid, username, realm, nasipaddress, nasportid, nasporttype, acctstarttime, acctstoptime, acctsessiontime, acctauthentic, connectinfo_start, connectinfo_stop, acctinputoctets, acctoutputoctets, calledstationid, callingstationid, acctterminatecause, servicetype, framedprotocol, framedipaddress, acctstartdelay, acctstopdelay) VALUES ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', DATE_SUB('%S', INTERVAL (%{%{Acct-Session-Time}:-0} + %{%{Acct-Delay-Time}:-0}) SECOND), '%S', '%{Acct-Session-Time}', '%{Acct-Authentic}', '', '%{Connect-Info}', '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}', '%{Called-Station-Id}', '%{Calling-Station-Id}', '%{Acct-Terminate-Cause}', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '0', '%{%{Acct-Delay-Time}:-0}')"

group_membership_query = "SELECT `GroupName` FROM `radius_usergroup` WHERE `UserName` = '%{SQL-User-Name}' ORDER BY `priority`"

connect_failure_retry_delay = 60

simul_count_query = ""

simul_verify_query = "SELECT radacctid, acctsessionid, username, nasipaddress, nasportid, framedipaddress, callingstationid, framedprotocol FROM radius_acct WHERE username = '%{SQL-User-Name}' AND acctstoptime IS NULL"

postauth_query = "INSERT INTO radius_postauth (username, pass, reply, authdate) VALUES ( '%{User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S')"

safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"

}

rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked

rlm_sql (sql): Attempting to connect to root@localhost:3306/stg

rlm_sql (sql): starting 0

rlm_sql (sql): Attempting to connect rlm_sql_mysql #0

rlm_sql_mysql: Starting connect to MySQL server for #0

rlm_sql (sql): Connected new DB handle, #0

rlm_sql (sql): starting 1

rlm_sql (sql): Attempting to connect rlm_sql_mysql #1

rlm_sql_mysql: Starting connect to MySQL server for #1

rlm_sql (sql): Connected new DB handle, #1

rlm_sql (sql): starting 2

rlm_sql (sql): Attempting to connect rlm_sql_mysql #2

rlm_sql_mysql: Starting connect to MySQL server for #2

rlm_sql (sql): Connected new DB handle, #2

rlm_sql (sql): starting 3

rlm_sql (sql): Attempting to connect rlm_sql_mysql #3

rlm_sql_mysql: Starting connect to MySQL server for #3

rlm_sql (sql): Connected new DB handle, #3

rlm_sql (sql): starting 4

rlm_sql (sql): Attempting to connect rlm_sql_mysql #4

rlm_sql_mysql: Starting connect to MySQL server for #4

rlm_sql (sql): Connected new DB handle, #4

rlm_sql (sql): Processing generate_sql_clients

rlm_sql (sql) in generate_sql_clients: query is SELECT (@cnt := @cnt + 1) AS `id`, `nasname`, `shortname`, `type`, `secret`, `server` FROM `radius_clients` CROSS JOIN (SELECT @cnt := 0) AS `dummy` ORDER BY `id`

rlm_sql (sql): Reserving sql socket id: 4

rlm_sql (sql): Read entry nasname=10.1.0.1,shortname=Cisco 7200,secret=897269d6f1d8

rlm_sql (sql): Adding client 10.1.0.1 (Cisco 7200, server=<none>) to clients list

rlm_sql (sql): Read entry nasname=127.0.0.1,shortname=Test,secret=dec0071981b1

rlm_sql (sql): Adding client 127.0.0.1 (Test, server=<none>) to clients list

rlm_sql (sql): Released sql socket id: 4

Module: Linked to module rlm_expiration

Module: Instantiating module "expiration" from file /usr/local/etc/raddb/modules/expiration

expiration {

reply-message = "Password Has Expired "

}

Module: Linked to module rlm_logintime

Module: Instantiating module "logintime" from file /usr/local/etc/raddb/modules/logintime

logintime {

reply-message = "You are calling outside your allowed timespan "

minimum-timeout = 60

}

Module: Checking preacct {...} for more modules to load

Module: Linked to module rlm_acct_unique

Module: Instantiating module "acct_unique" from file /usr/local/etc/raddb/modules/acct_unique

acct_unique {

key = "User-Name, Acct-Session-Id, NAS-IP-Address, NAS-Identifier, NAS-Port"

}

Module: Checking accounting {...} for more modules to load

Module: Linked to module rlm_attr_filter

Module: Instantiating module "attr_filter.accounting_response" from file /usr/local/etc/raddb/modules/attr_filter

attr_filter attr_filter.accounting_response {

attrsfile = "/usr/local/etc/raddb/attrs.accounting_response"

key = "%{User-Name}"

relaxed = no

}

reading pairlist file /usr/local/etc/raddb/attrs.accounting_response

Module: Checking session {...} for more modules to load

Module: Linked to module rlm_radutmp

Module: Instantiating module "radutmp" from file /usr/local/etc/raddb/modules/radutmp

radutmp {

filename = "/var/log/radutmp"

username = "%{User-Name}"

case_sensitive = yes

check_with_nas = yes

perm = 384

callerid = yes

}

Module: Checking post-proxy {...} for more modules to load

Module: Checking post-auth {...} for more modules to load

Module: Instantiating module "attr_filter.access_reject" from file /usr/local/etc/raddb/modules/attr_filter

attr_filter attr_filter.access_reject {

attrsfile = "/usr/local/etc/raddb/attrs.access_reject"

key = "%{User-Name}"

relaxed = no

}

reading pairlist file /usr/local/etc/raddb/attrs.access_reject

} # modules

} # server

server inner-tunnel { # from file /usr/local/etc/raddb/sites-enabled/inner-tunnel

modules {

Module: Checking authenticate {...} for more modules to load

Module: Checking authorize {...} for more modules to load

Module: Linked to module rlm_realm

Module: Instantiating module "suffix" from file /usr/local/etc/raddb/modules/realm

realm suffix {

format = "suffix"

delimiter = "@"

ignore_default = no

ignore_null = no

}

Module: Linked to module rlm_files

Module: Instantiating module "files" from file /usr/local/etc/raddb/modules/files

files {

usersfile = "/usr/local/etc/raddb/users"

acctusersfile = "/usr/local/etc/raddb/acct_users"

preproxy_usersfile = "/usr/local/etc/raddb/preproxy_users"

compat = "no"

}

reading pairlist file /usr/local/etc/raddb/users

reading pairlist file /usr/local/etc/raddb/acct_users

reading pairlist file /usr/local/etc/raddb/preproxy_users

Module: Checking session {...} for more modules to load

Module: Checking post-proxy {...} for more modules to load

Module: Checking post-auth {...} for more modules to load

} # modules

} # server

radiusd: #### Opening IP addresses and Ports ####

listen {

type = "auth"

ipaddr = *

port = 0

}

listen {

type = "acct"

ipaddr = *

port = 0

}

listen {

type = "control"

listen {

socket = "/var/run/radiusd/radiusd.sock"

}

}

listen {

type = "auth"

ipaddr = 127.0.0.1

port = 18120

}

Listening on authentication address * port 1812

Listening on accounting address * port 1813

Listening on command file /var/run/radiusd/radiusd.sock

Listening on authentication address 127.0.0.1 port 18120 as server inner-tunnel

Listening on proxy address * port 1814

Ready to process requests.

 

 

 

 

 

radtest :

rad_recv: Access-Request packet from host 127.0.0.1 port 10036, id=251, length=75

User-Name = "00001"

User-Password = "5o3d40yo"

NAS-IP-Address = 127.0.0.1

NAS-Port = 0

Message-Authenticator = 0x1836e418ec0caab5ea6192efef334233

# Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default

+group authorize {

++[preprocess] = ok

++[chap] = noop

++[mschap] = noop

++[digest] = noop

[eap] No EAP-Message, not doing EAP

++[eap] = noop

   expand: %{User-Name} -> 00001

[sql] sql_set_user escaped user --> '00001'

rlm_sql (sql): Reserving sql socket id: 3

[sql] expand: SELECT (@cnt := @cnt + 1) AS `id`, `UserName`, `Attribute`, `Value`, `op` FROM `radius_check` CROSS JOIN (SELECT @cnt := 0) AS `dummy` WHERE `UserName` = '%{SQL-User-Name}' ORDER BY `id` -> SELECT (@cnt := @cnt + 1) AS `id`, `UserName`, `Attribute`, `Value`, `op` FROM `radius_check` CROSS JOIN (SELECT @cnt := 0) AS `dummy` WHERE `UserName` = '00001' ORDER BY `id`

[sql] expand: SELECT `GroupName` FROM `radius_usergroup` WHERE `UserName` = '%{SQL-User-Name}' ORDER BY `priority` -> SELECT `GroupName` FROM `radius_usergroup` WHERE `UserName` = '00001' ORDER BY `priority`

[sql] expand: SELECT (@cnt := @cnt + 1) AS `id`, `GroupName`, `Attribute`, `Value`, `op` FROM `radius_groupcheck` CROSS JOIN (SELECT @cnt := 0) AS `dummy` WHERE `GroupName` = '%{Sql-Group}' ORDER BY `id` -> SELECT (@cnt := @cnt + 1) AS `id`, `GroupName`, `Attribute`, `Value`, `op` FROM `radius_groupcheck` CROSS JOIN (SELECT @cnt := 0) AS `dummy` WHERE `GroupName` = '1:167837697' ORDER BY `id`

[sql] User found in group 1:167837697

[sql] expand: SELECT (@cnt := @cnt + 1) AS `id`, `GroupName`, `Attribute`, `Value`, `op` FROM `radius_groupreply` CROSS JOIN (SELECT @cnt := 0) AS `dummy` WHERE `GroupName` = '%{Sql-Group}' ORDER BY `id` -> SELECT (@cnt := @cnt + 1) AS `id`, `GroupName`, `Attribute`, `Value`, `op` FROM `radius_groupreply` CROSS JOIN (SELECT @cnt := 0) AS `dummy` WHERE `GroupName` = '1:167837697' ORDER BY `id`

rlm_sql (sql): Released sql socket id: 3

++[sql] = ok

++[expiration] = noop

++[logintime] = noop

[pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.

++[pap] = noop

+} # group authorize = ok

ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user

Failed to authenticate the user.

Login incorrect: [00001/5o3d40yo] (from client Test port 0)

Using Post-Auth-Type Reject

# Executing group from file /usr/local/etc/raddb/sites-enabled/default

+group REJECT {

[attr_filter.access_reject] expand: %{User-Name} -> 00001

attr_filter: Matched entry DEFAULT at line 11

++[attr_filter.access_reject] = updated

+} # group REJECT = updated

Delaying reject of request 0 for 1 seconds

Going to the next request

Waking up in 0.8 seconds.

Sending delayed reject for request 0

Sending Access-Reject of id 251 to 127.0.0.1 port 10036

Waking up in 4.9 seconds.

Cleaning up request 0 ID 251 with timestamp +183

Ready to process requests.

Share this post


Link to post
Share on other sites

нашел, вопрос по атрибутам!

 

> test Auth-Type := Local, User-Password == "test"

That should be

test Auth-Type = Local, User-Password := "test"

 

вот здесь https://www.linux.or...m/admin/4687789, всем спасибо!

 

 

 

 

 

 

 

ubilling@ubilling:/usr/local/etc/raddb/sites-enabled# radtest 00001 00001 127.0.0.1 0 dec0071981b1

Sending Access-Request of id 232 to 127.0.0.1 port 1812

User-Name = "00001"

User-Password = "00001"

NAS-IP-Address = 127.0.0.1

NAS-Port = 0

Message-Authenticator = 0x00000000000000000000000000000000

rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=232, length=20

ubilling@ubilling:/usr/local/etc/raddb/sites-enabled#

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.