Jump to content
Калькуляторы

ошибка авторизации radtest Freeradius и MySQL

помогите не проходит авторизация при radtest:

ubilling@ubilling:/var/log# radtest 00001 5o3d40yo 127.0.0.1 0 dec0071981b1

Sending Access-Request of id 163 to 127.0.0.1 port 1812

User-Name = "0001"

User-Password = "5o3d40yo"

NAS-IP-Address = 127.0.0.1

NAS-Port = 0

Message-Authenticator = 0x00000000000000000000000000000000

rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=163, length=20

ubilling@ubilling:/var/log#

 

 

 

в логах при загрузке

 

Tue Jun 6 15:28:47 2017 : Info: Signalled to terminate

Tue Jun 6 15:28:47 2017 : Info: Exiting normally.

Tue Jun 6 15:28:47 2017 : Info: rlm_sql (sql): Closing sqlsocket 4

Tue Jun 6 15:28:47 2017 : Info: rlm_sql (sql): Closing sqlsocket 3

Tue Jun 6 15:28:47 2017 : Info: rlm_sql (sql): Closing sqlsocket 2

Tue Jun 6 15:28:47 2017 : Info: rlm_sql (sql): Closing sqlsocket 1

Tue Jun 6 15:28:47 2017 : Info: rlm_sql (sql): Closing sqlsocket 0

Tue Jun 6 15:30:38 2017 : Info: rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked

Tue Jun 6 15:30:38 2017 : Info: rlm_sql (sql): Attempting to connect to root@localhost:3306/stg

Tue Jun 6 15:30:38 2017 : Info: rlm_sql (sql): Attempting to connect rlm_sql_mysql #0

Tue Jun 6 15:30:38 2017 : Info: rlm_sql_mysql: Starting connect to MySQL server for #0

Tue Jun 6 15:30:38 2017 : Info: rlm_sql (sql): Connected new DB handle, #0

Tue Jun 6 15:30:38 2017 : Info: rlm_sql (sql): Attempting to connect rlm_sql_mysql #1

Tue Jun 6 15:30:38 2017 : Info: rlm_sql_mysql: Starting connect to MySQL server for #1

Tue Jun 6 15:30:38 2017 : Info: rlm_sql (sql): Connected new DB handle, #1

Tue Jun 6 15:30:38 2017 : Info: rlm_sql (sql): Attempting to connect rlm_sql_mysql #2

Tue Jun 6 15:30:38 2017 : Info: rlm_sql_mysql: Starting connect to MySQL server for #2

Tue Jun 6 15:30:38 2017 : Info: rlm_sql (sql): Connected new DB handle, #2

Tue Jun 6 15:30:38 2017 : Info: rlm_sql (sql): Attempting to connect rlm_sql_mysql #3

Tue Jun 6 15:30:38 2017 : Info: rlm_sql_mysql: Starting connect to MySQL server for #3

Tue Jun 6 15:30:38 2017 : Info: rlm_sql (sql): Connected new DB handle, #3

Tue Jun 6 15:30:38 2017 : Info: rlm_sql (sql): Attempting to connect rlm_sql_mysql #4

Tue Jun 6 15:30:38 2017 : Info: rlm_sql_mysql: Starting connect to MySQL server for #4

Tue Jun 6 15:30:38 2017 : Info: rlm_sql (sql): Connected new DB handle, #4

Tue Jun 6 15:30:39 2017 : Info: Loaded virtual server <default>

Tue Jun 6 15:30:39 2017 : Info: Loaded virtual server inner-tunnel

Tue Jun 6 15:30:39 2017 : Info: Ready to process requests.

 

 

 

может ошибаюсь, помоему нет связи и базой данных

driver = "rlm_sql_${database}"^M

^M

# Connection info:^M

server = "localhost"^M

port = 3306^M

login = "root"^M

password = "mys0c7c86b1"^M

^M

Share this post


Link to post
Share on other sites

может ошибаюсь, помоему нет связи и базой данных

Так проверте, попробуйте соедениться клиентом mysql к базе.

судя по

Connected new DB handle, #4

соеденяется, как я понял.

Ошибок то нет.

Share this post


Link to post
Share on other sites

может ошибаюсь, помоему нет связи и базой данных

Так проверте, попробуйте соедениться клиентом mysql к базе.

судя по

Connected new DB handle, #4

соеденяется, как я понял.

Ошибок то нет.

да соединяется, запуск radiusd -X

# radiusd -X

radiusd: FreeRADIUS Version 2.2.9, for host amd64-portbld-freebsd10.3, built on Apr 24 2017 at 17:47:58

Copyright © 1999-2015 The FreeRADIUS server project and contributors.

There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A

PARTICULAR PURPOSE.

You may redistribute copies of FreeRADIUS under the terms of the

GNU General Public License.

For more information about these matters, see the file named COPYRIGHT.

Starting - reading configuration files ...

including configuration file /usr/local/etc/raddb/radiusd.conf

including files in directory /usr/local/etc/raddb/modules/

including configuration file /usr/local/etc/raddb/modules/always

including configuration file /usr/local/etc/raddb/modules/attr_filter

including configuration file /usr/local/etc/raddb/modules/attr_rewrite

including configuration file /usr/local/etc/raddb/modules/cache

including configuration file /usr/local/etc/raddb/modules/chap

including configuration file /usr/local/etc/raddb/modules/checkval

including configuration file /usr/local/etc/raddb/modules/counter

including configuration file /usr/local/etc/raddb/modules/cui

including configuration file /usr/local/etc/raddb/modules/detail

including configuration file /usr/local/etc/raddb/modules/detail.example.com

including configuration file /usr/local/etc/raddb/modules/detail.log

including configuration file /usr/local/etc/raddb/modules/dhcp_sqlippool

including configuration file /usr/local/etc/raddb/sql/mysql/ippool-dhcp.conf

including configuration file /usr/local/etc/raddb/modules/digest

including configuration file /usr/local/etc/raddb/modules/dynamic_clients

including configuration file /usr/local/etc/raddb/modules/echo

including configuration file /usr/local/etc/raddb/modules/etc_group

including configuration file /usr/local/etc/raddb/modules/exec

including configuration file /usr/local/etc/raddb/modules/expiration

including configuration file /usr/local/etc/raddb/modules/expr

including configuration file /usr/local/etc/raddb/modules/files

including configuration file /usr/local/etc/raddb/modules/inner-eap

including configuration file /usr/local/etc/raddb/modules/ippool

including configuration file /usr/local/etc/raddb/modules/krb5

including configuration file /usr/local/etc/raddb/modules/ldap

including configuration file /usr/local/etc/raddb/modules/linelog

including configuration file /usr/local/etc/raddb/modules/logintime

including configuration file /usr/local/etc/raddb/modules/otp

including configuration file /usr/local/etc/raddb/modules/mac2ip

including configuration file /usr/local/etc/raddb/modules/mac2vlan

including configuration file /usr/local/etc/raddb/modules/mschap

including configuration file /usr/local/etc/raddb/modules/ntlm_auth

including configuration file /usr/local/etc/raddb/modules/opendirectory

including configuration file /usr/local/etc/raddb/modules/pam

including configuration file /usr/local/etc/raddb/modules/pap

including configuration file /usr/local/etc/raddb/modules/passwd

including configuration file /usr/local/etc/raddb/modules/perl

including configuration file /usr/local/etc/raddb/modules/policy

including configuration file /usr/local/etc/raddb/modules/preprocess

including configuration file /usr/local/etc/raddb/modules/radrelay

including configuration file /usr/local/etc/raddb/modules/radutmp

including configuration file /usr/local/etc/raddb/modules/realm

including configuration file /usr/local/etc/raddb/modules/redis

including configuration file /usr/local/etc/raddb/modules/rediswho

including configuration file /usr/local/etc/raddb/modules/replicate

including configuration file /usr/local/etc/raddb/modules/smbpasswd

including configuration file /usr/local/etc/raddb/modules/smsotp

including configuration file /usr/local/etc/raddb/modules/soh

including configuration file /usr/local/etc/raddb/modules/sql_log

including configuration file /usr/local/etc/raddb/modules/sqlcounter_expire_on_login

including configuration file /usr/local/etc/raddb/modules/sradutmp

including configuration file /usr/local/etc/raddb/modules/unix

including configuration file /usr/local/etc/raddb/modules/wimax

including configuration file /usr/local/etc/raddb/modules/acct_unique

including configuration file /usr/local/etc/raddb/eap.conf

including configuration file /usr/local/etc/raddb/sql.conf

including configuration file /usr/local/etc/raddb/sql/mysql/dialup.conf

including files in directory /usr/local/etc/raddb/sites-enabled/

including configuration file /usr/local/etc/raddb/sites-enabled/default

including configuration file /usr/local/etc/raddb/sites-enabled/inner-tunnel

including configuration file /usr/local/etc/raddb/sites-enabled/control-socket

main {

user = "freeradius"

group = "freeradius"

allow_core_dumps = no

}

including dictionary file /usr/local/etc/raddb/dictionary

main {

name = "radiusd"

prefix = "/usr/local"

localstatedir = "/var"

sbindir = "/usr/local/sbin"

logdir = "/var/log"

run_dir = "/var/run/radiusd"

libdir = "/usr/local/lib/freeradius-2.2.0"

radacctdir = "/var/log/radacct"

hostname_lookups = no

max_request_time = 30

cleanup_delay = 5

max_requests = 1024

pidfile = "/var/run/radiusd/radiusd.pid"

checkrad = "/usr/local/sbin/checkrad"

debug_level = 0

proxy_requests = yes

log {

stripped_names = yes

auth = yes

auth_badpass = yes

auth_goodpass = no

}

security {

max_attributes = 200

reject_delay = 1

status_server = yes

allow_vulnerable_openssl = no

}

}

radiusd: #### Loading Realms and Home Servers ####

radiusd: #### Loading Clients ####

radiusd: #### Instantiating modules ####

instantiate {

Module: Linked to module rlm_exec

Module: Instantiating module "exec" from file /usr/local/etc/raddb/modules/exec

exec {

wait = no

input_pairs = "request"

shell_escape = yes

timeout = 10

}

Module: Linked to module rlm_expr

Module: Instantiating module "expr" from file /usr/local/etc/raddb/modules/expr

}

radiusd: #### Loading Virtual Servers ####

server { # from file /usr/local/etc/raddb/radiusd.conf

modules {

Module: Creating Auth-Type = digest

Module: Checking authenticate {...} for more modules to load

Module: Linked to module rlm_pap

Module: Instantiating module "pap" from file /usr/local/etc/raddb/modules/pap

pap {

encryption_scheme = "auto"

auto_header = no

}

Module: Linked to module rlm_chap

Module: Instantiating module "chap" from file /usr/local/etc/raddb/modules/chap

Module: Linked to module rlm_mschap

Module: Instantiating module "mschap" from file /usr/local/etc/raddb/modules/mschap

mschap {

use_mppe = yes

require_encryption = no

require_strong = no

with_ntdomain_hack = no

allow_retry = yes

}

Module: Linked to module rlm_digest

Module: Instantiating module "digest" from file /usr/local/etc/raddb/modules/digest

Module: Linked to module rlm_unix

Module: Instantiating module "unix" from file /usr/local/etc/raddb/modules/unix

unix {

radwtmp = "/var/log/radwtmp"

}

Module: Linked to module rlm_eap

Module: Instantiating module "eap" from file /usr/local/etc/raddb/eap.conf

eap {

default_eap_type = "md5"

timer_expire = 60

ignore_unknown_eap_types = no

cisco_accounting_username_bug = no

max_sessions = 1024

}

Module: Linked to sub-module rlm_eap_md5

Module: Instantiating eap-md5

Module: Linked to sub-module rlm_eap_leap

Module: Instantiating eap-leap

Module: Linked to sub-module rlm_eap_gtc

Module: Instantiating eap-gtc

gtc {

challenge = "Password: "

auth_type = "PAP"

}

Module: Linked to sub-module rlm_eap_tls

Module: Instantiating eap-tls

tls {

rsa_key_exchange = no

dh_key_exchange = yes

rsa_key_length = 512

dh_key_length = 512

verify_depth = 0

CA_path = "/usr/local/etc/raddb/certs"

pem_file_type = yes

private_key_file = "/usr/local/etc/raddb/certs/server.pem"

certificate_file = "/usr/local/etc/raddb/certs/server.pem"

CA_file = "/usr/local/etc/raddb/certs/ca.pem"

private_key_password = "whatever"

dh_file = "/usr/local/etc/raddb/certs/dh"

fragment_size = 1024

include_length = yes

check_crl = no

check_all_crl = no

cipher_list = "DEFAULT"

make_cert_command = "/usr/local/etc/raddb/certs/bootstrap"

ecdh_curve = "prime256v1"

cache {

enable = no

lifetime = 24

max_entries = 255

}

verify {

}

ocsp {

enable = no

override_cert_url = yes

url = "http://127.0.0.1/ocsp/"

use_nonce = yes

timeout = 0

softfail = no

}

}

Module: Linked to sub-module rlm_eap_ttls

Module: Instantiating eap-ttls

ttls {

default_eap_type = "md5"

copy_request_to_tunnel = no

use_tunneled_reply = no

virtual_server = "inner-tunnel"

include_length = yes

}

Module: Linked to sub-module rlm_eap_peap

Module: Instantiating eap-peap

peap {

default_eap_type = "mschapv2"

copy_request_to_tunnel = no

use_tunneled_reply = no

proxy_tunneled_request_as_eap = yes

virtual_server = "inner-tunnel"

soh = no

}

Module: Linked to sub-module rlm_eap_mschapv2

Module: Instantiating eap-mschapv2

mschapv2 {

with_ntdomain_hack = no

send_error = no

}

Module: Checking authorize {...} for more modules to load

Module: Linked to module rlm_preprocess

Module: Instantiating module "preprocess" from file /usr/local/etc/raddb/modules/preprocess

preprocess {

huntgroups = "/usr/local/etc/raddb/huntgroups"

hints = "/usr/local/etc/raddb/hints"

with_ascend_hack = no

ascend_channels_per_line = 23

with_ntdomain_hack = no

with_specialix_jetstream_hack = no

with_cisco_vsa_hack = no

with_alvarion_vsa_hack = no

}

reading pairlist file /usr/local/etc/raddb/huntgroups

reading pairlist file /usr/local/etc/raddb/hints

Module: Linked to module rlm_sql

Module: Instantiating module "sql" from file /usr/local/etc/raddb/sql.conf

sql {

driver = "rlm_sql_mysql"

server = "localhost"

port = "3306"

login = "root"

password = "mys0c7c86b1"

radius_db = "stg"

read_groups = yes

sqltrace = no

sqltracefile = "/var/log/sqltrace.sql"

readclients = yes

deletestalesessions = yes

num_sql_socks = 5

lifetime = 0

max_queries = 0

sql_user_name = "%{User-Name}"

default_user_profile = ""

nas_query = "SELECT (@cnt := @cnt + 1) AS `id`, `nasname`, `shortname`, `type`, `secret`, `server` FROM `radius_clients` CROSS JOIN (SELECT @cnt := 0) AS `dummy` ORDER BY `id`"

authorize_check_query = "SELECT (@cnt := @cnt + 1) AS `id`, `UserName`, `Attribute`, `Value`, `op` FROM `radius_check` CROSS JOIN (SELECT @cnt := 0) AS `dummy` WHERE `UserName` = '%{SQL-User-Name}' ORDER BY `id`"

authorize_reply_query = "SELECT (@cnt := @cnt + 1) AS `id`, `UserName`, `Attribute`, `Value`, `op` FROM `radius_reply` CROSS JOIN (SELECT @cnt := 0) AS `dummy` WHERE `UserName` = '%{SQL-User-Name}' ORDER BY `id`"

authorize_group_check_query = "SELECT (@cnt := @cnt + 1) AS `id`, `GroupName`, `Attribute`, `Value`, `op` FROM `radius_groupcheck` CROSS JOIN (SELECT @cnt := 0) AS `dummy` WHERE `GroupName` = '%{Sql-Group}' ORDER BY `id`"

authorize_group_reply_query = "SELECT (@cnt := @cnt + 1) AS `id`, `GroupName`, `Attribute`, `Value`, `op` FROM `radius_groupreply` CROSS JOIN (SELECT @cnt := 0) AS `dummy` WHERE `GroupName` = '%{Sql-Group}' ORDER BY `id`"

accounting_onoff_query = " UPDATE radius_acct SET acctstoptime = '%S', acctsessiontime = unix_timestamp('%S') - unix_timestamp(acctstarttime), acctterminatecause = '%{Acct-Terminate-Cause}', acctstopdelay = %{%{Acct-Delay-Time}:-0} WHERE acctstoptime IS NULL AND nasipaddress = '%{NAS-IP-Address}' AND acctstarttime <= '%S'"

accounting_update_query = " UPDATE radius_acct SET framedipaddress = '%{Framed-IP-Address}', acctsessiontime = '%{Acct-Session-Time}', acctinputoctets = '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}' WHERE acctsessionid = '%{Acct-Session-Id}' AND username = '%{SQL-User-Name}' AND nasipaddress = '%{NAS-IP-Address}'"

accounting_update_query_alt = " INSERT INTO radius_acct (acctsessionid, acctuniqueid, username, realm, nasipaddress, nasportid, nasporttype, acctstarttime, acctsessiontime, acctauthentic, connectinfo_start, acctinputoctets, acctoutputoctets, calledstationid, callingstationid, servicetype, framedprotocol, framedipaddress, acctstartdelay, xascendsessionsvrkey) VALUES ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', DATE_SUB('%S', INTERVAL (%{%{Acct-Session-Time}:-0} + %{%{Acct-Delay-Time}:-0}) SECOND), '%{Acct-Session-Time}', '%{Acct-Authentic}', '', '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}', '%{Called-Station-Id}', '%{Calling-Station-Id}', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '0', '%{X-Ascend-Session-Svr-Key}')"

accounting_start_query = " INSERT INTO radius_acct (acctsessionid, acctuniqueid, username, realm, nasipaddress, nasportid, nasporttype, acctstarttime, acctstoptime, acctsessiontime, acctauthentic, connectinfo_start, connectinfo_stop, acctinputoctets, acctoutputoctets, calledstationid, callingstationid, acctterminatecause, servicetype, framedprotocol, framedipaddress, acctstartdelay, acctstopdelay, xascendsessionsvrkey) VALUES ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', '%S', NULL, '0', '%{Acct-Authentic}', '%{Connect-Info}', '', '0', '0', '%{Called-Station-Id}', '%{Calling-Station-Id}', '', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '%{%{Acct-Delay-Time}:-0}', '0', '%{X-Ascend-Session-Svr-Key}')"

accounting_start_query_alt = " UPDATE radius_acct SET acctstarttime = '%S', acctstartdelay = '%{%{Acct-Delay-Time}:-0}', connectinfo_start = '%{Connect-Info}' WHERE acctsessionid = '%{Acct-Session-Id}' AND username = '%{SQL-User-Name}' AND nasipaddress = '%{NAS-IP-Address}'"

accounting_stop_query = " UPDATE radius_acct SET acctstoptime = '%S', acctsessiontime = '%{Acct-Session-Time}', acctinputoctets = '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}', acctterminatecause = '%{Acct-Terminate-Cause}', acctstopdelay = '%{%{Acct-Delay-Time}:-0}', connectinfo_stop = '%{Connect-Info}' WHERE acctsessionid = '%{Acct-Session-Id}' AND username = '%{SQL-User-Name}' AND nasipaddress = '%{NAS-IP-Address}'"

accounting_stop_query_alt = " INSERT INTO radius_acct (acctsessionid, acctuniqueid, username, realm, nasipaddress, nasportid, nasporttype, acctstarttime, acctstoptime, acctsessiontime, acctauthentic, connectinfo_start, connectinfo_stop, acctinputoctets, acctoutputoctets, calledstationid, callingstationid, acctterminatecause, servicetype, framedprotocol, framedipaddress, acctstartdelay, acctstopdelay) VALUES ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', DATE_SUB('%S', INTERVAL (%{%{Acct-Session-Time}:-0} + %{%{Acct-Delay-Time}:-0}) SECOND), '%S', '%{Acct-Session-Time}', '%{Acct-Authentic}', '', '%{Connect-Info}', '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}', '%{Called-Station-Id}', '%{Calling-Station-Id}', '%{Acct-Terminate-Cause}', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '0', '%{%{Acct-Delay-Time}:-0}')"

group_membership_query = "SELECT `GroupName` FROM `radius_usergroup` WHERE `UserName` = '%{SQL-User-Name}' ORDER BY `priority`"

connect_failure_retry_delay = 60

simul_count_query = ""

simul_verify_query = "SELECT radacctid, acctsessionid, username, nasipaddress, nasportid, framedipaddress, callingstationid, framedprotocol FROM radius_acct WHERE username = '%{SQL-User-Name}' AND acctstoptime IS NULL"

postauth_query = "INSERT INTO radius_postauth (username, pass, reply, authdate) VALUES ( '%{User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S')"

safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"

}

rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked

rlm_sql (sql): Attempting to connect to root@localhost:3306/stg

rlm_sql (sql): starting 0

rlm_sql (sql): Attempting to connect rlm_sql_mysql #0

rlm_sql_mysql: Starting connect to MySQL server for #0

rlm_sql (sql): Connected new DB handle, #0

rlm_sql (sql): starting 1

rlm_sql (sql): Attempting to connect rlm_sql_mysql #1

rlm_sql_mysql: Starting connect to MySQL server for #1

rlm_sql (sql): Connected new DB handle, #1

rlm_sql (sql): starting 2

rlm_sql (sql): Attempting to connect rlm_sql_mysql #2

rlm_sql_mysql: Starting connect to MySQL server for #2

rlm_sql (sql): Connected new DB handle, #2

rlm_sql (sql): starting 3

rlm_sql (sql): Attempting to connect rlm_sql_mysql #3

rlm_sql_mysql: Starting connect to MySQL server for #3

rlm_sql (sql): Connected new DB handle, #3

rlm_sql (sql): starting 4

rlm_sql (sql): Attempting to connect rlm_sql_mysql #4

rlm_sql_mysql: Starting connect to MySQL server for #4

rlm_sql (sql): Connected new DB handle, #4

rlm_sql (sql): Processing generate_sql_clients

rlm_sql (sql) in generate_sql_clients: query is SELECT (@cnt := @cnt + 1) AS `id`, `nasname`, `shortname`, `type`, `secret`, `server` FROM `radius_clients` CROSS JOIN (SELECT @cnt := 0) AS `dummy` ORDER BY `id`

rlm_sql (sql): Reserving sql socket id: 4

rlm_sql (sql): Read entry nasname=10.1.0.1,shortname=Cisco 7200,secret=897269d6f1d8

rlm_sql (sql): Adding client 10.1.0.1 (Cisco 7200, server=<none>) to clients list

rlm_sql (sql): Read entry nasname=127.0.0.1,shortname=Test,secret=dec0071981b1

rlm_sql (sql): Adding client 127.0.0.1 (Test, server=<none>) to clients list

rlm_sql (sql): Released sql socket id: 4

Module: Linked to module rlm_expiration

Module: Instantiating module "expiration" from file /usr/local/etc/raddb/modules/expiration

expiration {

reply-message = "Password Has Expired "

}

Module: Linked to module rlm_logintime

Module: Instantiating module "logintime" from file /usr/local/etc/raddb/modules/logintime

logintime {

reply-message = "You are calling outside your allowed timespan "

minimum-timeout = 60

}

Module: Checking preacct {...} for more modules to load

Module: Linked to module rlm_acct_unique

Module: Instantiating module "acct_unique" from file /usr/local/etc/raddb/modules/acct_unique

acct_unique {

key = "User-Name, Acct-Session-Id, NAS-IP-Address, NAS-Identifier, NAS-Port"

}

Module: Checking accounting {...} for more modules to load

Module: Linked to module rlm_attr_filter

Module: Instantiating module "attr_filter.accounting_response" from file /usr/local/etc/raddb/modules/attr_filter

attr_filter attr_filter.accounting_response {

attrsfile = "/usr/local/etc/raddb/attrs.accounting_response"

key = "%{User-Name}"

relaxed = no

}

reading pairlist file /usr/local/etc/raddb/attrs.accounting_response

Module: Checking session {...} for more modules to load

Module: Linked to module rlm_radutmp

Module: Instantiating module "radutmp" from file /usr/local/etc/raddb/modules/radutmp

radutmp {

filename = "/var/log/radutmp"

username = "%{User-Name}"

case_sensitive = yes

check_with_nas = yes

perm = 384

callerid = yes

}

Module: Checking post-proxy {...} for more modules to load

Module: Checking post-auth {...} for more modules to load

Module: Instantiating module "attr_filter.access_reject" from file /usr/local/etc/raddb/modules/attr_filter

attr_filter attr_filter.access_reject {

attrsfile = "/usr/local/etc/raddb/attrs.access_reject"

key = "%{User-Name}"

relaxed = no

}

reading pairlist file /usr/local/etc/raddb/attrs.access_reject

} # modules

} # server

server inner-tunnel { # from file /usr/local/etc/raddb/sites-enabled/inner-tunnel

modules {

Module: Checking authenticate {...} for more modules to load

Module: Checking authorize {...} for more modules to load

Module: Linked to module rlm_realm

Module: Instantiating module "suffix" from file /usr/local/etc/raddb/modules/realm

realm suffix {

format = "suffix"

delimiter = "@"

ignore_default = no

ignore_null = no

}

Module: Linked to module rlm_files

Module: Instantiating module "files" from file /usr/local/etc/raddb/modules/files

files {

usersfile = "/usr/local/etc/raddb/users"

acctusersfile = "/usr/local/etc/raddb/acct_users"

preproxy_usersfile = "/usr/local/etc/raddb/preproxy_users"

compat = "no"

}

reading pairlist file /usr/local/etc/raddb/users

reading pairlist file /usr/local/etc/raddb/acct_users

reading pairlist file /usr/local/etc/raddb/preproxy_users

Module: Checking session {...} for more modules to load

Module: Checking post-proxy {...} for more modules to load

Module: Checking post-auth {...} for more modules to load

} # modules

} # server

radiusd: #### Opening IP addresses and Ports ####

listen {

type = "auth"

ipaddr = *

port = 0

}

listen {

type = "acct"

ipaddr = *

port = 0

}

listen {

type = "control"

listen {

socket = "/var/run/radiusd/radiusd.sock"

}

}

listen {

type = "auth"

ipaddr = 127.0.0.1

port = 18120

}

Listening on authentication address * port 1812

Listening on accounting address * port 1813

Listening on command file /var/run/radiusd/radiusd.sock

Listening on authentication address 127.0.0.1 port 18120 as server inner-tunnel

Listening on proxy address * port 1814

Ready to process requests.

 

 

 

 

 

radtest :

rad_recv: Access-Request packet from host 127.0.0.1 port 10036, id=251, length=75

User-Name = "00001"

User-Password = "5o3d40yo"

NAS-IP-Address = 127.0.0.1

NAS-Port = 0

Message-Authenticator = 0x1836e418ec0caab5ea6192efef334233

# Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default

+group authorize {

++[preprocess] = ok

++[chap] = noop

++[mschap] = noop

++[digest] = noop

[eap] No EAP-Message, not doing EAP

++[eap] = noop

   expand: %{User-Name} -> 00001

[sql] sql_set_user escaped user --> '00001'

rlm_sql (sql): Reserving sql socket id: 3

[sql] expand: SELECT (@cnt := @cnt + 1) AS `id`, `UserName`, `Attribute`, `Value`, `op` FROM `radius_check` CROSS JOIN (SELECT @cnt := 0) AS `dummy` WHERE `UserName` = '%{SQL-User-Name}' ORDER BY `id` -> SELECT (@cnt := @cnt + 1) AS `id`, `UserName`, `Attribute`, `Value`, `op` FROM `radius_check` CROSS JOIN (SELECT @cnt := 0) AS `dummy` WHERE `UserName` = '00001' ORDER BY `id`

[sql] expand: SELECT `GroupName` FROM `radius_usergroup` WHERE `UserName` = '%{SQL-User-Name}' ORDER BY `priority` -> SELECT `GroupName` FROM `radius_usergroup` WHERE `UserName` = '00001' ORDER BY `priority`

[sql] expand: SELECT (@cnt := @cnt + 1) AS `id`, `GroupName`, `Attribute`, `Value`, `op` FROM `radius_groupcheck` CROSS JOIN (SELECT @cnt := 0) AS `dummy` WHERE `GroupName` = '%{Sql-Group}' ORDER BY `id` -> SELECT (@cnt := @cnt + 1) AS `id`, `GroupName`, `Attribute`, `Value`, `op` FROM `radius_groupcheck` CROSS JOIN (SELECT @cnt := 0) AS `dummy` WHERE `GroupName` = '1:167837697' ORDER BY `id`

[sql] User found in group 1:167837697

[sql] expand: SELECT (@cnt := @cnt + 1) AS `id`, `GroupName`, `Attribute`, `Value`, `op` FROM `radius_groupreply` CROSS JOIN (SELECT @cnt := 0) AS `dummy` WHERE `GroupName` = '%{Sql-Group}' ORDER BY `id` -> SELECT (@cnt := @cnt + 1) AS `id`, `GroupName`, `Attribute`, `Value`, `op` FROM `radius_groupreply` CROSS JOIN (SELECT @cnt := 0) AS `dummy` WHERE `GroupName` = '1:167837697' ORDER BY `id`

rlm_sql (sql): Released sql socket id: 3

++[sql] = ok

++[expiration] = noop

++[logintime] = noop

[pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.

++[pap] = noop

+} # group authorize = ok

ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user

Failed to authenticate the user.

Login incorrect: [00001/5o3d40yo] (from client Test port 0)

Using Post-Auth-Type Reject

# Executing group from file /usr/local/etc/raddb/sites-enabled/default

+group REJECT {

[attr_filter.access_reject] expand: %{User-Name} -> 00001

attr_filter: Matched entry DEFAULT at line 11

++[attr_filter.access_reject] = updated

+} # group REJECT = updated

Delaying reject of request 0 for 1 seconds

Going to the next request

Waking up in 0.8 seconds.

Sending delayed reject for request 0

Sending Access-Reject of id 251 to 127.0.0.1 port 10036

Waking up in 4.9 seconds.

Cleaning up request 0 ID 251 with timestamp +183

Ready to process requests.

Share this post


Link to post
Share on other sites

покажите раздел:

authenticate {

}

и остальные.

 

Так же файл users

Share this post


Link to post
Share on other sites

покажите раздел:

authenticate {

}

и остальные.

 

Так же файл users

все берется с БД

Share this post


Link to post
Share on other sites

нашел, вопрос по атрибутам!

 

> test Auth-Type := Local, User-Password == "test"

That should be

test Auth-Type = Local, User-Password := "test"

 

вот здесь https://www.linux.or...m/admin/4687789, всем спасибо!

 

 

 

 

 

 

 

ubilling@ubilling:/usr/local/etc/raddb/sites-enabled# radtest 00001 00001 127.0.0.1 0 dec0071981b1

Sending Access-Request of id 232 to 127.0.0.1 port 1812

User-Name = "00001"

User-Password = "00001"

NAS-IP-Address = 127.0.0.1

NAS-Port = 0

Message-Authenticator = 0x00000000000000000000000000000000

rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=232, length=20

ubilling@ubilling:/usr/local/etc/raddb/sites-enabled#

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this