korobeynikov Опубликовано 25 июля, 2017 · Жалоба Подскажите, кто сталкивался. Как быстро без MySQL настроить FreeRADIUS, чтобы в файле users прописать логин, пароль и MAC. Так должно работать? user1 Cleartext-Password := "12345678", Calling-Station-Id == "FC-E9-98-AA-BB-CC" Или не всё так просто? Вставить ник Цитата Ответить с цитированием Поделиться сообщением Ссылка на сообщение Поделиться на других сайтах More sharing options...
orlik Опубликовано 25 июля, 2017 · Жалоба Да , должно работать. Вставить ник Цитата Ответить с цитированием Поделиться сообщением Ссылка на сообщение Поделиться на других сайтах More sharing options...
korobeynikov Опубликовано 25 июля, 2017 · Жалоба Не работает. Что-то не так с Calling-Station-Id. Вставить ник Цитата Ответить с цитированием Поделиться сообщением Ссылка на сообщение Поделиться на других сайтах More sharing options...
orlik Опубликовано 25 июля, 2017 · Жалоба Может мак адрес в другом формате прилетает ? Вставить ник Цитата Ответить с цитированием Поделиться сообщением Ссылка на сообщение Поделиться на других сайтах More sharing options...
zhenya` Опубликовано 25 июля, 2017 · Жалоба Запрос покажите прилетающий Вставить ник Цитата Ответить с цитированием Поделиться сообщением Ссылка на сообщение Поделиться на других сайтах More sharing options...
korobeynikov Опубликовано 25 июля, 2017 · Жалоба radiusd: FreeRADIUS Version 2.2.6, for host x86_64-redhat-linux-gnu, built on Jul 18 2017 at 12:13:14 Copyright © 1999-2013 The FreeRADIUS server project and contributors. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License. For more information about these matters, see the file named COPYRIGHT. Starting - reading configuration files ... including configuration file /etc/raddb/radiusd.conf including configuration file /etc/raddb/proxy.conf including configuration file /etc/raddb/clients.conf including files in directory /etc/raddb/modules/ including configuration file /etc/raddb/modules/sql_log including configuration file /etc/raddb/modules/acct_unique including configuration file /etc/raddb/modules/pam including configuration file /etc/raddb/modules/opendirectory including configuration file /etc/raddb/modules/radrelay including configuration file /etc/raddb/modules/ippool including configuration file /etc/raddb/modules/detail including configuration file /etc/raddb/modules/smsotp including configuration file /etc/raddb/modules/unix including configuration file /etc/raddb/modules/always including configuration file /etc/raddb/modules/exec including configuration file /etc/raddb/modules/policy including configuration file /etc/raddb/modules/perl including configuration file /etc/raddb/modules/mac2ip including configuration file /etc/raddb/modules/sqlcounter_expire_on_login including configuration file /etc/raddb/modules/preprocess including configuration file /etc/raddb/modules/digest including configuration file /etc/raddb/modules/chap including configuration file /etc/raddb/modules/dhcp_sqlippool including configuration file /etc/raddb/modules/cache including configuration file /etc/raddb/modules/logintime including configuration file /etc/raddb/modules/smbpasswd including configuration file /etc/raddb/modules/etc_group including configuration file /etc/raddb/modules/rediswho including configuration file /etc/raddb/modules/soh including configuration file /etc/raddb/modules/realm including configuration file /etc/raddb/modules/detail.example.com including configuration file /etc/raddb/modules/files including configuration file /etc/raddb/modules/checkval including configuration file /etc/raddb/modules/detail.log including configuration file /etc/raddb/modules/linelog including configuration file /etc/raddb/modules/otp including configuration file /etc/raddb/modules/ntlm_auth including configuration file /etc/raddb/modules/pap including configuration file /etc/raddb/modules/attr_filter including configuration file /etc/raddb/modules/counter including configuration file /etc/raddb/modules/passwd including configuration file /etc/raddb/modules/mschap including configuration file /etc/raddb/modules/attr_rewrite including configuration file /etc/raddb/modules/radutmp including configuration file /etc/raddb/modules/expiration including configuration file /etc/raddb/modules/inner-eap including configuration file /etc/raddb/modules/dynamic_clients including configuration file /etc/raddb/modules/wimax including configuration file /etc/raddb/modules/expr including configuration file /etc/raddb/modules/redis including configuration file /etc/raddb/modules/mac2vlan including configuration file /etc/raddb/modules/echo including configuration file /etc/raddb/modules/replicate including configuration file /etc/raddb/modules/sradutmp including configuration file /etc/raddb/modules/cui including configuration file /etc/raddb/eap.conf including configuration file /etc/raddb/policy.conf including files in directory /etc/raddb/sites-enabled/ including configuration file /etc/raddb/sites-enabled/control-socket including configuration file /etc/raddb/sites-enabled/inner-tunnel including configuration file /etc/raddb/sites-enabled/default main { user = "radiusd" group = "radiusd" allow_core_dumps = no } including dictionary file /etc/raddb/dictionary main { name = "radiusd" prefix = "/usr" localstatedir = "/var" sbindir = "/usr/sbin" logdir = "/var/log/radius" run_dir = "/var/run/radiusd" libdir = "/usr/lib64/freeradius" radacctdir = "/var/log/radius/radacct" hostname_lookups = no max_request_time = 30 cleanup_delay = 5 max_requests = 1024 pidfile = "/var/run/radiusd/radiusd.pid" checkrad = "/usr/sbin/checkrad" debug_level = 0 proxy_requests = yes log { stripped_names = no auth = no auth_badpass = no auth_goodpass = no msg_badpass = "Ooops!" msg_goodpass = "Welcome to Internet!" } security { max_attributes = 200 reject_delay = 1 status_server = yes } } radiusd: #### Loading Realms and Home Servers #### proxy server { retry_delay = 5 retry_count = 3 default_fallback = no dead_time = 120 wake_all_if_all_dead = no } home_server localhost { ipaddr = 127.0.0.1 port = 1812 type = "auth" secret = "testing123" response_window = 20.000000 response_timeouts = 1 max_outstanding = 65536 require_message_authenticator = yes zombie_period = 40 status_check = "status-server" ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 num_pings_to_alive = 3 revive_interval = 120 status_check_timeout = 4 coa { irt = 2 mrt = 16 mrc = 5 mrd = 30 } } home_server_pool my_auth_failover { type = fail-over home_server = localhost } realm example.com { auth_pool = my_auth_failover } realm LOCAL { } radiusd: #### Loading Clients #### client localhost { ipaddr = 127.0.0.1 require_message_authenticator = no secret = "testing123" nastype = "other" } client 10.0.0.9 { require_message_authenticator = no secret = "7IZ3j0861t2J" shortname = "dlink" } radiusd: #### Instantiating modules #### instantiate { Module: Linked to module rlm_exec Module: Instantiating module "exec" from file /etc/raddb/modules/exec exec { wait = no input_pairs = "request" shell_escape = yes timeout = 10 } Module: Linked to module rlm_expr Module: Instantiating module "expr" from file /etc/raddb/modules/expr Module: Linked to module rlm_expiration Module: Instantiating module "expiration" from file /etc/raddb/modules/expiration expiration { reply-message = "Password Has Expired " } Module: Linked to module rlm_logintime Module: Instantiating module "logintime" from file /etc/raddb/modules/logintime logintime { reply-message = "You are calling outside your allowed timespan " minimum-timeout = 60 } } radiusd: #### Loading Virtual Servers #### server { # from file modules { Module: Creating Auth-Type = digest Module: Creating Post-Auth-Type = REJECT Module: Checking authenticate {...} for more modules to load Module: Linked to module rlm_pap Module: Instantiating module "pap" from file /etc/raddb/modules/pap pap { encryption_scheme = "auto" auto_header = no } Module: Linked to module rlm_chap Module: Instantiating module "chap" from file /etc/raddb/modules/chap Module: Linked to module rlm_mschap Module: Instantiating module "mschap" from file /etc/raddb/modules/mschap mschap { use_mppe = yes require_encryption = no require_strong = no with_ntdomain_hack = no allow_retry = yes } Module: Linked to module rlm_digest Module: Instantiating module "digest" from file /etc/raddb/modules/digest Module: Linked to module rlm_unix Module: Instantiating module "unix" from file /etc/raddb/modules/unix unix { radwtmp = "/var/log/radius/radwtmp" } Module: Linked to module rlm_eap Module: Instantiating module "eap" from file /etc/raddb/eap.conf eap { default_eap_type = "md5" timer_expire = 60 ignore_unknown_eap_types = no cisco_accounting_username_bug = no max_sessions = 1024 } Module: Linked to sub-module rlm_eap_md5 Module: Instantiating eap-md5 Module: Linked to sub-module rlm_eap_leap Module: Instantiating eap-leap Module: Linked to sub-module rlm_eap_gtc Module: Instantiating eap-gtc gtc { challenge = "Password: " auth_type = "PAP" } Module: Linked to sub-module rlm_eap_tls Module: Instantiating eap-tls tls { rsa_key_exchange = no dh_key_exchange = yes rsa_key_length = 512 dh_key_length = 512 verify_depth = 0 CA_path = "/etc/raddb/certs" pem_file_type = yes private_key_file = "/etc/raddb/certs/server.pem" certificate_file = "/etc/raddb/certs/server.pem" CA_file = "/etc/raddb/certs/ca.pem" private_key_password = "whatever" dh_file = "/etc/raddb/certs/dh" fragment_size = 1024 include_length = yes check_crl = no cipher_list = "DEFAULT" ecdh_curve = "prime256v1" cache { enable = no lifetime = 24 max_entries = 255 } verify { } ocsp { enable = no override_cert_url = yes url = "http://127.0.0.1/ocsp/" use_nonce = yes timeout = 0 softfail = no } } Module: Linked to sub-module rlm_eap_ttls Module: Instantiating eap-ttls ttls { default_eap_type = "md5" copy_request_to_tunnel = no use_tunneled_reply = no virtual_server = "inner-tunnel" include_length = yes } Module: Linked to sub-module rlm_eap_peap Module: Instantiating eap-peap peap { default_eap_type = "mschapv2" copy_request_to_tunnel = no use_tunneled_reply = no proxy_tunneled_request_as_eap = yes virtual_server = "inner-tunnel" soh = no } Module: Linked to sub-module rlm_eap_mschapv2 Module: Instantiating eap-mschapv2 mschapv2 { with_ntdomain_hack = no send_error = no } Module: Checking authorize {...} for more modules to load Module: Linked to module rlm_preprocess Module: Instantiating module "preprocess" from file /etc/raddb/modules/preprocess preprocess { huntgroups = "/etc/raddb/huntgroups" hints = "/etc/raddb/hints" with_ascend_hack = no ascend_channels_per_line = 23 with_ntdomain_hack = no with_specialix_jetstream_hack = no with_cisco_vsa_hack = no with_alvarion_vsa_hack = no } reading pairlist file /etc/raddb/huntgroups reading pairlist file /etc/raddb/hints Module: Linked to module rlm_realm Module: Instantiating module "suffix" from file /etc/raddb/modules/realm realm suffix { format = "suffix" delimiter = "@" ignore_default = no ignore_null = no } Module: Linked to module rlm_files Module: Instantiating module "files" from file /etc/raddb/modules/files files { usersfile = "/etc/raddb/users" acctusersfile = "/etc/raddb/acct_users" preproxy_usersfile = "/etc/raddb/preproxy_users" compat = "no" } reading pairlist file /etc/raddb/users reading pairlist file /etc/raddb/acct_users reading pairlist file /etc/raddb/preproxy_users Module: Checking preacct {...} for more modules to load Module: Linked to module rlm_acct_unique Module: Instantiating module "acct_unique" from file /etc/raddb/modules/acct_unique acct_unique { key = "User-Name, Acct-Session-Id, NAS-IP-Address, NAS-Identifier, NAS-Port" } Module: Checking accounting {...} for more modules to load Module: Linked to module rlm_detail Module: Instantiating module "detail" from file /etc/raddb/modules/detail detail { detailfile = "/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d" header = "%t" detailperm = 384 dirperm = 493 locking = no log_packet_header = no } Module: Linked to module rlm_attr_filter Module: Instantiating module "attr_filter.accounting_response" from file /etc/raddb/modules/attr_filter attr_filter attr_filter.accounting_response { attrsfile = "/etc/raddb/attrs.accounting_response" key = "%{User-Name}" relaxed = no } reading pairlist file /etc/raddb/attrs.accounting_response Module: Checking session {...} for more modules to load Module: Linked to module rlm_radutmp Module: Instantiating module "radutmp" from file /etc/raddb/modules/radutmp radutmp { filename = "/var/log/radius/radutmp" username = "%{User-Name}" case_sensitive = yes check_with_nas = yes perm = 384 callerid = yes } Module: Checking post-proxy {...} for more modules to load Module: Checking post-auth {...} for more modules to load Module: Instantiating module "attr_filter.access_reject" from file /etc/raddb/modules/attr_filter attr_filter attr_filter.access_reject { attrsfile = "/etc/raddb/attrs.access_reject" key = "%{User-Name}" relaxed = no } reading pairlist file /etc/raddb/attrs.access_reject } # modules } # server server inner-tunnel { # from file /etc/raddb/sites-enabled/inner-tunnel modules { Module: Checking authenticate {...} for more modules to load Module: Checking authorize {...} for more modules to load Module: Checking session {...} for more modules to load Module: Checking post-proxy {...} for more modules to load Module: Checking post-auth {...} for more modules to load } # modules } # server radiusd: #### Opening IP addresses and Ports #### listen { type = "auth" ipaddr = * port = 0 } listen { type = "acct" ipaddr = * port = 0 } listen { type = "control" listen { socket = "/var/run/radiusd/radiusd.sock" } } listen { type = "auth" ipaddr = 127.0.0.1 port = 18120 } ... adding new socket proxy address * port 59124 Listening on authentication address * port 1812 Listening on accounting address * port 1813 Listening on command file /var/run/radiusd/radiusd.sock Listening on authentication address 127.0.0.1 port 18120 as server inner-tunnel Listening on proxy address * port 1814 Ready to process requests. rad_recv: Access-Request packet from host 10.0.0.9 port 39043, id=192, length=145 User-Name = "sergey" NAS-Port = 0 Called-Station-Id = "C4-A8-1D-05-12-AF:sunnet" Calling-Station-Id = "80-C5-E6-16-7F-01" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 0Mbps 802.11" EAP-Message = 0x0201000b01736572676579 Message-Authenticator = 0x1324500679f9c8a29571bbf7b5ff1ffd # Executing section authorize from file /etc/raddb/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop ++[digest] = noop [suffix] No '@' in User-Name = "sergey", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 1 length 11 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] = updated [files] users: Matched entry sergey at line 50 ++[files] = ok ++[expiration] = noop ++[logintime] = noop [pap] WARNING: Auth-Type already set. Not setting to PAP ++[pap] = noop +} # group authorize = updated Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/default +group authenticate { [eap] EAP Identity [eap] processing type md5 rlm_eap_md5: Issuing Challenge ++[eap] = handled +} # group authenticate = handled Sending Access-Challenge of id 192 to 10.0.0.9 port 39043 EAP-Message = 0x010200160410880ee0eaad9e8cec94766c50d705005e Message-Authenticator = 0x00000000000000000000000000000000 State = 0xdc94e110dc96e57ccdd61660f7c49ce7 Finished request 0. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.0.0.9 port 39043, id=193, length=159 User-Name = "sergey" NAS-Port = 0 Called-Station-Id = "C4-A8-1D-05-12-AF:sunnet" Calling-Station-Id = "80-C5-E6-16-7F-01" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 0Mbps 802.11" EAP-Message = 0x02020007031915 State = 0xdc94e110dc96e57ccdd61660f7c49ce7 Message-Authenticator = 0x9062a348d0f29a0b9391b22a887e33e8 # Executing section authorize from file /etc/raddb/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop ++[digest] = noop [suffix] No '@' in User-Name = "sergey", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 2 length 7 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] = updated [files] users: Matched entry sergey at line 50 ++[files] = ok ++[expiration] = noop ++[logintime] = noop [pap] WARNING: Auth-Type already set. Not setting to PAP ++[pap] = noop +} # group authorize = updated Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/default +group authenticate { [eap] Request found, released from the list [eap] EAP NAK [eap] EAP-NAK asked for EAP-Type/peap [eap] processing type tls [tls] Initiate [tls] Start returned 1 ++[eap] = handled +} # group authenticate = handled Sending Access-Challenge of id 193 to 10.0.0.9 port 39043 EAP-Message = 0x010300061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xdc94e110dd97f87ccdd61660f7c49ce7 Finished request 1. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.0.0.9 port 39043, id=194, length=322 User-Name = "sergey" NAS-Port = 0 Called-Station-Id = "C4-A8-1D-05-12-AF:sunnet" Calling-Station-Id = "80-C5-E6-16-7F-01" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 0Mbps 802.11" EAP-Message = 0x020300aa1980000000a0160303009b01000097030359774b3b10fe48f3babfb419c9506303b0900cd8d73c4a4dc94325bdf22b4db700002ec02cc02bc030c02f009f009ec024c023c028c027c00ac009c014c013009d009c003d003c0035002f000a0005000401000040000500050100000000000a00080006001d00170018000b00020100000d001400120401050102010403050302030202060106030023000000170000ff01000100 State = 0xdc94e110dd97f87ccdd61660f7c49ce7 Message-Authenticator = 0x68fd00aaa47a5cdb004bd91a4d4babed # Executing section authorize from file /etc/raddb/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop ++[digest] = noop [suffix] No '@' in User-Name = "sergey", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 3 length 170 [eap] Continuing tunnel setup. ++[eap] = ok +} # group authorize = ok Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/default +group authenticate { [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS TLS Length 160 [peap] Length Included [peap] eaptls_verify returned 11 [peap] (other): before/accept initialization [peap] TLS_accept: before/accept initialization [peap] <<< Unknown TLS version [length 009b] [peap] TLS_accept: SSLv3 read client hello A [peap] >>> Unknown TLS version [length 0039] [peap] TLS_accept: SSLv3 write server hello A [peap] >>> Unknown TLS version [length 08d0] [peap] TLS_accept: SSLv3 write certificate A [peap] >>> Unknown TLS version [length 014d] [peap] TLS_accept: SSLv3 write key exchange A [peap] >>> Unknown TLS version [length 0004] [peap] TLS_accept: SSLv3 write server done A [peap] TLS_accept: SSLv3 flush data [peap] TLS_accept: Need to read more data: SSLv3 read client certificate A [peap] TLS_accept: Need to read more data: SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] = handled +} # group authenticate = handled Sending Access-Challenge of id 194 to 10.0.0.9 port 39043 EAP-Message = 0x0104040019c000000a6e160303003902000035030359774b08f21e4bd58fdf1667f32cdba0368741ac00903e7e63da226862936e7800c03000000dff01000100000b00040300010216030308d00b0008cc0008c90003de308203da308202c2a003020102020101300d06092a864886f70d01010b0500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966 EAP-Message = 0x696361746520417574686f72697479301e170d3137303732353132303233335a170d3137303932333132303233335a307c310b3009060355040613024652310f300d0603550408130652616469757331153013060355040a130c4578616d706c6520496e632e312330210603550403131a4578616d706c65205365727665722043657274696669636174653120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a02820101009d103afebc867e0690c285ac9fcb62229ad73af0d58ae7242b3274caadb1fc1eab95f66f11771f0a236b6b1da02ddd EAP-Message = 0x968a369cb4e0ad4cb9e4998edf78e0f0f35d2fc66ec1f7d4041b1c5f9e2ef34955bffa7ad3a9257c517a6b450cb84962a8484d497e70ef9c90c48635fbaeddcfab279e560696f6584d4924ed2db957b5c6417782e076b57da49371ed0f3d9c3a63c14c956a96d0a618fb4af8e1d5eb7bbbdbdbf9deb8ffc0680079daea15a90134c3aeddd0c022b62f01998351ba04d870120abfab131a3174ce8dd0c141eb70de084d83ba4174cf3cf12f7f922af1efca824d87789f4c90d36be58cab918ea62851a67d317c0db1e672592ccbd54e93470203010001a34f304d30130603551d25040c300a06082b0601050507030130360603551d1f042f302d302ba0 EAP-Message = 0x29a0278625687474703a2f2f7777772e6578616d706c652e636f6d2f6578616d706c655f63612e63726c300d06092a864886f70d01010b050003820101005be3ed89af0f601ec5b7f0d69a02d5dfa15c8db6e1c4e6f01a9161da27692a7b9d4c653f4f97c78810c3628aeda1d272eb33348d00904551b1242dbbca111d342fc85056b797c584fe73bd81252b70c56bc0ae05c0a7c413465181ac151855e1a893a2927f7253224ca173582dcb9b57960ac8ba4b7e302874043dc1c35b6bcbd6eba315061ef95b10656dcc537ae386903ca6bfdc9511945ee01997f6b9eaea73fef79b157ae14f9c1091f286272848b7f410ec01cacf635fa74fc9137c63 EAP-Message = 0x05bb3ad19d3b3737076123ee Message-Authenticator = 0x00000000000000000000000000000000 State = 0xdc94e110de90f87ccdd61660f7c49ce7 Finished request 2. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.0.0.9 port 39043, id=195, length=158 User-Name = "sergey" NAS-Port = 0 Called-Station-Id = "C4-A8-1D-05-12-AF:sunnet" Calling-Station-Id = "80-C5-E6-16-7F-01" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 0Mbps 802.11" EAP-Message = 0x020400061900 State = 0xdc94e110de90f87ccdd61660f7c49ce7 Message-Authenticator = 0xb6a64c6f172f51623dec5edebfc8bca0 # Executing section authorize from file /etc/raddb/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop ++[digest] = noop [suffix] No '@' in User-Name = "sergey", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 4 length 6 [eap] Continuing tunnel setup. ++[eap] = ok +} # group authorize = ok Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/default +group authenticate { [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake fragment handler [peap] eaptls_verify returned 1 [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] = handled +} # group authenticate = handled Sending Access-Challenge of id 195 to 10.0.0.9 port 39043 EAP-Message = 0x010503fc194066e3c1a837cc32747026ec2e947a987046702fa48cd678ae3a6d96127719d7a3a809b9bd003dc706e546a61d3daa93b61619de275a0004e5308204e1308203c9a003020102020900ed3b7e265fca1585300d06092a864886f70d0101050500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479301e EAP-Message = 0x170d3137303732353132303233335a170d3137303932333132303233335a308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a02820101009e46dc8c640c0508302c4c1278ea822243d1f482bce84bec45da7407239108448e1eb6f295d37e12 EAP-Message = 0x875cf0c23c59a10e225879290bd50ac8b49896baf01ffeb8010850854164404f19ee2b4bea0d0bea6946a60851d7cc8d554c71197e94b4f7118c4387ed7259c2221aa0dc23aa2666e38ae252c384ee21ef999e5bb4aac97531e3994e7f8f15b221008d08e21d6db1c4a7f4e8d2e2b4acb9656e90f1f7b1ae82d41c60e3e09fd1600a00c00ccdb67514b01121e3b3682c6d4c2c54fc10189c74a0a2c86fadcfe58db136aa566a27740f1030de0004ef426c156922369d5af74fdacd2391a424108519a79d6cd668366878966c51ea68a190880bd13ddfc4250203010001a382013430820130301d0603551d0e04160414d876e90224ce3f9ca6dfc0a5e1 EAP-Message = 0xe62290910182673081c80603551d230481c03081bd8014d876e90224ce3f9ca6dfc0a5e1e6229091018267a18199a48196308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479820900ed3b7e265fca1585300c0603551d13040530030101ff30360603551d1f042f302d302ba029a0278625687474703a2f2f777777 EAP-Message = 0x2e6578616d706c65 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xdc94e110df91f87ccdd61660f7c49ce7 Finished request 3. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.0.0.9 port 39043, id=196, length=158 User-Name = "sergey" NAS-Port = 0 Called-Station-Id = "C4-A8-1D-05-12-AF:sunnet" Calling-Station-Id = "80-C5-E6-16-7F-01" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 0Mbps 802.11" EAP-Message = 0x020500061900 State = 0xdc94e110df91f87ccdd61660f7c49ce7 Message-Authenticator = 0xacd7dd0944ed4f3233c84cfaa6b14230 # Executing section authorize from file /etc/raddb/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop ++[digest] = noop [suffix] No '@' in User-Name = "sergey", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 5 length 6 [eap] Continuing tunnel setup. ++[eap] = ok +} # group authorize = ok Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/default +group authenticate { [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake fragment handler [peap] eaptls_verify returned 1 [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] = handled +} # group authenticate = handled Sending Access-Challenge of id 196 to 10.0.0.9 port 39043 EAP-Message = 0x0106028819002e636f6d2f6578616d706c655f63612e63726c300d06092a864886f70d0101050500038201010016a489b41baaed951be0ce640028fe8519b67a930815f0d79473e31c59135e2cea0bc55779f11af28d2dea9a940a3f84e66057789dac29cccc861b3a9340b458b541335ae774f911e160e03c4cd8d6380411b1cab8abad4d52d59b9c3fd024c539cdef238a7b5984a1d5c50efc0362eb1a05e9f3da3ac7196c1743b635763983875d3ec7cf75661d48500c69cfb3eed1fbf2fce7aff5dba3c81d8a62b5dadb61f6999333e37df27979bf76372eb4a07f1ccea558c646b2e308baea72658f00a99d3409be417dc804cd7374ad17f17174 EAP-Message = 0x28416bdbc3f316b4e4b1ce4342c64aaf7219f725251c992960b6842713b303edad67f3d00253db73cfc2931dd5105449160303014d0c0001490300174104e9d6414bc28e4a597656ac71de6d1ac55a02f8dfc8a023c96ce2233d0fb6c70b369dd4bd496ff5dfe55611ca20a88a9935779cb76b06fac841468035ead2f4ef040101009c7c0cb45732a16b07f34631cae6bd9966087dd9f881011995878f7946373404f387ae2e1ebec6182233deee6390efa98441a1d13c185cd3f25ad146f475002101b4a386edaa35f4fcdb0e415474b1fa9f89b711325a9ffba5eb0fec2ff88b52e2e045257a13dcb1b7eeafb950bc1307b2e7cb7bcdab6c9c11f7df EAP-Message = 0x51e613f67d93b600f6e4fcd0d37b47d2ba6be62acd9170bdf7f8f8f05ee09acb3aef2aa6598580961cdcc2e637c8dd312764b620212b99c5b2fe4a3238cd2e9247a5b95a21aed8e9fbbf3e35039ceeda393549edb3ebac2964b50f76eea51db07c64416dd06c1e8ed09cf66cd1be02734c23d551acfe6e9a3d5111c0a96ce930c0e3dfe3ea16030300040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xdc94e110d892f87ccdd61660f7c49ce7 Finished request 4. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.0.0.9 port 39043, id=197, length=288 User-Name = "sergey" NAS-Port = 0 Called-Station-Id = "C4-A8-1D-05-12-AF:sunnet" Calling-Station-Id = "80-C5-E6-16-7F-01" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 0Mbps 802.11" EAP-Message = 0x0206008819800000007e1603030046100000424104c936b6abbd29e1a3868ce2ea3e4d920bc3f22a22b69bc3b0e5e76122e03628108103fa2cc5e305c1ad867b83a8f0d870baf23206cd9c0e6f714f19a1fd71259614030300010116030300280000000000000000133a596454b9c668c3e2065f3c1997924246bb847d1b8248d3dcf501f7edd681 State = 0xdc94e110d892f87ccdd61660f7c49ce7 Message-Authenticator = 0x5741e4c5f7343dc4891c13d246744af5 # Executing section authorize from file /etc/raddb/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop ++[digest] = noop [suffix] No '@' in User-Name = "sergey", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 6 length 136 [eap] Continuing tunnel setup. ++[eap] = ok +} # group authorize = ok Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/default +group authenticate { [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS TLS Length 126 [peap] Length Included [peap] eaptls_verify returned 11 [peap] <<< Unknown TLS version [length 0046] [peap] TLS_accept: SSLv3 read client key exchange A [peap] <<< Unknown TLS version [length 0001] [peap] <<< Unknown TLS version [length 0010] [peap] TLS_accept: SSLv3 read finished A [peap] >>> Unknown TLS version [length 0001] [peap] TLS_accept: SSLv3 write change cipher spec A [peap] >>> Unknown TLS version [length 0010] [peap] TLS_accept: SSLv3 write finished A [peap] TLS_accept: SSLv3 flush data [peap] (other): SSL negotiation finished successfully SSL Connection Established [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] = handled +} # group authenticate = handled Sending Access-Challenge of id 197 to 10.0.0.9 port 39043 EAP-Message = 0x01070039190014030300010116030300284e350557832a50da638773a7573130edabcad7cfe1fe9ce4dab0fe6008c7d0b770236d7646d332ce Message-Authenticator = 0x00000000000000000000000000000000 State = 0xdc94e110d993f87ccdd61660f7c49ce7 Finished request 5. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.0.0.9 port 39043, id=198, length=158 User-Name = "sergey" NAS-Port = 0 Called-Station-Id = "C4-A8-1D-05-12-AF:sunnet" Calling-Station-Id = "80-C5-E6-16-7F-01" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 0Mbps 802.11" EAP-Message = 0x020700061900 State = 0xdc94e110d993f87ccdd61660f7c49ce7 Message-Authenticator = 0xcbf38e9aeb926a08a74443f03d4370de # Executing section authorize from file /etc/raddb/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop ++[digest] = noop [suffix] No '@' in User-Name = "sergey", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 7 length 6 [eap] Continuing tunnel setup. ++[eap] = ok +} # group authorize = ok Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/default +group authenticate { [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake is finished [peap] eaptls_verify returned 3 [peap] eaptls_process returned 3 [peap] EAPTLS_SUCCESS [peap] Session established. Decoding tunneled attributes. [peap] Peap state TUNNEL ESTABLISHED ++[eap] = handled +} # group authenticate = handled Sending Access-Challenge of id 198 to 10.0.0.9 port 39043 EAP-Message = 0x010800281900170303001d4e350557832a50dbee01fc37e8185803b797dcfe8fafc08e54f61defc1 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xdc94e110da9cf87ccdd61660f7c49ce7 Finished request 6. Going to the next request Waking up in 3.2 seconds. rad_recv: Access-Request packet from host 10.0.0.9 port 39043, id=199, length=194 User-Name = "sergey" NAS-Port = 0 Called-Station-Id = "C4-A8-1D-05-12-AF:sunnet" Calling-Station-Id = "80-C5-E6-16-7F-01" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 0Mbps 802.11" EAP-Message = 0x0208002a1900170303001f000000000000000112e600f8eed256d0c55c18c43d1128afa6ee7484223780 State = 0xdc94e110da9cf87ccdd61660f7c49ce7 Message-Authenticator = 0xd9e471034250cd2b71e613465bb605ab # Executing section authorize from file /etc/raddb/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop ++[digest] = noop [suffix] No '@' in User-Name = "sergey", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 8 length 42 [eap] Continuing tunnel setup. ++[eap] = ok +} # group authorize = ok Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/default +group authenticate { [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Peap state WAITING FOR INNER IDENTITY [peap] Identity - sergey [peap] Got inner identity 'sergey' [peap] Setting default EAP type for tunneled EAP session. [peap] Got tunneled request EAP-Message = 0x0208000b01736572676579 server { [peap] Setting User-Name to sergey Sending tunneled request EAP-Message = 0x0208000b01736572676579 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "sergey" server inner-tunnel { # Executing section authorize from file /etc/raddb/sites-enabled/inner-tunnel +group authorize { ++[chap] = noop ++[mschap] = noop [suffix] No '@' in User-Name = "sergey", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop ++update control { ++} # update control = noop [eap] EAP packet type response id 8 length 11 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] = updated ++[files] = noop ++[expiration] = noop ++[logintime] = noop ++[pap] = noop +} # group authorize = updated Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/inner-tunnel +group authenticate { [eap] EAP Identity [eap] processing type mschapv2 rlm_eap_mschapv2: Issuing Challenge ++[eap] = handled +} # group authenticate = handled } # server inner-tunnel [peap] Got tunneled reply code 11 EAP-Message = 0x010900201a0109001b108e56a77828f7f1c7c8e392aad6998bea736572676579 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x48abb49a48a2aef167353ef9cd131a85 [peap] Got tunneled reply RADIUS code Access-Challenge EAP-Message = 0x010900201a0109001b108e56a77828f7f1c7c8e392aad6998bea736572676579 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x48abb49a48a2aef167353ef9cd131a85 [peap] Got tunneled Access-Challenge ++[eap] = handled +} # group authenticate = handled Sending Access-Challenge of id 199 to 10.0.0.9 port 39043 EAP-Message = 0x0109003f190017030300344e350557832a50dc83ebdcf8515e08f114dbff74a7136e312fb7a9f21476869fe51a9217fd2897115e39cb027f75247e04cbfb53 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xdc94e110db9df87ccdd61660f7c49ce7 Finished request 7. Going to the next request Waking up in 3.2 seconds. rad_recv: Access-Request packet from host 10.0.0.9 port 39043, id=200, length=248 User-Name = "sergey" NAS-Port = 0 Called-Station-Id = "C4-A8-1D-05-12-AF:sunnet" Calling-Station-Id = "80-C5-E6-16-7F-01" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 0Mbps 802.11" EAP-Message = 0x02090060190017030300550000000000000002ab679e70d76e5a500ab38a8c0e6ccfbb46c47c71bdfa8e7c6e0b015d75ca9d826d4a7165d02868c6483882f883d63ebbce90895aaa5999e484fd80dfc844bc618d97a6eb46b75e8f10090b5718 State = 0xdc94e110db9df87ccdd61660f7c49ce7 Message-Authenticator = 0x5c226c80df12f87c3fb2453508656306 # Executing section authorize from file /etc/raddb/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop ++[digest] = noop [suffix] No '@' in User-Name = "sergey", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 9 length 96 [eap] Continuing tunnel setup. ++[eap] = ok +} # group authorize = ok Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/default +group authenticate { [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Peap state phase2 [peap] EAP type mschapv2 [peap] Got tunneled request EAP-Message = 0x020900411a0209003c31df8fe254eefa77199a0dac62aea23e3700000000000000009846e8ebe183eda84a3fc1beb39192d9a4dfb9cf41895d6f00736572676579 server { [peap] Setting User-Name to sergey Sending tunneled request EAP-Message = 0x020900411a0209003c31df8fe254eefa77199a0dac62aea23e3700000000000000009846e8ebe183eda84a3fc1beb39192d9a4dfb9cf41895d6f00736572676579 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "sergey" State = 0x48abb49a48a2aef167353ef9cd131a85 server inner-tunnel { # Executing section authorize from file /etc/raddb/sites-enabled/inner-tunnel +group authorize { ++[chap] = noop ++[mschap] = noop [suffix] No '@' in User-Name = "sergey", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop ++update control { ++} # update control = noop [eap] EAP packet type response id 9 length 65 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] = updated ++[files] = noop ++[expiration] = noop ++[logintime] = noop ++[pap] = noop +} # group authorize = updated Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/inner-tunnel +group authenticate { [eap] Request found, released from the list [eap] EAP/mschapv2 [eap] processing type mschapv2 [mschapv2] # Executing group from file /etc/raddb/sites-enabled/inner-tunnel [mschapv2] +group MS-CHAP { [mschap] No Cleartext-Password configured. Cannot create LM-Password. [mschap] No Cleartext-Password configured. Cannot create NT-Password. [mschap] Creating challenge hash with username: sergey [mschap] Client is using MS-CHAPv2 for sergey, we need NT-Password [mschap] FAILED: No NT/LM-Password. Cannot perform authentication. [mschap] FAILED: MS-CHAP2-Response is incorrect ++[mschap] = reject +} # group MS-CHAP = reject [eap] Freeing handler ++[eap] = reject +} # group authenticate = reject Failed to authenticate the user. Using Post-Auth-Type REJECT # Executing group from file /etc/raddb/sites-enabled/inner-tunnel +group REJECT { [attr_filter.access_reject] expand: %{User-Name} -> sergey attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] = updated +} # group REJECT = updated } # server inner-tunnel [peap] Got tunneled reply code 3 MS-CHAP-Error = "\tE=691 R=1" EAP-Message = 0x04090004 Message-Authenticator = 0x00000000000000000000000000000000 [peap] Got tunneled reply RADIUS code Access-Reject MS-CHAP-Error = "\tE=691 R=1" EAP-Message = 0x04090004 Message-Authenticator = 0x00000000000000000000000000000000 [peap] Tunneled authentication was rejected. [peap] FAILURE ++[eap] = handled +} # group authenticate = handled Sending Access-Challenge of id 200 to 10.0.0.9 port 39043 EAP-Message = 0x010a002e190017030300234e350557832a50dd3df1acf4bf6e347765e347a6eefc330214922730617e3e7a8b22a0 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xdc94e110d49ef87ccdd61660f7c49ce7 Finished request 8. Going to the next request Waking up in 3.2 seconds. rad_recv: Access-Request packet from host 10.0.0.9 port 39043, id=201, length=198 User-Name = "sergey" NAS-Port = 0 Called-Station-Id = "C4-A8-1D-05-12-AF:sunnet" Calling-Station-Id = "80-C5-E6-16-7F-01" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 0Mbps 802.11" EAP-Message = 0x020a002e190017030300230000000000000003d076e29f0013dc2e17e971482034019bb3af7da8f9fcf38b39c670 State = 0xdc94e110d49ef87ccdd61660f7c49ce7 Message-Authenticator = 0x26dbd6b19372ef66f116645e43254c64 # Executing section authorize from file /etc/raddb/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop ++[digest] = noop [suffix] No '@' in User-Name = "sergey", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 10 length 46 [eap] Continuing tunnel setup. ++[eap] = ok +} # group authorize = ok Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/default +group authenticate { [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Peap state send tlv failure [peap] Received EAP-TLV response. [peap] The users session was previously rejected: returning reject (again.) [peap] *** This means you need to read the PREVIOUS messages in the debug output [peap] *** to find out the reason why the user was rejected. [peap] *** Look for "reject" or "fail". Those earlier messages will tell you. [peap] *** what went wrong, and how to fix the problem. [eap] Handler failed in EAP/peap [eap] Failed in EAP select ++[eap] = invalid +} # group authenticate = invalid Failed to authenticate the user. Using Post-Auth-Type REJECT # Executing group from file /etc/raddb/sites-enabled/default +group REJECT { [attr_filter.access_reject] expand: %{User-Name} -> sergey attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] = updated +} # group REJECT = updated Delaying reject of request 9 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 9 Sending Access-Reject of id 201 to 10.0.0.9 port 39043 EAP-Message = 0x040a0004 Message-Authenticator = 0x00000000000000000000000000000000 Waking up in 2.2 seconds. Cleaning up request 0 ID 192 with timestamp +21 Cleaning up request 1 ID 193 with timestamp +21 Cleaning up request 2 ID 194 with timestamp +21 Cleaning up request 3 ID 195 with timestamp +21 Cleaning up request 4 ID 196 with timestamp +21 Cleaning up request 5 ID 197 with timestamp +21 Waking up in 1.6 seconds. Cleaning up request 6 ID 198 with timestamp +22 Cleaning up request 7 ID 199 with timestamp +22 Cleaning up request 8 ID 200 with timestamp +22 Waking up in 1.0 seconds. Cleaning up request 9 ID 201 with timestamp +22 Ready to process requests. Оригинальные MAC и название сети изменены по понятным причинам. Вставить ник Цитата Ответить с цитированием Поделиться сообщением Ссылка на сообщение Поделиться на других сайтах More sharing options...
orlik Опубликовано 25 июля, 2017 · Жалоба [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Peap state send tlv failure [peap] Received EAP-TLV response. [peap] The users session was previously rejected: returning reject (again.) [peap] *** This means you need to read the PREVIOUS messages in the debug output [peap] *** to find out the reason why the user was rejected. [peap] *** Look for "reject" or "fail". Those earlier messages will tell you. [peap] *** what went wrong, and how to fix the problem. [eap] Handler failed in EAP/peap [eap] Failed in EAP select Могу ошибаться , но насколько я понимаю у вас проблема с eap аутентификацией. Дело не в мак адресе Вставить ник Цитата Ответить с цитированием Поделиться сообщением Ссылка на сообщение Поделиться на других сайтах More sharing options...
korobeynikov Опубликовано 25 июля, 2017 · Жалоба Решило проблему: eap{ peap{ copy_request_to_tunnel = yes } } А помогло: https://serverfault.com/questions/567130/how-to-use-calling-station-id-on-a-per-user-basis-in-freeradius Благодарю за поддержку! Вставить ник Цитата Ответить с цитированием Поделиться сообщением Ссылка на сообщение Поделиться на других сайтах More sharing options...
