Freeradius不在radpostauth中插入Auth Reject

编程问答 2022-07-25

问题描述

我有freeradius 3.0版,并且正在使用外部PHP脚本进行身份验证, 发送错误用户时我脚本的输出将是这样

(0)执行:错误:程序返回代码(1)并输出 'Reply-Message =“找不到用户”'

但是问题是当用户被拒绝时,post-auth拒绝不起作用,并且当我有exclude时,它不在数据库中插入记录,当我发送正确的请求时,它将发送accept和post-auth将新记录存储在radpostauth中桌子没有问题 这是发送错误用户时半径的调试

@H_502_9@    (0) Received Access-Request Id 67 from 127.0.0.1:35496 to 127.0.0.1:1812 length 105
(0)   User-Name = "28:C6:8E:3F:6E:B1"
(0)   User-Password = "1234"
(0)   Calling-Station-Id = "28:C6:8E:3F:6E:BB"
(0)   NAS-Port = 102
(0)   NAS-IP-Address = 103.81.214.233
(0)   Framed-Protocol = PPP
(0)   Framed-IP-Address = 192.168.0.1
(0)   NAS-Identifier = "nas"
(0) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
(0)   authorize {
(0)     policy filter_username {
(0)       if (&User-Name) {
(0)       if (&User-Name)  -> TRUE
(0)       if (&User-Name)  {
(0)         if (&User-Name =~ / /) {
(0)         if (&User-Name =~ / /)  -> FALSE
(0)         if (&User-Name =~ /@[^@]*@/ ) {
(0)         if (&User-Name =~ /@[^@]*@/ )  -> FALSE
(0)         if (&User-Name =~ /\.\./ ) {
(0)         if (&User-Name =~ /\.\./ )  -> FALSE
(0)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
(0)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   -> FALSE
(0)         if (&User-Name =~ /\.$/)  {
(0)         if (&User-Name =~ /\.$/)   -> FALSE
(0)         if (&User-Name =~ /@\./)  {
(0)         if (&User-Name =~ /@\./)   -> FALSE
(0)       } # if (&User-Name)  = notfound
(0)     } # policy filter_username = notfound
(0)     [preprocess] = ok
(0)     [chap] = noop
(0)     [mschap] = noop
(0)     [digest] = noop
(0) suffix: Checking for suffix after "@"
(0) suffix: No '@' in User-Name = "28:C6:8E:3F:6E:B1",looking up realm NULL
(0) suffix: No such realm "NULL"
(0)     [suffix] = noop
(0) eap: No EAP-Message,not doing EAP
(0)     [eap] = noop
(0) files: users: Matched entry DEFAULT at line 55
(0) files: EXPAND /usr/bin/PHP /var/www/html/cloudradius/captiveportal/auth.PHP "%{User-Name}" "%{User-Password}" "%{Calling-Station-Id}" "%{NAS-Port}" "%{NAS-IP-Address}" "%{Framed-Protocol}""%{Framed-IP-Address}" "%{Filter-Id}" "%{NAS-Identifier}"
(0) files:    --> /usr/bin/PHP /var/www/html/cloudradius/captiveportal/auth.PHP "28:C6:8E:3F:6E:B1" "1234" "28:C6:8E:3F:6E:BB" "102" "103.81.214.233" "PPP""192.168.0.1" "" "nas"
(0)     [files] = ok
(0) sql: EXPAND %{User-Name}
(0) sql:    --> 28:C6:8E:3F:6E:B1
(0) sql: sql-User-Name set to '28:C6:8E:3F:6E:B1'
rlm_sql (sql): Reserved connection (0)
(0) sql: EXPAND SELECT id,username,attribute,value,op FROM radcheck WHERE username = '%{sql-User-Name}' ORDER BY id
(0) sql:    --> SELECT id,op FROM radcheck WHERE username = '28:C6:8E:3F:6E:B1' ORDER BY id
(0) sql: Executing select query: SELECT id,op FROM radcheck WHERE username = '28:C6:8E:3F:6E:B1' ORDER BY id
(0) sql: WARNING: User not found in radcheck table.
rlm_sql (sql): Reserved connection (1)
rlm_sql (sql): Released connection (1)
Need 6 more connections to reach 10 spares
rlm_sql (sql): opening additional connection (5),1 of 27 pending slots used
rlm_sql_MysqL: Starting connect to MysqL server
rlm_sql_MysqL: Connected to database 'cloudradius' on Localhost via UNIX socket,server version 5.5.65-MariaDB,protocol version 10
(0) sql: EXPAND SELECT groupname FROM radusergroup WHERE username = '%{sql-User-Name}' ORDER BY priority
(0) sql:    --> SELECT groupname FROM radusergroup WHERE username = '28:C6:8E:3F:6E:B1' ORDER BY priority
(0) sql: Executing select query: SELECT groupname FROM radusergroup WHERE username = '28:C6:8E:3F:6E:B1' ORDER BY priority
(0) sql: User not found in any groups
rlm_sql (sql): Released connection (0)
(0)     [sql] = notfound
(0)     [expiration] = noop
(0)     [logintime] = noop
(0) pap: WARNING: Auth-Type already set.  Not setting to PAP
(0)     [pap] = noop
(0)   } # authorize = ok
(0) Found Auth-Type = Accept
(0) Auth-Type = Accept,accepting the user
(0) # Executing section post-auth from file /usr/local/etc/raddb/sites-enabled/default
(0)   post-auth {
(0)     if (session-state:User-Name && reply:User-Name && request:User-Name && (reply:User-Name == request:User-Name)) {
(0)     if (session-state:User-Name && reply:User-Name && request:User-Name && (reply:User-Name == request:User-Name))  -> FALSE
(0)     update {
(0)       No attributes updated for RHS &session-state:
(0)     } # update = noop
(0) exec: Executing: /usr/bin/PHP /var/www/html/cloudradius/captiveportal/auth.PHP "28:C6:8E:3F:6E:B1" "1234" "28:C6:8E:3F:6E:BB" "102" "103.81.214.233" "PPP""192.168.0.1" "" "nas":
(0) exec: ERROR: Program returned code (1) and output 'Reply-Message="User not found"'
(0)     [exec] = reject
(0)   } # post-auth = reject
(0) Delaying response for 1.000000 seconds
Waking up in 0.2 seconds.
Waking up in 0.7 seconds.
(0) Sending delayed response
(0) Sent Access-Reject Id 67 from 127.0.0.1:1812 to 127.0.0.1:35496 length 36

解决方法

暂无找到可以解决该程序问题的有效方法,小编努力寻找整理中!

如果你已经找到好的解决方法,欢迎将解决方案带上本链接一起发送给小编。

小编邮箱:dio#foxmail.com (将#修改为@)

freeradiusradius