问题描述
我希望在一个我认为很简单的问题上有所帮助,但是几天来我一直无法发展。
我正在实现一个服务器来直接在MysqL数据库的freeradius 3.0.16上对wifi客户端进行身份验证,并且它可以使用radcheck表中的属性来完美验证用户名和密码:
1 |艾伦| ClearText密码| := | 27082020
当我尝试将这些访问凭据链接到客户端设备的MAC地址时,会出现问题,我发现的文档通知我,我需要在radcheck表中添加一个freeradius的calling-station-id属性。执行验证,我尝试在MysqL表中添加以下2种形式:
+ ---- + ---------- + -------------------- + ---- + ------- ------------ +
| id | username | attribute | op | value |
+ ---- + ---------- + -------------------- + ---- + ------- ------------ +
2 | alan | Calling-Station-Id | == | 88-B4-A6-8F-DB-78
2 | alan | Calling-Station-Id | : = | 88-B4-A6-8F-DB-78
但是,我没有获得成功,只是半径忽略了此属性并验证了来自任何设备的登录。 我坚信我会丢失一些东西,有人可以给我一些提示吗?
这是freeradius日志授权访问权限:
Received Access-Request Id 21 from 192.168.3.253:41972 to 192.168.3.73:1812 length 148
(0) User-Name = "alan"
(0) NAS-IP-Address = 0.0.0.0
(0) Called-Station-Id = "90-F6-52-A7-2F-50:dd-wrt"
(0) NAS-Port-Type = Wireless-802.11
(0) NAS-Port = 1
(0) Calling-Station-Id = "88-B4-A6-8F-DB-78"
(0) Connect-Info = "CONNECT 54Mbps 802.11g"
(0) Framed-MTU = 1400
(0) EAP-Message = 0x024d000901616c616e
(0) Message-Authenticator = 0xf6c068bcd509e7a0e8ccd20d22a2e9fc
(0) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/default
(0) authorize {
(0) [preprocess] = ok
(0) auth_log: EXPAND /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(0) auth_log: --> /var/log/freeradius/radacct/192.168.3.253/auth-detail-20200828
(0) auth_log: /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/192.168.3.253/auth-detail-20200828
(0) auth_log: EXPAND %t
(0) auth_log: --> Fri Aug 28 16:43:02 2020
(0) [auth_log] = ok
(0) [chap] = noop
(0) [mschap] = noop
(0) eap: Peer sent EAP Response (code 2) ID 77 length 9
(0) eap: EAP-Identity reply,returning 'ok' so we can short-circuit the rest of authorize
(0) [eap] = ok
(0) sql: EXPAND %{User-Name}
(0) sql: --> alan
(0) sql: sql-User-Name set to 'alan'
rlm_sql (sql): Reserved connection (0)
(0) sql: EXPAND SELECT id,username,attribute,value,op FROM radcheck WHERE username = '%{sql-User-Name}' ORDER BY id
(0) sql: --> SELECT id,op FROM radcheck WHERE username = 'alan' ORDER BY id
(0) sql: Executing select query: SELECT id,op FROM radcheck WHERE username = 'alan' ORDER BY id
(0) sql: User found in radcheck table
(0) sql: Conditional check items matched,merging assignment check items
(0) sql: Cleartext-Password := "27082020"
(0) sql: Calling-Station-Id := "88-B4-A6-8F-DB-00"
(0) sql: EXPAND SELECT id,op FROM radreply WHERE username = '%{sql-User-Name}' ORDER BY id
(0) sql: --> SELECT id,op FROM radreply WHERE username = 'alan' ORDER BY id
(0) sql: Executing select query: SELECT id,op FROM radreply WHERE username = 'alan' ORDER BY id
(0) sql: EXPAND SELECT groupname FROM radusergroup WHERE username = '%{sql-User-Name}' ORDER BY priority
(0) sql: --> SELECT groupname FROM radusergroup WHERE username = 'alan' ORDER BY priority
(0) sql: Executing select query: SELECT groupname FROM radusergroup WHERE username = 'alan' ORDER BY priority
(0) sql: User not found in any groups
rlm_sql (sql): Released connection (0)
Need 5 more connections to reach 10 spares
rlm_sql (sql): opening additional connection (5),1 of 27 pending slots used
rlm_sql_MysqL: Starting connect to MysqL server
rlm_sql_MysqL: Connected to database 'radius' on Localhost via UNIX socket,server version 5.5.5-10.1.44-MariaDB-0ubuntu0.18.04.1,protocol version 10
(0) [sql] = ok
(0) [expiration] = noop
(0) [logintime] = noop
(0) pap: WARNING: Auth-Type already set. Not setting to PAP
(0) [pap] = noop
(0) } # authorize = ok
解决方法
暂无找到可以解决该程序问题的有效方法,小编努力寻找整理中!
如果你已经找到好的解决方法,欢迎将解决方案带上本链接一起发送给小编。
小编邮箱:dio#foxmail.com (将#修改为@)