[Freeradius] [EAP]使用EAP-GTC进行内部阶段2身份验证的问题。

时间:2015-08-07 18:51:23

标签: authentication networking freeradius wpa radius-protocol

我正在尝试设置EAP-TTLS / GTC身份验证。在阶段1中,服务器提供EAP-TTLS,客户端接受它。对于阶段2,客户端设置为自动,我希望服务器为第2阶段身份验证提供GTC,这不会发生。有人可以帮我弄清楚conf文件中缺少什么。

eap {
            default_eap_type = ttls
            timer_expire     = 60
            ignore_unknown_eap_types = no
            cisco_accounting_username_bug = no
            max_sessions = 4096
            md5 {
            }
            leap {
            }
            gtc {
                    auth_type = Local
            }
            tls {
                    certdir = ${confdir}/certs_freeradius2
                    cadir = ${confdir}/certs_freeradius2
                    private_key_password = radius
                    private_key_file = /etc/freeradius/certs/server.key
                    certificate_file = /etc/freeradius/certs/server.pem
                    CA_file = /etc/freeradius/certs/ca.pem
                    dh_file = ${certdir}/dh
                    random_file = ${certdir}/random
                    fragment_size = 1024
                    include_length = yes
                    cipher_list = "DEFAULT"
                    make_cert_command = "${certdir}/bootstrap"
                    cache {
                    }
            }
            ttls {
                    default_eap_type = gtc
                    copy_request_to_tunnel = yes
                    use_tunneled_reply = yes
                    virtual_server = "inner-tunnel"
            }
            peap {
                    default_eap_type = mschapv2
                    copy_request_to_tunnel = yes
                    use_tunneled_reply = yes
                    proxy_tunneled_request_as_eap = yes
                    virtual_server = "inner-tunnel"
            }
            mschapv2 {
            }
    }

我想指出的另一件事是我确实在radius.log中看到gtc启动和处理,但我不认为第2阶段是成功的。

73 Wed Aug  5 16:22:48 2015 : Debug:  Module: Linked to sub-module rlm_eap_gtc
  74 Wed Aug  5 16:22:48 2015 : Debug:  Module: Instantiating eap-gtc
  75 Wed Aug  5 16:22:48 2015 : Debug:    gtc {
  76 Wed Aug  5 16:22:48 2015 : Debug:       challenge = "Password: "
  77 Wed Aug  5 16:22:48 2015 : Debug:       auth_type = "Local"
  78 Wed Aug  5 16:22:48 2015 : Debug:    }
  79 Wed Aug  5 16:22:48 2015 : Debug:  Module: Linked to sub-module rlm_eap_tls
  80 Wed Aug  5 16:22:48 2015 : Debug:  Module: Instantiating eap-tls
  81 Wed Aug  5 16:22:48 2015 : Debug:    tls {
  82 Wed Aug  5 16:22:48 2015 : Debug:       rsa_key_exchange = no
  83 Wed Aug  5 16:22:48 2015 : Debug:       dh_key_exchange = yes
  84 Wed Aug  5 16:22:48 2015 : Debug:       rsa_key_length = 512
  85 Wed Aug  5 16:22:48 2015 : Debug:       dh_key_length = 512



106 Wed Aug  5 16:22:48 2015 : Debug:  Module: Instantiating eap-ttls
 107 Wed Aug  5 16:22:48 2015 : Debug:    ttls {
 108 Wed Aug  5 16:22:48 2015 : Debug:       default_eap_type = "gtc"
 109 Wed Aug  5 16:22:48 2015 : Debug:       copy_request_to_tunnel = no
 110 Wed Aug  5 16:22:48 2015 : Debug:       use_tunneled_reply = no
 111 Wed Aug  5 16:22:48 2015 : Debug:       virtual_server = "inner-tunnel"
 112 Wed Aug  5 16:22:48 2015 : Debug:       include_length = yes
 113 Wed Aug  5 16:22:48 2015 : Debug:    }

552 Wed Aug  5 16:25:43 2015 : Info: [eap] EAP Identity
 553 Wed Aug  5 16:25:43 2015 : Info: [eap] processing type gtc
 554 Wed Aug  5 16:25:43 2015 : Info: ++[eap] returns handled
 555 Wed Aug  5 16:25:43 2015 : Info: [ttls] Got tunneled Access-Challenge
 556 Wed Aug  5 16:25:43 2015 : Info: ++[eap] returns handled
 557 Wed Aug  5 16:25:43 2015 : Info: Finished request 5.
 558 Wed Aug  5 16:25:43 20

Wed Aug  5 16:25:43 2015 : Info: [pap] WARNING: Auth-Type already set.  Not setting to PAP
 612 Wed Aug  5 16:25:43 2015 : Info: ++[pap] returns noop
 613 Wed Aug  5 16:25:43 2015 : Info: Found Auth-Type = EAP
 614 Wed Aug  5 16:25:43 2015 : Info: # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
 615 Wed Aug  5 16:25:43 2015 : Info: +- entering group authenticate {...}
 616 Wed Aug  5 16:25:43 2015 : Info: [eap] Request found, released from the list
 617 Wed Aug  5 16:25:43 2015 : Info: [eap] EAP/gtc
 618 Wed Aug  5 16:25:43 2015 : Info: [eap] processing type gtc
 619 Wed Aug  5 16:25:43 2015 : Debug:   rlm_eap_gtc: Everything is OK.
 620 Wed Aug  5 16:25:43 2015 : Info: [eap] Freeing handler
 621 Wed Aug  5 16:25:43 2015 : Info: ++[eap] returns ok
 622 Wed Aug  5 16:25:43 2015 : Auth: Login OK: [CrOS] (from client 172.16.10.3 port 0 via TLS tunnel)
 623 Wed Aug  5 16:25:43 2015 : Info:   WARNING: Empty post-auth section.  Using default return values.
 624 Wed Aug  5 16:25:43 2015 : Info: # Executing section post-auth from file /etc/freeradius/sites-enabled/inner-tunnel
 625 Wed Aug  5 16:25:43 2015 : Info: [ttls] Got tunneled Access-Accept

1 个答案:

答案 0 :(得分:1)

您发布的调试日志表明auth已成功完成

[ttls] Got tunneled Access-Accept表示Phase2已成功完成,并具有正面的身份验证响应。