freeradius中的MAC身份验证失败

时间:2016-11-25 11:06:48

标签: authentication freeradius aaa-security-protocol

我按照此Plain MAC-Auth设置指南配置freeradius(版本2.2.5),以便执行MAC身份验证。但是,MAC身份验证失败,并显示以下日志消息

rad_recv: Access-Request packet from host 192.168.0.7 port 59966, id=9, length=79
NAS-IP-Address = 192.168.0.7
User-Name = "34:76:C5:57:0F:A3"
User-Password = "34:76:C5:57:0F:A3"
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+group authorize {
++[preprocess] = ok
++policy rewrite.calling_station_id {
+++? if ((Calling-Station-Id) && "%{Calling-Station-Id}" =~ /^%{config:policy.mac-addr}$/i)
?? Evaluating (Calling-Station-Id) -> FALSE
? Skipping ("%{Calling-Station-Id}" =~ /^%{config:policy.mac-addr}$/i)
+++? if ((Calling-Station-Id) && "%{Calling-Station-Id}" =~ /^%{config:policy.mac-addr}$/i) -> FALSE
+++else else {
++++[noop] = noop
+++} # else else = noop
++} # policy rewrite.calling_station_id = noop
[authorized_macs]   expand: %{Calling-Station-Id} -> 
++[authorized_macs] = noop
++? if (!ok)
? Evaluating !(ok) -> TRUE
++? if (!ok) -> TRUE
++if (!ok) {
+++[reject] = reject
++} # if (!ok) = reject
+} # group authorize = reject
Using Post-Auth-Type REJECT
  WARNING: Unknown value specified for Post-Auth-Type.  Cannot perform requested action.
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 9 to 192.168.0.7 port 59966
Waking up in 4.9 seconds.
Cleaning up request 0 ID 9 with timestamp +30
Ready to process requests.

从上面的日志中,问题似乎无法获得“Calling-Station-Id”值。这是freeradius配置问题吗?任何人都知道如何解决它?

1 个答案:

答案 0 :(得分:0)

在radius config add的帐户部分添加

update request {
            Called-Station-Id += &NAS-Port-Id
    }

并在后验证部分添加

update reply {
            Called-Station-Id += &NAS-Port-Id
    }