如何设置freeradius动态客户端?

时间:2019-03-11 01:14:00

标签: freeradius

我进行了radtest来测试动态客户端的工作方式。 radtest在freeradius服务器的同一主机上。

第一:

root@core ~/radclients# cat /etc/freeradius/sites-enabled/dynamic-clients 

client dynamic {
    ipaddr = 0.0.0.0/0
    dynamic_clients = dynamic_clients
    directory = ${confdir}/dynamic-clients/
    lifetime = 3600
}

server dynamic_clients {
    authorize {
        dynamic_clients
        ok
    }
}

对于第一个测试,freeradius仅在一个客户端127.0.0.1上运行

root@core freeradius/dynamic-clients# ls
root@core freeradius/dynamic-clients# freeradius -X

做radtest root @ core〜/ radclients#radtest鲍勃你好10.10.255.200 1 testing123

失败如预期

(0) server dynamic_clients {
(0) # Executing section authorize from file /etc/freeradius/sites-enabled/dynamic-clients
(0)   authorize {
(0) dynamic_clients: Improper configuration
(0)     [dynamic_clients] = noop
(0)     [ok] = ok
(0)   } # authorize = ok
(0) } # server dynamic_clients
(0) Converting control list to client fields
(0)   ERROR: Cannot add client 10.10.255.200: Required attribute "FreeRADIUS-Client-Secret" is missing
Ignoring request to auth address * port 1812 bound to server default from unknown client 10.10.255.200 port 40465 proto udp

复制我的客户定义

root@core ~/radclients# cp ./10.10.255.200 /etc/freeradius/dynamic-clients/

root@core ~/radclients# radtest bob hello 10.10.255.200 1 testing123
Sent Access-Request Id 12 from 0.0.0.0:48855 to 10.10.255.200:1812 length 73
    User-Name = "bob"
    User-Password = "hello"
    NAS-IP-Address = 127.0.1.1
    NAS-Port = 1
    Message-Authenticator = 0x00
    Cleartext-Password = "hello"

但是Freeradius调试仍然说:

(0) server dynamic_clients {
(0) # Executing section authorize from file /etc/freeradius/sites-enabled/dynamic-clients
(0)   authorize {
(0) dynamic_clients: Improper configuration
(0)     [dynamic_clients] = noop
(0)     [ok] = ok
(0)   } # authorize = ok
(0) } # server dynamic_clients
(0) Converting control list to client fields
(0)   ERROR: Cannot add client 10.10.255.200: Required attribute "FreeRADIUS-Client-Secret" is missing
Ignoring request to auth address * port 1812 bound to server default from unknown client 10.10.255.200 port 48855 proto udp

尝试使用radmin推送客户端定义

root@core ~/radclients# radmin -e 'add client file ./10.10.255.200'

root@core ~/radclients# radtest bob hello 10.10.255.200 1 testing123
Sent Access-Request Id 110 from 0.0.0.0:42641 to 10.10.255.200:1812 length 73
    User-Name = "bob"
    User-Password = "hello"
    NAS-IP-Address = 127.0.1.1
    NAS-Port = 1
    Message-Authenticator = 0x00
    Cleartext-Password = "hello"
Received Access-Accept Id 110 from 10.10.255.200:1812 to 10.10.255.200:42641 length 32
    Reply-Message = "Hello, bob"

成功。

所以我的问题是:使用我的配置,Freeradius是否会在收到来自未知客户端的请求时不尝试在/ etc / freeradius / dynamic-clients中搜索文件?

0 个答案:

没有答案
相关问题
最新问题