在Ubuntu 18中让Freeradius 3查看客户端“秘密”的mysql nas表

时间:2019-05-07 21:12:25

标签: freeradius

我正在从运行“ radtest”的同一台计算机上运行freeradius。

我可以从“ users”文件或mysql中获得带有用户密码的“ accept”消息,并且可以从clients.conf文件中获得客户端“ secret”,但无法弄清楚如何获得freeradius来查找在MySQL的客户端“秘密”。

我是否必须以某种方式禁用或覆盖“ cients.conf”中的条目?

以下是文件条目,mysql和测试结果的摘要:

/etc/freeradius/3.0/clients.conf    #client localhost with secret testing123
/etc/freeradius/3.0/users           #testing Cleartext-Password := "testpwd"
/etc/freeradius/3.0/mods-available/sql  #read_clients = yes  (/etc/freeradius/3.0/sites- enabled/sql points here)

SELECT * FROM radgroupreply LIMIT 10;
| id | groupname | attribute            | op | value               |
|  1 | dynamic   | Framed-Compression   | := | Van-Jacobsen-TCP-IP |
|  2 | dynamic   | Framed-Protocol      | := | PPP                 |
|  3 | dynamic   | Service-Type         | := | Framed-User         |
|  4 | dynamic   | Framed-MTU           | := | 1500                |
|  5 | 2048-1024 | Motorola-Canopy-ULBR | =  | 1024                |
|  6 | 2048-1024 | Motorola-Canopy-ULBL | =  | 500000              |

mysql> SELECT * FROM radusergroup LIMIT 10;
| username          | groupname | priority |
| fredf             | dnamic    |        2 |
| 0a-00-3e-89-35-32 | 2048-1024 |        2 |

mysql> SELECT * FROM radcheck LIMIT 10; 
| id | username          | attribute          | op | value       |
|  3 | fredf             | Cleartext-Password | := | wilma       |
|  6 | 0a-00-3e-89-35-32 | Cleartext-Password | := | passwordsql |

mysql> SELECT * FROM radreply LIMIT 10;
| id | username | attribute                 | op | value |
|  1 | fredf    | Motorola-Canopy-UserLevel | =  | 3     |
|  2 | testuser | Motorola-Canopy-UserLevel | =  | 3     |

mysql> SELECT * FROM nas LIMIT 10; 
| id | nasname   | shortname | type | ports | secret  | server    | community | description |
|  1 | 10.10.2.2 | Griz450NW | 1    |  1812 | naspass | localhost | ISReader  | Griz450NW   |

radtest testing testpwd 127.0.0.1 0 testing123                  #works
  Received Access-Accept Id 107 from 127.0.0.1:1812 to 0.0.0.0:0 length 20
radtest fredf wilma 127.0.0.1 0 testing123                      #works
  Received Access-Accept Id 242 from 127.0.0.1:1812 to 0.0.0.0:0 length 32
  Motorola-WiMAX-Home-BTS = 0x00000003
radtest 0a-00-3e-89-35-32 passwordsql 127.0.0.1 0 testing123    #works
  Received Access-Accept Id 27 from 127.0.0.1:1812 to 0.0.0.0:0 length 44
  Motorola-Canopy-ULBR = 1024
  Motorola-Canopy-ULBL = 500000
radtest 0a-00-3e-89-35-32 passwordsql 127.0.0.1 0 naspass       #doesn't work
  Radius -X output: Dropping packet without response because of error: Received packet from 127.0.0.1 with invalid Message-Authenticator!  (Shared secret is incorrect.)

1 个答案:

答案 0 :(得分:0)

一旦我将“ nasname”更改为“ 127.0.0.1”并禁用了clients.conf中的客户端,NAS表条目就起作用了(我刚刚将“ ipaddr”从“ 127.0.0.1”更改为“ 127.0.0.2”)。

相关问题
最新问题