我正在从运行“ radtest”的同一台计算机上运行freeradius。
我可以从“ users”文件或mysql中获得带有用户密码的“ accept”消息,并且可以从clients.conf文件中获得客户端“ secret”,但无法弄清楚如何获得freeradius来查找在MySQL的客户端“秘密”。
我是否必须以某种方式禁用或覆盖“ cients.conf”中的条目?
以下是文件条目,mysql和测试结果的摘要:
/etc/freeradius/3.0/clients.conf #client localhost with secret testing123
/etc/freeradius/3.0/users #testing Cleartext-Password := "testpwd"
/etc/freeradius/3.0/mods-available/sql #read_clients = yes (/etc/freeradius/3.0/sites- enabled/sql points here)
SELECT * FROM radgroupreply LIMIT 10;
| id | groupname | attribute | op | value |
| 1 | dynamic | Framed-Compression | := | Van-Jacobsen-TCP-IP |
| 2 | dynamic | Framed-Protocol | := | PPP |
| 3 | dynamic | Service-Type | := | Framed-User |
| 4 | dynamic | Framed-MTU | := | 1500 |
| 5 | 2048-1024 | Motorola-Canopy-ULBR | = | 1024 |
| 6 | 2048-1024 | Motorola-Canopy-ULBL | = | 500000 |
mysql> SELECT * FROM radusergroup LIMIT 10;
| username | groupname | priority |
| fredf | dnamic | 2 |
| 0a-00-3e-89-35-32 | 2048-1024 | 2 |
mysql> SELECT * FROM radcheck LIMIT 10;
| id | username | attribute | op | value |
| 3 | fredf | Cleartext-Password | := | wilma |
| 6 | 0a-00-3e-89-35-32 | Cleartext-Password | := | passwordsql |
mysql> SELECT * FROM radreply LIMIT 10;
| id | username | attribute | op | value |
| 1 | fredf | Motorola-Canopy-UserLevel | = | 3 |
| 2 | testuser | Motorola-Canopy-UserLevel | = | 3 |
mysql> SELECT * FROM nas LIMIT 10;
| id | nasname | shortname | type | ports | secret | server | community | description |
| 1 | 10.10.2.2 | Griz450NW | 1 | 1812 | naspass | localhost | ISReader | Griz450NW |
radtest testing testpwd 127.0.0.1 0 testing123 #works
Received Access-Accept Id 107 from 127.0.0.1:1812 to 0.0.0.0:0 length 20
radtest fredf wilma 127.0.0.1 0 testing123 #works
Received Access-Accept Id 242 from 127.0.0.1:1812 to 0.0.0.0:0 length 32
Motorola-WiMAX-Home-BTS = 0x00000003
radtest 0a-00-3e-89-35-32 passwordsql 127.0.0.1 0 testing123 #works
Received Access-Accept Id 27 from 127.0.0.1:1812 to 0.0.0.0:0 length 44
Motorola-Canopy-ULBR = 1024
Motorola-Canopy-ULBL = 500000
radtest 0a-00-3e-89-35-32 passwordsql 127.0.0.1 0 naspass #doesn't work
Radius -X output: Dropping packet without response because of error: Received packet from 127.0.0.1 with invalid Message-Authenticator! (Shared secret is incorrect.)
答案 0 :(得分:0)
一旦我将“ nasname”更改为“ 127.0.0.1”并禁用了clients.conf中的客户端,NAS表条目就起作用了(我刚刚将“ ipaddr”从“ 127.0.0.1”更改为“ 127.0.0.2”)。