尝试将访问请求连接/发送到Freeradius服务器时出错

时间:2019-07-12 04:37:44

标签: freeradius radius

我在 docker 上使用 freeradius ,并试图在发送访问请求时获得响应。

使用以下命令运行 radtest 时: radtest bob testpw 127.0.0.1 1812 sharedSecret

Sent Access-Request Id 18 from 0.0.0.0:56219 to 127.0.0.1:1812 length 73
        User-Name = "bob"
        User-Password = "testpw"
        NAS-IP-Address = 172.17.0.2
        NAS-Port = 1812
        Message-Authenticator = 0x00
        Cleartext-Password = "testpw"
Sent Access-Request Id 18 from 0.0.0.0:56219 to 127.0.0.1:1812 length 73
        User-Name = "bob"
        User-Password = "testpw"
        NAS-IP-Address = 172.17.0.2
        NAS-Port = 1812
        Message-Authenticator = 0x00
        Cleartext-Password = "testpw"
Sent Access-Request Id 18 from 0.0.0.0:56219 to 127.0.0.1:1812 length 73
        User-Name = "bob"
        User-Password = "testpw"
        NAS-IP-Address = 172.17.0.2
        NAS-Port = 1812
        Message-Authenticator = 0x00
        Cleartext-Password = "testpw"
(0) No reply from server for ID 18 socket 3

我知道共享密码错误时通常会发生这种情况,但这与配置文件中提到的相同。

调试后,出现以下错误。

  

忽略对身份验证地址的请求*端口1812绑定到服务器默认值   来自未知客户端172.17.0.3端口60699 proto udp准备处理   请求

给出错误,但服务器未返回任何响应。

clients.conf 文件如下;

client dockernet {
    ipaddr = 172.17.0.0/16
    secret = sharedSecret
} 

授权文件;

bob Cleartext-Password := "testpw"

默认文件;

server default {
listen {

    type = auth

    ipv4addr = *
# ipv6addr = *
#   ipaddr = *

    port = 5

#   interface = eth0
#   clients = per_socket_clients

    recv_buff = 65536

    limit {
          max_connections = 16

          lifetime = 0

          idle_timeout = 30
    }
}
authorize {
    update request { 
        &Tmp-String-0 := "%{string:User-Password}" 
        &User-Password := "%{string:Tmp-String-0}" 
    } 

#   filter_username

#   filter_password

    preprocess

#   operator-name

#   cui

#   auth_log

    chap

    mschap

    digest

#   wimax

#   IPASS

    suffix
#   ntdomain

    eap {
        ok = return
#       updated = return
    }


    #
#   unix

    #  Read the 'users' file.  In v3, this is located in
    #  raddb/mods-config/files/authorize
    files

    -sql

#   smbpasswd

    -ldap

#   daily

    expiration
    logintime

    pap


#   Autz-Type Status-Server {
#   }
}
authenticate {
    ntlm_auth

    Auth-Type PAP {
        pap
    }

    Auth-Type CHAP {
        chap
    }

    Auth-Type MS-CHAP {
        mschap
    }

    mschap

    digest

#   pam

#   Auth-Type LDAP {
#       ldap
#   }

    #
    #  Allow EAP authentication.
    eap

#   Auth-Type eap {
#       eap {
#           handled = 1
#       }
#       if (handled && (Response-Packet-Type == Access-Challenge)) {
#           attr_filter.access_challenge.post-auth
#           handled  # override the "updated" code from attr_filter
#       }
#   }
}


#
#  Pre-accounting.  Decide which accounting type to use.
#
preacct {
    preprocess

    #
    #  Merge Acct-[Input|Output]-Gigawords and Acct-[Input-Output]-Octets
    #  into a single 64bit counter Acct-[Input|Output]-Octets64.
    #
#   acct_counters64

#   update request {
#       &FreeRADIUS-Acct-Session-Start-Time = "%{expr: %l - %{%{Acct-Session-Time}:-0} - %{%{Acct-Delay-Time}:-0}}"
#   }

    acct_unique

#   IPASS
    suffix
#   ntdomain

    #
    #  Read the 'acct_users' file
    files
}

需要 Access-Accept (访问接受)或 Access-Reject (访问拒绝)。但是在调试时没有响应,并且在日志中给出了以上错误。

1 个答案:

答案 0 :(得分:0)

有效!在将 clients.conf 文件更改为具有网络掩码并且'ipaddr = 172.17.0.0/16'

后,
client dockernet {
    ipaddr = 172.17.0.0
    secret = sharedSecret
    netmask = 24
    shortname = dockernet
}

这篇文章帮助了我https://linux.die.net/man/5/clients.conf