我正在尝试使用带有OpenWRT + ChilliSpot的路由器以及带有Freeradius和Web服务器的外部服务器来configuration强制门户。
我现在的问题是freeradius服务器回答OK,如果用户名存在于数据库中,不pipe密码是否正确
经过几个月与路由器的战斗,似乎一切正常,因为它被认为是:
一切工作正常,直到我试图设置Freeradius使用MySQL 。 我有点失去了所有的属性,我会做一个关于我试图实现的结构的简历:
Session-Timeout和Idle-Timeout (这两个工作正常)
Expiration和Chap-Passwords
我还添加了我的意图使事情工作一些其他属性:
Service-Type == Login-User Fall-Through = Yes 进入radcheck和radgroupcheck表(我supose我必须改变这一点)
我试图读/find一些地方知道FreeRadius属性,但我不知道他们,如果我把他们放在radchek或radreply(或radgroupcheck / radgroupreply)。 我已经尝试了FreeRadius RFC,但是我不确定这些属性。
这是Chilli发送给Freeradius的查询:
rad_recv: Accounting-Request packet from host port 58620, id=16, length=222 ChilliSpot-Version = "1.3.0-svn" ChilliSpot-Attr-10 = 0x00000002 Event-Timestamp = "Jan 1 1970 00:17:18 UTC" User-Name = "garcia" Acct-Status-Type = Start Acct-Session-Id = "549198cb00000001" Framed-IP-Address = 10.1.0.2 NAS-Port-Type = Wireless-802.11 NAS-Port = 1 NAS-Port-Id = "00000001" Calling-Station-Id = "HH-HH-HH-HH-HH-HH" Called-Station-Id = "HH-HH-HH-HH-HH-HH" NAS-IP-Address = 10.1.0.1 NAS-Identifier = "mynas"
这是freeradius执行的完整跟踪:
# Executing section preacct from file /etc/freeradius/sites-enabled/default +- entering group preacct {...} ++[preprocess] returns ok [acct_unique] Hashing 'NAS-Port = 1,Client-IP-Address = 123.123.123.123,NAS-IP-Address = 10.1.0.1,Acct-Session-Id = "549198cb00000001",User-Name = "garcia"' [acct_unique] Acct-Unique-Session-ID = "7d27c494d7b404c8". ++[acct_unique] returns ok [suffix] No '@' in User-Name = "garcia", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[files] returns noop # Executing section accounting from file /etc/freeradius/sites-enabled/default +- entering group accounting {...} [detail] expand: %{Packet-Src-IP-Address} -> 123.123.123.123 [detail] expand: /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d -> /var/log/freerad ius/radacct/123.123.123.123/detail-20141217 [detail] /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d expands to /var/log/freeradius/rad acct/123.123.123.123/detail-20141217 [detail] expand: %t -> Wed Dec 17 15:00:38 2014 ++[detail] returns ok ++[unix] returns ok [radutmp] expand: /var/log/freeradius/radutmp -> /var/log/freeradius/radutmp [radutmp] expand: %{User-Name} -> garcia ++[radutmp] returns ok [sql] expand: %{User-Name} -> garcia [sql] sql_set_user escaped user --> 'garcia' [sql] expand: %{Acct-Delay-Time} -> [sql] ... expanding second conditional [sql] expand: INSERT INTO radacct (acctsessionid, acctuniqueid, username, realm, nasipaddress, nasportid, nasporttype, acctstarttime, acctstoptime, acctsessiontime, acctauthentic, connectinfo_start, connectinfo_stop, acctinputoctets, acctoutputoctets, calledstationid, callingstationid, acctterminatecause, servicetype,framedprotocol, framedipaddress, acctstartdelay, acctstopdelay, xascendsessionsvrkey) VALUES ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', '%S', NULL, '0', '%{Acct-Authentic}', '%{Connect-Info}', '', '0', '0', '%{Called-Station-Id}', '%{Calling-Station-Id}', '', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', rlm_sql (sql): Reserving sql socket id: 1 rlm_sql_mysql: MYSQL check_error: 1054 received [sql] Couldn't insert SQL accounting START record - Unknown column 'xascendsessionsvrkey' in 'field list' [sql] expand: %{Acct-Delay-Time} -> [sql] ... expanding second conditional [sql] expand:UPDATE radacct SET acctstarttime = '%S', acctstartdelay = '%{%{Acct-Delay-Time}:-0}', connectinfo_start = '%{Connect-Info}' WHERE acctsessionid = '%{Acct-Session-Id}' AND username = '%{SQL-User-Name}' AND nasipaddress = '%{NAS-IP-Address}' ->UPDATE radacct SET acctstarttime = '2014-12-17 15:00:38', acctstartdelay = '0', connectinfo_start = '' WHERE acctsessionid = '549198cb00000001' AND username = 'garcia' AND nasipaddress = '10.1.0.1' rlm_sql (sql): Released sql socket id: 1 ++[sql] returns ok
如果我从radgroupcheck表中删除了Auth-Type := Accept ,则login失败:
[pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop Found Auth-Type = CHAP # Executing group from file /etc/freeradius/sites-enabled/default +- entering group CHAP {...} [chap] login attempt by "garcia" with CHAP password [chap] Cleartext-Password is required for authentication ++[chap] returns invalid Failed to authenticate the user.
但是用户在radcheck表中定义了Chap-Password !
radchek , radreply , radgroupcheck和radgroupreply什么? 最后解决了我的问题,问题是一个tipo问题,我在我的数据库中:
160 | e6867740-7d07-4783-b210-5cc3accb44eb | ClearText-Password | := | pass
我用大写字母“ T ”写了“ ClearText-Password ”。
正确的方法是Cleartext-Password与“ 文本 ” 非大写字母的t 。