服务器 Gind.cn
  1. 服务器 Gind.cn
  3. FreeRadius身份validation问题
Intereting Posts
wordpress .htaccess文件被黑客入侵 编辑OS X 10.10服务器中的Apache环境path 在MAMP上安装mod_xsendfile Java应用程序在Citrix会话启动时崩溃 从/etc/cron.weekly删除makewhatis是否安全? 在Linux服务器上,如何通过单个ssh连接使用多个terminal? 如何在MySQL 5.6.26中减less磁盘IO? 有关Mac OS X 10.6 Server的网页目录结构的build议 Debian和CentOS之间的差异(来自Web服务器的未来) Unix UID有多大(以位为单位)? 静态文件服务只适用于root是公共下的子文件夹 IPv6 Teredo主机和IPv6 6to4主机之间的连接 debuggingSSH不连接 svn允许我更新代码,但不提交,如何解决MKACTIVITY错误? 在FreeBSD上限制ftp与pf防火墙的连接

FreeRadius身份validation问题

在CentOS 6.4 VPS上使用pptpfreeradiuss有一个奇怪的问题。 我有1个VPS作为主要的freeradius服务器。 其他2个VPS用于通过使用远程freeradius进行身份validation的pptp进行连接。 1 VPS工作正常,但另一个是尝试连接时给以下: 

rad_recv: Access-Request packet from host xxxxx port 49241, id=223, length=76 Service-Type = Framed-User Framed-Protocol = PPP User-Name = "xxxxx" Calling-Station-Id = "xxxxx" NAS-IP-Address = xxxxx NAS-Port = 0 # Executing section authorize from file /etc/raddb/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop ++[digest] = noop [suffix] Looking up realm "xxxxx" for User-Name = "xxxxx" [suffix] No such realm "xxxxx" ++[suffix] = noop [eap] No EAP-Message, not doing EAP ++[eap] = noop [files] users: Matched entry DEFAULT at line 172 ++[files] = ok [sql] expand: %{User-Name} -> xxxxx [sql] sql_set_user escaped user --> 'xxxxx' rlm_sql (sql): Reserving sql socket id: 24 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'xxxxx' ORDER BY id [sql] User found in radcheck table [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'xxxxx' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'xxxxx' ORDER BY priority [sql] expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'basic' ORDER BY id [sql] User found in group basic [sql] expand: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'basic' ORDER BY id rlm_sql (sql): Released sql socket id: 24 ++[sql] = ok ++[expiration] = noop ++[logintime] = noop [pap] No clear-text password in the request. Not performing PAP. ++[pap] = noop +} # group authorize = ok !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! Replacing User-Password in config items with Cleartext-Password. !!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! Please update your configuration so that the "known good" !!! !!! clear text password is in Cleartext-Password, and not in User-Password. !!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! WARNING: Please update your configuration, and remove 'Auth-Type = Local' WARNING: Use the PAP or CHAP modules instead. No User-Password or CHAP-Password attribute in the request. Cannot perform authentication. Failed to authenticate the user. Using Post-Auth-Type REJECT # Executing group from file /etc/raddb/sites-enabled/default +group REJECT { [attr_filter.access_reject] expand: %{User-Name} -> xxxxx attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] = updated +} # group REJECT = updated Delaying reject of request 7 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 7 Sending Access-Reject of id 223 to xxxxx port 49241 Waking up in 4.9 seconds. Cleaning up request 7 ID 223 with timestamp +570 Ready to process requests.

任何人都可以指出我正确的方向来解决这个问题吗?

用户文件: 

 # # Default for PPP: dynamic IP address, PPP mode, VJ-compression. # NOTE: we do not use Hint = "PPP", since PPP might also be auto-detected # by the terminal server in which case there may not be a "P" suffix. # The terminal server sends "Framed-Protocol = PPP" for auto PPP. DEFAULT Framed-Protocol == PPP Framed-Protocol = PPP, Framed-Compression = Van-Jacobson-TCP-IP # # Default for CSLIP: dynamic IP address, SLIP mode, VJ-compression. DEFAULT Hint == "CSLIP" Framed-Protocol = SLIP, Framed-Compression = Van-Jacobson-TCP-IP # # Default for SLIP: dynamic IP address, SLIP mode. DEFAULT Hint == "SLIP" Framed-Protocol = SLIP

请求中没有用户密码或CHAP密码属性。

这就是为什么请求失败,请求没有提供任何密码!