我正在使用FreeRADIUS帐户的SQL数据库进行身份validation。 我正在使用默认的拨号pipe理界面pipe理这些帐户。 我创build了一个testing用户 – testing123并给它一个密码。 但是,我无法使用客户端请求成功validation帐户。
以下是运行带有-X标志的freeradius守护进程的身份validation请求的扩展debugging输出:
Ready to process requests. rad_recv: Access-Request packet from host 127.0.0.1 port 55479, id=8, length=154 Service-Type = Framed-User Framed-Protocol = PPP User-Name = "testing123" MS-CHAP-Challenge = 0x1e9b290edee3b10df22ee8b48754b567 MS-CHAP2-Response = 0xf4007a9bee94e20ab1c0ebefce23984086430000000000000000b2b56ed55e97708d25e7f45fb38d87daa9c6cf433a0d0e1d Calling-Station-Id = "MY COMPUTER IP" NAS-IP-Address = SERVERIP NAS-Port = 0 +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop rlm_mschap: Found MS-CHAP attributes. Setting 'Auth-Type = mschap' ++[mschap] returns ok rlm_realm: No '@' in User-Name = "testing123", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: No EAP-Message, not doing EAP ++[eap] returns noop users: Matched entry DEFAULT at line 172 ++[files] returns ok expand: %{User-Name} -> testing123 rlm_sql (sql): sql_set_user escaped user --> 'testing123' rlm_sql (sql): Reserving sql socket id: 4 expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'testing123' ORDER BY id rlm_sql (sql): User found in radcheck table expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'testing123' ORDER BY id expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'testing123' ORDER BY priority rlm_sql (sql): Released sql socket id: 4 ++[sql] returns ok ++[expiration] returns noop ++[logintime] returns noop rlm_pap: Found existing Auth-Type, not changing it. ++[pap] returns noop rad_check_password: Found Auth-Type mschap !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! Replacing User-Password in config items with Cleartext-Password. !!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! Please update your configuration so that the "known good" !!! !!! clear text password is in Cleartext-Password, and not in User-Password. !!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! auth: type "MSCHAP" +- entering group MS-CHAP rlm_mschap: Told to do MS-CHAPv2 for testing123 with NT-Password rlm_mschap: FAILED: MS-CHAP2-Response is incorrect ++[mschap] returns reject auth: Failed to validate the user. Login incorrect: [testing123/<via Auth-Type = mschap>] (from client localhost port 0 cli 91.106.233.252) Found Post-Auth-Type Reject +- entering group REJECT expand: %{User-Name} -> testing123 attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 0 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 0 Sending Access-Reject of id 8 to 127.0.0.1 port 55479 Waking up in 4.9 seconds. Cleaning up request 0 ID 8 with timestamp +29 Ready to process requests. 我可以看到CHAP身份validation阶段似乎出现了问题,但由于所提供的密码确实是正确的并且已经由拨号pipe理实用程序设置,所以我不能完全理解问题所在。 也许我错过了一些额外的configuration/密码没有被保存或validation使用正确的格式?
任何帮助深表感谢!
看来你正在使用CHAP身份validation。 CHAP身份validation不能与encryption密码一起使用。
看看: http : //wiki.freeradius.org/index.php/FAQ#PAP_authentication_works_but_CHAP_fails