Gentoo, Freeradius 2, Mysql, Daloraius
Пытаюсь прикрутить авторизацию в радиусе для точек доступа через EAP-PEAP+MSCHAPv2. Для локального пользователя из файла users:
tester Cleartext-Password := "tester"
Авторизация проходит нормально, вот лог
А вот у пользователя vasya, созданного в sql через daloradius нет.
Причем radtest для него проходит нормально:
radtest vasya vasya localhost 1 testing123
Sending Access-Request of id 220 to 127.0.0.1 port 1812
User-Name = "vasya"
User-Password = "vasya"
NAS-IP-Address = 10.10.0.141
NAS-Port = 1
rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=220, length=20
Уже не знаю что делать.
Разница в логах, насколько я смог заметить, начинается в этих блоках:
для tester:
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/mschapv2
rlm_eap: processing type mschapv2
+- entering group MS-CHAP
rlm_mschap: Told to do MS-CHAPv2 for tester with NT-Password
++[mschap] returns ok
MSCHAP Success
++[eap] returns handled
} # server inner-tunnel
PEAP: Got tunneled reply RADIUS code 11
EAP-Message = 0x010800331a0307002e533d32354639454346413136313845393843333932443535433535454343424433353335463233374436
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x45ec2fcd44e435548ba441bf0fe730d0
PEAP: Processing from tunneled session code 0xc26520 11
EAP-Message = 0x010800331a0307002e533d32354639454346413136313845393843333932443535433535454343424433353335463233374436
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x45ec2fcd44e435548ba441bf0fe730d0
PEAP: Got tunneled Access-Challenge
++[eap] returns handled
Sending Access-Challenge of id 198 to 10.10.17.123 port 1026
EAP-Message = 0x0108005b190017030100508646883fae54e44eb2f921f179af2b1cdf49057322b97f74c412896d60ac686cc4b7f048001382c38a549f619e739339c3ac76cbeb29b52dbedb9ee2c6e6c1a12f1ba8fad546102c2cf9b9efdae02465
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xa44b1a68a34303fb909c3ce6cf13014b
для vasya:
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/mschapv2
rlm_eap: processing type mschapv2
+- entering group MS-CHAP
rlm_mschap: No Cleartext-Password configured. Cannot create LM-Password.
rlm_mschap: No Cleartext-Password configured. Cannot create NT-Password.
rlm_mschap: Told to do MS-CHAPv2 for vasya with NT-Password
rlm_mschap: FAILED: No NT/LM-Password. Cannot perform authentication.
rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
++[mschap] returns reject
rlm_eap: Freeing handler
++[eap] returns reject
auth: Failed to validate the user.
} # server inner-tunnel
PEAP: Got tunneled reply RADIUS code 3
MS-CHAP-Error = "\007E=691 R=1"
EAP-Message = 0x04070004
Message-Authenticator = 0x00000000000000000000000000000000
PEAP: Processing from tunneled session code 0x1f4cf30 3
MS-CHAP-Error = "\007E=691 R=1"
EAP-Message = 0x04070004
Message-Authenticator = 0x00000000000000000000000000000000
PEAP: Tunneled authentication was rejected.
rlm_eap_peap: FAILURE
++[eap] returns handled
Sending Access-Challenge of id 68 to 10.10.17.123 port 1026
EAP-Message = 0x0108003b19001703010030e4e7d667aac1ff51d3db0be50af9914111a52b2d852df45475cff177d276627720c9ca88eb893ce31208da344ddcce6d
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xb2c69c09b5ce85c482959ed33c63d6f2
Finished request 7.
Куда глядеть?