LINUX.ORG.RU
решено ФорумAdmin

[freeradius + daloradius]Не могу разобраться с sql


0

1

Gentoo, Freeradius 2, Mysql, Daloraius

Пытаюсь прикрутить авторизацию в радиусе для точек доступа через EAP-PEAP+MSCHAPv2. Для локального пользователя из файла users:

tester	Cleartext-Password := "tester"

Авторизация проходит нормально, вот лог

А вот у пользователя vasya, созданного в sql через daloradius нет.

Причем radtest для него проходит нормально:

radtest vasya vasya localhost 1 testing123
Sending Access-Request of id 220 to 127.0.0.1 port 1812
	User-Name = "vasya"
	User-Password = "vasya"
	NAS-IP-Address = 10.10.0.141
	NAS-Port = 1
rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=220, length=20

Уже не знаю что делать.

Разница в логах, насколько я смог заметить, начинается в этих блоках:

для tester:

auth: type "EAP"
+- entering group authenticate
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/mschapv2
  rlm_eap: processing type mschapv2
+- entering group MS-CHAP
  rlm_mschap: Told to do MS-CHAPv2 for tester with NT-Password
++[mschap] returns ok
MSCHAP Success 
++[eap] returns handled
} # server inner-tunnel
  PEAP: Got tunneled reply RADIUS code 11
	EAP-Message = 0x010800331a0307002e533d32354639454346413136313845393843333932443535433535454343424433353335463233374436
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x45ec2fcd44e435548ba441bf0fe730d0
  PEAP: Processing from tunneled session code 0xc26520 11
	EAP-Message = 0x010800331a0307002e533d32354639454346413136313845393843333932443535433535454343424433353335463233374436
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x45ec2fcd44e435548ba441bf0fe730d0
  PEAP: Got tunneled Access-Challenge
++[eap] returns handled
Sending Access-Challenge of id 198 to 10.10.17.123 port 1026
	EAP-Message = 0x0108005b190017030100508646883fae54e44eb2f921f179af2b1cdf49057322b97f74c412896d60ac686cc4b7f048001382c38a549f619e739339c3ac76cbeb29b52dbedb9ee2c6e6c1a12f1ba8fad546102c2cf9b9efdae02465
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0xa44b1a68a34303fb909c3ce6cf13014b

для vasya:

auth: type "EAP"
+- entering group authenticate
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/mschapv2
  rlm_eap: processing type mschapv2
+- entering group MS-CHAP
  rlm_mschap: No Cleartext-Password configured.  Cannot create LM-Password.
  rlm_mschap: No Cleartext-Password configured.  Cannot create NT-Password.
  rlm_mschap: Told to do MS-CHAPv2 for vasya with NT-Password
  rlm_mschap: FAILED: No NT/LM-Password.  Cannot perform authentication.
  rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
++[mschap] returns reject
  rlm_eap: Freeing handler
++[eap] returns reject
auth: Failed to validate the user.
} # server inner-tunnel
  PEAP: Got tunneled reply RADIUS code 3
	MS-CHAP-Error = "\007E=691 R=1"
	EAP-Message = 0x04070004
	Message-Authenticator = 0x00000000000000000000000000000000
  PEAP: Processing from tunneled session code 0x1f4cf30 3
	MS-CHAP-Error = "\007E=691 R=1"
	EAP-Message = 0x04070004
	Message-Authenticator = 0x00000000000000000000000000000000
  PEAP: Tunneled authentication was rejected.
  rlm_eap_peap: FAILURE
++[eap] returns handled
Sending Access-Challenge of id 68 to 10.10.17.123 port 1026
	EAP-Message = 0x0108003b19001703010030e4e7d667aac1ff51d3db0be50af9914111a52b2d852df45475cff177d276627720c9ca88eb893ce31208da344ddcce6d
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0xb2c69c09b5ce85c482959ed33c63d6f2
Finished request 7.

Куда глядеть?

★★★★★

Ответ на: комментарий от GHhost
mysql> select * from radcheck;
+----+----------+--------------------+----+-------+
| id | username | attribute          | op | value |
+----+----------+--------------------+----+-------+
|  1 | vasya    | Cleartext-Password | := | vasya |
+----+----------+--------------------+----+-------+
1 row in set (0.00 sec)
Turbid ★★★★★ ()
Вы не можете добавлять комментарии в эту тему. Тема перемещена в архив.