FreeRADIUSによるIEEE802.1Xの認証がしたい
FreeRADIUSを使用して、IEEE802.1X認証を行いたいです。
うまく認証ができず困っています。ご教授いただけないでしょうか?
環境は下記のとおりです。
<RADIUSサーバー>
・ubuntu16.04
・FreeRADIUS v2.2.8
・環境構築参考URL: https://www.virment.com/radius-server-configuration/
<認証を受けたい端末>
・ubuntu12.04LTS
・wpa_supplicant v0.7.3
発生している問題・エラーメッセージ
FreeRADIUSの起動を下記で行いました。
'# freeradius -X
認証を受けたい端末から下記を実行し、ログを確認しました。
'# ip link set wlan0 down
'# ip link set eth0 down
'# wpa_supplicant -i eth0 -c/home/usr/ssh/wpa_supplicant.conf -D wired -dd -K
以下該当ログ(一部抜粋)
Initializing interface 'eth0' conf '/home/usr/ssh/wpa_supplicant.conf' driver 'wired' ctrl_interface 'N/A' bridge 'N/A' Configuration file '/home/usr/ssh/wpa_supplicant.conf' -> '/home/usr/ssh/wpa_supplicant.conf' Reading configuration file '/home/usr/ssh/wpa_supplicant.conf' ctrl_interface='/var/run/wpa_supplicant' ap_scan=0 Line: 22 - start of a new network block key_mgmt: 0x8 eap methods - hexdump(len=16): 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 identity - hexdump_ascii(len=4): 72 6f 6f 74 root password - hexdump_ascii(len=3): 75 73 72 usr eapol_flags=0 (0x0) Priority group 0 id=0 ssid='' wpa_driver_wired_init: Added multicast membership with packet socket Own MAC address: 04:20:9a:46:24:b4 RSN: flushing PMKID list in the driver Setting scan request: 0 sec 100000 usec WPS: UUID based on MAC address - hexdump(len=16): 58 f2 e1 6d da b7 5f 55 89 18 5b 27 b4 9e c8 df EAPOL: SUPP_PAE entering state DISCONNECTED EAPOL: Supplicant port status: Unauthorized EAPOL: KEY_RX entering state NO_KEY_RECEIVE EAPOL: SUPP_BE entering state INITIALIZE EAP: EAP entering state DISABLED EAPOL: Supplicant port status: Unauthorized EAPOL: Supplicant port status: Unauthorized Added interface eth0 EAPOL: External notification - EAP success=0 EAPOL: Supplicant port status: Unauthorized EAPOL: External notification - EAP fail=0 EAPOL: Supplicant port status: Unauthorized EAPOL: External notification - portControl=Auto EAPOL: Supplicant port status: Unauthorized Already associated with a configured network - generating associated event Association info event FT: Stored MDIE and FTIE from (Re)Association Response - hexdump(len=0): State: DISCONNECTED -> ASSOCIATED Associated to a new BSS: BSSID=01:80:c2:00:00:03 No keys have been configured - skip key clearing Select network based on association information Network configuration found for the current AP WPA: clearing AP WPA IE WPA: clearing AP RSN IE WPA: clearing own WPA/RSN IE EAPOL: External notification - EAP success=0 EAPOL: Supplicant port status: Unauthorized EAPOL: External notification - EAP fail=0 EAPOL: Supplicant port status: Unauthorized EAPOL: External notification - portControl=Auto EAPOL: Supplicant port status: Unauthorized Associated with 01:80:c2:00:00:03 WPA: Association event - clear replay counter RSN: PMKSA cache search - network_ctx=0x9ccb968 try_opportunistic=0 RSN: Search for BSSID 01:80:c2:00:00:03 RSN: No PMKSA cache entry found WPA: Clear old PTK EAPOL: External notification - portEnabled=0 EAPOL: Supplicant port status: Unauthorized EAPOL: External notification - portValid=0 EAPOL: Supplicant port status: Unauthorized EAPOL: External notification - portEnabled=1 EAPOL: SUPP_PAE entering state CONNECTING EAPOL: SUPP_BE entering state IDLE EAP: EAP entering state INITIALIZE EAP: EAP entering state IDLE Cancelling scan request EAPOL: startWhen --> 0 EAPOL: SUPP_PAE entering state CONNECTING EAPOL: txStart TX EAPOL: dst=01:80:c2:00:00:03 TX EAPOL - hexdump(len=4): 01 01 00 00 RX EAPOL from 34:76:c5:70:f4:15 RX EAPOL - hexdump(len=46): 02 00 00 05 01 01 00 05 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 EAPOL: Received EAP-Packet frame EAPOL: SUPP_PAE entering state RESTART EAP: EAP entering state INITIALIZE EAP: EAP entering state IDLE EAPOL: SUPP_PAE entering state AUTHENTICATING EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request id=1 method=1 vendor=0 vendorMethod=0 EAP: EAP entering state IDENTITY CTRL-EVENT-EAP-STARTED EAP authentication started EAP: EAP-Request Identity data - hexdump_ascii(len=0): EAP: using real identity - hexdump_ascii(len=4): 72 6f 6f 74 root EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE EAPOL: txSuppRsp TX EAPOL: dst=01:80:c2:00:00:03 TX EAPOL - hexdump(len=13): 01 00 00 09 02 01 00 09 01 72 6f 6f 74 EAPOL: SUPP_BE entering state RECEIVE EAPOL: startWhen --> 0 EAPOL: authWhile --> 0 EAPOL: SUPP_BE entering state TIMEOUT EAPOL: SUPP_PAE entering state CONNECTING EAPOL: SUPP_BE entering state IDLE EAPOL: startWhen --> 0 EAPOL: SUPP_PAE entering state CONNECTING EAPOL: txStart TX EAPOL: dst=01:80:c2:00:00:03 TX EAPOL - hexdump(len=4): 01 01 00 00 EAPOL: idleWhile --> 0 EAP: EAP entering state FAILURE CTRL-EVENT-EAP-FAILURE EAP authentication failed EAPOL: SUPP_PAE entering state AUTHENTICATING EAPOL: SUPP_BE entering state FAIL EAPOL: SUPP_PAE entering state HELD EAPOL: Supplicant port status: Unauthorized EAPOL: SUPP_BE entering state IDLE EAPOL authentication completed unsuccessfully EAPOL: startWhen --> 0 RX EAPOL from 34:76:c5:70:f4:15 RX EAPOL - hexdump(len=46): 02 00 00 05 01 02 00 05 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 EAPOL: Received EAP-Packet frame EAPOL: SUPP_PAE entering state RESTART EAP: EAP entering state INITIALIZE EAP: EAP entering state IDLE EAPOL: SUPP_PAE entering state AUTHENTICATING EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request id=2 method=1 vendor=0 vendorMethod=0 EAP: EAP entering state IDENTITY CTRL-EVENT-EAP-STARTED EAP authentication started .(最初から同様に続いていきます。) . . .
設定ファイル
wpa_supplicant.conf
ctrl_interface=/var/run/wpa_supplicant ap_scan=0 network={ key_mgmt=IEEE8021X eap=MD5 identity="root" password="usr" eapol_flags=0 }
試したこと
・FreeRADIUSのeap.confはデフォルトを使用しました
・その他設定ファイルは環境構築参考URLに沿って設定しました
・RADIUS portは1812番で、radtestは通りました
補足情報(FW/ツールのバージョンなど)
”EAPOL authentication completed unsuccessfully”とあり、うまく接続できていないようです。
”EAPOL: Supplicant port status: Unauthorized”が原因ではないかと思うのですが、これ以上分かりません。
FreeRADIUS側は、起動した状態から動きがないようです。
ログが”Ready to process requests.”で止まっています。
乱文大変恐縮です。
ご指摘頂ければその他必要な情報を追記いたします。
ご教授よろしくお願いします。
回答1件
あなたの回答
tips
プレビュー
バッドをするには、ログインかつ
こちらの条件を満たす必要があります。
2018/03/23 07:38 編集
2018/03/26 09:01
2018/03/26 09:42
2018/03/27 01:48
2018/03/27 03:06
2018/03/27 04:43
2018/03/27 04:57
2018/03/27 05:32