teratail
回答率
85.48%
質問するログイン新規登録
トップに関する質問freeradiusでのMAC認証で拒否される

編集履歴

質問編集履歴

1

デバッグモードでの実行結果を追記

2015/12/17 02:02

投稿

naoyuki9
naoyuki9

スコア7

test CHANGED
File without changes
test CHANGED
@@ -87,3 +87,219 @@
87
87
  tcpdumpでキャプチャした時の内容は以下の通りです。
88
88
 
89
89
  ![イメージ説明](e8a58ed0a97005b80211277814240f6d.png)
90
+
91
+
92
+
93
+
94
+
95
+
96
+
97
+
98
+
99
+ ###2015/12/17 デバッグモードでの実行結果を追記
100
+
101
+
102
+
103
+ 実環境での結果
104
+
105
+ ```
106
+
107
+ rad_recv: Access-Request packet from host 192.168.1.2 port 5001, id=38, length=112
108
+
109
+ User-Name = "78e7d19d2846"
110
+
111
+ User-Password = "78e7d19d2846"
112
+
113
+ NAS-IP-Address = 192.168.1.2
114
+
115
+ NAS-Identifier = "000fe24540f5"
116
+
117
+ NAS-Port = 16805898
118
+
119
+ NAS-Port-Type = Ethernet
120
+
121
+ Service-Type = Call-Check
122
+
123
+ Framed-Protocol = PPP
124
+
125
+ Calling-Station-Id = "78e7-d19d-2846"
126
+
127
+ # Executing section authorize from file /etc/freeradius/sites-enabled/default
128
+
129
+ +- entering group authorize {...}
130
+
131
+ ++[preprocess] returns ok
132
+
133
+ [auth_log] expand: /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/freeradius/radacct/192.168.1.2/auth-detail-20151217
134
+
135
+ [auth_log] /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/192.168.1.2/auth-detail-20151217
136
+
137
+ [auth_log] expand: %t -> Thu Dec 17 10:20:24 2015
138
+
139
+ ++[auth_log] returns ok
140
+
141
+ ++[chap] returns noop
142
+
143
+ ++[mschap] returns noop
144
+
145
+ ++[digest] returns noop
146
+
147
+ [suffix] No '@' in User-Name = "78e7d19d2846", looking up realm NULL
148
+
149
+ [suffix] No such realm "NULL"
150
+
151
+ ++[suffix] returns noop
152
+
153
+ [eap] No EAP-Message, not doing EAP
154
+
155
+ ++[eap] returns noop
156
+
157
+ [files] users: Matched entry DEFAULT at line 172
158
+
159
+ ++[files] returns ok
160
+
161
+ rlm_checkval: Item Name: Calling-Station-Id, Value: 78e7-d19d-2846
162
+
163
+ rlm_checkval: Could not find attribute named Calling-Station-Id in check pairs
164
+
165
+ ++[checkval] returns notfound
166
+
167
+ ++[expiration] returns noop
168
+
169
+ ++[logintime] returns noop
170
+
171
+ [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.
172
+
173
+ ++[pap] returns noop
174
+
175
+ ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user
176
+
177
+ Failed to authenticate the user.
178
+
179
+ Login incorrect: [78e7d19d2846/78e7d19d2846] (from client client port 16805898 cli 78e7-d19d-2846)
180
+
181
+ Using Post-Auth-Type Reject
182
+
183
+ # Executing group from file /etc/freeradius/sites-enabled/default
184
+
185
+ +- entering group REJECT {...}
186
+
187
+ [attr_filter.access_reject] expand: %{User-Name} -> 78e7d19d2846
188
+
189
+ attr_filter: Matched entry DEFAULT at line 11
190
+
191
+ ++[attr_filter.access_reject] returns updated
192
+
193
+ Delaying reject of request 3 for 1 seconds
194
+
195
+ Going to the next request
196
+
197
+ Waking up in 0.9 seconds.
198
+
199
+ Sending delayed reject for request 3
200
+
201
+ Sending Access-Reject of id 38 to 192.168.1.2 port 5001
202
+
203
+ Waking up in 0.8 seconds.
204
+
205
+ Cleaning up request 2 ID 37 with timestamp +249
206
+
207
+ Waking up in 4.1 seconds.
208
+
209
+ ```
210
+
211
+ radtestでの結果(radtest 78e7d19d2846 78e7d19d2846 localhost 1812 test)
212
+
213
+ ```
214
+
215
+ rad_recv: Access-Request packet from host 127.0.0.1 port 59230, id=109, length=82
216
+
217
+ User-Name = "78e7d19d2846"
218
+
219
+ User-Password = "78e7d19d2846"
220
+
221
+ NAS-IP-Address = 127.0.1.1
222
+
223
+ NAS-Port = 1812
224
+
225
+ Message-Authenticator = 0xc09c4655d8445950ceb2b86441e9d76c
226
+
227
+ # Executing section authorize from file /etc/freeradius/sites-enabled/default
228
+
229
+ +- entering group authorize {...}
230
+
231
+ ++[preprocess] returns ok
232
+
233
+ [auth_log] expand: /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/freeradius/radacct/127.0.0.1/auth-detail-20151217
234
+
235
+ [auth_log] /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/127.0.0.1/auth-detail-20151217
236
+
237
+ [auth_log] expand: %t -> Thu Dec 17 10:47:24 2015
238
+
239
+ ++[auth_log] returns ok
240
+
241
+ ++[chap] returns noop
242
+
243
+ ++[mschap] returns noop
244
+
245
+ ++[digest] returns noop
246
+
247
+ [suffix] No '@' in User-Name = "78e7d19d2846", looking up realm NULL
248
+
249
+ [suffix] No such realm "NULL"
250
+
251
+ ++[suffix] returns noop
252
+
253
+ [eap] No EAP-Message, not doing EAP
254
+
255
+ ++[eap] returns noop
256
+
257
+ [files] users: Matched entry 78e7d19d2846 at line 235
258
+
259
+ ++[files] returns ok
260
+
261
+ ++[expiration] returns noop
262
+
263
+ ++[logintime] returns noop
264
+
265
+ [pap] WARNING: Auth-Type already set. Not setting to PAP
266
+
267
+ ++[pap] returns noop
268
+
269
+ Found Auth-Type = PAP
270
+
271
+ # Executing group from file /etc/freeradius/sites-enabled/default
272
+
273
+ +- entering group PAP {...}
274
+
275
+ [pap] login attempt with password "78e7d19d2846"
276
+
277
+ [pap] Using clear text password "78e7d19d2846"
278
+
279
+ [pap] User authenticated successfully
280
+
281
+ ++[pap] returns ok
282
+
283
+ Login OK: [78e7d19d2846/78e7d19d2846] (from client localhost port 1812)
284
+
285
+ # Executing section post-auth from file /etc/freeradius/sites-enabled/default
286
+
287
+ +- entering group post-auth {...}
288
+
289
+ ++[exec] returns noop
290
+
291
+ Sending Access-Accept of id 109 to 127.0.0.1 port 59230
292
+
293
+ Finished request 2.
294
+
295
+ Going to the next request
296
+
297
+ Waking up in 4.9 seconds.
298
+
299
+ Cleaning up request 2 ID 109 with timestamp +192
300
+
301
+ Ready to process requests.
302
+
303
+
304
+
305
+ ```