質問編集履歴
1
デバッグモードでの実行結果を追記
title
CHANGED
File without changes
|
body
CHANGED
@@ -42,4 +42,112 @@
|
|
42
42
|
Fri Dec 4 16:29:32 2015 : Auth: Login incorrect: [78e7d19d2846] (from client 192.168.1.0/24 port 16805898 cli 78-E7-D1-9D-28-46)
|
43
43
|
```
|
44
44
|
tcpdumpでキャプチャした時の内容は以下の通りです。
|
45
|
-

|
45
|
+

|
46
|
+
|
47
|
+
|
48
|
+
|
49
|
+
|
50
|
+
###2015/12/17 デバッグモードでの実行結果を追記
|
51
|
+
|
52
|
+
実環境での結果
|
53
|
+
```
|
54
|
+
rad_recv: Access-Request packet from host 192.168.1.2 port 5001, id=38, length=112
|
55
|
+
User-Name = "78e7d19d2846"
|
56
|
+
User-Password = "78e7d19d2846"
|
57
|
+
NAS-IP-Address = 192.168.1.2
|
58
|
+
NAS-Identifier = "000fe24540f5"
|
59
|
+
NAS-Port = 16805898
|
60
|
+
NAS-Port-Type = Ethernet
|
61
|
+
Service-Type = Call-Check
|
62
|
+
Framed-Protocol = PPP
|
63
|
+
Calling-Station-Id = "78e7-d19d-2846"
|
64
|
+
# Executing section authorize from file /etc/freeradius/sites-enabled/default
|
65
|
+
+- entering group authorize {...}
|
66
|
+
++[preprocess] returns ok
|
67
|
+
[auth_log] expand: /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/freeradius/radacct/192.168.1.2/auth-detail-20151217
|
68
|
+
[auth_log] /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/192.168.1.2/auth-detail-20151217
|
69
|
+
[auth_log] expand: %t -> Thu Dec 17 10:20:24 2015
|
70
|
+
++[auth_log] returns ok
|
71
|
+
++[chap] returns noop
|
72
|
+
++[mschap] returns noop
|
73
|
+
++[digest] returns noop
|
74
|
+
[suffix] No '@' in User-Name = "78e7d19d2846", looking up realm NULL
|
75
|
+
[suffix] No such realm "NULL"
|
76
|
+
++[suffix] returns noop
|
77
|
+
[eap] No EAP-Message, not doing EAP
|
78
|
+
++[eap] returns noop
|
79
|
+
[files] users: Matched entry DEFAULT at line 172
|
80
|
+
++[files] returns ok
|
81
|
+
rlm_checkval: Item Name: Calling-Station-Id, Value: 78e7-d19d-2846
|
82
|
+
rlm_checkval: Could not find attribute named Calling-Station-Id in check pairs
|
83
|
+
++[checkval] returns notfound
|
84
|
+
++[expiration] returns noop
|
85
|
+
++[logintime] returns noop
|
86
|
+
[pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.
|
87
|
+
++[pap] returns noop
|
88
|
+
ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user
|
89
|
+
Failed to authenticate the user.
|
90
|
+
Login incorrect: [78e7d19d2846/78e7d19d2846] (from client client port 16805898 cli 78e7-d19d-2846)
|
91
|
+
Using Post-Auth-Type Reject
|
92
|
+
# Executing group from file /etc/freeradius/sites-enabled/default
|
93
|
+
+- entering group REJECT {...}
|
94
|
+
[attr_filter.access_reject] expand: %{User-Name} -> 78e7d19d2846
|
95
|
+
attr_filter: Matched entry DEFAULT at line 11
|
96
|
+
++[attr_filter.access_reject] returns updated
|
97
|
+
Delaying reject of request 3 for 1 seconds
|
98
|
+
Going to the next request
|
99
|
+
Waking up in 0.9 seconds.
|
100
|
+
Sending delayed reject for request 3
|
101
|
+
Sending Access-Reject of id 38 to 192.168.1.2 port 5001
|
102
|
+
Waking up in 0.8 seconds.
|
103
|
+
Cleaning up request 2 ID 37 with timestamp +249
|
104
|
+
Waking up in 4.1 seconds.
|
105
|
+
```
|
106
|
+
radtestでの結果(radtest 78e7d19d2846 78e7d19d2846 localhost 1812 test)
|
107
|
+
```
|
108
|
+
rad_recv: Access-Request packet from host 127.0.0.1 port 59230, id=109, length=82
|
109
|
+
User-Name = "78e7d19d2846"
|
110
|
+
User-Password = "78e7d19d2846"
|
111
|
+
NAS-IP-Address = 127.0.1.1
|
112
|
+
NAS-Port = 1812
|
113
|
+
Message-Authenticator = 0xc09c4655d8445950ceb2b86441e9d76c
|
114
|
+
# Executing section authorize from file /etc/freeradius/sites-enabled/default
|
115
|
+
+- entering group authorize {...}
|
116
|
+
++[preprocess] returns ok
|
117
|
+
[auth_log] expand: /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/freeradius/radacct/127.0.0.1/auth-detail-20151217
|
118
|
+
[auth_log] /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/127.0.0.1/auth-detail-20151217
|
119
|
+
[auth_log] expand: %t -> Thu Dec 17 10:47:24 2015
|
120
|
+
++[auth_log] returns ok
|
121
|
+
++[chap] returns noop
|
122
|
+
++[mschap] returns noop
|
123
|
+
++[digest] returns noop
|
124
|
+
[suffix] No '@' in User-Name = "78e7d19d2846", looking up realm NULL
|
125
|
+
[suffix] No such realm "NULL"
|
126
|
+
++[suffix] returns noop
|
127
|
+
[eap] No EAP-Message, not doing EAP
|
128
|
+
++[eap] returns noop
|
129
|
+
[files] users: Matched entry 78e7d19d2846 at line 235
|
130
|
+
++[files] returns ok
|
131
|
+
++[expiration] returns noop
|
132
|
+
++[logintime] returns noop
|
133
|
+
[pap] WARNING: Auth-Type already set. Not setting to PAP
|
134
|
+
++[pap] returns noop
|
135
|
+
Found Auth-Type = PAP
|
136
|
+
# Executing group from file /etc/freeradius/sites-enabled/default
|
137
|
+
+- entering group PAP {...}
|
138
|
+
[pap] login attempt with password "78e7d19d2846"
|
139
|
+
[pap] Using clear text password "78e7d19d2846"
|
140
|
+
[pap] User authenticated successfully
|
141
|
+
++[pap] returns ok
|
142
|
+
Login OK: [78e7d19d2846/78e7d19d2846] (from client localhost port 1812)
|
143
|
+
# Executing section post-auth from file /etc/freeradius/sites-enabled/default
|
144
|
+
+- entering group post-auth {...}
|
145
|
+
++[exec] returns noop
|
146
|
+
Sending Access-Accept of id 109 to 127.0.0.1 port 59230
|
147
|
+
Finished request 2.
|
148
|
+
Going to the next request
|
149
|
+
Waking up in 4.9 seconds.
|
150
|
+
Cleaning up request 2 ID 109 with timestamp +192
|
151
|
+
Ready to process requests.
|
152
|
+
|
153
|
+
```
|