forum.opennet.ru

Составление сообщения

Исходное сообщение

"Как настроить freeradius 802.1x"
Отправлено letnab, 29-Июн-16 11:31

> В логах нет ругани на чтение сертификатов (права)?
> Как вариант запустить с дебагом и смотреть вдумчиво в простыню.
Пересобрал сертификаты как написано тут https://github.com/FreeRADIUS/freeradius-server/tree/v3.0.x/...
импортировал CA и client.p12 на виндовую тачку. В дебаге вот что
++[eap] returns handled
Sending Access-Challenge of id 101 to 10.10.1.198 port 1838
        EAP-Message = 0x010502671900050500038201010067ab6b4bcb557abd09f626556d2953edf372091a724dece073dcf06815e270ebe79efb055804554ea76725cf9a2b1b2336171bf6e7e8308dba09d0e2b48703a79dc68770dcbe275ce0a2b22b51a164dda921a2e14e2656fad87e42ea7c54cbc71533e681c6663124355083bf1a86fb3e6087d72355942e53404174587009a1bb515e237b93d3f796c203fabba72b1b4924f6f7b0440efb899f6a0e6ae941ce7f43c87648cab0ab03db82335f56f40d73577bb4dd0ef181d49c24a3c0da28971985e40dcd329d46f75ce2c3c712a0f727e81511e608019b5c804851d1e855b89e5ce3898f6ed7661182c07a5f11e13e
        EAP-Message = 0xcc6da4f785acd236c9b7ab85077aed93a6160301014b0c0001470300174104d914c404c2fff9ed5ac8652beda6901e5f1bd3d4e9e20bd58738d0afe4de176fd1a4308a567fc5ca09696408455dd0e46c3a6d02c13b180c6b16a596b3e019fc01003eec94953a73484ed765e4a83824218103468cc4e4016178c06999a8a71cfcae5724a8809c3e1cdc4982dd4bddac857788a56bb3f720e8694e2423bb08c8298dcefbed9ed1b66ea9e409c569d4e9dabdb89069ae340272f7e37b12e32d615b0e0281a6deccfb6a66cc198aaab9d5a332a6752671ce1ef0d37dc30d5a168a12c49de3495077f049e80c0323ea854f410eb63255f01b9bd2dbe8c0b38a
        EAP-Message = 0x2cb3b7b09e718811fca7c53348b186184a3987a60e1918d44221c1e703fc9dcf1be93e8f3670737d2e4d5a8f77c24b0ee50a66bce1b096b822a3c2cf9fd23e68e740b67bbe9517059bd880ca21665a6cda1589a64774ab4322bd2e85b77992e7a745c81516030100040e000000
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x5215bd595110a499c72ac68b414a26d0
Finished request 3.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.209.1.198 port 1838, id=102, length=212
        User-Name = "TFT.LOCAL\\ADMWWW"
        Framed-MTU = 1450
        EAP-Message = 0x020500061900
        Message-Authenticator = 0x00ca6fe9fcbd1d29467f80d2c6877051
        NAS-IP-Address = 10.10.1.198
        NAS-Identifier = "SW-1-DD"
        NAS-Port = 16781313
        NAS-Port-Id = "slot=1;subslot=0;port=1;vlanid=1"
        NAS-Port-Type = Ethernet
        Service-Type = Framed-User
        Framed-Protocol = PPP
        Calling-Station-Id = "12-F7-28-2A-F4-F7"
        Acct-Session-Id = "10004011051101010"
        State = 0x5215bd595110a499c72ac68b414a26d0
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log]      expand: /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/freeradius/radacct/10.10.1.198/auth-detail-20160629
[auth_log] /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/10.10.1.198/auth-detail-20160629
[auth_log]      expand: %t -> Wed Jun 29 12:26:31 2016
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "TFT.LOCAL\ADMWWW", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 5 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 102 to 10.209.1.198 port 1838
        EAP-Message = 0x010600061900
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x5215bd595613a499c72ac68b414a26d0
Finished request 4.
Going to the next request
Waking up in 4.8 seconds.
Cleaning up request 0 ID 98 with timestamp +62
Cleaning up request 1 ID 99 with timestamp +62
Cleaning up request 2 ID 100 with timestamp +62
Cleaning up request 3 ID 101 with timestamp +62
Cleaning up request 4 ID 102 with timestamp +62
WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
WARNING: !! EAP session for state 0x5215bd595613a499 did not finish!
WARNING: !! Please read http://wiki.freeradius.org/Certificate_Compatibility
WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Ready to process requests.

Исходное сообщение
"Как настроить freeradius 802.1x" Отправлено letnab, 29-Июн-16 11:31
> В логах нет ругани на чтение сертификатов (права)? > Как вариант запустить с дебагом и смотреть вдумчиво в простыню. Пересобрал сертификаты как написано тут https://github.com/FreeRADIUS/freeradius-server/tree/v3.0.x/... импортировал CA и client.p12 на виндовую тачку. В дебаге вот что ++[eap] returns handled Sending Access-Challenge of id 101 to 10.10.1.198 port 1838 EAP-Message = 0x010502671900050500038201010067ab6b4bcb557abd09f626556d2953edf372091a724dece073dcf06815e270ebe79efb055804554ea76725cf9a2b1b2336171bf6e7e8308dba09d0e2b48703a79dc68770dcbe275ce0a2b22b51a164dda921a2e14e2656fad87e42ea7c54cbc71533e681c6663124355083bf1a86fb3e6087d72355942e53404174587009a1bb515e237b93d3f796c203fabba72b1b4924f6f7b0440efb899f6a0e6ae941ce7f43c87648cab0ab03db82335f56f40d73577bb4dd0ef181d49c24a3c0da28971985e40dcd329d46f75ce2c3c712a0f727e81511e608019b5c804851d1e855b89e5ce3898f6ed7661182c07a5f11e13e EAP-Message = 0xcc6da4f785acd236c9b7ab85077aed93a6160301014b0c0001470300174104d914c404c2fff9ed5ac8652beda6901e5f1bd3d4e9e20bd58738d0afe4de176fd1a4308a567fc5ca09696408455dd0e46c3a6d02c13b180c6b16a596b3e019fc01003eec94953a73484ed765e4a83824218103468cc4e4016178c06999a8a71cfcae5724a8809c3e1cdc4982dd4bddac857788a56bb3f720e8694e2423bb08c8298dcefbed9ed1b66ea9e409c569d4e9dabdb89069ae340272f7e37b12e32d615b0e0281a6deccfb6a66cc198aaab9d5a332a6752671ce1ef0d37dc30d5a168a12c49de3495077f049e80c0323ea854f410eb63255f01b9bd2dbe8c0b38a EAP-Message = 0x2cb3b7b09e718811fca7c53348b186184a3987a60e1918d44221c1e703fc9dcf1be93e8f3670737d2e4d5a8f77c24b0ee50a66bce1b096b822a3c2cf9fd23e68e740b67bbe9517059bd880ca21665a6cda1589a64774ab4322bd2e85b77992e7a745c81516030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x5215bd595110a499c72ac68b414a26d0 Finished request 3. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.209.1.198 port 1838, id=102, length=212 User-Name = "TFT.LOCAL\\ADMWWW" Framed-MTU = 1450 EAP-Message = 0x020500061900 Message-Authenticator = 0x00ca6fe9fcbd1d29467f80d2c6877051 NAS-IP-Address = 10.10.1.198 NAS-Identifier = "SW-1-DD" NAS-Port = 16781313 NAS-Port-Id = "slot=1;subslot=0;port=1;vlanid=1" NAS-Port-Type = Ethernet Service-Type = Framed-User Framed-Protocol = PPP Calling-Station-Id = "12-F7-28-2A-F4-F7" Acct-Session-Id = "10004011051101010" State = 0x5215bd595110a499c72ac68b414a26d0 # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok [auth_log] expand: /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/freeradius/radacct/10.10.1.198/auth-detail-20160629 [auth_log] /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/10.10.1.198/auth-detail-20160629 [auth_log] expand: %t -> Wed Jun 29 12:26:31 2016 ++[auth_log] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "TFT.LOCAL\ADMWWW", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 5 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake fragment handler [peap] eaptls_verify returned 1 [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 102 to 10.209.1.198 port 1838 EAP-Message = 0x010600061900 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x5215bd595613a499c72ac68b414a26d0 Finished request 4. Going to the next request Waking up in 4.8 seconds. Cleaning up request 0 ID 98 with timestamp +62 Cleaning up request 1 ID 99 with timestamp +62 Cleaning up request 2 ID 100 with timestamp +62 Cleaning up request 3 ID 101 with timestamp +62 Cleaning up request 4 ID 102 with timestamp +62 WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! WARNING: !! EAP session for state 0x5215bd595613a499 did not finish! WARNING: !! Please read http://wiki.freeradius.org/Certificate_Compatibility WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Ready to process requests.

Ваше сообщение
Имя*:
EMail:	Для отправки новых сообщений в текущей нити на email укажите знак ! перед адресом, например, !user@host.ru (!! - не показывать email). Более тонкая настройка отправки ответов производится в профиле зарегистрированного участника форума.
Заголовок*:
Сообщение*:	>> В логах нет ругани на чтение сертификатов (права)? >> Как вариант запустить с дебагом и смотреть вдумчиво в простыню. > Пересобрал сертификаты как написано тут https://github.com/FreeRADIUS/freeradius-server/tree/v3.0.x/raddb/certs > импортировал CA и client.p12 на виндовую тачку. В дебаге вот что > ++[eap] returns handled > Sending Access-Challenge of id 101 to 10.10.1.198 port 1838 > EAP-Message = 0x010502671900050500038201010067ab6b4bcb557abd09f626556d2953edf372091a724dece073dcf06815e270ebe79efb055804554ea76725cf9a2b1b2336171bf6e7e8308dba09d0e2b48703a79dc68770dcbe275ce0a2b22b51a164dda921a2e14e2656fad87e42ea7c54cbc71533e681c6663124355083bf1a86fb3e6087d72355942e53404174587009a1bb515e237b93d3f796c203fabba72b1b4924f6f7b0440efb899f6a0e6ae941ce7f43c87648cab0ab03db82335f56f40d73577bb4dd0ef181d49c24a3c0da28971985e40dcd329d46f75ce2c3c712a0f727e81511e608019b5c804851d1e855b89e5ce3898f6ed7661182c07a5f11e13e > EAP-Message = 0xcc6da4f785acd236c9b7ab85077aed93a6160301014b0c0001470300174104d914c404c2fff9ed5ac8652beda6901e5f1bd3d4e9e20bd58738d0afe4de176fd1a4308a567fc5ca09696408455dd0e46c3a6d02c13b180c6b16a596b3e019fc01003eec94953a73484ed765e4a83824218103468cc4e4016178c06999a8a71cfcae5724a8809c3e1cdc4982dd4bddac857788a56bb3f720e8694e2423bb08c8298dcefbed9ed1b66ea9e409c569d4e9dabdb89069ae340272f7e37b12e32d615b0e0281a6deccfb6a66cc198aaab9d5a332a6752671ce1ef0d37dc30d5a168a12c49de3495077f049e80c0323ea854f410eb63255f01b9bd2dbe8c0b38a > EAP-Message = 0x2cb3b7b09e718811fca7c53348b186184a3987a60e1918d44221c1e703fc9dcf1be93e8f3670737d2e4d5a8f77c24b0ee50a66bce1b096b822a3c2cf9fd23e68e740b67bbe9517059bd880ca21665a6cda1589a64774ab4322bd2e85b77992e7a745c81516030100040e000000 > Message-Authenticator = 0x00000000000000000000000000000000 > State = 0x5215bd595110a499c72ac68b414a26d0 > Finished request 3. > Going to the next request > Waking up in 4.9 seconds. > rad_recv: Access-Request packet from host 10.209.1.198 port 1838, id=102, length=212 > User-Name = "TFT.LOCAL\\ADMWWW" > Framed-MTU = 1450 > EAP-Message = 0x020500061900 > Message-Authenticator = 0x00ca6fe9fcbd1d29467f80d2c6877051 > NAS-IP-Address = 10.10.1.198 > NAS-Identifier = "SW-1-DD" > NAS-Port = 16781313 > NAS-Port-Id = "slot=1;subslot=0;port=1;vlanid=1" > NAS-Port-Type = Ethernet > Service-Type = Framed-User > Framed-Protocol = PPP > Calling-Station-Id = "12-F7-28-2A-F4-F7" > Acct-Session-Id = "10004011051101010" > State = 0x5215bd595110a499c72ac68b414a26d0 > # Executing section authorize from file /etc/freeradius/sites-enabled/default > +- entering group authorize {...} > ++[preprocess] returns ok > [auth_log] expand: /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d > -> /var/log/freeradius/radacct/10.10.1.198/auth-detail-20160629 > [auth_log] /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d > expands to /var/log/freeradius/radacct/10.10.1.198/auth-detail-20160629 > [auth_log] expand: %t -> Wed Jun 29 > 12:26:31 2016 > ++[auth_log] returns ok > ++[chap] returns noop > ++[mschap] returns noop > ++[digest] returns noop > [suffix] No '@' in User-Name = "TFT.LOCAL\ADMWWW", looking up realm NULL > [suffix] No such realm "NULL" > ++[suffix] returns noop > [eap] EAP packet type response id 5 length 6 > [eap] Continuing tunnel setup. > ++[eap] returns ok > Found Auth-Type = EAP > # Executing group from file /etc/freeradius/sites-enabled/default > +- entering group authenticate {...} > [eap] Request found, released from the list > [eap] EAP/peap > [eap] processing type peap > [peap] processing EAP-TLS > [peap] Received TLS ACK > [peap] ACK handshake fragment handler > [peap] eaptls_verify returned 1 > [peap] eaptls_process returned 13 > [peap] EAPTLS_HANDLED > ++[eap] returns handled > Sending Access-Challenge of id 102 to 10.209.1.198 port 1838 > EAP-Message = 0x010600061900 > Message-Authenticator = 0x00000000000000000000000000000000 > State = 0x5215bd595613a499c72ac68b414a26d0 > Finished request 4. > Going to the next request > Waking up in 4.8 seconds. > Cleaning up request 0 ID 98 with timestamp +62 > Cleaning up request 1 ID 99 with timestamp +62 > Cleaning up request 2 ID 100 with timestamp +62 > Cleaning up request 3 ID 101 with timestamp +62 > Cleaning up request 4 ID 102 with timestamp +62 > WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! > WARNING: !! EAP session for state 0x5215bd595613a499 did not finish! > WARNING: !! Please read http://wiki.freeradius.org/Certificate_Compatibility > WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! > Ready to process requests.
	Введите код, изображенный на картинке:

При общении не допускается: неуважительное отношение к собеседнику, хамство, унизительное обращение, ненормативная лексика, переход на личности, агрессивное поведение, обесценивание собеседника, провоцирование флейма голословными и заведомо ложными заявлениями. Не отвечайте на сообщения, явно нарушающие правила - удаляются не только сами нарушения, но и все ответы на них. Лог модерирования.

Партнёры:

Хостинг:

Закладки на сайте
Проследить за страницей

Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру