Freeradius 問題求助

linux相關問題與技術

Freeradius 問題求助

文章ikenny » 週三 6月 24, 2009 7:58 am

最近想要自己架設認證伺服器,環境如下:
‧CentOS 5.3
利用 yum 安裝 freeradius
測試環境如下:
/usr/sbin/radiusd -X
radtest test test localhost 0 testing123

回應如下訊息
Sending Access-Request of id 238 to 127.0.0.1 port 1812
User-Name = "test"
User-Password = "test"
NAS-IP-Address = 255.255.255.255
NAS-Port = 0
Re-sending Access-Request of id 238 to 127.0.0.1 port 1812
User-Name = "test"
User-Password = "test"
NAS-IP-Address = 255.255.255.255
NAS-Port = 0
Re-sending Access-Request of id 238 to 127.0.0.1 port 1812
User-Name = "test"
User-Password = "test"
NAS-IP-Address = 255.255.255.255
NAS-Port = 0
Re-sending Access-Request of id 238 to 127.0.0.1 port 1812
User-Name = "test"
User-Password = "test"
NAS-IP-Address = 255.255.255.255
NAS-Port = 0
Re-sending Access-Request of id 238 to 127.0.0.1 port 1812
User-Name = "test"
User-Password = "test"
NAS-IP-Address = 255.255.255.255
NAS-Port = 0
Re-sending Access-Request of id 238 to 127.0.0.1 port 1812
User-Name = "test"
User-Password = "test"
NAS-IP-Address = 255.255.255.255
NAS-Port = 0
Re-sending Access-Request of id 238 to 127.0.0.1 port 1812
User-Name = "test"
User-Password = "test"
NAS-IP-Address = 255.255.255.255
NAS-Port = 0
Re-sending Access-Request of id 238 to 127.0.0.1 port 1812
User-Name = "test"
User-Password = "test"
NAS-IP-Address = 255.255.255.255
NAS-Port = 0
Re-sending Access-Request of id 238 to 127.0.0.1 port 1812
User-Name = "test"
User-Password = "test"
NAS-IP-Address = 255.255.255.255
NAS-Port = 0
Re-sending Access-Request of id 238 to 127.0.0.1 port 1812
User-Name = "test"
User-Password = "test"
NAS-IP-Address = 255.255.255.255
NAS-Port = 0
radclient: no response from server for ID 238

實在找不到問題,有人可協助找出問題嗎?
ikenny
 
文章: 5
註冊時間: 週日 12月 07, 2003 6:47 am
來自: 台北市

文章sunnyer » 週三 6月 24, 2009 2:28 pm

先檢查一下1812,1813的port是否有正常運作~
sunnyer
 
文章: 31
註冊時間: 週三 3月 16, 2005 10:59 am

文章ericchiu » 週三 6月 24, 2009 11:23 pm

若使用系統unix的帳號及密碼時,要將freeradius的執行者改成 root
ericchiu
 
文章: 1
註冊時間: 週三 6月 24, 2009 11:21 pm

文章ikenny » 週四 6月 25, 2009 7:47 pm

感謝大伙兒的協助
找到原因了,原是一項參數未設定正確,radiusd未啟動所造成

[root@u8 raddb]# radtest test test localhost 0 testing123
Sending Access-Request of id 226 to 127.0.0.1 port 1812
User-Name = "test"
User-Password = "test"
NAS-IP-Address = 255.255.255.255
NAS-Port = 0
rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=226, length=38
Service-Type = Framed-User
[root@u8 raddb]# radtest test test localhost 0 testing123
Sending Access-Request of id 149 to 127.0.0.1 port 1812
[root@u8User-Name = "test"nts.conf
User-Password = "test"
NAS-IP-Address = 255.255.255.255
NAS-Port = 0
rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=149, length=38
Service-Type = Framed-User
Framed-IP-Address = 255.255.255.254
Framed-IP-Netmask = 255.255.255.0
以上測試已經ok

我的想法是搭配m0n0wall+mysql來做認證服務,本校同仁帳密存於mysql資料庫,非本校之帳密,則導向市網,在本機上測試ok,但透過m0n0則失敗,請大家幫忙看看,clients.conf及proxy.conf的設定是否正確,感恩^^

#clients.conf
client 127.0.0.1 {
secret = testing123
shortname = localhost
nastype = other # localhost isn't usually a NAS...
# login = !root
# password = someadminpas
}

client 163.21.251.0/24 {
secret = xxxaaa
shortname = nanhua
}

client 163.21.249.130 {
secret = xxxaaa
shortname = tpedu
}

#proxy.conf
proxy server {
synchronous = no
retry_delay = 5
retry_count = 3
dead_time = 120
default_fallback = yes
post_proxy_authorize = no
}

realm LOCAL {
type = radius
authhost = LOCAL
accthost = LOCAL
}

realm NULL {
type = radius
authhost = LOCAL
accthost = LOCAL
}

realm nhwsh.tp.edu.tw {
type = radius
authhost = LOCAL
accthost = LOCAL
secret = xxxaaa
}

realm DEFAULT {
type = radius
authhost = 163.21.249.130:1812
accthost = 163.21.249.130:1813
secret = tpeduaaa
nostrip
}
ikenny
 
文章: 5
註冊時間: 週日 12月 07, 2003 6:47 am
來自: 台北市


回到 linux技術討論

誰在線上

正在瀏覽這個版面的使用者:沒有註冊會員 和 0 位訪客

cron