作为代理服务器的packet栅栏上的一个问题

2022-10-15 05:58:30标签linuxopenwrtfreeradiusradius
提问

期待你在这里的支持! ! 这是我的设置 输入图像描述 根据我的setupI,为我的半径身份验证配置了一个代理服务器。由于我们在代理中“没有带”和“带”模式,我已经尝试了两种模式来进行我的半径认证。 在“no”模式中,我的半径访问包在半径服务器中被接受,但在代理服务器上被拒绝了。 在“带”模式下,我的半径接入包在半径服务器本身中被拒绝。 我正在附上我的配置和日志,以供进一步参考 因此,我的查询是我所使用的是什么模式,以及我的代理服务器的配置是什么?在我的设置中有一个配置错误吗?

PROXY CONFIGURATION:
Realm Configuration --> Strip Mode
=============================================================================================
# This file is generated from a template at /usr/local/pf/conf/radiusd/proxy.conf.inc
# Any changes made to this file will be lost on restart
# Eduroam integration is not configured
realm default {
}
realm local {
}
realm null {
}
realm karthi.com {
strip
auth_pool = auth_pool_karthi.com
}
home_server_pool auth_pool_karthi.com {
type = fail-over
home_server = longship-proxy
}
realm eduroam.default {
}
realm eduroam.local {
}
realm eduroam.null {
}
realm eduroam.karthi.com {
}
home_server longship-proxy {
ipaddr = 10.0.1.237
port = 1812
secret = password123
type = auth
status_check = none
require_message_authenticator = yes
response_window = 20
zombie_period = 40
max_outstanding = 65536
revive_interval = 120
check_interval = 30
num_answers_to_alive = 3
src_ipaddr = 10.0.1.226
}
# pfacct configuration
realm pfacct {
    acct_pool = pfacct_pool
    nostrip
}
home_server_pool pfacct_pool {
    home_server = pfacct_local
}
home_server pfacct_local {
    type = acct
    ipaddr = 127.0.0.1
    port = 1813
    secret = 'Mzg3Njc1YzU5YWY0YjI0OGI5ZTZlZDZk'
    src_ipaddr = 10.0.1.8
}
--------------------------------------------------------------------------------
Switch Configuration
================================================================================
[group longship]
deauthMethod=RADIUS
radiusSecret=Secret123
deauthOnPrevious=N
description=tets
===============================================================================
No Strip - Proxy configuration
===============================================================================
# This file is generated from a template at /usr/local/pf/conf/radiusd/proxy.conf.inc
# Any changes made to this file will be lost on restart
# Eduroam integration is not configured
realm default {
}
realm local {
}
realm null {
}
realm karthi.com {
nostrip
auth_pool = auth_pool_karthi.com
}
home_server_pool auth_pool_karthi.com {
type = fail-over
home_server = longship-proxy
}
realm eduroam.default {
}
realm eduroam.local {
}
realm eduroam.null {
}
realm eduroam.karthi.com {
}
home_server longship-proxy {
ipaddr = 10.0.1.237
port = 1812
secret = password123
type = auth
status_check = none
require_message_authenticator = yes
response_window = 20
zombie_period = 40
max_outstanding = 65536
revive_interval = 120
check_interval = 30
num_answers_to_alive = 3
src_ipaddr = 10.0.1.226
}
# pfacct configuration
realm pfacct {
    acct_pool = pfacct_pool
    nostrip
}
home_server_pool pfacct_pool {
    home_server = pfacct_local
}
home_server pfacct_local {
    type = acct
    ipaddr = 127.0.0.1
    port = 1813
    secret = 'Mzg3Njc1YzU5YWY0YjI0OGI5ZTZlZDZk'
    src_ipaddr = 10.0.1.8
}
===============================================================================
Switches.conf
==============================================================================
[group longship]
deauthMethod=RADIUS
radiusSecret=Secret123
deauthOnPrevious=N
description=tets
==============================================================================
PROXY SERVER LOGS:
No Strip mode:
RADIUS Request
User-Name = "Karthika@acme.com"
NAS-Port-Type = Wireless-802.11
Service-Type = Framed-User
NAS-Port = 1
Calling-Station-Id = "b2:68:58:03:79:58"
Connect-Info = "CONNECT 54Mbps 802.11g"
Acct-Session-Id = "47950D78E9FFA0FA"
Acct-Multi-Session-Id = "F9C5DA5C67C3F21C"
WLAN-Pairwise-Cipher = 1027076
WLAN-Group-Cipher = 1027076
WLAN-AKM-Suite = 1027073
Framed-MTU = 1400
EAP-Message = 0x02b9002e190017030300230000000000000003e7bfd6bac4c3b952bb3a5c9a7b5bdb65ebac2f0d09951bfed86e6c
State = 0xdf215a51d798439edeeb09124fe28461
Message-Authenticator = 0x8cebac590930f51e9f88075f4576358c
NAS-IP-Address = 10.0.1.163
FreeRADIUS-Client-IP-Address = 10.0.1.163
PacketFence-Radius-Ip = "10.0.1.247"
PacketFence-KeyBalanced = "87cbdca591932605ca589abdff2444ff"
Called-Station-Id = "36:80:a2:c6:37:9c:Packetfence-Proxy"
Called-Station-SSID = "Packetfence-Proxy"
Event-Timestamp = "Jul 28 2022 05:43:32 UTC"
Realm = "acme.com"
EAP-Type = PEAP
Realm = "acme.com"
User-Password = "******"
SQL-User-Name = "Karthika@acme.com"
RADIUS Reply
EAP-Message = 0x04b90004
Message-Authenticator = 0x74a4d85a2b1224b1c98b6519d5370967
Strip mode:
Request Time
0
RADIUS Request
EAP-Message = 0x02c400431a02c4003e31ba28ecb035d3badad741ec42bc3c93790000000000000000438cafc807aaaf04d2b0245e93df1cad754d0a8742374adc004b61727468696b61
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "Karthika"
State = 0x1c9483bc1c50991a94b3096c9694a1c6
NAS-Port-Type = Wireless-802.11
Service-Type = Framed-User
NAS-Port = 1
Calling-Station-Id = "b2:68:58:03:79:58"
Connect-Info = "CONNECT 54Mbps 802.11g"
Acct-Session-Id = "4803B13EAD0BA4A4"
Acct-Multi-Session-Id = "90A484501C63B543"
WLAN-Pairwise-Cipher = 1027076
WLAN-Group-Cipher = 1027076
WLAN-AKM-Suite = 1027073
Framed-MTU = 1400
NAS-IP-Address = 10.0.1.163
PacketFence-Radius-Ip = "10.0.1.247"
PacketFence-KeyBalanced = "ea89a5dae0bc4b8131817a7c921256b1"
Event-Timestamp = "Jul 28 2022 05:43:01 UTC"
PacketFence-Outer-User = "Karthika"
EAP-Type = MSCHAPv2
Called-Station-Id = "36:80:a2:c6:37:9c:Packetfence-Proxy"
Called-Station-SSID = "Packetfence-Proxy"
MS-CHAP-Challenge = 0x6745344427cc732cc95c09428f839aa4
MS-CHAP2-Response = 0xc461ba28ecb035d3badad741ec42bc3c93790000000000000000438cafc807aaaf04d2b0245e93df1cad754d0a8742374adc
MS-CHAP-User-Name = "Karthika"
User-Password = "******"
SQL-User-Name = "Karthika"
RADIUS Reply
EAP-Message = 0x04c40004
Message-Authenticator = 0x00000000000000000000000000000000

▼版权说明

相关文章也很精彩
推荐内容
更多标签
相关热门
全站排行
随便看看

错说cuoshuo.com——程序员的报错记录

部分内容根据CC版权协议转载,如果您希望取消转载请发送邮件到cuoshuo8@163.com

辽ICP备19011660号-5