Problemas con Freeradius

Todos los temas relacionados con la seguridad en Linux

Moderadores: doc, ps-ax

Responder
ale-luna
Forista Nuevo
Forista Nuevo
Mensajes: 1
Registrado: Jue Dic 17, 2009 5:54 pm

Problemas con Freeradius

Mensaje por ale-luna » Jue Dic 17, 2009 5:59 pm

Que tal....

Si alguien me puede ayudar con Freeradius, ya tengo instalado la version 2.1.7, en UBUNTU esta configurado y corriendo, pero al momento de autenticar me produce los siguientes errores...

Si hago el radtest con mi usuario en users alexmoon passwor prueba, me envia el siguiente log...

Debug: Ready to process requests.

rad_recv: Access-Request packet from host 127.0.0.1 port 60340, id=124, length=60
User-Name = "alexmoon"
User-Password = "prueba"
NAS-IP-Address = 127.0.1.1
NAS-Port = 1218
Info: +- entering group authorize {...}
Info: ++[preprocess] returns ok
Info: [auth_log] expand: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /usr/local/var/log/radius/radacct/127.0.0.1/auth-detail-20091217
Info: [auth_log] /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/127.0.0.1/auth-detail-20091217
Info: [auth_log] expand: %t -> Thu Dec 17 09:15:10 2009
Info: ++[auth_log] returns ok
Info: ++[mschap] returns noop
Info: [suffix] No '@' in User-Name = "alexmoon", looking up realm NULL
Info: [suffix] No such realm "NULL"
Info: ++[suffix] returns noop
Info: [eap] No EAP-Message, not doing EAP
Info: ++[eap] returns noop
Info: [files] users: Matched entry alexmoon at line 86
Info: ++[files] returns ok
Info: ++[expiration] returns noop
Info: ++[logintime] returns noop
++[pap] returns updated
Found Auth-Type = PAP
Info: +- entering group PAP {...}
Info: [pap] login attempt with password "prueba"
Info: [pap] Using clear text password "prueba"
Info: [pap] User authenticated successfully
Info: ++[pap] returns ok
Info: +- entering group post-auth {...}
Info: ++[exec] returns noop
Sending Access-Accept of id 124 to 127.0.0.1 port 60340
Info: Finished request 4.
Debug: Going to the next request
Debug: Waking up in 4.9 seconds.
Info: Cleaning up request 4 ID 124 with timestamp +172
Debug: Ready to process requests.


Ahi, no tengo ningun problema pero cuando quiero utilizar con un cliente de windows XP SP3 y mi AP TP-Link con IP 192.168.1.10 secreet miaccesspoint me envia el siguiente log...

Ready to process requests.
rad_recv: Access-Request packet from host 192.168.1.10 port 1060, id=0, length=178
Message-Authenticator = 0x16dc1ceecb1430eb62401e85908f9b00
Service-Type = Framed-User
User-Name = "alexmoon"
Framed-MTU = 1488
Called-Station-Id = "00-21-27-FB-5A-10:TP-LINK"
Calling-Station-Id = "00-16-EB-03-31-A8"
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message = 0x0200000d01616c65786d6f6f6e
NAS-IP-Address = 192.168.1.5
NAS-Port = 1
NAS-Port-Id = "STA port # 1"
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /usr/local/var/log/radius/radacct/192.168.1.10/auth-detail-20091217
[auth_log] /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/192.168.1.10/auth-detail-20091217
[auth_log] expand: %t -> Thu Dec 17 09:44:52 2009
++[auth_log] returns ok
++[mschap] returns noop
[suffix] No '@' in User-Name = "alexmoon", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 0 length 13
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[files] users: Matched entry alexmoon at line 86
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type md5
rlm_eap_md5: Issuing Challenge
++[eap] returns handled
Sending Access-Challenge of id 0 to 192.168.1.10 port 1060
EAP-Message = 0x010100160410ce0c480892c44bab8c1bc3b25b27406f
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xe4897ffde4887bc4edb81aebfa9d1dd4
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.1.10 port 1060, id=1, length=189
Message-Authenticator = 0x64c888a51d75d1867c535c9bad82e3cc
Service-Type = Framed-User
User-Name = "alexmoon"
Framed-MTU = 1488
State = 0xe4897ffde4887bc4edb81aebfa9d1dd4
Called-Station-Id = "00-21-27-FB-5A-10:TP-LINK"
Calling-Station-Id = "00-16-EB-03-31-A8"
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message = 0x020100060319
NAS-IP-Address = 192.168.1.5
NAS-Port = 1
NAS-Port-Id = "STA port # 1"
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /usr/local/var/log/radius/radacct/192.168.1.10/auth-detail-20091217
[auth_log] /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/192.168.1.10/auth-detail-20091217
[auth_log] expand: %t -> Thu Dec 17 09:44:52 2009
++[auth_log] returns ok
++[mschap] returns noop
[suffix] No '@' in User-Name = "alexmoon", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 1 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[files] users: Matched entry alexmoon at line 86
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP NAK
[eap] NAK asked for unsupported type 25
[eap] No common EAP types found.
[eap] Failed in EAP select
++[eap] returns invalid
Failed to authenticate the user.
Using Post-Auth-Type Reject
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} -> alexmoon
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 1 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 1
Sending Access-Reject of id 1 to 192.168.1.10 port 1060
EAP-Message = 0x04010004
Message-Authenticator = 0x00000000000000000000000000000000
Waking up in 3.9 seconds.
Cleaning up request 0 ID 0 with timestamp +26
Waking up in 1.0 seconds.
Cleaning up request 1 ID 1 with timestamp +26
Ready to process requests.

No se que esta mal.... si alguien me puede ayudar con esto, se los voy a agradecer....

Saludos y GRACIAS...
Responder
  • Similar Topics
    Respuestas
    Vistas
    Último mensaje