我尝试设置 Freeradius 服务器,但当我尝试使用以下方式启动它时
# service freeradius start
Job for freeradius.service failed because the control process exited with error code. See "systemctl status freeradius.service" and "journalctl -xe" for details.
当我写 journalctl 时我得到了这个
-- The start-up result is done.
Dec 30 16:03:05 pppie sudo[19994]: dilian : TTY=pts/0 ; PWD=/home/dilian ; USER=root ; COMMAND=/bin/su
Dec 30 16:03:05 pppie sudo[19994]: pam_unix(sudo:session): session opened for user root by dilian(uid=0)
Dec 30 16:03:06 pppie su[19995]: Successful su for root by root
Dec 30 16:03:06 pppie su[19995]: + /dev/pts/0 root:root
Dec 30 16:03:06 pppie su[19995]: pam_unix(su:session): session opened for user root by dilian(uid=0)
Dec 30 16:03:06 pppie su[19995]: pam_systemd(su:session): Cannot create session: Already running in a session
Dec 30 16:03:28 pppie systemd[1]: Starting LSB: Radius Daemon...
-- Subject: Unit freeradius.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit freeradius.service has begun starting up.
Dec 30 16:03:28 pppie freeradius[20039]: * Starting FreeRADIUS daemon freeradius
Dec 30 16:03:28 pppie freeradius[20039]: ...fail!
Dec 30 16:03:28 pppie systemd[1]: freeradius.service: Control process exited, code=exited status=1
Dec 30 16:03:28 pppie systemd[1]: Failed to start LSB: Radius Daemon.
-- Subject: Unit freeradius.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit freeradius.service has failed.
--
-- The result is failed.
Dec 30 16:03:28 pppie systemd[1]: freeradius.service: Unit entered failed state.
Dec 30 16:03:28 pppie systemd[1]: freeradius.service: Failed with result 'exit-code'.
当我尝试“freeradius -X”时,我到达最后一个线并且它停留在那里什么也不做。
> # freeradius -X freeradius: FreeRADIUS Version 2.2.8, for host x86_64-pc-linux-gnu, built on Apr
> 5 2016 at 13:40:43 Copyright (C) 1999-2015 The FreeRADIUS server
> project and contributors. There is NO warranty; not even for
> MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. You may
> redistribute copies of FreeRADIUS under the terms of the GNU General
> Public License. For more information about these matters, see the file
> named COPYRIGHT. Starting - reading configuration files ... including
> configuration file /etc/freeradius/radiusd.conf including
> configuration file /etc/freeradius/proxy.conf including configuration
> file /etc/freeradius/clients.conf including configuration file
> /etc/freeradius/snmp.conf including configuration file
> /etc/freeradius/nibs.conf main {
> user = "nobody"
> group = "nobody"
> allow_core_dumps = no } including dictionary file /etc/freeradius/dictionary main {
> name = "radiusd"
> prefix = "/usr/local"
> localstatedir = "/var"
> sbindir = "/usr/local/sbin"
> logdir = "/var/log"
> run_dir = "/var/run/radiusd"
> libdir = "/usr/local/lib"
> radacctdir = "/var/log/radacct"
> hostname_lookups = no
> max_request_time = 30
> cleanup_delay = 5
> max_requests = 1024
> pidfile = "/var/run/radiusd/radiusd.pid"
> checkrad = "/usr/local/sbin/checkrad"
> debug_level = 0
> proxy_requests = no
> log_auth = no
> log_auth_badpass = yes
> log_auth_goodpass = yes
> log_stripped_names = no security {
> max_attributes = 200
> reject_delay = 1
> status_server = no
> allow_vulnerable_openssl = no } } radiusd: #### Loading Realms and Home Servers #### proxy server {
> retry_delay = 5
> retry_count = 3
> default_fallback = no
> dead_time = 120
> wake_all_if_all_dead = no } home_server localhost {
> ipaddr = 127.0.0.1
> port = 1812
> type = "auth"
> secret = "testing123"
> response_window = 20
> max_outstanding = 65536
> require_message_authenticator = yes
> zombie_period = 40
> status_check = "status-server"
> ping_interval = 30
> check_interval = 30
> num_answers_to_alive = 3
> num_pings_to_alive = 3
> revive_interval = 120
> status_check_timeout = 4 coa {
> irt = 2
> mrt = 16
> mrc = 5
> mrd = 30 } } home_server_pool my_auth_failover {
> type = fail-over
> home_server = localhost } realm example.com {
> auth_pool = my_auth_failover } realm LOCAL { } radiusd: #### Loading Clients #### client localhost {
> ipaddr = 127.0.0.1
> require_message_authenticator = no
> secret = "testing123"
> nastype = "other" } radiusd: #### Instantiating modules #### instantiate { Module: Linked to module rlm_exec Module:
> Instantiating module "exec" from file /etc/freeradius/radiusd.conf
> exec {
> wait = yes
> input_pairs = "request"
> shell_escape = yes } Module: Linked to module rlm_expr Module: Instantiating module "expr" from file
> /etc/freeradius/radiusd.conf } radiusd: #### Loading Virtual Servers
> #### server { # from file /etc/freeradius/radiusd.conf modules { } # modules } # server radiusd: #### Opening IP addresses and Ports ####
> bind_address = * WARNING: The directive 'bind_address' is deprecated, and will be removed in futu
> re versions of FreeRADIUS. Please edit the configuration files to use
> the direct
> ive 'listen'. Listening on authentication address * port 1812
> Listening on accounting address * port 1813 Ready to process requests.
没有错误消息,我不知道该怎么做才能修复它...我使用的是 Ubuntu 服务器 16.04
如果有人知道哪里出了问题?那将是您宝贵的时间。
当我尝试
root@pppie:/home/dilian# freeradius -f -lstdout -XXX
Fri Jan 6 14:05:36 2017 : Info: freeradius: FreeRADIUS Version 2.2.8, for host x86_64-pc-linux-gnu, built on Apr 5 2016 at 13:40:43
Fri Jan 6 14:05:36 2017 : Debug: Server was built with:
Fri Jan 6 14:05:36 2017 : Debug: accounting
Fri Jan 6 14:05:36 2017 : Debug: authentication
Fri Jan 6 14:05:36 2017 : Debug: WITH_DHCP
Fri Jan 6 14:05:36 2017 : Debug: WITH_VMPS
Fri Jan 6 14:05:36 2017 : Debug: Server core libs:
Fri Jan 6 14:05:36 2017 : Debug: ssl: OpenSSL 1.0.2g 1 Mar 2016
Fri Jan 6 14:05:36 2017 : Info: Copyright (C) 1999-2015 The FreeRADIUS server project and contributors.
Fri Jan 6 14:05:36 2017 : Info: There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
Fri Jan 6 14:05:36 2017 : Info: PARTICULAR PURPOSE.
Fri Jan 6 14:05:36 2017 : Info: You may redistribute copies of FreeRADIUS under the terms of the
Fri Jan 6 14:05:36 2017 : Info: GNU General Public License.
Fri Jan 6 14:05:36 2017 : Info: For more information about these matters, see the file named COPYRIGHT.
Fri Jan 6 14:05:36 2017 : Info: Starting - reading configuration files ...
Fri Jan 6 14:05:36 2017 : Debug: including configuration file /etc/freeradius/radiusd.conf
Fri Jan 6 14:05:36 2017 : Debug: including configuration file /etc/freeradius/proxy.conf
Fri Jan 6 14:05:36 2017 : Debug: including configuration file /etc/freeradius/clients.conf
Fri Jan 6 14:05:36 2017 : Debug: including configuration file /etc/freeradius/snmp.conf
Fri Jan 6 14:05:36 2017 : Debug: including configuration file /etc/freeradius/nibs.conf
Fri Jan 6 14:05:36 2017 : Debug: main {
Fri Jan 6 14:05:36 2017 : Debug: user = "nobody"
Fri Jan 6 14:05:36 2017 : Debug: group = "nobody"
Fri Jan 6 14:05:36 2017 : Debug: allow_core_dumps = no
Fri Jan 6 14:05:36 2017 : Debug: }
Fri Jan 6 14:05:36 2017 : Debug: including dictionary file /etc/freeradius/dictionary
Fri Jan 6 14:05:36 2017 : Debug: main {
Fri Jan 6 14:05:36 2017 : Debug: name = "radiusd"
Fri Jan 6 14:05:36 2017 : Debug: prefix = "/usr/local"
Fri Jan 6 14:05:36 2017 : Debug: localstatedir = "/var"
Fri Jan 6 14:05:36 2017 : Debug: sbindir = "/usr/local/sbin"
Fri Jan 6 14:05:36 2017 : Debug: logdir = "/var/log"
Fri Jan 6 14:05:36 2017 : Debug: run_dir = "/var/run/radiusd"
Fri Jan 6 14:05:36 2017 : Debug: libdir = "/usr/local/lib"
Fri Jan 6 14:05:36 2017 : Debug: radacctdir = "/var/log/radacct"
Fri Jan 6 14:05:36 2017 : Debug: hostname_lookups = no
Fri Jan 6 14:05:36 2017 : Debug: max_request_time = 30
Fri Jan 6 14:05:36 2017 : Debug: cleanup_delay = 5
Fri Jan 6 14:05:36 2017 : Debug: max_requests = 1024
Fri Jan 6 14:05:36 2017 : Debug: pidfile = "/var/run/radiusd/radiusd.pid"
Fri Jan 6 14:05:36 2017 : Debug: checkrad = "/usr/local/sbin/checkrad"
Fri Jan 6 14:05:36 2017 : Debug: debug_level = 0
Fri Jan 6 14:05:36 2017 : Debug: proxy_requests = no
Fri Jan 6 14:05:36 2017 : Debug: log_auth = no
Fri Jan 6 14:05:36 2017 : Debug: log_auth_badpass = yes
Fri Jan 6 14:05:36 2017 : Debug: log_auth_goodpass = yes
Fri Jan 6 14:05:36 2017 : Debug: log_stripped_names = no
Fri Jan 6 14:05:36 2017 : Debug: security {
Fri Jan 6 14:05:36 2017 : Debug: max_attributes = 200
Fri Jan 6 14:05:36 2017 : Debug: reject_delay = 1
Fri Jan 6 14:05:36 2017 : Debug: status_server = no
Fri Jan 6 14:05:36 2017 : Debug: allow_vulnerable_openssl = no
Fri Jan 6 14:05:36 2017 : Debug: }
Fri Jan 6 14:05:36 2017 : Debug: }
Fri Jan 6 14:05:36 2017 : Debug: radiusd: #### Loading Realms and Home Servers ####
Fri Jan 6 14:05:36 2017 : Debug: proxy server {
Fri Jan 6 14:05:36 2017 : Debug: retry_delay = 5
Fri Jan 6 14:05:36 2017 : Debug: retry_count = 3
Fri Jan 6 14:05:36 2017 : Debug: default_fallback = no
Fri Jan 6 14:05:36 2017 : Debug: dead_time = 120
Fri Jan 6 14:05:36 2017 : Debug: wake_all_if_all_dead = no
Fri Jan 6 14:05:36 2017 : Debug: }
Fri Jan 6 14:05:36 2017 : Debug: home_server localhost {
Fri Jan 6 14:05:36 2017 : Debug: ipaddr = 127.0.0.1
Fri Jan 6 14:05:36 2017 : Debug: port = 1812
Fri Jan 6 14:05:36 2017 : Debug: type = "auth"
Fri Jan 6 14:05:36 2017 : Debug: secret = "testing123"
Fri Jan 6 14:05:36 2017 : Debug: response_window = 20
Fri Jan 6 14:05:36 2017 : Debug: max_outstanding = 65536
Fri Jan 6 14:05:36 2017 : Debug: require_message_authenticator = yes
Fri Jan 6 14:05:36 2017 : Debug: zombie_period = 40
Fri Jan 6 14:05:36 2017 : Debug: status_check = "status-server"
Fri Jan 6 14:05:36 2017 : Debug: ping_interval = 30
Fri Jan 6 14:05:36 2017 : Debug: check_interval = 30
Fri Jan 6 14:05:36 2017 : Debug: num_answers_to_alive = 3
Fri Jan 6 14:05:36 2017 : Debug: num_pings_to_alive = 3
Fri Jan 6 14:05:36 2017 : Debug: revive_interval = 120
Fri Jan 6 14:05:36 2017 : Debug: status_check_timeout = 4
Fri Jan 6 14:05:36 2017 : Debug: coa {
Fri Jan 6 14:05:36 2017 : Debug: irt = 2
Fri Jan 6 14:05:36 2017 : Debug: mrt = 16
Fri Jan 6 14:05:36 2017 : Debug: mrc = 5
Fri Jan 6 14:05:36 2017 : Debug: mrd = 30
Fri Jan 6 14:05:36 2017 : Debug: }
Fri Jan 6 14:05:36 2017 : Debug: }
Fri Jan 6 14:05:36 2017 : Debug: home_server_pool my_auth_failover {
Fri Jan 6 14:05:36 2017 : Debug: type = fail-over
Fri Jan 6 14:05:36 2017 : Debug: home_server = localhost
Fri Jan 6 14:05:36 2017 : Debug: }
Fri Jan 6 14:05:36 2017 : Debug: realm example.com {
Fri Jan 6 14:05:36 2017 : Debug: auth_pool = my_auth_failover
Fri Jan 6 14:05:36 2017 : Debug: }
Fri Jan 6 14:05:36 2017 : Debug: realm LOCAL {
Fri Jan 6 14:05:36 2017 : Debug: }
Fri Jan 6 14:05:36 2017 : Debug: radiusd: #### Loading Clients ####
Fri Jan 6 14:05:36 2017 : Debug: client localhost {
Fri Jan 6 14:05:36 2017 : Debug: ipaddr = 127.0.0.1
Fri Jan 6 14:05:36 2017 : Debug: require_message_authenticator = no
Fri Jan 6 14:05:36 2017 : Debug: secret = "testing123"
Fri Jan 6 14:05:36 2017 : Debug: nastype = "other"
Fri Jan 6 14:05:36 2017 : Debug: }
Fri Jan 6 14:05:36 2017 : Debug: radiusd: #### Instantiating modules ####
Fri Jan 6 14:05:36 2017 : Debug: instantiate {
Fri Jan 6 14:05:36 2017 : Debug: (Loaded rlm_exec, checking if it's valid)
Fri Jan 6 14:05:36 2017 : Debug: Module: Linked to module rlm_exec
Fri Jan 6 14:05:36 2017 : Debug: Module: Instantiating module "exec" from file /etc/freeradius/radiusd.conf
Fri Jan 6 14:05:36 2017 : Debug: exec {
Fri Jan 6 14:05:36 2017 : Debug: wait = yes
Fri Jan 6 14:05:36 2017 : Debug: input_pairs = "request"
Fri Jan 6 14:05:36 2017 : Debug: shell_escape = yes
Fri Jan 6 14:05:36 2017 : Debug: }
Fri Jan 6 14:05:36 2017 : Debug: (Loaded rlm_expr, checking if it's valid)
Fri Jan 6 14:05:36 2017 : Debug: Module: Linked to module rlm_expr
Fri Jan 6 14:05:36 2017 : Debug: Module: Instantiating module "expr" from file /etc/freeradius/radiusd.conf
Fri Jan 6 14:05:36 2017 : Debug: }
Fri Jan 6 14:05:36 2017 : Debug: radiusd: #### Loading Virtual Servers ####
Fri Jan 6 14:05:36 2017 : Debug: server { # from file /etc/freeradius/radiusd.conf
Fri Jan 6 14:05:36 2017 : Debug: modules {
Fri Jan 6 14:05:36 2017 : Debug: } # modules
Fri Jan 6 14:05:36 2017 : Debug: } # server
Fri Jan 6 14:05:36 2017 : Debug: radiusd: #### Opening IP addresses and Ports ####
Fri Jan 6 14:05:36 2017 : Debug: bind_address = *
Fri Jan 6 14:05:36 2017 : Info: WARNING: The directive 'bind_address' is deprecated, and will be removed in future versions of FreeRADIUS. Please edit the configuration files to use the directive 'listen'.
Fri Jan 6 14:05:36 2017 : Debug: Listening on authentication address * port 1812
Fri Jan 6 14:05:36 2017 : Debug: Listening on accounting address * port 1813
Fri Jan 6 14:05:36 2017 : Info: Ready to process requests.
并且它再次停留在“准备处理请求”行。
当我尝试用以下命令启动它时:
root@pppie:/home/dilian# /etc/init.d/freeradius start
[....] Starting freeradius (via systemctl): freeradius.serviceJob for freeradius.service failed because the control process exited with error code. See "systemctl status freeradius.service" and "journalctl -xe" for details.
failed!
我以 root 身份运行
答案1
很可能是权限问题。
使用 -X 后,FreeRADIUS 进程不会切换用户,而是保持以执行者的身份运行。
使用以下命令启动 freeradius:
-f -lstdout -xxx
-f
在前台运行-lstdout
记录到标准输出-xxx
将日志记录详细程度设置为-X
然后它将使用配置的 UID/GID 运行。
答案2
我首先尝试使用本地主机。我为本地主机使用的客户端详细信息是问题的根源。
当我在测试客户端输入以下内容时:
客户端 127.0.0.1{ secret = mysecret 短名称 = localhost nastype = other }
服务已启动,我能够在 Ubuntu 16.04 上完成安装