我正在尝试使用带有以下设备的路由器配置强制门户:OpenWRT+ChilliSpot以及一个外部服务器自由半径和一个 Web 服务器。
- ChilliSpot 1.3.0
我现在的问题是,如果用户名存在于数据库中,则 freeradius 服务器回答 OK,无论密码是否正确。
经过几个月与路由器的斗争后,似乎一切都按预期运行:
- 您连接到 wifi(但无法访问互联网)
- 路由器将你重定向到强制门户
- 您进行登录,由 Chilli 管理,Chilli 将登录信息发送到 FreeRadius
- 如果您的用户/密码正确,您就可以访问互联网
一切都很顺利,直到我尝试设置自由半径使用MySQL。我对所有的属性有点迷茫,我将制作一份关于我想要实现的结构的简历:
- 团体一般的与
Session-Timeout和Idle-Timeout(这两个都工作正常)- 我已经设置了会话和空闲超时在表格中radgroupreply
Expiration拥有和的用户Chap-Passwords- 我将此属性添加到表中辐射检查
我还添加了一些其他属性以使事情正常运转:
Service-Type == Login-UserFall-Through = Yes
进入辐射检查和radgroupcheck表格(我想我必须改变这一点)
我一直在尝试阅读或寻找一些地方来了解自由半径属性,但我不确定是否应该将它们放入 radchek 或 radreply(或 radgroupcheck/radgroupreply)。我已经检查过自由半径 RFC但我从来不确定它的属性。
这是发送的查询辣椒到自由半径:
rad_recv: Accounting-Request packet from host port 58620, id=16, length=222
ChilliSpot-Version = "1.3.0-svn"
ChilliSpot-Attr-10 = 0x00000002
Event-Timestamp = "Jan 1 1970 00:17:18 UTC"
User-Name = "garcia"
Acct-Status-Type = Start
Acct-Session-Id = "549198cb00000001"
Framed-IP-Address = 10.1.0.2
NAS-Port-Type = Wireless-802.11
NAS-Port = 1
NAS-Port-Id = "00000001"
Calling-Station-Id = "HH-HH-HH-HH-HH-HH"
Called-Station-Id = "HH-HH-HH-HH-HH-HH"
NAS-IP-Address = 10.1.0.1
NAS-Identifier = "mynas"
这是 freeradius 执行的完整跟踪:
# Executing section preacct from file /etc/freeradius/sites-enabled/default
+- entering group preacct {...}
++[preprocess] returns ok
[acct_unique] Hashing 'NAS-Port = 1,Client-IP-Address = 123.123.123.123,NAS-IP-Address = 10.1.0.1,Acct-Session-Id = "549198cb00000001",User-Name
= "garcia"'
[acct_unique] Acct-Unique-Session-ID = "7d27c494d7b404c8".
++[acct_unique] returns ok
[suffix] No '@' in User-Name = "garcia", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[files] returns noop
# Executing section accounting from file /etc/freeradius/sites-enabled/default
+- entering group accounting {...}
[detail] expand: %{Packet-Src-IP-Address} -> 123.123.123.123
[detail] expand: /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d -> /var/log/freerad
ius/radacct/123.123.123.123/detail-20141217
[detail] /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d expands to /var/log/freeradius/rad
acct/123.123.123.123/detail-20141217
[detail] expand: %t -> Wed Dec 17 15:00:38 2014
++[detail] returns ok
++[unix] returns ok
[radutmp] expand: /var/log/freeradius/radutmp -> /var/log/freeradius/radutmp
[radutmp] expand: %{User-Name} -> garcia
++[radutmp] returns ok
[sql] expand: %{User-Name} -> garcia
[sql] sql_set_user escaped user --> 'garcia'
[sql] expand: %{Acct-Delay-Time} ->
[sql] ... expanding second conditional
[sql] expand: INSERT INTO radacct (acctsessionid, acctuniqueid, username, realm, nasipaddress, nasportid, nasporttype, acctstarttime, acctstoptime, acctsessiontime, acctauthentic, connectinfo_start, connectinfo_stop, acctinputoctets, acctoutputoctets, calledstationid, callingstationid, acctterminatecause, servicetype,framedprotocol, framedipaddress, acctstartdelay, acctstopdelay, xascendsessionsvrkey) VALUES ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', '%S', NULL, '0', '%{Acct-Authentic}', '%{Connect-Info}', '', '0', '0', '%{Called-Station-Id}', '%{Calling-Station-Id}', '', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}',
rlm_sql (sql): Reserving sql socket id: 1
rlm_sql_mysql: MYSQL check_error: 1054 received
[sql] Couldn't insert SQL accounting START record - Unknown column 'xascendsessionsvrkey' in 'field list'
[sql] expand: %{Acct-Delay-Time} ->
[sql] ... expanding second conditional
[sql] expand:UPDATE radacct SET acctstarttime = '%S', acctstartdelay = '%{%{Acct-Delay-Time}:-0}', connectinfo_start = '%{Connect-Info}' WHERE acctsessionid = '%{Acct-Session-Id}' AND username = '%{SQL-User-Name}' AND nasipaddress = '%{NAS-IP-Address}' ->UPDATE radacct SET acctstarttime = '2014-12-17 15:00:38', acctstartdelay = '0', connectinfo_start = '' WHERE acctsessionid = '549198cb00000001' AND username = 'garcia' AND nasipaddress = '10.1.0.1'
rlm_sql (sql): Released sql socket id: 1
++[sql] returns ok
如果我Auth-Type := Accept从radgroupcheck表登录失败:
[pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.
++[pap] returns noop
Found Auth-Type = CHAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group CHAP {...}
[chap] login attempt by "garcia" with CHAP password
[chap] Cleartext-Password is required for authentication
++[chap] returns invalid
Failed to authenticate the user.
但用户已Chap-Password在辐射检查桌子 !
- 使用 Chap-Passwords 登录用户的最简单方法是什么?
radchek在、radreply和radgroupcheck中我应该包含什么radgroupreply?
答案1
终于解决了我的问题,该问题是一个 tipo 问题,我的数据库中有:
160 | e6867740-7d07-4783-b210-5cc3accb44eb | ClearText-Password | := | pass
我写ClearText-Password的电视的 ”文本" 大写字母。
正确的方法Cleartext-Password是吨的 ”文本“非大写字母。