我目前部署了 freeradius,radtest 对本地主机来说看起来不错,但是当我从外部服务器发送访问请求时,FreeRadius 服务器没有回复。请参见下面的 radsniff 输出
[root@pgw-radius tmp]# radsniff -i ens192
2023-03-18 17:29:17.588990 (1) Access-Request Id 91 ens192:10.0.34.13:48791 -> 10.0.33.108:1812 +0.000
2023-03-18 17:29:22.788990 (1) ** norsp ** Access-Request Id 91 ens192:10.0.34.13:48791 -> 10.0.33.108:1812
2023-03-18 17:29:52.771149 (2) Access-Request Id 51 ens192:10.0.34.13:48799 -> 10.0.33.108:1812 +35.182
2023-03-18 17:29:52.865949 (3) Access-Request Id 92 ens192:10.0.34.13:48791 -> 10.0.33.108:1812 +35.276
2023-03-18 17:29:57.971149 (2) ** norsp ** Access-Request Id 51 ens192:10.0.34.13:48799 -> 10.0.33.108:1812
2023-03-18 17:29:58.659490 (3) ** norsp ** Access-Request Id 92 ens192:10.0.34.13:48791 -> 10.0.33.108:1812
调试结果
Listening on auth address * port 1812 bound to server default
Listening on acct address * port 1813 bound to server default
Listening on auth address :: port 1812 bound to server default
Listening on acct address :: port 1813 bound to server default
Listening on auth address 127.0.0.1 port 18120 bound to server inner-tunnel
Listening on proxy address * port 43265
Listening on proxy address :: port 40852
Ready to process requests
Ignoring request to auth address * port 1812 bound to server default from unknown client 10.0.34.13 port 48791 proto udp
Ready to process requests
Ignoring request to auth address * port 1812 bound to server default from unknown client 10.0.34.13 port 48791 proto udp
Ready to process requests
Ignoring request to auth address * port 1812 bound to server default from unknown client 10.0.34.13 port 48791 proto udp
Ready to process requests
Ignoring request to auth address * port 1812 bound to server default from unknown client 10.0.34.13 port 48799 proto udp
Ready to process requests
答案1
你可以做几件事,首先检查port1812 是否被某些东西阻止,也Freeradius可能是你的配置错误,检查配置文件/etc/raddb/clients.conf并/etc/raddb/users确保外部服务器被允许发送Acces-Request数据包,并且身份验证方法已按你想要的方式配置
答案2
谢谢大家,问题出在/etc/raddb/用户“授权”文件,服务器现在以访问拒绝响应,下一步是检查身份验证和加密类型。