роутер, точнее ubiqity nanotation, с wpa2 eap авторизацией, если пользователь прописан в /etc/freeradius/users, то всё ок, если пользователь в mysql, что-то идёт не так, вот часть лога когда из файла:
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] Peap state send tlv success
[peap] Received EAP-TLV response.
[peap] Success
[eap] Freeing handler
++[eap] returns ok
а вот из базы, пользователя видит:
[sql] expand: %{User-Name} -> user1
[sql] sql_set_user escaped user --> 'user1'
rlm_sql (sql): Reserving sql socket id: 3
[sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'user1' ORDER BY id
[sql] User found in radcheck table
[sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'user1' ORDER BY id
rlm_sql (sql): Released sql socket id: 3
++[sql] returns ok
но потом, в конце лога вот что:
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] Peap state send tlv failure
[peap] Received EAP-TLV response.
[peap] The users session was previously rejected: returning reject (again.)
[peap] *** This means you need to read the PREVIOUS messages in the debug output
[peap] *** to find out the reason why the user was rejected.
[peap] *** Look for «reject» or «fail». Those earlier messages will tell you.
[peap] *** what went wrong, and how to fix the problem.
[eap] Handler failed in EAP/peap
[eap] Failed in EAP select
++[eap] returns invalid
Failed to authenticate the user.
Login incorrect: [user1/<via Auth-Type = EAP>] (from client 192.168.200.253 port 0 cli 20-7D-74-81-28-7F)
Using Post-Auth-Type Reject
чего где не хватает?
Вы не можете добавлять комментарии в эту тему. Тема перемещена в архив.
Похожие темы
- Форум wpa2 enterprise, eap и freeradius + mysql (2017)
- Форум freeradius (2003)
- Форум Помогите настроить freeradius+cisco 1130AG! (2007)
- Форум freeradius не открывает сессию (2021)
- Форум Freeradius + Mikrotik (2016)
- Форум Помогите настроить FreeRADIUS (2002)
- Форум [freeradius], распледеление user-ов по группам (2010)
- Форум freeradius TLS Alert read:fatal:bad certificate (2008)
- Форум ATEN KVM + Freeradius. (2021)
- Форум [неосиляторство] RADIUS, MySQL (2010)