freeradius与mySQL联用的最简单例程失败,不知原因出在哪里

发布于 2021-11-29 03:40:20 字数 6733 浏览 835 评论 2

下面是我对数据库mysql的操作

1. 
mysqladmin -u root -p create radius
2. 
mysql -u root -p < /etc/freeradius/sql/mysql/admin.sql
3. 
mysql -u root -p radius < /etc/freeradius/sql/mysql/schema.sql
4.
mysql -u root -p radius
INSERT INTO radcheck (username, attribute, op, value) VALUES
('bob', 'Cleartext-Password', ':=', 'passbob');
INSERT INTO radreply (username, attribute, op, value) VALUES
('bob', 'Reply-Message', '=', 'Hello Bob!');

接着我按网上的教程成功启用了freeradius的SQL模块,

然后我执行了radtest bob passbob 127.0.0.1 100 testing123来测试,freeradius输出如下

(0) Received Access-Request Id 236 from 127.0.0.1:34001 to 127.0.0.1:1812 length 73

(0)   User-Name = 'bob'

(0)   User-Password = 'passbob'

(0)   NAS-IP-Address = 127.0.1.1

(0)   NAS-Port = 100

(0)   Message-Authenticator = 0xc407df3a9996ca6be1515500fe63ca18

(0) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default

(0)   authorize {

(0)     policy filter_username {

(0)       if (!&User-Name) {

(0)       if (!&User-Name)  -> FALSE

(0)       if (&User-Name =~ / /) {

(0)       if (&User-Name =~ / /)  -> FALSE

(0)       if (&User-Name =~ /@.*@/ ) {

(0)       if (&User-Name =~ /@.*@/ )  -> FALSE

(0)       if (&User-Name =~ /../ ) {

(0)       if (&User-Name =~ /../ )  -> FALSE

(0)       if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+).(.+)$/))  {

(0)       if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+).(.+)$/))   -> FALSE

(0)       if (&User-Name =~ /.$/)  {

(0)       if (&User-Name =~ /.$/)   -> FALSE

(0)       if (&User-Name =~ /@./)  {

(0)       if (&User-Name =~ /@./)   -> FALSE

(0)     } # policy filter_username = notfound

(0)     [preprocess] = ok

(0)     [chap] = noop

(0)     [mschap] = noop

(0)     [digest] = noop

(0) suffix: Checking for suffix after "@"

(0) suffix: No '@' in User-Name = "bob", looking up realm NULL

(0) suffix: No such realm "NULL"

(0)     [suffix] = noop

(0) eap: No EAP-Message, not doing EAP

(0)     [eap] = noop

(0) sql: EXPAND %{User-Name}

(0) sql:    --> bob

(0) sql: SQL-User-Name set to 'bob'

rlm_sql (sql): Reserved connection (4)

(0) sql: EXPAND SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id

(0) sql:    --> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'bob' ORDER BY id

(0) sql: Executing select query: SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'bob' ORDER BY id

(0) sql: EXPAND SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority

(0) sql:    --> SELECT groupname FROM radusergroup WHERE username = 'bob' ORDER BY priority

(0) sql: Executing select query: SELECT groupname FROM radusergroup WHERE username = 'bob' ORDER BY priority

(0) sql: User not found in any groups

rlm_sql (sql): Released connection (4)

rlm_sql (sql): Closing connection (0), from 1 unused connections

(0)     [sql] = notfound

(0)     [expiration] = noop

(0)     [logintime] = noop

(0) pap: WARNING: No "known good" password found for the user.  Not setting Auth-Type

(0) pap: WARNING: Authentication will fail unless a "known good" password is available

(0)     [pap] = noop

(0)   } # authorize = ok

(0) ERROR: No Auth-Type found: rejecting the user via Post-Auth-Type = Reject

(0) Failed to authenticate the user

(0) Using Post-Auth-Type Reject

(0) # Executing group from file /usr/local/etc/raddb/sites-enabled/default

(0)   Post-Auth-Type REJECT {

(0) sql: EXPAND .query

(0) sql:    --> .query

(0) sql: Using query template 'query'

rlm_sql (sql): Reserved connection (4)

(0) sql: EXPAND %{User-Name}

(0) sql:    --> bob

(0) sql: SQL-User-Name set to 'bob'

(0) sql: EXPAND INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{SQL-User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S')

(0) sql:    --> INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'bob', 'passbob', 'Access-Reject', '2015-06-02 00:35:33')

(0) sql: Executing query: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'bob', 'passbob', 'Access-Reject', '2015-06-02 00:35:33')

(0) sql: SQL query returned: success

(0) sql: 1 record(s) updated

rlm_sql (sql): Released connection (4)

(0)     [sql] = ok

(0) attr_filter.access_reject: EXPAND %{User-Name}

(0) attr_filter.access_reject:    --> bob

(0) attr_filter.access_reject: Matched entry DEFAULT at line 18

(0)     [attr_filter.access_reject] = updated

(0)     [eap] = noop

(0)     policy remove_reply_message_if_eap {

(0)       if (&reply:EAP-Message && &reply:Reply-Message) {

(0)       if (&reply:EAP-Message && &reply:Reply-Message)  -> FALSE

(0)       else {

(0)         [noop] = noop

(0)       } # else = noop

(0)     } # policy remove_reply_message_if_eap = noop

(0)   } # Post-Auth-Type REJECT = updated

(0) Delaying response for 1.000000 seconds

Waking up in 0.3 seconds.

Waking up in 0.6 seconds.

(0) <delay>: Sending delayed response

(0) <delay>: Sent Access-Reject Id 236 from 127.0.0.1:1812 to 127.0.0.1:34001 length 20

Waking up in 3.9 seconds.

(0) <delay>: Cleaning up request packet ID 236 with timestamp +48

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

情痴 2021-12-01 05:34:18

我已经解决了,是驱动没选好,driver因该选为rml_sql_mysql

执手闯天涯 2021-11-29 05:19:49

/etc/raddb/sites-enabled/default中post-auth Post-Auth-Type REJECT 中sql的注释去掉

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文