Freeradius验证属性呼叫站id
我想在一个我认为很简单的问题上得到帮助,但我已经有几天没能发展了 我正在mysql数据库中的freeradius 3.0.16上实现一个服务器,直接对wifi客户端进行身份验证,它可以使用radcheck表中的属性完美地验证用户名和密码: 1 | alan |明文密码|:=| 27082020 当我尝试将这些访问凭据链接到客户端设备的MAC地址时,就会出现问题,我找到的文档告诉我需要在radcheck表中为freeradius添加呼叫站id属性以执行验证,我尝试在mysql表中添加以下2个表单:Freeradius验证属性呼叫站id,freeradius,Freeradius,我想在一个我认为很简单的问题上得到帮助,但我已经有几天没能发展了 我正在mysql数据库中的freeradius 3.0.16上实现一个服务器,直接对wifi客户端进行身份验证,它可以使用radcheck表中的属性完美地验证用户名和密码: 1 | alan |明文密码|:=| 27082020 当我尝试将这些访问凭据链接到客户端设备的MAC地址时,就会出现问题,我找到的文档告诉我需要在radcheck表中为freeradius添加呼叫站id属性以执行验证,我尝试在mysql表中添加以下2个表单:
+ ---- + ---------- + -------------------- + ---- + ------- ------------ +
| id | username | attribute | op | value |
+ ---- + ---------- + -------------------- + ---- + ------- ------------ +
2 | alan | Calling-Station-Id | == | 88-B4-A6-8F-DB-78
2 | alan | Calling-Station-Id | : = | 88-B4-A6-8F-DB-78
但是,我没有获得成功,只是radius忽略了这个属性,并验证了来自任何设备的登录。
我坚信我错过了什么,有人能给我一些提示吗
以下是授权访问的freeradius日志:
Received Access-Request Id 21 from 192.168.3.253:41972 to 192.168.3.73:1812 length 148
(0) User-Name = "alan"
(0) NAS-IP-Address = 0.0.0.0
(0) Called-Station-Id = "90-F6-52-A7-2F-50:dd-wrt"
(0) NAS-Port-Type = Wireless-802.11
(0) NAS-Port = 1
(0) Calling-Station-Id = "88-B4-A6-8F-DB-78"
(0) Connect-Info = "CONNECT 54Mbps 802.11g"
(0) Framed-MTU = 1400
(0) EAP-Message = 0x024d000901616c616e
(0) Message-Authenticator = 0xf6c068bcd509e7a0e8ccd20d22a2e9fc
(0) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/default
(0) authorize {
(0) [preprocess] = ok
(0) auth_log: EXPAND /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(0) auth_log: --> /var/log/freeradius/radacct/192.168.3.253/auth-detail-20200828
(0) auth_log: /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/192.168.3.253/auth-detail-20200828
(0) auth_log: EXPAND %t
(0) auth_log: --> Fri Aug 28 16:43:02 2020
(0) [auth_log] = ok
(0) [chap] = noop
(0) [mschap] = noop
(0) eap: Peer sent EAP Response (code 2) ID 77 length 9
(0) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
(0) [eap] = ok
(0) sql: EXPAND %{User-Name}
(0) sql: --> alan
(0) sql: SQL-User-Name set to 'alan'
rlm_sql (sql): Reserved connection (0)
(0) sql: EXPAND SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id
(0) sql: --> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'alan' ORDER BY id
(0) sql: Executing select query: SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'alan' ORDER BY id
(0) sql: User found in radcheck table
(0) sql: Conditional check items matched, merging assignment check items
(0) sql: Cleartext-Password := "27082020"
(0) sql: Calling-Station-Id := "88-B4-A6-8F-DB-00"
(0) sql: EXPAND SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id
(0) sql: --> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'alan' ORDER BY id
(0) sql: Executing select query: SELECT id, username, attribute, value, op FROM radreply WHERE username = 'alan' ORDER BY id
(0) sql: EXPAND SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority
(0) sql: --> SELECT groupname FROM radusergroup WHERE username = 'alan' ORDER BY priority
(0) sql: Executing select query: SELECT groupname FROM radusergroup WHERE username = 'alan' ORDER BY priority
(0) sql: User not found in any groups
rlm_sql (sql): Released connection (0)
Need 5 more connections to reach 10 spares
rlm_sql (sql): Opening additional connection (5), 1 of 27 pending slots used
rlm_sql_mysql: Starting connect to MySQL server
rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX socket, server version 5.5.5-10.1.44-MariaDB-0ubuntu0.18.04.1, protocol version 10
(0) [sql] = ok
(0) [expiration] = noop
(0) [logintime] = noop
(0) pap: WARNING: Auth-Type already set. Not setting to PAP
(0) [pap] = noop
(0) } # authorize = ok