Warning: file_get_contents(/data/phpspider/zhask/data//catemap/1/angular/27.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Openssl Freeradius始终拒绝访问请求_Openssl_Raspberry Pi_Radius_Freeradius_Access Point - Fatal编程技术网
Fatal编程技术网
  • openssl/
  • Openssl Freeradius始终拒绝访问请求

Openssl Freeradius始终拒绝访问请求

openssl raspberry-pi

Openssl Freeradius始终拒绝访问请求,openssl,raspberry-pi,radius,freeradius,access-point,Openssl,Raspberry Pi,Radius,Freeradius,Access Point,我正在尝试在Raspberry Pi B上设置一个FreeRadius服务器,与WLAN接入点连接。 我创建了证书,就像自述文件中描述的那样。当我尝试登录到访问点时,我从服务器获得以下调试输出 ... adding new socket proxy address * port 60940 Listening on authentication address * port 1812 Listening on accounting address * port 1813

我正在尝试在Raspberry Pi B上设置一个FreeRadius服务器,与WLAN接入点连接。 我创建了证书,就像自述文件中描述的那样。当我尝试登录到访问点时,我从服务器获得以下调试输出

 ... adding new socket proxy address * port 60940
    Listening on authentication address * port 1812
    Listening on accounting address * port 1813
    Listening on authentication address 127.0.0.1 port 18120 as server inner-tunnel
    Listening on proxy address * port 1814
    Ready to process requests.
    rad_recv: Access-Request packet from host 192.168.155.44 port 3072, id=239, length=174
        User-Name = "14cc20-1a6f73"
        User-Password = "\312G'\275\3138\034\036\020\t\022ZE\243\376N"
        NAS-Identifier = "Access-Point"
        NAS-IP-Address = 192.168.155.44
        Called-Station-Id = "EC-E5-55-FF-D2-B8:Access-Point"
        NAS-Port-Type = Wireless-802.11
        Service-Type = Framed-User
        NAS-Port = 1
        NAS-Port-Id = "1"
        Calling-Station-Id = "14-CC-20-1A-6F-73"
        Connect-Info = "CONNECT 150 Mbps 802.11g/n"
    # Executing section authorize from file /etc/freeradius/sites-enabled/default
    +- entering group authorize {...}
    ++[preprocess] returns ok
    ++[chap] returns noop
    ++[mschap] returns noop
    ++[digest] returns noop
    [suffix] No '@' in User-Name = "14cc20-1a6f73", looking up realm NULL
    [suffix] No such realm "NULL"
    ++[suffix] returns noop
    [eap] No EAP-Message, not doing EAP
    ++[eap] returns noop
    ++[files] returns noop
    ++[expiration] returns noop
    ++[logintime] returns noop
    [pap] WARNING! No "known good" password found for the user.  Authentication may fail because of this.
    ++[pap] returns noop
    ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user
    Failed to authenticate the user.
      WARNING: Unprintable characters in the password.  Double-check the shared secret on the server and the NAS!
    Using Post-Auth-Type Reject
    # Executing group from file /etc/freeradius/sites-enabled/default
    +- entering group REJECT {...}
    [attr_filter.access_reject]     expand: %{User-Name} -> 14cc20-1a6f73
    attr_filter: Matched entry DEFAULT at line 11
    ++[attr_filter.access_reject] returns updated
    Delaying reject of request 0 for 1 seconds
    Going to the next request
我将用户写入用户文件,如下所示

ExampleUser Cleartext-Password := "PASSWORD"
让我烦恼的是,用户密码和用户名似乎是以加密格式发送到服务器的,这可能是它无法工作的原因,但我不知道是什么原因导致了这种情况。
我正在尝试使用Xubuntu上的PEAP V0 MSCHAPv2通过WPA/WPA2企业登录,这应该可以工作。如果我选择动态WEP(802.1x),Radius服务器甚至不会收到请求(我正在使用tshark监控流量)。

用户名不是以加密格式从服务器发送的,而是用户密码。FreeRADIUS无法检查解密是否成功,因此您知道的唯一方法是解密的密码是否与用户密码匹配

一个很好的提示是,如果密码包含大量无法打印的字符(如上所述),那么RADIUS服务器和NAS之间的秘密可能不正确

如果您解决了这个问题,您应该会在调试输出中看到实际密码,然后您可以让服务器发送一个接受。

好的,我也想知道“不可打印字符”,但为什么它们不可打印?我在raspberry和access point上检查了很多次共享秘密,但它们匹配,所以我不知道要更改什么。我在clients.conf中的客户端条目中以“secret=PASSWORD”和NAS中输入了共享机密。它们不可打印,因为解密共享机密会产生超出可打印范围的字符。字符的可打印性被用作确定共享秘密是否正确的启发式方法。你用什么在pi上发送数据包?这可能是一个持久性问题。