在 SLES 11 SP2 上运行 Radius 2.1.7,配置为使用 LDAP 身份验证和“dialup access=true”
我自己的用户 ID 可以很好地进行身份验证,它是半径密码策略的一部分。使用相同密码策略的另一个用户无法进行身份验证。有人可以帮我弄清楚什么是 EAP-TLV 故障吗?
rad_recv: Access-Request packet from host 140.10.85.4 port 1645, id=57, length=221
User-Name = "mohdfariza"
Framed-MTU = 1400
Called-Station-Id = "0013.7f43.9f50"
Calling-Station-Id = "a816.b25f.54af"
Service-Type = Login-User
Message-Authenticator = 0x7c15082e8992a6640cc3d795a2c78840
EAP-Message = 0x020a0050190017030100209f86cd5e851f3ea74981a4ac0356d9c406296f83a59103bdd53f3b39692528c81703010020e373b0a84183b081bd64acb67ef81941af5e4edd8d1ad2d71a32ae825151890b
NAS-Port-Type = Wireless-802.11
NAS-Port = 302
State = 0x4ca99e914ba38777aa4e9129995c242d
NAS-IP-Address = 140.10.85.4
NAS-Identifier = "ict-dev"
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/radius/radacct/140.10.85.4/auth-detail-20131107
[auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/140.10.85.4/auth-detail-20131107
[auth_log] expand: %t -> Thu Nov 7 13:53:01 2013
++[auth_log] returns ok
++[mschap] returns noop
[eap] EAP packet type response id 10 length 80
[eap] Continuing tunnel setup.
++[eap] returns ok
[ldap] performing user authorization for mohdfariza
[ldap] WARNING: Deprecated conditional expansion ":-". See "man unlang" for details
[ldap] expand: (uid=%{Stripped-User-Name:-%{User-Name}}) -> (uid=mohdfariza)
[ldap] expand: o=syabas -> o=syabas
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in o=syabas, with filter (uid=mohdfariza)
[ldap] checking if remote access for mohdfariza is allowed by dialupAccess
[ldap] Added the eDirectory password ejat5177 in check items as Cleartext-Password
[ldap] No default NMAS login sequence
[ldap] looking for check items in directory...
rlm_ldap: sambaNtPassword -> NT-Password == 0x4143333936454137334544373432433830304436323445314141354644464444
[ldap] looking for reply items in directory...
[ldap] user mohdfariza authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
++[ldap] returns ok
[pap] Normalizing NT-Password from hex encoding
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] Received EAP-TLV response.
[peap] Had sent TLV failure. User was rejected earlier in this session.
[eap] Handler failed in EAP/peap
[eap] Failed in EAP select
++[eap] returns invalid
Failed to authenticate the user.
Using Post-Auth-Type Reject
WARNING: Unknown value specified for Post-Auth-Type. Cannot perform requested action.
Delaying reject of request 26 for 1 seconds
Going to the next request
Waking up in 0.4 seconds.
Cleaning up request 9 ID 40 with timestamp +51
Cleaning up request 10 ID 41 with timestamp +51
Cleaning up request 11 ID 42 with timestamp +51
Cleaning up request 12 ID 43 with timestamp +51
Waking up in 0.1 seconds.
Cleaning up request 13 ID 44 with timestamp +52
Cleaning up request 14 ID 45 with timestamp +52
Cleaning up request 15 ID 46 with timestamp +52
Cleaning up request 16 ID 47 with timestamp +52
Sending delayed reject for request 26
Sending Access-Reject of id 57 to 140.10.85.4 port 1645
EAP-Message = 0x040a0004
Message-Authenticator = 0x00000000000000000000000000000000
Waking up in 0.9 seconds.
Cleaning up request 17 ID 48 with timestamp +52
Waking up in 2.5 seconds.
Cleaning up request 18 ID 49 with timestamp +55
Cleaning up request 19 ID 50 with timestamp +55
Cleaning up request 20 ID 51 with timestamp +55
Cleaning up request 21 ID 52 with timestamp +55
Waking up in 0.1 seconds.
Cleaning up request 22 ID 53 with timestamp +56
Cleaning up request 23 ID 54 with timestamp +56
Cleaning up request 24 ID 55 with timestamp +56
Cleaning up request 25 ID 56 with timestamp +56
Waking up in 1.0 seconds.
Cleaning up request 26 ID 57 with timestamp +56
Ready to process requests.