Merhaba,
Kablosuz ağda 802.1x yapılandırması için çalışıyorum. Debian 5.0'da
kullandığımız LDAP sunucuya Freeradius kurdum ve gerekli
konfigürasyonlarını yaptım/yapıyorum. Son geldiğim nokta itibariyle;
radtest ile yaptığım testlerde bağlantı başarılı görünüyor, fakat, AP
üzerinden bağlanmaya çalıştığımda hata alıyorum. Şöyle ki:
/$ radtest aytekinaygun 123456 192.168.0.207 1812 testing123//
//Sending Access-Request of id 128 to 192.168.0.207 port 1812//
// User-Name = "aytekinaygun"//
// User-Password = "123456"//
// NAS-IP-Address = 127.0.1.1//
// NAS-Port = 1812//
// Message-Authenticator = 0x00000000000000000000000000000000//
//rad_recv://*Access-Accept*//packet from host 192.168.0.207 port 1812,
id=128, length=20/
Log'da şöyle:
/rad_recv: Access-Request packet from host 192.168.8.69 port 56283,
id=15, length=82
User-Name = "aytekinaygun"
User-Password = "123456"
NAS-IP-Address = 127.0.1.1
NAS-Port = 1812
Message-Authenticator = 0x8dcb70a0b2d79e4d28943e668b355331
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "aytekinaygun", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
rlm_eap: No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns notfound
rlm_ldap: - authorize
rlm_ldap: performing user authorization for aytekinaygun
WARNING: Deprecated conditional expansion ":-". See "man unlang" for
details
expand: (uid=%{Stripped-User-Name:-%{User-Name}}) -> (uid=aytekinaygun)
expand: dc=zadh,dc=local -> dc=zadh,dc=local
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in dc=zadh,dc=local, with filter
(uid=aytekinaygun)
rlm_ldap: No default NMAS login sequence
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
WARNING: No "known good" password was found in LDAP. Are you sure that
the user is configured correctly?
rlm_ldap: Setting Auth-Type = ldap
rlm_ldap: user aytekinaygun authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
++[ldap] returns ok
++[expiration] returns noop
++[logintime] returns noop
rlm_pap: WARNING! No "known good" password found for the user.
Authentication may fail because of this.
++[pap] returns noop
rad_check_password: Found Auth-Type ldap
auth: type "LDAP"
+- entering group LDAP
rlm_ldap: - authenticate
rlm_ldap: login attempt by "aytekinaygun" with password "123456"
rlm_ldap: user DN: cn=Aytekin Aygun,ou=Kullanicilar,dc=zadh,dc=local
rlm_ldap: (re)connect to 127.0.0.1:389, authentication 1
rlm_ldap: bind as cn=Aytekin
Aygun,ou=Kullanicilar,dc=zadh,dc=local/123456 to 127.0.0.1:389
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind was successful
rlm_ldap: user aytekinaygun authenticated succesfully
++[ldap] returns ok
*Login OK: [aytekinaygun/123456]* (from client zadh-freeradius port 1812)
+- entering group post-auth
++[ldap] returns noop
++[exec] returns noop
*Sending Access-Accept of id 15 to 192.168.8.69 port 56283*
Finished request 5.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 5 ID 15 with timestamp +1259
Ready to process requests./
Modemden yaptığım bağlantı denemesindeki log:
/rad_recv: Access-Request packet from host 192.168.0.80 port 32769,
id=0, length=164//
// User-Name = "aytekinaygun"//
// NAS-Port = 0//
// Called-Station-Id = "18-28-61-04-32-2C:AIRTIES_RT-206"//
// Calling-Station-Id = "BC-77-37-02-33-39"//
// Framed-MTU = 1400//
// NAS-Port-Type = Wireless-802.11//
// Connect-Info = "CONNECT 0Mbps 802.11"//
// EAP-Message = 0x02c6001101617974656b696e617967756e//
// Message-Authenticator = 0x0b32078e50de47a90d8cf1b514e6bf9e//
//+- entering group authorize//
//++[preprocess] returns ok//
//++[chap] returns noop//
//++[mschap] returns noop//
// rlm_realm: No '@' in User-Name = "aytekinaygun", looking up realm
NULL//
// rlm_realm: No such realm "NULL"//
//++[suffix] returns noop//
// rlm_eap: EAP packet type response id 198 length 17//
// rlm_eap: No EAP Start, assuming it's an on-going EAP conversation//
//++[eap] returns updated//
//++[unix] returns notfound//
//rlm_ldap: - authorize//
//rlm_ldap: performing user authorization for aytekinaygun//
//WARNING: Deprecated conditional expansion ":-". See "man unlang" for
details//
// expand: (uid=%{Stripped-User-Name:-%{User-Name}}) ->
(uid=aytekinaygun)//
// expand: dc=zadh,dc=local -> dc=zadh,dc=local//
//rlm_ldap: ldap_get_conn: Checking Id: 0//
//rlm_ldap: ldap_get_conn: Got Id: 0//
//rlm_ldap: performing search in dc=zadh,dc=local, with filter
(uid=aytekinaygun)//
//rlm_ldap: No default NMAS login sequence//
//rlm_ldap: looking for check items in directory...//
//rlm_ldap: looking for reply items in directory...//
//WARNING: No "known good" password was found in LDAP. Are you sure
that the user is configured correctly?//
//rlm_ldap: user aytekinaygun authorized to use remote access//
//rlm_ldap: ldap_release_conn: Release Id: 0//
//++[ldap] returns ok//
//++[expiration] returns noop//
//++[logintime] returns noop//
//rlm_pap: WARNING! No "known good" password found for the user.
Authentication may fail because of this.//
//++[pap] returns noop//
// rad_check_password: Found Auth-Type EAP//
//auth: type "EAP"//
//+- entering group authenticate//
// rlm_eap: EAP Identity//
// rlm_eap: processing type md5//
//rlm_eap_md5: Issuing Challenge//
//++[eap] returns handled//
//Sending Access-Challenge of id 0 to 192.168.0.80 port 32769//
// EAP-Message = 0x01c700160410e5f89d3e3ed4f734d10f3203ec6c9ce0//
// Message-Authenticator = 0x00000000000000000000000000000000//
// State = 0x030b62e003cc66b1d7cdc357f13dffb6//
//Finished request 6.//
//Going to the next request//
//Waking up in 4.9 seconds.//
//rad_recv: Access-Request packet from host 192.168.0.80 port 32769,
id=1, length=171//
// User-Name = "aytekinaygun"//
// NAS-Port = 0//
// Called-Station-Id = "18-28-61-04-32-2C:AIRTIES_RT-206"//
// Calling-Station-Id = "BC-77-37-02-33-39"//
// Framed-MTU = 1400//
// NAS-Port-Type = Wireless-802.11//
// Connect-Info = "CONNECT 0Mbps 802.11"//
// EAP-Message = 0x02c700060319//
// State = 0x030b62e003cc66b1d7cdc357f13dffb6//
// Message-Authenticator = 0x3f09784358c1057df9fa2bc6319f4feb//
//+- entering group authorize//
//++[preprocess] returns ok//
//++[chap] returns noop//
//++[mschap] returns noop//
// rlm_realm: No '@' in User-Name = "aytekinaygun", looking up realm
NULL//
// rlm_realm: No such realm "NULL"//
//++[suffix] returns noop//
// rlm_eap: EAP packet type response id 199 length 6//
// rlm_eap: No EAP Start, assuming it's an on-going EAP conversation//
//++[eap] returns updated//
//++[unix] returns notfound//
//rlm_ldap: - authorize//
//rlm_ldap: performing user authorization for aytekinaygun//
//WARNING: Deprecated conditional expansion ":-". See "man unlang" for
details//
// expand: (uid=%{Stripped-User-Name:-%{User-Name}}) ->
(uid=aytekinaygun)//
// expand: dc=zadh,dc=local -> dc=zadh,dc=local//
//rlm_ldap: ldap_get_conn: Checking Id: 0//
//rlm_ldap: ldap_get_conn: Got Id: 0//
//rlm_ldap: performing search in dc=zadh,dc=local, with filter
(uid=aytekinaygun)//
//rlm_ldap: No default NMAS login sequence//
//rlm_ldap: looking for check items in directory...//
//rlm_ldap: looking for reply items in directory...//
//WARNING: No "known good" password was found in LDAP. Are you sure
that the user is configured correctly?//
//rlm_ldap: user aytekinaygun authorized to use remote access//
//rlm_ldap: ldap_release_conn: Release Id: 0//
//++[ldap] returns ok//
//++[expiration] returns noop//
//++[logintime] returns noop//
//rlm_pap: WARNING! No "known good" password found for the user.
Authentication may fail because of this.//
//++[pap] returns noop//
// rad_check_password: Found Auth-Type EAP//
//auth: type "EAP"//
//+- entering group authenticate//
// rlm_eap: Request found, released from the list//
// rlm_eap: EAP NAK//
// rlm_eap: NAK asked for unsupported type 25//
// rlm_eap: No common EAP types found.//
// rlm_eap: Failed in EAP select//
//++[eap] returns invalid//
//auth: Failed to validate the user.//
//Login incorrect: [aytekinaygun/<via Auth-Type = EAP>] (from client
zadh-freeradius port 0 cli BC-77-37-02-33-39)//
// Found Post-Auth-Type Reject//
//+- entering group REJECT//
// expand: %{User-Name} -> aytekinaygun//
// attr_filter: Matched entry DEFAULT at line 11//
//++[attr_filter.access_reject] returns updated//
//Delaying reject of request 7 for 1 seconds//
//Going to the next request//
//Waking up in 0.9 seconds.//
//Sending delayed reject for request 7//
//Sending Access-Reject of id 1 to 192.168.0.80 port 32769//
// EAP-Message = 0x04c70004//
// Message-Authenticator = 0x00000000000000000000000000000000//
//Waking up in 3.9 seconds.//
//Cleaning up request 6 ID 0 with timestamp +1476//
//Waking up in 1.0 seconds.//
//Cleaning up request 7 ID 1 with timestamp +1476//
//Ready to process requests./
--
Saygılar,
Aytekin Aygün
_______________________________________________
Linux-sunucu E-Posta Listesi
Linux-sunucu@liste.linux.org.tr
Liste kurallarını http://liste.linux.org.tr/kurallar.php bağlantısından
okuyabilirsiniz;
Bu Listede neden bulunduğunuzu bilmiyorsanız veya artık bu listeden gelen
e-postaları almak istemiyorsanız aşağıdaki bağlantı adresini kullanarak 1
dakika içinde üyeliğinizi sonlandırabilirsiniz.
https://liste.linux.org.tr/mailman/listinfo/linux-sunucu
