OSSH华为Portal调试笔记(6)

[eap] No EAP-Message, not doing EAP ++[eap] returns noop

[files] users: Matched entry steve at line 76 ++[files] returns ok

++[expiration] returns noop ++[logintime] returns noop

[pap] WARNING: Auth-Type already set. Not setting to PAP ++[pap] returns noop Found Auth-Type = CHAP

# Executing group from file /usr/local/etc/raddb/sites-enabled/default +- entering group CHAP {...}

[chap] login attempt by \

[chap] Using clear text password \[chap] chap user steve authenticated succesfully ++[chap] returns ok

# Executing section post-auth from file /usr/local/etc/raddb/sites-enabled/default +- entering group post-auth {...} ++[exec] returns noop

Sending Access-Accept of id 1 to 192.168.20.1 port 1812 Service-Type = Framed-User Framed-Protocol = PPP

Framed-IP-Address = 192.168.10.5 Framed-IP-Netmask = 255.255.255.0 Framed-Routing = Broadcast-Listen Framed-Filter-Id = \ Framed-MTU = 1500

Framed-Compression = Van-Jacobson-TCP-IP Finished request 12.

Going to the next request Waking up in 4.9 seconds.

Cleaning up request 12 ID 1 with timestamp +1975 Ready to process requests.

15. 附录2-调试过程

ess-Accept packet from host 127.0.0.1 port 1812, id=71, length=20 [root@ossh ~]# [root@ossh ~]# [root@ossh ~]#

[root@ossh ~]# echo \= 0x00\| radclient -x 127.0.0.1:1813 testing123

status Sending Status-Server of id 66 to 127.0.0.1 port 1813

Message-Authenticator = 0x00000000000000000000000000000000

rad_recv: Accounting-Response packet from host 127.0.0.1 port 1813, id=66, length=20 [root@ossh ~]#

[root@ossh ~]#

[root@ossh ~]# vi /usr/local/etc/raddb/clients.conf # -*- text -*- ##

## clients.conf -- client configuration directives ##

## $Id$

####################################################################### #

# Define RADIUS clients (usually a NAS, Access Point, etc.). #

# Defines a RADIUS client. #

# '127.0.0.1' is another name for 'localhost'. It is enabled by default, # to allow testing of the server after an initial installation. If you

# are not going to be permitting RADIUS queries from localhost, we suggest # that you delete, or comment out, this entry. # # #

# Each client has a \# other clients. #

# In version 1.x, the string after the word \# address of the client. In 2.0, the IP address is configured via # the \ For compatibility, the 1.x # format is still accepted. #

client localhost {

# Allowed values are:

# dotted quad (1.2.3.4)

# hostname (radius.example.com) ipaddr = 127.0.0.1

# OR, you can use an IPv6 address, but not both

# at the same time.

# ipv6addr = :: # any. ::1 == localhost

#

# A note on DNS: We STRONGLY recommend using IP addresses # rather than host names. Using host names means that the

# server will do DNS lookups when it starts, making it # dependent on DNS. i.e. If anything goes wrong with DNS,

# the server won't start! # # The server also looks up the IP address from DNS once, and # only once, when it starts. If the DNS record is later # updated, the server WILL NOT see that update. #

# One client definition can be applied to an entire network. # e.g. 127/8 should be defined with \ # \

# # If not specified, the default netmask is 32 (i.e. /32)

# # We do NOT recommend using anything other than 32. There # are usually other, better ways to achieve the same goal. # Using netmasks of other than 32 can cause security issues.

# # You can specify overlapping networks (127/8 and 127.0/16) # In that case, the smallest possible network will be used # as the \

# # Clients can also be defined dynamically at run time, based # on any criteria. e.g. SQL lookups, keying off of NAS-Identifier,

# etc. # See raddb/sites-available/dynamic-clients for details. #

# netmask = 32

# # The shared secret use to \and \packets between # the NAS and FreeRADIUS. You MUST change this secret from the

# default, otherwise it's not a secret any more! # # The secret can be any string, up to 8k characters in length. #

# Control codes can be entered vi octal encoding,

# e.g. \== \ # Quotation marks can be entered by escaping them,

# e.g. \ # # A note on security: The security of the RADIUS protocol # depends COMPLETELY on this secret! We recommend using a # shared secret that is composed of: #

# upper case letters # lower case letters

# numbers # # And is at LEAST 8 characters long, preferably 16 characters in # length. The secret MUST be random, and should not be words,

# phrase, or anything else that is recognizable. # # The default secret below is only for testing, and should

# not be used in any real environment. #

secret = testing123

# # Old-style clients do not send a Message-Authenticator # in an Access-Request. RFC 5080 suggests that all clients # SHOULD include it in an Access-Request. The configuration # item below allows the server to require it. If a client # is required to include a Message-Authenticator and it does …… 此处隐藏：4716字，全部文档内容请下载后查看。喜欢就下载吧 ……