forum.opennet.ru - "Помогите расшифровать лог FreeRADIUS" (2)

форумы

помощь

поиск

регистрация

майллист

вход/выход

слежка

"Помогите расшифровать лог FreeRADIUS"

Форум Информационная безопасность (Авторизация и аутентификация / FreeBSD)
Вариант для распечатки		Пред. тема \| След. тема
Изначальное сообщение		[ Отслеживать ]

"Помогите расшифровать лог FreeRADIUS"	+/–
Сообщение от NewUse on 19-Дек-10, 02:05
Доброе время суток уважаемые гуру. Помогите, плз, расшифровать лог FreeRADIUS (в режиме отладки) Не могу понять кто и где отваливается, то ли проблема в Windows, то ли в Radius (вернее в кривизне моих рук) Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.1.20:2048, id=50, length=153 User-Name = "test" NAS-Port = 0 Called-Station-Id = "00-15-6D-4C-45-61:ubnt" Calling-Station-Id = "00-12-F0-C0-6F-94" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 0Mbps 802.11" EAP-Message = 0x02b100061900 State = 0xd075f8c042e116b8bb5765ae7c15b3cc Message-Authenticator = 0xb8415586fd08ab0d754472b084d785ee Processing the authorize section of radiusd.conf modcall: entering group authorize for request 2 modcall[authorize]: module "preprocess" returns ok for request 2 radius_xlat: 'test' rlm_nibs (sql_set_user): sql_set_user escaped user --> 'test' rlm_nibs (nibs_fill_user): begin for user `test' ------------ radius_xlat: 'SELECT user, password, crypt_method, uid, gid, deposit, credit, unix_timestamp(add_date), blocked, activated, unix_timestamp(expired), total_time, total_traffic, total_money, unix_timestamp(last_connection), framed_ip, framed_mask, callback_number FROM users WHERE user = 'test'' sql_als->sql_get_socket (nibs): Reserving sql socket id: 7 sql_als->sql_release_socket: Released sql socket id: 7 radius_xlat: 'SELECT tos, do_with_tos, direction, fixed, fixed_cost, activation_time, total_time_limit, month_time_limit, week_time_limit, day_time_limit, total_traffic_limit, month_traffic_limit, week_traffic_limit, day_traffic_limit, total_money_limit, month_money_limit, week_money_limit, day_money_limit, login_time, huntgroup_name, simultaneous_use, port_limit, session_timeout, idle_timeout, allowed_prefixes, no_pass, no_acct, allow_callback, other_params, allowed_servers FROM users WHERE user = 'test'' rlm_nibs (nibs_fill_user): ----- prof mode begin for user `test' ----- sql_als->sql_get_socket (nibs): Reserving sql socket id: 6 sql_als->sql_release_socket: Released sql socket id: 6 rlm_nibs (nibs_fill_user): ----- prof mode end for user `test' ----- rlm_nibs (nibs_fill_user): end for user `test' ------------ rlm_nibs (nibs_add_attrs): begin for user `test' ------------ rlm_nibs (nibs_add_attrs): add PW_PASSWORD rlm_nibs (nibs_add_attrs): add PW_SESSION_TIMEOUT rlm_nibs (nibs_add_attrs): add all other params rlm_nibs (nibs_add_attrs): Parse error (reply) at SQL other_params rlm_nibs (nibs_add_attrs): end for user `test' ------------ modcall[authorize]: module "nibs" returns ok for request 2 modcall[authorize]: module "mschap" returns noop for request 2 rlm_eap: EAP packet type response id 177 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 2 modcall: leaving group authorize (returns updated) for request 2 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 2 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake fragment handler eaptls_verify returned 1 eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 2 modcall: leaving group authenticate (returns handled) for request 2 Sending Access-Challenge of id 50 to 192.168.1.20 port 2048 Session-Timeout = 2939791 EAP-Message = 0x01b202f71900170d3036303132343133323630375a30819f310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010060355040b13096c6f63616c686f7374311b301906035504031312436c69656e742063657274696669636174653121301f06092a864886f70d0109011612636c69656e74406578616d706c652e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100d4c5b19724f164acf1ffb189db1c8fbff4f14396ea7cb1e90f78d69451725377895dfe52ccb99b41e8 EAP-Message = 0x0ddeb58b127a943f4f58cbc562878192fbdc6fece9f871e7c130d35cf5188817e9b133249edd2a1c75d31043ae87553cec7a77ef26aa7d74281db9b77e17c6446c5dd9b188b43250ca0229963722a123a726b00b4027fd0203010001a381ff3081fc301d0603551d0e0416041468d36d3e1ee7bc9d5a057021c363da1365d1ade33081cc0603551d230481c43081c1801468d36d3e1ee7bc9d5a057021c363da1365d1ade3a181a5a481a230819f310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010 EAP-Message = 0x060355040b13096c6f63616c686f7374311b301906035504031312436c69656e742063657274696669636174653121301f06092a864886f70d0109011612636c69656e74406578616d706c652e636f6d820100300c0603551d13040530030101ff300d06092a864886f70d01010405000381810033c00b66b1e579ef73a06798252dab8d5e5511fc00fd276d80d12f834777c6743fdc2743fca1507704e4bc0979e4f60ac3ad9ee83e6f347369229d1f77229ba2e982359da563024a00163dba6d6c986c0bad28af85132ff8f0d76501bf1b7c2dff658ce1e62c01997b6e64e3e8d4373354ce9912847651539063b85bbc5485c516030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x4942a140969674ce6d5d8b48546d876d Finished request 2 Как следует понимать вышеописанный лог? RADIUSу всё понравилось или где-то проблемы? Вот немного отличающийся лог (немного сменил настройки, но эффекта не дало): rad_recv: Access-Request packet from host 192.168.1.20:2048, id=40, length=138 User-Name = "test" NAS-Port = 0 Called-Station-Id = "00-15-6D-4C-45-61:ubnt" Calling-Station-Id = "00-12-F0-C0-6F-94" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 0Mbps 802.11" EAP-Message = 0x02dc00090174657374 Message-Authenticator = 0xc42e8992dbb36bca1239f8333e70996e Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 radius_xlat: 'test' rlm_nibs (sql_set_user): sql_set_user escaped user --> 'test' rlm_nibs (nibs_fill_user): begin for user `test' ------------ radius_xlat: 'SELECT user, password, crypt_method, uid, gid, deposit, credit, unix_timestamp(add_date), blocked, activated, unix_timstamp(expired), total_time, total_traffic, total_money, unix_timestamp(last_connection), framed_ip, framed_mask, callback_number FROMusers WHERE user = 'test'' sql_als->sql_get_socket (nibs): Reserving sql socket id: 11 sql_als->sql_release_socket: Released sql socket id: 11 radius_xlat: 'SELECT tos, do_with_tos, direction, fixed, fixed_cost, activation_time, total_time_limit, month_time_limit, week_time_imit, day_time_limit, total_traffic_limit, month_traffic_limit, week_traffic_limit, day_traffic_limit, total_money_limit, month_moneylimit, week_money_limit, day_money_limit, login_time, huntgroup_name, simultaneous_use, port_limit, session_timeout, idle_timeout, alowed_prefixes, no_pass, no_acct, allow_callback, other_params, allowed_servers FROM users WHERE user = 'test'' rlm_nibs (nibs_fill_user): ----- prof mode begin for user `test' ----- sql_als->sql_get_socket (nibs): Reserving sql socket id: 10 rlm_nibs_mysql: MYSQL check_error: 1054 received rlm_nibs (nibs_fill_user): database query error - `Unknown column 'allowed_prefixes' in 'field list'' sql_als->sql_release_socket: Released sql socket id: 10 rlm_nibs (nibs_add_attrs): begin for user `test' ------------ rlm_nibs (nibs_add_attrs): add PW_FRAMED_IP_ADDRESS rlm_nibs (nibs_add_attrs): add PW_FRAMED_IP_NETMASK rlm_nibs (nibs_add_attrs): add PW_SESSION_TIMEOUT rlm_nibs (nibs_add_attrs): add all other params rlm_nibs (nibs_add_attrs): Parse error (reply) at SQL other_params rlm_nibs (nibs_add_attrs): end for user `test' ------------ modcall[authorize]: module "nibs" returns ok for request 0 modcall[authorize]: module "mschap" returns noop for request 0 rlm_eap: EAP packet type response id 220 length 9 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 0 modcall: leaving group authorize (returns updated) for request 0 rad_check_password: Found Auth-Type Nibs rad_check_password: Found Auth-Type EAP Warning: Found 2 auth-types on request for user 'test' auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 0 rlm_eap: EAP Identity rlm_eap: processing type tls rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 modcall[authenticate]: module "eap" returns handled for request 0 modcall: leaving group authenticate (returns handled) for request 0 Sending Access-Challenge of id 40 to 192.168.1.20 port 2048 Framed-IP-Address = 192.168.1.9 Framed-IP-Netmask = 255.255.255.255 Session-Timeout = 7178670 EAP-Message = 0x01dd00061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xd827d8e99b0f0605b1634e8ea753a0c5 Finished request 0 Going to the next request --- Walking the entire request list --- Подскажите пожалуйста, в чём может быть затык, где я ошибся?
Ответить \| Правка \| Cообщить модератору

Оглавление

Помогите расшифровать лог FreeRADIUS, NewUse, 00:35 , 20-Дек-10, (1)

Помогите расшифровать лог FreeRADIUS, NewUse, 17:31 , 20-Дек-10, (2)

Сообщения по теме [Сортировка по времени | RSS]

1. "Помогите расшифровать лог FreeRADIUS" +/–

Сообщение от NewUse on 20-Дек-10, 00:35

Среди логов удалось найти следующие ошибки:

rlm_nibs (nibs_add_attrs): Parse error (reply) at SQL other_params
rlm_nibs (nibs_add_attrs): end for user `test' ------------
radius_xlat:  'rlm_nibs (rlm_nibs_authorize): Check items do not match with received packet (maybe _open_ passwd or huntgroup) for user `' [127.0.0.1:]%s%s%s'
rlm_nibs (rlm_nibs_authorize): Check items do not match with received packet (maybe _open_ passwd or huntgroup) for user `' [127.0.0.1:]
rlm_nibs (rlm_nibs_authorize): ======== Pairs DEBUG ========
rlm_nibs (rlm_nibs_authorize): ---------------- Received Packet
     EAP-Message = 0x026100090174657374
     FreeRADIUS-Proxied-To = 127.0.0.1
     User-Name = "test"
     NAS-IP-Address = 127.0.0.1
     Client-IP-Address = 127.0.0.1
rlm_nibs (rlm_nibs_authorize): ---------------- Check Items
     EAP-Type = MS-CHAP-V2
     User-Password == "pass"
rlm_nibs (rlm_nibs_authorize): ======== Pairs DEBUG ========
  modcall[authorize]: module "nibs" returns reject for request 5
modcall: leaving group authorize (returns reject) for request 5
  PEAP: Tunneled authentication was rejected.
  rlm_eap_peap: FAILURE
  modcall[authenticate]: module "eap" returns handled for request 5
modcall: leaving group authenticate (returns handled) for request 5
Sending Access-Challenge of id 45 to 192.168.1.20 port 2048
        Framed-IP-Address = 192.168.1.9
        Framed-IP-Netmask = 255.255.255.255
        Session-Timeout = 2857255
        EAP-Message = 0x016200261900170301001b4cd1ff86c1cdf0b141e303caa878b66aad61aaf07734245c449a2e
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0xd02941d9da45ab370921a36c1ae61b57
Finished request 5
Going to the next request

Ответить | Правка | ^ к родителю #0 | Наверх | Cообщить модератору

2. "Помогите расшифровать лог FreeRADIUS" +/–

Сообщение от NewUse on 20-Дек-10, 17:31

Всё, спасибо, разобрался, траблабыла в FreeNibs
теперь уже трабла с виндой:
Клиент не может получить сетевой адрес, хотя в логах:

Sending Access-Challenge of id 60 to 192.168.1.20 port 2048
        Framed-IP-Address = 192.168.1.9
        Framed-IP-Netmask = 255.255.255.255
        Session-Timeout = 3313253
        EAP-Message = 0x0145004a1900170301003f3c3c8965550d61575db1d805c48330ffdf48ec12eb15cb34902175196b528ddcea38fe4ff404fc03ff2f9a75479b4d17dd35101146c72575797324f7115e4d
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x08a6bf98860456c0359919a34ea59489
Finished request 14

куда копать?

Ответить | Правка | ^ к родителю #1 | Наверх | Cообщить модератору

Архив | Удалить

Рекомендовать для помещения в FAQ | Индекс форумов | Темы | Пред. тема | След. тема

Партнёры:

Хостинг:

Закладки на сайте
Проследить за страницей

Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру

1. "Помогите расшифровать лог FreeRADIUS"	+/–
Сообщение от NewUse on 20-Дек-10, 00:35
Среди логов удалось найти следующие ошибки: rlm_nibs (nibs_add_attrs): Parse error (reply) at SQL other_params rlm_nibs (nibs_add_attrs): end for user `test' ------------ radius_xlat: 'rlm_nibs (rlm_nibs_authorize): Check items do not match with received packet (maybe _open_ passwd or huntgroup) for user `' [127.0.0.1:]%s%s%s' rlm_nibs (rlm_nibs_authorize): Check items do not match with received packet (maybe _open_ passwd or huntgroup) for user `' [127.0.0.1:] rlm_nibs (rlm_nibs_authorize): ======== Pairs DEBUG ======== rlm_nibs (rlm_nibs_authorize): ---------------- Received Packet EAP-Message = 0x026100090174657374 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "test" NAS-IP-Address = 127.0.0.1 Client-IP-Address = 127.0.0.1 rlm_nibs (rlm_nibs_authorize): ---------------- Check Items EAP-Type = MS-CHAP-V2 User-Password == "pass" rlm_nibs (rlm_nibs_authorize): ======== Pairs DEBUG ======== modcall[authorize]: module "nibs" returns reject for request 5 modcall: leaving group authorize (returns reject) for request 5 PEAP: Tunneled authentication was rejected. rlm_eap_peap: FAILURE modcall[authenticate]: module "eap" returns handled for request 5 modcall: leaving group authenticate (returns handled) for request 5 Sending Access-Challenge of id 45 to 192.168.1.20 port 2048 Framed-IP-Address = 192.168.1.9 Framed-IP-Netmask = 255.255.255.255 Session-Timeout = 2857255 EAP-Message = 0x016200261900170301001b4cd1ff86c1cdf0b141e303caa878b66aad61aaf07734245c449a2e Message-Authenticator = 0x00000000000000000000000000000000 State = 0xd02941d9da45ab370921a36c1ae61b57 Finished request 5 Going to the next request
Ответить \| Правка \| ^ к родителю #0 \| Наверх \| Cообщить модератору


	2. "Помогите расшифровать лог FreeRADIUS"	+/–
	Сообщение от NewUse on 20-Дек-10, 17:31
	Всё, спасибо, разобрался, траблабыла в FreeNibs теперь уже трабла с виндой: Клиент не может получить сетевой адрес, хотя в логах: Sending Access-Challenge of id 60 to 192.168.1.20 port 2048 Framed-IP-Address = 192.168.1.9 Framed-IP-Netmask = 255.255.255.255 Session-Timeout = 3313253 EAP-Message = 0x0145004a1900170301003f3c3c8965550d61575db1d805c48330ffdf48ec12eb15cb34902175196b528ddcea38fe4ff404fc03ff2f9a75479b4d17dd35101146c72575797324f7115e4d Message-Authenticator = 0x00000000000000000000000000000000 State = 0x08a6bf98860456c0359919a34ea59489 Finished request 14 куда копать?
	Ответить \| Правка \| ^ к родителю #1 \| Наверх \| Cообщить модератору