Estou implementando um Freeradius validando os usuario num ACtive diretory MS 2008 R2.
Configurei o Freeradius e testei pelo radtest. funcionou blz.
tela de saida
radtest -t mschap radius@XXXXXXXXXXXXXX SENHA localhost 0 teste123
Sending Access-Request of id 111 to 127.0.0.1 port 1812
User-Name = "radius@XXXXXXXXXXXXXX"
NAS-IP-Address = 10.25.153.51
NAS-Port = 0
Message-Authenticator = 0x00000000000000000000000000000000
MS-CHAP-Challenge = 0x1529e5b05742be4f
MS-CHAP-Response = 0x0001000000000000000000000000000000000000000000000000f872e7dc44ff2075065bd7849ef3cd5ca32d6fe4f919e7da
rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=111, length=20
Agora quando mando pelo Hotspot da routerboard sai esse mensagem no Log
rad_recv: Access-Request packet from host 10.25.152.252 port 42438, id=17, length=238
NAS-Port-Type = Ethernet
Calling-Station-Id = "00:E0:4E:21:CF:5A"
Called-Station-Id = "hotspot1"
NAS-Port-Id = "ether5"
User-Name = "radius@XXXXXXXXXXXXXX"
MS-CHAP-Domain = "XXXXXXXXXXXXXX"
NAS-Port = 2153775110
Acct-Session-Id = "80600006"
Framed-IP-Address = 10.5.50.254
Mikrotik-Host-IP = 10.5.50.254
User-Password = "SENHA"
Service-Type = Login-User
WISPr-Logoff-URL = "http://10.5.50.1/logout"
NAS-Identifier = "RouterOS"
Mikrotik-Realm = "XXXXXXXXXXXXXX"
NAS-IP-Address = 10.25.152.252
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand: /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/freeradius/radacct/10.25.152.252/auth-detail-20140222
[auth_log] /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/10.25.152.252/auth-detail-20140222
[auth_log] expand: %t -> Sat Feb 22 05:58:17 2014
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] Looking up realm "XXXXXXXXXXXXXX" for User-Name = "radius@XXXXXXXXXXXXXX"
[suffix] Found realm "XXXXXXXXXXXXXX"
[suffix] Adding Stripped-User-Name = "radius"
[suffix] Adding Realm = "XXXXXXXXXXXXXX"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.
++[pap] returns noop
ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user
Failed to authenticate the user.
Using Post-Auth-Type Reject
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} -> radius@XXXXXXXXXXXXXX
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 5 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
rad_recv: Access-Request packet from host 10.25.152.252 port 42438, id=17, length=238
Waiting to send Access-Reject to client CCR1016 port 42438 - ID: 17
Waking up in 0.6 seconds.
rad_recv: Access-Request packet from host 10.25.152.252 port 42438, id=17, length=238
Waiting to send Access-Reject to client CCR1016 port 42438 - ID: 17
Waking up in 0.3 seconds.
Sending delayed reject for request 5
Sending Access-Reject of id 17 to 10.25.152.252 port 42438
Waking up in 4.9 seconds.
Cleaning up request 5 ID 17 with timestamp +493
Ready to process request
Alquem poderia me dar uma ajuda, ou luz
-
24-03-2014, 09:41 #1
- Ingresso
- Mar 2014
- Localização
- Aparecida de goiania
- Posts
- 4
Freeradius e AD + Routerboard Hotspot
-
24-03-2014, 10:35 #2Alex Rock
- Ingresso
- Jan 2006
- Localização
- S. J. do Rio Preto-SP
- Posts
- 834
Re: Freeradius e AD + Routerboard Hotspot
Parece que o err é esse: ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user
Ativa no Hotspot o PAP, pois somente funciona com o AD usando o PAP (sem criptografia).
Posta o resultado pra gente.
-
24-03-2014, 12:52 #3
- Ingresso
- Mar 2014
- Localização
- Aparecida de goiania
- Posts
- 4
Re: Freeradius e AD + Routerboard Hotspot
Mesma coisa.. coloquei no hotspot da Routerboard PAP , mas continua dando o mesmo erro
-
24-03-2014, 13:28 #4Alex Rock
- Ingresso
- Jan 2006
- Localização
- S. J. do Rio Preto-SP
- Posts
- 834
Re: Freeradius e AD + Routerboard Hotspot
Só uma pergunta: porque Mikrotik > Freeradius > AD se vc pode Mikrotik > AD?
http://zanjiryan.blogspot.com.br/201...-mikrotik.html
-
25-03-2014, 16:53 #5
- Ingresso
- Mar 2014
- Localização
- Aparecida de goiania
- Posts
- 4
Re: Freeradius e AD + Routerboard Hotspot
Não tinha pensado nisso ... Valeu demais pela ajuda.
JA fiz agora ta funcionando blz
-
25-03-2014, 16:55 #6Alex Rock
- Ingresso
- Jan 2006
- Localização
- S. J. do Rio Preto-SP
- Posts
- 834
Re: Freeradius e AD + Routerboard Hotspot
As vezes a solução é simples...a gente que complica...heheeh.
-
03-04-2014, 11:48 #7
- Ingresso
- Mar 2014
- Localização
- Aparecida de goiania
- Posts
- 4
Re: Freeradius e AD + Routerboard Hotspot
Alex coloquei o Radius no AD, mas to com um problema, o Hotspot envia a autenticação em CHAP, ai o ad não autentica se você não marcar a opção "salvar senha em formato reversível". nao tem como o hotspot Enviar em MSCHAP? tenho um pequeno problema se tiver que refazer as senha, sao apenas umas 15 mil pra recadastrar.... isso e "impossivel". se tiver alguma ideia , fico agradecido
Citação