Вот, пробуем настроить авторизаци. через 802.1x + Radius
Имеем UTM 5.2.1 и оборудование Cisco AP1200.
Лицензионный ключ на ядро + модуль диалап VPN.
В итоге авторизация не проходит.
В логах радиуса имеем следующее:
?Debug : Sep 06 17:37:29 RadiusSocket: RADIUS packet successfully received
?Debug : Sep 06 17:37:29 RadiusSocket: RADIUS raw data obtained
?Debug : Sep 06 17:37:29 RADIUS Packet: Size <123>; HDR.Size <123>
?Debug : Sep 06 17:37:29 AuthServer: Recv...
?Debug : Sep 06 17:37:29 AuthServer: Packet from NAS <172.172.0.2>
?Debug : Sep 06 17:37:29 RADIUS DBA: NAS found. Data size <0>
?Debug : Sep 06 17:37:29 AuthServer: Packet from <172.172.0.2> packet dump: RPacket:
Code: 1; ID: 26
<Vendor: 0; Attr: 1>[4]: 74657374
<Vendor: 0; Attr: 4>[4]: acac0002
<Vendor: 0; Attr: 5>[4]: 000013f6
<Vendor: 0; Attr: 6>[4]: 00000001
<Vendor: 0; Attr: 12>[4]: 00000578
<Vendor: 0; Attr: 30>[17]: 30302d30442d32392d46302d42362d3638
<Vendor: 0; Attr: 31>[17]: 30302d34302d46342d39352d43302d3838
<Vendor: 0; Attr: 61>[4]: 00000013
<Vendor: 0; Attr: 79>[9]: 020200090174657374
<Vendor: 0; Attr: 80>[16]: d3bfe1f3aa3384b500900f950147532a
?Debug : Sep 06 17:37:29 AuthServer: User <test> connecting
?Debug : Sep 06 17:37:29 AuthServer: EAP message detected without State. State <test_1157546249_26> generated. Using it as session id
for storing in sessions cache.
?Debug : Sep 06 17:37:29 AuthServer: Session for sessionid <test_1157546249_26> not found in <172.172.0.2> cache
?Debug : Sep 06 17:37:29 RADIUS DBA: Info for login <test> found. type <1>
?Debug : Sep 06 17:37:29 AuthServer: Auth scheme: EAP
ERROR : Sep 06 17:37:29 AuthServer: EAP subsystem called. Supporting: EAP-MD5
ERROR : Sep 06 17:37:29 AuthServer: EAP subsystem called. Supporting: EAP-MD5
?Debug : Sep 06 17:37:29 RADIUS Packet: Message-Authenticator verification called
?Debug : Sep 06 17:37:29 RADIUS Packet: Message-Authenticator found. Setting for requested value.
?Debug : Sep 06 17:37:29 RADIUS Packet: HMAC MD5 calculation called. Raw data length <123>
?Debug : Sep 06 17:37:29 RADIUS Packet: EAP: calculated message authenticator <d3bfe1f3aa3384b500900f950147532a> original message authentic
ator <d3bfe1f3aa3384b500900f950147532a>
?Debug : Sep 06 17:37:29 RADIUS Packet: Message-Authenticator found. Setting for requested value.
?Debug : Sep 06 17:37:29 RADIUS Packet: EAP: packet from NAS with correct message authenticator!
?Debug : Sep 06 17:37:29 AuthServer: EAP: Message-Authenticator verify success
?Debug : Sep 06 17:37:29 AuthServer: EAP: incoming packet authenticator <dcfbe49f27677e3ab2f91e10d44bc9fa>. setting it to outgoing packet.
?Debug : Sep 06 17:37:29 AuthServer: EAP: Current state: 0
?Debug : Sep 06 17:37:29 AuthServer: EAP Dump: eap code <2> eap type <1> eap size 4 (eap id 2)
?Debug : Sep 06 17:37:29 AuthServer: EAP: After In state: 2
?Debug : Sep 06 17:37:29 AuthServer: EAP: Identity <test> got
?Debug : Sep 06 17:37:29 RADIUS DBA: Info for login <test> found. type <1>
?Debug : Sep 06 17:37:29 RADIUS EAPState: Setting replay code to 'request', Type to 'auth_chap (EAP-MD5 request)'
?Debug : Sep 06 17:37:29 RADIUS EAPState: Generated challenge<1009c1fe44c03fa16a88569715eee92352> size<17>
?Debug : Sep 06 17:37:29 AuthServer: EAP: After Out state <3> step result <0>
?Debug : Sep 06 17:37:29 AuthServer: EAP: state challenge! Setting State<test_1157546249_26>
?Debug : Sep 06 17:37:29 AuthServer: EAP: Reply send
?Debug : Sep 06 17:37:29 AuthServer: EAP in progress! Storing session with id <test_1157546249_26>
?Debug : Sep 06 17:37:29 AuthServer: Auth reply: RPacket:
Code: 11; ID: 26
<Vendor: 0; Attr: 24>[18]: 746573745f313135373534363234395f3236
<Vendor: 0; Attr: 79>[22]: 01030016041009c1fe44c03fa16a88569715eee92352
<Vendor: 0; Attr: 80>[16]: 00000000000000000000000000000000
?Debug : Sep 06 17:37:29 RADIUS Packet: raw data constructed! size <82>
?Debug : Sep 06 17:37:29 RadiusSocket: Moving RADIUS packet into send queue
?Debug : Sep 06 17:37:29 RADIUS Packet: Old message authenticator <00000000000000000000000000000000>
?Debug : Sep 06 17:37:29 RADIUS Packet: Setting HMAC MD5 for outgoing packet! size <82>
?Debug : Sep 06 17:37:29 RADIUS Packet: HMAC MD5 calculation called. Raw data length <82>
?Debug : Sep 06 17:37:29 RADIUS Packet: New message authenticator <810e71eabb636c9c97f9055efe3438cf>
?Debug : Sep 06 17:37:29 AuthServer: Next...
?Trace : Sep 06 17:37:29 AuthServer: Process loop step
?Debug : Sep 06 17:37:29 RadiusSocket: Waiting for RADIUS raw data
?Debug : Sep 06 17:37:29 RadiusSocket: RADIUS raw data sent
?Debug : Sep 06 17:37:29 RadiusSocket: RADIUS packet successfully received
?Debug : Sep 06 17:37:29 RadiusSocket: RADIUS raw data obtained
?Debug : Sep 06 17:37:29 RADIUS Packet: Size <140>; HDR.Size <140>
?Debug : Sep 06 17:37:29 AuthServer: Recv...
?Debug : Sep 06 17:37:29 AuthServer: Packet from NAS <172.172.0.2>
?Debug : Sep 06 17:37:29 RADIUS DBA: NAS found. Data size <0>
?Debug : Sep 06 17:37:29 AuthServer: Packet from <172.172.0.2> packet dump: RPacket:
Code: 1; ID: 27
<Vendor: 0; Attr: 1>[4]: 74657374
<Vendor: 0; Attr: 4>[4]: acac0002
<Vendor: 0; Attr: 5>[4]: 000013f6
<Vendor: 0; Attr: 6>[4]: 00000001
<Vendor: 0; Attr: 12>[4]: 00000578
<Vendor: 0; Attr: 24>[18]: 746573745f313135373534363234395f3236
<Vendor: 0; Attr: 30>[17]: 30302d30442d32392d46302d42362d3638
<Vendor: 0; Attr: 31>[17]: 30302d34302d46342d39352d43302d3838
<Vendor: 0; Attr: 61>[4]: 00000013
<Vendor: 0; Attr: 79>[6]: 020300060319
<Vendor: 0; Attr: 80>[16]: b5593d9b504d4dd388ac5fdc0f4ee5a5
?Debug : Sep 06 17:37:29 AuthServer: User <test> connecting
?Debug : Sep 06 17:37:29 AuthServer: EAP message detected. Using State <test_1157546249_26> as session id for storing in sessions cache.
?Debug : Sep 06 17:37:29 AuthServer: Session for <test_1157546249_26> found in <172.172.0.2> cache
?Debug : Sep 06 17:37:29 RADIUS DBA: Info for login <test> found. type <1>
?Debug : Sep 06 17:37:29 AuthServer: Auth scheme: EAP
ERROR : Sep 06 17:37:29 AuthServer: EAP subsystem called. Supporting: EAP-MD5
ERROR : Sep 06 17:37:29 AuthServer: EAP subsystem called. Supporting: EAP-MD5
?Debug : Sep 06 17:37:29 RADIUS Packet: Message-Authenticator verification called
?Debug : Sep 06 17:37:29 RADIUS Packet: Message-Authenticator found. Setting for requested value.
?Debug : Sep 06 17:37:29 RADIUS Packet: HMAC MD5 calculation called. Raw data length <140>
?Debug : Sep 06 17:37:29 RADIUS Packet: EAP: calculated message authenticator <b5593d9b504d4dd388ac5fdc0f4ee5a5> original message authentic
ator <b5593d9b504d4dd388ac5fdc0f4ee5a5>
?Debug : Sep 06 17:37:29 RADIUS Packet: Message-Authenticator found. Setting for requested value.
?Debug : Sep 06 17:37:29 RADIUS Packet: EAP: packet from NAS with correct message authenticator!
?Debug : Sep 06 17:37:29 AuthServer: EAP: Message-Authenticator verify success
?Debug : Sep 06 17:37:29 AuthServer: EAP: incoming packet authenticator <805e6017362223251992f7f44a7aa9b4>. setting it to outgoing packet.
?Debug : Sep 06 17:37:29 AuthServer: EAP: Current state: 3
?Debug : Sep 06 17:37:29 AuthServer: EAP Dump: eap code <2> eap type <3> eap size 1 (eap id 3)
ERROR : Sep 06 17:37:29 RADIUS EAPState: Nak got : 19
ERROR : Sep 06 17:37:29 RADIUS EAPState: Nak got : 19
?Debug : Sep 06 17:37:29 AuthServer: EAP: After In state: 129
?Debug : Sep 06 17:37:29 AuthServer: EAP: After Out state <129> step result <22>
?Debug : Sep 06 17:37:29 AuthServer: EAP: state failure !
?Debug : Sep 06 17:37:29 AuthServer: EAP: Reply send
?Debug : Sep 06 17:37:29 AuthServer: EAP in progress! Storing session with id <test_1157546249_26>
?Debug : Sep 06 17:37:29 AuthServer: Auth reply: RPacket:
Code: 3; ID: 27
<Vendor: 0; Attr: 79>[4]: 04030004
<Vendor: 0; Attr: 80>[16]: 00000000000000000000000000000000
?Debug : Sep 06 17:37:29 RADIUS Packet: raw data constructed! size <44>
?Debug : Sep 06 17:37:29 RadiusSocket: Moving RADIUS packet into send queue
?Debug : Sep 06 17:37:29 RADIUS Packet: Old message authenticator <00000000000000000000000000000000>
?Debug : Sep 06 17:37:29 RADIUS Packet: Setting HMAC MD5 for outgoing packet! size <44>
?Debug : Sep 06 17:37:29 RADIUS Packet: HMAC MD5 calculation called. Raw data length <44>
?Debug : Sep 06 17:37:29 RADIUS Packet: New message authenticator <676f6a320daad2545d5f2fa47c361d6a>
?Debug : Sep 06 17:37:29 AuthServer: Next...
?Trace : Sep 06 17:37:29 AuthServer: Process loop step
?Debug : Sep 06 17:37:29 RadiusSocket: Waiting for RADIUS raw data
?Debug : Sep 06 17:37:29 RadiusSocket: RADIUS raw data sent
Не меняя настройки AP1200, делаю авторизацию через FreeRadius на том же сервер, где и NETUP- все удачно проходит.
Авторизация 802.1x + radius netup
D-Link DES1228, не пашет авторизация, вот что в радиус логе:
?Debug : Feb 17 11:39:08 RADIUS Packet: Old message authenticator <00000000000000000000000000000000>
?Debug : Feb 17 11:39:08 RADIUS Packet: Setting HMAC MD5 for outgoing packet! size <44>
?Debug : Feb 17 11:39:08 RADIUS Packet: HMAC MD5 calculation called. Raw data length <44>
?Debug : Feb 17 11:39:08 RADIUS Packet: New message authenticator <47dcddf9520b5cfbf25cc9f7b4671247>
?Debug : Feb 17 11:39:08 RadiusSocket: RADIUS raw data sent
?Debug : Feb 17 11:39:08 AuthServer: Next...
?Trace : Feb 17 11:39:08 AuthServer: Process loop step
?Debug : Feb 17 11:39:08 RadiusSocket: Waiting for RADIUS raw data
?Debug : Feb 17 11:39:12 RADIUS Stream[plugin]: Ping reply received
?Debug : Feb 17 11:39:42 RADIUS Stream[plugin]: Ping reply received
?Debug : Feb 17 11:40:12 RadiusSocket: RADIUS packet successfully received
?Debug : Feb 17 11:40:12 RadiusSocket: RADIUS raw data obtained
?Debug : Feb 17 11:40:12 RADIUS Packet: Size <177>; HDR.Size <177>
?Debug : Feb 17 11:40:12 AuthServer: Recv...
?Debug : Feb 17 11:40:12 AuthServer: Packet from NAS <10.10.20.254>
?Debug : Feb 17 11:40:12 RADIUS DBA: NAS found. Data size <0>
?Debug : Feb 17 11:40:12 AuthServer: Packet from <10.10.20.254> packet dump: RPacket:
Code: 1; ID: 18
<Vendor: 0; Attr: 1>[2]: 6564
<Vendor: 0; Attr: 4>[4]: 0a0a14fe
<Vendor: 0; Attr: 5>[4]: 00000009
<Vendor: 0; Attr: 6>[4]: 00000002
<Vendor: 0; Attr: 12>[4]: 000005ba
<Vendor: 0; Attr: 30>[17]: 30302d32362d35612d30382d34612d6433
<Vendor: 0; Attr: 31>[17]: 30302d30632d37362d37652d30342d3866
<Vendor: 0; Attr: 32>[6]: 442d4c696e6b
<Vendor: 0; Attr: 61>[4]: 0000000f
<Vendor: 0; Attr: 77>[36]: 434f4e4e4543542045746865726e6574203130304d6270732046756c6c206475706c6578
<Vendor: 0; Attr: 79>[7]: 02010007016564
<Vendor: 0; Attr: 80>[16]: d38ab59de9b04e3732677c295acc9d10
<Vendor: 0; Attr: 87>[10]: 6574686572395f313239
?Debug : Feb 17 11:40:12 AuthServer: User <ed> connecting
?Debug : Feb 17 11:40:12 AuthServer: EAP message detected without State. State <ed_1266374412_18> generated. Using it as session id for storing in sessions cache.
?Debug : Feb 17 11:40:12 AuthServer: Session for sessionid <ed_1266374412_18> not found in <10.10.20.254> cache
?Debug : Feb 17 11:40:12 RADIUS DBA: Info for login <ed> found. type <1>
?Debug : Feb 17 11:40:12 AuthServer: Auth scheme: EAP
ERROR : Feb 17 11:40:12 AuthServer: EAP subsystem called. Supporting: EAP-MD5
?Debug : Feb 17 11:40:12 RADIUS Packet: Message-Authenticator verification called
?Debug : Feb 17 11:40:12 RADIUS Packet: Message-Authenticator found. Setting for requested value.
?Debug : Feb 17 11:40:12 RADIUS Packet: HMAC MD5 calculation called. Raw data length <177>
?Debug : Feb 17 11:40:12 RADIUS Packet: EAP: calculated message authenticator <d38ab59de9b04e3732677c295acc9d10> original message authenticator <d38ab59de9b04e3732677c295acc9d10>
?Debug : Feb 17 11:40:12 RADIUS Packet: Message-Authenticator found. Setting for requested value.
?Debug : Feb 17 11:40:12 RADIUS Packet: EAP: packet from NAS with correct message authenticator!
?Debug : Feb 17 11:40:12 AuthServer: EAP: Message-Authenticator verify success
?Debug : Feb 17 11:40:12 AuthServer: EAP: incoming packet authenticator <b5f716d7c5423d4659c1d16bdff52de5>. setting it to outgoing packet.
?Debug : Feb 17 11:40:12 AuthServer: EAP: Current state: 0
?Debug : Feb 17 11:40:12 AuthServer: EAP Dump: eap code <2> eap type <1> eap size 2 (eap id 1)
?Debug : Feb 17 11:40:12 AuthServer: EAP: After In state: 2
?Debug : Feb 17 11:40:12 AuthServer: EAP: Identity <ed> got
?Debug : Feb 17 11:40:12 RADIUS DBA: Info for login <ed> found. type <1>
?Debug : Feb 17 11:40:12 RADIUS EAPState: Setting replay code to 'request', Type to 'auth_chap (EAP-MD5 request)'
?Debug : Feb 17 11:40:12 RADIUS EAPState: Generated challenge<100c577b4b847f00262865ef269c03addf> size<17>
?Debug : Feb 17 11:40:12 AuthServer: EAP: After Out state <3> step result <0>
?Debug : Feb 17 11:40:12 AuthServer: EAP: state challenge! Setting State<ed_1266374412_18>
?Debug : Feb 17 11:40:12 AuthServer: EAP: Reply send
?Debug : Feb 17 11:40:12 AuthServer: EAP in progress! Storing session with id <ed_1266374412_18>
?Debug : Feb 17 11:40:12 AuthServer: Auth reply: RPacket:
Code: 11; ID: 18
<Vendor: 0; Attr: 24>[16]: 65645f313236363337343431325f3138
<Vendor: 0; Attr: 79>[22]: 0102001604100c577b4b847f00262865ef269c03addf
<Vendor: 0; Attr: 80>[16]: 00000000000000000000000000000000
?Debug : Feb 17 11:40:12 RADIUS Packet: raw data constructed! size <80>
?Debug : Feb 17 11:40:12 RadiusSocket: Moving RADIUS packet into send queue
?Debug : Feb 17 11:40:12 RADIUS Packet: Old message authenticator <00000000000000000000000000000000>
?Debug : Feb 17 11:40:12 RADIUS Packet: Setting HMAC MD5 for outgoing packet! size <80>
?Debug : Feb 17 11:40:12 RADIUS Packet: HMAC MD5 calculation called. Raw data length <80>
?Debug : Feb 17 11:40:12 RADIUS Packet: New message authenticator <abfc4c83b03777a01df2016a48367f2e>
?Debug : Feb 17 11:40:12 RadiusSocket: RADIUS raw data sent
?Debug : Feb 17 11:40:12 AuthServer: Next...
?Trace : Feb 17 11:40:12 AuthServer: Process loop step
?Debug : Feb 17 11:40:12 RadiusSocket: Waiting for RADIUS raw data
?Debug : Feb 17 11:40:12 RADIUS Stream[plugin]: Ping reply received
?Debug : Feb 17 11:40:12 RadiusSocket: RADIUS packet successfully received
?Debug : Feb 17 11:40:12 RadiusSocket: RADIUS raw data obtained
?Debug : Feb 17 11:40:12 RADIUS Packet: Size <194>; HDR.Size <194>
?Debug : Feb 17 11:40:12 AuthServer: Recv...
?Debug : Feb 17 11:40:12 AuthServer: Packet from NAS <10.10.20.254>
?Debug : Feb 17 11:40:12 RADIUS DBA: NAS found. Data size <0>
?Debug : Feb 17 11:40:12 AuthServer: Packet from <10.10.20.254> packet dump: RPacket:
Code: 1; ID: 19
<Vendor: 0; Attr: 1>[2]: 6564
<Vendor: 0; Attr: 4>[4]: 0a0a14fe
<Vendor: 0; Attr: 5>[4]: 00000009
<Vendor: 0; Attr: 6>[4]: 00000002
<Vendor: 0; Attr: 12>[4]: 000005ba
<Vendor: 0; Attr: 24>[16]: 65645f313236363337343431325f3138
<Vendor: 0; Attr: 30>[17]: 30302d32362d35612d30382d34612d6433
<Vendor: 0; Attr: 31>[17]: 30302d30632d37362d37652d30342d3866
<Vendor: 0; Attr: 32>[6]: 442d4c696e6b
<Vendor: 0; Attr: 61>[4]: 0000000f
<Vendor: 0; Attr: 77>[36]: 434f4e4e4543542045746865726e6574203130304d6270732046756c6c206475706c6578
<Vendor: 0; Attr: 79>[6]: 020200060319
<Vendor: 0; Attr: 80>[16]: 13001902e75efe1f85fb530a4b7664a9
<Vendor: 0; Attr: 87>[10]: 6574686572395f313239
?Debug : Feb 17 11:40:12 AuthServer: User <ed> connecting
?Debug : Feb 17 11:40:12 AuthServer: EAP message detected. Using State <ed_1266374412_18> as session id for storing in sessions cache.
?Debug : Feb 17 11:40:12 AuthServer: Session for <ed_1266374412_18> found in <10.10.20.254> cache
?Debug : Feb 17 11:40:12 RADIUS DBA: Info for login <ed> found. type <1>
?Debug : Feb 17 11:40:12 AuthServer: Auth scheme: EAP
ERROR : Feb 17 11:40:12 AuthServer: EAP subsystem called. Supporting: EAP-MD5
?Debug : Feb 17 11:40:12 RADIUS Packet: Message-Authenticator verification called
?Debug : Feb 17 11:40:12 RADIUS Packet: Message-Authenticator found. Setting for requested value.
?Debug : Feb 17 11:40:12 RADIUS Packet: HMAC MD5 calculation called. Raw data length <194>
?Debug : Feb 17 11:40:12 RADIUS Packet: EAP: calculated message authenticator <13001902e75efe1f85fb530a4b7664a9> original message authenticator <13001902e75efe1f85fb530a4b7664a9>
?Debug : Feb 17 11:40:12 RADIUS Packet: Message-Authenticator found. Setting for requested value.
?Debug : Feb 17 11:40:12 RADIUS Packet: EAP: packet from NAS with correct message authenticator!
?Debug : Feb 17 11:40:12 AuthServer: EAP: Message-Authenticator verify success
?Debug : Feb 17 11:40:12 AuthServer: EAP: incoming packet authenticator <796fbe2c97e467e7a63277d42948247f>. setting it to outgoing packet.
?Debug : Feb 17 11:40:12 AuthServer: EAP: Current state: 3
?Debug : Feb 17 11:40:12 AuthServer: EAP Dump: eap code <2> eap type <3> eap size 1 (eap id 2)
ERROR : Feb 17 11:40:12 RADIUS EAPState: Nak got : 19
?Debug : Feb 17 11:40:12 AuthServer: EAP: After In state: 129
?Debug : Feb 17 11:40:12 AuthServer: EAP: After Out state <129> step result <22>
?Debug : Feb 17 11:40:12 AuthServer: EAP: state failure !
?Debug : Feb 17 11:40:12 AuthServer: EAP: Reply send
?Debug : Feb 17 11:40:12 AuthServer: EAP in progress! Storing session with id <ed_1266374412_18>
?Debug : Feb 17 11:40:12 AuthServer: Auth reply: RPacket:
Code: 3; ID: 19
<Vendor: 0; Attr: 79>[4]: 04020004
<Vendor: 0; Attr: 80>[16]: 00000000000000000000000000000000
?Debug : Feb 17 11:40:12 RADIUS Packet: raw data constructed! size <44>
?Debug : Feb 17 11:40:12 RadiusSocket: Moving RADIUS packet into send queue
?Debug : Feb 17 11:40:12 RADIUS Packet: Old message authenticator <00000000000000000000000000000000>
?Debug : Feb 17 11:40:12 RADIUS Packet: Setting HMAC MD5 for outgoing packet! size <44>
?Debug : Feb 17 11:40:12 RADIUS Packet: HMAC MD5 calculation called. Raw data length <44>
?Debug : Feb 17 11:40:12 RADIUS Packet: New message authenticator <87bf375ed6f5fe49f6281daf0fd24181>
?Debug : Feb 17 11:40:12 RadiusSocket: RADIUS raw data sent
?Debug : Feb 17 11:40:12 AuthServer: Next...
?Trace : Feb 17 11:40:12 AuthServer: Process loop step
?Debug : Feb 17 11:40:12 RadiusSocket: Waiting for RADIUS raw data
В чем может быть проблема?
?Debug : Feb 17 11:39:08 RADIUS Packet: Old message authenticator <00000000000000000000000000000000>
?Debug : Feb 17 11:39:08 RADIUS Packet: Setting HMAC MD5 for outgoing packet! size <44>
?Debug : Feb 17 11:39:08 RADIUS Packet: HMAC MD5 calculation called. Raw data length <44>
?Debug : Feb 17 11:39:08 RADIUS Packet: New message authenticator <47dcddf9520b5cfbf25cc9f7b4671247>
?Debug : Feb 17 11:39:08 RadiusSocket: RADIUS raw data sent
?Debug : Feb 17 11:39:08 AuthServer: Next...
?Trace : Feb 17 11:39:08 AuthServer: Process loop step
?Debug : Feb 17 11:39:08 RadiusSocket: Waiting for RADIUS raw data
?Debug : Feb 17 11:39:12 RADIUS Stream[plugin]: Ping reply received
?Debug : Feb 17 11:39:42 RADIUS Stream[plugin]: Ping reply received
?Debug : Feb 17 11:40:12 RadiusSocket: RADIUS packet successfully received
?Debug : Feb 17 11:40:12 RadiusSocket: RADIUS raw data obtained
?Debug : Feb 17 11:40:12 RADIUS Packet: Size <177>; HDR.Size <177>
?Debug : Feb 17 11:40:12 AuthServer: Recv...
?Debug : Feb 17 11:40:12 AuthServer: Packet from NAS <10.10.20.254>
?Debug : Feb 17 11:40:12 RADIUS DBA: NAS found. Data size <0>
?Debug : Feb 17 11:40:12 AuthServer: Packet from <10.10.20.254> packet dump: RPacket:
Code: 1; ID: 18
<Vendor: 0; Attr: 1>[2]: 6564
<Vendor: 0; Attr: 4>[4]: 0a0a14fe
<Vendor: 0; Attr: 5>[4]: 00000009
<Vendor: 0; Attr: 6>[4]: 00000002
<Vendor: 0; Attr: 12>[4]: 000005ba
<Vendor: 0; Attr: 30>[17]: 30302d32362d35612d30382d34612d6433
<Vendor: 0; Attr: 31>[17]: 30302d30632d37362d37652d30342d3866
<Vendor: 0; Attr: 32>[6]: 442d4c696e6b
<Vendor: 0; Attr: 61>[4]: 0000000f
<Vendor: 0; Attr: 77>[36]: 434f4e4e4543542045746865726e6574203130304d6270732046756c6c206475706c6578
<Vendor: 0; Attr: 79>[7]: 02010007016564
<Vendor: 0; Attr: 80>[16]: d38ab59de9b04e3732677c295acc9d10
<Vendor: 0; Attr: 87>[10]: 6574686572395f313239
?Debug : Feb 17 11:40:12 AuthServer: User <ed> connecting
?Debug : Feb 17 11:40:12 AuthServer: EAP message detected without State. State <ed_1266374412_18> generated. Using it as session id for storing in sessions cache.
?Debug : Feb 17 11:40:12 AuthServer: Session for sessionid <ed_1266374412_18> not found in <10.10.20.254> cache
?Debug : Feb 17 11:40:12 RADIUS DBA: Info for login <ed> found. type <1>
?Debug : Feb 17 11:40:12 AuthServer: Auth scheme: EAP
ERROR : Feb 17 11:40:12 AuthServer: EAP subsystem called. Supporting: EAP-MD5
?Debug : Feb 17 11:40:12 RADIUS Packet: Message-Authenticator verification called
?Debug : Feb 17 11:40:12 RADIUS Packet: Message-Authenticator found. Setting for requested value.
?Debug : Feb 17 11:40:12 RADIUS Packet: HMAC MD5 calculation called. Raw data length <177>
?Debug : Feb 17 11:40:12 RADIUS Packet: EAP: calculated message authenticator <d38ab59de9b04e3732677c295acc9d10> original message authenticator <d38ab59de9b04e3732677c295acc9d10>
?Debug : Feb 17 11:40:12 RADIUS Packet: Message-Authenticator found. Setting for requested value.
?Debug : Feb 17 11:40:12 RADIUS Packet: EAP: packet from NAS with correct message authenticator!
?Debug : Feb 17 11:40:12 AuthServer: EAP: Message-Authenticator verify success
?Debug : Feb 17 11:40:12 AuthServer: EAP: incoming packet authenticator <b5f716d7c5423d4659c1d16bdff52de5>. setting it to outgoing packet.
?Debug : Feb 17 11:40:12 AuthServer: EAP: Current state: 0
?Debug : Feb 17 11:40:12 AuthServer: EAP Dump: eap code <2> eap type <1> eap size 2 (eap id 1)
?Debug : Feb 17 11:40:12 AuthServer: EAP: After In state: 2
?Debug : Feb 17 11:40:12 AuthServer: EAP: Identity <ed> got
?Debug : Feb 17 11:40:12 RADIUS DBA: Info for login <ed> found. type <1>
?Debug : Feb 17 11:40:12 RADIUS EAPState: Setting replay code to 'request', Type to 'auth_chap (EAP-MD5 request)'
?Debug : Feb 17 11:40:12 RADIUS EAPState: Generated challenge<100c577b4b847f00262865ef269c03addf> size<17>
?Debug : Feb 17 11:40:12 AuthServer: EAP: After Out state <3> step result <0>
?Debug : Feb 17 11:40:12 AuthServer: EAP: state challenge! Setting State<ed_1266374412_18>
?Debug : Feb 17 11:40:12 AuthServer: EAP: Reply send
?Debug : Feb 17 11:40:12 AuthServer: EAP in progress! Storing session with id <ed_1266374412_18>
?Debug : Feb 17 11:40:12 AuthServer: Auth reply: RPacket:
Code: 11; ID: 18
<Vendor: 0; Attr: 24>[16]: 65645f313236363337343431325f3138
<Vendor: 0; Attr: 79>[22]: 0102001604100c577b4b847f00262865ef269c03addf
<Vendor: 0; Attr: 80>[16]: 00000000000000000000000000000000
?Debug : Feb 17 11:40:12 RADIUS Packet: raw data constructed! size <80>
?Debug : Feb 17 11:40:12 RadiusSocket: Moving RADIUS packet into send queue
?Debug : Feb 17 11:40:12 RADIUS Packet: Old message authenticator <00000000000000000000000000000000>
?Debug : Feb 17 11:40:12 RADIUS Packet: Setting HMAC MD5 for outgoing packet! size <80>
?Debug : Feb 17 11:40:12 RADIUS Packet: HMAC MD5 calculation called. Raw data length <80>
?Debug : Feb 17 11:40:12 RADIUS Packet: New message authenticator <abfc4c83b03777a01df2016a48367f2e>
?Debug : Feb 17 11:40:12 RadiusSocket: RADIUS raw data sent
?Debug : Feb 17 11:40:12 AuthServer: Next...
?Trace : Feb 17 11:40:12 AuthServer: Process loop step
?Debug : Feb 17 11:40:12 RadiusSocket: Waiting for RADIUS raw data
?Debug : Feb 17 11:40:12 RADIUS Stream[plugin]: Ping reply received
?Debug : Feb 17 11:40:12 RadiusSocket: RADIUS packet successfully received
?Debug : Feb 17 11:40:12 RadiusSocket: RADIUS raw data obtained
?Debug : Feb 17 11:40:12 RADIUS Packet: Size <194>; HDR.Size <194>
?Debug : Feb 17 11:40:12 AuthServer: Recv...
?Debug : Feb 17 11:40:12 AuthServer: Packet from NAS <10.10.20.254>
?Debug : Feb 17 11:40:12 RADIUS DBA: NAS found. Data size <0>
?Debug : Feb 17 11:40:12 AuthServer: Packet from <10.10.20.254> packet dump: RPacket:
Code: 1; ID: 19
<Vendor: 0; Attr: 1>[2]: 6564
<Vendor: 0; Attr: 4>[4]: 0a0a14fe
<Vendor: 0; Attr: 5>[4]: 00000009
<Vendor: 0; Attr: 6>[4]: 00000002
<Vendor: 0; Attr: 12>[4]: 000005ba
<Vendor: 0; Attr: 24>[16]: 65645f313236363337343431325f3138
<Vendor: 0; Attr: 30>[17]: 30302d32362d35612d30382d34612d6433
<Vendor: 0; Attr: 31>[17]: 30302d30632d37362d37652d30342d3866
<Vendor: 0; Attr: 32>[6]: 442d4c696e6b
<Vendor: 0; Attr: 61>[4]: 0000000f
<Vendor: 0; Attr: 77>[36]: 434f4e4e4543542045746865726e6574203130304d6270732046756c6c206475706c6578
<Vendor: 0; Attr: 79>[6]: 020200060319
<Vendor: 0; Attr: 80>[16]: 13001902e75efe1f85fb530a4b7664a9
<Vendor: 0; Attr: 87>[10]: 6574686572395f313239
?Debug : Feb 17 11:40:12 AuthServer: User <ed> connecting
?Debug : Feb 17 11:40:12 AuthServer: EAP message detected. Using State <ed_1266374412_18> as session id for storing in sessions cache.
?Debug : Feb 17 11:40:12 AuthServer: Session for <ed_1266374412_18> found in <10.10.20.254> cache
?Debug : Feb 17 11:40:12 RADIUS DBA: Info for login <ed> found. type <1>
?Debug : Feb 17 11:40:12 AuthServer: Auth scheme: EAP
ERROR : Feb 17 11:40:12 AuthServer: EAP subsystem called. Supporting: EAP-MD5
?Debug : Feb 17 11:40:12 RADIUS Packet: Message-Authenticator verification called
?Debug : Feb 17 11:40:12 RADIUS Packet: Message-Authenticator found. Setting for requested value.
?Debug : Feb 17 11:40:12 RADIUS Packet: HMAC MD5 calculation called. Raw data length <194>
?Debug : Feb 17 11:40:12 RADIUS Packet: EAP: calculated message authenticator <13001902e75efe1f85fb530a4b7664a9> original message authenticator <13001902e75efe1f85fb530a4b7664a9>
?Debug : Feb 17 11:40:12 RADIUS Packet: Message-Authenticator found. Setting for requested value.
?Debug : Feb 17 11:40:12 RADIUS Packet: EAP: packet from NAS with correct message authenticator!
?Debug : Feb 17 11:40:12 AuthServer: EAP: Message-Authenticator verify success
?Debug : Feb 17 11:40:12 AuthServer: EAP: incoming packet authenticator <796fbe2c97e467e7a63277d42948247f>. setting it to outgoing packet.
?Debug : Feb 17 11:40:12 AuthServer: EAP: Current state: 3
?Debug : Feb 17 11:40:12 AuthServer: EAP Dump: eap code <2> eap type <3> eap size 1 (eap id 2)
ERROR : Feb 17 11:40:12 RADIUS EAPState: Nak got : 19
?Debug : Feb 17 11:40:12 AuthServer: EAP: After In state: 129
?Debug : Feb 17 11:40:12 AuthServer: EAP: After Out state <129> step result <22>
?Debug : Feb 17 11:40:12 AuthServer: EAP: state failure !
?Debug : Feb 17 11:40:12 AuthServer: EAP: Reply send
?Debug : Feb 17 11:40:12 AuthServer: EAP in progress! Storing session with id <ed_1266374412_18>
?Debug : Feb 17 11:40:12 AuthServer: Auth reply: RPacket:
Code: 3; ID: 19
<Vendor: 0; Attr: 79>[4]: 04020004
<Vendor: 0; Attr: 80>[16]: 00000000000000000000000000000000
?Debug : Feb 17 11:40:12 RADIUS Packet: raw data constructed! size <44>
?Debug : Feb 17 11:40:12 RadiusSocket: Moving RADIUS packet into send queue
?Debug : Feb 17 11:40:12 RADIUS Packet: Old message authenticator <00000000000000000000000000000000>
?Debug : Feb 17 11:40:12 RADIUS Packet: Setting HMAC MD5 for outgoing packet! size <44>
?Debug : Feb 17 11:40:12 RADIUS Packet: HMAC MD5 calculation called. Raw data length <44>
?Debug : Feb 17 11:40:12 RADIUS Packet: New message authenticator <87bf375ed6f5fe49f6281daf0fd24181>
?Debug : Feb 17 11:40:12 RadiusSocket: RADIUS raw data sent
?Debug : Feb 17 11:40:12 AuthServer: Next...
?Trace : Feb 17 11:40:12 AuthServer: Process loop step
?Debug : Feb 17 11:40:12 RadiusSocket: Waiting for RADIUS raw data
В чем может быть проблема?
Добрый день!fisben писал(а):следующая ошибка:
ERROR : Feb 18 15:20:31 RADIUS EAPState: Chap responce check failed! May be password is incorrect. Rejecting ...
Ситуация очень похожая.
Так в чем же собственно были проблемы и как их можно решить?
А также возникает вопрос:
реализован ли вообще в текущей сборке (007) UTM Radius протокол EAP?
Спасибо, если кто ответит.
Похоже, что во всех описанных неудачных случаях используется авторизация по EAP, отличным от EAP-MD5. А можно использовать только EAP-MD5.TiRider писал(а):АП! Тоже подниму тему повыше. На тестовом стенде такая же вещь возникает. И пока не победил... А внедрять уже надо бы на "живых" юзеров.
http://www.netup.ru/UTM5/articles.php?n=15
Похоже других методов шифрования utm radius не поддерживает и не ожидается.
