16.04 и Google Authenticator
Извините, если это смехотворно просто. Я уже несколько часов бил головой о стену и больше не вижу. Используя http://www.petenetlive.com/KB/Article/0001256 для установки сервера 16.04 и Google Authenticator - выяснили проблемы до тестирования проверки подлинности. Мой тестовый пользователь просто не может аутентифицироваться. Журналы:
rad_recv: Access-Request packet from host 127.0.0.1 port 33044, id=119, length=74
User-Name = "test"
User-Password = "password320046"
NAS-IP-Address = 127.0.1.1
NAS-Port = 18120
Message-Authenticator = 0xbcda8e15e00cccbf7ca98408383dd0b8
Mon Apr 24 11:50:19 2017 : Info: # Executing section authorize from file /etc/freeradius/sites-enabled/default
Mon Apr 24 11:50:19 2017 : Info: +group authorize {
Mon Apr 24 11:50:19 2017 : Info: ++[preprocess] = ok
Mon Apr 24 11:50:19 2017 : Info: ++[chap] = noop
Mon Apr 24 11:50:19 2017 : Info: ++[mschap] = noop
Mon Apr 24 11:50:19 2017 : Info: ++[digest] = noop
Mon Apr 24 11:50:19 2017 : Info: [suffix] No '@' in User-Name = "test", looking up realm NULL
Mon Apr 24 11:50:19 2017 : Info: [suffix] No such realm "NULL"
Mon Apr 24 11:50:19 2017 : Info: ++[suffix] = noop
Mon Apr 24 11:50:19 2017 : Info: [eap] No EAP-Message, not doing EAP
Mon Apr 24 11:50:19 2017 : Info: ++[eap] = noop
Mon Apr 24 11:50:19 2017 : Info: [files] users: Matched entry DEFAULT at line 69
Mon Apr 24 11:50:19 2017 : Info: ++[files] = ok
Mon Apr 24 11:50:19 2017 : Info: ++[expiration] = noop
Mon Apr 24 11:50:19 2017 : Info: ++[logintime] = noop
Mon Apr 24 11:50:19 2017 : Info: [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.
Mon Apr 24 11:50:19 2017 : Info: ++[pap] = noop
Mon Apr 24 11:50:19 2017 : Info: +} # group authorize = ok
Mon Apr 24 11:50:19 2017 : Info: Found Auth-Type = PAM
Mon Apr 24 11:50:19 2017 : Info: # Executing group from file /etc/freeradius/sites-enabled/default
Mon Apr 24 11:50:19 2017 : Info: +group authenticate {
Mon Apr 24 11:50:19 2017 : Debug: pam_pass: using pamauth string <radiusd> for pam.conf lookup
Mon Apr 24 11:50:21 2017 : Debug: pam_pass: function pam_authenticate FAILED for <test>. Reason: Authentication failure
Mon Apr 24 11:50:21 2017 : Info: ++[pam] = reject
Mon Apr 24 11:50:21 2017 : Info: +} # group authenticate = reject
Mon Apr 24 11:50:21 2017 : Info: Failed to authenticate the user.
Mon Apr 24 11:50:21 2017 : Info: Using Post-Auth-Type Reject
Mon Apr 24 11:50:21 2017 : Info: # Executing group from file /etc/freeradius/sites-enabled/default
Mon Apr 24 11:50:21 2017 : Info: +group REJECT {
Mon Apr 24 11:50:21 2017 : Info: [eap] Request didn't contain an EAP-Message, not inserting EAP-Failure
Mon Apr 24 11:50:21 2017 : Info: ++[eap] = noop
Mon Apr 24 11:50:21 2017 : Info: [attr_filter.access_reject] expand: %{User-Name} -> test
Mon Apr 24 11:50:21 2017 : Debug: attr_filter: Matched entry DEFAULT at line 11
Mon Apr 24 11:50:21 2017 : Info: ++[attr_filter.access_reject] = updated
Mon Apr 24 11:50:21 2017 : Info: +} # group REJECT = updated
Sending Access-Reject of id 119 to 127.0.0.1 port 33044
Mon Apr 24 11:50:21 2017 : Info: Finished request 0.
Mon Apr 24 11:50:21 2017 : Debug: Going to the next request
Mon Apr 24 11:50:21 2017 : Debug: Waking up in 4.9 seconds.
Mon Apr 24 11:50:26 2017 : Info: Cleaning up request 0 ID 119 with timestamp +289
Не знаю, что мне не хватает ... кажется простым и окончательным камнем преткновения для настройки GA с помощью моего брандмауэра ..
0
задан terdon
24 April 2017 в 19:03
поделиться