radius认证过程
1. 系统启动好后,监听端口
Listening on authentication *:1812
Listening on accounting *:1813
Ready to process requests.
2. 收到客户端认证请求
rad_recv: Access-Request packet from host 192.168.4.98:1812, id=1, length=252
User-Name = "test2"
NAS-IP-Address = 192.168.4.98
NAS-Port = 2
NAS-Identifier = "00D0F8AE52A0 "
Calling-Station-Id = "00E04CEBD2B0 "
Service-Type = 33685504
Framed-Routing = Broadcast
Framed-IP-Address = 172.18.132.132
Framed-IP-Netmask = 255.255.252.0
Framed-Route = "172.18.132.1"
Login-IP-Host = 202.202.32.33
Vendor-4881-Attr-17 = 0x38303231782e657865000000000000000000000000000000000000000000000002320000
Vendor-4881-Attr-23 = 0x3434366530663032663466626635303835323738383732383139326365653639
Vendor-4881-Attr-4 = 0x0000014d
CHAP-Password = 0x012974e1695592029554f223f78bb29a57
CHAP-Challenge = 0xafcef9aab35b5f36e22b1403d59fb0a6
Framed-Protocol = PPP
#首先进行authorize步骤,依次调用radiusd.conf中authorize模块定义的preprocess, chap和sql子模块
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
radius_xlat: '/usr/local/radius/var/log/radius/radacct/192.168.4.98/auth-detail-20070110'
rlm_detail: /usr/local/radius/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /usr/local/radius/var/log/radius/radacct/192.168.4.98/auth-detail-20070110
modcall[authorize]: module "auth_log" returns ok for request 0
rlm_chap: Setting 'Auth-Type := CHAP'
modcall[authorize]: module "chap" returns ok for request 0
#sql子模块应用sql.conf中定义的authorize段取出各种数据,供下一步使用
radius_xlat: 'test2'
rlm_sql (sql): sql_set_user escaped user --> 'test2'
radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = RTRIM('test2') ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 8
radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE https://www.wendangku.net/doc/f67216473.html,ername = RTRIM('test2') AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'
radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radreply WHERE Username = RTRIM('test2') ORDER BY id'
radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE https://www.wendangku.net/doc/f67216473.html,ername = RTRIM('test2') AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id'
rlm_sql (sql): Released sql socket id: 8
modcall[authorize]: module "sql" returns ok for request 0
modcall: leaving group authorize (returns ok) for request 0
#然后进行authenticate步骤,对密码进
行验证
rad_check_password: Found Auth-Type CHAP
auth: type "CHAP"
Processing the authenticate section of radiusd.conf
modcall: entering group CHAP for request 0
rlm_chap: login attempt by "test2" with CHAP password
rlm_chap: Using clear text password noc@cqupt for user test2 authentication.
rlm_chap: chap user test2 authenticated succesfully
modcall[authenticate]: module "chap" returns ok for request 0
modcall: leaving group CHAP (returns ok) for request 0
#然后进入session步骤,该步骤似乎主要是验证同时上线的用户数。这里有点奇怪:本次认证还没有向radacct表写数据,所以这里select count的结果应该为0
Processing the session section of radiusd.conf
modcall: entering group session for request 0
radius_xlat: 'test2'
rlm_sql (sql): sql_set_user escaped user --> 'test2'
radius_xlat: 'SELECT COUNT(*) FROM radacct WHERE UserName=RTRIM('test2') AND AcctStopTime = 0'
rlm_sql (sql): Reserving sql socket id: 7
rlm_sql (sql): Released sql socket id: 7
modcall[session]: module "sql" returns ok for request 0
modcall: leaving group session (returns ok) for request 0
#一切通过后,看来验证通过了,下面就进入post-auth和account阶段
Login OK: [test2] (from client stu33-s2026f-1 port 2 cli 00E04CEBD2B0 )
Processing the post-auth section of radiusd.conf
modcall: entering group post-auth for request 0
rlm_sql (sql): Processing sql_postauth
radius_xlat: 'test2'
rlm_sql (sql): sql_set_user escaped user --> 'test2'
modcall[post-auth]: module "sql" returns noop for request 0
modcall: leaving group post-auth (returns noop) for request 0
#post-auth也通过了,用户上线了,开始记帐
Sending Access-Accept of id 1 to 192.168.4.98 port 1812
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 3 seconds...
rad_recv: Accounting-Request packet from host 192.168.4.98:1813, id=2, length=131
NAS-IP-Address = 192.168.4.98
NAS-Port = 2
NAS-Identifier = "00D0F8AE52A0 "
Calling-Station-Id = "00E04CEBD2B0 "
Acct-Status-Type = Start
Acct-Delay-Time = 0
Acct-Session-Id = "00D0F8AE52A0 00E04CEBD2B0 17257609"
Acct-Authentic = RADIUS
User-Name = "test2"
Framed-IP-Address = 172.18.132.132
#收到开始记帐的信息,先对信息进行预处理
Processing the preacct section of radiusd.conf
modcall: entering group preacct for request 1
modcall[preacct]: module "preprocess" returns noop for request 1
rlm_acct_unique: Hashing 'Calling-Station-Id = "00E04CEBD2B0 ",NAS-Port = 2,Client-IP-Address = 192.168.4.98,NAS-IP-Address = 192.168.4.98,Acct-Session-Id = "00D0F8AE52A0 00E04CEBD2B0 17257609",User-Name = "test2"'
rlm_acct_unique: Acct-Unique-Session-ID = "e42a0adae57c6cfc".
modcall[preacct]: module "acct_unique" returns ok for request 1
modcall: leaving group preacct (returns ok) for request 1
#
预处理通过,开始正式记帐,入库
Processing the accounting section of radiusd.conf
modcall: entering group accounting for request 1
radius_xlat: 'test2'
rlm_sql (sql): sql_set_user escaped user --> 'test2'
radius_xlat: 'INSERT into radacct (AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctStopTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, AcctTerminateCause, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay, AcctStopDelay) values('00D0F8AE52A0 00E04CEBD2B0 17257609', 'e42a0adae57c6cfc', RTRIM('test2'), '', '192.168.4.98', '2', '', '2007-01-10 16:28:06', '0', '0', 'RADIUS', '', '', '0', '0', '', '00E04CEBD2B0 ', '', '', '', '172.18.132.132', '0', '0')'
rlm_sql (sql): Reserving sql socket id: 6
rlm_sql (sql): Released sql socket id: 6
modcall[accounting]: module "sql" returns ok for request 1
modcall: leaving group accounting (returns ok) for request 1
Sending Accounting-Response of id 2 to 192.168.4.98 port 1813
Finished request 1
Going to the next request
Waking up in 3 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 1 with timestamp 45a4a396
Cleaning up request 1 ID 2 with timestamp 45a4a396
Nothing to do. Sleeping until we see a request.
3. 用户下线,终止记帐
rad_recv: Accounting-Request packet from host 192.168.4.98:1813, id=1, length=179
NAS-IP-Address = 192.168.4.98
NAS-Port = 2
NAS-Identifier = "00D0F8AE52A0 "
Calling-Station-Id = "00E04CEBD2B0 "
Acct-Status-Type = Stop
Acct-Delay-Time = 0
Acct-Session-Id = "00D0F8AE52A0 00E04CEBD2B0 17257609"
Acct-Authentic = RADIUS
Acct-Session-Time = 165
Acct-Terminate-Cause = User-Request
User-Name = "test2"
Acct-Input-Octets = 4171
Acct-Output-Octets = 800
Acct-Input-Packets = 17
Acct-Output-Packets = 10
Acct-Input-Gigawords = 0
Acct-Output-Gigawords = 0
Framed-IP-Address = 172.18.132.132
#同样先对记帐信息进行预处理
Processing the preacct section of radiusd.conf
modcall: entering group preacct for request 2
modcall[preacct]: module "preprocess" returns noop for request 2
rlm_acct_unique: Hashing 'Calling-Station-Id = "00E04CEBD2B0 ",NAS-Port = 2,Client-IP-Address = 192.168.4.98,NAS-IP-Address = 192.168.4.98,Acct-Session-Id = "00D0F8AE52A0 00E04CEBD2B0 17257609",User-Name = "test2"'
rlm_acct_unique: Acct-Unique-Session-ID = "e42a0adae57c6cfc".
modcall[preacct]: module "acct_unique" returns ok for request 2
modcall: leaving group preacct (returns ok) for request 2
#预处理完成,终止记帐
Processing the accounting section of radiusd.conf
modcall: entering group accounting for request 2
radius_xlat: 'test2'
rlm_sql (sql): sql_set_user escaped user --> 'test2'
radius_xlat: 'UPDATE radacct SET AcctStopTime = '2007-01-10 16:30:51', AcctSessionTime = '165', AcctInputOctets = '4171', AcctOutputOctets = '800', AcctTerminateCause = 'User-Request', AcctStopDelay = '0', ConnectInfo_stop = '', FramedIPAddress = '172.18.132.132' WHERE AcctSessionId = '00D0F8AE52A0 00E04CEBD2B0 17257609' AND UserName = RTRIM('test2') AND NASIPAddress = '192.168.4.98''
rlm_sql (sql): Reserving sql socket id: 5
rlm_sql (sql): Released sql socket id: 5
modcall[accounting]: module "sql" returns ok for request 2
modcall: leaving group accounting (returns ok) for request 2
Sending Accounting-Response of id 1 to 192.168.4.98 port 1813
Finished request 2
Going to the next request
--- Walking the entire request list ---
Waking up in 3 seconds...
--- Walking the entire request list ---
Cleaning up request 2 ID 1 with timestamp 45a4a43b
Nothing to do. Sleeping until we see a request.
- Radius工作原理与Radius认证服务
- (1)RADIUS协议特点及登陆过程
- 使用 RADIUS 身份验证
- 无线技术之RADIUS认证
- 交换机配置Radius认证
- Radius认证服务器的配置与应用讲解
- 用户认证协议RADIUS介绍
- radius认证过程
- 无线技术之RADIUS认证
- RADIUS认证技术介绍
- RADIUS服务器配置
- ROS配置RADIUS认证的方法
- radius认证服务器配置
- Cisco RADIUS认证系统
- ACS与AD结合的Radius的认证
- RADIUS认证
- 配置Radius认证服务器方法
- FREERADIUS验证配置手册
- ssh登录使用radius服务器认证配置方法
- radius协议详解