具体错误如下:
1) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
(1) authorize {
(1) policy filter_username {
(1) if (&User-Name) {
(1) if (&User-Name) -> TRUE
(1) if (&User-Name) {
(1) if (&User-Name =~ / /) {
(1) if (&User-Name =~ / /) -> FALSE
(1) if (&User-Name =~ /@[^@]*@/ ) {
(1) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(1) if (&User-Name =~ /../ ) {
(1) if (&User-Name =~ /../ ) -> FALSE
(1) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+).(.+)$/)) {
(1) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+).(.+)$/)) -> FALSE
(1) if (&User-Name =~ /.$/) {
(1) if (&User-Name =~ /.$/) -> FALSE
(1) if (&User-Name =~ /@./) {
(1) if (&User-Name =~ /@./) -> FALSE
(1) } # if (&User-Name) = notfound
(1) } # policy filter_username = notfound
(1) [preprocess] = ok
(1) [chap] = noop
(1) [mschap] = noop
(1) [digest] = noop
(1) suffix: Checking for suffix after "@"
(1) suffix: Looking up realm "example.org" for User-Name = "user@example.org"
(1) suffix: No such realm "example.org"
(1) [suffix] = noop
(1) eap: Peer sent EAP Response (code 2) ID 11 length 6
(1) eap: No EAP Start, assuming it's an on-going EAP conversation
(1) [eap] = updated
(1) [files] = noop
(1) [expiration] = noop
(1) [logintime] = noop
(1) pap: WARNING: No "known good" password found for the user. Not setting Auth-Type
(1) pap: WARNING: Authentication will fail unless a "known good" password is available
(1) [pap] = noop
(1) } # authorize = updated
(1) Found Auth-Type = eap
(1) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
(1) authenticate {
(1) eap: Expiring EAP session with state 0x230f5f1f230446d4
(1) eap: Finished EAP session with state 0x230f5f1f230446d4
(1) eap: Previous EAP request found for state 0x230f5f1f230446d4, released from the list
(1) eap: Peer sent packet with method EAP NAK (3)
(1) eap: Found mutually acceptable type TLS (13)
(1) eap: Calling submodule eap_tls to process data
(1) eap_tls: Initiating new EAP-TLS session
(1) eap_tls: Setting verify mode to require certificate from client
(1) eap_tls: [eaptls start] = request
(1) eap: Sending EAP Request (code 1) ID 12 length 6
(1) eap: EAP session adding &reply:State = 0x230f5f1f220352d4
(1) [eap] = handled
(1) } # authenticate = handled
(1) Using Post-Auth-Type Challenge
(1) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
(1) Challenge { ... } # empty sub-section is ignored
(1) Sent Access-Challenge Id 228 from 192.168.1.122:1812 to 192.168.1.126:60730 length 0
(1) EAP-Message = 0x010c00060d20
(1) Message-Authenticator = 0x00000000000000000000000000000000
(1) State = 0x230f5f1f220352d482ebe8efe238f6fe
(1) Finished request
错误的原因:
users 配置文件中缺少 对应 的用户名和密码。
解决方法:
在 /usr/local/etc/raddb/users 配置文件中添加 client端用于登录的用户名和密码即可。
#########################################################
# You should add test accounts to the TOP of this file! #
# See the example user "bob" above. #
#########################################################
user@example.org Cleartext-Password := 123456