執行 radtest test test localhost 0 testing123後出現:
Sending Access-Request of id 121 to 127.0.0.1 port 1812
User-Name = "test"
User-Password = "test"
NAS-IP-Address = 192.168.168.7
NAS-Port = 0
Message-Authenticator = 0x00000000000000000000000000000000
rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=121, length=20
這其中各部分的含義是什麼:
(1) 命令行中的 testing123 就是:
FreeRADIUS和NAS的共享密鑰,client.conf中有定義,就是secret……
(2) NAS-IP-Address:
NAS-IP-Address = 221.7.59.90 出現這個現象的,是你的軟件版本有後門的!你把WAN斷開後重啓,NAS-IP地址就指向了127.0.0.1了。
未完待續。
下面是轉自:http://www.dialogic.com/webhelp/BorderNet2020/1.0.0/WebHelp/radatt_nas_ipaddress.htm
RADIUS Attribute - NAS-IP-Address
As Per RFC2865:
This Attribute indicates the identifying IP Address of the NAS which is requesting authentication of the user, and SHOULD be unique to the NAS within the scope of the RADIUS server. NAS-IP-Address is only used in Access-Request packets. Either NAS-IP-Address or NAS-Identifier MUST be present in an Access-Request packet.
Note: The NAS-IP-Address MUST NOT be used to select the shared secret used to authenticate the request. The source IP address of the Access-Request packet MUST be used to select the shared secret.
A summary of the NAS-IP-Address Attribute format is shown below. The fields are transmitted from left to right.