802.1x身份验证存在一些问题,目前,我仅尝试使用MD5 EAP身份验证。 我正在使用连接到Ubiquiti交换机的nVidia TK1,该交换机已连接到运行freeRadius的Ubiquiti网关。
网络配置已在多台PC上进行了测试,但我从未遇到任何问题。
Tegra正在运行Ubuntu 14.04 LTS。
wpa_supplicant v.2.1
wpa请求者配置:
ap_scan=0
ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=0
network={
key_mgmt=IEEE8021X
eap=MD5
identity="hubtest"
password="************"
}
使用以下命令运行wpa_supplicant
$ sudo wpa_supplicant -i eth0 -D wired -t -ddd -c /etc/wpa_supplicant.conf
我总是收到一条消息,提示[eap] Identity does not match User-Name. Authentication failed.。
我不知道自己是否正在寻找正确的错误,无论如何我在这个问题上几乎找不到任何东西
以下是我用来排查故障的各种日志:
wpa_supplicant日志:
1595516226.354444: wpa_supplicant v2.1
1595516226.354536: random: Trying to read entropy from /dev/random
1595516226.354560: Successfully initialized wpa_supplicant
1595516226.354581: Initializing interface 'eth0' conf '/etc/wpa_supplicant.conf' driver 'wired' ctrl_interface 'N/A' bridge 'N/A'
1595516226.354601: Configuration file '/etc/wpa_supplicant.conf' -> '/etc/wpa_supplicant.conf'
1595516226.354616: Reading configuration file '/etc/wpa_supplicant.conf'
1595516226.354667: ap_scan=0
1595516226.354685: ctrl_interface='/var/run/wpa_supplicant'
1595516226.354711: ctrl_interface_group='0'
1595516226.354726: Line: 4 - start of a new network block
1595516226.354741: key_mgmt: 0x8
1595516226.354761: eap met hods - hexdump(len=16): 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00
1595516226.354795: identity - hexdump_ascii(len=7):
68 75 62 74 65 73 74 hubtest
1595516226.354856: password - hexdump_ascii(len=12): [REMOVED]
1595516226.354872: eapol_flags=0 (0x0)
1595516226.354907: Priority group 0
1595516226.354920: id=0 ssid=''
1595516226.355074: wpa_driver_wired_init: Added multicast membership with packet socket
1595516226.355093: Add interface eth0 to a new radio N/A
1595516226.361735: eth0: Own MAC address: 00:01:2e:71:19:49
1595516226.361768: eth0: RSN: flushing PMKID list in the driver
1595516226.361785: eth0: Setting scan request: 0.100000 sec
1595516226.361856: eth0: WPS: UUID based on MAC address: 30ebf11f-e89e-5b9d-8712-f14279bbdd66
1595516226.364970: EAPOL: SUPP_PAE entering state DISCONNECTED
1595516226.365003: EAPOL: Supplicant port status: Unauthorized
1595516226.365018: EAPOL: KEY_RX entering state NO_KEY_RECEIVE
1595516226.365033: EAPOL: SUPP_BE entering state INITIALIZE
1595516226.365045: EAP: EAP entering state DISABLED
1595516226.365849: ctrl_interface_group=0
1595516226.365968: eth0: Added interface eth0
1595516226.365988: eth0: State: DISCONNECTED -> DISCONNECTED
1595516226.366049: random: Got 20/20 bytes from /dev/random
1595516226.461908: EAPOL: External notification - EAP success=0
1595516226.461949: EAPOL: External notification - EAP fail=0
1595516226.461957: EAPOL: External notification - portControl=Auto
1595516226.461972: eth0: Already associated with a configured network - generating associated event
1595516226.461991: eth0: Event ASSOC (0) received
1595516226.462010: eth0: Association info event
1595516226.462025: FT: Stored MDIE and FTIE from (Re)Association Response - hexdump(len=0):
1595516226.462040: eth0: State: DISCONNECTED -> ASSOCIATED
1595516226.462053: eth0: Associated to a new BSS: BSSID=01:80:c2:00:00:03
1595516226.462062: Add randomness: count=1 entropy=0
1595516226.462070: random pool - hexdump(len=128): [REMOVED]
1595516226.462079: random_mix_pool - hexdump(len=8): [REMOVED]
1595516226.462087: random_mix_pool - hexdump(len=6): [REMOVED]
1595516226.462095: random pool - hexdump(len=128): [REMOVED]
1595516226.462104: eth0: Select network based on association information
1595516226.462114: eth0: Network configuration found for the current AP
1595516226.462126: eth0: WPA: clearing AP WPA IE
1595516226.462137: eth0: WPA: clearing AP RSN IE
1595516226.462146: eth0: WPA: clearing own WPA/RSN IE
1595516226.462156: eth0: Failed to get scan results
1595516226.462164: EAPOL: External notification - EAP success=0
1595516226.462172: EAPOL: External notification - EAP fail=0
1595516226.462180: EAPOL: External notification - portControl=Auto
1595516226.462191: eth0: Associated with 01:80:c2:00:00:03
1595516226.462205: eth0: WPA: Association event - clear replay counter
1595516226.462215: eth0: WPA: Clear old PTK
1595516226.462224: EAPOL: External notification - portEnabled=0
1595516226.462233: EAPOL: External notification - portValid=0
1595516226.462241: EAPOL: External notification - portEnabled=1
1595516226.462249: EAPOL: SUPP_PAE entering state CONNECTING
1595516226.462256: EAPOL: SUPP_BE entering state IDLE
1595516226.462264: EAP: EAP entering state INITIALIZE
1595516226.462271: EAP: EAP entering state IDLE
1595516226.462281: eth0: Cancelling scan request
1595516227.365987: EAPOL: startWhen --> 0
1595516227.366028: EAPOL: SUPP_PAE entering state CONNECTING
1595516227.366038: EAPOL: txStart
1595516227.366048: TX EAPOL: dst=01:80:c2:00:00:03
1595516227.366059: TX EAPOL - hexdump(len=4): 01 01 00 00
1595516227.366906: eth0: RX EAPOL from f0:9f:c2:1b:3a:27
1595516227.366930: RX EAPOL - hexdump(len=46): 01 00 00 04 03 01 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1595516227.366956: EAPOL: Received EAP-Packet frame
1595516227.366965: EAPOL: SUPP_PAE entering state RESTART
1595516227.366973: EAP: EAP entering state INITIALIZE
1595516227.366981: EAP: EAP entering state IDLE
1595516227.366989: EAPOL: SUPP_PAE entering state AUTHENTICATING
1595516227.366996: EAPOL: SUPP_BE entering state REQUEST
1595516227.367024: EAPOL: getSuppRsp
1595516227.367033: EAP: EAP entering state RECEIVED
1595516227.367057: EAP: Received EAP-Success
1595516227.367070: EAP: Status notification: completion (param=success)
1595516227.367087: EAP: Workaround for unexpected identifier field in EAP Success: reqId=1 lastId=-1 (these are supposed to be same)
1595516227.367100: EAP: EAP entering state FAILURE
1595516227.367110: eth0: CTRL-EVENT-EAP-FAILURE EAP authentication failed
1595516227.367118: EAPOL: SUPP_PAE entering state HELD
1595516227.367126: EAPOL: Supplicant port status: Unauthorized
1595516227.367134: EAPOL: SUPP_BE entering state RECEIVE
1595516227.367142: EAPOL: SUPP_BE entering state FAIL
1595516227.367149: EAPOL: SUPP_BE entering state IDLE
1595516227.367157: EAPOL authentication completed - result=FAILURE
1595516236.211181: l2_packet_receive - recvfrom: Network is down
1595516257.392865: EAPOL: authWhile --> 0
1595516257.392917: EAPOL: startWhen --> 0
1595516259.787490: eth0: RX EAPOL from f0:9f:c2:1b:3a:27
1595516259.787545: RX EAPOL - hexdump(len=46): 01 00 00 05 01 00 00 05 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1595516259.787590: EAPOL: Received EAP-Packet frame
1595516259.787606: EAPOL: SUPP_PAE entering state RESTART
1595516259.787625: EAP: EAP entering state INITIALIZE
1595516259.787641: EAP: EAP entering state IDLE
1595516259.787657: EAPOL: SUPP_PAE entering state AUTHENTICATING
1595516259.787672: EAPOL: SUPP_BE entering state REQUEST
1595516259.787686: EAPOL: getSuppRsp
1595516259.787715: EAP: EAP entering state RECEIVED
1595516259.787749: EAP: Received EAP-Request id=0 method=1 vendor=0 vendorMethod=0
1595516259.787766: EAP: EAP entering state IDENTITY
1595516259.787793: eth0: CTRL-EVENT-EAP-STARTED EAP authentication started
1595516259.787815: EAP: Status notification: started (param=)
1595516259.787843: EAP: EAP-Request Identity data - hexdump_ascii(len=0):
1595516259.787860: EAP: using real identity - hexdump_ascii(len=7):
68 75 62 74 65 73 74 hubtest
1595516259.787897: EAP: EAP entering state SEND_RESPONSE
1595516259.787912: EAP: EAP entering state IDLE
1595516259.787926: EAPOL: SUPP_BE entering state RESPONSE
1595516259.787939: EAPOL: txSuppRsp
1595516259.787954: TX EAPOL: dst=01:80:c2:00:00:03
1595516259.787968: TX EAPOL - hexdump(len=16): 01 00 00 0c 02 00 00 0c 01 68 75 62 74 65 73 74
1595516259.788002: EAPOL: SUPP_BE entering state RECEIVE
1595516260.809598: eth0: RX EAPOL from f0:9f:c2:1b:3a:27
1595516260.809637: RX EAPOL - hexdump(len=46): 01 00 00 04 04 01 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1595516260.809668: EAPOL: Received EAP-Packet frame
1595516260.809680: EAPOL: SUPP_BE entering state REQUEST
1595516260.809691: EAPOL: getSuppRsp
1595516260.809716: EAP: EAP entering state RECEIVED
1595516260.809734: EAP: Received EAP-Failure
1595516260.809746: EAP: Status notification: completion (param=failure)
1595516260.809761: EAP: Workaround for unexpected identifier field in EAP Success: reqId=1 lastId=0 (these are supposed to be same)
1595516260.809772: EAP: EAP entering state FAILURE
1595516260.809784: eth0: CTRL-EVENT-EAP-FAILURE EAP authentication failed
1595516260.809794: EAPOL: SUPP_PAE entering state HELD
1595516260.809805: EAPOL: SUPP_BE entering state RECEIVE
1595516260.809815: EAPOL: SUPP_BE entering state FAIL
1595516260.809825: EAPOL: SUPP_BE entering state IDLE
1595516260.809836: EAPOL authentication completed - result=FAILURE
1595516290.421753: EAPOL: authWhile --> 0
1595516292.032412: l2_packet_receive - recvfrom: Network is down
1595516296.187551: eth0: RX EAPOL from f0:9f:c2:1b:3a:27
1595516296.187615: RX EAPOL - hexdump(len=46): 01 00 00 04 03 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1595516296.187681: EAPOL: Received EAP-Packet frame
1595516296.187726: EAPOL: SUPP_PAE entering state RESTART
1595516296.187792: EAP: EAP entering state INITIALIZE
1595516296.187811: EAP: EAP entering state IDLE
1595516296.187828: EAPOL: SUPP_PAE entering state AUTHENTICATING
1595516296.187843: EAPOL: SUPP_BE entering state REQUEST
1595516296.187856: EAPOL: getSuppRsp
1595516296.187870: EAP: EAP entering state RECEIVED
1595516296.187894: EAP: Received EAP-Success
1595516296.187909: EAP: Status notification: completion (param=success)
1595516296.187929: EAP: Workaround for unexpected identifier field in EAP Success: reqId=0 lastId=-1 (these are supposed to be same)
1595516296.187943: EAP: EAP entering state FAILURE
1595516296.187957: eth0: CTRL-EVENT-EAP-FAILURE EAP authentication failed
1595516296.187970: EAPOL: SUPP_PAE entering state HELD
1595516296.187985: EAPOL: SUPP_BE entering state RECEIVE
1595516296.187998: EAPOL: SUPP_BE entering state FAIL
1595516296.188015: EAPOL: SUPP_BE entering state IDLE
1595516296.188036: EAPOL authentication completed - result=FAILURE
1595516312.856617: eth0: Removing interface eth0
1595516312.856665: eth0: Request to deauthenticate - bssid=01:80:c2:00:00:03 pending_bssid=00:00:00:00:00:00 reason=3 state=ASSOCIATED
1595516312.856677: eth0: Event DEAUTH (12) received
1595516312.856687: eth0: Deauthentication notification
1595516312.856716: eth0: * reason 3 (locally generated)
1595516312.856729: Deauthentication frame IE(s) - hexdump(len=0): [NULL]
1595516312.856745: eth0: CTRL-EVENT-DISCONNECTED bssid=01:80:c2:00:00:03 reason=3 locally_generated=1
1595516312.856758: eth0: CTRL-EVENT-SSID-TEMP-DISABLED id=0 ssid="" auth_failures=1 duration=10
1595516312.856773: eth0: Auto connect disabled: do not try to re-connect
1595516312.856788: eth0: Ignore connection failure indication since interface has been put into disconnected state
1595516312.856804: eth0: State: ASSOCIATED -> DISCONNECTED
1595516312.856822: EAPOL: External notification - portEnabled=0
1595516312.856834: EAPOL: SUPP_PAE entering state DISCONNECTED
1595516312.856843: EAPOL: Supplicant port status: Unauthorized
1595516312.856851: EAPOL: SUPP_BE entering state INITIALIZE
1595516312.856860: EAP: EAP entering state DISABLED
1595516312.856868: EAPOL: External notification - portValid=0
1595516312.856879: eth0: State: DISCONNECTED -> DISCONNECTED
1595516312.856888: EAPOL: External notification - portEnabled=0
1595516312.856896: EAPOL: External notification - portValid=0
1595516312.863251: eth0: Cancelling scan request
1595516312.863271: eth0: Cancelling authentication timeout
1595516312.863300: Remove interface eth0 from radio
1595516312.863313: Remove radio
1595516312.868713: eth0: CTRL-EVENT-TERMINATING
freeRadius日志(以sudo freeradius -fX开头):
[14:36] USERNAME
eapol_flags=0
[14:39] USERNAME
rad_recv: Access-Request packet from host 192.168.2.10 port 50431, id=73, length=152
User-Name = "00012E674339"
Called-Station-Id = "F0-9F-C2-1B-3A-28"
Calling-Station-Id = "00-01-2E-67-43-39"
NAS-Identifier = "F0-9F-C2-1B-3A-27"
NAS-IP-Address = 192.168.2.10
NAS-Port = 3
Framed-MTU = 1500
NAS-Port-Type = Ethernet
EAP-Message = 0x0200001101303030313245363734333339
Message-Authenticator = 0x8dee66d80dad44ef90b95a4915ee5cc4
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "00012E674339", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 0 length 17
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[files] users: Matched entry DEFAULT at line 1
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type md5
rlm_eap_md5: Issuing Challenge
++[eap] returns handled
Sending Access-Challenge of id 73 to 192.168.2.10 port 50431
Acct-Interim-Interval = 3600
EAP-Message = 0x010100160410c903f9a4c6e77bdd588c9cd70be8ddd8
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x75fbbb5575fabfdd3c1af195d3c0fd88
Finished request 72.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.2.10 port 50431, id=74, length=170
User-Name = "hubtest"
Called-Station-Id = "F0-9F-C2-1B-3A-28"
Calling-Station-Id = "00-01-2E-67-43-39"
NAS-Identifier = "F0-9F-C2-1B-3A-27"
NAS-IP-Address = 192.168.2.10
NAS-Port = 3
Framed-MTU = 1500
NAS-Port-Type = Ethernet
State = 0x75fbbb5575fabfdd3c1af195d3c0fd88
EAP-Message = 0x02010016041009d6164d199bff5b5bab4bb6696a6815
Message-Authenticator = 0x5f8ce9c2dd6dfff364c16df64260a63b
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "hubtest", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 1 length 22
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[files] users: Matched entry DEFAULT at line 1
[files] users: Matched entry hubtest at line 5
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING: Auth-Type already set. Not setting to PAP
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] Identity does not match User-Name. Authentication failed.
[eap] Failed in handler
++[eap] returns invalid
Failed to authenticate the user.
Login incorrect: [hubtest] (from client client-5f18355b8f2a6704be68daeb port 3 cli 00-01-2E-67-43-39)
Using Post-Auth-Type Reject
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} -> hubtest
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 73 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 73
Sending Access-Reject of id 74 to 192.168.2.10 port 50431
Waking up in 3.9 seconds.
泛型交换机日志:
[14:40] USERNAME
freeradius -fX
[14:40] USERNAME
Jul 24 14:37:54 UBNT daemon.notice switch: TRAPMGR: Link Up: 0/3
Jul 24 14:37:56 UBNT daemon.notice switch: DOT1X: Radius authentication failed on interface [ifName not found(96)].
我不知道要寻找问题的解决方案该怎么看,我做错了什么?
提前谢谢