我已成立了一个kubernetes集群FreeRADIUS的服务器。我遵循了建立一个测试用户与radtest测试,但是,我仍然得到“访问拒绝”当我运行测试的说明。
下面是用户文件的开头,我已经放置在顶部的测试用户:
testing Cleartext-Password := "password"
#
# Configuration file for the rlm_files module.
# Please see rlm_files(5) manpage for more information.
#
# This file contains authentication security and configuration
# information for each user. Accounting requests are NOT processed
# through this file. Instead, see 'accounting', in this directory.
下面是我运行测试命令:
radtest testing password 127.0.0.1 1812 password
其中“测试”的用户名,“密码”是用户的密码,127.0.0.1是服务器的(本地测试)1812端口,第二个“密码”的地址,在客户端和之间的预共享密钥服务器。下面是从命令的输出:
Sent Access-Request Id 24 from 0.0.0.0:53513 to 127.0.0.1:1812 length 77
User-Name = "testing"
User-Password = "password"
NAS-IP-Address = 10.233.64.70
NAS-Port = 1812
Message-Authenticator = 0x00
Cleartext-Password = "password"
Received Access-Reject Id 24 from 127.0.0.1:1812 to 127.0.0.1:53513 length 20
(0) -: Expected Access-Accept got Access-Reject
另外,即使该容器应该开始在调试模式下的freeradius,我实际上没有看到任何调试消息来STDOUT当我通过Kubernetes容器打开的bash shell。
事实证明,LDAP配置的一部分,是指禁止用户文件。对不起,我应该提到它。