Freeradius/MySQL 서버가 외부 호출에 응답하지 않습니다

Freeradius/MySQL 서버가 외부 호출에 응답하지 않습니다

현재 반경 인증을 위해 MySQL(mariadb)을 사용하여 (CentOS 7) freeradius를 구축 중입니다. radtest를 사용하여 로컬 호스트 테스트로부터 인증을 받을 수 있습니다. 동일한 자격 증명으로 NTRadPing을 사용하면 Radius 서버에 도달하는 패킷을 볼 수 있지만 응답이 없습니다(tcpdump). 방화벽(iptables)이 종료되었는지 확인했습니다. 상자를 ping할 수 있으며 radiusd -X는 nas 테이블이 내가 NTRadPing을 사용하고 있는 Windows 상자를 로드하는 것을 보여줍니다.

> rlm_sql (sql): Opening additional connection (0) rlm_sql_mysql:
> Starting connect to MySQL server rlm_sql (sql): Opening additional
> connection (1) rlm_sql_mysql: Starting connect to MySQL server rlm_sql
> (sql): Opening additional connection (2) rlm_sql_mysql: Starting
> connect to MySQL server rlm_sql (sql): Opening additional connection
> (3) rlm_sql_mysql: Starting connect to MySQL server rlm_sql (sql):
> Opening additional connection (4) rlm_sql_mysql: Starting connect to
> MySQL server rlm_sql (sql): Processing generate_sql_clients rlm_sql
> (sql) in generate_sql_clients: query is SELECT id, nasname, shortname,
> type, secret, server FROM nas rlm_sql (sql): Reserved connection (4)
> rlm_sql (sql): Executing query: 'SELECT id, nasname, shortname, type,
> secret, server FROM nas' rlm_sql (sql): Adding client rtr.wisenet.lan
> (buffalo) to global clients list rlm_sql (10.24.11.56): Client
> "buffalo" (sql) added rlm_sql (sql): Adding client
> win7wisenet.wisenet.lan (win7) to global clients list rlm_sql
> (10.24.11.4): Client "win7" (sql) added rlm_sql (sql): Released
> connection (4)  } # modules radiusd: #### Loading Virtual Servers ####
> server { # from file /etc/raddb/radiusd.conf } # server server default
> { # from file /etc/raddb/sites-enabled/default  # Creating Auth-Type =
> digest  # Loading authenticate {...}  # Loading authorize {...}  #
> Loading preacct {...}  # Loading accounting {...}  # Loading session
> {...}  # Loading post-proxy {...}  # Loading post-auth {...} } #
> server default server inner-tunnel { # from file
> /etc/raddb/sites-enabled/inner-tunnel  # Loading authenticate {...}  #
> Loading authorize {...} Ignoring "ldap" (see
> raddb/mods-available/README.rst)  # Loading session {...}  # Loading
> post-proxy {...}  # Loading post-auth {...} } # server inner-tunnel
> radiusd: #### Opening IP addresses and Ports #### listen {
>         type = "auth"
>         ipaddr = *
>         port = 0    limit {
>         max_connections = 16
>         lifetime = 0
>         idle_timeout = 30    } } listen {
>         type = "acct"
>         ipaddr = 127.0.0.1
>         port = 0    limit {
>         max_connections = 16
>         lifetime = 0
>         idle_timeout = 30    } } listen {
>         type = "auth"
>         ipv6addr = ::
>         port = 0    limit {
>         max_connections = 16
>         lifetime = 0
>         idle_timeout = 30    } } listen {
>         type = "acct"
>         ipv6addr = ::
>         port = 0    limit {
>         max_connections = 16
>         lifetime = 0
>         idle_timeout = 30    } } listen {
>         type = "auth"
>         ipaddr = 127.0.0.1
>         port = 18120 } Listening on auth address * port 1812 as server default Listening on acct address 127.0.0.1 port 1813 as server
> default Listening on auth address :: port 1812 as server default
> Listening on acct address :: port 1813 as server default Listening on
> auth address 127.0.0.1 port 18120 as server inner-tunnel Opening new
> proxy socket 'proxy address * port 0' Listening on proxy address *
> port 51000 Ready to process requests

Tcpdump 출력:

[root@dhcp13 ~]# tcpdump -i eno16777736 dst port 1812
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eno16777736, link-type EN10MB (Ethernet), capture size 65535 bytes
11:22:54.963548 IP win7wisenet.wisenet.lan.55314 > dhcp13.wisenet.lan.radius: RADIUS, Access Request (1), id: 0x21 length: 45
11:22:58.473151 IP win7wisenet.wisenet.lan.55314 > dhcp13.wisenet.lan.radius: RADIUS, Access Request (1), id: 0x21 length: 45

CentOS 상자가 워크스테이션 11에서 실행되고 있다고 언급하겠습니다. 확인해야 할 다른 곳이 있나요? 감사합니다.

답변1

이상하게도 방화벽을 켜면(그리고 getenforce 검사도) 제대로 작동합니다. mysql의 nas 테이블에서 dns를 통해 확인되는 것처럼 보였지만 nasname을 IP 주소로 설정해야 합니까?

관련 정보