Freeradius switch mac authentication bypass: Unterschied zwischen den Versionen

Aus Xinux Wiki
Zur Navigation springen Zur Suche springen
 
(3 dazwischenliegende Versionen von einem anderen Benutzer werden nicht angezeigt)
Zeile 1: Zeile 1:
 
=Simple Konfig=
 
=Simple Konfig=
*cat clients.conf
+
*cat /etc/freeradius/3.0/clients.conf
 
<pre>
 
<pre>
 
client localhost {
 
client localhost {
Zeile 16: Zeile 16:
 
}
 
}
 
</pre>
 
</pre>
*cat users       
+
*cat /etc/freeradius/3.0/users       
 
<pre>
 
<pre>
 
60eb69962da5  Cleartext-Password := "60eb69962da5"
 
60eb69962da5  Cleartext-Password := "60eb69962da5"
Zeile 38: Zeile 38:
 
Framed-Protocol = SLIP
 
Framed-Protocol = SLIP
 
</pre>
 
</pre>
 +
 +
=Test=
 +
*radtest -x xinux suxer 192.168.244.129 1812 sysadm
 +
Sending Access-Request of id 73 to 192.168.244.129 port 1812
 +
User-Name = "xinux"
 +
User-Password = "suxer"
 +
NAS-IP-Address = 192.168.244.129
 +
NAS-Port = 1812
 +
Message-Authenticator = 0x00000000000000000000000000000000
 +
rad_recv: Access-Accept packet from host 192.168.244.129 port 1812, id=73, length=20
 +
 +
=Links=
 +
*http://www.cisco.com/c/en/us/support/docs/security-vpn/remote-authentication-dial-user-service-radius/116291-configure-freeradius-00.html

Aktuelle Version vom 8. Oktober 2020, 13:06 Uhr

Simple Konfig

  • cat /etc/freeradius/3.0/clients.conf
client localhost {
 ipaddr = 127.0.0.1
 secret = sysadm
 require_message_authenticator = no
 nastype = other
}
client lan-clients {
 ipaddr = 192.168.240.0
 netmask = 21
 secret = sysadm
 require_message_authenticator = no
 nastype = other
}
  • cat /etc/freeradius/3.0/users
60eb69962da5  Cleartext-Password := "60eb69962da5"
485b39ad8af3  Cleartext-Password := "485b39ad8af3"
0800274d3bae  Cleartext-Password := "0800274d3bae"
0016d32ebb2e  Cleartext-Password := "0016d32ebb2e"


xinux  Cleartext-Password := "suxer"
rudi  Cleartext-Password  := "wiggel"

DEFAULT	Framed-Protocol == PPP
	Framed-Protocol = PPP,
	Framed-Compression = Van-Jacobson-TCP-IP

DEFAULT	Hint == "CSLIP"
	Framed-Protocol = SLIP,
	Framed-Compression = Van-Jacobson-TCP-IP

DEFAULT	Hint == "SLIP"
	Framed-Protocol = SLIP

Test

  • radtest -x xinux suxer 192.168.244.129 1812 sysadm
Sending Access-Request of id 73 to 192.168.244.129 port 1812

User-Name = "xinux" User-Password = "suxer" NAS-IP-Address = 192.168.244.129 NAS-Port = 1812 Message-Authenticator = 0x00000000000000000000000000000000 

rad_recv: Access-Accept packet from host 192.168.244.129 port 1812, id=73, length=20

Links

Abgerufen von „http://wiki.ixheim.de/index.php?title=Freeradius_switch_mac_authentication_bypass&oldid=21574