radtest的含义

执行 radtest test test localhost 0 testing123后出现：

Sending Access-Request of id 121 to 127.0.0.1 port 1812
    User-Name = "test"
    User-Password = "test"
    NAS-IP-Address = 192.168.168.7
    NAS-Port = 0
    Message-Authenticator = 0x00000000000000000000000000000000
rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=121, length=20

这其中各部分的含义是什么：

(1)  命令行中的 testing123  就是：

FreeRADIUS和NAS的共享密钥，client.conf中有定义，就是secret……

(2)  NAS-IP-Address:

NAS-IP-Address = 221.7.59.90  出现这个现象的，是你的软件版本有后门的！你把WAN断开后重启，NAS-IP地址就指向了127.0.0.1了。

未完待续。

下面是转自：http://www.dialogic.com/webhelp/BorderNet2020/1.0.0/WebHelp/radatt_nas_ipaddress.htm

RADIUS Attribute - NAS-IP-Address

As Per RFC2865:

This Attribute indicates the identifying IP Address of the NAS which is requesting authentication of the user, and SHOULD be unique to the NAS within the scope of the RADIUS server. NAS-IP-Address is only used in Access-Request packets.  Either NAS-IP-Address or NAS-Identifier MUST be present in an Access-Request packet.

Note: The NAS-IP-Address MUST NOT be used to select the shared secret used to authenticate the request. The source IP address of the Access-Request packet MUST be used to select the shared secret.

 

A summary of the NAS-IP-Address Attribute format is shown below.  The fields are transmitted from left to right.

 

Type (IETF Attribute Number) = 4 for NAS-IP-Address.

Length = 6

Address = The Address field is four octets.