无
某局点采用wx3520h 做的本地portal认证结合第三方服务器,配置完成之后,页面能正常弹出来,但是输入用户名和密码之后,提示认证失败,查看当前配置发现并无明显异常。
关键配置:
wlan service-template 1
vlan 724
akm mode psk
preshared-key pass-phrase cipher $c$3$nC1gl5XOqqIwdTM22W6FkeJf4lPFv9Xbu9zgvQ==
cipher-suite ccmp
cipher-suite tkip
security-ie rsn
security-ie wpa
portal enable method direct
portal domain portal
portal apply web-server web
service-template enable
portal web-server web
url http://x.x.x.x:8080/portal
server-type cmcc
#
portal local-web-server http
default-logon-page defaultfile.zip
tcp-port 8080
radius scheme visitor
primary authentication x.x.x.x
primary accounting x.x.x.x
key authentication cipher $c$3$Y4kKQMGuYuNcVhENqTFDGfuRxIFy0zpUHvww
key accounting cipher $c$3$Y6g5oG+9elcd6C9hdwuU0+CIS40YIBaDBn4S
user-name-format without-domain
nas-ip x.x.x.x
#
domain portal
authorization-attribute idle-cut 60 1024
authentication portal radius-scheme visitor
authorization portal radius-scheme visitor
accounting portal none
查看当前配置并无明显异常,建议现场收集debug portal 和debug radius 信息反馈
关键debug信息:
Mar 23 14:34:32:413 2021 WX3520H RADIUS/7/PACKET:
User-Name="xxx"
User-Password=******
Service-Type=Framed-User
Framed-Protocol=255
NAS-Identifier="WX3520H"
NAS-Port=16777940
NAS-Port-Type=Wireless-802.11
NAS-Port-
Calling-Station-
Called-Station-
Acct-Session-
H3c-Nas-Startup-Timestamp=1616161447
*Mar 23 14:34:32:414 2021 WX3520H RADIUS/7/EVENT:
Sent request packet successfully.
*Mar 23 14:34:32:414 2021 WX3520H RADIUS/7/PACKET:
01 1f 01 34 4c 9d 48 7b 64 ea 9d b5 77 3b 5a 4f //code 1认证请求报文
ca df db 59 01 0f 77 69 72 65 6c 65 73 73 5f 74
65 73 74 02 12 d1 07 cc b3 b5 82 c3 d9 c2 a1 e2
6a 02 01 86 3c 06 06 00 00 00 02 07 06 00 00 00
ff 20 09 57 58 33 35 32 30 48 05 06 01 00 02 d4
3d 06 00 00 00 13 57 12 30 31 30 30 30 30 30 30
30 30 30 30 30 37 32 34 1f 13 42 32 2d 38 42 2d
33 30 2d 36 31 2d 41 30 2d 37 46 1e 24 39 30 2d
32 33 2d 42 34 2d 39 30 2d 38 34 2d 30 30 3a 55
4e 49 53 4f 43 5f 76 69 73 69 74 6f 72 2d 31 2c
28 30 30 30 30 30 30 30 37 32 30 32 31 30 33 32
33 31 34 33 34 33 32 30 30 30 30 30 30 31 63 30
38 31 30 30 33 36 30 1a 0c 00 00 63 a2 85 06 00
00 02 d4 08 06 0a 1d e0 16 1a 26 00 00 63 a2 3c
20 31 30 2e 32 39 2e 32 32 34 2e 32 32 20 62 32
*Mar 23 14:34:32:415 2021 WX3520H RADIUS/7/PACKET:
3a 38 62 3a 33 30 3a 36 31 3a 61 30 3a 37 66 1a
10 00 00 63 a2 d0 0a 01 79 03 06 0f 72 77 fc 04
06 0a 1d e0 05 1a 13 00 00 63 a2 ff 0d 48 33 43
20 57 58 33 35 32 30 48 1a 0c 00 00 63 a2 3b 06
60 54 aa a7
*Mar 23 14:34:32:415 2021 WX3520H RADIUS/7/EVENT:
Sent request packet and create request context successfully.
*Mar 23 14:34:32:415 2021 WX3520H RADIUS/7/EVENT:
Added request context to global table successfully.
*Mar 23 14:34:32:415 2021 WX3520H RADIUS/7/EVENT:
Processing AAA request data.
*Mar 23 14:34:32:419 2021 WX3520H RADIUS/7/EVENT:
Reply SocketFd received EPOLLIN event.
*Mar 23 14:34:32:419 2021 WX3520H RADIUS/7/EVENT:
Received reply packet successfully.
*Mar 23 14:34:32:419 2021 WX3520H RADIUS/7/EVENT:
Found request context, dstIP: x.x.x.x, dstPort: 1812, VPN instance: --(public), socketFd: 89, pktID: 31.
*Mar 23 14:34:32:419 2021 WX3520H RADIUS/7/EVENT:
The reply packet is valid.
*Mar 23 14:34:32:420 2021 WX3520H RADIUS/7/EVENT:
Decoded reply packet successfully.
*Mar 23 14:34:32:420 2021 WX3520H RADIUS/7/PACKET:
03 1f 00 14 d2 86 4b 28 25 e7 4f c6 cb 46 47 0e //code 3认证拒绝报文,正常应该回应code 2
6d 8f 8c 0c
通过分析debug信息发现最后是服务器回应了code 3 认证拒绝报文,怀疑是服务器的问题,建议联系服务器侧一起排查,最终调整服务器侧之后,问题解决。
该案例暂时没有网友评论
✖
案例意见反馈
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作