Společnost Hugging Face ve spolupráci se společností Pollen Robotics představila open source robota Reachy Mini (YouTube). Předobjednat lze lite verzi za 299 dolarů a wireless verzi s Raspberry Pi 5 za 449 dolarů.
Dnes v 17:30 bude oficiálně vydána open source počítačová hra DOGWALK vytvořena v 3D softwaru Blender a herním enginu Godot. Release party proběhne na YouTube od 17:00.
McDonald's se spojil se společností Paradox a pracovníky nabírá také pomocí AI řešení s virtuální asistentkou Olivii běžící na webu McHire. Ian Carroll a Sam Curry se na toto AI řešení blíže podívali a opravdu je překvapilo, že se mohli přihlásit pomocí jména 123456 a hesla 123456 a získat přístup k údajům o 64 milionech uchazečů o práci.
Byla vydána (𝕏) červnová aktualizace aneb nová verze 1.102 editoru zdrojových kódů Visual Studio Code (Wikipedie). Přehled novinek i s náhledy a videi v poznámkách k vydání. Ve verzi 1.102 vyjde také VSCodium, tj. komunitní sestavení Visual Studia Code bez telemetrie a licenčních podmínek Microsoftu.
Byla vydána nová verze 2.4.64 svobodného multiplatformního webového serveru Apache (httpd). Řešeno je mimo jiné 8 bezpečnostních chyb.
Společnost xAI na síti 𝕏 představila Grok 4, tj. novou verzi svého AI LLM modelu Grok.
Ministerstvo vnitra odhalilo závažný kyberincident v IT systému resortu. Systém, do kterého se dostal útočník bez oprávnění, byl odpojen a nedošlo k odcizení dat [𝕏].
Před rokem byla streamovací služba HBO Max přejmenována na Max. Dle managementu slovo HBO v názvu nebylo důležité. Včera byl Max přejmenován zpět na HBO Max. Kolik milionů dolarů to stálo? 😂
Byla vydána nová major verze 8.0.0 svobodného systému pro detekci a prevenci průniků a monitorování bezpečnosti počítačových sítí Suricata (Wikipedie). Přehled novinek v oficiálním oznámení a v aktualizované dokumentaci.
Mastodon (Wikipedie) - sociální síť, která není na prodej - byl vydán ve verzi 4.4. Přehled novinek s náhledy a videi v oznámení na blogu.
Dobrý den, potřeboval bych poradit. Mám nainstalovaný Freeradius na serveru lenny, chtěl bych jen ověřování na soubor users.
Lokálně mě ověří uživatele, ale pomocí wifi ne. Procházím log a na žádnou chybu jsem nepřišel.
Mohl by mě někdo poradit kde mám chybu? Přikládám výpis obraovky po příkazu freeradius -X a pak po pokusu ověření uživatele:
freeradius -X:
}
client localhost {
ipaddr = 127.0.0.1
require_message_authenticator = no
secret = "testing123"
nastype = "other"
}
client 10.0.140.36 {
require_message_authenticator = no
secret = "123456"
nastype = "other"
}
radiusd: #### Loading Realms and Home Servers ####
proxy server {
retry_delay = 5
retry_count = 3
default_fallback = no
dead_time = 120
wake_all_if_all_dead = no
}
home_server localhost {
ipaddr = 127.0.0.1
port = 1812
type = "auth"
secret = "testing123"
response_window = 20
max_outstanding = 65536
zombie_period = 40
status_check = "status-server"
ping_check = "none"
ping_interval = 30
check_interval = 30
num_answers_to_alive = 3
num_pings_to_alive = 3
revive_interval = 120
status_check_timeout = 4
}
home_server_pool my_auth_failover {
type = fail-over
home_server = localhost
}
realm example.com {
auth_pool = my_auth_failover
}
realm LOCAL {
}
radiusd: #### Instantiating modules ####
instantiate {
Module: Linked to module rlm_exec
Module: Instantiating exec
exec {
wait = yes
input_pairs = "request"
shell_escape = yes
}
Module: Linked to module rlm_expr
Module: Instantiating expr
Module: Linked to module rlm_expiration
Module: Instantiating expiration
expiration {
reply-message = "Password Has Expired "
}
Module: Linked to module rlm_logintime
Module: Instantiating logintime
logintime {
reply-message = "You are calling outside your allowed timespan "
minimum-timeout = 60
}
}
radiusd: #### Loading Virtual Servers ####
server inner-tunnel {
modules {
Module: Checking authenticate {...} for more modules to load
Module: Linked to module rlm_pap
Module: Instantiating pap
pap {
encryption_scheme = "auto"
auto_header = no
}
Module: Linked to module rlm_chap
Module: Instantiating chap
Module: Linked to module rlm_mschap
Module: Instantiating mschap
mschap {
use_mppe = yes
require_encryption = no
require_strong = no
with_ntdomain_hack = no
}
Module: Linked to module rlm_unix
Module: Instantiating unix
unix {
radwtmp = "/var/log/freeradius/radwtmp"
}
Module: Linked to module rlm_eap
Module: Instantiating eap
eap {
default_eap_type = "md5"
timer_expire = 60
ignore_unknown_eap_types = no
cisco_accounting_username_bug = no
}
Module: Linked to sub-module rlm_eap_md5
Module: Instantiating eap-md5
Module: Linked to sub-module rlm_eap_leap
Module: Instantiating eap-leap
Module: Linked to sub-module rlm_eap_gtc
Module: Instantiating eap-gtc
gtc {
challenge = "Password: "
auth_type = "PAP"
}
rlm_eap: Ignoring EAP-Type/tls because we do not have OpenSSL support.
rlm_eap: Ignoring EAP-Type/ttls because we do not have OpenSSL support.
rlm_eap: Ignoring EAP-Type/peap because we do not have OpenSSL support.
Module: Linked to sub-module rlm_eap_mschapv2
Module: Instantiating eap-mschapv2
mschapv2 {
with_ntdomain_hack = no
}
Module: Checking authorize {...} for more modules to load
Module: Linked to module rlm_realm
Module: Instantiating suffix
realm suffix {
format = "suffix"
delimiter = "@"
ignore_default = no
ignore_null = no
}
Module: Linked to module rlm_files
Module: Instantiating files
files {
usersfile = "/etc/freeradius/users"
acctusersfile = "/etc/freeradius/acct_users"
preproxy_usersfile = "/etc/freeradius/preproxy_users"
compat = "no"
}
Module: Checking session {...} for more modules to load
Module: Linked to module rlm_radutmp
Module: Instantiating radutmp
radutmp {
filename = "/var/log/freeradius/radutmp"
username = "%{User-Name}"
case_sensitive = yes
check_with_nas = yes
perm = 384
callerid = yes
}
Module: Checking post-proxy {...} for more modules to load
Module: Checking post-auth {...} for more modules to load
Module: Linked to module rlm_attr_filter
Module: Instantiating attr_filter.access_reject
attr_filter attr_filter.access_reject {
attrsfile = "/etc/freeradius/attrs.access_reject"
key = "%{User-Name}"
}
}
}
server {
modules {
Module: Checking authenticate {...} for more modules to load
Module: Checking authorize {...} for more modules to load
Module: Linked to module rlm_preprocess
Module: Instantiating preprocess
preprocess {
huntgroups = "/etc/freeradius/huntgroups"
hints = "/etc/freeradius/hints"
with_ascend_hack = no
ascend_channels_per_line = 23
with_ntdomain_hack = no
with_specialix_jetstream_hack = no
with_cisco_vsa_hack = no
with_alvarion_vsa_hack = no
}
Module: Checking preacct {...} for more modules to load
Module: Linked to module rlm_acct_unique
Module: Instantiating acct_unique
acct_unique {
key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port"
}
Module: Checking accounting {...} for more modules to load
Module: Linked to module rlm_detail
Module: Instantiating detail
detail {
detailfile = "/var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
header = "%t"
detailperm = 384
dirperm = 493
locking = no
log_packet_header = no
}
Module: Instantiating attr_filter.accounting_response
attr_filter attr_filter.accounting_response {
attrsfile = "/etc/freeradius/attrs.accounting_response"
key = "%{User-Name}"
}
Module: Checking session {...} for more modules to load
Module: Checking post-proxy {...} for more modules to load
Module: Checking post-auth {...} for more modules to load
}
}
radiusd: #### Opening IP addresses and Ports ####
listen {
type = "auth"
ipaddr = *
port = 0
}
listen {
type = "acct"
ipaddr = *
port = 0
}
main {
snmp = no
smux_password = ""
snmp_write_access = no
}
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on proxy address * port 1814
Ready to process requests.
Výpis po pokusu přihlášení uživatele:
User-Name = "steve"
NAS-IP-Address = 10.0.140.36
NAS-Port = 0
Called-Station-Id = "00-06-25-53-C4-44"
Calling-Station-Id = "00-15-AF-39-16-4C"
NAS-Identifier = "DWL-900AP+"
Framed-MTU = 1380
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x02010016017374657665406578616d706c652e636f6d
Message-Authenticator = 0x00000000000000000000000000000000
Proxy-State = 0x34
Proxying request 0 to home server 127.0.0.1 port 1812
Sending Access-Request of id 38 to 127.0.0.1 port 1812
User-Name = "steve"
NAS-IP-Address = 10.0.140.36
NAS-Port = 0
Called-Station-Id = "00-06-25-53-C4-44"
Calling-Station-Id = "00-15-AF-39-16-4C"
NAS-Identifier = "DWL-900AP+"
Framed-MTU = 1380
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x02010016017374657665406578616d706c652e636f6d
Message-Authenticator = 0x00000000000000000000000000000000
Proxy-State = 0x34
Going to the next request
Waking up in 0.9 seconds.
rad_recv: Access-Request packet from host 127.0.0.1 port 1814, id=38, length=146
User-Name = "steve"
NAS-IP-Address = 10.0.140.36
NAS-Port = 0
Called-Station-Id = "00-06-25-53-C4-44"
Calling-Station-Id = "00-15-AF-39-16-4C"
NAS-Identifier = "DWL-900AP+"
Framed-MTU = 1380
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x02010016017374657665406578616d706c652e636f6d
Message-Authenticator = 0x029564472d5046845551542895755322
Proxy-State = 0x34
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "steve", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
rlm_eap: EAP packet type response id 1 length 22
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this.
++[pap] returns noop
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Identity does not match User-Name, setting from EAP Identity.
rlm_eap: Failed in handler
++[eap] returns invalid
auth: Failed to validate the user.
Login incorrect: [steve/<via Auth-Type = EAP>] (from client localhost port 0 cli 00-15-AF-39-16-4C)
Found Post-Auth-Type Reject
+- entering group REJECT
expand: %{User-Name} -> steve
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 1 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 1
Sending Access-Reject of id 38 to 127.0.0.1 port 1814
Proxy-State = 0x34
Waking up in 4.9 seconds.
rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=38, length=23
Proxy-State = 0x34
+- entering group post-proxy
rlm_eap: No pre-existing handler found
++[eap] returns noop
Login incorrect (Home Server says so): [steve@example.com/<no User-Password attribute>] (from client 10.0.140.36 port 0 cli 00-15-AF-39-16-4C)
Found Post-Auth-Type Reject
+- entering group REJECT
expand: %{User-Name} -> steve@example.com
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Sending Access-Reject of id 4 to 10.0.140.36 port 1238
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.0.140.36 port 1238, id=5, length=155
User-Name = "steve@example.com"
NAS-IP-Address = 10.0.140.36
NAS-Port = 0
Called-Station-Id = "00-06-25-53-C4-44"
Calling-Station-Id = "00-15-AF-39-16-4C"
NAS-Identifier = "DWL-900AP+"
Framed-MTU = 1380
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x02010016017374657665406578616d706c652e636f6d
Message-Authenticator = 0x4f5425f4dd6b1b41389eda17d1918b8a
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: Looking up realm "example.com" for User-Name = "steve@example.com"
rlm_realm: Found realm "example.com"
rlm_realm: Adding Stripped-User-Name = "steve"
rlm_realm: Adding Realm = "example.com"
rlm_realm: Proxying request from user steve to realm example.com
rlm_realm: Preparing to proxy authentication request to realm "example.com"
++[suffix] returns updated
rlm_eap: Request is supposed to be proxied to Realm example.com. Not doing EAP.
++[eap] returns noop
++[unix] returns notfound
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
Sending Access-Request of id 85 to 127.0.0.1 port 1812
User-Name = "steve"
NAS-IP-Address = 10.0.140.36
NAS-Port = 0
Called-Station-Id = "00-06-25-53-C4-44"
Calling-Station-Id = "00-15-AF-39-16-4C"
NAS-Identifier = "DWL-900AP+"
Framed-MTU = 1380
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x02010016017374657665406578616d706c652e636f6d
Message-Authenticator = 0x00000000000000000000000000000000
Proxy-State = 0x35
Proxying request 2 to home server 127.0.0.1 port 1812
Sending Access-Request of id 85 to 127.0.0.1 port 1812
User-Name = "steve"
NAS-IP-Address = 10.0.140.36
NAS-Port = 0
Called-Station-Id = "00-06-25-53-C4-44"
Calling-Station-Id = "00-15-AF-39-16-4C"
NAS-Identifier = "DWL-900AP+"
Framed-MTU = 1380
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x02010016017374657665406578616d706c652e636f6d
Message-Authenticator = 0x00000000000000000000000000000000
Proxy-State = 0x35
Going to the next request
Waking up in 0.9 seconds.
rad_recv: Access-Request packet from host 127.0.0.1 port 1814, id=85, length=146
User-Name = "steve"
NAS-IP-Address = 10.0.140.36
NAS-Port = 0
Called-Station-Id = "00-06-25-53-C4-44"
Calling-Station-Id = "00-15-AF-39-16-4C"
NAS-Identifier = "DWL-900AP+"
Framed-MTU = 1380
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x02010016017374657665406578616d706c652e636f6d
Message-Authenticator = 0x4db0a4fc255b87ca20e388f45a08d9ab
Proxy-State = 0x35
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "steve", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
rlm_eap: EAP packet type response id 1 length 22
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this.
++[pap] returns noop
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Identity does not match User-Name, setting from EAP Identity.
rlm_eap: Failed in handler
++[eap] returns invalid
auth: Failed to validate the user.
Login incorrect: [steve/<via Auth-Type = EAP>] (from client localhost port 0 cli 00-15-AF-39-16-4C)
Found Post-Auth-Type Reject
+- entering group REJECT
expand: %{User-Name} -> steve
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 3 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 3
Sending Access-Reject of id 85 to 127.0.0.1 port 1814
Proxy-State = 0x35
Waking up in 1.5 seconds.
rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=85, length=23
Proxy-State = 0x35
+- entering group post-proxy
rlm_eap: No pre-existing handler found
++[eap] returns noop
Login incorrect (Home Server says so): [steve@example.com/<no User-Password attribute>] (from client 10.0.140.36 port 0 cli 00-15-AF-39-16-4C)
Found Post-Auth-Type Reject
+- entering group REJECT
expand: %{User-Name} -> steve@example.com
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Sending Access-Reject of id 5 to 10.0.140.36 port 1238
Finished request 2.
Going to the next request
Waking up in 1.4 seconds.
Cleaning up request 1 ID 38 with timestamp +42
Cleaning up request 0 ID 4 with timestamp +42
Waking up in 3.4 seconds.
Cleaning up request 3 ID 85 with timestamp +45
Cleaning up request 2 ID 5 with timestamp +45
Ready to process requests.
Na otázku zatím nikdo bohužel neodpověděl.
Tiskni
Sdílej:
AbcLinuxu.cz
ITBiz.cz
HDmag.cz
AbcPráce.cz