FreeRadius & PI -恒定失效

Question

我对Freeradius很陌生。相对熟悉linux。我从来没有被这样的问题困扰过。

无论我做什么，或者如何在我的Pi上配置freeradius，我在尝试启动服务时都会出现以下错误。这个错误只会重复。

我玩过权限&擦除pi两次，遵循了许多教程，而且我仍然击中了相同的位置。

有人能帮忙吗？

lines 2500-2551/2551 (END)
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░ 
░░ A start job for unit freeradius.service has begun execution.
░░ 
░░ The job identifier is 13806.
Mar 04 19:44:11 raspberrypi freeradius[4362]: FreeRADIUS Version 3.0.21
Mar 04 19:44:11 raspberrypi freeradius[4362]: Copyright (C) 1999-2019 The FreeRADIUS server project and contributors
Mar 04 19:44:11 raspberrypi freeradius[4362]: There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
Mar 04 19:44:11 raspberrypi freeradius[4362]: PARTICULAR PURPOSE
Mar 04 19:44:11 raspberrypi freeradius[4362]: You may redistribute copies of FreeRADIUS under the terms of the
Mar 04 19:44:11 raspberrypi freeradius[4362]: GNU General Public License
Mar 04 19:44:11 raspberrypi freeradius[4362]: For more information about these matters, see the file named COPYRIGHT
Mar 04 19:44:11 raspberrypi freeradius[4362]: Starting - reading configuration files ...
Mar 04 19:44:11 raspberrypi freeradius[4362]: Debug state unknown (cap_sys_ptrace capability not set)
Mar 04 19:44:11 raspberrypi freeradius[4362]: Creating attribute Unix-Group
Mar 04 19:44:11 raspberrypi freeradius[4362]: Creating attribute LDAP-Group
Mar 04 19:44:11 raspberrypi freeradius[4362]: Please use tls_min_version and tls_max_version instead of disable_tlsv1
Mar 04 19:44:11 raspberrypi freeradius[4362]: Please use tls_min_version and tls_max_version instead of disable_tlsv1_2
Mar 04 19:44:11 raspberrypi freeradius[4362]: tls: Using cached TLS configuration from previous invocation
Mar 04 19:44:11 raspberrypi freeradius[4362]: tls: Using cached TLS configuration from previous invocation
Mar 04 19:44:11 raspberrypi freeradius[4362]: rlm_cache (cache_eap): Driver rlm_cache_rbtree (module rlm_cache_rbtree) loaded and linked
Mar 04 19:44:11 raspberrypi freeradius[4362]: rlm_detail (auth_log): 'User-Password' suppressed, will not appear in detail output
Mar 04 19:44:11 raspberrypi freeradius[4362]: rlm_ldap: libldap vendor: OpenLDAP, version: 20457
Mar 04 19:44:11 raspberrypi freeradius[4362]: rlm_ldap (ldap): Initialising connection pool
Mar 04 19:44:11 raspberrypi freeradius[4362]: rlm_mschap (mschap): using internal authentication
Mar 04 19:44:11 raspberrypi freeradius[4362]: Ignoring "sql" (see raddb/mods-available/README.rst)
Mar 04 19:44:11 raspberrypi freeradius[4362]:  # Skipping contents of 'if' as it is always 'false' -- /etc/freeradius/3.0/sites-enabled/inner-tunnel:>
Mar 04 19:44:11 raspberrypi freeradius[4362]: radiusd: #### Skipping IP addresses and Ports ####
Mar 04 19:44:11 raspberrypi freeradius[4362]: Configuration appears to be OK
Mar 04 19:44:11 raspberrypi systemd[1]: freeradius.service: Main process exited, code=exited, status=1/FAILURE
░░ Subject: Unit process exited
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░ 
░░ An ExecStart= process belonging to unit freeradius.service has exited.
░░ 
░░ The process' exit code is 'exited' and its exit status is 1.
Mar 04 19:44:11 raspberrypi systemd[1]: freeradius.service: Failed with result 'exit-code'.
░░ Subject: Unit failed
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░ 
░░ The unit freeradius.service has entered the 'failed' state with result 'exit-code'.
Mar 04 19:44:11 raspberrypi systemd[1]: Failed to start FreeRADIUS multi-protocol policy server.
░░ Subject: A start job for unit freeradius.service has failed
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░ 
░░ A start job for unit freeradius.service has finished with a failure.
░░ 
░░ The job identifier is 13806 and the job result is failed.

Answer 1

我真的找到了答案。谷歌的指令中有一个错误。它很小，我错过了：

https://support.google.com/a/answer/9089736?hl=en#zippy=%2Cfreeradius

它对相同的证书文件使用.cer和.crt，如下所示。

遵循以下步骤：

1. 在/etc/freeradius/3.0/上安装和配置FreeRADIUS。

一旦安装了FreeRADIUS，就可以通过安装freeradius插件来添加LDAP配置。

sudo apt安装freeradius freeradius-ldap

1. 将LDAP客户端密钥和证书文件分别复制到/etc/freeradius/3.0/certs/ldap-client.key和/etc/freeradius/3.0/certs/ldap-client.crt。

chown freeradius:freeradius /etc/freeradius/3.0/certs/ldap-client.* chmod 640 /etc/freeradius/3.0/certs/ldap-client.*

1. 启用LDAP模块。

cd /etc/freeradius/3.0/mods-启用/ ln -s ./mods-available/ ldap

1. 编辑/etc/freeradius/3.0/mods-available/ldap.

A.ldap->server= 'ldaps://ldap.google.com:636‘

b. identity =应用程序凭据中的用户名

c.密码=应用程序凭据中的密码

d. base_dn = 'dc=domain，dc=com‘

e. tls->start_tls = no

f. tls->证书_file= /etc/freeradius/3.0/certs/ldap-client.cer

G.TLS->private_key_file= /etc/freeradius/3.0/certs/ldap-client.key

h. tls

i.注释掉代表ldap -> post -> update'一节的面包屑中的所有字段。

1. ​编辑/etc/freeradius/3.0/sites-available/default.

这将修改FreeRadius客户端连接。如果您没有使用默认客户端，请确保更新已配置的相关客户端(内部隧道或任何自定义客户端)。

a.修改授权部分，以便在密码身份验证协议(PAP)语句之后在底部添加以下块：

如果(用户密码){更新控件{ Auth-Type := ldap }}

在授权部分中，在it.#模块从LDAP数据库中读取密码之前，通过删除'-‘号来启用ldap。ldapc。通过编辑Auth-Type LDAP块修改身份验证部分，如下所示: Auth-Type LDAP { ldap # }d。通过编辑Auth-Type PAP块修改身份验证部分，如下所示：

8月型PAP {# pap ldap }