Автор Тема: pppoe-server+postgres+freeradius+mschap-v2  (Прочетена 2504 пъти)

Activity

  • Напреднали
  • *****
  • Публикации: 105
  • Distribution: Slackware 13.1
  • Window Manager: KDE 3.5.10
    • Профил
pppoe-server+postgres+freeradius+mschap-v2
« -: Nov 22, 2010, 16:17 »
здравейте ! Имам проблем със следната конфигурация. Проблема според мен е, че радиус-а вижда заявката ми от друг адрес следователно на него изпраща и отговора при, което pppoe-server-а не вижда отговор и връща на клиента грешка 691. Как да накарам радиус-а да използва за NAS-IP-Address = 192.168.25.25. Доста е комплексно и немога да го обясня подробно затова ще ви помогна с конфигурацията и на 2-те (pppoe-server & freeradius)

Код:
Listening on authentication address 192.168.25.25 port 1812
Listening on accounting address 192.168.25.25 port 1813
Listening on command file /usr/local/var/run/radiusd/radiusd.sock
Ready to process requests.


rad_recv: Access-Request packet from host 192.168.25.25 port 54287, id=217, length=150
        Service-Type = Framed-User
        Framed-Protocol = PPP
        User-Name = "act"
        MS-CHAP-Challenge = 0xcc4550c89b0107cbae55fa07e6f7cc85
        MS-CHAP2-Response = 0x4300694b5acc565ac7f1367a56f83b58c1bd000000000000000054c20768ca01cdabcc561f7d3065dc986c472956b7e4429e
        Calling-Station-Id = "00:19:DB:39:FF:FF"
         NAS-IP-Address = 192.168.1.2
        NAS-Port = 0
# Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log]      expand: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /usr/local/var/log/radius/radacct/192.168.25.25/auth-detail-20101122
[auth_log] /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/192.168.25.25/auth-detail-20101122
[auth_log]      expand: %t -> Mon Nov 22 16:10:34 2010
++[auth_log] returns ok
++[chap] returns noop
[mschap] Found MS-CHAP attributes.  Setting 'Auth-Type  = mschap'
++[mschap] returns ok
++[digest] returns noop
[suffix] No '@' in User-Name = "act", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[files] returns noop
[sql]   expand: %{User-Name} -> act
[sql] sql_set_user escaped user --> 'act'
rlm_sql (sql): Reserving sql socket id: 3
[sql]   expand: SELECT id, UserName, Attribute, Value, Op   FROM radcheck   WHERE Username = '%{SQL-User-Name}'   ORDER BY id -> SELECT id, UserName, Attribute, Value, Op   FROM radcheck   WHERE Username = 'act'   ORDER BY id
rlm_sql_postgresql: Status: PGRES_TUPLES_OK
rlm_sql_postgresql: query affected rows = 1 , fields = 5
[sql] User found in radcheck table
[sql]   expand: SELECT id, UserName, Attribute, Value, Op   FROM radreply   WHERE Username = '%{SQL-User-Name}'   ORDER BY id -> SELECT id, UserName, Attribute, Value, Op   FROM radreply   WHERE Username = 'act'   ORDER BY id
rlm_sql_postgresql: Status: PGRES_TUPLES_OK
rlm_sql_postgresql: query affected rows = 1 , fields = 5
[sql]   expand: SELECT GroupName FROM radusergroup WHERE UserName='%{SQL-User-Name}' ORDER BY priority -> SELECT GroupName FROM radusergroup WHERE UserName='act' ORDER BY priority
rlm_sql_postgresql: Status: PGRES_TUPLES_OK
rlm_sql_postgresql: query affected rows = 1 , fields = 1
[sql]   expand: SELECT id, GroupName, Attribute, Value, op   FROM radgroupcheck   WHERE GroupName = '%{Sql-Group}'   ORDER BY id -> SELECT id, GroupName, Attribute, Value, op   FROM radgroupcheck   WHERE GroupName = 'static'   ORDER BY id
rlm_sql_postgresql: Status: PGRES_TUPLES_OK
rlm_sql_postgresql: query affected rows = 1 , fields = 5
[sql] User found in group static
[sql]   expand: SELECT id, GroupName, Attribute, Value, op   FROM radgroupreply   WHERE GroupName = '%{Sql-Group}'   ORDER BY id -> SELECT id, GroupName, Attribute, Value, op   FROM radgroupreply   WHERE GroupName = 'static'   ORDER BY id
rlm_sql_postgresql: Status: PGRES_TUPLES_OK
rlm_sql_postgresql: query affected rows = 4 , fields = 5
rlm_sql (sql): Released sql socket id: 3
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING: Auth-Type already set.  Not setting to PAP
++[pap] returns noop
Found Auth-Type = Accept
Auth-Type = Accept, accepting the user
# Executing section post-auth from file /usr/local/etc/raddb/sites-enabled/default
+- entering group post-auth {...}
[sql]   expand: %{User-Name} -> act
[sql] sql_set_user escaped user --> 'act'
[sql]   expand: %{User-Password} ->
[sql]   ... expanding second conditional
[sql]   expand: INSERT INTO radpostauth (username, pass, reply, authdate)   VALUES ('%{User-Name}', '%{%{User-Password}:-Chap-Password}', '%{reply:Packet-Type}', NOW()) -> INSERT INTO radpostauth (username, pass, reply, authdate)   VALUES ('act', 'Chap-Password', 'Access-Accept', NOW())
rlm_sql (sql) in sql_postauth: query is INSERT INTO radpostauth (username, pass, reply, authdate)   VALUES ('act', 'Chap-Password', 'Access-Accept', NOW())
rlm_sql (sql): Reserving sql socket id: 2
rlm_sql_postgresql: Status: PGRES_COMMAND_OK
rlm_sql_postgresql: query affected rows = 1
rlm_sql (sql): Released sql socket id: 2
++[sql] returns ok
++[exec] returns noop
Sending Access-Accept of id 217 to 192.168.25.25 port 54287
        Framed-IP-Address := 10.10.10.10
        Framed-Protocol := PPP
        Service-Type := Framed-User
        Framed-Compression := Van-Jacobson-TCP-IP
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 0 ID 217 with timestamp +1038
Ready to process requests.



Код:
Connected to 00:19:db:39:ff:ff via interface eth1
using channel 83
Using interface ppp0
Connect: ppp0 <--> eth1
Couldn't increase MTU to 1500
Couldn't increase MRU to 1500
sent [LCP ConfReq id=0x1 <mru 1492> <auth chap MS-v2> <magic 0x60e7bd1>]
rcvd [LCP ConfAck id=0x1 <mru 1492> <auth chap MS-v2> <magic 0x60e7bd1>]
rcvd [LCP ConfReq id=0x1 <mru 1492> <magic 0x6fb37714> <callback CBCP> <mrru 1614> <endpoint [local:94.8f.01.51.da.fc.4b.fe.a9.33.0c.8e.a2.d3.fb.af.00.00.00.00]>]
sent [LCP ConfRej id=0x1 <callback CBCP> <mrru 1614>]
rcvd [LCP ConfReq id=0x2 <mru 1492> <magic 0x6fb37714> <endpoint [local:94.8f.01.51.da.fc.4b.fe.a9.33.0c.8e.a2.d3.fb.af.00.00.00.00]>]
sent [LCP ConfAck id=0x2 <mru 1492> <magic 0x6fb37714> <endpoint [local:94.8f.01.51.da.fc.4b.fe.a9.33.0c.8e.a2.d3.fb.af.00.00.00.00]>]
sent [LCP EchoReq id=0x0 magic=0x60e7bd1]
sent [CHAP Challenge id=0x43 <cc4550c89b0107cbae55fa07e6f7cc85>, name = "adsl"]
rcvd [LCP Ident id=0x3 magic=0x6fb37714 "MSRASV5.10"]
rcvd [LCP Ident id=0x4 magic=0x6fb37714 "MSRAS-0-LAPTOP2PC-PC"]
rcvd [LCP EchoRep id=0x0 magic=0x6fb37714]
rcvd [CHAP Response id=0x43 <694b5acc565ac7f1367a56f83b58c1bd000000000000000054c20768ca01cdabcc561f7d3065dc986c472956b7e4429e00>, name = "act"]
RADATTR plugin wrote 4 line(s) to file /var/run/radattr.ppp0.

Peer act failed CHAP authentication
sent [CHAP Failure id=0x43 ""]
Couldn't increase MTU to 1500
Couldn't increase MRU to 1500
sent [LCP TermReq id=0x2 "Authentication failed"]
rcvd [LCP TermAck id=0x2 "Authentication failed"]
Connection terminated.
RADATTR plugin removed file /var/run/radattr.ppp0.

Код:
root@adsl:/etc/ppp# ifconfig eth1:2
eth1:2    Link encap:Ethernet  HWaddr 4C:00:10:54:45:0F
          inet addr:192.168.25.25  Bcast:192.168.25.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          Interrupt:12 Base address:0xec00
Активен

Success represents the 1% of your work which results from the 99% that is called failure.
... - Soichiro Honda

Activity

  • Напреднали
  • *****
  • Публикации: 105
  • Distribution: Slackware 13.1
  • Window Manager: KDE 3.5.10
    • Профил
Re: pppoe-server+postgres+freeradius+mschap-v2
« Отговор #1 -: Nov 22, 2010, 17:43 »
ново 10 , проблема не е в НАС-а а по скоро някъде в конфига , клиента се свързва с радиус-а но само с MSCHAP , когато задам на pppoe-server да използва само mschap-v2 , заявката стига до радиус-а той отговаря на нея , но клиента-а поличава грешка 691

конфиг на pppoe-server

Код:
auth
refuse-chap
refuse-mschap
refuse-eap
refuse-pap

require-mschap-v2

mru 1492
mtu 1492
default-asyncmap
lcp-echo-interval 60
lcp-echo-failure 5

ms-dns xxxxxxxxxxxxxxxxx
ms-dns xxxxxxxxxxxxxxxxx

nobsdcomp
nodeflate
noipdefault
noipx
proxyarp
noktune

netmask 255.255.255.255

logfile /var/log/pppoe-server.log

debug

Код:
Nov 22 17:35:47 adsl pppoe-server[2799]: Session 31 created for client 00:19:db:39:ff:ff (10.67.15.31) on eth1 using Service-Name 'access'
Nov 22 17:35:47 adsl pppd[2799]: Plugin /etc/ppp/plugins/radius.so loaded.
Nov 22 17:35:47 adsl pppd[2799]: RADIUS plugin initialized.
Nov 22 17:35:47 adsl pppd[2799]: Plugin /etc/ppp/plugins/radattr.so loaded.
Nov 22 17:35:47 adsl pppd[2799]: RADATTR plugin initialized.
Nov 22 17:35:47 adsl pppd[2799]: Plugin /etc/ppp/plugins/rp-pppoe.so loaded.
Nov 22 17:35:47 adsl pppd[2799]: RP-PPPoE plugin version 3.10 compiled against pppd 2.4.4
Nov 22 17:35:47 adsl pppd[2799]: pppd 2.4.4 started by root, uid 0
Nov 22 17:35:47 adsl pppd[2799]: Using interface ppp1
Nov 22 17:35:47 adsl pppd[2799]: Connect: ppp1 <--> eth1
Nov 22 17:35:53 adsl pppd[2765]: Connection terminated.
Nov 22 17:35:53 adsl pppd[2765]: Modem hangup
Nov 22 17:35:53 adsl pppd[2765]: Exit.
Nov 22 17:35:53 adsl pppoe-server[1677]: Session 30 closed for client 00:19:db:39:ff:ff (10.67.15.30) on eth1
Nov 22 17:36:11 adsl pppoe-server[1677]: Sent PADT
Активен

Success represents the 1% of your work which results from the 99% that is called failure.
... - Soichiro Honda

Activity

  • Напреднали
  • *****
  • Публикации: 105
  • Distribution: Slackware 13.1
  • Window Manager: KDE 3.5.10
    • Профил
Re: pppoe-server+postgres+freeradius+mschap-v2
« Отговор #2 -: Nov 24, 2010, 10:05 »
ново 20  ;D Конфигурацията работи , проблема беше с потребителя добавен в sql-а с различните видове групи ! Голяма сложнотия е там , някой да има някаква примерна конфигурация как си е настройл групите и потребителите в SQL ?
Активен

Success represents the 1% of your work which results from the 99% that is called failure.
... - Soichiro Honda

Подобни теми
Заглавие Започната от Отговора Прегледи Последна публикация
pppoe-freeradius-mysql
Настройка на програми
grey 2 2161 Последна публикация Oct 30, 2010, 21:37
от b2l
pppoe-server
Настройка на програми
faint 2 2305 Последна публикация Feb 18, 2006, 02:22
от faint
Pppoe + freeradius + mysql
Настройка на програми
faint 0 1931 Последна публикация Feb 13, 2008, 19:55
от faint
FreeRadius Server проблем
Настройка на програми
mrowcp 1 3483 Последна публикация Jun 18, 2009, 14:44
от tyuio
PPPoE-Server Странен проблем
Хардуерни и софтуерни проблеми
hipo 2 1941 Последна публикация Oct 09, 2010, 04:54
от georgiev_rz