Титла: pppoe-server+postgres+freeradius+mschap-v2
Публикувано от: Activity в Nov 22, 2010, 16:17
здравейте ! Имам проблем със следната конфигурация. Проблема според мен е, че радиус-а вижда заявката ми от друг адрес следователно на него изпраща и отговора при, което pppoe-server-а не вижда отговор и връща на клиента грешка 691. Как да накарам радиус-а да използва за NAS-IP-Address = 192.168.25.25. Доста е комплексно и немога да го обясня подробно затова ще ви помогна с конфигурацията и на 2-те (pppoe-server & freeradius) Listening on authentication address 192.168.25.25 port 1812
Listening on accounting address 192.168.25.25 port 1813
Listening on command file /usr/local/var/run/radiusd/radiusd.sock
Ready to process requests.
rad_recv: Access-Request packet from host 192.168.25.25 port 54287, id=217, length=150
Service-Type = Framed-User
Framed-Protocol = PPP
User-Name = "act"
MS-CHAP-Challenge = 0xcc4550c89b0107cbae55fa07e6f7cc85
MS-CHAP2-Response = 0x4300694b5acc565ac7f1367a56f83b58c1bd000000000000000054c20768ca01cdabcc561f7d3065dc986c472956b7e4429e
Calling-Station-Id = "00:19:DB:39:FF:FF"
NAS-IP-Address = 192.168.1.2
NAS-Port = 0
# Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /usr/local/var/log/radius/radacct/192.168.25.25/auth-detail-20101122
[auth_log] /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/192.168.25.25/auth-detail-20101122
[auth_log] expand: %t -> Mon Nov 22 16:10:34 2010
++[auth_log] returns ok
++[chap] returns noop
[mschap] Found MS-CHAP attributes. Setting 'Auth-Type = mschap'
++[mschap] returns ok
++[digest] returns noop
[suffix] No '@' in User-Name = "act", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[files] returns noop
[sql] expand: %{User-Name} -> act
[sql] sql_set_user escaped user --> 'act'
rlm_sql (sql): Reserving sql socket id: 3
[sql] expand: SELECT id, UserName, Attribute, Value, Op FROM radcheck WHERE Username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, UserName, Attribute, Value, Op FROM radcheck WHERE Username = 'act' ORDER BY id
rlm_sql_postgresql: Status: PGRES_TUPLES_OK
rlm_sql_postgresql: query affected rows = 1 , fields = 5
[sql] User found in radcheck table
[sql] expand: SELECT id, UserName, Attribute, Value, Op FROM radreply WHERE Username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, UserName, Attribute, Value, Op FROM radreply WHERE Username = 'act' ORDER BY id
rlm_sql_postgresql: Status: PGRES_TUPLES_OK
rlm_sql_postgresql: query affected rows = 1 , fields = 5
[sql] expand: SELECT GroupName FROM radusergroup WHERE UserName='%{SQL-User-Name}' ORDER BY priority -> SELECT GroupName FROM radusergroup WHERE UserName='act' ORDER BY priority
rlm_sql_postgresql: Status: PGRES_TUPLES_OK
rlm_sql_postgresql: query affected rows = 1 , fields = 1
[sql] expand: SELECT id, GroupName, Attribute, Value, op FROM radgroupcheck WHERE GroupName = '%{Sql-Group}' ORDER BY id -> SELECT id, GroupName, Attribute, Value, op FROM radgroupcheck WHERE GroupName = 'static' ORDER BY id
rlm_sql_postgresql: Status: PGRES_TUPLES_OK
rlm_sql_postgresql: query affected rows = 1 , fields = 5
[sql] User found in group static
[sql] expand: SELECT id, GroupName, Attribute, Value, op FROM radgroupreply WHERE GroupName = '%{Sql-Group}' ORDER BY id -> SELECT id, GroupName, Attribute, Value, op FROM radgroupreply WHERE GroupName = 'static' ORDER BY id
rlm_sql_postgresql: Status: PGRES_TUPLES_OK
rlm_sql_postgresql: query affected rows = 4 , fields = 5
rlm_sql (sql): Released sql socket id: 3
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING: Auth-Type already set. Not setting to PAP
++[pap] returns noop
Found Auth-Type = Accept
Auth-Type = Accept, accepting the user
# Executing section post-auth from file /usr/local/etc/raddb/sites-enabled/default
+- entering group post-auth {...}
[sql] expand: %{User-Name} -> act
[sql] sql_set_user escaped user --> 'act'
[sql] expand: %{User-Password} ->
[sql] ... expanding second conditional
[sql] expand: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ('%{User-Name}', '%{%{User-Password}:-Chap-Password}', '%{reply:Packet-Type}', NOW()) -> INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ('act', 'Chap-Password', 'Access-Accept', NOW())
rlm_sql (sql) in sql_postauth: query is INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ('act', 'Chap-Password', 'Access-Accept', NOW())
rlm_sql (sql): Reserving sql socket id: 2
rlm_sql_postgresql: Status: PGRES_COMMAND_OK
rlm_sql_postgresql: query affected rows = 1
rlm_sql (sql): Released sql socket id: 2
++[sql] returns ok
++[exec] returns noop
Sending Access-Accept of id 217 to 192.168.25.25 port 54287
Framed-IP-Address := 10.10.10.10
Framed-Protocol := PPP
Service-Type := Framed-User
Framed-Compression := Van-Jacobson-TCP-IP
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 0 ID 217 with timestamp +1038
Ready to process requests.
Connected to 00:19:db:39:ff:ff via interface eth1
using channel 83
Using interface ppp0
Connect: ppp0 <--> eth1
Couldn't increase MTU to 1500
Couldn't increase MRU to 1500
sent [LCP ConfReq id=0x1 <mru 1492> <auth chap MS-v2> <magic 0x60e7bd1>]
rcvd [LCP ConfAck id=0x1 <mru 1492> <auth chap MS-v2> <magic 0x60e7bd1>]
rcvd [LCP ConfReq id=0x1 <mru 1492> <magic 0x6fb37714> <callback CBCP> <mrru 1614> <endpoint [local:94.8f.01.51.da.fc.4b.fe.a9.33.0c.8e.a2.d3.fb.af.00.00.00.00]>]
sent [LCP ConfRej id=0x1 <callback CBCP> <mrru 1614>]
rcvd [LCP ConfReq id=0x2 <mru 1492> <magic 0x6fb37714> <endpoint [local:94.8f.01.51.da.fc.4b.fe.a9.33.0c.8e.a2.d3.fb.af.00.00.00.00]>]
sent [LCP ConfAck id=0x2 <mru 1492> <magic 0x6fb37714> <endpoint [local:94.8f.01.51.da.fc.4b.fe.a9.33.0c.8e.a2.d3.fb.af.00.00.00.00]>]
sent [LCP EchoReq id=0x0 magic=0x60e7bd1]
sent [CHAP Challenge id=0x43 <cc4550c89b0107cbae55fa07e6f7cc85>, name = "adsl"]
rcvd [LCP Ident id=0x3 magic=0x6fb37714 "MSRASV5.10"]
rcvd [LCP Ident id=0x4 magic=0x6fb37714 "MSRAS-0-LAPTOP2PC-PC"]
rcvd [LCP EchoRep id=0x0 magic=0x6fb37714]
rcvd [CHAP Response id=0x43 <694b5acc565ac7f1367a56f83b58c1bd000000000000000054c20768ca01cdabcc561f7d3065dc986c472956b7e4429e00>, name = "act"]
RADATTR plugin wrote 4 line(s) to file /var/run/radattr.ppp0.
Peer act failed CHAP authentication
sent [CHAP Failure id=0x43 ""]
Couldn't increase MTU to 1500
Couldn't increase MRU to 1500
sent [LCP TermReq id=0x2 "Authentication failed"]
rcvd [LCP TermAck id=0x2 "Authentication failed"]
Connection terminated.
RADATTR plugin removed file /var/run/radattr.ppp0.
root@adsl:/etc/ppp# ifconfig eth1:2
eth1:2 Link encap:Ethernet HWaddr 4C:00:10:54:45:0F
inet addr:192.168.25.25 Bcast:192.168.25.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:12 Base address:0xec00
Титла: Re: pppoe-server+postgres+freeradius+mschap-v2
Публикувано от: Activity в Nov 22, 2010, 17:43
ново 10 , проблема не е в НАС-а а по скоро някъде в конфига , клиента се свързва с радиус-а но само с MSCHAP , когато задам на pppoe-server да използва само mschap-v2 , заявката стига до радиус-а той отговаря на нея , но клиента-а поличава грешка 691 конфиг на pppoe-server auth
refuse-chap
refuse-mschap
refuse-eap
refuse-pap
require-mschap-v2
mru 1492
mtu 1492
default-asyncmap
lcp-echo-interval 60
lcp-echo-failure 5
ms-dns xxxxxxxxxxxxxxxxx
ms-dns xxxxxxxxxxxxxxxxx
nobsdcomp
nodeflate
noipdefault
noipx
proxyarp
noktune
netmask 255.255.255.255
logfile /var/log/pppoe-server.log
debug
Nov 22 17:35:47 adsl pppoe-server[2799]: Session 31 created for client 00:19:db:39:ff:ff (10.67.15.31) on eth1 using Service-Name 'access'
Nov 22 17:35:47 adsl pppd[2799]: Plugin /etc/ppp/plugins/radius.so loaded.
Nov 22 17:35:47 adsl pppd[2799]: RADIUS plugin initialized.
Nov 22 17:35:47 adsl pppd[2799]: Plugin /etc/ppp/plugins/radattr.so loaded.
Nov 22 17:35:47 adsl pppd[2799]: RADATTR plugin initialized.
Nov 22 17:35:47 adsl pppd[2799]: Plugin /etc/ppp/plugins/rp-pppoe.so loaded.
Nov 22 17:35:47 adsl pppd[2799]: RP-PPPoE plugin version 3.10 compiled against pppd 2.4.4
Nov 22 17:35:47 adsl pppd[2799]: pppd 2.4.4 started by root, uid 0
Nov 22 17:35:47 adsl pppd[2799]: Using interface ppp1
Nov 22 17:35:47 adsl pppd[2799]: Connect: ppp1 <--> eth1
Nov 22 17:35:53 adsl pppd[2765]: Connection terminated.
Nov 22 17:35:53 adsl pppd[2765]: Modem hangup
Nov 22 17:35:53 adsl pppd[2765]: Exit.
Nov 22 17:35:53 adsl pppoe-server[1677]: Session 30 closed for client 00:19:db:39:ff:ff (10.67.15.30) on eth1
Nov 22 17:36:11 adsl pppoe-server[1677]: Sent PADT
Титла: Re: pppoe-server+postgres+freeradius+mschap-v2
Публикувано от: Activity в Nov 24, 2010, 10:05
ново 20 ;D Конфигурацията работи , проблема беше с потребителя добавен в sql-а с различните видове групи ! Голяма сложнотия е там , някой да има някаква примерна конфигурация как си е настройл групите и потребителите в SQL ?
|