MX80+FreeRadius dhcp REJECT Wrong password

Модуль управления DHCP сервером
Ответить
Jh-jah
Сообщения: 2
Зарегистрирован: Ср ноя 01, 2017 1:07 pm

MX80+FreeRadius dhcp REJECT Wrong password

Сообщение Jh-jah »

Добрый день.
Настраиваю связку Mx80(dhcp relay) + FreeRadius DHCP.
Во время авторизации клиента FreeRadius отклоняет запрос с указанием Added pair Reply-Message = REJECT Wrong password (Reject)

Код: Выделить всё

rad_recv: Access-Request packet from host 194.8.147.188 port 52112, id=23, length=263
	User-Name = "0800.2726.ebf2"
	Service-Type = Framed-User
	Chargeable-User-Identity = ""
	Acct-Session-Id = "2013986"
	Calling-Station-Id = "MX-BRAS|ge-1/1/0.3221847668:357||"
	ERX-Dhcp-Options = 0x3501013d070108002726ebf20c056a682d8f8a3c084d53465420352e30370c010f03062c2e2f1f2179f92b
	ERX-Dhcp-Gi-Address = 192.168.168.192
	ERX-Dhcp-Mac-Addr = "0800.2726.ebf2"
	NAS-Identifier = "MX-BRAS"
	NAS-Port = 268435813
	NAS-Port-Id = "MX-BRAS|ge-1/1/0.3221847668:357||"
	NAS-Port-Type = Ethernet
	ERX-Pppoe-Description = "pppoe 08:00:27:26:eb:f2"
# Executing section authorize from file /usr/local/etc/raddb/sites-enabled/abills_default
+group authorize {
++[preprocess] = ok
++[mschap] = noop
[files] users: Matched entry DEFAULT at line 38
++[files] = ok
rlm_perl: Added pair Chargeable-User-Identity = 
rlm_perl: Added pair Acct-Session-Id = 2013986
rlm_perl: Added pair NAS-Port = 268435813
rlm_perl: Added pair ERX-Dhcp-Gi-Address = 192.168.168.192
rlm_perl: Added pair Calling-Station-Id = MX-BRAS|ge-1/1/0.3221847668:357||
rlm_perl: Added pair Service-Type = Framed-User
rlm_perl: Added pair ERX-Dhcp-Options = 0x3501013d070108002726ebf20c056a682d8f8a3c084d53465420352e30370c010f03062c2e2f1f2179f92b
rlm_perl: Added pair NAS-IP-Address = 194.8.147.188
rlm_perl: Added pair ERX-Pppoe-Description = pppoe 08:00:27:26:eb:f2
rlm_perl: Added pair User-Name = 0800.2726.ebf2
rlm_perl: Added pair ERX-Dhcp-Mac-Addr = 0800.2726.ebf2
rlm_perl: Added pair NAS-Port-Type = Ethernet
rlm_perl: Added pair NAS-Port-Id = MX-BRAS|ge-1/1/0.3221847668:357||
rlm_perl: Added pair NAS-Identifier = MX-BRAS
rlm_perl: Added pair Auth-Type = Perl
++[perl] = ok
[detail] 	expand: %{Packet-Src-IP-Address} -> 194.8.147.188
[detail] 	expand: /var/log/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d -> /var/log/radacct/194.8.147.188/detail-20171101
[detail] /var/log/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d expands to /var/log/radacct/194.8.147.188/detail-20171101
[detail] 	expand: %t -> Wed Nov  1 17:07:39 2017
++[detail] = ok
+} # group authorize = ok
Found Auth-Type = Perl
# Executing group from file /usr/local/etc/raddb/sites-enabled/abills_default
+group Perl {
rlm_perl: Added pair Chargeable-User-Identity = 
rlm_perl: Added pair Acct-Session-Id = 2013986
rlm_perl: Added pair NAS-Port = 268435813
rlm_perl: Added pair Calling-Station-Id = MX-BRAS|ge-1/1/0.3221847668:357||
rlm_perl: Added pair ERX-Dhcp-Gi-Address = 192.168.168.192
rlm_perl: Added pair Service-Type = Framed-User
rlm_perl: Added pair ERX-Dhcp-Options = 0x3501013d070108002726ebf20c056a682d8f8a3c084d53465420352e30370c010f03062c2e2f1f2179f92b
rlm_perl: Added pair ERX-Dhcp-Mac-Addr = 0800.2726.ebf2
rlm_perl: Added pair User-Name = 0800.2726.ebf2
rlm_perl: Added pair ERX-Pppoe-Description = pppoe 08:00:27:26:eb:f2
rlm_perl: Added pair NAS-IP-Address = 194.8.147.188
rlm_perl: Added pair NAS-Port-Type = Ethernet
rlm_perl: Added pair NAS-Identifier = MX-BRAS
rlm_perl: Added pair NAS-Port-Id = MX-BRAS|ge-1/1/0.3221847668:357||
rlm_perl: Added pair User-Name = 
rlm_perl: Added pair Auth-Type = Perl
++[perl] = reject
+} # group Perl = reject
Failed to authenticate the user.
Login incorrect: [0800.2726.ebf2/<via Auth-Type = Perl>] (from client Maximum_IPoE port 268435813 cli MX-BRAS|ge-1/1/0.3221847668:357||)
Using Post-Auth-Type Reject
# Executing group from file /usr/local/etc/raddb/sites-enabled/abills_default
+group REJECT {
rlm_perl: Added pair Chargeable-User-Identity = 
rlm_perl: Added pair Acct-Session-Id = 2013986
rlm_perl: Added pair NAS-Port = 268435813
rlm_perl: Added pair ERX-Dhcp-Gi-Address = 192.168.168.192
rlm_perl: Added pair Calling-Station-Id = MX-BRAS|ge-1/1/0.3221847668:357||
rlm_perl: Added pair Service-Type = Framed-User
rlm_perl: Added pair ERX-Dhcp-Options = 0x3501013d070108002726ebf20c056a682d8f8a3c084d53465420352e30370c010f03062c2e2f1f2179f92b
rlm_perl: Added pair NAS-IP-Address = 194.8.147.188
rlm_perl: Added pair ERX-Pppoe-Description = pppoe 08:00:27:26:eb:f2
rlm_perl: Added pair User-Name = 0800.2726.ebf2
rlm_perl: Added pair ERX-Dhcp-Mac-Addr = 0800.2726.ebf2
rlm_perl: Added pair NAS-Port-Type = Ethernet
rlm_perl: Added pair NAS-Port-Id = MX-BRAS|ge-1/1/0.3221847668:357||
rlm_perl: Added pair NAS-Identifier = MX-BRAS
rlm_perl: Added pair Reply-Message = REJECT Wrong password (Reject)
rlm_perl: Added pair User-Name = 
rlm_perl: Added pair Auth-Type = Perl
rlm_perl: Added pair Post-Auth-Type = Reject
++[perl] = reject
+} # group REJECT = reject
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 23 to 194.8.147.188 port 52112
	Reply-Message = "REJECT Wrong password (Reject)"
	User-Name = ""
Waking up in 4.9 seconds.
Возможно кто сталкивался и наведет на правильный путь...

FreeRadius настроен по http://abills.net.ua/wiki/doku.php/abil ... stepbystep
MX80 в билинге заведен с типом NAS: dhcp DHCP FreeRadius with dhcp
Версия биллинга 0.75.49

~AsmodeuS~
Site Admin
Сообщения: 5746
Зарегистрирован: Пт янв 28, 2005 3:11 pm
Контактная информация:

Re: MX80+FreeRadius dhcp REJECT Wrong password

Сообщение ~AsmodeuS~ »

Jh-jah писал(а):Добрый день.
Настраиваю связку Mx80(dhcp relay) + FreeRadius DHCP.
Во время авторизации клиента FreeRadius отклоняет запрос с указанием Added pair Reply-Message = REJECT Wrong password (Reject)

Код: Выделить всё

rad_recv: Access-Request packet from host 194.8.147.188 port 52112, id=23, length=263
	User-Name = "0800.2726.ebf2"
	Service-Type = Framed-User
	Chargeable-User-Identity = ""
	Acct-Session-Id = "2013986"
	Calling-Station-Id = "MX-BRAS|ge-1/1/0.3221847668:357||"
	ERX-Dhcp-Options = 0x3501013d070108002726ebf20c056a682d8f8a3c084d53465420352e30370c010f03062c2e2f1f2179f92b
	ERX-Dhcp-Gi-Address = 192.168.168.192
	ERX-Dhcp-Mac-Addr = "0800.2726.ebf2"
	NAS-Identifier = "MX-BRAS"
	NAS-Port = 268435813
	NAS-Port-Id = "MX-BRAS|ge-1/1/0.3221847668:357||"
	NAS-Port-Type = Ethernet
	ERX-Pppoe-Description = "pppoe 08:00:27:26:eb:f2"
# Executing section authorize from file /usr/local/etc/raddb/sites-enabled/abills_default
+group authorize {
++[preprocess] = ok
++[mschap] = noop
[files] users: Matched entry DEFAULT at line 38
++[files] = ok
rlm_perl: Added pair Chargeable-User-Identity = 
rlm_perl: Added pair Acct-Session-Id = 2013986
rlm_perl: Added pair NAS-Port = 268435813
rlm_perl: Added pair ERX-Dhcp-Gi-Address = 192.168.168.192
rlm_perl: Added pair Calling-Station-Id = MX-BRAS|ge-1/1/0.3221847668:357||
rlm_perl: Added pair Service-Type = Framed-User
rlm_perl: Added pair ERX-Dhcp-Options = 0x3501013d070108002726ebf20c056a682d8f8a3c084d53465420352e30370c010f03062c2e2f1f2179f92b
rlm_perl: Added pair NAS-IP-Address = 194.8.147.188
rlm_perl: Added pair ERX-Pppoe-Description = pppoe 08:00:27:26:eb:f2
rlm_perl: Added pair User-Name = 0800.2726.ebf2
rlm_perl: Added pair ERX-Dhcp-Mac-Addr = 0800.2726.ebf2
rlm_perl: Added pair NAS-Port-Type = Ethernet
rlm_perl: Added pair NAS-Port-Id = MX-BRAS|ge-1/1/0.3221847668:357||
rlm_perl: Added pair NAS-Identifier = MX-BRAS
rlm_perl: Added pair Auth-Type = Perl
++[perl] = ok
[detail] 	expand: %{Packet-Src-IP-Address} -> 194.8.147.188
[detail] 	expand: /var/log/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d -> /var/log/radacct/194.8.147.188/detail-20171101
[detail] /var/log/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d expands to /var/log/radacct/194.8.147.188/detail-20171101
[detail] 	expand: %t -> Wed Nov  1 17:07:39 2017
++[detail] = ok
+} # group authorize = ok
Found Auth-Type = Perl
# Executing group from file /usr/local/etc/raddb/sites-enabled/abills_default
+group Perl {
rlm_perl: Added pair Chargeable-User-Identity = 
rlm_perl: Added pair Acct-Session-Id = 2013986
rlm_perl: Added pair NAS-Port = 268435813
rlm_perl: Added pair Calling-Station-Id = MX-BRAS|ge-1/1/0.3221847668:357||
rlm_perl: Added pair ERX-Dhcp-Gi-Address = 192.168.168.192
rlm_perl: Added pair Service-Type = Framed-User
rlm_perl: Added pair ERX-Dhcp-Options = 0x3501013d070108002726ebf20c056a682d8f8a3c084d53465420352e30370c010f03062c2e2f1f2179f92b
rlm_perl: Added pair ERX-Dhcp-Mac-Addr = 0800.2726.ebf2
rlm_perl: Added pair User-Name = 0800.2726.ebf2
rlm_perl: Added pair ERX-Pppoe-Description = pppoe 08:00:27:26:eb:f2
rlm_perl: Added pair NAS-IP-Address = 194.8.147.188
rlm_perl: Added pair NAS-Port-Type = Ethernet
rlm_perl: Added pair NAS-Identifier = MX-BRAS
rlm_perl: Added pair NAS-Port-Id = MX-BRAS|ge-1/1/0.3221847668:357||
rlm_perl: Added pair User-Name = 
rlm_perl: Added pair Auth-Type = Perl
++[perl] = reject
+} # group Perl = reject
Failed to authenticate the user.
Login incorrect: [0800.2726.ebf2/<via Auth-Type = Perl>] (from client Maximum_IPoE port 268435813 cli MX-BRAS|ge-1/1/0.3221847668:357||)
Using Post-Auth-Type Reject
# Executing group from file /usr/local/etc/raddb/sites-enabled/abills_default
+group REJECT {
rlm_perl: Added pair Chargeable-User-Identity = 
rlm_perl: Added pair Acct-Session-Id = 2013986
rlm_perl: Added pair NAS-Port = 268435813
rlm_perl: Added pair ERX-Dhcp-Gi-Address = 192.168.168.192
rlm_perl: Added pair Calling-Station-Id = MX-BRAS|ge-1/1/0.3221847668:357||
rlm_perl: Added pair Service-Type = Framed-User
rlm_perl: Added pair ERX-Dhcp-Options = 0x3501013d070108002726ebf20c056a682d8f8a3c084d53465420352e30370c010f03062c2e2f1f2179f92b
rlm_perl: Added pair NAS-IP-Address = 194.8.147.188
rlm_perl: Added pair ERX-Pppoe-Description = pppoe 08:00:27:26:eb:f2
rlm_perl: Added pair User-Name = 0800.2726.ebf2
rlm_perl: Added pair ERX-Dhcp-Mac-Addr = 0800.2726.ebf2
rlm_perl: Added pair NAS-Port-Type = Ethernet
rlm_perl: Added pair NAS-Port-Id = MX-BRAS|ge-1/1/0.3221847668:357||
rlm_perl: Added pair NAS-Identifier = MX-BRAS
rlm_perl: Added pair Reply-Message = REJECT Wrong password (Reject)
rlm_perl: Added pair User-Name = 
rlm_perl: Added pair Auth-Type = Perl
rlm_perl: Added pair Post-Auth-Type = Reject
++[perl] = reject
+} # group REJECT = reject
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 23 to 194.8.147.188 port 52112
	Reply-Message = "REJECT Wrong password (Reject)"
	User-Name = ""
Waking up in 4.9 seconds.
Возможно кто сталкивался и наведет на правильный путь...

FreeRadius настроен по http://abills.net.ua/wiki/doku.php/abil ... stepbystep
MX80 в билинге заведен с типом NAS: dhcp DHCP FreeRadius with dhcp
Версия биллинга 0.75.49

нужно использовать модуль Mx80.pm

Jh-jah
Сообщения: 2
Зарегистрирован: Ср ноя 01, 2017 1:07 pm

Re: MX80+FreeRadius dhcp REJECT Wrong password

Сообщение Jh-jah »

С Mx80.pm

Код: Выделить всё

rad_recv: Access-Request packet from host 194.8.147.188 port 49717, id=89, length=242
	User-Name = "f01f.af30.d5e4"
	Service-Type = Framed-User
	Chargeable-User-Identity = ""
	Acct-Session-Id = "2088698"
	Calling-Station-Id = "MX-BRAS|ge-1/1/0.3221847668:357||"
	ERX-Dhcp-Options = 0x3501010c026a68370d011c02030f06770c2c2f1a792a
	ERX-Dhcp-Gi-Address = 192.168.168.192
	ERX-Dhcp-Mac-Addr = "f01f.af30.d5e4"
	NAS-Identifier = "MX-BRAS"
	NAS-Port = 268435813
	NAS-Port-Id = "MX-BRAS|ge-1/1/0.3221847668:357||"
	NAS-Port-Type = Ethernet
	ERX-Pppoe-Description = "pppoe f0:1f:af:30:d5:e4"
	
	Ответ
	
rlm_perl: Added pair Calling-Station-Id = MX-BRAS|ge-1/1/0.3221847668:357||
rlm_perl: Added pair ERX-Dhcp-Options = 0x3501010c026a68370d011c02030f06770c2c2f1a792a
rlm_perl: Added pair NAS-Port-Type = Ethernet
rlm_perl: Added pair NAS-Identifier = MX-BRAS
rlm_perl: Added pair NAS-Port = 268435813
rlm_perl: Added pair User-Name = f01f.af30.d5e4
rlm_perl: Added pair Acct-Session-Id = 2088698
rlm_perl: Added pair ERX-Dhcp-Gi-Address = 192.168.168.192
rlm_perl: Added pair NAS-Port-Id = MX-BRAS|ge-1/1/0.3221847668:357||
rlm_perl: Added pair ERX-Dhcp-Mac-Addr = f01f.af30.d5e4
rlm_perl: Added pair Service-Type = Framed-User
rlm_perl: Added pair ERX-Pppoe-Description = pppoe f0:1f:af:30:d5:e4
rlm_perl: Added pair NAS-IP-Address = 194.8.147.188
rlm_perl: Added pair Chargeable-User-Identity = 
rlm_perl: Added pair Reply-Message = 222USER_NOT_EXIST '' /0
rlm_perl: Added pair ERX-Service-Activate:1 = NOAUTH
rlm_perl: Added pair Auth-Type = Perl

В Отчеты/Интернет/Последние подключения бьет ошибку USER_NOT_EXIST '' /0 CID: MX-BRAS|ge-1/1/0.3221847668:357|| GT: 0.02044
СID подставляет как прилетающее от джунипера значение Calling-Station-Id.


Это заставляет подумать что не те пары передаются с джунипера или не те значения в них подставляются. Возможно такое?


Использую на джуне не dhcp сервер, а релей(такое тз).

~AsmodeuS~
Site Admin
Сообщения: 5746
Зарегистрирован: Пт янв 28, 2005 3:11 pm
Контактная информация:

Re: MX80+FreeRadius dhcp REJECT Wrong password

Сообщение ~AsmodeuS~ »

нормальный аксес реквест должен с модуле mx80 работать нормально

Ответить