Не работает chap, mschap-v2 и mppe. PAP -работает.

mnk · Сообщение **mnk** » Ср янв 31, 2007 8:47 am

Вобщем по порядку.
OS Mandriva 2007 PP kernel 2.6.17-5mdv
Все вроде настроил, как в документации.
WEB интерфейс работает замечательно
Radius тоже вроде как работает. При вводе
# radtest misha mishapasswd 127.0.0.1:1812 0 radsecret 0 127.0.0.1
Параметры отдает нормально.
Не могу никак настроить связку pptpd+radius+abills.
Что интересно, что работает только PAP авторизация, а CHAP И тем более MSCHAP не идут. Что-то с проверкой паролей.
Вот кусок лога радиуса.
1. При авторизации CHAP

Код: Выделить всё

rad_recv: Access-Request packet from host 127.0.0.1:1026, id=234, length=88
        Service-Type = Framed-User
        Framed-Protocol = PPP
        User-Name = "misha"
        CHAP-Challenge = 0x7dd4233d9e86da611cf7570523dcc43f
        CHAP-Password = 0x69aeaec16e524bf7c413b58eea6e63fa4d
        NAS-IP-Address = 127.0.0.1
        NAS-Port = 0
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 2
  modcall[authorize]: module "preprocess" returns ok for request 2
  rlm_chap: Setting 'Auth-Type := CHAP'
  modcall[authorize]: module "chap" returns ok for request 2
  modcall[authorize]: module "mschap" returns noop for request 2
    rlm_realm: No '@' in User-Name = "misha", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 2
    users: Matched entry DEFAULT at line 2
  modcall[authorize]: module "files" returns ok for request 2
modcall: leaving group authorize (returns ok) for request 2
  rad_check_password:  Found Auth-Type CHAP
auth: type "CHAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group CHAP for request 2
  rlm_chap: login attempt by "misha" with CHAP password
  rlm_chap: Could not find clear text password for user misha
  modcall[authenticate]: module "chap" returns invalid for request 2
modcall: leaving group CHAP (returns invalid) for request 2
auth: Failed to validate the user.
  Found Post-Auth-Type
  Processing the post-auth section of radiusd.conf
modcall: entering group REJECT for request 2
radius_xlat:  '/usr/abills/libexec/rauth.pl post_auth'
Exec-Program: /usr/abills/libexec/rauth.pl post_auth
Exec-Program output:
Exec-Program: returned: 0
  modcall[post-auth]: module "post_auth" returns ok for request 2
modcall: leaving group REJECT (returns ok) for request 2
Delaying request 2 for 1 seconds
Finished request 2
Going to the next request

2. MSCHAP-V2

Код: Выделить всё

rad_recv: Access-Request packet from host 127.0.0.1:1026, id=235, length=133
        Service-Type = Framed-User
        Framed-Protocol = PPP
        User-Name = "misha"
        MS-CHAP-Challenge = 0xc03705643976d224c3bafa6e791de2e7
        MS-CHAP2-Response = 0xd100ea2cf994173a077dc53ea053cd056c8d00000000000000006e1438c6ec03424b5854f8cccf2231c78558e81814954fc4
        NAS-IP-Address = 127.0.0.1
        NAS-Port = 0
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 3
  modcall[authorize]: module "preprocess" returns ok for request 3
  modcall[authorize]: module "chap" returns noop for request 3
  rlm_mschap: Found MS-CHAP attributes.  Setting 'Auth-Type  = mschap'
  modcall[authorize]: module "mschap" returns ok for request 3
    rlm_realm: No '@' in User-Name = "misha", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 3
    users: Matched entry DEFAULT at line 2
  modcall[authorize]: module "files" returns ok for request 3
modcall: leaving group authorize (returns ok) for request 3
  rad_check_password:  Found Auth-Type MS-CHAP
auth: type "MS-CHAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group MS-CHAP for request 3
  rlm_mschap: No User-Password configured.  Cannot create LM-Password.
  rlm_mschap: No User-Password configured.  Cannot create NT-Password.
  rlm_mschap: Told to do MS-CHAPv2 for misha with NT-Password
  rlm_mschap: FAILED: No NT/LM-Password.  Cannot perform authentication.
  rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
  modcall[authenticate]: module "mschap" returns reject for request 3
modcall: leaving group MS-CHAP (returns reject) for request 3
auth: Failed to validate the user.
  Found Post-Auth-Type
  Processing the post-auth section of radiusd.conf
modcall: entering group REJECT for request 3
radius_xlat:  '/usr/abills/libexec/rauth.pl post_auth'
Exec-Program: /usr/abills/libexec/rauth.pl post_auth
Exec-Program output:
Exec-Program: returned: 0
  modcall[post-auth]: module "post_auth" returns ok for request 3
modcall: leaving group REJECT (returns ok) for request 3
Delaying request 3 for 1 seconds
Finished request 3
Going to the next request

Раньше настраивал связку pptpd+radius+mysql на этой же машине, но без abills. Все работало замечательно и mppe и mschap-v2.

Ср янв 31, 2007 11:09 am

написано же в логе гдк ошибки

mnk · Сообщение **mnk** » Чт фев 01, 2007 12:07 pm

Извините за беспокойство, пропустил одну строчку при настройке авторизации в radiusd.conf
Можно тему закрывать.