Добрый день,
У меня аксес-сервер PPTP на Cisco (ИОС 12.3). При передаче радиусу параметров нету Calling-Station-ID и соответственно не могу в биллинге для каждого юзера прописывать свой IP входа. Однако в параметрах передаваемых Cisco радиусу есть Tunnel-Client-Endpoint:0 который и показывает IP данного юзера. Помогите найти - где я могу поменять, чтоб проверялса именно Tunnel-Client-Endpoint:0 вместо Calling-Station-Id?
Cisco 7120, Abills 0.37b (Linux)
Tunnel-Client-Endpoint:0 вместо Calling-Station-Id
-
~AsmodeuS~
- Site Admin
- Сообщения: 5749
- Зарегистрирован: Пт янв 28, 2005 3:11 pm
- Контактная информация:
Re: Tunnel-Client-Endpoint:0 вместо Calling-Station-Id
нужно точно увидеть пары и использовать версию биллинг хотябы не 4 летней давности
Re: Tunnel-Client-Endpoint:0 вместо Calling-Station-Id
Насколько я понял в Cisco IOS версии 12.4(4) есть опция 31 (Calling-Station-ID), однако мой 7120 староват и последняя версия для него была 12.3(12). Прошу подсказать в каком файле билинга (или радиуса) могу заменить проверку Tunnel-Client-Endpoint:0 вместо Calling-Station-Id ?
P.S. Билинг Abills ставил год назад из cvs и последняя была 0.37б, я и не знал что она 4-х летней давности
P.S. Билинг Abills ставил год назад из cvs и последняя была 0.37б, я и не знал что она 4-х летней давности
Re: Tunnel-Client-Endpoint:0 вместо Calling-Station-Id
0,4 уже скоро историей станет )
скоро будет переход на 0,5 )
скоро будет переход на 0,5 )
Re: Tunnel-Client-Endpoint:0 вместо Calling-Station-Id
Поставил таки 0.5 АБиллс. Циско 3640 (c3640-jk9o3s-mz.124-5a.bin) как VPN сервер (vpdn/pptp). Linux CentOS 5.3 (FreeRADIUS Version 1.1.3).
Если в базе CID пустое или "ANY" - то клиентская машина нормально подсоединяется:
rlm_perl: Added pair User-Password = test
rlm_perl: Added pair Auth-Type = Reject
perl_pool total/active/spare [4/0/4]
Unreserve perl at address 0xa72a988
rad_recv: Access-Request packet from host 192.168.67.5:1645, id=166, length=147
Sending Access-Reject of id 166 to 192.168.67.5 port 1645
Reply-Message = "Wrong CID ''"
rad_recv: Access-Request packet from host 192.168.67.5:1645, id=167, length=147
Framed-Protocol = PPP
User-Name = "test"
MS-CHAP-Challenge = 0x7c58fc47522ef429
MS-CHAP-Response = 0x0101000000000000000000000000000000000000000000000000043fbcb1a4acc0a5ca6a4e462bf2af0d5c645ba63c22298a
NAS-Port-Type = Virtual
NAS-Port = 167
NAS-Port-Id = "Uniq-Sess-ID167"
Service-Type = Framed-User
NAS-IP-Address = 192.168.67.5
perl_pool: item 0xac02e10 asigned new request. Handled so far: 1
found interpetator at address 0xac02e10
rlm_perl: Added pair Session-Timeout = 1853081
rlm_perl: ERROR: Failed to create pair Service-Type = Framed-User
rlm_perl: ERROR: Failed to create pair Framed-Protocol = PPP
rlm_perl: Added pair Framed-IP-Address = 192.168.67.100
rlm_perl: Added pair Framed-IP-Netmask = 255.255.255.255
rlm_perl: Added pair User-Password = test
rlm_perl: Added pair Auth-Type = Accept
perl_pool total/active/spare [3/0/3]
Unreserve perl at address 0xac02e10
Sending Access-Accept of id 167 to 192.168.67.5 port 1645
Session-Timeout = 1853081
Framed-IP-Address = 192.168.67.100
Framed-IP-Netmask = 255.255.255.255
rad_recv: Accounting-Request packet from host 192.168.67.5:1646, id=162, length=180
Acct-Session-Id = "000007AA"
Tunnel-Medium-Type:0 = IP
Tunnel-Server-Endpoint:0 = "10.4.0.191"
Tunnel-Client-Endpoint:0 = "10.4.2.113"
Tunnel-Assignment-Id:0 = "NL-VPN"
Framed-Protocol = PPP
Framed-IP-Address = 192.168.67.100
User-Name = "test"
Cisco-AVPair = "connect-progress=LAN Ses Up"
Acct-Authentic = RADIUS
Acct-Status-Type = Start
NAS-Port-Type = Virtual
NAS-Port = 167
NAS-Port-Id = "Uniq-Sess-ID167"
Service-Type = Framed-User
NAS-IP-Address = 192.168.67.5
Acct-Delay-Time = 0
perl_pool: item 0xa290790 asigned new request. Handled so far: 2
found interpetator at address 0xa290790
perl_pool total/active/spare [3/0/3]
Unreserve perl at address 0xa290790
Sending Accounting-Response of id 162 to 192.168.67.5 port 1646
Как только ставлю CID, то не пускает. Причем CID пробовал писать как IP, MAC и IP / MAC (MAC вида XX-XX-XX-XX-XX-XX, xxxx.xxxx.xxxx):
rad_recv: Access-Request packet from host 192.168.67.5:1645, id=165, length=147
Framed-Protocol = PPP
User-Name = "test"
MS-CHAP-Challenge = 0x3139091f40d17373
MS-CHAP-Response = 0x010100000000000000000000000000000000000000000000000010eb12409b54f1318cac0880a744041f0f232c0d6639c4b4
NAS-Port-Type = Virtual
NAS-Port = 165
NAS-Port-Id = "Uniq-Sess-ID165"
Service-Type = Framed-User
NAS-IP-Address = 192.168.67.5
perl_pool: item 0xa290790 asigned new request. Handled so far: 1
found interpetator at address 0xa290790
rlm_perl: Added pair Reply-Message = Wrong CID ''
rlm_perl: Added pair User-Password = test
rlm_perl: Added pair Auth-Type = Reject
perl_pool total/active/spare [5/0/5]
Unreserve perl at address 0xa290790
rad_recv: Access-Request packet from host 192.168.67.5:1645, id=165, length=147
Sending Access-Reject of id 165 to 192.168.67.5 port 1645
Reply-Message = "Wrong CID ''"
Дебаг Циски без CID-a:
04:19:12: AAA/ACCT/HC(000000AC): Update VPDN/750001F3
04:19:12: AAA/ACCT/HC(000000AC): VPDN/750001F3 [sess] (rx/tx) base 0/0 pre 0/105 call 43303/11139
04:19:12: AAA/ACCT/HC(000000AC): VPDN/750001F3 [sess] (rx/tx) adjusted, pre 0/105 call 43303/11034
04:19:12: AAA/ACCT/NET(000000AC): Queueing record is UPDATE
04:19:12: AAA/ACCT(000000AC): Sending periodic record type=NET user=test
04:19:12: AAA/ACCT(000000AC): Accouting method=radius (RADIUS)
04:19:12: RADIUS/ENCODE(000000AC):Orig. component type = VPDN
04:19:12: RADIUS(000000AC): Config NAS IP: 0.0.0.0
04:19:12: RADIUS(000000AC): sending
04:19:12: RADIUS/ENCODE: Best Local IP-Address 192.168.67.5 for Radius-Server 192.168.67.253
04:19:12: RADIUS(000000AC): Send Accounting-Request to 192.168.67.253:1813 id 1646/167, len 210
04:19:12: RADIUS: authenticator B9 E8 9F 99 8D CA DF 8F - 45 B9 BB 36 8F 3F A3 4F
04:19:12: RADIUS: Acct-Session-Id [44] 10 "000007AA"
04:19:12: RADIUS: Tunnel-Medium-Type [65] 6 00:IPv4 [1]
04:19:12: RADIUS: Tunnel-Server-Endpoi[67] 12 "10.4.0.191"
04:19:12: RADIUS: Tunnel-Client-Endpoi[66] 12 "10.4.2.113"
04:19:12: RADIUS: Tunnel-Assignment-Id[82] 8 "NL-VPN"
04:19:12: RADIUS: Framed-Protocol [7] 6 PPP [1]
04:19:12: RADIUS: Framed-IP-Address [8] 6 192.168.67.100
04:19:12: RADIUS: User-Name [1] 6 "test"
04:19:12: RADIUS: Vendor, Cisco [26] 35
04:19:12: RADIUS: Cisco AVpair [1] 29 "connect-progress=LAN Ses Up"
04:19:12: RADIUS: Acct-Session-Time [46] 6 297
04:19:12: RADIUS: Acct-Input-Octets [42] 6 43303
04:19:12: RADIUS: Acct-Output-Octets [43] 6 11034
04:19:12: RADIUS: Acct-Input-Packets [47] 6 668
04:19:12: RADIUS: Acct-Output-Packets [48] 6 188
04:19:12: RADIUS: Acct-Authentic [45] 6 RADIUS [1]
04:19:12: RADIUS: Acct-Status-Type [40] 6 Watchdog [3]
04:19:12: RADIUS: NAS-Port-Type [61] 6 Virtual [5]
04:19:12: RADIUS: NAS-Port [5] 6 167
04:19:12: RADIUS: NAS-Port-Id [87] 17 "Uniq-Sess-ID167"
04:19:12: RADIUS: Service-Type [6] 6 Framed [2]
04:19:12: RADIUS: NAS-IP-Address [4] 6 192.168.67.5
04:19:12: RADIUS: Acct-Delay-Time [41] 6 0
04:19:12: RADIUS: Received from id 1646/167 192.168.67.253:1813, Accounting-response, len 20
04:19:12: RADIUS: authenticator E8 B8 F3 CC 61 84 57 35 - 19 3F B8 A4 A8 E1 79 1B
04:19:12: AAA/ACCT/NET(000000AC): UPDATE protocol reply PASS
04:19:12: AAA/ACCT(000000AC): Send UPDATE accounting notification to EM successfully
04:19:12: AAA/ACCT(000000AC): Resetting Periodic timer
И при определении CID-a
04:20:30: AAA/ACCT/HC(000000AE): Register VPDN/910001F9 0bit/s, assuming 100Mbit/s, poll every 5m 0s
04:20:30: AAA/ACCT/HC(000000AE): Update VPDN/910001F9
04:20:30: AAA/ACCT/HC(000000AE): VPDN/910001F9 [init-sess] (rx/tx) base 0/0 pre 0/0 call 0/0
04:20:30: AAA/ACCT/HC(000000AE): VPDN/910001F9 [init-sess] (rx/tx) adjusted, pre 0/0 call 0/0
04:20:30: AAA/ACCT/EVENT/(000000AE): CALL START
04:20:30: Getting session id for NET(000000AE) : db=65C17760
04:20:30: AAA/ACCT(00000000): add node, session 1991
04:20:30: AAA/ACCT/NET(000000AE): add, count 1
04:20:30: AAA/ACCT/EVENT/(000000AE): ATTR ADD
04:20:30: AAA/ACCT(000000AE): Send NEWINFO accounting notification to EM successfully
04:20:30: AAA/ACCT/NET(000000AE): Pick method list 'default'
04:20:30: AAA/ACCT/SETMLIST(000000AE): Handle 0, mlist 654C0A48, Name default
04:20:30: AAA/ACCT(000000AE): Type NET: Periodic timer initialized
04:20:30: AAA/ACCT/NET(000000AE): Pick method list 'default'
04:20:30: AAA/ACCT/SETMLIST(000000AE): Handle 0, mlist 654C0A48, Name default
04:20:30: AAA/ACCT/NET(000000AE): Pick method list 'default'
04:20:30: AAA/ACCT/SETMLIST(000000AE): Handle 0, mlist 654C0A48, Name default
04:20:30: RADIUS/ENCODE(000000AE):Orig. component type = VPDN
04:20:30: RADIUS(000000AE): Config NAS IP: 0.0.0.0
04:20:30: Getting session id for NET(000000AE) : db=65C17760
04:20:30: RADIUS/ENCODE(000000AE): acct_session_id: 1991
04:20:30: RADIUS(000000AE): sending
04:20:30: RADIUS/ENCODE: Best Local IP-Address 192.168.67.5 for Radius-Server 192.168.67.253
04:20:30: RADIUS(000000AE): Send Access-Request to 192.168.67.253:1812 id 1645/169, len 147
04:20:30: RADIUS: authenticator 21 EB 2A C8 92 36 66 3B - 00 00 00 00 00 00 00 00
04:20:30: RADIUS: Framed-Protocol [7] 6 PPP [1]
04:20:30: RADIUS: User-Name [1] 6 "test"
04:20:30: RADIUS: Vendor, Microsoft [26] 16
04:20:30: RADIUS: MSCHAP_Challenge [11] 10
04:20:30: RADIUS: 21 EB 2A C8 92 36 66 3B [!?*??6f;]
04:20:30: RADIUS: Vendor, Microsoft [26] 58
04:20:30: RADIUS: MS-CHAP-Response [1] 52 *
04:20:30: RADIUS: NAS-Port-Type [61] 6 Virtual [5]
04:20:30: RADIUS: NAS-Port [5] 6 169
04:20:30: RADIUS: NAS-Port-Id [87] 17 "Uniq-Sess-ID169"
04:20:30: RADIUS: Service-Type [6] 6 Framed [2]
04:20:30: RADIUS: NAS-IP-Address [4] 6 192.168.67.5
04:20:35: RADIUS: Received from id 1645/169 192.168.67.253:1812, Access-Reject, len 34
04:20:35: RADIUS: authenticator 54 BC BF E0 6B 15 7D 8D - E3 1A BD 64 87 58 F8 7C
04:20:35: RADIUS: Reply-Message [18] 14
04:20:35: RADIUS: 57 72 6F 6E 67 20 43 49 44 20 27 27 [Wrong CID '']
04:20:35: RADIUS(000000AE): Received from id 1645/169
04:20:35: RADIUS/DECODE: Reply-Message fragments, 12, total 12 bytes
04:20:35: AAA/ACCT/NET(000000AE): Pick method list 'default'
04:20:35: AAA/ACCT/SETMLIST(000000AE): Handle 0, mlist 654C0A48, Name default
04:20:35: AAA/ACCT/EVENT/(000000AE): NET DOWN
04:20:35: AAA/ACCT/HC(000000AE): Update VPDN/910001F9
04:20:35: AAA/ACCT/HC(000000AE): VPDN/910001F9 [pre-sess] (rx/tx) base 0/0 pre 0/122 call 0/122
04:20:35: AAA/ACCT/HC(000000AE): VPDN/910001F9 [pre-sess] (rx/tx) adjusted, pre 0/122 call 0/0
04:20:35: AAA/ACCT/HC(000000AE): Update VPDN/910001F9
04:20:35: AAA/ACCT/HC(000000AE): VPDN/910001F9 [sess] (rx/tx) base 0/0 pre 0/122 call 0/122
04:20:35: AAA/ACCT/HC(000000AE): VPDN/910001F9 [sess] (rx/tx) adjusted, pre 0/122 call 0/0
04:20:35: AAA/ACCT/NET(000000AE): Accounting record not sent
04:20:35: AAA/ACCT(000000AE): del node, session 1991
04:20:35: AAA/ACCT/NET(000000AE): free_rec, count 0
04:20:35: AAA/ACCT/NET(000000AE) reccnt 0, csr FALSE, osr 0
04:20:35: AAA/ACCT/HC(000000AE): Update VPDN/910001F9
04:20:35: AAA/ACCT/HC(000000AE): VPDN/910001F9 [pre-sess] (rx/tx) base 0/0 pre 0/130 call 0/130
04:20:35: AAA/ACCT/HC(000000AE): VPDN/910001F9 [pre-sess] (rx/tx) adjusted, pre 0/130 call 0/0
04:20:35: AAA/ACCT/HC(000000AE): Update VPDN/910001F9
04:20:35: AAA/ACCT/HC(000000AE): VPDN/910001F9 [sess] (rx/tx) base 0/0 pre 0/130 call 0/130
04:20:35: AAA/ACCT/HC(000000AE): VPDN/910001F9 [sess] (rx/tx) adjusted, pre 0/130 call 0/0
04:20:35: AAA/ACCT/HC(000000AE): Deregister VPDN/910001F9
04:20:35: AAA/ACCT/EVENT/(000000AE): CALL STOP
04:20:35: AAA/ACCT(000000AE) reccnt 0, osr 0
На Циске радиус конфигурирован:
radius-server attribute 218 mandatory
radius-server host 192.168.67.253 auth-port 1812 acct-port 1813
radius-server key xxxxxxxx
radius-server vsa send accounting
radius-server vsa send authentication
Копался в Auth.pm но не разобрался
Помогите...
Если в базе CID пустое или "ANY" - то клиентская машина нормально подсоединяется:
rlm_perl: Added pair User-Password = test
rlm_perl: Added pair Auth-Type = Reject
perl_pool total/active/spare [4/0/4]
Unreserve perl at address 0xa72a988
rad_recv: Access-Request packet from host 192.168.67.5:1645, id=166, length=147
Sending Access-Reject of id 166 to 192.168.67.5 port 1645
Reply-Message = "Wrong CID ''"
rad_recv: Access-Request packet from host 192.168.67.5:1645, id=167, length=147
Framed-Protocol = PPP
User-Name = "test"
MS-CHAP-Challenge = 0x7c58fc47522ef429
MS-CHAP-Response = 0x0101000000000000000000000000000000000000000000000000043fbcb1a4acc0a5ca6a4e462bf2af0d5c645ba63c22298a
NAS-Port-Type = Virtual
NAS-Port = 167
NAS-Port-Id = "Uniq-Sess-ID167"
Service-Type = Framed-User
NAS-IP-Address = 192.168.67.5
perl_pool: item 0xac02e10 asigned new request. Handled so far: 1
found interpetator at address 0xac02e10
rlm_perl: Added pair Session-Timeout = 1853081
rlm_perl: ERROR: Failed to create pair Service-Type = Framed-User
rlm_perl: ERROR: Failed to create pair Framed-Protocol = PPP
rlm_perl: Added pair Framed-IP-Address = 192.168.67.100
rlm_perl: Added pair Framed-IP-Netmask = 255.255.255.255
rlm_perl: Added pair User-Password = test
rlm_perl: Added pair Auth-Type = Accept
perl_pool total/active/spare [3/0/3]
Unreserve perl at address 0xac02e10
Sending Access-Accept of id 167 to 192.168.67.5 port 1645
Session-Timeout = 1853081
Framed-IP-Address = 192.168.67.100
Framed-IP-Netmask = 255.255.255.255
rad_recv: Accounting-Request packet from host 192.168.67.5:1646, id=162, length=180
Acct-Session-Id = "000007AA"
Tunnel-Medium-Type:0 = IP
Tunnel-Server-Endpoint:0 = "10.4.0.191"
Tunnel-Client-Endpoint:0 = "10.4.2.113"
Tunnel-Assignment-Id:0 = "NL-VPN"
Framed-Protocol = PPP
Framed-IP-Address = 192.168.67.100
User-Name = "test"
Cisco-AVPair = "connect-progress=LAN Ses Up"
Acct-Authentic = RADIUS
Acct-Status-Type = Start
NAS-Port-Type = Virtual
NAS-Port = 167
NAS-Port-Id = "Uniq-Sess-ID167"
Service-Type = Framed-User
NAS-IP-Address = 192.168.67.5
Acct-Delay-Time = 0
perl_pool: item 0xa290790 asigned new request. Handled so far: 2
found interpetator at address 0xa290790
perl_pool total/active/spare [3/0/3]
Unreserve perl at address 0xa290790
Sending Accounting-Response of id 162 to 192.168.67.5 port 1646
Как только ставлю CID, то не пускает. Причем CID пробовал писать как IP, MAC и IP / MAC (MAC вида XX-XX-XX-XX-XX-XX, xxxx.xxxx.xxxx):
rad_recv: Access-Request packet from host 192.168.67.5:1645, id=165, length=147
Framed-Protocol = PPP
User-Name = "test"
MS-CHAP-Challenge = 0x3139091f40d17373
MS-CHAP-Response = 0x010100000000000000000000000000000000000000000000000010eb12409b54f1318cac0880a744041f0f232c0d6639c4b4
NAS-Port-Type = Virtual
NAS-Port = 165
NAS-Port-Id = "Uniq-Sess-ID165"
Service-Type = Framed-User
NAS-IP-Address = 192.168.67.5
perl_pool: item 0xa290790 asigned new request. Handled so far: 1
found interpetator at address 0xa290790
rlm_perl: Added pair Reply-Message = Wrong CID ''
rlm_perl: Added pair User-Password = test
rlm_perl: Added pair Auth-Type = Reject
perl_pool total/active/spare [5/0/5]
Unreserve perl at address 0xa290790
rad_recv: Access-Request packet from host 192.168.67.5:1645, id=165, length=147
Sending Access-Reject of id 165 to 192.168.67.5 port 1645
Reply-Message = "Wrong CID ''"
Дебаг Циски без CID-a:
04:19:12: AAA/ACCT/HC(000000AC): Update VPDN/750001F3
04:19:12: AAA/ACCT/HC(000000AC): VPDN/750001F3 [sess] (rx/tx) base 0/0 pre 0/105 call 43303/11139
04:19:12: AAA/ACCT/HC(000000AC): VPDN/750001F3 [sess] (rx/tx) adjusted, pre 0/105 call 43303/11034
04:19:12: AAA/ACCT/NET(000000AC): Queueing record is UPDATE
04:19:12: AAA/ACCT(000000AC): Sending periodic record type=NET user=test
04:19:12: AAA/ACCT(000000AC): Accouting method=radius (RADIUS)
04:19:12: RADIUS/ENCODE(000000AC):Orig. component type = VPDN
04:19:12: RADIUS(000000AC): Config NAS IP: 0.0.0.0
04:19:12: RADIUS(000000AC): sending
04:19:12: RADIUS/ENCODE: Best Local IP-Address 192.168.67.5 for Radius-Server 192.168.67.253
04:19:12: RADIUS(000000AC): Send Accounting-Request to 192.168.67.253:1813 id 1646/167, len 210
04:19:12: RADIUS: authenticator B9 E8 9F 99 8D CA DF 8F - 45 B9 BB 36 8F 3F A3 4F
04:19:12: RADIUS: Acct-Session-Id [44] 10 "000007AA"
04:19:12: RADIUS: Tunnel-Medium-Type [65] 6 00:IPv4 [1]
04:19:12: RADIUS: Tunnel-Server-Endpoi[67] 12 "10.4.0.191"
04:19:12: RADIUS: Tunnel-Client-Endpoi[66] 12 "10.4.2.113"
04:19:12: RADIUS: Tunnel-Assignment-Id[82] 8 "NL-VPN"
04:19:12: RADIUS: Framed-Protocol [7] 6 PPP [1]
04:19:12: RADIUS: Framed-IP-Address [8] 6 192.168.67.100
04:19:12: RADIUS: User-Name [1] 6 "test"
04:19:12: RADIUS: Vendor, Cisco [26] 35
04:19:12: RADIUS: Cisco AVpair [1] 29 "connect-progress=LAN Ses Up"
04:19:12: RADIUS: Acct-Session-Time [46] 6 297
04:19:12: RADIUS: Acct-Input-Octets [42] 6 43303
04:19:12: RADIUS: Acct-Output-Octets [43] 6 11034
04:19:12: RADIUS: Acct-Input-Packets [47] 6 668
04:19:12: RADIUS: Acct-Output-Packets [48] 6 188
04:19:12: RADIUS: Acct-Authentic [45] 6 RADIUS [1]
04:19:12: RADIUS: Acct-Status-Type [40] 6 Watchdog [3]
04:19:12: RADIUS: NAS-Port-Type [61] 6 Virtual [5]
04:19:12: RADIUS: NAS-Port [5] 6 167
04:19:12: RADIUS: NAS-Port-Id [87] 17 "Uniq-Sess-ID167"
04:19:12: RADIUS: Service-Type [6] 6 Framed [2]
04:19:12: RADIUS: NAS-IP-Address [4] 6 192.168.67.5
04:19:12: RADIUS: Acct-Delay-Time [41] 6 0
04:19:12: RADIUS: Received from id 1646/167 192.168.67.253:1813, Accounting-response, len 20
04:19:12: RADIUS: authenticator E8 B8 F3 CC 61 84 57 35 - 19 3F B8 A4 A8 E1 79 1B
04:19:12: AAA/ACCT/NET(000000AC): UPDATE protocol reply PASS
04:19:12: AAA/ACCT(000000AC): Send UPDATE accounting notification to EM successfully
04:19:12: AAA/ACCT(000000AC): Resetting Periodic timer
И при определении CID-a
04:20:30: AAA/ACCT/HC(000000AE): Register VPDN/910001F9 0bit/s, assuming 100Mbit/s, poll every 5m 0s
04:20:30: AAA/ACCT/HC(000000AE): Update VPDN/910001F9
04:20:30: AAA/ACCT/HC(000000AE): VPDN/910001F9 [init-sess] (rx/tx) base 0/0 pre 0/0 call 0/0
04:20:30: AAA/ACCT/HC(000000AE): VPDN/910001F9 [init-sess] (rx/tx) adjusted, pre 0/0 call 0/0
04:20:30: AAA/ACCT/EVENT/(000000AE): CALL START
04:20:30: Getting session id for NET(000000AE) : db=65C17760
04:20:30: AAA/ACCT(00000000): add node, session 1991
04:20:30: AAA/ACCT/NET(000000AE): add, count 1
04:20:30: AAA/ACCT/EVENT/(000000AE): ATTR ADD
04:20:30: AAA/ACCT(000000AE): Send NEWINFO accounting notification to EM successfully
04:20:30: AAA/ACCT/NET(000000AE): Pick method list 'default'
04:20:30: AAA/ACCT/SETMLIST(000000AE): Handle 0, mlist 654C0A48, Name default
04:20:30: AAA/ACCT(000000AE): Type NET: Periodic timer initialized
04:20:30: AAA/ACCT/NET(000000AE): Pick method list 'default'
04:20:30: AAA/ACCT/SETMLIST(000000AE): Handle 0, mlist 654C0A48, Name default
04:20:30: AAA/ACCT/NET(000000AE): Pick method list 'default'
04:20:30: AAA/ACCT/SETMLIST(000000AE): Handle 0, mlist 654C0A48, Name default
04:20:30: RADIUS/ENCODE(000000AE):Orig. component type = VPDN
04:20:30: RADIUS(000000AE): Config NAS IP: 0.0.0.0
04:20:30: Getting session id for NET(000000AE) : db=65C17760
04:20:30: RADIUS/ENCODE(000000AE): acct_session_id: 1991
04:20:30: RADIUS(000000AE): sending
04:20:30: RADIUS/ENCODE: Best Local IP-Address 192.168.67.5 for Radius-Server 192.168.67.253
04:20:30: RADIUS(000000AE): Send Access-Request to 192.168.67.253:1812 id 1645/169, len 147
04:20:30: RADIUS: authenticator 21 EB 2A C8 92 36 66 3B - 00 00 00 00 00 00 00 00
04:20:30: RADIUS: Framed-Protocol [7] 6 PPP [1]
04:20:30: RADIUS: User-Name [1] 6 "test"
04:20:30: RADIUS: Vendor, Microsoft [26] 16
04:20:30: RADIUS: MSCHAP_Challenge [11] 10
04:20:30: RADIUS: 21 EB 2A C8 92 36 66 3B [!?*??6f;]
04:20:30: RADIUS: Vendor, Microsoft [26] 58
04:20:30: RADIUS: MS-CHAP-Response [1] 52 *
04:20:30: RADIUS: NAS-Port-Type [61] 6 Virtual [5]
04:20:30: RADIUS: NAS-Port [5] 6 169
04:20:30: RADIUS: NAS-Port-Id [87] 17 "Uniq-Sess-ID169"
04:20:30: RADIUS: Service-Type [6] 6 Framed [2]
04:20:30: RADIUS: NAS-IP-Address [4] 6 192.168.67.5
04:20:35: RADIUS: Received from id 1645/169 192.168.67.253:1812, Access-Reject, len 34
04:20:35: RADIUS: authenticator 54 BC BF E0 6B 15 7D 8D - E3 1A BD 64 87 58 F8 7C
04:20:35: RADIUS: Reply-Message [18] 14
04:20:35: RADIUS: 57 72 6F 6E 67 20 43 49 44 20 27 27 [Wrong CID '']
04:20:35: RADIUS(000000AE): Received from id 1645/169
04:20:35: RADIUS/DECODE: Reply-Message fragments, 12, total 12 bytes
04:20:35: AAA/ACCT/NET(000000AE): Pick method list 'default'
04:20:35: AAA/ACCT/SETMLIST(000000AE): Handle 0, mlist 654C0A48, Name default
04:20:35: AAA/ACCT/EVENT/(000000AE): NET DOWN
04:20:35: AAA/ACCT/HC(000000AE): Update VPDN/910001F9
04:20:35: AAA/ACCT/HC(000000AE): VPDN/910001F9 [pre-sess] (rx/tx) base 0/0 pre 0/122 call 0/122
04:20:35: AAA/ACCT/HC(000000AE): VPDN/910001F9 [pre-sess] (rx/tx) adjusted, pre 0/122 call 0/0
04:20:35: AAA/ACCT/HC(000000AE): Update VPDN/910001F9
04:20:35: AAA/ACCT/HC(000000AE): VPDN/910001F9 [sess] (rx/tx) base 0/0 pre 0/122 call 0/122
04:20:35: AAA/ACCT/HC(000000AE): VPDN/910001F9 [sess] (rx/tx) adjusted, pre 0/122 call 0/0
04:20:35: AAA/ACCT/NET(000000AE): Accounting record not sent
04:20:35: AAA/ACCT(000000AE): del node, session 1991
04:20:35: AAA/ACCT/NET(000000AE): free_rec, count 0
04:20:35: AAA/ACCT/NET(000000AE) reccnt 0, csr FALSE, osr 0
04:20:35: AAA/ACCT/HC(000000AE): Update VPDN/910001F9
04:20:35: AAA/ACCT/HC(000000AE): VPDN/910001F9 [pre-sess] (rx/tx) base 0/0 pre 0/130 call 0/130
04:20:35: AAA/ACCT/HC(000000AE): VPDN/910001F9 [pre-sess] (rx/tx) adjusted, pre 0/130 call 0/0
04:20:35: AAA/ACCT/HC(000000AE): Update VPDN/910001F9
04:20:35: AAA/ACCT/HC(000000AE): VPDN/910001F9 [sess] (rx/tx) base 0/0 pre 0/130 call 0/130
04:20:35: AAA/ACCT/HC(000000AE): VPDN/910001F9 [sess] (rx/tx) adjusted, pre 0/130 call 0/0
04:20:35: AAA/ACCT/HC(000000AE): Deregister VPDN/910001F9
04:20:35: AAA/ACCT/EVENT/(000000AE): CALL STOP
04:20:35: AAA/ACCT(000000AE) reccnt 0, osr 0
На Циске радиус конфигурирован:
radius-server attribute 218 mandatory
radius-server host 192.168.67.253 auth-port 1812 acct-port 1813
radius-server key xxxxxxxx
radius-server vsa send accounting
radius-server vsa send authentication
Копался в Auth.pm но не разобрался
Помогите...-
~AsmodeuS~
- Site Admin
- Сообщения: 5749
- Зарегистрирован: Пт янв 28, 2005 3:11 pm
- Контактная информация:
Re: Tunnel-Client-Endpoint:0 вместо Calling-Station-Id
циска не передаёт сид
Re: Tunnel-Client-Endpoint:0 вместо Calling-Station-Id
Ну в поле CID мониторинга IP нормально появляется Но вопрос скорее в другом - IP клиента передается в переменной Tunnel-Client-Endpoint:0 , Радиус параметр 66. Можбо добавить в Auth.pm чтоб этот параметр тоже сравнивался с CID-ом?
Но вопрос скорее в другом - IP клиента передается в переменной Tunnel-Client-Endpoint:0 , Радиус параметр 66. Можбо добавить в Auth.pm чтоб этот параметр тоже сравнивался с CID-ом?-
~AsmodeuS~
- Site Admin
- Сообщения: 5749
- Зарегистрирован: Пт янв 28, 2005 3:11 pm
- Контактная информация:
Re: Tunnel-Client-Endpoint:0 вместо Calling-Station-Id
В пакетах аккаунтинга етсь а в пакетах авторизации нету
Re: Tunnel-Client-Endpoint:0 вместо Calling-Station-Id
Уважаемый Asmodeus, хотел уточнить - нету у меня (моего Cisco) или нету у Cisco вообще? Тоесть неправильно конфигурировал у себя или невозможно это реализовать?
-
~AsmodeuS~
- Site Admin
- Сообщения: 5749
- Зарегистрирован: Пт янв 28, 2005 3:11 pm
- Контактная информация:
Re: Tunnel-Client-Endpoint:0 вместо Calling-Station-Id
Нужно уточнить у службы поддержки cisco не все версии выдают CID при авторизации