Страница 1 из 2
freebsd 7.2, freeradius2, mpd5(pppoe) + abills 0.5
Добавлено: Чт ноя 26, 2009 1:38 pm
Turbid
на radtest radius -x дает такой отбой:
Код: Выделить всё
Sending delayed reject for request 0
Sending Access-Reject of id 189 to 127.0.0.1 port 49795
Waking up in 4.9 seconds.
Cleaning up request 0 ID 189 with timestamp +8
Ready to process requests.
rad_recv: Access-Request packet from host 127.0.0.1 port 62937, id=187, length=62
User-Name = "test"
User-Password = "tespass"
NAS-IP-Address = 127.0.0.1
NAS-Port = 0
Framed-Protocol = PPP
No authenticate method (Auth-Type) configuration found for the request: Rejecting the user
Failed to authenticate the user.
Delaying reject of request 1 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 1
Sending Access-Reject of id 187 to 127.0.0.1 port 62937
Waking up in 4.9 seconds.
Cleaning up request 1 ID 187 with timestamp +24
куда копать?
p.s. NAS-Port - это тоже что и id nas-а?
Re: freebsd 7.2, freeradius2, mpd5(pppoe) + abills 0.5
Добавлено: Пт ноя 27, 2009 9:18 am
mr_gfd
Покажите конфиг радиуса.
Скорее всего в raddb/users не добавили
Re: freebsd 7.2, freeradius2, mpd5(pppoe) + abills 0.5
Добавлено: Пт ноя 27, 2009 11:24 am
Turbid
mr_gfd писал(а):Покажите конфиг радиуса.
Скорее всего в raddb/users не добавили
Код: Выделить всё
# cat /usr/local/etc/raddb/users
DEFAULT Auth-Type = Accept
Код: Выделить всё
# cat /usr/local/etc/raddb/dictionary
$INCLUDE /usr/local/share/freeradius/dictionary
$INCLUDE /usr/abills/misc/mpd/mpd.dictionary
Код: Выделить всё
# cat /usr/local/etc/raddb/sites-available/default
authenticate {
Auth-Type PAP {
pap
}
Auth-Type CHAP {
chap
}
Auth-Type MS-CHAP {
mschap
}
Auth-Type Perl {
perl
}
unix
#eap
}
authorize {
preprocess
abills_preauth
mschap
files
abills_auth
}
preacct {
preprocess
abills_acc
}
post-auth {
exec
Post-Auth-Type REJECT {
abills_postauth
}
}
Код: Выделить всё
# cat /usr/local/etc/raddb/clients.conf
client 127.0.0.1 {
secret = PASSWD
}
Код: Выделить всё
# cat /usr/local/etc/raddb/radiusd.conf
...
...
modules {
$INCLUDE ${confdir}/modules/
$INCLUDE eap.conf
# $INCLUDE sql.conf
# $INCLUDE sql/mysql/counter.conf
# $INCLUDE sqlippool.conf
abills_preauth
exec abills_preauth {
program = "/usr/abills/libexec/rauth.pl pre_auth"
wait = yes
input_pairs = request
shell_escape = yes
#output = no
output_pairs = config
}
abills_postauth
exec abills_postauth {
program = "/usr/abills/libexec/rauth.pl post_auth"
wait = yes
input_pairs = request
shell_escape = yes
#output = no
output_pairs = config
}
abills_auth
exec abills_auth {
program = "/usr/abills/libexec/rauth.pl"
wait = yes
input_pairs = request
shell_escape = yes
output = no
output_pairs = reply
}
abills_acc
exec abills_acc {
program = "/usr/abills/libexec/racct.pl"
wait = yes
input_pairs = request
shell_escape = yes
output = no
output_pairs = reply
}
}
...
...
Код: Выделить всё
# cat /usr/local/etc/raddb/modules/exec
exec {
wait = yes
input_pairs = request
shell_escape = yes
output = none
output_pairs = reply
}
Re: freebsd 7.2, freeradius2, mpd5(pppoe) + abills 0.5
Добавлено: Пт ноя 27, 2009 3:08 pm
mr_gfd
exec в sites-available/default лишний, как мне показалось
Re: freebsd 7.2, freeradius2, mpd5(pppoe) + abills 0.5
Добавлено: Пт ноя 27, 2009 5:32 pm
ran
Turbid писал(а):freebsd 7.2, freeradius2, mpd5(pppoe) + abills 0.5
Turbid писал(а):freebsd 6.2, mpd 4.4, freeradius 1.1.7, abills 0.42 (Dv+Ipn)
дык всё-таки какой радиус-та?
а ежли второй, то там разве не так нада:
DEFAULT Auth-Type
:= Accept
Re: freebsd 7.2, freeradius2, mpd5(pppoe) + abills 0.5
Добавлено: Пн ноя 30, 2009 8:17 am
Turbid
mr_gfd писал(а):exec в sites-available/default лишний, как мне показалось
исправил
дык всё-таки какой радиус-та?
сейчас настраиваю новый сервак
а ежли второй, то там разве не так нада:
DEFAULT Auth-Type := Accept
пробовал и так и так
не помогло, что еще посмотреть?
Re: freebsd 7.2, freeradius2, mpd5(pppoe) + abills 0.5
Добавлено: Чт дек 10, 2009 8:52 pm
~AsmodeuS~
читайте доку я всегда данные отуда беру
Re: freebsd 7.2, freeradius2, mpd5(pppoe) + abills 0.5
Добавлено: Ср дек 16, 2009 2:19 am
incubus
Доброго времени суток!
FreeBSD 8.0, freeradius-2.1.6, abills-0.50rc1.
Столкнулся с проблемой отключения клиента через 16-17 сек. Отключается с ACCT_TERMINATE_CAUSE 6 : Admin-Reset. Вот что в логе mpd:
Dec 16 09:57:18 deimos mpd: [L-2] AUTH: Trying RADIUS
Dec 16 09:57:18 deimos mpd: [L-2] RADIUS: Authenticating user 'test'
Dec 16 09:57:19 deimos mpd: [L-2] RADIUS: Rec'd RAD_ACCESS_ACCEPT for user 'test'
Dec 16 09:57:19 deimos mpd: [L-2] AUTH: RADIUS returned: authenticated
Dec 16 09:57:19 deimos mpd: [L-2] CHAP: Auth return status: authenticated
Dec 16 09:57:19 deimos mpd: [L-2] CHAP: Reply message: S=F1DFDF505E044892BF97C447EEC193A539DC8131
Dec 16 09:57:19 deimos mpd: [L-2] CHAP: sending SUCCESS #1 len: 46
Dec 16 09:57:19 deimos mpd: [L-2] LCP: authorization successful
Dec 16 09:57:19 deimos mpd: [L-2] Link: Matched action 'bundle "B" ""'
Dec 16 09:57:19 deimos mpd: [L-2] Creating new bundle using template "B".
Dec 16 09:57:19 deimos mpd: [B-1] Bundle: Interface ng0 created
Dec 16 09:57:19 deimos mpd: [L-2] Link: Join bundle "B-1"
Dec 16 09:57:19 deimos mpd: [B-1] Bundle: Status update: up 1 link, total bandwidth 64000 bps
Dec 16 09:57:19 deimos mpd: [B-1] IPCP: Open event
Dec 16 09:57:19 deimos mpd: [B-1] IPCP: state change Initial --> Starting
Dec 16 09:57:19 deimos mpd: [B-1] IPCP: LayerStart
Dec 16 09:57:19 deimos mpd: [B-1] CCP: Open event
Dec 16 09:57:19 deimos mpd: [B-1] CCP: state change Initial --> Starting
Dec 16 09:57:19 deimos mpd: [B-1] CCP: LayerStart
Dec 16 09:57:19 deimos mpd: [B-1] IPCP: Up event
Dec 16 09:57:19 deimos mpd: [B-1] IPCP: state change Starting --> Req-Sent
Dec 16 09:57:19 deimos mpd: [B-1] IPCP: SendConfigReq #1
Dec 16 09:57:19 deimos mpd: [B-1] IPADDR 172.16.10.1
Dec 16 09:57:19 deimos mpd: [B-1] COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
Dec 16 09:57:19 deimos mpd: [B-1] CCP: Up event
Dec 16 09:57:19 deimos mpd: [B-1] CCP: state change Starting --> Req-Sent
Dec 16 09:57:19 deimos mpd: [B-1] CCP: SendConfigReq #1
Dec 16 09:57:19 deimos mpd: [B-1] MPPC
Dec 16 09:57:19 deimos mpd: [B-1] 0x010000e0:MPPE(40, 56, 128 bits), stateless
Dec 16 09:57:19 deimos mpd: [L-2] RADIUS: Accounting user 'test' (Type: 1)
Dec 16 09:57:19 deimos mpd: [B-1] IPCP: rec'd Configure Request #4 (Req-Sent)
Dec 16 09:57:19 deimos mpd: [B-1] IPADDR 0.0.0.0
Dec 16 09:57:19 deimos mpd: [B-1] NAKing with 172.16.10.64
Dec 16 09:57:19 deimos mpd: [B-1] COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
Dec 16 09:57:19 deimos mpd: [B-1] IPCP: SendConfigNak #4
Dec 16 09:57:19 deimos mpd: [B-1] IPADDR 172.16.10.64
Dec 16 09:57:19 deimos mpd: [B-1] IPCP: rec'd Configure Ack #1 (Req-Sent)
Dec 16 09:57:19 deimos mpd: [B-1] IPADDR 172.16.10.1
Dec 16 09:57:19 deimos mpd: [B-1] COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
Dec 16 09:57:19 deimos mpd: [B-1] IPCP: state change Req-Sent --> Ack-Rcvd
Dec 16 09:57:19 deimos mpd: [L-2] LCP: rec'd Protocol Reject #2 (Opened)
Dec 16 09:57:19 deimos mpd: [L-2] LCP: protocol CCP was rejected
Dec 16 09:57:19 deimos mpd: [B-1] CCP: protocol was rejected by peer
Dec 16 09:57:19 deimos mpd: [B-1] CCP: state change Req-Sent --> Stopped
Dec 16 09:57:19 deimos mpd: [B-1] CCP: LayerFinish
Dec 16 09:57:19 deimos mpd: [B-1] IPCP: rec'd Configure Request #5 (Ack-Rcvd)
Dec 16 09:57:19 deimos mpd: [B-1] IPADDR 172.16.10.64
Dec 16 09:57:19 deimos mpd: [B-1] 172.16.10.64 is OK
Dec 16 09:57:19 deimos mpd: [B-1] COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
Dec 16 09:57:19 deimos mpd: [B-1] IPCP: SendConfigAck #5
Dec 16 09:57:19 deimos mpd: [B-1] IPADDR 172.16.10.64
Dec 16 09:57:19 deimos mpd: [B-1] COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
Dec 16 09:57:19 deimos mpd: [B-1] IPCP: state change Ack-Rcvd --> Opened
Dec 16 09:57:19 deimos mpd: [B-1] IPCP: LayerUp
Dec 16 09:57:19 deimos mpd: [B-1] 172.16.10.1 -> 172.16.10.64
Dec 16 09:57:19 deimos mpd: [B-1] IFACE: Up event
Dec 16 09:57:29 deimos mpd: [L-1] RADIUS: rad_send_request for user 'test' failed: No valid RADIUS responses received
Dec 16 09:57:29 deimos mpd: [L-1] Link: SHUTDOWN event
Dec 16 09:57:29 deimos mpd: [L-1] Link: Shutdown
Dec 16 09:57:34 deimos mpd: [L-2] RADIUS: rad_send_request for user 'test' failed: No valid RADIUS responses received
Dec 16 09:57:34 deimos mpd: [L-2] ACCT: Close link due to accounting start error
Dec 16 09:57:34 deimos mpd: [L-2] ACCT: Link close requested by the accounting
Dec 16 09:57:34 deimos mpd: [L-2] Link: CLOSE event
Dec 16 09:57:34 deimos mpd: [L-2] LCP: Close event
Dec 16 09:57:34 deimos mpd: [L-2] LCP: state change Opened --> Closing
А у radius постоянно идут пакеты с Acct-Status-Type = Start, а потом
Acct-Authentic = RADIUS
Acct-Status-Type = Stop
Acct-Terminate-Cause = Admin-Reset
Acct-Session-Time = 16
Acct-Input-Octets = 669
Acct-Input-Packets = 11
Acct-Input-Gigawords = 0
Acct-Output-Octets = 655
Acct-Output-Packets = 11
Acct-Output-Gigawords = 0
Может быть кто-нибудь с таким сталкивался? Спасибо!
WBR
Re: freebsd 7.2, freeradius2, mpd5(pppoe) + abills 0.5
Добавлено: Ср дек 16, 2009 6:34 am
ran
дебаг лог радиуса смотреть
Re: freebsd 7.2, freeradius2, mpd5(pppoe) + abills 0.5
Добавлено: Ср дек 16, 2009 8:23 am
incubus
ran писал(а):дебаг лог радиуса смотреть
Да вот что-то он меня на мысли не наводит.
Начало:
Код: Выделить всё
Listening on authentication address 127.0.0.1 port 1812
Listening on accounting address 127.0.0.1 port 1813
Listening on command file /var/run/radiusd/radiusd.sock
Ready to process requests.
rad_recv: Access-Request packet from host 127.0.0.1 port 16009, id=167, length=256
NAS-Identifier = "deimos.host.com"
Acct-Session-Id = "951085-L-1"
NAS-Port = 1
NAS-Port-Type = Virtual
Service-Type = Framed-User
Framed-Protocol = PPP
mpd-link = "L-1"
Tunnel-Type:0 = PPTP
Tunnel-Medium-Type:0 = IPv4
Tunnel-Server-Endpoint:0 = "192.168.1.1"
Tunnel-Client-Endpoint:0 = "192.168.1.10"
Tunnel-Server-Auth-Id:0 = "deimos.host.com"
Tunnel-Client-Auth-Id:0 = "incubus.bsd"
User-Name = "test"
MS-CHAP-Challenge = 0xbb1e680ae277a1c01f17e7e6b861c01a
MS-CHAP2-Response = 0x01907b1e682cf8d1f8836267e8160d61ae0f000000000000000050280b163e15d23fab0a342efd0a477b630b61ef1819ec13
+- entering group authorize {...}
++[preprocess] returns ok
Exec-Program output: Cleartext-Password := "123456"
Exec-Program-Wait: value-pairs: Cleartext-Password := "123456"
Exec-Program: returned: 0
++[abills_preauth] returns ok
[mschap] Found MS-CHAP attributes. Setting 'Auth-Type = mschap'
++[mschap] returns ok
[files] users: Matched entry DEFAULT at line 171
++[files] returns ok
Exec-Program output: Session-Timeout = 1324114, Framed-IP-Address = 172.16.10.32, Framed-IP-Netmask = 255.255.255.255,
Exec-Program-Wait: value-pairs: Session-Timeout = 1324114, Framed-IP-Address = 172.16.10.32, Framed-IP-Netmask = 255.255.255.255,
Exec-Program: returned: 0
++[abills_auth] returns ok
Found Auth-Type = MSCHAP
+- entering group MS-CHAP {...}
[mschap] Told to do MS-CHAPv2 for test with NT-Password
[mschap] adding MS-CHAPv2 MPPE keys
++[mschap] returns ok
Sending Access-Accept of id 167 to 127.0.0.1 port 16009
Framed-Protocol = PPP
Framed-Compression = Van-Jacobson-TCP-IP
Session-Timeout = 1324114
Framed-IP-Address = 172.16.10.32
Framed-IP-Netmask = 255.255.255.255
MS-CHAP2-Success = 0x01533d38363744463442324638444136303445354434303846323434334336363834423644304432414142
MS-MPPE-Recv-Key = 0x1ff57da1e267bceddbf8d3f3a471107a
MS-MPPE-Send-Key = 0x2457eadb2174da5cdff038a3e4b8e17c
MS-MPPE-Encryption-Policy = 0x00000002
MS-MPPE-Encryption-Types = 0x00000004
Finished request 0.
Потом идут подряд три одинаковых запроса:
Код: Выделить всё
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Accounting-Request packet from host 127.0.0.1 port 32565, id=98, length=250
NAS-Identifier = "deimos.host.com"
Acct-Session-Id = "951085-L-1"
NAS-Port = 1
NAS-Port-Type = Virtual
Service-Type = Framed-User
Framed-Protocol = PPP
mpd-link = "L-1"
Tunnel-Type:0 = PPTP
Tunnel-Medium-Type:0 = IPv4
Tunnel-Server-Endpoint:0 = "192.168.1.1"
Tunnel-Client-Endpoint:0 = "192.168.1.10"
Tunnel-Server-Auth-Id:0 = "deimos.host.com"
Tunnel-Client-Auth-Id:0 = "incubus.bsd"
Acct-Status-Type = Start
Framed-IP-Address = 172.16.10.32
Framed-IP-Netmask = 255.255.255.255
User-Name = "test"
Acct-Multi-Session-Id = "951086-B-1"
mpd-bundle = "B-1"
mpd-iface = "ng0"
mpd-iface-index = 5
Acct-Link-Count = 1
Acct-Authentic = RADIUS
+- entering group preacct {...}
++[preprocess] returns ok
Exec-Program output:
Exec-Program: returned: 0
++[abills_acc] returns ok
Finished request 1.
Ответа почему-то нет, это ведь не нормально? Видимо mpd ничего не получает и шлет:
Код: Выделить всё
rad_recv: Accounting-Request packet from host 127.0.0.1 port 15573, id=111, length=298
NAS-Identifier = "deimos.host.com"
Acct-Session-Id = "951085-L-1"
NAS-Port = 1
NAS-Port-Type = Virtual
Service-Type = Framed-User
Framed-Protocol = PPP
mpd-link = "L-1"
Tunnel-Type:0 = PPTP
Tunnel-Medium-Type:0 = IPv4
Tunnel-Server-Endpoint:0 = "192.168.1.1"
Tunnel-Client-Endpoint:0 = "192.168.1.10"
Tunnel-Server-Auth-Id:0 = "deimos.host.com"
Tunnel-Client-Auth-Id:0 = "incubus.bsd"
Framed-IP-Address = 172.16.10.32
Framed-IP-Netmask = 255.255.255.255
User-Name = "test"
Acct-Multi-Session-Id = "951086-B-1"
mpd-bundle = "B-1"
mpd-iface = "ng0"
mpd-iface-index = 5
Acct-Link-Count = 1
Acct-Authentic = RADIUS
Acct-Status-Type = Stop
Acct-Terminate-Cause = Admin-Reset
Acct-Session-Time = 16
Acct-Input-Octets = 74
Acct-Input-Packets = 4
Acct-Input-Gigawords = 0
Acct-Output-Octets = 60
Acct-Output-Packets = 4
Acct-Output-Gigawords = 0
+- entering group preacct {...}
++[preprocess] returns ok
Exec-Program output:
Exec-Program: returned: 0
++[abills_acc] returns ok
Finished request 4.
Re: freebsd 7.2, freeradius2, mpd5(pppoe) + abills 0.5
Добавлено: Ср дек 16, 2009 10:58 am
NiTr0
На аккаунтинг пакеты единственный ответ - accept/reject. Что собссно радиус и делает.
Re: freebsd 7.2, freeradius2, mpd5(pppoe) + abills 0.5
Добавлено: Ср дек 16, 2009 11:13 am
incubus
NiTr0 писал(а):На аккаунтинг пакеты единственный ответ - accept/reject. Что собссно радиус и делает.
Ясно, спасибо! Т.е. с виду radius нормально функционирует? Ну тогда я уже совсем не знаю, что mpd нужно. После поднятия интерфейса и получения (?) 4-х ответов accept он шлет Admin-Reset. На все про все 10 секунд:
Dec 16 09:57:19 deimos mpd: [B-1] IFACE: Up event
Dec 16 09:57:29 deimos mpd: [L-1] RADIUS: rad_send_request for user 'test' failed: No valid RADIUS responses received
Re: freebsd 7.2, freeradius2, mpd5(pppoe) + abills 0.5
Добавлено: Ср дек 16, 2009 11:39 am
incubus
NiTr0 писал(а):На аккаунтинг пакеты единственный ответ - accept/reject. Что собссно радиус и делает.
И все же mpd что-то не нравится в этом ответе. Дело в том, что он шлет Admin-Reset после первого ответа, если установить set radius retries 1. И позже, если set radius retries 3, к примеру. Вот и получается 10 секунд, т.к. стояло set radius retries 3.
Re: freebsd 7.2, freeradius2, mpd5(pppoe) + abills 0.5
Добавлено: Ср дек 16, 2009 12:32 pm
incubus
Все, победил. Поставил заново radius и внимательно по мануалу добавил все настройки. Заработало сразу, видимо где-то был невнимателен. Прошу прощения за беспокойство!
Re: freebsd 7.2, freeradius2, mpd5(pppoe) + abills 0.5
Добавлено: Пн янв 25, 2010 6:33 am
Turbid
Turbid писал(а):на radtest radius -x дает такой отбой:
Код: Выделить всё
Sending delayed reject for request 0
Sending Access-Reject of id 189 to 127.0.0.1 port 49795
Waking up in 4.9 seconds.
Cleaning up request 0 ID 189 with timestamp +8
Ready to process requests.
rad_recv: Access-Request packet from host 127.0.0.1 port 62937, id=187, length=62
User-Name = "test"
User-Password = "tespass"
NAS-IP-Address = 127.0.0.1
NAS-Port = 0
Framed-Protocol = PPP
No authenticate method (Auth-Type) configuration found for the request: Rejecting the user
Failed to authenticate the user.
Delaying reject of request 1 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 1
Sending Access-Reject of id 187 to 127.0.0.1 port 62937
Waking up in 4.9 seconds.
Cleaning up request 1 ID 187 with timestamp +24
куда копать?
Проблема решена - в
radiusd.conf отсутствовала строчка:
думаю надо это автору обозначить в документации, чтобы другие не споткнулись.