2 сервер - MPD + ng_car (192.168.0.2)
Проблема следующая:
авторизация на первом сервере проходит и все работает (MPD + ng_car), а на дополнительном 2 691 ошибка.
1) radtest успешно ходит на первый сервер и возвращает ответ:
2) mpd.confradtest ttt 123456 192.168.0.1:1812 0 ************** 0 192.168.0.2
Sending Access-Request of id 205 to 192.168.0.1 port 1812
User-Name = "ttt"
User-Password = "123456"
NAS-IP-Address = 192.168.0.2
NAS-Port = 0
Framed-Protocol = PPP
Re-sending Access-Request of id 205 to 192.168.0.1 port 1812
User-Name = "ttt"
User-Password = "123456"
NAS-IP-Address = 192.168.0.2
NAS-Port = 0
Framed-Protocol = PPP
rad_recv: Access-Accept packet from host 192.168.0.1:1812, id=205, length=137
Session-Timeout = 2275927
Framed-IP-Address = 10.110.34.29
Framed-IP-Netmask = 255.255.255.255
mpd-limit = "in#1=all rate-limit 1024000 192000 384000"
mpd-limit = "out#1=all rate-limit 1024000 192000 384000"
3) /etc/radius.confstartup:
# enable TCP-Wrapper (hosts_access(5)) to block unfriendly clients
set global enable tcp-wrapper
# configure the console
set console self 127.0.0.1 5005
set user admin ******** admin
set console open
#WEB managment
#set web self 0.0.0.0 5006
#set web open
#Netflow options
set netflow peer 127.0.0.1 9996
set netflow self 127.0.0.1 9990
set netflow timeouts 15 15
set netflow hook 9000
#set netflow node netflow
default:
load pptp_server
pptp_server:
# Define dynamic IP address pool.
set ippool add pool1 10.110.0.0 10.110.254.254
# Create clonable bundle template named B
create bundle template B
set iface enable proxy-arp
set iface idle 1800
set iface enable tcpmssfix
set iface up-script "/usr/abills/libexec/linkupdown mpd up"
set iface down-script "/usr/abills/libexec/linkupdown mpd down"
set ipcp yes vjcomp
# Specify IP address pool for dynamic assigment.
set ipcp ranges 10.110.0.0/16 ippool pool1
set ipcp dns 192.168.0.1
# The five lines below enable Microsoft Point-to-Point encryption
# (MPPE) using the ng_mppc(8) netgraph node type.
set bundle disable compression
set ccp no mppc
set mppc no e40
set mppc no e128
set bundle disable crypt-reqd
set mppc no stateless
# Create clonable link template named L
create link template L pptp
# Set bundle template to use
set link action bundle B
set link enable peer-as-calling
# Calling-Station-Id = "10.0.4.16 / 00:18:f3:5a:9f:6a / em0"
# set link enable report-mac
# Multilink adds some overhead, but gives full 1500 MTU.
set link enable multilink
set link yes acfcomp protocomp
set link no pap chap
set link enable chap
set link keep-alive 10 60
# We reducing link mtu to avoid GRE packet fragmentation
set link mtu 1460
# Configure PPTP
# чОЕЫОЙК IP ОБ ЛПФПТПН ВХДЕФ РТПУМХЫЙЧБФУС УПЕДЙОЕОЙЕ
set pptp self 192.168.0.2
# Allow to accept calls
set link enable incoming
#load server_common
load radius
server_common:
set link no pap eap
set link yes chap-md5
set link keep-alive 20 60
set link enable incoming
set link no acfcomp protocomp
load radius
radius:
#IP, пароль и порты RADIUS-сервера
#set radius server 127.0.0.1 radsecret 1812 1813
set radius config /etc/radius.conf
set radius retries 3
set radius timeout 10
set auth acct-update 300
set auth enable radius-auth
set auth enable radius-acct
set auth disable internal
4) mpd.logauth 192.168.0.1:1812 ************** 4 4
acct 192.168.0.1:1813 ************** 4 4
5) На первом сервере там где радиус видно что авторизация проходит:Oct 5 16:19:33 lan-plus mpd: [L-1] LCP: state change Ack-Sent --> Opened
Oct 5 16:19:33 lan-plus mpd: [L-1] LCP: auth: peer wants nothing, I want CHAP
Oct 5 16:19:33 lan-plus mpd: [L-1] CHAP: sending CHALLENGE #1 len: 21
Oct 5 16:19:33 lan-plus mpd: [L-1] LCP: LayerUp
Oct 5 16:19:33 lan-plus mpd: [L-1] LCP: rec'd Ident #2 (Opened)
Oct 5 16:19:33 lan-plus mpd: [L-1] MESG: MSRASV5.20
Oct 5 16:19:33 lan-plus mpd: [L-1] LCP: rec'd Ident #3 (Opened)
Oct 5 16:19:33 lan-plus mpd: [L-1] MESG: MSRAS-0-SERVER-BD42CAAB
Oct 5 16:19:33 lan-plus mpd: [L-1] CHAP: rec'd RESPONSE #1 len: 57
Oct 5 16:19:33 lan-plus mpd: [L-1] Name: "ttt"
Oct 5 16:19:33 lan-plus mpd: [L-1] AUTH: Trying RADIUS
Oct 5 16:19:33 lan-plus mpd: [L-1] RADIUS: Authenticating user 'ttt'
Oct 5 16:19:35 lan-plus mpd: [L-1] CHAP: rec'd RESPONSE #1 len: 57
Oct 5 16:19:35 lan-plus mpd: [L-1] Name: "ttt"
Oct 5 16:19:35 lan-plus mpd: [L-1] CHAP: Auth return status: busy
Oct 5 16:19:37 lan-plus mpd: [L-1] CHAP: rec'd RESPONSE #1 len: 57
Oct 5 16:19:37 lan-plus mpd: [L-1] Name: "ttt"
Oct 5 16:19:37 lan-plus mpd: [L-1] CHAP: Auth return status: busy
Oct 5 16:19:37 lan-plus mpd: [L-1] RADIUS: rad_send_request for user 'ttt' failed: No valid RADIUS responses received
Oct 5 16:19:37 lan-plus mpd: [L-1] AUTH: RADIUS returned error
Oct 5 16:19:37 lan-plus mpd: [L-1] AUTH: ran out of backends
Oct 5 16:19:37 lan-plus mpd: [L-1] CHAP: Auth return status: failed
Oct 5 16:19:37 lan-plus mpd: [L-1] CHAP: Reply message: E=691 R=0 M=Login incorrect
Oct 5 16:19:37 lan-plus mpd: [L-1] CHAP: sending FAILURE #1 len: 31
Oct 5 16:19:37 lan-plus mpd: [L-1] LCP: authorization failed
Oct 5 16:19:37 lan-plus mpd: [L-1] LCP: parameter negotiation failed
Oct 5 16:19:37 lan-plus mpd: [L-1] LCP: state change Opened --> Stopping
Oct 5 16:19:37 lan-plus mpd: [L-1] LCP: SendTerminateReq #4
Oct 5 16:19:37 lan-plus mpd: [L-1] LCP: LayerDown
Oct 5 16:19:37 lan-plus mpd: [L-1] LCP: rec'd Terminate Ack #4 (Stopping)
Oct 5 16:19:37 lan-plus mpd: [L-1] LCP: state change Stopping --> Stopped
Oct 5 16:19:37 lan-plus mpd: [L-1] LCP: LayerFinish
Oct 5 16:19:37 lan-plus mpd: [L-1] PPTP call terminated
2011-10-05 16:19:39 LOG_INFO AUTH ttt CID: 192.168.224.241 GT: 3.52281
Причина в том что MPD не получает ответ от radius(хотя radtest получает), кто может сказать почему ?