Дык вроде разбирались уже с радиус 2.
Еще раз напишу. Посмотрите тут. Я вроде после того, как разобрался все подробно описал.
Странно только, что если делать по описанию из INSTALL.rus дистрибудива abills, то тогда как раз и не работает. Толи написано не все, то ли руки у меня растут криво.
freeradius2
Re: freeradius2
Пробовал настроить и по этой статье, но и по ней не получается. Уже переставил все с нуля и систему и радиус, поставил RHEL 5.1 со своим штатным freeradius 1.3, но самое интересное то, что те же грабли - клиент подключается, а айпишник, Acct-Interim-Interval и др. параметры ему не передаются. Мне кажется проблема в словарях радиусклиента, у меня не подключаются дополнительные словари через команду INCLUDE, т.е. на эту команду система ругается:Дык вроде разбирались уже с радиус 2.
Еще раз напишу. Посмотрите тут. Я вроде после того, как разобрался все подробно описал.
Код: Выделить всё
May 18 12:19:10 billing pppd[26173]: rc_read_dictionary: invalid type on line 11 of dictionary /etc/radiusclient/dictionary.microsoft
May 18 12:19:10 billing pppd[26173]: RADIUS: Can't read dictionary file /etc/radiusclient/dictionaryКод: Выделить всё
May 16 14:18:11 billing pptpd[9190]: CTRL: Client 172.20.19.18 control connection started
May 16 14:18:11 billing pptpd[9190]: CTRL: Starting call (launching pppd, opening GRE)
May 16 14:18:11 billing pppd[9191]: Plugin radius.so loaded.
May 16 14:18:11 billing pppd[9191]: RADIUS plugin initialized.
May 16 14:18:11 billing pppd[9191]: Plugin radattr.so loaded.
May 16 14:18:11 billing pppd[9191]: RADATTR plugin initialized.
May 16 14:18:11 billing pppd[9191]: Plugin /usr/lib/pptpd/pptpd-logwtmp.so loaded.
May 16 14:18:11 billing pppd[9191]: pppd 2.4.4 started by root, uid 0
May 16 14:18:11 billing pppd[9191]: Using interface ppp0
May 16 14:18:11 billing pppd[9191]: Connect: ppp0 <--> /dev/pts/5
May 16 14:18:11 billing pptpd[9190]: CTRL: Ignored a SET LINK INFO packet with real ACCMs!
May 16 14:18:11 billing pppd[9191]: rc_avpair_new: unknown attribute 11
May 16 14:18:11 billing pppd[9191]: rc_avpair_new: unknown attribute 25
May 16 14:18:12 billing pppd[9191]:
May 16 14:18:12 billing pppd[9191]: Peer pasha failed CHAP authentication
May 16 14:18:12 billing pppd[9191]: Connection terminated.
May 16 14:18:12 billing pppd[9191]: tcflush failed: Input/output error
May 16 14:18:12 billing pppd[9191]: Exit.
May 16 14:18:12 billing pptpd[9190]: CTRL: Client 172.20.19.18 control connection finishedПриходится впихивать эти словари в один файл, а потом кропотливо заменять пробелы табуляцией, очень муторно однако. Скорее всего радиусклиенту и не хватает какого-то словаря. Кто может сказать какие словари за что отвечают и какие должны точно присутствовать в радиусклиенте ? Или подскажите почему радиусклиент не воспринимает команду INCLUDE ?
ЗЫ. Начальству уже нужен результат, а я 3 недели не могу найти грабли, помогите
Последний раз редактировалось Павел Вт май 19, 2009 10:11 am, всего редактировалось 1 раз.
Re: freeradius2
Дык стяни мой готовый конфиг (выше) и копипасть.Павел писал(а):ЗЫ. Начальству уже нужен результат, а я 3 недели не могу найти грабли, помогите
Re: freeradius2
Ну так писал ведь уже не получается ни по каким конфигам, одна и та же проблема - не получает узверь параметров хоть ты тресни !Дык стяни мой готовый конфиг (выше) и копипасть.
Re: freeradius2
Самое интересное, что действительно, словарь микрософта от freeradius не походят к radiusclient, я выше показывал какой должен быть словарь.Павел писал(а):Ну так писал ведь уже не получается ни по каким конфигам, одна и та же проблема - не получает узверь параметров хоть ты тресни !Дык стяни мой готовый конфиг (выше) и копипасть.
У меня другая проблемка. Через 5-6 минут клиент попадает в зап. В мониторинге дв трафик по нулям и в сводной статитике тоже 0. Похоже не ходять аливы.
и еще в лог падает интересная ошибка
Код: Выделить всё
RADATTR plugin removed file /var/run/radattr.ppp0.
Plugin radius.so loaded.
RADIUS plugin initialized.
Plugin radattr.so loaded.
RADATTR plugin initialized.
Plugin /usr/lib/pptpd/pptpd-logwtmp.so loaded.
pptpd-logwtmp: $Version$
using channel 2
Using interface ppp0
Connect: ppp0 <--> /dev/pts/4
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0xa80869b0> <pcomp> <accomp>]
rcvd [LCP ConfReq id=0x0 <mru 1400> <magic 0x28f001c3> <pcomp> <accomp> <callback CBCP>]
sent [LCP ConfRej id=0x0 <callback CBCP>]
rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0xa80869b0> <pcomp> <accomp>]
rcvd [LCP ConfReq id=0x1 <mru 1400> <magic 0x28f001c3> <pcomp> <accomp>]
sent [LCP ConfAck id=0x1 <mru 1400> <magic 0x28f001c3> <pcomp> <accomp>]
sent [LCP EchoReq id=0x0 magic=0xa80869b0]
sent [CHAP Challenge id=0x71 <fe135cb5eea70556259cdd51c81a4a4c>, name = "pptpd"]
rcvd [LCP Ident id=0x2 magic=0x28f001c3 "MSRASV5.10"]
rcvd [LCP Ident id=0x3 magic=0x28f001c3 "MSRAS-0-KTD_282_99"]
rcvd [LCP EchoRep id=0x0 magic=0x28f001c3]
rcvd [CHAP Response id=0x71 <e36e5b9fc2513777a2bab3051aece85c000000000000000045281fad363ac5c452b3e357e64e8c62d49274f7daa0e40f00>, name = "test2"]
RADATTR plugin wrote 9 line(s) to file /var/run/radattr.ppp0.
sent [CHAP Success id=0x71 "S=B985F3F3876C83A219A62C59CE17BC9BDDE9F927"]
sent [CCP ConfReq id=0x1 <deflate 15> <deflate(old#) 15>]
sent [IPCP ConfReq id=0x1 <compress VJ 0f 01> <addr 192.168.222.129>]
rcvd [CCP ConfReq id=0x4 <mppe +H -M -S -L -D +C>]
sent [CCP ConfRej id=0x4 <mppe +H -M -S -L -D +C>]
rcvd [IPCP ConfReq id=0x5 <addr 0.0.0.0> <ms-dns1 0.0.0.0> <ms-wins 0.0.0.0> <ms-dns2 0.0.0.0> <ms-wins 0.0.0.0>]
sent [IPCP ConfRej id=0x5 <ms-wins 0.0.0.0> <ms-wins 0.0.0.0>]
rcvd [CCP ConfRej id=0x1 <deflate 15> <deflate(old#) 15>]
sent [CCP ConfReq id=0x2]
rcvd [IPCP ConfRej id=0x1 <compress VJ 0f 01>]
sent [IPCP ConfReq id=0x2 <addr 192.168.222.129>]
rcvd [CCP TermReq id=0x6"(\37777777760\001\37777777703\000<\37777777715t\000\000\002\37777777734"]
sent [CCP TermAck id=0x6]
rcvd [IPCP ConfReq id=0x7 <addr 0.0.0.0> <ms-dns1 0.0.0.0> <ms-dns2 0.0.0.0>]
sent [IPCP ConfNak id=0x7 <addr 10.20.20.101> <ms-dns1 10.0.0.1> <ms-dns2 10.0.0.1>]
rcvd [IPCP ConfAck id=0x2 <addr 192.168.222.129>]
rcvd [IPCP ConfReq id=0x8 <addr 10.20.20.101> <ms-dns1 10.0.0.1> <ms-dns2 10.0.0.1>]
sent [IPCP ConfAck id=0x8 <addr 10.20.20.101> <ms-dns1 10.0.0.1> <ms-dns2 10.0.0.1>]
Script /etc/ppp/ip-pre-up started (pid 5438)
Script /etc/ppp/ip-pre-up finished (pid 5438), status = 0x0
local IP address 192.168.222.129
remote IP address 10.20.20.101
pptpd-logwtmp.so ip-up ppp0 test2 192.168.222.1
rc_send_server: no reply from RADIUS server localhost:1813
Script /etc/ppp/ip-up started (pid 5456)
sent [CCP ConfReq id=0x2]
Script /etc/ppp/ip-up finished (pid 5456), status = 0x0
rcvd [CCP TermAck id=0x2]
sent [CCP TermReq id=0x3"No compression negotiated"]
rcvd [CCP TermAck id=0x3"No compression negotiated"]
меня это смущает
rc_send_server: no reply from RADIUS server localhost:1813
....
однако аливы ходят, почему же тогда абиллс считает что нет?
Код: Выделить всё
No. Time Source Destination Protocol Info
1 0.000000 Receive_33 Receive_33 PPP LCP Echo Request
Frame 1 (22 bytes on wire, 22 bytes captured)
Ethernet II, Src: Receive_33 (20:52:45:43:56:33), Dst: Receive_33 (20:52:45:43:56:33)
PPP Link Control Protocol
No. Time Source Destination Protocol Info
2 0.000000 Send_33 Send_33 PPP LCP Echo Reply
Frame 2 (22 bytes on wire, 22 bytes captured)
Ethernet II, Src: Send_33 (20:53:45:4e:44:33), Dst: Send_33 (20:53:45:4e:44:33)
PPP Link Control Protocol
No. Time Source Destination Protocol Info
3 60.008789 Receive_33 Receive_33 PPP LCP Echo Request
Frame 3 (22 bytes on wire, 22 bytes captured)
Ethernet II, Src: Receive_33 (20:52:45:43:56:33), Dst: Receive_33 (20:52:45:43:56:33)
PPP Link Control Protocol
No. Time Source Destination Protocol Info
4 60.008789 Send_33 Send_33 PPP LCP Echo Reply
Frame 4 (22 bytes on wire, 22 bytes captured)
Ethernet II, Src: Send_33 (20:53:45:4e:44:33), Dst: Send_33 (20:53:45:4e:44:33)
PPP Link Control Protocol
No. Time Source Destination Protocol Info
5 120.018555 Receive_33 Receive_33 PPP LCP Echo Request
Frame 5 (22 bytes on wire, 22 bytes captured)
Ethernet II, Src: Receive_33 (20:52:45:43:56:33), Dst: Receive_33 (20:52:45:43:56:33)
PPP Link Control Protocol
No. Time Source Destination Protocol Info
6 120.018555 Send_33 Send_33 PPP LCP Echo Reply
...ага, ну сам себе и отвечу
вот правильный defaults
Код: Выделить всё
authorize {
preprocess
abills_preauth
mschap
files
abills_auth
}
authenticate {
Auth-Type PAP {
pap
}
Auth-Type CHAP {
chap
}
Auth-Type MS-CHAP {
mschap
}
unix
}
preacct {
preprocess
abills_acc
}
accounting {
unix
radutmp
attr_filter.accounting_response
}
session {
radutmp
}
post-auth {
exec
Post-Auth-Type REJECT {
abills_postauth
}
}
Там было так
Код: Выделить всё
Файл /etc/raddb/sytes-inable/default - правим секции authorize, preacct, post-auth. Остальное в этих секциях ремарим.
authorize {
preprocess
abills_preauth
mschap
files
abills_auth
}
preacct {
preprocess
abills_acc
}
post-auth {
Post-Auth-Type REJECT {
abills_postauth
}
}
Re: freeradius2
Все так есть на свете добрые люди, я знал, но сомневался 
. Поделился конфигами мой знакомый, правда у меня freeradius 1.3, ну хоть что то, подкрутил под себя и пошло, я даже не поверил . Попробую разобраться чем они отличаются.
. Поделился конфигами мой знакомый, правда у меня freeradius 1.3, ну хоть что то, подкрутил под себя и пошло, я даже не поверил . Попробую разобраться чем они отличаются.-
Xramovnik
- Сообщения: 98
- Зарегистрирован: Сб апр 12, 2008 7:18 am
- Откуда: Ставропольский край
- Контактная информация:
Re: freeradius2
Вот что нарисовал мне радиус:
Однако подключения не происходит... Ошибка 691... Вроде ошибок со словарями нет. Может я что не доглядел?
Система Debian Lenny
Код: Выделить всё
Starting - reading configuration files ...
including configuration file /etc/freeradius/radiusd.conf
including configuration file /etc/freeradius/proxy.conf
including configuration file /etc/freeradius/clients.conf
including configuration file /etc/freeradius/snmp.conf
including configuration file /etc/freeradius/eap.conf
including configuration file /etc/freeradius/policy.conf
including configuration file /etc/freeradius/sites-enabled/default
including dictionary file /etc/freeradius/dictionary
main {
prefix = "/usr"
localstatedir = "/var"
logdir = "/var/log/freeradius"
libdir = "/usr/lib/freeradius"
radacctdir = "/var/log/freeradius/radacct"
hostname_lookups = no
max_request_time = 30
cleanup_delay = 5
max_requests = 1024
allow_core_dumps = no
pidfile = "/var/run/freeradius/freeradius.pid"
user = "freerad"
group = "freerad"
checkrad = "/usr/sbin/checkrad"
debug_level = 0
proxy_requests = yes
security {
max_attributes = 200
reject_delay = 1
status_server = yes
}
}
client localhost {
ipaddr = 127.0.0.1
require_message_authenticator = no
secret = "testing123"
nastype = "other"
}
radiusd: #### Loading Realms and Home Servers ####
proxy server {
retry_delay = 5
retry_count = 3
default_fallback = no
dead_time = 120
wake_all_if_all_dead = no
}
home_server localhost {
ipaddr = 127.0.0.1
port = 1812
type = "auth"
secret = "testing123"
response_window = 20
max_outstanding = 65536
zombie_period = 40
status_check = "status-server"
ping_check = "none"
ping_interval = 30
check_interval = 30
num_answers_to_alive = 3
num_pings_to_alive = 3
revive_interval = 120
status_check_timeout = 4
}
home_server_pool my_auth_failover {
type = fail-over
home_server = localhost
}
realm example.com {
auth_pool = my_auth_failover
}
realm LOCAL {
}
radiusd: #### Instantiating modules ####
instantiate {
Module: Linked to module rlm_exec
Module: Instantiating exec
exec {
wait = yes
input_pairs = "request"
output_pairs = "reply"
shell_escape = yes
}
Module: Linked to module rlm_expr
Module: Instantiating expr
Module: Linked to module rlm_expiration
Module: Instantiating expiration
expiration {
reply-message = "Password Has Expired "
}
Module: Linked to module rlm_logintime
Module: Instantiating logintime
logintime {
reply-message = "You are calling outside your allowed timespan "
minimum-timeout = 60
}
}
radiusd: #### Loading Virtual Servers ####
server {
modules {
Module: Checking authenticate {...} for more modules to load
Module: Linked to module rlm_pap
Module: Instantiating pap
pap {
encryption_scheme = "auto"
auto_header = no
}
Module: Linked to module rlm_chap
Module: Instantiating chap
Module: Linked to module rlm_mschap
Module: Instantiating mschap
mschap {
use_mppe = yes
require_encryption = no
require_strong = no
with_ntdomain_hack = no
}
Module: Linked to module rlm_unix
Module: Instantiating unix
unix {
radwtmp = "/var/log/freeradius/radwtmp"
}
Module: Checking authorize {...} for more modules to load
Module: Linked to module rlm_preprocess
Module: Instantiating preprocess
preprocess {
huntgroups = "/etc/freeradius/huntgroups"
hints = "/etc/freeradius/hints"
with_ascend_hack = no
ascend_channels_per_line = 23
with_ntdomain_hack = no
with_specialix_jetstream_hack = no
with_cisco_vsa_hack = no
with_alvarion_vsa_hack = no
}
Module: Linked to module rlm_realm
Module: Instantiating suffix
realm suffix {
format = "suffix"
delimiter = "@"
ignore_default = no
ignore_null = no
}
Module: Linked to module rlm_files
Module: Instantiating files
files {
usersfile = "/etc/freeradius/users"
acctusersfile = "/etc/freeradius/acct_users"
compat = "no"
}
Module: Checking preacct {...} for more modules to load
Module: Instantiating acc
exec acc {
wait = yes
program = "/usr/abills/libexec/racct.pl"
input_pairs = "request"
output_pairs = "reply"
shell_escape = yes
}
Module: Checking accounting {...} for more modules to load
Module: Linked to module rlm_detail
Module: Instantiating detail
detail {
detailfile = "/var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
header = "%t"
detailperm = 384
dirperm = 493
locking = no
log_packet_header = no
}
Module: Linked to module rlm_radutmp
Module: Instantiating radutmp
radutmp {
filename = "/var/log/freeradius/radutmp"
username = "%{User-Name}"
case_sensitive = yes
check_with_nas = yes
perm = 384
callerid = yes
}
Module: Linked to module rlm_attr_filter
Module: Instantiating attr_filter.accounting_response
attr_filter attr_filter.accounting_response {
attrsfile = "/etc/freeradius/attrs.accounting_response"
key = "%{User-Name}"
}
Module: Checking session {...} for more modules to load
Module: Checking post-proxy {...} for more modules to load
Module: Linked to module rlm_eap
Module: Instantiating eap
eap {
default_eap_type = "md5"
timer_expire = 60
ignore_unknown_eap_types = no
cisco_accounting_username_bug = no
}
Module: Linked to sub-module rlm_eap_md5
Module: Instantiating eap-md5
Module: Linked to sub-module rlm_eap_leap
Module: Instantiating eap-leap
Module: Linked to sub-module rlm_eap_gtc
Module: Instantiating eap-gtc
gtc {
challenge = "Password: "
auth_type = "PAP"
}
rlm_eap: Ignoring EAP-Type/tls because we do not have OpenSSL support.
rlm_eap: Ignoring EAP-Type/ttls because we do not have OpenSSL support.
rlm_eap: Ignoring EAP-Type/peap because we do not have OpenSSL support.
Module: Linked to sub-module rlm_eap_mschapv2
Module: Instantiating eap-mschapv2
mschapv2 {
with_ntdomain_hack = no
}
Module: Checking post-auth {...} for more modules to load
}
}
radiusd: #### Opening IP addresses and Ports ####
listen {
type = "auth"
ipaddr = *
port = 0
}
listen {
type = "acct"
ipaddr = *
port = 0
}
main {
snmp = no
smux_password = ""
snmp_write_access = no
}
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on proxy address * port 1814
Ready to process requests.
rad_recv: Access-Request packet from host 127.0.0.1 port 60597, id=91, length=146
Service-Type = Framed-User
Framed-Protocol = PPP
User-Name = "204"
MS-CHAP-Challenge = 0x49dd9ad3281c5b69fbb65c28e5caecf3
MS-CHAP2-Response = 0xcb0006920ef3f0eff061227c18c4e7fe08f100000000000000005999c279b0c520758ac8a8d08fcbf67ec08a19b187d58b45
Calling-Station-Id = "192.168.2.120"
NAS-IP-Address = 127.0.0.1
NAS-Port = 0
+- entering group authorize
++[preprocess] returns ok
rlm_realm: No '@' in User-Name = "204", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
++[unix] returns notfound
users: Matched entry DEFAULT at line 2
++[files] returns ok
rad_check_password: Found Auth-Type Accept
rad_check_password: Auth-Type = Accept, accepting the user
Login OK: [204/<via Auth-Type = Accept>] (from client localhost port 0 cli 192.168.2.120)
+- entering group post-auth
Exec-Program output: Acct-Interim-Interval = 60, Session-Timeout = 37835, PPPD-Upstream-Speed-Limit = 0, Octets-Direction = 1, Framed-IP-Address = 172.30.1.0, Session-Octets-Limit = 52428800, Framed-IP-Netmask = 255.255.255.255, PPPD-Downstream-Speed-Limit = 0,
Exec-Program-Wait: value-pairs: Acct-Interim-Interval = 60, Session-Timeout = 37835, PPPD-Upstream-Speed-Limit = 0, Octets-Direction = 1, Framed-IP-Address = 172.30.1.0, Session-Octets-Limit = 52428800, Framed-IP-Netmask = 255.255.255.255, PPPD-Downstream-Speed-Limit = 0,
Exec-Program: returned: 0
++[exec] returns noop
Sending Access-Accept of id 91 to 127.0.0.1 port 60597
Acct-Interim-Interval = 60
Session-Timeout = 37835
PPPD-Upstream-Speed-Limit = Bridge-No
Octets-Direction = Route-IP-Yes
Framed-IP-Address = 172.30.1.0
Session-Octets-Limit = 52428800
Framed-IP-Netmask = 255.255.255.255
PPPD-Downstream-Speed-Limit = Send-Auth-None
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 127.0.0.1 port 53035, id=92, length=146
Service-Type = Framed-User
Framed-Protocol = PPP
User-Name = "204"
MS-CHAP-Challenge = 0x4e7c62eac194f1b0ac38d4e84ffb0504
MS-CHAP2-Response = 0x55008ffe68e3c308e2d66cb1bebce3a7bd210000000000000000300ac2c5ebde8e90be495babf99e0ec5d14fe48305765073
Calling-Station-Id = "192.168.2.120"
NAS-IP-Address = 127.0.0.1
NAS-Port = 0
+- entering group authorize
++[preprocess] returns ok
rlm_realm: No '@' in User-Name = "204", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
++[unix] returns notfound
users: Matched entry DEFAULT at line 2
++[files] returns ok
rad_check_password: Found Auth-Type Accept
rad_check_password: Auth-Type = Accept, accepting the user
Login OK: [204/<via Auth-Type = Accept>] (from client localhost port 0 cli 192.168.2.120)
+- entering group post-auth
Exec-Program output: Acct-Interim-Interval = 60, Session-Timeout = 37830, PPPD-Upstream-Speed-Limit = 0, Octets-Direction = 1, Framed-IP-Address = 172.30.2.218, Session-Octets-Limit = 52428800, Framed-IP-Netmask = 255.255.255.255, PPPD-Downstream-Speed-Limit = 0,
Exec-Program-Wait: value-pairs: Acct-Interim-Interval = 60, Session-Timeout = 37830, PPPD-Upstream-Speed-Limit = 0, Octets-Direction = 1, Framed-IP-Address = 172.30.2.218, Session-Octets-Limit = 52428800, Framed-IP-Netmask = 255.255.255.255, PPPD-Downstream-Speed-Limit = 0,
Exec-Program: returned: 0
++[exec] returns noop
Sending Access-Accept of id 92 to 127.0.0.1 port 53035
Acct-Interim-Interval = 60
Session-Timeout = 37830
PPPD-Upstream-Speed-Limit = Bridge-No
Octets-Direction = Route-IP-Yes
Framed-IP-Address = 172.30.2.218
Session-Octets-Limit = 52428800
Framed-IP-Netmask = 255.255.255.255
PPPD-Downstream-Speed-Limit = Send-Auth-None
Finished request 1.
Going to the next request
Waking up in 0.3 seconds.
Cleaning up request 0 ID 91 with timestamp +7
Waking up in 4.6 seconds.Система Debian Lenny
Слишком гадкий чтобы жить, слишком редкий чтобы сдохнуть...
Re: freeradius2
Попробуй сравнить, может найдешь "тонкое место"
Код: Выделить всё
[size=85]including dictionary file /etc/freeradius/dictionary
main {
prefix = "/usr"
localstatedir = "/var"
logdir = "/var/log/freeradius"
libdir = "/usr/lib/freeradius"
radacctdir = "/var/log/freeradius/radacct"
hostname_lookups = no
max_request_time = 30
cleanup_delay = 5
max_requests = 1024
allow_core_dumps = no
pidfile = "/var/run/freeradius/freeradius.pid"
checkrad = "/usr/sbin/checkrad"
debug_level = 0
proxy_requests = yes
log {
stripped_names = no
auth = no
auth_badpass = no
auth_goodpass = no
}
security {
max_attributes = 200
reject_delay = 1
status_server = yes
}
}
client localhost {
require_message_authenticator = no
secret = "radsecret"
shortname = "shortname"
}
client 192.168.222.129 {
require_message_authenticator = no
secret = "radsecret"
shortname = "shortname"
}
radiusd: #### Loading Realms and Home Servers ####
proxy server {
retry_delay = 5
retry_count = 3
default_fallback = no
dead_time = 120
wake_all_if_all_dead = no
}
home_server localhost {
ipaddr = 127.0.0.1
port = 1812
type = "auth"
secret = "testing123"
response_window = 20
max_outstanding = 65536
zombie_period = 40
status_check = "status-server"
ping_interval = 30
check_interval = 30
num_answers_to_alive = 3
num_pings_to_alive = 3
revive_interval = 120
status_check_timeout = 4
}
home_server_pool my_auth_failover {
type = fail-over
home_server = localhost
}
realm example.com {
auth_pool = my_auth_failover
}
realm LOCAL {
}
radiusd: #### Instantiating modules ####
instantiate {
Module: Linked to module rlm_exec
Module: Instantiating exec
exec {
wait = yes
input_pairs = "request"
output_pairs = "reply"
shell_escape = yes
}
Module: Linked to module rlm_expr
Module: Instantiating expr
Module: Linked to module rlm_expiration
Module: Instantiating expiration
expiration {
reply-message = "Password Has Expired "
}
Module: Linked to module rlm_logintime
Module: Instantiating logintime
logintime {
reply-message = "You are calling outside your allowed timespan "
minimum-timeout = 60
}
}
radiusd: #### Loading Virtual Servers ####
server inner-tunnel {
modules {
Module: Checking authenticate {...} for more modules to load
Module: Linked to module rlm_pap
Module: Instantiating pap
pap {
encryption_scheme = "auto"
auto_header = no
}
Module: Linked to module rlm_chap
Module: Instantiating chap
Module: Linked to module rlm_mschap
Module: Instantiating mschap
mschap {
use_mppe = no
require_encryption = no
require_strong = yes
with_ntdomain_hack = no
}
Module: Linked to module rlm_unix
Module: Instantiating unix
unix {
radwtmp = "/var/log/freeradius/radwtmp"
}
Module: Linked to module rlm_eap
Module: Instantiating eap
eap {
default_eap_type = "md5"
timer_expire = 60
ignore_unknown_eap_types = no
cisco_accounting_username_bug = no
max_sessions = 2048
}
Module: Linked to sub-module rlm_eap_md5
Module: Instantiating eap-md5
Module: Linked to sub-module rlm_eap_leap
Module: Instantiating eap-leap
Module: Linked to sub-module rlm_eap_gtc
Module: Instantiating eap-gtc
gtc {
challenge = "Password: "
auth_type = "PAP"
}
Ignoring EAP-Type/tls because we do not have OpenSSL support.
Ignoring EAP-Type/ttls because we do not have OpenSSL support.
Ignoring EAP-Type/peap because we do not have OpenSSL support.
Module: Linked to sub-module rlm_eap_mschapv2
Module: Instantiating eap-mschapv2
mschapv2 {
with_ntdomain_hack = no
}
Module: Checking authorize {...} for more modules to load
Module: Linked to module rlm_realm
Module: Instantiating suffix
realm suffix {
format = "suffix"
delimiter = "@"
ignore_default = no
ignore_null = no
}
Module: Linked to module rlm_files
Module: Instantiating files
files {
usersfile = "/etc/freeradius/users"
acctusersfile = "/etc/freeradius/acct_users"
preproxy_usersfile = "/etc/freeradius/preproxy_users"
compat = "no"
}
Module: Checking session {...} for more modules to load
Module: Linked to module rlm_radutmp
Module: Instantiating radutmp
radutmp {
filename = "/var/log/freeradius/radutmp"
username = "%{User-Name}"
case_sensitive = yes
check_with_nas = yes
perm = 384
callerid = yes
}
Module: Checking post-proxy {...} for more modules to load
Module: Checking post-auth {...} for more modules to load
Module: Linked to module rlm_attr_filter
Module: Instantiating attr_filter.access_reject
attr_filter attr_filter.access_reject {
attrsfile = "/etc/freeradius/attrs.access_reject"
key = "%{User-Name}"
}
}
}
modules {
Module: Checking authenticate {...} for more modules to load
Module: Checking authorize {...} for more modules to load
Module: Linked to module rlm_preprocess
Module: Instantiating preprocess
preprocess {
huntgroups = "/etc/freeradius/huntgroups"
hints = "/etc/freeradius/hints"
with_ascend_hack = no
ascend_channels_per_line = 23
with_ntdomain_hack = no
with_specialix_jetstream_hack = no
with_cisco_vsa_hack = no
with_alvarion_vsa_hack = no
}
Module: Instantiating abills_preauth
exec abills_preauth {
wait = yes
program = "/usr/abills/libexec/rauth.pl pre_auth"
input_pairs = "request"
output_pairs = "config"
shell_escape = yes
}
Module: Instantiating abills_auth
exec abills_auth {
wait = yes
program = "/usr/abills/libexec/rauth.pl"
input_pairs = "request"
output_pairs = "reply"
shell_escape = yes
}
Module: Checking preacct {...} for more modules to load
Module: Instantiating abills_acc
exec abills_acc {
wait = yes
program = "/usr/abills/libexec/racct.pl"
input_pairs = "request"
output_pairs = "reply"
shell_escape = yes
}
Module: Checking accounting {...} for more modules to load
Module: Instantiating attr_filter.accounting_response
attr_filter attr_filter.accounting_response {
attrsfile = "/etc/freeradius/attrs.accounting_response"
key = "%{User-Name}"
}
Module: Checking session {...} for more modules to load
Module: Checking post-auth {...} for more modules to load
Module: Instantiating abills_postauth
exec abills_postauth {
wait = yes
program = "/usr/abills/libexec/rauth.pl post_auth"
input_pairs = "request"
output_pairs = "config"
shell_escape = yes
}
}
radiusd: #### Opening IP addresses and Ports ####
listen {
type = "auth"
ipaddr = *
port = 0
}
listen {
type = "acct"
ipaddr = *
port = 0
}
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on proxy address * port 1814
Ready to process requests.
rad_recv: Access-Request packet from host 127.0.0.1 port 52960, id=103, length=132
Service-Type = Framed-User
Framed-Protocol = PPP
User-Name = "test"
MS-CHAP-Challenge = 0xcfb6915bc157c530ee006617223c99be
MS-CHAP2-Response = 0x1b0046e7a1062452936db1010121dbf067150000000000000000aee43289289dfafaa6ecb343e1791345bb5d73c2b507f258
NAS-IP-Address = 127.0.0.1
NAS-Port = 0
+- entering group authorize {...}
++[preprocess] returns ok
Exec-Program output: Cleartext-Password := "password"
Exec-Program-Wait: value-pairs: Cleartext-Password := "password"
Exec-Program: returned: 0
++[abills_preauth] returns ok
[mschap] Found MS-CHAP attributes. Setting 'Auth-Type = mschap'
++[mschap] returns ok
[files] users: Matched entry DEFAULT at line 2
++[files] returns ok
Exec-Program output: Session-Timeout = 1075728, Session-Octets-Limit = 2146435072, PPPD-Downstream-Speed-Limit = 128, Acct-Interim-Interval = 60, PPPD-Upstream-Speed-Limit = 128, Octets-Direction = 1, Framed-IP-Address = 10.20.20.149, Framed-IP-Netmask = 255.255.255.255,
Exec-Program-Wait: value-pairs: Session-Timeout = 1075728, Session-Octets-Limit = 2146435072, PPPD-Downstream-Speed-Limit = 128, Acct-Interim-Interval = 60, PPPD-Upstream-Speed-Limit = 128, Octets-Direction = 1, Framed-IP-Address = 10.20.20.149, Framed-IP-Netmask = 255.255.255.255,
Exec-Program: returned: 0
++[abills_auth] returns ok
Found Auth-Type = MSCHAP
+- entering group MS-CHAP {...}
[mschap] Told to do MS-CHAPv2 for test with NT-Password
++[mschap] returns ok
+- entering group post-auth {...}
++[exec] returns noop
Sending Access-Accept of id 103 to 127.0.0.1 port 52960
Session-Timeout = 1075728
Session-Octets-Limit = 2146435072
PPPD-Downstream-Speed-Limit = 128
Acct-Interim-Interval = 60
PPPD-Upstream-Speed-Limit = 128
Octets-Direction = Route-IP-Yes
Framed-IP-Address = 10.20.20.149
Framed-IP-Netmask = 255.255.255.255
MS-CHAP2-Success = 0x1b533d46383337304243464534353242313246373233433743433242413536344344393636443342413641
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Accounting-Request packet from host 127.0.0.1 port 45291, id=104, length=96
Acct-Session-Id = "4A1285C1132400"
User-Name = "test"
Acct-Status-Type = Start
Service-Type = Framed-User
Framed-Protocol = PPP
Acct-Authentic = RADIUS
NAS-Port-Type = Async
Framed-IP-Address = 10.20.20.149
NAS-IP-Address = 127.0.0.1
NAS-Port = 0
Acct-Delay-Time = 0
+- entering group preacct {...}
++[preprocess] returns ok
Exec-Program output:
Exec-Program: returned: 0
++[abills_acc] returns ok
+- entering group accounting {...}
++[unix] returns ok
expand: /var/log/freeradius/radutmp -> /var/log/freeradius/radutmp
expand: %{User-Name} -> test
++[radutmp] returns ok
expand: %{User-Name} -> test
attr_filter: Matched entry DEFAULT at line 12
++[attr_filter.accounting_response] returns updated
Sending Accounting-Response of id 104 to 127.0.0.1 port 45291
Finished request 1.
Cleaning up request 1 ID 104 with timestamp +11
Going to the next request
Waking up in 3.8 seconds.
Cleaning up request 0 ID 103 with timestamp +9
Ready to process requests.[/size]
-
Xramovnik
- Сообщения: 98
- Зарегистрирован: Сб апр 12, 2008 7:18 am
- Откуда: Ставропольский край
- Контактная информация:
Re: freeradius2
Не проходит pre_auth, не получает mschap атрибуты.... Такое ощущение что вобще этой секции в конфигах нет
@Tiger
Можно поделиться готовыми конфигами для второй ветки радиуса? Целиком папку /etc/freeradius и /etc/radiusclient?
Если кого интересует могу выложить конфиги для радиуса первой ветки. Все работает просто замечательно.
Может попробовать снести второй радиус и поставить первый?
@Tiger
Можно поделиться готовыми конфигами для второй ветки радиуса? Целиком папку /etc/freeradius и /etc/radiusclient?
Если кого интересует могу выложить конфиги для радиуса первой ветки. Все работает просто замечательно.
Может попробовать снести второй радиус и поставить первый?
Слишком гадкий чтобы жить, слишком редкий чтобы сдохнуть...
Re: freeradius2
Конечно поделюсь. Первый у меня уже около года работает без проблем на убунту 7.10. После подъема второй машине на 8.10 и начал заморачиваться с радиусом2. Попробовал ставить 1й и сырцов, но он там тянет кучу зависимостей...и я понял что проще настроить 2й чем мучаться с 1м.Xramovnik писал(а):Не проходит pre_auth, не получает mschap атрибуты.... Такое ощущение что вобще этой секции в конфигах нет
@Tiger
Можно поделиться готовыми конфигами для второй ветки радиуса? Целиком папку /etc/freeradius и /etc/radiusclient?
Если кого интересует могу выложить конфиги для радиуса первой ветки. Все работает просто замечательно.
Может попробовать снести второй радиус и поставить первый?
- Вложения
-
- radius.ZIP
- радиус клиент + раудиус сервер2 + pptpd.conf
- (138.51 КБ) 868 скачиваний
-
Xramovnik
- Сообщения: 98
- Зарегистрирован: Сб апр 12, 2008 7:18 am
- Откуда: Ставропольский край
- Контактная информация:
Re: freeradius2
Спасибо за конфиги, но вот что на сей раз:
Теперь ему пароли не нравятся...
Код: Выделить всё
...
Module: Linked to sub-module rlm_eap_mschapv2
Module: Instantiating eap-mschapv2
mschapv2 {
with_ntdomain_hack = no
}
Module: Checking authorize {...} for more modules to load
Module: Linked to module rlm_realm
Module: Instantiating suffix
realm suffix {
format = "suffix"
delimiter = "@"
ignore_default = no
ignore_null = no
}
Module: Linked to module rlm_files
Module: Instantiating files
files {
usersfile = "/etc/freeradius/users"
acctusersfile = "/etc/freeradius/acct_users"
preproxy_usersfile = "/etc/freeradius/preproxy_users"
compat = "no"
}
Module: Checking session {...} for more modules to load
Module: Linked to module rlm_radutmp
Module: Instantiating radutmp
radutmp {
filename = "/var/log/freeradius/radutmp"
username = "%{User-Name}"
case_sensitive = yes
check_with_nas = yes
perm = 384
callerid = yes
}
Module: Checking post-proxy {...} for more modules to load
Module: Checking post-auth {...} for more modules to load
Module: Linked to module rlm_attr_filter
Module: Instantiating attr_filter.access_reject
attr_filter attr_filter.access_reject {
attrsfile = "/etc/freeradius/attrs.access_reject"
key = "%{User-Name}"
}
}
}
server {
modules {
Module: Checking authenticate {...} for more modules to load
Module: Checking authorize {...} for more modules to load
Module: Linked to module rlm_preprocess
Module: Instantiating preprocess
preprocess {
huntgroups = "/etc/freeradius/huntgroups"
hints = "/etc/freeradius/hints"
with_ascend_hack = no
ascend_channels_per_line = 23
with_ntdomain_hack = no
with_specialix_jetstream_hack = no
with_cisco_vsa_hack = no
with_alvarion_vsa_hack = no
}
Module: Instantiating abills_preauth
exec abills_preauth {
wait = yes
program = "/usr/abills/libexec/rauth.pl pre_auth"
input_pairs = "request"
output_pairs = "config"
shell_escape = yes
}
Module: Instantiating abills_auth
exec abills_auth {
wait = yes
program = "/usr/abills/libexec/rauth.pl"
input_pairs = "request"
output_pairs = "reply"
shell_escape = yes
}
Module: Checking preacct {...} for more modules to load
Module: Instantiating abills_acc
exec abills_acc {
wait = yes
program = "/usr/abills/libexec/racct.pl"
input_pairs = "request"
output_pairs = "reply"
shell_escape = yes
}
Module: Checking accounting {...} for more modules to load
Module: Instantiating attr_filter.accounting_response
attr_filter attr_filter.accounting_response {
attrsfile = "/etc/freeradius/attrs.accounting_response"
key = "%{User-Name}"
}
Module: Checking session {...} for more modules to load
Module: Checking post-auth {...} for more modules to load
Module: Instantiating abills_postauth
exec abills_postauth {
wait = yes
program = "/usr/abills/libexec/rauth.pl post_auth"
input_pairs = "request"
output_pairs = "config"
shell_escape = yes
}
}
}
radiusd: #### Opening IP addresses and Ports ####
listen {
type = "auth"
ipaddr = *
port = 0
}
listen {
type = "acct"
ipaddr = *
port = 0
}
main {
snmp = no
smux_password = ""
snmp_write_access = no
}
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on proxy address * port 1814
Ready to process requests.
rad_recv: Access-Request packet from host 127.0.0.1 port 36612, id=168, length=131
Service-Type = Framed-User
Framed-Protocol = PPP
User-Name = "204"
MS-CHAP-Challenge = 0xdf3aeaaa5904fec484d43d612c379e0e
MS-CHAP2-Response = 0x470062ed51525f3c9825f831620bbd9dba840000000000000000707ff312fa481045694baa1c7351ff6d6b78a4ef1bdb44aa
NAS-IP-Address = 127.0.0.1
NAS-Port = 0
+- entering group authorize
++[preprocess] returns ok
Exec-Program output: User-Password == "204"
Exec-Program-Wait: value-pairs: User-Password == "204"
Exec-Program: returned: 0
++[abills_preauth] returns ok
rlm_mschap: Found MS-CHAP attributes. Setting 'Auth-Type = mschap'
++[mschap] returns ok
users: Matched entry DEFAULT at line 2
++[files] returns ok
Exec-Program output: Acct-Interim-Interval = 60, Session-Timeout = 27947, PPPD-Upstream-Speed-Limit = 0, Octets-Direction = 1, Framed-IP-Address = 172.30.2.29, Session-Octets-Limit = 52428800, Framed-IP-Netmask = 255.255.255.255, PPPD-Downstream-Speed-Limit = 0,
Exec-Program-Wait: value-pairs: Acct-Interim-Interval = 60, Session-Timeout = 27947, PPPD-Upstream-Speed-Limit = 0, Octets-Direction = 1, Framed-IP-Address = 172.30.2.29, Session-Octets-Limit = 52428800, Framed-IP-Netmask = 255.255.255.255, PPPD-Downstream-Speed-Limit = 0,
Exec-Program: returned: 0
++[abills_auth] returns ok
rad_check_password: Found Auth-Type mschap
auth: type "MSCHAP"
+- entering group MS-CHAP
rlm_mschap: No Cleartext-Password configured. Cannot create LM-Password.
rlm_mschap: No Cleartext-Password configured. Cannot create NT-Password.
rlm_mschap: Told to do MS-CHAPv2 for 204 with NT-Password
rlm_mschap: FAILED: No NT/LM-Password. Cannot perform authentication.
rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
++[mschap] returns reject
auth: Failed to validate the user.
Login incorrect: [204/<via Auth-Type = mschap>] (from client shortname port 0)
Found Post-Auth-Type Reject
+- entering group REJECT
Exec-Program output:
Exec-Program: returned: 0
++[abills_postauth] returns ok
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.4 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 168 to 127.0.0.1 port 36612
Acct-Interim-Interval = 60
Session-Timeout = 27947
PPPD-Upstream-Speed-Limit = Bridge-No
Octets-Direction = Route-IP-Yes
Framed-IP-Address = 172.30.2.29
Session-Octets-Limit = 52428800
Framed-IP-Netmask = 255.255.255.255
PPPD-Downstream-Speed-Limit = Send-Auth-None
MS-CHAP-Error = "GE=691 R=1"
Waking up in 4.9 seconds.
Cleaning up request 0 ID 168 with timestamp +7
Ready to process requests.
Слишком гадкий чтобы жить, слишком редкий чтобы сдохнуть...
Re: freeradius2
Первое что пришло в голову. Вот это делал?
Код: Выделить всё
Perl modules
Для работы системы нужны модули.
DBI
DBD::mysql
Digest-MD5 для Chap авторизации
Digest-MD4 для MS-Chap авторизации
Crypt-DES для MS-Chap авторизации
Digest-SHA1 для MS-ChapV2 авторизации
libnet Нужен только при авторизации из UNIX passwd
Time-HiRes Нужен только для тестирования скорости выполнения авторизации,
акаунтинга, и страниц веб интерфейса.
DB_File
Все модули, кроме DBI есть в rpm-ax.
Установить модуль perl-devel-5.8.8-7mdv2007.0.i586.rpm
Установить модули Perl-DBD-mysql-3.0006-2mdv2007.rpm и Perl-DB_File-1.814-1mdk.rpm
Очень удобно эти модули загрузить с сайта | www.cpan.org или установка с консоли. Вот способ установки:
# cd /root
# perl -MCPAN -e shell
o conf prerequisites_policy ask
install DBI
install Digest::MD5
install Digest::MD4
install Crypt::DES
install Digest::SHA1
install Bundle::libnet
install Time::HiRes
quit
-
Xramovnik
- Сообщения: 98
- Зарегистрирован: Сб апр 12, 2008 7:18 am
- Откуда: Ставропольский край
- Контактная информация:
Re: freeradius2
Вот так делал:
Самое интересное, снес второй радиус, поставил первый, матюкается так:
Хотя в 4м дебе на этой же версии радиуса и этих же конфигах все пашет!
Код: Выделить всё
apt-get install freeradius radiusclient1 libmd5-perl libdigest-md4-perl libcrypt-des-perl libdigest-sha1-perl apache2 libapache2-mod-php5 libapache2-mod-log-sql-sslКод: Выделить всё
freeradius -Xf
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file: /etc/freeradius/proxy.conf
Config: including file: /etc/freeradius/clients.conf
Config: including file: /etc/freeradius/snmp.conf
Config: including file: /etc/freeradius/eap.conf
Config: including file: /etc/freeradius/sql.conf
main: prefix = "/usr"
main: localstatedir = "/var"
main: logdir = "/var/log/freeradius"
main: libdir = "/usr/lib/freeradius"
main: radacctdir = "/var/log/freeradius/radacct"
main: hostname_lookups = no
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 1024
main: delete_blocked_requests = 0
main: port = 0
main: allow_core_dumps = no
main: log_stripped_names = no
main: log_file = "/var/log/freeradius/radius.log"
main: log_auth = no
main: log_auth_badpass = no
main: log_auth_goodpass = no
main: pidfile = "/var/run/freeradius/freeradius.pid"
main: user = "freerad"
main: group = "freerad"
main: usercollide = no
main: lower_user = "no"
main: lower_pass = "no"
main: nospace_user = "no"
main: nospace_pass = "no"
main: checkrad = "/usr/sbin/checkrad"
main: proxy_requests = yes
proxy: retry_delay = 5
proxy: retry_count = 3
proxy: synchronous = no
proxy: default_fallback = yes
proxy: dead_time = 120
proxy: post_proxy_authorize = no
proxy: wake_all_if_all_dead = no
security: max_attributes = 200
security: reject_delay = 1
security: status_server = no
main: debug_level = 0
read_config_files: reading dictionary
read_config_files: reading naslist
Using deprecated naslist file. Support for this will go away soon.
read_config_files: reading clients
read_config_files: reading realms
radiusd: entering modules setup
Module: Library search path is /usr/lib/freeradius
Module: Loaded exec
exec: wait = yes
exec: program = "(null)"
exec: input_pairs = "request"
exec: output_pairs = "(null)"
exec: packet_type = "(null)"
rlm_exec: Wait=yes but no output defined. Did you mean output=none?
Module: Instantiated exec (exec)
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded PAP
pap: encryption_scheme = "crypt"
Module: Instantiated pap (pap)
Module: Loaded CHAP
Module: Instantiated chap (chap)
Module: Loaded MS-CHAP
mschap: use_mppe = yes
mschap: require_encryption = no
mschap: require_strong = no
mschap: with_ntdomain_hack = no
mschap: passwd = "(null)"
mschap: ntlm_auth = "(null)"
Module: Instantiated mschap (mschap)
Module: Loaded System
unix: cache = no
unix: passwd = "(null)"
unix: shadow = "/etc/shadow"
unix: group = "(null)"
unix: radwtmp = "/var/log/freeradius/radwtmp"
unix: usegroup = no
unix: cache_reload = 600
Module: Instantiated unix (unix)
Module: Loaded eap
eap: default_eap_type = "md5"
eap: timer_expire = 60
eap: ignore_unknown_eap_types = no
eap: cisco_accounting_username_bug = no
rlm_eap: Loaded and initialized type md5
rlm_eap: Loaded and initialized type leap
gtc: challenge = "Password: "
gtc: auth_type = "PAP"
rlm_eap: Loaded and initialized type gtc
mschapv2: with_ntdomain_hack = no
rlm_eap: Loaded and initialized type mschapv2
Module: Instantiated eap (eap)
Module: Loaded preprocess
preprocess: huntgroups = "/etc/freeradius/huntgroups"
preprocess: hints = "/etc/freeradius/hints"
preprocess: with_ascend_hack = no
preprocess: ascend_channels_per_line = 23
preprocess: with_ntdomain_hack = no
preprocess: with_specialix_jetstream_hack = no
preprocess: with_cisco_vsa_hack = no
preprocess: with_alvarion_vsa_hack = no
rlm_preprocess: Error reading /etc/freeradius/huntgroups
radiusd.conf[127]: preprocess: Module instantiation failed.
radiusd.conf[240] Unknown module "preprocess".
radiusd.conf[239] Failed to parse authorize section.
Слишком гадкий чтобы жить, слишком редкий чтобы сдохнуть...
Re: freeradius2
хм, я делал по методу
# cd /root
# perl -MCPAN -e shell
o conf prerequisites_policy ask
install DBI
install Digest::MD5
install Digest::MD4
install Crypt::DES
install Digest::SHA1
install Bundle::libnet
install Time::HiRes
quit
Re: freeradius2
та не, проблема мабуть в этом:
вощем Auth.pm править нада... в sub pre_auth заменить строчкуна строчкуи будет тебе щастье 
если мне не изменяет мой склероз, то в радиус2 "User-Password ==" больше не поддерживается. Вместо этого должно быть кажется "Cleartext-Password :="Exec-Program output: User-Password == "204"
вощем Auth.pm править нада... в sub pre_auth заменить строчку
Код: Выделить всё
print "User-Password == \"$password\"";
Код: Выделить всё
print "Cleartext-Password := \"$password\""; Любой тупик - это тщательно замаскированный выход.