Помогите разрбраться

Fogi · Сообщение **Fogi** » Ср окт 25, 2006 8:45 am

Настраиваю авторизацию через CHAP, она не проходит.

Логи:

Cleaning up request 0 ID 116 with timestamp 453eb238
Nothing to do.  Sleeping until we see a request.
rad_recv: Access-Request packet from host 127.0.0.1:1024, id=117, length=83
	Service-Type = Framed-User
	Framed-Protocol = PPP
	User-Name = "fogi"
	CHAP-Password = 0xff11c95d29ac9520be7cd49a2855cf0406
	Calling-Station-Id = "192.168.1.50"
	NAS-IP-Address = 192.168.1.1
	NAS-Port = 0
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
radius_xlat:  '/usr/abills/libexec/rauth.pl pre_auth'
Exec-Program: /usr/abills/libexec/rauth.pl pre_auth
Exec-Program output: Auth-Type := Accept 
Exec-Program-Wait: value-pairs: Auth-Type := Accept
Exec-Program: returned: 0
  modcall[authorize]: module "pre_auth" returns ok for request 1
  modcall[authorize]: module "preprocess" returns ok for request 1
  rlm_chap: WARNING: Auth-Type already set.  Not setting to CHAP
  modcall[authorize]: module "chap" returns noop for request 1
  modcall[authorize]: module "mschap" returns noop for request 1
    rlm_realm: No '@' in User-Name = "fogi", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 1
    users: Matched entry DEFAULT at line 156
  modcall[authorize]: module "files" returns ok for request 1
modcall: leaving group authorize (returns ok) for request 1
  rad_check_password:  Found Auth-Type Accept
  rad_check_password: Auth-Type = Accept, accepting the user
radius_xlat:  '/usr/abills/libexec/rauth.pl'
Exec-Program: /usr/abills/libexec/rauth.pl
Exec-Program output: Reply-Message = "Wrong CHAP password 'wCsh97wX'" 
Exec-Program-Wait: value-pairs: Reply-Message = "Wrong CHAP password 'wCsh97wX'"
Exec-Program: returned: 1
Login incorrect (external check said so): [fogi/<CHAP-Password>] (from client shortname port 0 cli 192.168.1.50)
  Found Post-Auth-Type 
  Processing the post-auth section of radiusd.conf
modcall: entering group REJECT for request 1
radius_xlat:  '/usr/abills/libexec/rauth.pl post_auth'
Exec-Program: /usr/abills/libexec/rauth.pl post_auth
Exec-Program output: 
Exec-Program: returned: 0
  modcall[post-auth]: module "post_auth" returns ok for request 1
modcall: leaving group REJECT (returns ok) for request 1
Delaying request 1 for 1 seconds
Finished request 1
Going to the next request
--- Walking the entire request list ---

Попробовал настоить авторизацию через MSCHAP-V2, аунтификация вроде бы проходит, но клиент соединится все равно не может, вылетает ошибка - мол неправельный логин/пароль

Логи:

Код: Выделить всё

Listening on authentication *:1812
Listening on accounting *:1813
Ready to process requests.
rad_recv: Access-Request packet from host 127.0.0.1:1025, id=127, length=64
        Service-Type = Framed-User
        Framed-Protocol = PPP
        User-Name = "fogi"
        Calling-Station-Id = "192.168.1.50"
        NAS-IP-Address = 192.168.1.1
        NAS-Port = 0
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
radius_xlat:  '/usr/abills/libexec/rauth.pl pre_auth'
Exec-Program: /usr/abills/libexec/rauth.pl pre_auth
Exec-Program output: Auth-Type := Accept
Exec-Program-Wait: value-pairs: Auth-Type := Accept
Exec-Program: returned: 0
  modcall[authorize]: module "pre_auth" returns ok for request 0
  modcall[authorize]: module "preprocess" returns ok for request 0
  modcall[authorize]: module "chap" returns noop for request 0
  modcall[authorize]: module "mschap" returns noop for request 0
    rlm_realm: No '@' in User-Name = "fogi", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 0
    users: Matched entry DEFAULT at line 157
  modcall[authorize]: module "files" returns ok for request 0
modcall: leaving group authorize (returns ok) for request 0
  rad_check_password:  Found Auth-Type Accept
  rad_check_password: Auth-Type = Accept, accepting the user
radius_xlat:  '/usr/abills/libexec/rauth.pl'
Exec-Program: /usr/abills/libexec/rauth.pl
Exec-Program output: Session-Timeout = 65994, PPPD-Upstream-Speed-Limit = 0, Octets-Direction = 1, Session-Octets-Limit = 27262976, PPPD-Downstream-Speed-Limit = 0,
Exec-Program-Wait: plaintext: Session-Timeout = 65994, PPPD-Upstream-Speed-Limit = 0, Octets-Direction = 1, Session-Octets-Limit = 27262976, PPPD-Downstream-Speed-Limit = 0,
Exec-Program: returned: 0
Login OK: [fogi] (from client shortname port 0 cli 192.168.1.50)
Sending Access-Accept of id 127 to 127.0.0.1 port 1025
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 127 with timestamp 453ec071
Nothing to do.  Sleeping until we see a request.

Незнаю что и делать... Помогите пожалуста..

И еше, при соединении с сервером постоянно вылетает ошибка 'Замыкание на себя' при этом радиус молчит.. такое ощущение что запросы до него не доходят.

Andron · Чт ноя 02, 2006 1:23 pm

Такая же проблема

Система

ABills - 0.34 и 0.35 с CVS

ядро 2.4.33.3 + mppe патч (пробовал на старом 2.6 без патча но с mppe тоже самое)

pppd пробовал 2.4.4 и 2.4.3 также патчиные
pptpd 1.2.3
FreeRadius 1.1.3 (пробовал и 1.1.0)

есть просто без радиуса то всё чудесно работает
со всеми видами шифрования и компрессией на 2.4.33.3

А вот если радиус цеплять в связку то клиент получает ответ неверный пароль это при MSCHAP-V2

Если же просто MSCHAP то клиент подключается если имя такое есть в базе, но на пароль не обращает внимание пускает с любым