Проблема c Acct-Interim-Interval
Проблема c Acct-Interim-Interval
Доброго дня суток! Столкнулся с проблемой Acct-Interim-Interval. Значение установлено 60. Через 6 минут пользователь в мониторе уходит в zap и потом вообще исчезает. То есть пользователь имеет подключение, у него есть интернет. Но в админке в мониторе его нет. Соответствено встает проблема одновременных подключений. Через минут 10 после подключения пользователя, можно подключиться с его логином и паролем. Насколько я понимаю клиентом не передаются alive пакеты. Если я прав, подскажите пожалуста где копать? Abills - 0.40b, freeadius -2.1, pptpd, ubuntu...
1. если она есть в настройках нас - она будет действовать на весь насВ настройках NAS сервера в окошке RADIUS Parameters эта строчка есть, также я ее добавил и в настройках тарифного плана. NiTr0 я тебя правильно понял, ты это имел ввиду ?
2. если она есть в настройках тп - она будет действовать на конкретный тп
3. если будет стоять и там и там и тем более разные... затрудняюсь сказать что произойдёт
4. ты правильно понял NiTr0
Любой тупик - это тщательно замаскированный выход.
это есть гуд, но сути проблемы это не изменило, Acct-Interim-Interval так и не передается клиенту. Я подозреваю что проблема в словарях freeradius client. Весь день мучился пробовал ставить другие, не получается. Может кто поделится рабочим словарем для второй версии.4. ты правильно понял NiTr0 Smile
вот тот кусок под 2йПавел писал(а):это есть гуд, но сути проблемы это не изменило, Acct-Interim-Interval так и не передается клиенту. Я подозреваю что проблема в словарях freeradius client. Весь день мучился пробовал ставить другие, не получается. Может кто поделится рабочим словарем для второй версии.4. ты правильно понял NiTr0 Smile
ATTRIBUTE Acct-Interim-Interval 85 integer
ATTRIBUTE Session-Octets-Limit 227 integer
ATTRIBUTE Octets-Direction 228 integer
ATTRIBUTE PPPD-Upstream-Speed-Limit 230 integer
ATTRIBUTE PPPD-Downstream-Speed-Limit 231 integer
ATTRIBUTE PPPD-Upstream-Speed-Limit-1 232 integer
ATTRIBUTE PPPD-Downstream-Speed-Limit-1 233 integer
ATTRIBUTE PPPD-Upstream-Speed-Limit-2 234 integer
ATTRIBUTE PPPD-Downstream-Speed-Limit-2 235 integer
ATTRIBUTE PPPD-Upstream-Speed-Limit-3 236 integer
ATTRIBUTE PPPD-Downstream-Speed-Limit-3 237 integer
INCLUDE /etc/radiusclient/dictionary.microsoft
ПС. не забывай использовать табуляцию вместо пробелов!
to NiTr0
это вывод при подключении клиента, как то странно вывод двойной одного и того же.
to Tiger
radiusd -X - что передается?
Код: Выделить всё
rad_recv: Access-Request packet from host 127.0.0.1 port 46838, id=165, length=149
Service-Type = Framed-User
Framed-Protocol = PPP
User-Name = "testing"
MS-CHAP-Challenge = 0x9aa1173b41d25b3e9a21dd7b33338036
MS-CHAP2-Response = 0xd30064cca1574d91e10d919b2d3c8bf1aa5700000000000000005853b1d7f3e60d71d110c0088d1483ec309d3ead2c15359b
Calling-Station-Id = "172.20.19.18"
NAS-IP-Address = 127.0.0.1
NAS-Port = 1
+- entering group authorize {...}
++[preprocess] returns ok
Exec-Program output: Cleartext-Password := "testing"
Exec-Program-Wait: value-pairs: Cleartext-Password := "testing"
Exec-Program: returned: 0
++[abills_preauth] returns ok
Exec-Program output: Session-Timeout = 2380542, Session-Octets-Limit = 52428800, PPPD-Downstream-Speed-Limit = 128, Acct-Interim-Interval = 120, PPPD-Upstream-Speed-Limit = 64, Octets-Direction = 1, Framed-IP-Address = 192.168.23.95, Framed-IP-Netmask = 255.255.255.255,
Exec-Program-Wait: plaintext: Session-Timeout = 2380542, Session-Octets-Limit = 52428800, PPPD-Downstream-Speed-Limit = 128, Acct-Interim-Interval = 120, PPPD-Upstream-Speed-Limit = 64, Octets-Direction = 1, Framed-IP-Address = 192.168.23.95, Framed-IP-Netmask = 255.255.255.255,
Exec-Program: returned: 0
++[abills_auth] returns ok
[mschap] Found MS-CHAP attributes. Setting 'Auth-Type = mschap'
++[mschap] returns ok
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
[files] users: Matched entry DEFAULT at line 177
++[files] returns ok
Found Auth-Type = MSCHAP
+- entering group MS-CHAP {...}
[mschap] Told to do MS-CHAPv2 for testing with NT-Password
[mschap] adding MS-CHAPv2 MPPE keys
++[mschap] returns ok
+- entering group post-auth {...}
[main_pool] expand: %{NAS-IP-Address} %{NAS-Port} -> 127.0.0.1 1
[main_pool] MD5 on 'key' directive maps to: f849b6f8eb5ec8e9bfc2dacdc65790cb
[main_pool] Searching for an entry for key: 'f849b6f8eb5ec8e9bfc2dacdc65790cb'
[main_pool] Found a stale entry for ip: 192.168.26.85
[main_pool] num: 0
rlm_ippool: Allocating ip to key: 'f849b6f8eb5ec8e9bfc2dacdc65790cb'
[main_pool] num: 1
[main_pool] Allocated ip 192.168.8.24 to client key: f849b6f8eb5ec8e9bfc2dacdc65790cb
++[main_pool] returns ok
++[exec] returns noop
Sending Access-Accept of id 165 to 127.0.0.1 port 46838
Service-Type = Framed-User
Framed-Protocol = PPP
Idle-Timeout = 600
Framed-Compression = Van-Jacobson-TCP-IP
MS-CHAP2-Success = 0xd3533d34383436423030414139393332444236373635454139373335383045354132313538424330333037
MS-MPPE-Recv-Key = 0x3ffc9306e657388536745d7e55d99a75
MS-MPPE-Send-Key = 0x60f8708c287da6be379f07868257ec4b
MS-MPPE-Encryption-Policy = 0x00000002
MS-MPPE-Encryption-Types = 0x00000004
Framed-IP-Address = 192.168.8.24
Framed-IP-Netmask = 255.255.0.0
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Accounting-Request packet from host 127.0.0.1 port 46678, id=166, length=113
Acct-Session-Id = "49FE80B41B7700"
User-Name = "testing"
Acct-Status-Type = Start
Service-Type = Framed-User
Framed-Protocol = PPP
Calling-Station-Id = "172.20.19.18"
Acct-Authentic = RADIUS
NAS-Port-Type = Async
Framed-IP-Address = 192.168.8.24
NAS-IP-Address = 127.0.0.1
NAS-Port = 1
Acct-Delay-Time = 0
+- entering group preacct {...}
++[preprocess] returns ok
Exec-Program output:
Exec-Program: returned: 0
++[abills_acc] returns ok
+- entering group accounting {...}
[detail] expand: /var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d -> /var/log/radius/radacct/127.0.0.1/detail-20090504
[detail] /var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/radius/radacct/127.0.0.1/detail-20090504
[detail] expand: %t -> Mon May 4 10:44:20 2009
++[detail] returns ok
++[unix] returns ok
[radutmp] expand: /var/log/radius/radutmp -> /var/log/radius/radutmp
[radutmp] expand: %{User-Name} -> testing
++[radutmp] returns ok
[attr_filter.accounting_response] expand: %{User-Name} -> testing
attr_filter: Matched entry DEFAULT at line 12
++[attr_filter.accounting_response] returns updated
Sending Accounting-Response of id 166 to 127.0.0.1 port 46678
Finished request 1.
Cleaning up request 1 ID 166 with timestamp +27
Going to the next request
Waking up in 3.0 seconds.
Cleaning up request 0 ID 165 with timestamp +24
Ready to process requests.to Tiger
да, это все у меня есть, на счет табуляции тоже в курсевот тот кусок под 2й
ATTRIBUTE Acct-Interim-Interval 85 integer
ATTRIBUTE Session-Octets-Limit 227 integer
ATTRIBUTE Octets-Direction 228 integer
ATTRIBUTE PPPD-Upstream-Speed-Limit 230 integer
ATTRIBUTE PPPD-Downstream-Speed-Limit 231 integer
ATTRIBUTE PPPD-Upstream-Speed-Limit-1 232 integer
ATTRIBUTE PPPD-Downstream-Speed-Limit-1 233 integer
ATTRIBUTE PPPD-Upstream-Speed-Limit-2 234 integer
ATTRIBUTE PPPD-Downstream-Speed-Limit-2 235 integer
ATTRIBUTE PPPD-Upstream-Speed-Limit-3 236 integer
ATTRIBUTE PPPD-Downstream-Speed-Limit-3 237 integer
INCLUDE /etc/radiusclient/dictionary.microsoft
ПС. не забывай использовать табуляцию вместо пробелов!
Снес второй радиус, поставил 1.1.7, вернулась старая проблема выдачи айпишников не из IPPOOLs, а радиусовских, а также проблема с Acct-Interim-Interval, радиус не передает его клиенту. Файл radattr.pppX стал у всех клиентов одинаковый, хотя айпишники получают разные:
а вывод radiusd -X следующий:
как лечить ?
Код: Выделить всё
Framed-IP-Address 255.255.255.254
Framed-MTU 576
Service-Type Framed-User
Framed-Protocol PPP
Framed-Compression Van-Jacobson-TCP-IP
MS-CHAP2-Success MS=796334B29B55D583AD77B16C518F4FF05F9BD40B
MS-MPPE-Recv-Key \204a`E}B\223yv\011\366\325z>>\210\241zw* \327\377\017\374\273+\302\274T<ND\360
MS-MPPE-Send-Key \212\025\212'\023\377p\256\341[\\252\213\324s\352;\375V)c\223o\320\236\002v\260\375\012-\252\213-
MS-MPPE-Encryption-Policy
MS-MPPE-Encryption-TypesКод: Выделить всё
rad_recv: Access-Request packet from host 127.0.0.1:40557, id=180, length=149
Service-Type = Framed-User
Framed-Protocol = PPP
User-Name = "testing"
MS-CHAP-Challenge = 0xd4a6b6b807b631432903173f52b5a4da
MS-CHAP2-Response = 0xb900b92ac0a15f74878a8db93166e628d5480000000000000000b1d601bc19dc0ce655b869eb65e193d72faa544281a7d656
Calling-Station-Id = "172.20.19.18"
NAS-IP-Address = 127.0.0.1
NAS-Port = 1
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
Exec-Program output: Cleartext-Password := "testing"
Exec-Program-Wait: value-pairs: Cleartext-Password := "testing"
Exec-Program: returned: 0
modcall[authorize]: module "pre_auth" returns ok for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
modcall[authorize]: module "chap" returns noop for request 0
rlm_mschap: Found MS-CHAP attributes. Setting 'Auth-Type = mschap'
modcall[authorize]: module "mschap" returns ok for request 0
rlm_realm: No '@' in User-Name = "testing", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 0
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module "eap" returns noop for request 0
users: Matched entry DEFAULT at line 153
users: Matched entry DEFAULT at line 172
users: Matched entry DEFAULT at line 184
modcall[authorize]: module "files" returns ok for request 0
rlm_pap: Found existing Auth-Type, not changing it.
modcall[authorize]: module "pap" returns noop for request 0
modcall: leaving group authorize (returns ok) for request 0
rad_check_password: Found Auth-Type MS-CHAP
auth: type "MS-CHAP"
Processing the authenticate section of radiusd.conf
modcall: entering group MS-CHAP for request 0
rlm_mschap: Told to do MS-CHAPv2 for testing with NT-Password
rlm_mschap: adding MS-CHAPv2 MPPE keys
modcall[authenticate]: module "mschap" returns ok for request 0
modcall: leaving group MS-CHAP (returns ok) for request 0
Sending Access-Accept of id 180 to 127.0.0.1 port 40557
Framed-IP-Address = 255.255.255.254
Framed-MTU = 576
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-Compression = Van-Jacobson-TCP-IP
MS-CHAP2-Success = 0xb9533d33353743354441443445424345433731393139454235324633453434424342353832304435363446
MS-MPPE-Recv-Key = 0xe3015a2f8e6b57086819b235fbef8928
MS-MPPE-Send-Key = 0x7f0bbe403f8ae288afa9d09199bb0023
MS-MPPE-Encryption-Policy = 0x00000002
MS-MPPE-Encryption-Types = 0x00000004
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Accounting-Request packet from host 127.0.0.1:46872, id=181, length=113
Acct-Session-Id = "49FEABAD40C700"
User-Name = "testing"
Acct-Status-Type = Start
Service-Type = Framed-User
Framed-Protocol = PPP
Calling-Station-Id = "172.20.19.18"
Acct-Authentic = RADIUS
NAS-Port-Type = Async
Framed-IP-Address = 192.168.1.1
NAS-IP-Address = 127.0.0.1
NAS-Port = 1
Acct-Delay-Time = 0
Processing the preacct section of radiusd.conf
modcall: entering group preacct for request 1
modcall[preacct]: module "preprocess" returns noop for request 1
rlm_acct_unique: Hashing 'NAS-Port = 1,Client-IP-Address = 127.0.0.1,NAS-IP-Address = 127.0.0.1,Acct-Session-Id = "49FEABAD40C700",User-Name = "testing"'
rlm_acct_unique: Acct-Unique-Session-ID = "17ab565e5501f9a8".
modcall[preacct]: module "acct_unique" returns ok for request 1
rlm_realm: No '@' in User-Name = "testing", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[preacct]: module "suffix" returns noop for request 1
acct_users: Matched entry DEFAULT at line 17
modcall[preacct]: module "files" returns ok for request 1
modcall: leaving group preacct (returns ok) for request 1
Processing the accounting section of radiusd.conf
modcall: entering group accounting for request 1
radius_xlat: '/usr/local/var/log/radius/radacct/127.0.0.1/detail-20090504'
rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/127.0.0.1/detail-20090504
modcall[accounting]: module "detail" returns ok for request 1
modcall[accounting]: module "unix" returns ok for request 1
radius_xlat: '/usr/local/var/log/radius/radutmp'
radius_xlat: 'testing'
modcall[accounting]: module "radutmp" returns ok for request 1
modcall: leaving group accounting (returns ok) for request 1
Exec-Program output:
Exec-Program: returned: 0
Sending Accounting-Response of id 181 to 127.0.0.1 port 46872
Finished request 1
Going to the next request
--- Walking the entire request list ---
Waking up in 3 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 180 with timestamp 49feabaa
Waking up in 3 seconds...
--- Walking the entire request list ---
Cleaning up request 1 ID 181 with timestamp 49feabad
Nothing to do. Sleeping until we see a request.Помогите пожалуйста разобраться, не могу найти момент когда абиллс передает параметры радиусу, потому как он передает все что нужно, а до клиента они не доходят:
в файле /var/run/radattr.ppX только
Код: Выделить всё
rad_recv: Access-Request packet from host 127.0.0.1:41413, id=221, length=145
Service-Type = Framed-User
Framed-Protocol = PPP
User-Name = "max"
MS-CHAP-Challenge = 0xfb1de595e4be5b4c3b4203b622979e77
MS-CHAP2-Response = 0x2c003baa443592251148afec0a3b1d9c301b0000000000000000611519529fe620ac73dc4c21312bd6f880770b1505440559
Calling-Station-Id = "172.20.19.18"
NAS-IP-Address = 127.0.0.1
NAS-Port = 0
Exec-Program-Wait: value-pairs: Cleartext-Password := "maxmax"
Exec-Program: returned: 0
Exec-Program-Wait: plaintext: Session-Timeout = 2278477, Session-Octets-Limit = 32505856, PPPD-Downstream-Speed-Limit = 64, Acct-Interim-Interval = 120, PPPD-Upstream-Speed-Limit = 64, Octets-Direction = 1, Framed-IP-Address = 192.168.38.125, Framed-IP-Netmask = 255.255.255.255,
Exec-Program: returned: 0
Sending Access-Accept of id 221 to 127.0.0.1 port 41413
MS-CHAP2-Success = 0x2c533d36333236324531414236394632463130344135373639303634323336393841453343444338374631
MS-MPPE-Recv-Key = 0x7bd95001eabb44d66db136d40bbfb134
MS-MPPE-Send-Key = 0xf30a716c2d7e6aa25863f340fdb9be0d
MS-MPPE-Encryption-Policy = 0x00000002
MS-MPPE-Encryption-Types = 0x00000004
rad_recv: Accounting-Request packet from host 127.0.0.1:40209, id=222, length=109
Acct-Session-Id = "4A000F654CF300"
User-Name = "max"
Acct-Status-Type = Start
Service-Type = Framed-User
Framed-Protocol = PPP
Calling-Station-Id = "172.20.19.18"
Acct-Authentic = RADIUS
NAS-Port-Type = Async
Framed-IP-Address = 192.168.1.1
NAS-IP-Address = 127.0.0.1
NAS-Port = 0
Acct-Delay-Time = 0
Exec-Program: returned: 0
Sending Accounting-Response of id 222 to 127.0.0.1 port 40209Код: Выделить всё
MS-CHAP2-Success ,S=63262E1AB69F2F104A576906423698AE3CDC87F1
MS-MPPE-Recv-Key \207\352\013\341{\002\327<\203\007\200Y\027Z?\021\022@\343\022_\026\250\234F\226Ny\272 r\335T?
MS-MPPE-Send-Key \213}^\037Y\210\323'\375\277\201\305\026\365\257^\212\001\372\227qF\267\240]\317|\341\013|\203\016\3002
MS-MPPE-Encryption-Policy
MS-MPPE-Encryption-TypesНичего он не передаёт. freeradius 2? viewtopic.php?p=17328#17328 и дальше по теме.
Поставил обратно freeradius2 применил настройки
клиент отваливается с ошибкой 691 Доступ запрещен.
лог messages:
что я не так делаю ?
лог при подключении клиента:viewtopic.php?p=17328#17328 и дальше по теме.
Код: Выделить всё
rad_recv: Access-Request packet from host 127.0.0.1 port 42858, id=50, length=147
Service-Type = Framed-User
Framed-Protocol = PPP
User-Name = "pasha"
MS-CHAP-Challenge = 0x8d20b9777d90f6f3e0cfbc86f573850f
MS-CHAP2-Response = 0xea00bdee146b27a61a751ddb18899de3e2840000000000000000a5166e117bea1e393886aa69c00709cf5805e65a7b5cad3a
Calling-Station-Id = "172.20.19.18"
NAS-IP-Address = 127.0.0.1
NAS-Port = 0
+- entering group authorize {...}
++[preprocess] returns ok
[suffix] No '@' in User-Name = "pasha", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[unix] returns notfound
[files] users: Matched entry DEFAULT at line 2
++[files] returns ok
Found Auth-Type = Accept
Auth-Type = Accept, accepting the user
+- entering group post-auth {...}
Exec-Program output: Session-Timeout = 2102903, Session-Octets-Limit = 52428800, PPPD-Downstream-Speed-Limit = 128, Acct-Interim-Interval = 120, PPPD-Upstream-Speed-Limit = 64, Octets-Direction = 1, Framed-IP-Address = 192.168.25.51, Framed-IP-Netmask = 255.255.255.255,
Exec-Program-Wait: plaintext: Session-Timeout = 2102903, Session-Octets-Limit = 52428800, PPPD-Downstream-Speed-Limit = 128, Acct-Interim-Interval = 120, PPPD-Upstream-Speed-Limit = 64, Octets-Direction = 1, Framed-IP-Address = 192.168.25.51, Framed-IP-Netmask = 255.255.255.255,
Exec-Program: returned: 0
++[exec] returns noop
Sending Access-Accept of id 50 to 127.0.0.1 port 42858
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 0 ID 50 with timestamp +25
Ready to process requests.лог messages:
Код: Выделить всё
May 7 15:51:37 localhost pptpd[9750]: CTRL: Client 172.20.19.18 control connection started
May 7 15:51:37 localhost pptpd[9750]: CTRL: Starting call (launching pppd, opening GRE)
May 7 15:51:37 localhost pppd[9752]: Plugin /usr/lib/pppd/2.4.4/radius.so loaded.
May 7 15:51:37 localhost pppd[9752]: RADIUS plugin initialized.
May 7 15:51:37 localhost pppd[9752]: Plugin /usr/lib/pppd/2.4.4/radattr.so loaded.
May 7 15:51:37 localhost pppd[9752]: RADATTR plugin initialized.
May 7 15:51:37 localhost pppd[9752]: pppd 2.4.4 started by root, uid 0
May 7 15:51:37 localhost pppd[9752]: Using interface ppp0
May 7 15:51:37 localhost pppd[9752]: Connect: ppp0 <--> /dev/pts/2
May 7 15:51:37 localhost pptpd[9750]: CTRL: Ignored a SET LINK INFO packet with real ACCMs!
May 7 15:51:38 localhost pppd[9752]:
May 7 15:51:38 localhost pppd[9752]: Peer pasha failed CHAP authentication
May 7 15:51:38 localhost pppd[9752]: Connection terminated.
May 7 15:51:38 localhost pppd[9752]: Exit.
May 7 15:51:38 localhost pptpd[9750]: CTRL: Client 172.20.19.18 control connection finished