Подключение к VPN серверу.

Установка, настройка, поддержка
Ответить
skillman
Сообщения: 68
Зарегистрирован: Вт сен 13, 2011 8:04 am
Контактная информация:

Подключение к VPN серверу.

Сообщение skillman »

options.7z
(4.65 КБ) 423 скачивания
при подключении из windows к VPN серверу появляяется ошибка 691, как будто неверный пароль.

Поправил словарик согласно инструкции dictationary и теперь при соединении клиента с сервером в логах сервера
Sep 23 14:47:11 inet483 pptpd[5721]: CTRL: Client 192.168.10.112 control connection started
Sep 23 14:47:11 inet483 pptpd[5721]: CTRL: Starting call (launching pppd, opening GRE)
Sep 23 14:47:11 inet483 pppd[5722]: Plugin radius.so loaded.
Sep 23 14:47:11 inet483 pppd[5722]: RADIUS plugin initialized.
Sep 23 14:47:11 inet483 pppd[5722]: Plugin radattr.so loaded.
Sep 23 14:47:11 inet483 pppd[5722]: RADATTR plugin initialized.
Sep 23 14:47:11 inet483 pppd[5722]: pppd 2.4.5 started by root, uid 0
Sep 23 14:47:11 inet483 pppd[5722]: using channel 31
Sep 23 14:47:11 inet483 pppd[5722]: Using interface ppp1
Sep 23 14:47:11 inet483 pppd[5722]: Connect: ppp1 <--> /dev/pts/9
Sep 23 14:47:11 inet483 pppd[5722]: sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0xf2c91ebb> <pcomp> <accomp>]
Sep 23 14:47:11 inet483 pptpd[5721]: GRE: Bad checksum from pppd.
Sep 23 14:47:11 inet483 pppd[5722]: rcvd [LCP ConfReq id=0x0 <mru 1400> <magic 0x35e92fee> <pcomp> <accomp> <callback CBCP>]
Sep 23 14:47:11 inet483 pppd[5722]: sent [LCP ConfRej id=0x0 <callback CBCP>]
Sep 23 14:47:11 inet483 pppd[5722]: rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0xf2c91ebb> <pcomp> <accomp>]
Sep 23 14:47:11 inet483 pppd[5722]: rcvd [LCP ConfReq id=0x1 <mru 1400> <magic 0x35e92fee> <pcomp> <accomp>]
Sep 23 14:47:11 inet483 pppd[5722]: sent [LCP ConfAck id=0x1 <mru 1400> <magic 0x35e92fee> <pcomp> <accomp>]
Sep 23 14:47:11 inet483 pppd[5722]: sent [LCP EchoReq id=0x0 magic=0xf2c91ebb]
Sep 23 14:47:11 inet483 pppd[5722]: sent [CHAP Challenge id=0xd8 <cfa911f8577458d76887c2c0ffaaeff6>, name = "pptpd"]
Sep 23 14:47:11 inet483 pppd[5722]: rcvd [LCP Ident id=0x2 magic=0x35e92fee "MSRASV5.20"]
Sep 23 14:47:11 inet483 pppd[5722]: rcvd [LCP Ident id=0x3 magic=0x35e92fee "MSRAS-1-INET426"]
Sep 23 14:47:11 inet483 pppd[5722]: rcvd [LCP EchoRep id=0x0 magic=0x35e92fee]
Sep 23 14:47:11 inet483 pppd[5722]: rcvd [CHAP Response id=0xd8 <2b4bcbf00b24cca9eb05cf24ce9e451e0000000000000000428cfa5adf57b263dad0443fef988a28fc2703490f05e77e00>, name = "user01"]
Sep 23 14:47:11 inet483 pptpd[5721]: CTRL: Ignored a SET LINK INFO packet with real ACCMs!
Sep 23 14:47:12 inet483 pppd[5722]: rc_check_reply: received invalid reply digest from RADIUS server
Sep 23 14:47:12 inet483 pppd[5722]: Peer user01 failed CHAP authentication
Sep 23 14:47:12 inet483 pppd[5722]: sent [CHAP Failure id=0xd8 ""]
Sep 23 14:47:12 inet483 pppd[5722]: sent [LCP TermReq id=0x2 "Authentication failed"]
Sep 23 14:47:12 inet483 pptpd[5721]: CTRL: Reaping child PPP[5722]
Sep 23 14:47:12 inet483 pppd[5722]: Hangup (SIGHUP)
Sep 23 14:47:12 inet483 pppd[5722]: Modem hangup
Sep 23 14:47:12 inet483 pppd[5722]: Connection terminated.
Sep 23 14:47:12 inet483 pppd[5722]: RADATTR plugin removed file /var/run/radattr.ppp1.
Sep 23 14:47:12 inet483 pppd[5722]: Exit.
Sep 23 14:47:12 inet483 pptpd[5721]: CTRL: Client 192.168.10.112 control connection finished
Sep 23 14:47:58 inet483 xl2tpd[555]: write_packet: Resource temporarily unavailable(11)
Sep 23 14:47:58 inet483 last message repeated 12 times

у клиента ошибка 691 неверный логин и пароль
Из логов видно ,что авторизация не проходит, значит проблема в клиенте или все же с сервером косяк?
Пользователя добавлял через интерфейс abills
Помогите пожалуйста разобраться с данной проблемой
Вложения
pptpd-options.7z
(1.64 КБ) 413 скачиваний
dictionary.7z
словарь
(1.07 КБ) 374 скачивания

skillman
Сообщения: 68
Зарегистрирован: Вт сен 13, 2011 8:04 am
Контактная информация:

Re: Подключение к VPN серверу.

Сообщение skillman »

Люди добрые помогите.
Заступорился на моменте выполнения соединения VPN.
А в винда пишет 691 ошибку.

~AsmodeuS~
Site Admin
Сообщения: 5746
Зарегистрирован: Пт янв 28, 2005 3:11 pm
Контактная информация:

Re: Подключение к VPN серверу.

Сообщение ~AsmodeuS~ »

лог радиуса покажите

мне кажется что рад секрет сервера доступа и радиуса отличаются

skillman
Сообщения: 68
Зарегистрирован: Вт сен 13, 2011 8:04 am
Контактная информация:

Re: Подключение к VPN серверу.

Сообщение skillman »

~AsmodeuS~ писал(а):лог радиуса покажите

мне кажется что рад секрет сервера доступа и радиуса отличаются
После попытки установить VPN-соединения.
Лог из файла /var/log/freeradius/radius.log

Код: Выделить всё

Tue Oct  4 16:13:42 2011 : Info: Exiting normally.
Tue Oct  4 16:13:43 2011 : Info: Loaded virtual server inner-tunnel
Tue Oct  4 16:13:43 2011 : Info: Loaded virtual server <default>
Tue Oct  4 16:13:43 2011 : Info: Ready to process requests.
Вот лог из файла /var/log/syslog

Код: Выделить всё

Oct  4 16:41:16 inet483 pptpd[1678]: CTRL: Client 192.168.10.112 control connection finished
Oct  4 16:42:21 inet483 pptpd[1689]: CTRL: Client 192.168.10.112 control connection started
Oct  4 16:42:21 inet483 pptpd[1689]: CTRL: Starting call (launching pppd, opening GRE)
Oct  4 16:42:21 inet483 pppd[1690]: Plugin radius.so loaded.
Oct  4 16:42:21 inet483 pppd[1690]: RADIUS plugin initialized.
Oct  4 16:42:21 inet483 pppd[1690]: Plugin radattr.so loaded.
Oct  4 16:42:21 inet483 pppd[1690]: RADATTR plugin initialized.
Oct  4 16:42:21 inet483 pppd[1690]: pppd 2.4.5 started by root, uid 0
Oct  4 16:42:21 inet483 pppd[1690]: Using interface ppp1
Oct  4 16:42:21 inet483 pppd[1690]: Connect: ppp1 <--> /dev/pts/4
Oct  4 16:42:21 inet483 pptpd[1689]: GRE: Bad checksum from pppd.
Oct  4 16:42:21 inet483 pptpd[1689]: CTRL: Ignored a SET LINK INFO packet with real ACCMs!
Oct  4 16:42:21 inet483 pppd[1690]: rc_read_dictionary: couldn't open dictionary /etc/radiusclient/dictionary.microsoft: Too many open files
Oct  4 16:42:21 inet483 pppd[1690]: RADIUS: Can't read dictionary file /etc/radiusclient/dictionary
Oct  4 16:42:21 inet483 pppd[1690]: Peer user01 failed CHAP authentication
Oct  4 16:42:21 inet483 pptpd[1689]: CTRL: Reaping child PPP[1690]
Oct  4 16:42:21 inet483 pppd[1690]: Hangup (SIGHUP)
Oct  4 16:42:21 inet483 pppd[1690]: Modem hangup
Oct  4 16:42:21 inet483 pppd[1690]: Connection terminated.
Oct  4 16:42:21 inet483 pppd[1690]: Exit.
Oct  4 16:42:21 inet483 pptpd[1689]: CTRL: Client 192.168.10.112 control connection finished
по поводу радсекрета прилагаю содержимое файлов /etc/freeradius/clients.conf

Код: Выделить всё

  
client localhost {
ipaddr = 127.0.0.1
secret = 123456789+
shortname = inet483
}
Вот конфиг /etc/radiusclient/servers

Код: Выделить всё

127.0.0.1 123456789+
Что еще можно посмотреть?

~AsmodeuS~
Site Admin
Сообщения: 5746
Зарегистрирован: Пт янв 28, 2005 3:11 pm
Контактная информация:

Re: Подключение к VPN серверу.

Сообщение ~AsmodeuS~ »

radiusd -X

skillman
Сообщения: 68
Зарегистрирован: Вт сен 13, 2011 8:04 am
Контактная информация:

Re: Подключение к VPN серверу.

Сообщение skillman »

root@inet483:~# freeradius -X

Код: Выделить всё

root@inet483:~# freeradius -X
FreeRADIUS Version 2.1.10, for host i686-pc-linux-gnu, built on Dec  9 2010 at 17:54:26
Copyright (C) 1999-2009 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License v2.
Starting - reading configuration files ...
including configuration file /etc/freeradius/radiusd.conf
including configuration file /etc/freeradius/proxy.conf
including configuration file /etc/freeradius/clients.conf
including files in directory /etc/freeradius/modules/
including configuration file /etc/freeradius/modules/wimax
including configuration file /etc/freeradius/modules/always
including configuration file /etc/freeradius/modules/chap
including configuration file /etc/freeradius/modules/cui
including configuration file /etc/freeradius/modules/policy
including configuration file /etc/freeradius/modules/sqlcounter_expire_on_login
including configuration file /etc/freeradius/modules/sradutmp
including configuration file /etc/freeradius/modules/realm
including configuration file /etc/freeradius/modules/attr_filter
including configuration file /etc/freeradius/modules/attr_rewrite
including configuration file /etc/freeradius/modules/ntlm_auth
including configuration file /etc/freeradius/modules/files
including configuration file /etc/freeradius/modules/ldap
including configuration file /etc/freeradius/modules/pap
including configuration file /etc/freeradius/modules/expr
including configuration file /etc/freeradius/modules/counter
including configuration file /etc/freeradius/modules/ippool
including configuration file /etc/freeradius/modules/detail
including configuration file /etc/freeradius/modules/mschap
including configuration file /etc/freeradius/modules/detail.log
including configuration file /etc/freeradius/modules/etc_group
including configuration file /etc/freeradius/modules/smbpasswd
including configuration file /etc/freeradius/modules/dynamic_clients
including configuration file /etc/freeradius/modules/preprocess
including configuration file /etc/freeradius/modules/mac2vlan
including configuration file /etc/freeradius/modules/logintime
including configuration file /etc/freeradius/modules/mac2ip
including configuration file /etc/freeradius/modules/perl
including configuration file /etc/freeradius/modules/echo
including configuration file /etc/freeradius/modules/detail.example.com
including configuration file /etc/freeradius/modules/opendirectory
including configuration file /etc/freeradius/modules/unix
including configuration file /etc/freeradius/modules/passwd
including configuration file /etc/freeradius/modules/linelog
including configuration file /etc/freeradius/modules/sql_log
including configuration file /etc/freeradius/modules/inner-eap
including configuration file /etc/freeradius/modules/smsotp
including configuration file /etc/freeradius/modules/pam
including configuration file /etc/freeradius/modules/acct_unique
including configuration file /etc/freeradius/modules/exec
including configuration file /etc/freeradius/modules/digest
including configuration file /etc/freeradius/modules/krb5
including configuration file /etc/freeradius/modules/radutmp
including configuration file /etc/freeradius/modules/expiration
including configuration file /etc/freeradius/modules/otp
including configuration file /etc/freeradius/modules/checkval
including configuration file /etc/freeradius/eap.conf
including configuration file /etc/freeradius/policy.conf
including files in directory /etc/freeradius/sites-enabled/
including configuration file /etc/freeradius/sites-enabled/inner-tunnel
including configuration file /etc/freeradius/sites-enabled/default
main {
        user = "freerad"
        group = "freerad"
        allow_core_dumps = no
}
including dictionary file /etc/freeradius/dictionary
main {
        prefix = "/usr"
        localstatedir = "/var"
        logdir = "/var/log/freeradius"
        libdir = "/usr/lib/freeradius"
        radacctdir = "/var/log/freeradius/radacct"
        hostname_lookups = no
        max_request_time = 30
        cleanup_delay = 5
        max_requests = 1024
        pidfile = "/var/run/freeradius/freeradius.pid"
        checkrad = "/usr/sbin/checkrad"
        debug_level = 0
        proxy_requests = yes
 log {
        stripped_names = no
        auth = no
        auth_badpass = no
        auth_goodpass = no
 }
 security {
        max_attributes = 200
        reject_delay = 1
        status_server = yes
 }
}
radiusd: #### Loading Realms and Home Servers ####
 proxy server {
        retry_delay = 5
        retry_count = 3
        default_fallback = no
        dead_time = 120
        wake_all_if_all_dead = no
 }
 home_server localhost {
        ipaddr = 127.0.0.1
        port = 1812
        type = "auth"
        secret = "testing123"
        response_window = 20
        max_outstanding = 65536
        require_message_authenticator = yes
        zombie_period = 40
        status_check = "status-server"
        ping_interval = 30
        check_interval = 30
        num_answers_to_alive = 3
        num_pings_to_alive = 3
        revive_interval = 120
        status_check_timeout = 4
        irt = 2
        mrt = 16
        mrc = 5
        mrd = 30
 }
 home_server_pool my_auth_failover {
        type = fail-over
        home_server = localhost
 }
 realm example.com {
        auth_pool = my_auth_failover
 }
 realm LOCAL {
 }
radiusd: #### Loading Clients ####
 client localhost {
        ipaddr = 127.0.0.1
        require_message_authenticator = no
        secret = "qw130795"
        shortname = "inet483"
 }
radiusd: #### Instantiating modules ####
 instantiate {
 Module: Linked to module rlm_exec
 Module: Instantiating module "exec" from file /etc/freeradius/modules/exec
  exec {
        wait = yes
        input_pairs = "request"
        output_pairs = "reply"
        shell_escape = yes
  }
 Module: Linked to module rlm_expr
 Module: Instantiating module "expr" from file /etc/freeradius/modules/expr
 Module: Linked to module rlm_expiration
 Module: Instantiating module "expiration" from file /etc/freeradius/modules/expiration
  expiration {
        reply-message = "Password Has Expired  "
  }
 Module: Linked to module rlm_logintime
 Module: Instantiating module "logintime" from file /etc/freeradius/modules/logintime
  logintime {
        reply-message = "You are calling outside your allowed timespan  "
        minimum-timeout = 60
  }
 }
radiusd: #### Loading Virtual Servers ####
server inner-tunnel { # from file /etc/freeradius/sites-enabled/inner-tunnel
 modules {
 Module: Checking authenticate {...} for more modules to load
 Module: Linked to module rlm_pap
 Module: Instantiating module "pap" from file /etc/freeradius/modules/pap
  pap {
        encryption_scheme = "auto"
        auto_header = no
  }
 Module: Linked to module rlm_chap
 Module: Instantiating module "chap" from file /etc/freeradius/modules/chap
 Module: Linked to module rlm_mschap
 Module: Instantiating module "mschap" from file /etc/freeradius/modules/mschap
  mschap {
        use_mppe = yes
        require_encryption = no
        require_strong = no
        with_ntdomain_hack = no
  }
 Module: Linked to module rlm_unix
 Module: Instantiating module "unix" from file /etc/freeradius/modules/unix
  unix {
        radwtmp = "/var/log/freeradius/radwtmp"
  }
 Module: Linked to module rlm_eap
 Module: Instantiating module "eap" from file /etc/freeradius/eap.conf
  eap {
        default_eap_type = "md5"
        timer_expire = 60
        ignore_unknown_eap_types = no
        cisco_accounting_username_bug = no
        max_sessions = 4096
  }
 Module: Linked to sub-module rlm_eap_md5
 Module: Instantiating eap-md5
 Module: Linked to sub-module rlm_eap_leap
 Module: Instantiating eap-leap
 Module: Linked to sub-module rlm_eap_gtc
 Module: Instantiating eap-gtc
   gtc {
        challenge = "Password: "
        auth_type = "PAP"
   }
 Module: Linked to sub-module rlm_eap_tls
 Module: Instantiating eap-tls
   tls {
        rsa_key_exchange = no
        dh_key_exchange = yes
        rsa_key_length = 512
        dh_key_length = 512
        verify_depth = 0
        CA_path = "/etc/freeradius/certs"
        pem_file_type = yes
        private_key_file = "/etc/freeradius/certs/server.key"
        certificate_file = "/etc/freeradius/certs/server.pem"
        CA_file = "/etc/freeradius/certs/ca.pem"
        private_key_password = "whatever"
        dh_file = "/etc/freeradius/certs/dh"
        random_file = "/dev/urandom"
        fragment_size = 1024
        include_length = yes
        check_crl = no
        cipher_list = "DEFAULT"
        make_cert_command = "/etc/freeradius/certs/bootstrap"
    cache {
        enable = no
        lifetime = 24
        max_entries = 255
    }
    verify {
    }
   }
 Module: Linked to sub-module rlm_eap_ttls
 Module: Instantiating eap-ttls
   ttls {
        default_eap_type = "md5"
        copy_request_to_tunnel = no
        use_tunneled_reply = no
        virtual_server = "inner-tunnel"
        include_length = yes
   }
 Module: Linked to sub-module rlm_eap_peap
 Module: Instantiating eap-peap
   peap {
        default_eap_type = "mschapv2"
        copy_request_to_tunnel = no
        use_tunneled_reply = no
        proxy_tunneled_request_as_eap = yes
        virtual_server = "inner-tunnel"
   }
 Module: Linked to sub-module rlm_eap_mschapv2
 Module: Instantiating eap-mschapv2
   mschapv2 {
        with_ntdomain_hack = no
   }
 Module: Checking authorize {...} for more modules to load
 Module: Linked to module rlm_realm
 Module: Instantiating module "suffix" from file /etc/freeradius/modules/realm
  realm suffix {
        format = "suffix"
        delimiter = "@"
        ignore_default = no
        ignore_null = no
  }
 Module: Linked to module rlm_files
 Module: Instantiating module "files" from file /etc/freeradius/modules/files
  files {
        usersfile = "/etc/freeradius/users"
        acctusersfile = "/etc/freeradius/acct_users"
        preproxy_usersfile = "/etc/freeradius/preproxy_users"
        compat = "no"
  }
 Module: Checking session {...} for more modules to load
 Module: Linked to module rlm_radutmp
 Module: Instantiating module "radutmp" from file /etc/freeradius/modules/radutmp
  radutmp {
        filename = "/var/log/freeradius/radutmp"
        username = "%{User-Name}"
        case_sensitive = yes
        check_with_nas = yes
        perm = 384
        callerid = yes
  }
 Module: Checking post-proxy {...} for more modules to load
 Module: Checking post-auth {...} for more modules to load
 Module: Linked to module rlm_attr_filter
 Module: Instantiating module "attr_filter.access_reject" from file /etc/freeradius/modules/attr_filter
  attr_filter attr_filter.access_reject {
        attrsfile = "/etc/freeradius/attrs.access_reject"
        key = "%{User-Name}"
  }
 } # modules
} # server
server { # from file /etc/freeradius/radiusd.conf
 modules {
 Module: Checking authorize {...} for more modules to load
 Module: Linked to module rlm_preprocess
 Module: Instantiating module "preprocess" from file /etc/freeradius/modules/preprocess
  preprocess {
        huntgroups = "/etc/freeradius/huntgroups"
        hints = "/etc/freeradius/hints"
        with_ascend_hack = no
        ascend_channels_per_line = 23
        with_ntdomain_hack = no
        with_specialix_jetstream_hack = no
        with_cisco_vsa_hack = no
        with_alvarion_vsa_hack = no
  }
 Module: Instantiating module "abills_preauth" from file /etc/freeradius/radiusd.conf
  exec abills_preauth {
        wait = yes
        program = "/usr/abills/libexec/rauth.pl pre_auth"
        input_pairs = "request"
        output_pairs = "config"
        shell_escape = yes
  }
 Module: Instantiating module "abills_auth" from file /etc/freeradius/radiusd.conf
  exec abills_auth {
        wait = yes
        program = "/usr/abills/libexec/rauth.pl"
        input_pairs = "request"
        output_pairs = "reply"
        shell_escape = yes
  }
 Module: Checking preacct {...} for more modules to load
 Module: Instantiating module "abills_acc" from file /etc/freeradius/radiusd.conf
  exec abills_acc {
        wait = yes
        program = "/usr/abills/libexec/racct.pl"
        input_pairs = "request"
        output_pairs = "reply"
        shell_escape = yes
  }
 Module: Checking post-auth {...} for more modules to load
 Module: Instantiating module "abills_postauth" from file /etc/freeradius/radiusd.conf
  exec abills_postauth {
        wait = yes
        program = "/usr/abills/libexec/rauth.pl post_auth"
        input_pairs = "request"
        output_pairs = "config"
        shell_escape = yes
  }
 } # modules
} # server
radiusd: #### Opening IP addresses and Ports ####
listen {
        type = "auth"
        ipaddr = *
        port = 0
}
listen {
        type = "acct"
        ipaddr = *
        port = 0
}
listen {
        type = "auth"
        ipaddr = 127.0.0.1
        port = 18120
}
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on authentication address 127.0.0.1 port 18120 as server inner-tunnel
Listening on proxy address * port 1814
Ready to process requests.


skillman
Сообщения: 68
Зарегистрирован: Вт сен 13, 2011 8:04 am
Контактная информация:

Re: Подключение к VPN серверу.

Сообщение skillman »

Какие мысли, господа, по данной проблеме?

skillman
Сообщения: 68
Зарегистрирован: Вт сен 13, 2011 8:04 am
Контактная информация:

Re: Подключение к VPN серверу.

Сообщение skillman »

Пробую radtest-ом подключиться, результат ниже.
root@inet483:/etc/raddb# radtest user01 123456+ 127.0.0.1 1812 qw130795
Sending Access-Request of id 238 to 127.0.0.1 port 1812
User-Name = "user01"
User-Password = "123456+"
NAS-IP-Address = 127.0.0.1
NAS-Port = 1812
rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=238, length=47
Reply-Message = "Login Not Exist or Expire"

Но я пользователя создал через веб-интерфейс abills, подскажите ,что не так с конфигами?

~AsmodeuS~
Site Admin
Сообщения: 5746
Зарегистрирован: Пт янв 28, 2005 3:11 pm
Контактная информация:

Re: Подключение к VPN серверу.

Сообщение ~AsmodeuS~ »

написано или неверный пароль или время жизни аккаунта истекло

skillman
Сообщения: 68
Зарегистрирован: Вт сен 13, 2011 8:04 am
Контактная информация:

Re: Подключение к VPN серверу.

Сообщение skillman »

~AsmodeuS~ писал(а):написано или неверный пароль или время жизни аккаунта истекло
Может быть итак, но судя по логам именно скрипт abills меня посылает.
Прилагаю логи.
Вот кусок лога freeradius.

Код: Выделить всё

Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on authentication address 127.0.0.1 port 18120 as server inner-tunnel
Listening on proxy address * port 1814
Ready to process requests.
rad_recv: Access-Request packet from host 127.0.0.1 port 54076, id=252, length=120
User-Name = "user01"
NAS-IP-Address = 127.0.0.1
NAS-Port = 0
Framed-Protocol = PPP
MS-CHAP-Challenge = 0x0050bec6282e518d
MS-CHAP-Response = 0x0001000000000000000000000000000000000000000000000000e5e51e9ff7b7219642ce819c14fbe4d97703f5cacb5318f2
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
Exec-Program output: Cleartext-Password := "123456+"
Exec-Program-Wait: value-pairs: Cleartext-Password := "123456+"
Exec-Program: returned: 0
++[abills_preauth] returns ok
[mschap] Found MS-CHAP attributes.  Setting 'Auth-Type  = mschap'
++[mschap] returns ok
[files] users: Matched entry DEFAULT at line 1
++[files] returns ok
Exec-Program output: Reply-Message = "Login Not Exist or Expire" 
Exec-Program-Wait: value-pairs: Reply-Message = "Login Not Exist or Expire"
Exec-Program: returned: 1
++[abills_auth] returns reject
Invalid user: [user01/<via Auth-Type = mschap>] (from client inet483 port 0)
Using Post-Auth-Type Reject
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group REJECT {...}
Exec-Program output: 
Exec-Program: returned: 0
++[abills_postauth] returns ok
Sending Access-Reject of id 252 to 127.0.0.1 port 54076
Reply-Message = "Login Not Exist or Expire"
Finished request 0.
Going to the next request
Waking up in 4.7 seconds.
Cleaning up request 0 ID 252 with timestamp +23
Ready to process requests.
Вот лог radtest

Код: Выделить всё

Sending Access-Request of id 252 to 127.0.0.1 port 1812
User-Name = "user01"
NAS-IP-Address = 127.0.0.1
NAS-Port = 0
Framed-Protocol = PPP
MS-CHAP-Challenge = 0x0050bec6282e518d
MS-CHAP-Response = 0x0001000000000000000000000000000000000000000000000000e5e51e9ff7b7219642ce819c14fbe4d97703f5cacb5318f2
rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=252, length=47
Reply-Message = "Login Not Exist or Expire"

Вот эти строки как раз не дают соединяться.

Код: Выделить всё

exec abills_preauth {
program = "/usr/abills/libexec/rauth.pl pre_auth"
wait = yes
input_pairs = request
shell_escape = yes
#output = no
output_pairs = config
}

program = "/usr/abills/libexec/rauth.pl"
wait = yes
input_pairs = request
shell_escape = yes
output = yes
output_pairs = reply
}
authorize {
preprocess
abills_preauth
mschap
files
abills_auth
}
Подумал, что нет пользователя в базе, ан нет, есть пользователь user01.
Подскажите, на каком этапе авторизация валится?

skillman
Сообщения: 68
Зарегистрирован: Вт сен 13, 2011 8:04 am
Контактная информация:

Re: Подключение к VPN серверу.

Сообщение skillman »

Вот скрины из баллинга и phpmyadmin подтверждающие наличие пользователя user01.
http://img406.imageshack.us/img406/9200/20856347.jpg
http://img707.imageshack.us/img707/533/84473784.jpg
http://img856.imageshack.us/img856/9144/phpmyadmin.jpg

Ответить