заметил вот еще что ppp+ не создает
freeradius -X
Код: Выделить всё
FreeRADIUS Version 2.1.12, for host x86_64-pc-linux-gnu, built on Dec 16 2012 at 13:28:43
Copyright (C) 1999-2009 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License v2.
Starting - reading configuration files ...
including configuration file /etc/freeradius/radiusd.conf
including configuration file /etc/freeradius/clients.conf
including files in directory /etc/freeradius/modules/
including configuration file /etc/freeradius/modules/rediswho
including configuration file /etc/freeradius/modules/replicate
including configuration file /etc/freeradius/modules/digest
including configuration file /etc/freeradius/modules/detail.log
including configuration file /etc/freeradius/modules/expr
including configuration file /etc/freeradius/modules/krb5
including configuration file /etc/freeradius/modules/attr_filter
including configuration file /etc/freeradius/modules/sradutmp
including configuration file /etc/freeradius/modules/sqlcounter_expire_on_login
including configuration file /etc/freeradius/modules/chap
including configuration file /etc/freeradius/modules/smbpasswd
including configuration file /etc/freeradius/modules/otp
including configuration file /etc/freeradius/modules/inner-eap
including configuration file /etc/freeradius/modules/perl
including configuration file /etc/freeradius/modules/redis
including configuration file /etc/freeradius/modules/acct_unique
including configuration file /etc/freeradius/modules/ntlm_auth
including configuration file /etc/freeradius/modules/passwd
including configuration file /etc/freeradius/modules/etc_group
including configuration file /etc/freeradius/modules/linelog
including configuration file /etc/freeradius/modules/ldap
including configuration file /etc/freeradius/modules/detail.example.com
including configuration file /etc/freeradius/modules/radutmp
including configuration file /etc/freeradius/modules/echo
including configuration file /etc/freeradius/modules/mschap
including configuration file /etc/freeradius/modules/mac2vlan
including configuration file /etc/freeradius/modules/sql_log
including configuration file /etc/freeradius/modules/ippool
including configuration file /etc/freeradius/modules/always
including configuration file /etc/freeradius/modules/unix
including configuration file /etc/freeradius/modules/attr_rewrite
including configuration file /etc/freeradius/modules/opendirectory
including configuration file /etc/freeradius/modules/pam
including configuration file /etc/freeradius/modules/preprocess
including configuration file /etc/freeradius/modules/checkval
including configuration file /etc/freeradius/modules/files
including configuration file /etc/freeradius/modules/exec
including configuration file /etc/freeradius/modules/pap
including configuration file /etc/freeradius/modules/counter
including configuration file /etc/freeradius/modules/dynamic_clients
including configuration file /etc/freeradius/modules/mac2ip
including configuration file /etc/freeradius/modules/smsotp
including configuration file /etc/freeradius/modules/logintime
including configuration file /etc/freeradius/modules/expiration
including configuration file /etc/freeradius/modules/realm
including configuration file /etc/freeradius/modules/cui
including configuration file /etc/freeradius/modules/policy
including configuration file /etc/freeradius/modules/wimax
including configuration file /etc/freeradius/modules/detail
including configuration file /etc/freeradius/modules/soh
including configuration file /etc/freeradius/policy.conf
including files in directory /etc/freeradius/sites-enabled/
including configuration file /etc/freeradius/sites-enabled/default
including configuration file /etc/freeradius/sites-enabled/inner-tunnel
main {
user = "freerad"
group = "freerad"
allow_core_dumps = no
}
including dictionary file /etc/freeradius/dictionary
main {
name = "freeradius"
prefix = "/usr/"
localstatedir = "/var"
sbindir = "/usr//sbin"
logdir = "/var/log/freeradius"
run_dir = "/var/run/freeradius"
libdir = "/usr/lib/freeradius"
radacctdir = "/var/log/freeradius/radacct"
hostname_lookups = no
max_request_time = 30
cleanup_delay = 5
max_requests = 512000
pidfile = "/var/run/freeradius/freeradius.pid"
checkrad = "/usr//sbin/checkrad"
debug_level = 0
proxy_requests = no
log {
stripped_names = no
auth = no
auth_badpass = no
auth_goodpass = no
}
security {
max_attributes = 200
reject_delay = 1
status_server = yes
}
}
radiusd: #### Loading Realms and Home Servers ####
radiusd: #### Loading Clients ####
client localhost {
ipaddr = 127.0.0.1
require_message_authenticator = no
secret = "radsecret"
nastype = "other"
}
radiusd: #### Instantiating modules ####
instantiate {
Module: Linked to module rlm_exec
Module: Instantiating module "exec" from file /etc/freeradius/modules/exec
exec {
wait = yes
input_pairs = "request"
output_pairs = "reply"
shell_escape = yes
}
Module: Linked to module rlm_expiration
Module: Instantiating module "expiration" from file /etc/freeradius/modules/expiration
expiration {
reply-message = "Password Has Expired "
}
}
radiusd: #### Loading Virtual Servers ####
server { # from file /etc/freeradius/radiusd.conf
modules {
Module: Creating Auth-Type = Perl
Module: Creating Post-Auth-Type = REJECT
Module: Checking authenticate {...} for more modules to load
Module: Linked to module rlm_pap
Module: Instantiating module "pap" from file /etc/freeradius/modules/pap
pap {
encryption_scheme = "auto"
auto_header = no
}
Module: Linked to module rlm_chap
Module: Instantiating module "chap" from file /etc/freeradius/modules/chap
Module: Linked to module rlm_mschap
Module: Instantiating module "mschap" from file /etc/freeradius/modules/mschap
mschap {
use_mppe = yes
require_encryption = no
require_strong = no
with_ntdomain_hack = no
allow_retry = yes
}
Module: Checking authorize {...} for more modules to load
Module: Linked to module rlm_preprocess
Module: Instantiating module "preprocess" from file /etc/freeradius/modules/preprocess
preprocess {
huntgroups = "/etc/freeradius/huntgroups"
hints = "/etc/freeradius/hints"
with_ascend_hack = no
ascend_channels_per_line = 23
with_ntdomain_hack = no
with_specialix_jetstream_hack = no
with_cisco_vsa_hack = no
with_alvarion_vsa_hack = no
}
Module: Instantiating module "abills_preauth" from file /etc/freeradius/radiusd.conf
exec abills_preauth {
wait = yes
program = "/usr/abills/libexec/rauth.pl pre_auth"
input_pairs = "request"
output_pairs = "config"
shell_escape = yes
}
Module: Linked to module rlm_files
Module: Instantiating module "files" from file /etc/freeradius/modules/files
files {
usersfile = "/etc/freeradius/users"
acctusersfile = "/etc/freeradius/acct_users"
preproxy_usersfile = "/etc/freeradius/preproxy_users"
compat = "no"
}
Module: Instantiating module "abills_auth" from file /etc/freeradius/radiusd.conf
exec abills_auth {
wait = yes
program = "/usr/abills/libexec/rauth.pl"
input_pairs = "request"
output_pairs = "reply"
shell_escape = yes
}
Module: Checking preacct {...} for more modules to load
Module: Instantiating module "abills_acc" from file /etc/freeradius/radiusd.conf
exec abills_acc {
wait = yes
program = "/usr/abills/libexec/racct.pl"
input_pairs = "request"
output_pairs = "reply"
shell_escape = yes
}
Module: Checking post-auth {...} for more modules to load
Module: Instantiating module "abills_postauth" from file /etc/freeradius/radiusd.conf
exec abills_postauth {
wait = yes
program = "/usr/abills/libexec/rauth.pl post_auth"
input_pairs = "request"
output_pairs = "config"
shell_escape = yes
}
} # modules
} # server
server inner-tunnel { # from file /etc/freeradius/sites-enabled/inner-tunnel
modules {
Module: Checking authenticate {...} for more modules to load
Module: Linked to module rlm_unix
Module: Instantiating module "unix" from file /etc/freeradius/modules/unix
unix {
radwtmp = "/var/log/freeradius/radwtmp"
}
Module: Checking authorize {...} for more modules to load
Module: Linked to module rlm_realm
Module: Instantiating module "suffix" from file /etc/freeradius/modules/realm
realm suffix {
format = "suffix"
delimiter = "@"
ignore_default = no
ignore_null = no
}
Module: Linked to module rlm_logintime
Module: Instantiating module "logintime" from file /etc/freeradius/modules/logintime
logintime {
reply-message = "You are calling outside your allowed timespan "
minimum-timeout = 60
}
Module: Checking session {...} for more modules to load
Module: Linked to module rlm_radutmp
Module: Instantiating module "radutmp" from file /etc/freeradius/modules/radutmp
radutmp {
filename = "/var/log/freeradius/radutmp"
username = "%{User-Name}"
case_sensitive = yes
check_with_nas = yes
perm = 384
callerid = yes
}
Module: Checking post-proxy {...} for more modules to load
Module: Checking post-auth {...} for more modules to load
Module: Linked to module rlm_attr_filter
Module: Instantiating module "attr_filter.access_reject" from file /etc/freeradius/modules/attr_filter
attr_filter attr_filter.access_reject {
attrsfile = "/etc/freeradius/attrs.access_reject"
key = "%{User-Name}"
relaxed = no
}
} # modules
} # server
radiusd: #### Opening IP addresses and Ports ####
listen {
type = "auth"
ipaddr = *
port = 0
}
listen {
type = "acct"
ipaddr = *
port = 0
}
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Ready to process requests.
при подключение клиента
Код: Выделить всё
Ready to process requests.
rad_recv: Access-Request packet from host 127.0.0.1 port 57799, id=1, length=177
User-Name = "test"
NAS-Identifier = "accel-ppp"
NAS-IP-Address = 127.0.0.1
NAS-Port = 0
NAS-Port-Type = Virtual
Service-Type = Framed-User
Framed-Protocol = PPP
Calling-Station-Id = "172.16.49.21"
Called-Station-Id = "172.16.49.94"
MS-CHAP-Challenge = 0x7d1da997195c178c39fa168834036a6c
MS-CHAP2-Response = 0x01001eda4ac8081914baecec1b6d5a8489c70000000000000000b0e58ecaf83fa74167e306fe0b833d303a7e24e3a67aae4c
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
Exec-Program output: Cleartext-Password := "123456"
Exec-Program-Wait: value-pairs: Cleartext-Password := "123456"
Exec-Program: returned: 0
++[abills_preauth] returns ok
[mschap] Found MS-CHAP attributes. Setting 'Auth-Type = mschap'
++[mschap] returns ok
[files] users: Matched entry DEFAULT at line 1
++[files] returns ok
Exec-Program output: Acct-Interim-Interval = 60, Session-Timeout = 2127743, User-Name = test, Framed-IP-Address = 10.1.0.35, Framed-IP-Netmask = 255.255.255.0,
Exec-Program-Wait: value-pairs: Acct-Interim-Interval = 60, Session-Timeout = 2127743, User-Name = test, Framed-IP-Address = 10.1.0.35, Framed-IP-Netmask = 255.255.255.0,
Exec-Program: returned: 0
++[abills_auth] returns ok
Found Auth-Type = MSCHAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group MS-CHAP {...}
[mschap] Creating challenge hash with username: test
[mschap] Told to do MS-CHAPv2 for test with NT-Password
[mschap] adding MS-CHAPv2 MPPE keys
++[mschap] returns ok
WARNING: Empty post-auth section. Using default return values.
# Executing section post-auth from file /etc/freeradius/sites-enabled/default
Sending Access-Accept of id 1 to 127.0.0.1 port 57799
Acct-Interim-Interval = 60
Session-Timeout = 2127743
User-Name = "test"
Framed-IP-Address = 10.1.0.35
Framed-IP-Netmask = 255.255.255.0
MS-CHAP2-Success = 0x01533d38353539353431364436443242303532344541444631323938303338303538303035393639383944
MS-MPPE-Recv-Key = 0x58100a6911f3befafd829ab3af0b2d1c
MS-MPPE-Send-Key = 0x75e19959fa6c799b5b5a76366751f921
MS-MPPE-Encryption-Policy = 0x00000001
MS-MPPE-Encryption-Types = 0x00000006
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Accounting-Request packet from host 127.0.0.1 port 36441, id=1, length=173
User-Name = "test"
NAS-Identifier = "accel-ppp"
NAS-IP-Address = 127.0.0.1
NAS-Port = 0
NAS-Port-Type = Virtual
Service-Type = Framed-User
Framed-Protocol = PPP
Calling-Station-Id = "172.16.49.21"
Called-Station-Id = "172.16.49.94"
Acct-Status-Type = Start
Acct-Authentic = RADIUS
Acct-Session-Id = "75db1c41de75dfa3"
Acct-Session-Time = 0
Acct-Input-Octets = 0
Acct-Output-Octets = 0
Acct-Input-Packets = 0
Acct-Output-Packets = 0
Acct-Input-Gigawords = 0
Acct-Output-Gigawords = 0
Framed-IP-Address = 10.1.0.35
# Executing section preacct from file /etc/freeradius/sites-enabled/default
+- entering group preacct {...}
++[preprocess] returns ok
Exec-Program output:
Exec-Program: returned: 0
++[abills_acc] returns ok
WARNING: Empty accounting section. Using default return values.
Finished request 1.
Cleaning up request 1 ID 1 with timestamp +17
Going to the next request
Waking up in 4.8 seconds.
rad_recv: Accounting-Request packet from host 127.0.0.1 port 36441, id=1, length=173
User-Name = "test"
NAS-Identifier = "accel-ppp"
NAS-IP-Address = 127.0.0.1
NAS-Port = 0
NAS-Port-Type = Virtual
Service-Type = Framed-User
Framed-Protocol = PPP
Calling-Station-Id = "172.16.49.21"
Called-Station-Id = "172.16.49.94"
Acct-Status-Type = Start
Acct-Authentic = RADIUS
Acct-Session-Id = "75db1c41de75dfa3"
Acct-Session-Time = 0
Acct-Input-Octets = 0
Acct-Output-Octets = 0
Acct-Input-Packets = 0
Acct-Output-Packets = 0
Acct-Input-Gigawords = 0
Acct-Output-Gigawords = 0
Framed-IP-Address = 10.1.0.35
# Executing section preacct from file /etc/freeradius/sites-enabled/default
+- entering group preacct {...}
++[preprocess] returns ok
Exec-Program output:
Exec-Program: returned: 0
++[abills_acc] returns ok
WARNING: Empty accounting section. Using default return values.
Finished request 2.
Cleaning up request 2 ID 1 with timestamp +20
Going to the next request
Waking up in 1.8 seconds.
Cleaning up request 0 ID 1 with timestamp +17
Ready to process requests.
rad_recv: Accounting-Request packet from host 127.0.0.1 port 36441, id=1, length=173
User-Name = "test"
NAS-Identifier = "accel-ppp"
NAS-IP-Address = 127.0.0.1
NAS-Port = 0
NAS-Port-Type = Virtual
Service-Type = Framed-User
Framed-Protocol = PPP
Calling-Station-Id = "172.16.49.21"
Called-Station-Id = "172.16.49.94"
Acct-Status-Type = Start
Acct-Authentic = RADIUS
Acct-Session-Id = "75db1c41de75dfa3"
Acct-Session-Time = 0
Acct-Input-Octets = 0
Acct-Output-Octets = 0
Acct-Input-Packets = 0
Acct-Output-Packets = 0
Acct-Input-Gigawords = 0
Acct-Output-Gigawords = 0
Framed-IP-Address = 10.1.0.35
# Executing section preacct from file /etc/freeradius/sites-enabled/default
+- entering group preacct {...}
++[preprocess] returns ok
Exec-Program output:
Exec-Program: returned: 0
++[abills_acc] returns ok
WARNING: Empty accounting section. Using default return values.
Finished request 3.
Cleaning up request 3 ID 1 with timestamp +23
Going to the next request
Код: Выделить всё
2013-09-06 08:57:37 LOG_INFO AUTH test CID: 172.16.49.21 GT: 0.07405 90
конфиг cat /etc/accel-ppp.conf
Код: Выделить всё
[modules]
#path=/usr/local/lib/accel-ppp
log_file
#log_syslog
#log_tcp
#log_pgsql
pptp
#l2tp
#pppoe
auth_mschap_v2
#auth_mschap_v1
#auth_chap_md5
#auth_pap
radius
ippool
sigchld
#pppd_compat
#shaper
#shaper_tbf (obsolete)
# chap-secrets
#net-snmp
#logwtmp
#connlimit
#ipv6_nd
#ipv6_dhcp
#ipv6pool
[core]
log-error=/var/log/accel-ppp/core.log
thread-count=4
[ppp]
verbose=1
min-mtu=1280
mtu=1480
mru=1480
#ccp=0
#sid-case=upper
#check-ip=0
single-session=replace
#mppe=require
ipv4=require
ipv6=deny
#ipv6-intf-id=0:0:0:1
#ipv6-peer-intf-id=0:0:0:2
#ipv6-accept-peer-intf-id=1
lcp-echo-interval=20
#lcp-echo-failure=3
lcp-echo-timeout=120
#unit-cache=1000
[auth]
#any-login=0
#noauth=0
[pptp]
echo-interval=30
verbose=1
[pppoe]
interface=eth0
#interface=eth1,padi-limit=1000
ac-name=Debian_accel-ppp
service-name=C3
#pado-delay=0
#pado-delay=0,100:100,200:200,-1:500
ifname-in-sid=called-sid
#tr101=1
#padi-limit=0
verbose=1
#[l2tp]
#dictionary=/usr/local/share/accel-ppp/l2tp/dictionary
#hello-interval=60
#timeout=60
#rtimeout=5
#retransmit=5
#host-name=accel-ppp
#dir300_quirk=0
#secret=
#verbose=1
[dns]
dns1=10.128.0.1
#dns2=
[radius]
dictionary=/usr/local/share/accel-ppp/radius/dictionary
nas-identifier=accel-ppp
nas-ip-address=127.0.0.1
gw-ip-address=10.0.0.10
auth-server=127.0.0.1:1812,radsecret
acct-server=127.0.0.1:1813,radsecret
dae-server=127.0.0.1:3799,radsecret
verbose=1
#timeout=3
#max-try=3
#acct-timeout=120
#acct-delay-time=0
#[radius]
#dictionary=/usr/local/share/accel-ppp/radius/dictionary
#nas-identifier=accel-ppp
#nas-ip-address=127.0.0.1 # IP Debiana z accel-ppp
#gw-ip-address=10.128.0.1 # IP Debiana z accel-ppp
##auth-server=127.0.0.1:1812,testing123 (obsolete)
##acct-server=127.0.0.1:1813,testing123 (obsolete)
##server=127.0.0.1,testing123 (obsolete)
##server=127.0.0.1,testing123,auth-port=1812,acct-port=1813,req-limit=0,fail-time=0
##server=127.0.0.1,radsecret,auth-port=1812,acct-port=1813,req-limit=0,fail-time=0
#dae-server=127.0.0.1:3799,radsecret
#verbose=0
#timeout=3
##max-try=3
#acct-timeout=120
##acct-delay-time=0
[client-ip-range]
#10.0.0.0/8
disable
[ip-pool]
#gw-ip-address=192.168.0.1
#vendor=Cisco
#attr=Cisco-AVPair
#attr=Framed-Pool
#192.168.0.2-255
#192.168.1.1-255,pool1
#192.168.2.1-255,pool2
#192.168.3.1-255,pool3
#192.168.4.0/24
[log]
log-file=/var/log/accel-ppp/accel-ppp.log
log-emerg=/var/log/accel-ppp/emerg.log
log-fail-file=/var/log/accel-ppp/auth-fail.log
#log-debug=/dev/stdout
#syslog=accel-pppd,daemon
#log-tcp=127.0.0.1:3000
copy=1
#color=1
#per-user-dir=per_user
#per-session-dir=per_session
#per-session=1
level=3
#[log-pgsql]
#conninfo=user=log
#log-table=log
[pppd-compat]
#ip-pre-up=/etc/ppp/ip-pre-up
#ip-up=/etc/ppp/ip-up
#ip-down=/etc/ppp/ip-down
#ip-change=/etc/ppp/ip-change
#radattr-prefix=/var/run/radattr
verbose=1
#[chap-secrets]
#gw-ip-address=10.128.0.1
#chap-secrets=/etc/ppp/chap-secrets
##[shaper]
#attr=Filter-Id
#down-burst-factor=0.1
#up-burst-factor=1.0
#latency=50
#mpu=0
#r2q=10
#quantum=1500
#cburst=1534
#ifb=ifb0
##up-limiter=police
##down-limiter=tbf
#leaf-qdisc=sfq perturb 10
##verbose=1
#tbf is obsolete, use shaper module
#[tbf]
#attr=Filter-Id
#down-burst-factor=0.1
#up-burst-factor=1.0
#latency=50
[cli]
telnet=127.0.0.1:2000
tcp=127.0.0.1:2001
#password=123
[snmp]
master=0
agent-name=accel-ppp
#[connlimit]
#limit=10/min
#burst=3
#timeout=60
#[ipv6-pool]
#fc00:0:1::/48,64
#delegate=fc00:1::/36,48
#[ipv6-dns]
#fc00:1::1
#fc00:1::2
#fc00:1::3
#dnssl=suffix1.local.net
#dnssl=suffix2.local.net.
#[ipv6-dhcp]
#verbose=1
#pref-lifetime=604800
#valid-lifetime=2592000