freeradius 1.1.8 + pptpd

0

1

дебаг радиуса после запуска

Starting - reading configuration files ...
reread_config:  reading radiusd.conf
Config:   including file: /etc/freeradius/proxy.conf
Config:   including file: /etc/freeradius/clients.conf
Config:   including file: /etc/freeradius/snmp.conf
Config:   including file: /etc/freeradius/eap.conf
Config:   including file: /etc/freeradius/sql.conf
 main: prefix = "/usr"
 main: localstatedir = "/var"
 main: logdir = "/var/log/freeradius"
 main: libdir = "/usr/lib/freeradius"
 main: radacctdir = "/var/log/freeradius/radacct"
 main: hostname_lookups = no
 main: snmp = no
 main: max_request_time = 30
 main: cleanup_delay = 5
 main: max_requests = 1024
 main: delete_blocked_requests = 0
 main: port = 0
 main: allow_core_dumps = no
 main: log_stripped_names = no
 main: log_file = "/var/log/freeradius/radius.log"
 main: log_auth = no
 main: log_auth_badpass = no
 main: log_auth_goodpass = no
 main: pidfile = "/var/run/freeradius/freeradius.pid"
 main: user = "freerad"
 main: group = "freerad"
 main: usercollide = no
 main: lower_user = "no"
 main: lower_pass = "no"
 main: nospace_user = "no"
 main: nospace_pass = "no"
 main: checkrad = "/usr/sbin/checkrad"
 main: proxy_requests = yes
 proxy: retry_delay = 5
 proxy: retry_count = 3
 proxy: synchronous = no
 proxy: default_fallback = yes
 proxy: dead_time = 120
 proxy: post_proxy_authorize = no
 proxy: wake_all_if_all_dead = no
 security: max_attributes = 200
 security: reject_delay = 1
 security: status_server = no
 main: debug_level = 0
read_config_files:  reading dictionary
read_config_files:  reading naslist
Using deprecated naslist file.  Support for this will go away soon.
read_config_files:  reading clients
read_config_files:  reading realms
radiusd:  entering modules setup
Module: Library search path is /usr/lib/freeradius
Module: Loaded exec 
 exec: wait = yes
 exec: program = "(null)"
 exec: input_pairs = "request"
 exec: output_pairs = "(null)"
 exec: packet_type = "(null)"
rlm_exec: Wait=yes but no output defined. Did you mean output=none?
Module: Instantiated exec (exec) 
Module: Loaded expr 
Module: Instantiated expr (expr) 
Module: Loaded CHAP 
Module: Instantiated chap (chap) 
Module: Loaded System 
 unix: cache = no
 unix: passwd = "(null)"
 unix: shadow = "/etc/shadow"
 unix: group = "(null)"
 unix: radwtmp = "/var/log/freeradius/radwtmp"
 unix: usegroup = no
 unix: cache_reload = 600
Module: Instantiated unix (unix) 
Module: Loaded preprocess 
 preprocess: huntgroups = "/etc/freeradius/huntgroups"
 preprocess: hints = "/etc/freeradius/hints"
 preprocess: with_ascend_hack = no
 preprocess: ascend_channels_per_line = 23
 preprocess: with_ntdomain_hack = no
 preprocess: with_specialix_jetstream_hack = no
 preprocess: with_cisco_vsa_hack = no
 preprocess: with_alvarion_vsa_hack = no
Module: Instantiated preprocess (preprocess) 
Module: Loaded files 
 files: usersfile = "/etc/freeradius/users"
 files: acctusersfile = "/etc/freeradius/acct_users"
 files: preproxy_usersfile = "/etc/freeradius/preproxy_users"
 files: compat = "no"
Module: Instantiated files (files) 
Module: Loaded Acct-Unique-Session-Id 
 acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port"
Module: Instantiated acct_unique (acct_unique) 
Module: Loaded realm 
 realm: format = "suffix"
 realm: delimiter = "@"
 realm: ignore_default = no
 realm: ignore_null = no
Module: Instantiated realm (suffix) 
Module: Loaded detail 
 detail: detailfile = "/var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
 detail: detailperm = 384
 detail: dirperm = 493
 detail: locking = no
Module: Instantiated detail (detail) 
Module: Loaded radutmp 
 radutmp: filename = "/var/log/freeradius/radutmp"
 radutmp: username = "%{User-Name}"
 radutmp: case_sensitive = yes
 radutmp: check_with_nas = yes
 radutmp: perm = 384
 radutmp: callerid = yes
Module: Instantiated radutmp (radutmp) 
Module: Loaded eap 
 eap: default_eap_type = "md5"
 eap: timer_expire = 60
 eap: ignore_unknown_eap_types = no
 eap: cisco_accounting_username_bug = no
rlm_eap: Loaded and initialized type md5
rlm_eap: Loaded and initialized type leap
 gtc: challenge = "Password: "
 gtc: auth_type = "PAP"
rlm_eap: Loaded and initialized type gtc
 mschapv2: with_ntdomain_hack = no
rlm_eap: Loaded and initialized type mschapv2
Module: Instantiated eap (eap) 
Listening on authentication *:1812
Listening on accounting *:1813
Ready to process requests.

после выполнения radtest test 123456 127.0.0.1:1812 0 testing123 0 [nas-address] я получаю

Sending Access-Request of id 52 to 127.0.0.1 port 1812
	User-Name = "test"
	User-Password = "123456"
	NAS-IP-Address = [nas-address]
	NAS-Port = 0
	Framed-Protocol = PPP
rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=52, length=38
	Session-Timeout = 1843859
	Framed-IP-Address = 10.0.0.152
	Framed-IP-Netmask = 255.255.255.255

Ссылка

←	[squid samba apache] Перехват загрузки файлов

Паразитная нагрузка от mysql

→

мне необходимо настроить ВПН с привязкой к радиусу при попытке подключится с виндовой машины лог pptpd [code] Plugin /usr/lib/pptpd/pptpd-logwtmp.so loaded. pptpd-logwtmp: $Version$ using channel 98 Using interface ppp0 Connect: ppp0 <--> /dev/pts/4 sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x316ae5da> <pcomp> <accomp>] rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x316ae5da> <pcomp> <accomp>] rcvd [LCP ConfReq id=0x1 <mru 1400> <magic 0x1755773> <pcomp> <accomp> <callback CBCP>] sent [LCP ConfRej id=0x1 <callback CBCP>] rcvd [LCP ConfReq id=0x2 <mru 1400> <magic 0x1755773> <pcomp> <accomp>] sent [LCP ConfAck id=0x2 <mru 1400> <magic 0x1755773> <pcomp> <accomp>] sent [LCP EchoReq id=0x0 magic=0x316ae5da] sent [CHAP Challenge id=0x4e <4878e56b3c8fee21ce8a877e3c23f45a>, name = «pptpd»] rcvd [LCP Ident id=0x3 magic=0x1755773 «MSRASV5.10»] rcvd [LCP Ident id=0x4 magic=0x1755773 «MSRAS-0-MELKOSOF-2A68F9»] rcvd [LCP EchoRep id=0x0 magic=0x1755773] rcvd [CHAP Response id=0x4e <4bceb787a6812f4166b30ad9d7fb567400000000000000006d81680f61eadcf59318829a6ce188a3dee00ed1a6191cb000>, name = «test»] [b]rc_check_reply: received invalid reply digest from RADIUS server Peer test failed CHAP authentication[/b] sent [CHAP Failure id=0x4e «„] sent [LCP TermReq id=0x2 „Authentication failed“] rcvd [LCP TermAck id=0x2 „Authentication failed“] Connection terminated. RADATTR plugin removed file /var/run/radattr.ppp0. [/code]

himik220
(10.08.11 17:18:18 MSK) автор топика

Ответ на: комментарий от himik220 10.08.11 17:18:18 MSK

выше я пометил жирным, как я понимаю саму проблему, вот только не знаю причин ее возникновения :-Р выхлоп радиуса [code] Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /etc/freeradius/proxy.conf Config: including file: /etc/freeradius/clients.conf Config: including file: /etc/freeradius/snmp.conf Config: including file: /etc/freeradius/eap.conf Config: including file: /etc/freeradius/sql.conf main: prefix = «/usr» main: localstatedir = «/var» main: logdir = «/var/log/freeradius» main: libdir = «/usr/lib/freeradius» main: radacctdir = «/var/log/freeradius/radacct» main: hostname_lookups = no main: snmp = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = no main: log_file = «/var/log/freeradius/radius.log» main: log_auth = no main: log_auth_badpass = no main: log_auth_goodpass = no main: pidfile = «/var/run/freeradius/freeradius.pid» main: user = «freerad» main: group = «freerad» main: usercollide = no main: lower_user = «no» main: lower_pass = «no» main: nospace_user = «no» main: nospace_pass = «no» main: checkrad = «/usr/sbin/checkrad» main: proxy_requests = yes proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: default_fallback = yes proxy: dead_time = 120 proxy: post_proxy_authorize = no proxy: wake_all_if_all_dead = no security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist Using deprecated naslist file. Support for this will go away soon. read_config_files: reading clients read_config_files: reading realms radiusd: entering modules setup Module: Library search path is /usr/lib/freeradius Module: Loaded exec exec: wait = yes exec: program = "(null)" exec: input_pairs = «request» exec: output_pairs = "(null)" exec: packet_type = "(null)" rlm_exec: Wait=yes but no output defined. Did you mean output=none? Module: Instantiated exec (exec) Module: Loaded expr Module: Instantiated expr (expr) Module: Loaded CHAP Module: Instantiated chap (chap) Module: Loaded System unix: cache = no unix: passwd = "(null)" unix: shadow = «/etc/shadow» unix: group = "(null)" unix: radwtmp = «/var/log/freeradius/radwtmp» unix: usegroup = no unix: cache_reload = 600 Module: Instantiated unix (unix) Module: Loaded preprocess preprocess: huntgroups = «/etc/freeradius/huntgroups» preprocess: hints = «/etc/freeradius/hints» preprocess: with_ascend_hack = no preprocess: ascend_channels_per_line = 23 preprocess: with_ntdomain_hack = no preprocess: with_specialix_jetstream_hack = no preprocess: with_cisco_vsa_hack = no preprocess: with_alvarion_vsa_hack = no Module: Instantiated preprocess (preprocess) Module: Loaded files files: usersfile = «/etc/freeradius/users» files: acctusersfile = «/etc/freeradius/acct_users» files: preproxy_usersfile = «/etc/freeradius/preproxy_users» files: compat = «no» Module: Instantiated files (files) Module: Loaded Acct-Unique-Session-Id acct_unique: key = «User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port» Module: Instantiated acct_unique (acct_unique) Module: Loaded realm realm: format = «suffix» realm: delimiter = «@» realm: ignore_default = no realm: ignore_null = no Module: Instantiated realm (suffix) Module: Loaded detail detail: detailfile = «/var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d» detail: detailperm = 384 detail: dirperm = 493 detail: locking = no Module: Instantiated detail (detail) Module: Loaded radutmp radutmp: filename = «/var/log/freeradius/radutmp» radutmp: username = «%{User-Name}» radutmp: case_sensitive = yes radutmp: check_with_nas = yes radutmp: perm = 384 radutmp: callerid = yes Module: Instantiated radutmp (radutmp) Module: Loaded eap eap: default_eap_type = «md5» eap: timer_expire = 60 eap: ignore_unknown_eap_types = no eap: cisco_accounting_username_bug = no rlm_eap: Loaded and initialized type md5 rlm_eap: Loaded and initialized type leap gtc: challenge = «Password: » gtc: auth_type = «PAP» rlm_eap: Loaded and initialized type gtc mschapv2: with_ntdomain_hack = no rlm_eap: Loaded and initialized type mschapv2 Module: Instantiated eap (eap) Listening on authentication *:1812 Listening on accounting *:1813 Ready to process requests. rad_recv: Access-Request packet from host 127.0.0.1:49438, id=218, length=143 Service-Type = Framed-User Framed-Protocol = PPP User-Name = «test» MS-CHAP-Challenge = 0x4878e56b3c8fee21ce8a877e3c23f45a MS-CHAP2-Response = 0x4e004bceb787a6812f4166b30ad9d7fb567400000000000000006d81680f61eadcf59318829a6ce188a3dee00ed1a6191cb0 Calling-Station-Id = «10.0.0.55» NAS-IP-Address = [nas-address] NAS-Port = 0 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module «preprocess» returns ok for request 0 modcall[authorize]: module «chap» returns noop for request 0 users: Matched entry DEFAULT at line 1 modcall[authorize]: module «files» returns ok for request 0 modcall: leaving group authorize (returns ok) for request 0 rad_check_password: Found Auth-Type Accept rad_check_password: Auth-Type = Accept, accepting the user Exec-Program output: Session-Timeout = 1843533, Framed-IP-Address = 10.0.0.96, Framed-IP-Netmask = 255.255.255.255, Exec-Program-Wait: value-pairs: Session-Timeout = 1843533, Framed-IP-Address = 10.0.0.96, Framed-IP-Netmask = 255.255.255.255, Exec-Program: returned: 0 Sending Access-Accept of id 218 to 127.0.0.1 port 49438 Session-Timeout = 1843533 Framed-IP-Address = 10.0.0.96 Framed-IP-Netmask = 255.255.255.255 Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 218 with timestamp 4e427f83 Nothing to do. Sleeping until we see a request.

[/code] естественно у виндовой машины вылазит ошибка 619 я так понимаю радиус разрешает авторизацию, а от пптпд нет вот собственно и вопрос почему так происходит и как с этим бороться??? Буду благодарен за ответы, по мере необходимости буду предоставлять конфиги.

himik220
(10.08.11 17:18:40 MSK) автор топика

пока не осилишь LORCODE, портянку твою вряд ли кто-то прочитать осилит

Pinkbyte ★★★★★
(10.08.11 20:50:55 MSK)

Ссылка

Ответ на: комментарий от himik220 10.08.11 17:18:40 MSK

Я пытался это осмыслить, но кроме сломанного мозга и красных глаз ничего другого у меня не получилось. Слушай друг, великие люди придумали LORCODE, пользуйся - помогает ;)

zloywolk
(11.08.11 09:07:09 MSK)

Ссылка

мне необходимо настроить ВПН с привязкой к радиусу при попытке подключится с виндовой машины лог pptpd

 Plugin /usr/lib/pptpd/pptpd-logwtmp.so loaded. 
pptpd-logwtmp: $Version$ 
using channel 98 Using interface ppp0 
Connect: ppp0 <--> /dev/pts/4 
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x316ae5da> <pcomp> <accomp>] 
rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x316ae5da> <pcomp> <accomp>] 
rcvd [LCP ConfReq id=0x1 <mru 1400> <magic 0x1755773> <pcomp> <accomp> <callback CBCP>] 
sent [LCP ConfRej id=0x1 <callback CBCP>] 
rcvd [LCP ConfReq id=0x2 <mru 1400> <magic 0x1755773> <pcomp> <accomp>] 
sent [LCP ConfAck id=0x2 <mru 1400> <magic 0x1755773> <pcomp> <accomp>] 
sent [LCP EchoReq id=0x0 magic=0x316ae5da] 
sent [CHAP Challenge id=0x4e <4878e56b3c8fee21ce8a877e3c23f45a>, name = "pptpd"] 
rcvd [LCP Ident id=0x3 magic=0x1755773 "MSRASV5.10"] 
rcvd [LCP Ident id=0x4 magic=0x1755773 "MSRAS-0-MELKOSOF-2A68F9"] 
rcvd [LCP EchoRep id=0x0 magic=0x1755773] 
rcvd [CHAP Response id=0x4e <4bceb787a6812f4166b30ad9d7fb567400000000000000006d81680f61eadcf59318829a6ce188 a3dee00ed1a6191cb000>, name = "test"] 
[b]rc_check_reply: received invalid reply digest from RADIUS server Peer test failed CHAP authentication[/b] 
sent [CHAP Failure id=0x4e ""] 
sent [LCP TermReq id=0x2 "Authentication failed"] rcvd [LCP TermAck id=0x2 "Authentication failed"] Connection terminated. RADATTR plugin removed file /var/run/radattr.ppp0.

himik220
(11.08.11 10:59:30 MSK) автор топика

Ссылка

выше я пометил жирным, как я понимаю саму проблему, вот только не знаю причин ее возникновения :-Р выхлоп радиуса

 
Starting - reading configuration files ... 
reread_config: reading radiusd.conf 
Config: including file: /etc/freeradius/proxy.conf 
Config: including file: /etc/freeradius/clients.conf 
Config: including file: /etc/freeradius/snmp.conf 
Config: including file: /etc/freeradius/eap.conf 
Config: including file: /etc/freeradius/sql.conf 
main: prefix = "/usr" 
main: localstatedir = "/var" 
main: logdir = "/var/log/freeradius" 
main: libdir = "/usr/lib/freeradius" 
main: radacctdir = "/var/log/freeradius/radacct" 
main: hostname_lookups = no 
main: snmp = no 
main: max_request_time = 30 
main: cleanup_delay = 5 
main: max_requests = 1024 
main: delete_blocked_requests = 0 
main: port = 0 main: allow_core_dumps = no 
main: log_stripped_names = no 
main: log_file = "/var/log/freeradius/radius.log" 
main: log_auth = no 
main: log_auth_badpass = no 
main: log_auth_goodpass = no 
main: pidfile = "/var/run/freeradius/freeradius.pid" 
main: user = "freerad" 
main: group = "freerad" 
main: usercollide = no 
main: lower_user = "no" 
main: lower_pass = "no" 
main: nospace_user = "no" 
main: nospace_pass = "no" 
main: checkrad = "/usr/sbin/checkrad" 
main: proxy_requests = yes 
proxy: retry_delay = 5 
proxy: retry_count = 3 
proxy: synchronous = no 
proxy: default_fallback = yes 
proxy: dead_time = 120 
proxy: post_proxy_authorize = no 
proxy: wake_all_if_all_dead = no 
security: max_attributes = 200 
security: reject_delay = 1 
security: status_server = no 
main: debug_level = 0 
read_config_files: 
reading dictionary 
read_config_files: reading naslist 
Using deprecated naslist file. Support for this will go away soon. read_config_files: reading clients 
read_config_files: reading realms 
radiusd: entering modules setup 
Module: Library search path is /usr/lib/freeradius 
Module: Loaded exec exec: wait = yes 
exec: program = "(null)" 
exec: input_pairs = "request" 
exec: output_pairs = "(null)" 
exec: packet_type = "(null)" 
rlm_exec: Wait=yes but no output defined. Did you mean output=none? Module: Instantiated exec (exec) 
Module: Loaded expr Module: Instantiated expr (expr) 
Module: Loaded CHAP Module: Instantiated chap (chap) 
Module: Loaded System 
unix: cache = no 
unix: passwd = "(null)" 
unix: shadow = "/etc/shadow" 
unix: group = "(null)" 
unix: radwtmp = "/var/log/freeradius/radwtmp" 
unix: usegroup = no 
unix: cache_reload = 600 
Module: Instantiated unix (unix) 
Module: Loaded preprocess 
preprocess: huntgroups = "/etc/freeradius/huntgroups" 
preprocess: hints = "/etc/freeradius/hints" 
preprocess: with_ascend_hack = no 
preprocess: ascend_channels_per_line = 23 
preprocess: with_ntdomain_hack = no 
preprocess: with_specialix_jetstream_hack = no 
preprocess: with_cisco_vsa_hack = no 
preprocess: with_alvarion_vsa_hack = no 
Module: Instantiated preprocess (preprocess) 
Module: Loaded files 
files: usersfile = "/etc/freeradius/users" 
files: acctusersfile = "/etc/freeradius/acct_users" 
files: preproxy_usersfile = "/etc/freeradius/preproxy_users" 
files: compat = "no" 
Module: Instantiated files (files) 
Module: Loaded Acct-Unique-Session-Id 
acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port" 
Module: Instantiated acct_unique (acct_unique) 
Module: Loaded realm 
realm: format = "suffix" 
realm: delimiter = "@" 
realm: ignore_default = no 
realm: ignore_null = no 
Module: Instantiated realm (suffix) 
Module: Loaded detail 
detail: detailfile = "/var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d" 
detail: detailperm = 384 
detail: dirperm = 493 
detail: locking = no 
Module: Instantiated detail (detail) 
Module: Loaded radutmp 
radutmp: filename = "/var/log/freeradius/radutmp" 
radutmp: username = "%{User-Name}" 
radutmp: case_sensitive = yes 
radutmp: check_with_nas = yes 
radutmp: perm = 384 
radutmp: callerid = yes 
Module: Instantiated radutmp (radutmp) 
Module: Loaded eap 
eap: default_eap_type = "md5" 
eap: timer_expire = 60 
eap: ignore_unknown_eap_types = no 
eap: cisco_accounting_username_bug = no 
rlm_eap: Loaded and initialized type md5 
rlm_eap: Loaded and initialized type leap 
gtc: challenge = "Password: " 
gtc: auth_type = "PAP" 
rlm_eap: Loaded and initialized type gtc 
mschapv2: with_ntdomain_hack = no 
rlm_eap: Loaded and initialized type mschapv2 
Module: Instantiated eap (eap) Listening on authentication *:1812 Listening on accounting *:1813 Ready to process requests. 
rad_recv: Access-Request packet from host 127.0.0.1:49438, id=218, length=143    
Service-Type = Framed-User    
Framed-Protocol = PPP    
User-Name = "test"    
MS-CHAP-Challenge = 0x4878e56b3c8fee21ce8a877e3c23f45a    
MS-CHAP2-Response = 0x4e004bceb787a6812f4166b30ad9d7fb567400000000000000006d81680f61eadcf59318829a6 ce188a3dee00ed1a6191cb0    
Calling-Station-Id = "10.0.0.55"    
NAS-IP-Address = [nas-address]    
NAS-Port = 0 
Processing the authorize section of radiusd.conf 
modcall: entering group authorize for request 0 
modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 users: Matched entry DEFAULT at line 1 
modcall[authorize]: module "files" returns ok for request 0 modcall: leaving group authorize (returns ok) for request 0 
rad_check_password: Found Auth-Type Accept 
rad_check_password: Auth-Type = Accept, accepting the user Exec-Program output: Session-Timeout = 1843533, 
Framed-IP-Address = 10.0.0.96, 
Framed-IP-Netmask = 255.255.255.255, 
Exec-Program-Wait: value-pairs: Session-Timeout = 1843533, 
Framed-IP-Address = 10.0.0.96, 
Framed-IP-Netmask = 255.255.255.255, 
Exec-Program: returned: 0 Sending Access-Accept of id 218 to 127.0.0.1 port 49438    Session-Timeout = 1843533    
Framed-IP-Address = 10.0.0.96    
Framed-IP-Netmask = 255.255.255.255 
Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 218 with timestamp 4e427f83 Nothing to do. Sleeping until we see a request.

естественно у виндовой машины вылазит ошибка 619 я так понимаю радиус разрешает авторизацию, а от пптпд нет вот собственно и вопрос почему так происходит и как с этим бороться??? Буду благодарен за ответы, по мере необходимости буду предоставлять конфиги.

himik220
(11.08.11 11:14:01 MSK) автор топика

Ссылка

прошу прощения, лоркод освоил, подправил, прошу модераторов затереть некорректно оформленные сообщения

himik220
(11.08.11 11:15:30 MSK) автор топика

Ответ на: комментарий от himik220 11.08.11 11:15:30 MSK

А шифрование?? Убери MS-CHAP и MS-PAP. Может поможет, чаще всего в этом именно и проблема. Я на микротике с такой траблой сталкивался и именно этот жест мне помог

zloywolk
(11.08.11 14:26:23 MSK)

Ответ на: комментарий от himik220 11.08.11 11:15:30 MSK

прошу прощения, лоркод освоил, подправил, прошу модераторов затереть некорректно оформленные сообщения

в принципе и самому можно удалить

zloywolk
(11.08.11 14:39:13 MSK)

Ссылка

Ответ на: комментарий от zloywolk 11.08.11 14:26:23 MSK

перепробовал разные типы авторизации, не помогает, РАР вообще отказался работать, только МS-CHAP, MS-CHAP-v2, CHAP, остался на первом, но при подключениях постоянно вылазит вот эта строчка в логе РРТР rc_check_reply: received invalid reply digest from RADIUS server Peer test failed CHAP authentication начинаю грешить на словари. Без плагинов окошки подключаются, в свойствах подключения видно MS-CHAP MPPE-128bit

himik220
(11.08.11 15:32:47 MSK) автор топика

Ответ на: комментарий от himik220 11.08.11 15:32:47 MSK

попробуй оставить только PAP, CHAP и в настройка подключения в окошках убери галку Требуется шифрование. 619 - это несостыковка в настройках безопасности.

zloywolk
(11.08.11 15:49:26 MSK)

Ответ на: комментарий от zloywolk 11.08.11 14:26:23 MSK

Ошибка
А шифрование?? Убери MS-CHAP и MS-PAP. Может поможет, чаще всего в этом именно и проблема. Я на микротике с такой траблой сталкивался и именно этот жест мне помог

Извиняюсь, ms-chap2

zloywolk
(11.08.11 16:25:12 MSK)

Ссылка

Ответ на: комментарий от zloywolk 11.08.11 15:49:26 MSK

переехал только на СНАР и РАР. При подключении без плагинов в «Состояние - Сведения - Проверка подлинности» написано MD5 CHAP. Как только подключу плагины история вновь повторяется. В настройках указано «шифрование данных - необязательное». Я все же думаю, это где-то косяк между фрирадиусом и радиусклиентом. Ведь радиус то авторизует, а от РРТР об этом не знает... и есть новые дебаг радиуса с параметрами настроенными на СНАР вот такое вот при подключении

Starting - reading configuration files ...
reread_config:  reading radiusd.conf
Config:   including file: /etc/freeradius/proxy.conf
Config:   including file: /etc/freeradius/clients.conf
Config:   including file: /etc/freeradius/snmp.conf
Config:   including file: /etc/freeradius/eap.conf
Config:   including file: /etc/freeradius/sql.conf
 main: prefix = "/usr"
 main: localstatedir = "/var"
 main: logdir = "/var/log/freeradius"
 main: libdir = "/usr/lib/freeradius"
 main: radacctdir = "/var/log/freeradius/radacct"
 main: hostname_lookups = no
 main: snmp = no
 main: max_request_time = 30
 main: cleanup_delay = 5
 main: max_requests = 1024
 main: delete_blocked_requests = 0
 main: port = 0
 main: allow_core_dumps = no
 main: log_stripped_names = no
 main: log_file = "/var/log/freeradius/radius.log"
 main: log_auth = no
 main: log_auth_badpass = no
 main: log_auth_goodpass = no
 main: pidfile = "/var/run/freeradius/freeradius.pid"
 main: user = "freerad"
 main: group = "freerad"
 main: usercollide = no
 main: lower_user = "no"
 main: lower_pass = "no"
 main: nospace_user = "no"
 main: nospace_pass = "no"
 main: checkrad = "/usr/sbin/checkrad"
 main: proxy_requests = yes
 proxy: retry_delay = 5
 proxy: retry_count = 3
 proxy: synchronous = no
 proxy: default_fallback = yes
 proxy: dead_time = 120
 proxy: post_proxy_authorize = no
 proxy: wake_all_if_all_dead = no
 security: max_attributes = 200
 security: reject_delay = 1
 security: status_server = no
 main: debug_level = 0
read_config_files:  reading dictionary
read_config_files:  reading naslist
Using deprecated naslist file.  Support for this will go away soon.
read_config_files:  reading clients
read_config_files:  reading realms
radiusd:  entering modules setup
Module: Library search path is /usr/lib/freeradius
Module: Loaded exec 
 exec: wait = yes
 exec: program = "(null)"
 exec: input_pairs = "request"
 exec: output_pairs = "(null)"
 exec: packet_type = "(null)"
rlm_exec: Wait=yes but no output defined. Did you mean output=none?
Module: Instantiated exec (exec) 
Module: Loaded expr 
Module: Instantiated expr (expr) 
Module: Loaded CHAP 
Module: Instantiated chap (chap) 
Module: Loaded MS-CHAP 
 mschap: use_mppe = yes
 mschap: require_encryption = no
 mschap: require_strong = no
 mschap: with_ntdomain_hack = no
 mschap: passwd = "(null)"
 mschap: ntlm_auth = "(null)"
Module: Instantiated mschap (mschap) 
Module: Loaded DIGEST 
Module: Instantiated digest (digest) 
Module: Loaded System 
 unix: cache = no
 unix: passwd = "(null)"
 unix: shadow = "/etc/shadow"
 unix: group = "(null)"
 unix: radwtmp = "/var/log/freeradius/radwtmp"
 unix: usegroup = no
 unix: cache_reload = 600
Module: Instantiated unix (unix) 
Module: Loaded preprocess 
 preprocess: huntgroups = "/etc/freeradius/huntgroups"
 preprocess: hints = "/etc/freeradius/hints"
 preprocess: with_ascend_hack = no
 preprocess: ascend_channels_per_line = 23
 preprocess: with_ntdomain_hack = no
 preprocess: with_specialix_jetstream_hack = no
 preprocess: with_cisco_vsa_hack = no
 preprocess: with_alvarion_vsa_hack = no
Module: Instantiated preprocess (preprocess) 
Module: Loaded files 
 files: usersfile = "/etc/freeradius/users"
 files: acctusersfile = "/etc/freeradius/acct_users"
 files: preproxy_usersfile = "/etc/freeradius/preproxy_users"
 files: compat = "no"
Module: Instantiated files (files) 
Module: Loaded Acct-Unique-Session-Id 
 acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port"
Module: Instantiated acct_unique (acct_unique) 
Module: Loaded realm 
 realm: format = "suffix"
 realm: delimiter = "@"
 realm: ignore_default = no
 realm: ignore_null = no
Module: Instantiated realm (suffix) 
Module: Loaded detail 
 detail: detailfile = "/var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
 detail: detailperm = 384
 detail: dirperm = 493
 detail: locking = no
Module: Instantiated detail (detail) 
Module: Loaded radutmp 
 radutmp: filename = "/var/log/freeradius/radutmp"
 radutmp: username = "%{User-Name}"
 radutmp: case_sensitive = yes
 radutmp: check_with_nas = yes
 radutmp: perm = 384
 radutmp: callerid = yes
Module: Instantiated radutmp (radutmp) 
Module: Loaded eap 
 eap: default_eap_type = "md5"
 eap: timer_expire = 60
 eap: ignore_unknown_eap_types = no
 eap: cisco_accounting_username_bug = no
rlm_eap: Loaded and initialized type md5
rlm_eap: Loaded and initialized type leap
 gtc: challenge = "Password: "
 gtc: auth_type = "PAP"
rlm_eap: Loaded and initialized type gtc
 mschapv2: with_ntdomain_hack = no
rlm_eap: Loaded and initialized type mschapv2
Module: Instantiated eap (eap) 
Listening on authentication *:1812
Listening on accounting *:1813
Ready to process requests.
rad_recv: Access-Request packet from host 127.0.0.1:44588, id=23, length=101
	Service-Type = Framed-User
	Framed-Protocol = PPP
	User-Name = "test"
	CHAP-Challenge = 0xcfe5cfa16f258f14e29c041e0d06acc21e61c3
	CHAP-Password = 0x62b92a02e5b1d2042ea741f7849d6331ea
	Calling-Station-Id = "10.0.0.55"
	NAS-IP-Address = 89.162.224.242
	NAS-Port = 0
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
  modcall[authorize]: module "preprocess" returns ok for request 0
  rlm_chap: Setting 'Auth-Type := CHAP'
  modcall[authorize]: module "chap" returns ok for request 0
  modcall[authorize]: module "mschap" returns noop for request 0
    users: Matched entry DEFAULT at line 1
  modcall[authorize]: module "files" returns ok for request 0
modcall: leaving group authorize (returns ok) for request 0
  rad_check_password:  Found Auth-Type CHAP
auth: type "CHAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group CHAP for request 0
  rlm_chap: login attempt by "test" with CHAP password
rlm_chap: Could not find clear text password for user test
  modcall[authenticate]: module "chap" returns invalid for request 0
modcall: leaving group CHAP (returns invalid) for request 0
auth: Failed to validate the user.
Delaying request 0 for 1 seconds
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 23 to 127.0.0.1 port 44588
Waking up in 4 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 23 with timestamp 4e43c8d5
Nothing to do.  Sleeping until we see a request.

himik220
(11.08.11 16:28:01 MSK) автор топика