LINUX.ORG.RU
решено ФорумAdmin

poptop + freeradius debian lenny


0

0

Никак не получается подружить этих двоих, точнее pptpd ничего не шлет радиусу. Логи радиуса вообще чистые.
лог pptpd

Apr 30 12:22:34 rtt pptpd[12009]: MGR: Reaped child 12446
Apr 30 12:22:34 rtt pptpd[12450]: MGR: Launching /usr/sbin/pptpctrl to handle client
Apr 30 12:22:34 rtt pptpd[12450]: CTRL: local address = 192.168.130.1
Apr 30 12:22:34 rtt pptpd[12450]: CTRL: remote address = 192.168.1.1
Apr 30 12:22:34 rtt  pptpd[12450]: CTRL: pppd options file = /etc/ppp/pptpd-options
Apr 30 12:22:34 rtt pptpd[12450]: CTRL: Received PPTP Control Message (type: 1)
Apr 30 12:22:34 rtt  pptpd[12450]: CTRL: Made a START CTRL CONN RPLY packet
Apr 30 12:22:34 rtt  pptpd[12450]: CTRL: I wrote 156 bytes to the client.
Apr 30 12:22:34 rtt pptpd[12450]: CTRL: Sent packet to client
Apr 30 12:22:34 rtt pptpd[12450]: CTRL: Received PPTP Control Message (type: 7)
Apr 30 12:22:34 rtt pptpd[12450]: CTRL: Set parameters to 100000000 maxbps, 64 window size
Apr 30 12:22:34 rtt pptpd[12450]: CTRL: Made a OUT CALL RPLY packet
Apr 30 12:22:34 rtt pptpd[12450]: CTRL: pty_fd = 6
Apr 30 12:22:34 rtt pptpd[12450]: CTRL: tty_fd = 7
Apr 30 12:22:34 rtt pptpd[12450]: CTRL: I wrote 32 bytes to the client.
Apr 30 12:22:34 rtt pptpd[12452]: CTRL (PPPD Launcher): program binary = /usr/sbin/pppd
Apr 30 12:22:34 rtt pptpd[12450]: CTRL: Sent packet to client
Apr 30 12:22:34 rtt pptpd[12452]: CTRL (PPPD Launcher): local address = 192.168.130.1
Apr 30 12:22:34 rtt pptpd[12452]: CTRL (PPPD Launcher): remote address = 192.168.1.1
Apr 30 12:22:34 rtt pptpd[12450]: CTRL: Reaping child PPP[12452]
Apr 30 12:22:34 rtt pptpd[12450]: CTRL: Exiting now
Apr 30 12:22:34 rtt pptpd[12009]: MGR: Reaped child 12450
Apr 30 12:22:35 rtt pptpd[12454]: MGR: Launching /usr/sbin/pptpctrl to handle client
Apr 30 12:22:35 rtt pptpd[12454]: CTRL: local address = 192.168.130.1
Apr 30 12:22:35 rtt pptpd[12454]: CTRL: remote address = 192.168.1.1
Apr 30 12:22:35 rtt pptpd[12454]: CTRL: pppd options file = /etc/ppp/pptpd-options
Apr 30 12:22:35 rtt pptpd[12454]: CTRL: Received PPTP Control Message (type: 1)
Apr 30 12:22:35 rtt pptpd[12454]: CTRL: Made a START CTRL CONN RPLY packet
Apr 30 12:22:35 rtt pptpd[12454]: CTRL: I wrote 156 bytes to the client.
Apr 30 12:22:35 rtt pptpd[12454]: CTRL: Sent packet to client
Apr 30 12:22:35 rtt pptpd[12454]: CTRL: Received PPTP Control Message (type: 7)
Apr 30 12:22:35 rtt pptpd[12454]: CTRL: Set parameters to 100000000 maxbps, 64 window size
Apr 30 12:22:35 rtt pptpd[12454]: CTRL: Made a OUT CALL RPLY packet
Apr 30 12:22:35 rtt pptpd[12454]: CTRL: pty_fd = 6
Apr 30 12:22:35 rtt pptpd[12454]: CTRL: tty_fd = 7
Apr 30 12:22:35 rtt pptpd[12454]: CTRL: I wrote 32 bytes to the client.
Apr 30 12:22:35 rtt pptpd[12454]: CTRL: Sent packet to client
Apr 30 12:22:35 rtt pptpd[12455]: CTRL (PPPD Launcher): program binary = /usr/sbin/pppd
Apr 30 12:22:35 rtt pptpd[12455]: CTRL (PPPD Launcher): local address = 192.168.130.1
Apr 30 12:22:35 rtt pptpd[12455]: CTRL (PPPD Launcher): remote address = 192.168.1.1
Apr 30 12:22:35 rtt pptpd[12454]: CTRL: Reaping child PPP[12455]
Apr 30 12:22:35 rtt pptpd[12454]: CTRL: Exiting now
Apr 30 12:22:35 rtt pptpd[12009]: MGR: Reaped child 12454

ppp вообще ничего не пишет, однако если отключить плагины для радиуса то видно такое

Apr 30 12:20:37 rtt pppd[11899]: Plugin /usr/lib/pptpd/pptpd-logwtmp.so loaded.
Apr 30 12:20:37 rtt pppd[11899]: pptpd-logwtmp: $Version$
Apr 30 12:20:37 rtt pppd[11899]: pppd 2.4.4 started by root, uid 0
Apr 30 12:20:37 rtt pppd[11899]: Using interface ppp0
Apr 30 12:20:37 rtt pppd[11899]: Connect: ppp0 <--> /dev/pts/3
Apr 30 12:20:37 rtt pppd[11899]: Peer test failed CHAP authentication
Apr 30 12:20:37 rtt pppd[11899]: Connection terminated.
Apr 30 12:20:37 rtt pppd[11899]: Exit.

конфиги
/etc/pptpd.conf

ppp /usr/sbin/pppd
option /etc/ppp/pptpd-options
debug
noipparam
logwtmp
localip 192.168.130.1


/etc/ppp/pptpd-options

plugin radattr.so
plugin radius.so
name pptpd
refuse-pap
refuse-chap
refuse-mschap
require-mschap-v2
require-mppe-128
ms-dns 8.8.8.8
ms-dns 8.8.4.4
proxyarp
nodefaultroute
debug
lock
nobsdcomp
radius-config-file /etc/radiusclient-ng/radiusclient.conf

/etc/radiusclient-ng/radiusclient.conf

auth_order      radius
login_tries     4
login_timeout   60
nologin /etc/nologin
issue   /etc/radiusclient-ng/issue
authserver      localhost
acctserver      localhost
servers         /etc/radiusclient-ng/servers
dictionary      /etc/radiusclient-ng/dictionary
login_radius    /usr/sbin/login.radius
seqfile         /var/run/radius.seq
mapfile         /etc/radiusclient-ng/port-id-map
default_realm
radius_timeout  10
radius_retries  3
bindaddr *
login_local     /bin/login

/etc/radiusclient-ng/servers

localhost                                       testing123

Спасибо

Ответ на: комментарий от ventilator

Не помогло, вообще разницы не заметно. Выложу лог ррадиуса в дебаг режиме.

FreeRADIUS Version 2.0.4, for host i486-pc-linux-gnu, built on Sep  7 2008 at 23:35:34
Copyright (C) 1999-2008 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License.
Starting - reading configuration files ...
including configuration file /etc/freeradius/radiusd.conf
including configuration file /etc/freeradius/clients.conf
including files in directory /etc/freeradius/modules/
including configuration file /etc/freeradius/eap.conf
including configuration file /etc/freeradius/policy.conf
including configuration file /etc/freeradius/sites-enabled/abills_default
including dictionary file /etc/freeradius/dictionary
main {
        prefix = "/usr/local"
        localstatedir = "/var"
        logdir = "/var/log/freeradius"
        libdir = "/usr/local/lib/freeradius-2.1.6"
        radacctdir = "/var/log/freeradius/radacct"
        hostname_lookups = no
        max_request_time = 30
        cleanup_delay = 5
        max_requests = 1024
        allow_core_dumps = no
        pidfile = "/var/run/radiusd/radiusd.pid"
        user = "freeradius"
        group = "freeradius"
        checkrad = "/usr/local/sbin/checkrad"
        debug_level = 0
        proxy_requests = no
 security {
        max_attributes = 200
        reject_delay = 1
        status_server = yes
 }
}
 client localhost {
        ipaddr = 127.0.0.1
        require_message_authenticator = no
        secret = "testing123"
        nastype = "other"
 }
radiusd: #### Loading Realms and Home Servers ####
radiusd: #### Instantiating modules ####
 instantiate {
 Module: Linked to module rlm_preprocess
 Module: Instantiating preprocess
  preprocess {
        huntgroups = "/etc/freeradius/huntgroups"
        hints = "/etc/freeradius/hints"
        with_ascend_hack = no
        ascend_channels_per_line = 23
        with_ntdomain_hack = no
        with_specialix_jetstream_hack = no
        with_cisco_vsa_hack = no
        with_alvarion_vsa_hack = no
  }
 Module: Linked to module rlm_files
 Module: Instantiating files
  files {
        usersfile = "/etc/freeradius/users"
        acctusersfile = "/etc/freeradius/acct_users"
        preproxy_usersfile = "/etc/freeradius/preproxy_users"
        compat = "no"
  }
 }
radiusd: #### Loading Virtual Servers ####
server {
 modules {
 Module: Checking authorize {...} for more modules to load
 Module: Linked to module rlm_mschap
 Module: Instantiating mschap
  mschap {
        use_mppe = yes
        require_encryption = no
        require_strong = no
        with_ntdomain_hack = no
  }
 Module: Linked to module rlm_exec
 Module: Instantiating abills_auth
  exec abills_auth {
        wait = yes
        program = "/usr/abills/libexec/rauth.pl"
        input_pairs = "request"
        output_pairs = "reply"
        shell_escape = yes
  }
 Module: Instantiating abills_preauth
  exec abills_preauth {
        wait = yes
        program = "/usr/abills/libexec/rauth.pl pre_auth"
        input_pairs = "request"
        output_pairs = "config"
        shell_escape = yes
  }
 Module: Checking preacct {...} for more modules to load
 Module: Instantiating abills_acc
  exec abills_acc {
        wait = yes
        program = "/usr/abills/libexec/racct.pl"
        input_pairs = "request"
        output_pairs = "reply"
        shell_escape = yes
  }
 Module: Checking accounting {...} for more modules to load
 Module: Linked to module rlm_detail
 Module: Instantiating detail
  detail {
        detailfile = "/var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
        header = "%t"
        detailperm = 384
        dirperm = 493
        locking = no
        log_packet_header = no
  }
 Module: Linked to module rlm_unix
 Module: Instantiating unix
  unix {
        radwtmp = "/var/log/freeradius/radwtmp"
  }
 Module: Linked to module rlm_radutmp
 Module: Instantiating radutmp
  radutmp {
        filename = "/var/log/freeradius/radutmp"
        username = "%{User-Name}"
        case_sensitive = yes
        check_with_nas = yes
        perm = 384
        callerid = yes
  }
 Module: Linked to module rlm_attr_filter
 Module: Instantiating attr_filter.accounting_response
  attr_filter attr_filter.accounting_response {
        attrsfile = "/etc/freeradius/attrs.accounting_response"
        key = "%{User-Name}"
  }
 Module: Checking session {...} for more modules to load
 Module: Checking post-proxy {...} for more modules to load
 Module: Linked to module rlm_eap
 Module: Instantiating eap
  eap {
        default_eap_type = "md5"
        timer_expire = 60
        ignore_unknown_eap_types = no
        cisco_accounting_username_bug = no
  }
 Module: Linked to sub-module rlm_eap_md5
 Module: Instantiating eap-md5
 Module: Linked to sub-module rlm_eap_leap
 Module: Instantiating eap-leap
 Module: Linked to sub-module rlm_eap_gtc
 Module: Instantiating eap-gtc
   gtc {
        challenge = "Password: "
        auth_type = "PAP"
   }
rlm_eap: Ignoring EAP-Type/tls because we do not have OpenSSL support.
rlm_eap: Ignoring EAP-Type/ttls because we do not have OpenSSL support.
rlm_eap: Ignoring EAP-Type/peap because we do not have OpenSSL support.
 Module: Linked to sub-module rlm_eap_mschapv2
 Module: Instantiating eap-mschapv2
   mschapv2 {
        with_ntdomain_hack = no
   }
 Module: Checking post-auth {...} for more modules to load
 Module: Instantiating abills_postauth
  exec abills_postauth {
        wait = yes
        program = "/usr/abills/libexec/rauth.pl post_auth"
        input_pairs = "request"
        output_pairs = "config"
        shell_escape = yes
  }
 }
}
radiusd: #### Opening IP addresses and Ports ####
listen {
        type = "auth"
        ipaddr = *
        port = 0
}
listen {
        type = "acct"
        ipaddr = *
        port = 0
}
main {
        snmp = no
        smux_password = ""
        snmp_write_access = no
}
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Ready to process requests.

Еще отписал в мейллист поптопа.

testuser123 ()
Ответ на: комментарий от testuser123

Надо было поменять местами plugin radattr.so plugin radius.so =)

теперь новая

May  1 16:05:50 rtt pptpd[7836]: MGR: Launching /usr/sbin/pptpctrl to handle client
May  1 16:05:50 rtt pptpd[7836]: CTRL: local address = 192.168.130.1
May  1 16:05:50 rtt pptpd[7836]: CTRL: remote address = 192.168.1.1
May  1 16:05:50 rtt pptpd[7836]: CTRL: pppd options file = /etc/ppp/pptpd-options
May  1 16:05:50 rtt pptpd[7836]: CTRL: Received PPTP Control Message (type: 1)
May  1 16:05:50 rtt pptpd[7836]: CTRL: Made a START CTRL CONN RPLY packet
May  1 16:05:50 rtt pptpd[7836]: CTRL: I wrote 156 bytes to the client.
May  1 16:05:50 rtt pptpd[7836]: CTRL: Sent packet to client
May  1 16:05:50 rtt pptpd[7836]: CTRL: Received PPTP Control Message (type: 7)
May  1 16:05:50 rtt pptpd[7836]: CTRL: Set parameters to 100000000 maxbps, 64 window size
May  1 16:05:50 rtt pptpd[7836]: CTRL: Made a OUT CALL RPLY packet
May  1 16:05:50 rtt pptpd[7836]: CTRL: pty_fd = 6
May  1 16:05:50 rtt pptpd[7836]: CTRL: tty_fd = 7
May  1 16:05:50 rtt pptpd[7837]: CTRL (PPPD Launcher): program binary = /usr/sbin/pppd
May  1 16:05:50 rtt pptpd[7837]: CTRL (PPPD Launcher): local address = 192.168.130.1
May  1 16:05:50 rtt pptpd[7837]: CTRL (PPPD Launcher): remote address = 192.168.1.1
May  1 16:05:50 rtt pptpd[7836]: CTRL: I wrote 32 bytes to the client.
May  1 16:05:50 rtt pptpd[7836]: CTRL: Sent packet to client
May  1 16:05:50 rtt pppd[7837]: using channel 51
May  1 16:05:50 rtt pptpd[7836]: CTRL: Received PPTP Control Message (type: 15)
May  1 16:05:50 rtt pptpd[7836]: CTRL: Got a SET LINK INFO packet with standard ACCMs
May  1 16:05:50 rtt pptpd[7836]: GRE: accepting packet #0
May  1 16:05:50 rtt pppd[7837]: sent [LCP ConfReq id=0x1 <mru 1450> <asyncmap 0x0> <auth chap MS-v2> <magic 0x8d0dc1ac>]
May  1 16:05:50 rtt pppd[7837]: rcvd [LCP ConfReq id=0x0 <mru 1400> <magic 0x12691923> <pcomp> <accomp> <callback CBCP>]
May  1 16:05:50 rtt pppd[7837]: sent [LCP ConfRej id=0x0 <pcomp> <accomp> <callback CBCP>]
May  1 16:05:52 rtt pptpd[7836]: GRE: accepting packet #1
May  1 16:05:52 rtt pppd[7837]: rcvd [LCP ConfReq id=0x1 <mru 1400> <magic 0x12691923> <pcomp> <accomp> <callback CBCP>]
May  1 16:05:52 rtt pppd[7837]: sent [LCP ConfRej id=0x1 <pcomp> <accomp> <callback CBCP>]
May  1 16:05:53 rtt pppd[7837]: sent [LCP ConfReq id=0x1 <mru 1450> <asyncmap 0x0> <auth chap MS-v2> <magic 0x8d0dc1ac>]
May  1 16:05:56 rtt pppd[7837]: sent [LCP ConfReq id=0x1 <mru 1450> <asyncmap 0x0> <auth chap MS-v2> <magic 0x8d0dc1ac>]
May  1 16:05:59 rtt pppd[7837]: sent [LCP ConfReq id=0x1 <mru 1450> <asyncmap 0x0> <auth chap MS-v2> <magic 0x8d0dc1ac>]
May  1 16:06:02 rtt pppd[7837]: sent [LCP ConfReq id=0x1 <mru 1450> <asyncmap 0x0> <auth chap MS-v2> <magic 0x8d0dc1ac>]
May  1 16:06:05 rtt pppd[7837]: sent [LCP ConfReq id=0x1 <mru 1450> <asyncmap 0x0> <auth chap MS-v2> <magic 0x8d0dc1ac>]
May  1 16:06:07 rtt pptpd[7836]: GRE: buffering packet #5 (expecting #2, lost or reordered)
May  1 16:06:08 rtt pppd[7837]: sent [LCP ConfReq id=0x1 <mru 1450> <asyncmap 0x0> <auth chap MS-v2> <magic 0x8d0dc1ac>]
May  1 16:06:11 rtt pptpd[7836]: GRE: timeout waiting for 3 packets
May  1 16:06:11 rtt pptpd[7836]: GRE: accepting #5 from queue
May  1 16:06:11 rtt pppd[7837]: rcvd [LCP ConfReq id=0x5 <mru 1400> <magic 0x12691923> <pcomp> <accomp> <callback CBCP>]
May  1 16:06:11 rtt pppd[7837]: sent [LCP ConfRej id=0x5 <pcomp> <accomp> <callback CBCP>]
May  1 16:06:11 rtt pptpd[7836]: GRE: accepting packet #6
May  1 16:06:11 rtt pppd[7837]: rcvd [LCP ConfReq id=0x6 <mru 1400> <magic 0x12691923> <pcomp> <accomp> <callback CBCP>]
May  1 16:06:11 rtt pppd[7837]: sent [LCP ConfRej id=0x6 <pcomp> <accomp> <callback CBCP>]
May  1 16:06:11 rtt pppd[7837]: sent [LCP ConfReq id=0x1 <mru 1450> <asyncmap 0x0> <auth chap MS-v2> <magic 0x8d0dc1ac>]
May  1 16:06:14 rtt pppd[7837]: sent [LCP ConfReq id=0x1 <mru 1450> <asyncmap 0x0> <auth chap MS-v2> <magic 0x8d0dc1ac>]
May  1 16:06:15 rtt pptpd[7836]: GRE: accepting packet #7
May  1 16:06:15 rtt pppd[7837]: rcvd [LCP ConfReq id=0x7 <mru 1400> <magic 0x12691923> <pcomp> <accomp> <callback CBCP>]
May  1 16:06:15 rtt pppd[7837]: sent [LCP ConfRej id=0x7 <pcomp> <accomp> <callback CBCP>]
May  1 16:06:17 rtt pppd[7837]: sent [LCP ConfReq id=0x1 <mru 1450> <asyncmap 0x0> <auth chap MS-v2> <magic 0x8d0dc1ac>]
May  1 16:06:19 rtt pptpd[7836]: GRE: accepting packet #8
May  1 16:06:19 rtt pppd[7837]: rcvd [LCP ConfReq id=0x8 <mru 1400> <magic 0x12691923> <pcomp> <accomp> <callback CBCP>]
May  1 16:06:19 rtt pppd[7837]: sent [LCP ConfRej id=0x8 <pcomp> <accomp> <callback CBCP>]
May  1 16:06:20 rtt pppd[7837]: RADATTR plugin removed file /var/run/radattr.ppp0.
May  1 16:06:20 rtt pptpd[7836]: CTRL: Reaping child PPP[7837]
May  1 16:06:20 rtt pptpd[7836]: CTRL: Exiting now
May  1 16:06:20 rtt pptpd[7660]: MGR: Reaped child 7836

testuser123 ()
Вы не можете добавлять комментарии в эту тему. Тема перемещена в архив.