MPD 5.0b1 + FreeRADIUS Version 1.1.7 ошибка 734

Проблемы установки, настройки и работы Правильной Операционной Системы

Модератор: terminus

Правила форума
Убедительная просьба юзать теги [cоde] при оформлении листингов.
Сообщения не оформленные должным образом имеют все шансы быть незамеченными.
pawko
рядовой
Сообщения: 20
Зарегистрирован: 2008-11-21 18:41:00

MPD 5.0b1 + FreeRADIUS Version 1.1.7 ошибка 734

Непрочитанное сообщение pawko » 2008-11-21 18:54:32

проблема... мпд обрубает линк! При том вот что пишет

MPD
[L-1] Accepting PPTP connection
[L-1] link: OPEN event
[L-1] LCP: Open event
[L-1] LCP: state change Initial --> Starting
[L-1] LCP: LayerStart
[L-1] PPTP: attaching to peer's outgoing call
[L-1] link: UP event
[L-1] link: origination is remote
[L-1] LCP: Up event
[L-1] LCP: state change Starting --> Req-Sent
[L-1] LCP: SendConfigReq #1
ACFCOMP
PROTOCOMP
MRU 1500
MAGICNUM 46e73799
AUTHPROTO CHAP MSOFTv2
MP MRRU 1600
ENDPOINTDISC [802.1] 00 15 f2 60 31 ce
[L-1] LCP: rec'd Configure Request #0 (Req-Sent)
MRU 1400
MAGICNUM 0a891978
PROTOCOMP
ACFCOMP
CALLBACK 6
[L-1] LCP: SendConfigRej #0
CALLBACK 6
[L-1] LCP: rec'd Configure Request #1 (Req-Sent)
MRU 1400
MAGICNUM 0a891978
PROTOCOMP
ACFCOMP
[L-1] LCP: SendConfigAck #1
MRU 1400
MAGICNUM 0a891978
PROTOCOMP
ACFCOMP
[L-1] LCP: state change Req-Sent --> Ack-Sent
[L-1] LCP: SendConfigReq #2
ACFCOMP
PROTOCOMP
MRU 1500
MAGICNUM 46e73799
AUTHPROTO CHAP MSOFTv2
MP MRRU 1600
ENDPOINTDISC [802.1] 00 15 f2 60 31 ce
[L-1] LCP: rec'd Configure Reject #2 (Ack-Sent)
MP MRRU 1600
ENDPOINTDISC [802.1] 00 15 f2 60 31 ce
[L-1] LCP: SendConfigReq #3
ACFCOMP
PROTOCOMP
MRU 1500
MAGICNUM 46e73799
AUTHPROTO CHAP MSOFTv2
[L-1] LCP: rec'd Configure Ack #3 (Ack-Sent)
ACFCOMP
PROTOCOMP
MRU 1500
MAGICNUM 46e73799
AUTHPROTO CHAP MSOFTv2
[L-1] LCP: state change Ack-Sent --> Opened
[L-1] LCP: auth: peer wants nothing, I want CHAP
[L-1] CHAP: sending CHALLENGE len:17
[L-1] LCP: LayerUp
[L-1] LCP: rec'd Ident #2 (Opened)
[L-1] LCP: rec'd Ident #3 (Opened)
[L-1] CHAP: rec'd RESPONSE #1
Name: "user"
[L-1] AUTH: Auth-Thread started
[L-1] AUTH: Trying RADIUS
[L-1] RADIUS: RadiusAuthenticate for: user
[L-1] RADIUS: rec'd RAD_ACCESS_ACCEPT for user user
[L-1] AUTH: RADIUS returned authenticated
[L-1] AUTH: Auth-Thread finished normally
[L-1] CHAP: ChapInputFinish: status authenticated
Reply message: S=6DDBB7E7A74CCD77F7C807045E5F94AC662A7634
[L-1] CHAP: sending SUCCESS len:42
[L-1] LCP: authorization successful
[L-1] Matched link action 'bundle "B" ""'
[L-1] Creating new bundle using template "B".
[B-1] using interface ng0
[B-1] Bundle up: 1 link, total bandwidth 64000 bps
[B-1] IPCP: Open event
[B-1] IPCP: state change Initial --> Starting
[B-1] IPCP: LayerStart
[B-1] CCP: Open event
[B-1] CCP: state change Initial --> Starting
[B-1] CCP: LayerStart
[B-1] IPCP: Up event
[B-1] IPCP: state change Starting --> Req-Sent
[B-1] IPCP: SendConfigReq #1
IPADDR 10.0.16.10
COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
[B-1] CCP: Up event
[B-1] CCP: state change Starting --> Req-Sent
[B-1] CCP: SendConfigReq #1
MPPC
0x01000060:MPPE(40, 128 bits), stateless
[B-1] CCP: rec'd Configure Request #4 (Req-Sent)
MPPC
0x01000001:MPPC, stateless
[B-1] CCP: SendConfigNak #4
MPPC
0x01000060:MPPE(40, 128 bits), stateless
[B-1] IPCP: rec'd Configure Request #5 (Req-Sent)
IPADDR 0.0.0.0
NAKing with 10.0.16.130
PRIDNS 0.0.0.0
NAKing with 10.0.31.1
PRINBNS 0.0.0.0
SECDNS 0.0.0.0
SECNBNS 0.0.0.0
[B-1] IPCP: SendConfigRej #5
PRINBNS 0.0.0.0
SECDNS 0.0.0.0
SECNBNS 0.0.0.0
[B-1] IPCP: rec'd Configure Reject #1 (Req-Sent)
COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
[B-1] IPCP: SendConfigReq #2
IPADDR 10.0.16.10
[B-1] CCP: rec'd Configure Nak #1 (Req-Sent)
MPPC
0x01000040:MPPE(128 bits), stateless
[B-1] CCP: SendConfigReq #2
MPPC
0x01000040:MPPE(128 bits), stateless
[B-1] CCP: rec'd Configure Request #6 (Req-Sent)
MPPC
0x01000040:MPPE(128 bits), stateless
[B-1] CCP: SendConfigAck #6
MPPC
0x01000040:MPPE(128 bits), stateless
[B-1] CCP: state change Req-Sent --> Ack-Sent
[B-1] IPCP: rec'd Configure Request #7 (Req-Sent)
IPADDR 0.0.0.0
NAKing with 10.0.16.130
PRIDNS 0.0.0.0
NAKing with 10.0.31.1
[B-1] IPCP: SendConfigNak #7
IPADDR 10.0.16.130
PRIDNS 10.0.31.1
[B-1] IPCP: rec'd Configure Ack #2 (Req-Sent)
IPADDR 10.0.16.10
[B-1] IPCP: state change Req-Sent --> Ack-Rcvd
[B-1] CCP: rec'd Configure Ack #2 (Ack-Sent)
MPPC
0x01000040:MPPE(128 bits), stateless
[B-1] CCP: state change Ack-Sent --> Opened
[B-1] CCP: LayerUp
Compress using: mppc (MPPE(128 bits), stateless)
Decompress using: mppc (MPPE(128 bits), stateless)
[B-1] IPCP: rec'd Configure Request #8 (Ack-Rcvd)
IPADDR 10.0.16.130
10.0.16.130 is OK
PRIDNS 10.0.31.1
[B-1] IPCP: SendConfigAck #8
IPADDR 10.0.16.130
PRIDNS 10.0.31.1
[B-1] IPCP: state change Ack-Rcvd --> Opened
[B-1] IPCP: LayerUp
10.0.16.10 -> 10.0.16.130
[L-1] AUTH: Accounting-Thread started
[L-1] RADIUS: RadiusAccount for: user (Type: 1)
[L-1] RADIUS: rec'd RAD_ACCOUNTING_RESPONSE for user user
[L-1] RADIUS: RadiusGetParams: WARNING no MPPE-Keys received, MPPE will not work
[B-1] IFACE: Up event
[B-1] IPCP: rec'd Terminate Request #9 (Opened)
[B-1] IPCP: state change Opened --> Stopping
[B-1] IPCP: SendTerminateAck #3
[B-1] IPCP: LayerDown
[B-1] IFACE: Down event
[L-1] AUTH: Accounting-Thread finished normally
[B-1] IPCP: rec'd Terminate Request #10 (Stopping)
[B-1] IPCP: SendTerminateAck #4
[B-1] IPCP: state change Stopping --> Stopped
[B-1] IPCP: LayerFinish
[B-1] No NCPs left. Closing links...
[B-1] closing link "L-1"...
[L-1] link: CLOSE event
[L-1] LCP: Close event
[L-1] LCP: state change Opened --> Closing
[L-1] AUTH: Accounting data for user user: 5 seconds, 180 octets in, 150 octets out
[B-1] Bundle up: 0 links, total bandwidth 9600 bps
[B-1] IPCP: Close event
[B-1] IPCP: state change Stopped --> Closed
[B-1] CCP: Close event
[B-1] CCP: state change Opened --> Closing
[B-1] CCP: SendTerminateReq #3
[B-1] error writing len 8 frame to bypass: Network is down
[B-1] CCP: LayerDown
[B-1] IPCP: Down event
[B-1] IPCP: state change Closed --> Initial
[B-1] CCP: Down event
[B-1] CCP: LayerFinish
[B-1] CCP: state change Closing --> Initial
[B-1] Bundle shutdown
[L-1] AUTH: Cleanup
[L-1] LCP: SendTerminateReq #4
[L-1] LCP: LayerDown
[L-1] AUTH: Accounting-Thread started
[L-1] RADIUS: RadiusAccount for: user (Type: 2)
[L-1] RADIUS: Termination cause: Protocol error, RADIUS: 15
[L-1] LCP: rec'd Terminate Ack #4 (Closing)
[L-1] LCP: state change Closing --> Closed
[L-1] LCP: LayerFinish
[L-1] PPTP call terminated
[L-1] link: DOWN event
[L-1] LCP: Down event
[L-1] LCP: state change Closed --> Initial
[L-1] link: SHUTDOWN event
[L-1] RADIUS: rec'd RAD_ACCOUNTING_RESPONSE for user user
[L-1] RADIUS: RadiusGetParams: WARNING no MPPE-Keys received, MPPE will not work
[L-1] AUTH: Accounting-Thread finished normally
Или может я что-то не понимаю... радиус вроде нормально отрабатывает... вот вывод radius -X

Radius
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file: /usr/local/etc/raddb/clients.conf
main: prefix = "/usr/local"
main: localstatedir = "/var"
main: logdir = "/var/log"
main: libdir = "/usr/local/lib"
main: radacctdir = "/var/log/radacct"
main: hostname_lookups = no
main: snmp = no
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 2048
main: delete_blocked_requests = 0
main: port = 0
main: allow_core_dumps = no
main: log_stripped_names = no
main: log_file = "/var/log/radius.log"
main: log_auth = no
main: log_auth_badpass = no
main: log_auth_goodpass = no
main: pidfile = "/var/run/radiusd/radiusd.pid"
main: user = "(null)"
main: group = "(null)"
main: usercollide = no
main: lower_user = "no"
main: lower_pass = "no"
main: nospace_user = "no"
main: nospace_pass = "no"
main: checkrad = "/usr/local/sbin/checkrad"
main: proxy_requests = no
security: max_attributes = 200
security: reject_delay = 1
security: status_server = no
main: debug_level = 0
read_config_files: reading dictionary
read_config_files: reading naslist
Using deprecated naslist file. Support for this will go away soon.
read_config_files: reading clients
read_config_files: reading realms
radiusd: entering modules setup
Module: Library search path is /usr/local/lib
Module: Loaded exec
exec: wait = yes
exec: program = "(null)"
exec: input_pairs = "request"
exec: output_pairs = "(null)"
exec: packet_type = "(null)"
rlm_exec: Wait=yes but no output defined. Did you mean output=none?
Module: Instantiated exec (exec)
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded PAP
pap: encryption_scheme = "crypt"
pap: auto_header = yes
Module: Instantiated pap (pap)
Module: Loaded CHAP
Module: Instantiated chap (chap)
Module: Loaded MS-CHAP
mschap: use_mppe = yes
mschap: require_encryption = no
mschap: require_strong = no
mschap: with_ntdomain_hack = no
mschap: passwd = "(null)"
mschap: ntlm_auth = "(null)"
Module: Instantiated mschap (mschap)
Module: Loaded perl
perl: module = "/usr/abills/libexec/rlm_perl.pl"
perl: func_authorize = "authorize"
perl: func_authenticate = "authenticate"
perl: func_accounting = "accounting"
perl: func_preacct = "preacct"
perl: func_checksimul = "checksimul"
perl: func_detach = "detach"
perl: func_xlat = "xlat"
perl: func_pre_proxy = "pre_proxy"
perl: func_post_proxy = "post_proxy"
perl: func_post_auth = "post_auth"
perl: perl_flags = "(null)"
perl: func_start_accounting = "(null)"
perl: func_stop_accounting = "(null)"
Subroutine access_deny redefined at /usr/abills/libexec/rauth.pl line 254.
Reply-Message = "Unknow server ''"
Module: Instantiated perl (perl)
Module: Loaded preprocess
preprocess: huntgroups = "/usr/local/etc/raddb/huntgroups"
preprocess: hints = "/usr/local/etc/raddb/hints"
preprocess: with_ascend_hack = no
preprocess: ascend_channels_per_line = 23
preprocess: with_ntdomain_hack = no
preprocess: with_specialix_jetstream_hack = no
preprocess: with_cisco_vsa_hack = no
preprocess: with_alvarion_vsa_hack = no
Module: Instantiated preprocess (preprocess)
exec: wait = yes
exec: program = "/usr/abills/libexec/rauth.pl pre_auth"
exec: input_pairs = "request"
exec: output_pairs = "config"
exec: packet_type = "(null)"
Module: Instantiated exec (pre_auth)
Module: Loaded Acct-Unique-Session-Id
acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port"
Module: Instantiated acct_unique (acct_unique)
exec: wait = yes
exec: program = "/usr/abills/libexec/rauth.pl post_auth"
exec: input_pairs = "request"
exec: output_pairs = "config"
exec: packet_type = "(null)"
Module: Instantiated exec (post_auth)
Listening on authentication *:1812
Listening on accounting *:1813
Ready to process requests.
rad_recv: Access-Request packet from host 127.0.0.1:60138, id=147, length=194
NAS-Identifier = "kvhoit02.delta.internal"
NAS-IP-Address = 127.0.0.1
Message-Authenticator = 0xaf8ae6e997dfe682431a9fee61ca472b
NAS-Port = 1
NAS-Port-Type = Virtual
Service-Type = Framed-User
Framed-Protocol = PPP
Calling-Station-Id = "10.0.16.130"
User-Name = "user"
MS-CHAP-Challenge = 0xbb1e68e5f9f7e4075717f80a8b357f6c
MS-CHAP2-Response = 0x010088f0b2f0147130c86acfc4a2720fceb90000000000000000f31d540213dbeb829e8d7c30249d93f0a18c14bfbce5fd0a
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
rlm_mschap: Found MS-CHAP attributes. Setting 'Auth-Type = mschap'
modcall[authorize]: module "mschap" returns ok for request 0
Exec-Program output: User-Password == "1234567890"
Exec-Program-Wait: value-pairs: User-Password == "1234567890"
Exec-Program: returned: 0
modcall[authorize]: module "pre_auth" returns ok for request 0
Using perl at 0x2040c136
User-Password == "1234567890"rlm_perl: Added pair Session-Timeout = 7400
rlm_perl: Added pair MS-MPPE-Encryption-Types = 0x00000006
rlm_perl: Added pair Framed-IP-Address = 10.0.16.130
rlm_perl: Added pair Framed-IP-Netmask = 255.255.255.0
rlm_perl: Added pair MS-CHAP2-SUCCESS = 0x01533d33443836384642353943373731363832373033413345424542313032464630324331333133393835
rlm_perl: Added pair MS-MPPE-Encryption-Policy = 0x00000001
rlm_perl: Added pair User-Password = 1234567890
rlm_perl: Added pair Auth-Type = MS-CHAP
modcall[authorize]: module "perl" returns ok for request 0
modcall: leaving group authorize (returns ok) for request 0
rad_check_password: Found Auth-Type MS-CHAP
auth: type "MS-CHAP"
Processing the authenticate section of radiusd.conf
modcall: entering group MS-CHAP for request 0
rlm_mschap: Told to do MS-CHAPv2 for user with NT-Password
rlm_mschap: adding MS-CHAPv2 MPPE keys
modcall[authenticate]: module "mschap" returns ok for request 0
modcall: leaving group MS-CHAP (returns ok) for request 0
Sending Access-Accept of id 147 to 127.0.0.1 port 60138
Session-Timeout = 7400
MS-MPPE-Encryption-Types = 0x00000006
Framed-IP-Address = 10.0.16.130
Framed-IP-Netmask = 255.255.255.0
MS-CHAP2-Success = 0x01533d33443836384642353943373731363832373033413345424542313032464630324331333133393835
MS-MPPE-Encryption-Policy = 0x00000001
MS-CHAP2-Success = 0x01533d33443836384642353943373731363832373033413345424542313032464630324331333133393835
MS-MPPE-Recv-Key = 0x2cf8a29211b4c2d80283be320f6fd808
MS-MPPE-Send-Key = 0x83e7cc6d4768a3aea8dafe7abbb08b3e
MS-MPPE-Encryption-Policy = 0x00000001
MS-MPPE-Encryption-Types = 0x00000006
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Accounting-Request packet from host 127.0.0.1:62272, id=57, length=150
NAS-Identifier = "kvhoit02.delta.internal"
NAS-IP-Address = 127.0.0.1
NAS-Port = 1
NAS-Port-Type = Virtual
Service-Type = Framed-User
Framed-Protocol = PPP
Calling-Station-Id = "10.0.16.130"
Acct-Status-Type = Start
Framed-IP-Address = 10.0.16.130
Framed-IP-Netmask = 255.255.255.0
User-Name = "user"
Acct-Session-Id = "7130413-L-1"
Acct-Multi-Session-Id = "7130413-B-1"
Acct-Link-Count = 1
Acct-Authentic = RADIUS
Processing the preacct section of radiusd.conf
modcall: entering group preacct for request 1
modcall[preacct]: module "preprocess" returns noop for request 1
rlm_acct_unique: Hashing 'NAS-Port = 1,Client-IP-Address = 127.0.0.1,NAS-IP-Address = 127.0.0.1,Acct-Session-Id = "7130413-L-1",User-Name = "user"'
rlm_acct_unique: Acct-Unique-Session-ID = "bc54217738bcfa2b".
modcall[preacct]: module "acct_unique" returns ok for request 1
modcall: leaving group preacct (returns ok) for request 1
Processing the accounting section of radiusd.conf
modcall: entering group accounting for request 1
Using perl at 0x2040c136
modcall[accounting]: module "perl" returns ok for request 1
modcall: leaving group accounting (returns ok) for request 1
Sending Accounting-Response of id 57 to 127.0.0.1 port 62272
Finished request 1
Going to the next request
Cleaning up request 1 ID 57 with timestamp 4924862d
Waking up in 6 seconds...
rad_recv: Accounting-Request packet from host 127.0.0.1:53892, id=33, length=198
NAS-Identifier = "kvhoit02.delta.internal"
NAS-IP-Address = 127.0.0.1
NAS-Port = 1
NAS-Port-Type = Virtual
Service-Type = Framed-User
Framed-Protocol = PPP
Calling-Station-Id = "10.0.16.130"
Framed-IP-Address = 10.0.16.130
Framed-IP-Netmask = 255.255.255.0
User-Name = "user"
Acct-Session-Id = "7130413-L-1"
Acct-Multi-Session-Id = "7130413-B-1"
Acct-Link-Count = 1
Acct-Authentic = RADIUS
Acct-Status-Type = Stop
Acct-Terminate-Cause = Service-Unavailable
Acct-Session-Time = 5
Acct-Input-Octets = 180
Acct-Input-Packets = 11
Acct-Output-Octets = 150
Acct-Output-Packets = 11
Acct-Input-Gigawords = 0
Acct-Output-Gigawords = 0
Processing the preacct section of radiusd.conf
modcall: entering group preacct for request 2
modcall[preacct]: module "preprocess" returns noop for request 2
rlm_acct_unique: Hashing 'NAS-Port = 1,Client-IP-Address = 127.0.0.1,NAS-IP-Address = 127.0.0.1,Acct-Session-Id = "7130413-L-1",User-Name = "user"'
rlm_acct_unique: Acct-Unique-Session-ID = "bc54217738bcfa2b".
modcall[preacct]: module "acct_unique" returns ok for request 2
modcall: leaving group preacct (returns ok) for request 2
Processing the accounting section of radiusd.conf
modcall: entering group accounting for request 2
Using perl at 0x2040c136
modcall[accounting]: module "perl" returns ok for request 2
modcall: leaving group accounting (returns ok) for request 2
Sending Accounting-Response of id 33 to 127.0.0.1 port 53892
Finished request 2
Going to the next request
--- Walking the entire request list ---
Cleaning up request 2 ID 33 with timestamp 49248630
Waking up in 3 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 147 with timestamp 4924862d
Nothing to do. Sleeping until we see a request.
На сколько я понял проблема в шифровании... в клиенте (винда) шифрование я отключил...
Когда коментирую все строки в радиусе и мпд связанные с
chap
pap
mschap
pam

вылетает ошибка - 738 (сервер не назначил адрес)
Помогите советом, как помирить эту связку и виндовс...
Если будет нужно выложу свои конфиги... :oops:

П.С. Хочу настроить все же с шифрованием... чтобы никто ничего лишнего посмотреть не смог... :smile:

Хостинговая компания Host-Food.ru
Хостинг HostFood.ru
 

Услуги хостинговой компании Host-Food.ru

Хостинг HostFood.ru

Тарифы на хостинг в России, от 12 рублей: https://www.host-food.ru/tariffs/hosting/
Тарифы на виртуальные сервера (VPS/VDS/KVM) в РФ, от 189 руб.: https://www.host-food.ru/tariffs/virtualny-server-vps/
Выделенные сервера, Россия, Москва, от 2000 рублей (HP Proliant G5, Intel Xeon E5430 (2.66GHz, Quad-Core, 12Mb), 8Gb RAM, 2x300Gb SAS HDD, P400i, 512Mb, BBU):
https://www.host-food.ru/tariffs/vydelennyi-server-ds/
Недорогие домены в популярных зонах: https://www.host-food.ru/domains/

paradox
проходил мимо
Сообщения: 11620
Зарегистрирован: 2008-02-21 18:15:41

Re: MPD 5.0b1 + FreeRADIUS Version 1.1.7 ошибка 734

Непрочитанное сообщение paradox » 2008-11-22 11:59:44

у вас какая то каша
времени в логах нет
понять в какой период что появляеться невозможно...

pawko
рядовой
Сообщения: 20
Зарегистрирован: 2008-11-21 18:41:00

Re: MPD 5.0b1 + FreeRADIUS Version 1.1.7 ошибка 734

Непрочитанное сообщение pawko » 2008-11-22 13:48:13

потому что это не из логов.. это просто то что делает мпд и радиус...в двух консолях... я их просто запустил в консоли и смотрел что куда
Лог МПД с временем есть... а вот как заставить радиус свои действия в дебаг-режиме писать в лог - не знаю... подскажите, приведу логи...

paradox
проходил мимо
Сообщения: 11620
Зарегистрирован: 2008-02-21 18:15:41

Re: MPD 5.0b1 + FreeRADIUS Version 1.1.7 ошибка 734

Непрочитанное сообщение paradox » 2008-11-22 13:51:07

Код: Выделить всё

man syslogd

pawko
рядовой
Сообщения: 20
Зарегистрирован: 2008-11-21 18:41:00

Re: MPD 5.0b1 + FreeRADIUS Version 1.1.7 ошибка 734

Непрочитанное сообщение pawko » 2008-12-02 12:31:27

вишу на єтой проблеме уже неделю...

Никак не могу заставить радиус писать в логи свой дебаг... помогите с єтим для начала...
Вот я нарыл в нете статью http://wiki.freeradius.org/Syslog_HOWTO

Что я делаю... пишу в syslog.conf

Код: Выделить всё

local1.debug                                /var/log/radius/radius.log
перечитываю syslog.conf - /etc/rc.d/syslogd restart
в радиусе изменил все пути на новые - /var/log/radius/radius.log
Запускаю радиус
radiusd -l syslog
radiusd -g auth
Пробовал и с auth и с user и с local0-7 результат один и тот же...
В лог пишет только что стартовал... а дебаг информацию хранит :st:

pawko
рядовой
Сообщения: 20
Зарегистрирован: 2008-11-21 18:41:00

Re: MPD 5.0b1 + FreeRADIUS Version 1.1.7 ошибка 734

Непрочитанное сообщение pawko » 2008-12-02 12:31:45

вишу на єтой проблеме уже неделю...

Никак не могу заставить радиус писать в логи свой дебаг... помогите с єтим для начала...
Вот я нарыл в нете статью http://wiki.freeradius.org/Syslog_HOWTO

Что я делаю... пишу в syslog.conf

Код: Выделить всё

local1.debug                                /var/log/radius/radius.log
перечитываю syslog.conf - /etc/rc.d/syslogd restart
в радиусе изменил все пути на новые - /var/log/radius/radius.log
Запускаю радиус
radiusd -l syslog
radiusd -g auth
Пробовал и с auth и с user и с local0-7 результат один и тот же...
В лог пишет только что стартовал... а дебаг информацию хранит :st: зажал))

pawko
рядовой
Сообщения: 20
Зарегистрирован: 2008-11-21 18:41:00

Re: MPD 5.0b1 + FreeRADIUS Version 1.1.7 ошибка 734

Непрочитанное сообщение pawko » 2008-12-02 12:34:03

вишу на єтой проблеме уже неделю...

Никак не могу заставить радиус писать в логи свой дебаг... помогите с єтим для начала...
Вот я нарыл в нете статью http://wiki.freeradius.org/Syslog_HOWTO

Что я делаю... пишу в syslog.conf

Код: Выделить всё

local1.debug                                /var/log/radius/radius.log
перечитываю syslog.conf - /etc/rc.d/syslogd restart
в радиусе изменил все пути на новые - /var/log/radius/radius.log
Запускаю радиус
radiusd -l syslog
radiusd -g auth
Пробовал и с auth и с user и с local0-7 результат один и тот же...
В лог пишет только что стартовал... а дебаг информацию хранит :st: зажал))

paradox
проходил мимо
Сообщения: 11620
Зарегистрирован: 2008-02-21 18:15:41

Re: MPD 5.0b1 + FreeRADIUS Version 1.1.7 ошибка 734

Непрочитанное сообщение paradox » 2008-12-02 15:57:18

у тебя опять каша
мы ж говорили о mpd ?
егои нужно было в лог прикручивать
*.* итд
а радиус и без syslog нормально логи пишет

pawko
рядовой
Сообщения: 20
Зарегистрирован: 2008-11-21 18:41:00

Re: MPD 5.0b1 + FreeRADIUS Version 1.1.7 ошибка 734

Непрочитанное сообщение pawko » 2008-12-03 16:26:54

прикрутил все...
Вот лог МПД:
Dec 3 16:23:37 kvhoit02 mpd: [L-1] Accepting PPTP connection
Dec 3 16:23:37 kvhoit02 mpd: [L-1] link: OPEN event
Dec 3 16:23:37 kvhoit02 mpd: [L-1] LCP: Open event
Dec 3 16:23:37 kvhoit02 mpd: [L-1] LCP: state change Initial --> Starting
Dec 3 16:23:37 kvhoit02 mpd: [L-1] LCP: LayerStart
Dec 3 16:23:37 kvhoit02 mpd: [L-1] PPTP: attaching to peer's outgoing call
Dec 3 16:23:37 kvhoit02 mpd: [L-1] link: UP event
Dec 3 16:23:37 kvhoit02 mpd: [L-1] link: origination is remote
Dec 3 16:23:37 kvhoit02 mpd: [L-1] LCP: Up event
Dec 3 16:23:37 kvhoit02 mpd: [L-1] LCP: state change Starting --> Req-Sent
Dec 3 16:23:37 kvhoit02 mpd: [L-1] LCP: SendConfigReq #1
Dec 3 16:23:37 kvhoit02 mpd: ACFCOMP
Dec 3 16:23:37 kvhoit02 mpd: PROTOCOMP
Dec 3 16:23:37 kvhoit02 mpd: MRU 1500
Dec 3 16:23:37 kvhoit02 mpd: MAGICNUM 1a2b119d
Dec 3 16:23:37 kvhoit02 mpd: AUTHPROTO CHAP MSOFTv2
Dec 3 16:23:37 kvhoit02 mpd: MP MRRU 1600
Dec 3 16:23:37 kvhoit02 mpd: ENDPOINTDISC [802.1] 00 15 f2 60 31 ce
Dec 3 16:23:37 kvhoit02 mpd: [L-1] LCP: rec'd Configure Request #0 (Req-Sent)
Dec 3 16:23:37 kvhoit02 mpd: MRU 1400
Dec 3 16:23:37 kvhoit02 mpd: MAGICNUM 76da5da4
Dec 3 16:23:37 kvhoit02 mpd: PROTOCOMP
Dec 3 16:23:37 kvhoit02 mpd: ACFCOMP
Dec 3 16:23:37 kvhoit02 mpd: CALLBACK 6
Dec 3 16:23:37 kvhoit02 mpd: [L-1] LCP: SendConfigRej #0
Dec 3 16:23:37 kvhoit02 mpd: CALLBACK 6
Dec 3 16:23:37 kvhoit02 mpd: [L-1] LCP: rec'd Configure Request #1 (Req-Sent)
Dec 3 16:23:37 kvhoit02 mpd: MRU 1400
Dec 3 16:23:37 kvhoit02 mpd: MAGICNUM 76da5da4
Dec 3 16:23:37 kvhoit02 mpd: PROTOCOMP
Dec 3 16:23:37 kvhoit02 mpd: ACFCOMP
Dec 3 16:23:37 kvhoit02 mpd: [L-1] LCP: SendConfigAck #1
Dec 3 16:23:37 kvhoit02 mpd: MRU 1400
Dec 3 16:23:37 kvhoit02 mpd: MAGICNUM 76da5da4
Dec 3 16:23:37 kvhoit02 mpd: PROTOCOMP
Dec 3 16:23:37 kvhoit02 mpd: ACFCOMP
Dec 3 16:23:37 kvhoit02 mpd: [L-1] LCP: state change Req-Sent --> Ack-Sent
Dec 3 16:23:39 kvhoit02 mpd: [L-1] LCP: SendConfigReq #2
Dec 3 16:23:39 kvhoit02 mpd: ACFCOMP
Dec 3 16:23:39 kvhoit02 mpd: PROTOCOMP
Dec 3 16:23:39 kvhoit02 mpd: MRU 1500
Dec 3 16:23:39 kvhoit02 mpd: MAGICNUM 1a2b119d
Dec 3 16:23:39 kvhoit02 mpd: AUTHPROTO CHAP MSOFTv2
Dec 3 16:23:39 kvhoit02 mpd: MP MRRU 1600
Dec 3 16:23:39 kvhoit02 mpd: ENDPOINTDISC [802.1] 00 15 f2 60 31 ce
Dec 3 16:23:39 kvhoit02 mpd: [L-1] LCP: rec'd Configure Reject #2 (Ack-Sent)
Dec 3 16:23:39 kvhoit02 mpd: MP MRRU 1600
Dec 3 16:23:39 kvhoit02 mpd: ENDPOINTDISC [802.1] 00 15 f2 60 31 ce
Dec 3 16:23:39 kvhoit02 mpd: [L-1] LCP: SendConfigReq #3
Dec 3 16:23:39 kvhoit02 mpd: ACFCOMP
Dec 3 16:23:39 kvhoit02 mpd: PROTOCOMP
Dec 3 16:23:39 kvhoit02 mpd: MRU 1500
Dec 3 16:23:39 kvhoit02 mpd: MAGICNUM 1a2b119d
Dec 3 16:23:39 kvhoit02 mpd: AUTHPROTO CHAP MSOFTv2
Dec 3 16:23:39 kvhoit02 mpd: [L-1] LCP: rec'd Configure Ack #3 (Ack-Sent)
Dec 3 16:23:39 kvhoit02 mpd: ACFCOMP
Dec 3 16:23:39 kvhoit02 mpd: PROTOCOMP
Dec 3 16:23:39 kvhoit02 mpd: MRU 1500
Dec 3 16:23:39 kvhoit02 mpd: MAGICNUM 1a2b119d
Dec 3 16:23:39 kvhoit02 mpd: AUTHPROTO CHAP MSOFTv2
Dec 3 16:23:39 kvhoit02 mpd: [L-1] LCP: state change Ack-Sent --> Opened
Dec 3 16:23:39 kvhoit02 mpd: [L-1] LCP: auth: peer wants nothing, I want CHAP
Dec 3 16:23:39 kvhoit02 mpd: [L-1] CHAP: sending CHALLENGE len:17
Dec 3 16:23:39 kvhoit02 mpd: [L-1] LCP: LayerUp
Dec 3 16:23:39 kvhoit02 mpd: [L-1] LCP: rec'd Ident #2 (Opened)
Dec 3 16:23:39 kvhoit02 mpd: [L-1] LCP: rec'd Ident #3 (Opened)
Dec 3 16:23:39 kvhoit02 mpd: [L-1] CHAP: rec'd RESPONSE #1
Dec 3 16:23:39 kvhoit02 mpd: Name: "user"
Dec 3 16:23:39 kvhoit02 mpd: [L-1] AUTH: Auth-Thread started
Dec 3 16:23:39 kvhoit02 mpd: [L-1] AUTH: Trying RADIUS
Dec 3 16:23:39 kvhoit02 mpd: [L-1] RADIUS: RadiusAuthenticate for: user
Dec 3 16:23:39 kvhoit02 mpd: [L-1] RADIUS: rec'd RAD_ACCESS_ACCEPT for user user
Dec 3 16:23:39 kvhoit02 mpd: [L-1] AUTH: RADIUS returned authenticated
Dec 3 16:23:39 kvhoit02 mpd: [L-1] AUTH: Auth-Thread finished normally
Dec 3 16:23:39 kvhoit02 mpd: [L-1] CHAP: ChapInputFinish: status authenticated
Dec 3 16:23:39 kvhoit02 mpd: Reply message: S=AFDF542A7386DF6C604BD9B636633F372510E18E
Dec 3 16:23:39 kvhoit02 mpd: [L-1] CHAP: sending SUCCESS len:42
Dec 3 16:23:39 kvhoit02 mpd: [L-1] LCP: authorization successful
Dec 3 16:23:39 kvhoit02 mpd: [L-1] Matched link action 'bundle "B" ""'
Dec 3 16:23:39 kvhoit02 mpd: [L-1] Creating new bundle using template "B".
Dec 3 16:23:39 kvhoit02 mpd: [B-1] using interface ng0
Dec 3 16:23:39 kvhoit02 mpd: [B-1] Bundle up: 1 link, total bandwidth 64000 bps
Dec 3 16:23:39 kvhoit02 mpd: [B-1] IPCP: Open event
Dec 3 16:23:39 kvhoit02 mpd: [B-1] IPCP: state change Initial --> Starting
Dec 3 16:23:39 kvhoit02 mpd: [B-1] IPCP: LayerStart
Dec 3 16:23:39 kvhoit02 mpd: [B-1] CCP: Open event
Dec 3 16:23:39 kvhoit02 mpd: [B-1] CCP: state change Initial --> Starting
Dec 3 16:23:39 kvhoit02 mpd: [B-1] CCP: LayerStart
Dec 3 16:23:39 kvhoit02 mpd: [B-1] IPCP: Up event
Dec 3 16:23:39 kvhoit02 mpd: [B-1] IPCP: state change Starting --> Req-Sent
Dec 3 16:23:39 kvhoit02 mpd: [B-1] IPCP: SendConfigReq #1
Dec 3 16:23:39 kvhoit02 mpd: IPADDR 10.0.16.89
Dec 3 16:23:39 kvhoit02 mpd: COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
Dec 3 16:23:39 kvhoit02 mpd: [B-1] CCP: Up event
Dec 3 16:23:39 kvhoit02 mpd: [B-1] CCP: state change Starting --> Req-Sent
Dec 3 16:23:39 kvhoit02 mpd: [B-1] CCP: SendConfigReq #1
Dec 3 16:23:39 kvhoit02 mpd: MPPC
Dec 3 16:23:39 kvhoit02 mpd: 0x01000060:MPPE(40, 128 bits), stateless
Dec 3 16:23:39 kvhoit02 mpd: [L-1] AUTH: Accounting-Thread started
Dec 3 16:23:39 kvhoit02 mpd: [L-1] RADIUS: RadiusAccount for: user (Type: 1)
Dec 3 16:23:39 kvhoit02 mpd: [B-1] CCP: rec'd Configure Request #4 (Req-Sent)
Dec 3 16:23:39 kvhoit02 mpd: MPPC
Dec 3 16:23:39 kvhoit02 mpd: 0x01000001:MPPC, stateless
Dec 3 16:23:39 kvhoit02 mpd: [B-1] CCP: SendConfigNak #4
Dec 3 16:23:39 kvhoit02 mpd: MPPC
Dec 3 16:23:39 kvhoit02 mpd: 0x01000060:MPPE(40, 128 bits), stateless
Dec 3 16:23:39 kvhoit02 mpd: [B-1] IPCP: rec'd Configure Request #5 (Req-Sent)
Dec 3 16:23:39 kvhoit02 mpd: IPADDR 0.0.0.0
Dec 3 16:23:39 kvhoit02 mpd: NAKing with 10.0.16.130
Dec 3 16:23:39 kvhoit02 mpd: PRIDNS 0.0.0.0
Dec 3 16:23:39 kvhoit02 mpd: NAKing with 10.0.31.1
Dec 3 16:23:39 kvhoit02 mpd: PRINBNS 0.0.0.0
Dec 3 16:23:39 kvhoit02 mpd: SECDNS 0.0.0.0
Dec 3 16:23:39 kvhoit02 mpd: SECNBNS 0.0.0.0
Dec 3 16:23:39 kvhoit02 mpd: [B-1] IPCP: SendConfigRej #5
Dec 3 16:23:39 kvhoit02 mpd: PRINBNS 0.0.0.0
Dec 3 16:23:39 kvhoit02 mpd: SECDNS 0.0.0.0
Dec 3 16:23:39 kvhoit02 mpd: SECNBNS 0.0.0.0
Dec 3 16:23:39 kvhoit02 mpd: [B-1] IPCP: rec'd Configure Reject #1 (Req-Sent)
Dec 3 16:23:39 kvhoit02 mpd: COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
Dec 3 16:23:39 kvhoit02 mpd: [B-1] IPCP: SendConfigReq #2
Dec 3 16:23:39 kvhoit02 mpd: IPADDR 10.0.16.89
Dec 3 16:23:39 kvhoit02 mpd: [B-1] CCP: rec'd Configure Nak #1 (Req-Sent)
Dec 3 16:23:39 kvhoit02 mpd: MPPC
Dec 3 16:23:39 kvhoit02 mpd: 0x01000040:MPPE(128 bits), stateless
Dec 3 16:23:39 kvhoit02 mpd: [B-1] CCP: SendConfigReq #2
Dec 3 16:23:39 kvhoit02 mpd: MPPC
Dec 3 16:23:39 kvhoit02 mpd: 0x01000040:MPPE(128 bits), stateless
Dec 3 16:23:39 kvhoit02 mpd: [B-1] CCP: rec'd Configure Request #6 (Req-Sent)
Dec 3 16:23:39 kvhoit02 mpd: MPPC
Dec 3 16:23:39 kvhoit02 mpd: 0x01000040:MPPE(128 bits), stateless
Dec 3 16:23:39 kvhoit02 mpd: [B-1] CCP: SendConfigAck #6
Dec 3 16:23:39 kvhoit02 mpd: MPPC
Dec 3 16:23:39 kvhoit02 mpd: 0x01000040:MPPE(128 bits), stateless
Dec 3 16:23:39 kvhoit02 mpd: [B-1] CCP: state change Req-Sent --> Ack-Sent
Dec 3 16:23:39 kvhoit02 mpd: [B-1] IPCP: rec'd Configure Request #7 (Req-Sent)
Dec 3 16:23:39 kvhoit02 mpd: IPADDR 0.0.0.0
Dec 3 16:23:39 kvhoit02 mpd: NAKing with 10.0.16.130
Dec 3 16:23:39 kvhoit02 mpd: PRIDNS 0.0.0.0
Dec 3 16:23:39 kvhoit02 mpd: NAKing with 10.0.31.1
Dec 3 16:23:39 kvhoit02 mpd: [B-1] IPCP: SendConfigNak #7
Dec 3 16:23:39 kvhoit02 mpd: IPADDR 10.0.16.130
Dec 3 16:23:39 kvhoit02 mpd: PRIDNS 10.0.31.1
Dec 3 16:23:39 kvhoit02 mpd: [B-1] IPCP: rec'd Configure Ack #2 (Req-Sent)
Dec 3 16:23:39 kvhoit02 mpd: IPADDR 10.0.16.89
Dec 3 16:23:39 kvhoit02 mpd: [B-1] IPCP: state change Req-Sent --> Ack-Rcvd
Dec 3 16:23:39 kvhoit02 mpd: [B-1] CCP: rec'd Configure Ack #2 (Ack-Sent)
Dec 3 16:23:39 kvhoit02 mpd: MPPC
Dec 3 16:23:39 kvhoit02 mpd: 0x01000040:MPPE(128 bits), stateless
Dec 3 16:23:39 kvhoit02 mpd: [B-1] CCP: state change Ack-Sent --> Opened
Dec 3 16:23:39 kvhoit02 mpd: [B-1] CCP: LayerUp
Dec 3 16:23:39 kvhoit02 mpd: Compress using: mppc (MPPE(128 bits), stateless)
Dec 3 16:23:39 kvhoit02 mpd: Decompress using: mppc (MPPE(128 bits), stateless)
Dec 3 16:23:39 kvhoit02 mpd: [B-1] IPCP: rec'd Configure Request #8 (Ack-Rcvd)
Dec 3 16:23:39 kvhoit02 mpd: IPADDR 10.0.16.130
Dec 3 16:23:39 kvhoit02 mpd: 10.0.16.130 is OK
Dec 3 16:23:39 kvhoit02 mpd: PRIDNS 10.0.31.1
Dec 3 16:23:39 kvhoit02 mpd: [B-1] IPCP: SendConfigAck #8
Dec 3 16:23:39 kvhoit02 mpd: IPADDR 10.0.16.130
Dec 3 16:23:39 kvhoit02 mpd: PRIDNS 10.0.31.1
Dec 3 16:23:39 kvhoit02 mpd: [B-1] IPCP: state change Ack-Rcvd --> Opened
Dec 3 16:23:39 kvhoit02 mpd: [B-1] IPCP: LayerUp
Dec 3 16:23:39 kvhoit02 mpd: 10.0.16.89 -> 10.0.16.130
Dec 3 16:23:39 kvhoit02 mpd: [L-1] RADIUS: rec'd RAD_ACCOUNTING_RESPONSE for user user
Dec 3 16:23:39 kvhoit02 mpd: [L-1] RADIUS: RadiusGetParams: WARNING no MPPE-Keys received, MPPE will not work
Dec 3 16:23:40 kvhoit02 mpd: [B-1] IFACE: Up event
Dec 3 16:23:40 kvhoit02 mpd: [B-1] IPCP: rec'd Terminate Request #9 (Opened)
Dec 3 16:23:40 kvhoit02 mpd: [B-1] IPCP: state change Opened --> Stopping
Dec 3 16:23:40 kvhoit02 mpd: [B-1] IPCP: SendTerminateAck #3
Dec 3 16:23:40 kvhoit02 mpd: [B-1] IPCP: LayerDown
Dec 3 16:23:40 kvhoit02 mpd: [B-1] IFACE: Down event
Dec 3 16:23:40 kvhoit02 mpd: [L-1] AUTH: Accounting-Thread finished normally
Dec 3 16:23:41 kvhoit02 mpd: [B-1] IPCP: rec'd Terminate Request #10 (Stopping)
Dec 3 16:23:41 kvhoit02 mpd: [B-1] IPCP: SendTerminateAck #4
Dec 3 16:23:42 kvhoit02 mpd: [B-1] IPCP: state change Stopping --> Stopped
Dec 3 16:23:42 kvhoit02 mpd: [B-1] IPCP: LayerFinish
Dec 3 16:23:42 kvhoit02 mpd: [B-1] No NCPs left. Closing links...
Dec 3 16:23:42 kvhoit02 mpd: [B-1] closing link "L-1"...
Dec 3 16:23:42 kvhoit02 mpd: [L-1] link: CLOSE event
Dec 3 16:23:42 kvhoit02 mpd: [L-1] LCP: Close event
Dec 3 16:23:42 kvhoit02 mpd: [L-1] LCP: state change Opened --> Closing
Dec 3 16:23:42 kvhoit02 mpd: [L-1] AUTH: Accounting data for user user: 5 seconds, 180 octets in, 150 octets out
Dec 3 16:23:42 kvhoit02 mpd: [B-1] Bundle up: 0 links, total bandwidth 9600 bps
Dec 3 16:23:42 kvhoit02 mpd: [B-1] IPCP: Close event
Dec 3 16:23:42 kvhoit02 mpd: [B-1] IPCP: state change Stopped --> Closed
Dec 3 16:23:42 kvhoit02 mpd: [B-1] CCP: Close event
Dec 3 16:23:42 kvhoit02 mpd: [B-1] CCP: state change Opened --> Closing
Dec 3 16:23:42 kvhoit02 mpd: [B-1] CCP: SendTerminateReq #3
Dec 3 16:23:42 kvhoit02 mpd: [B-1] error writing len 8 frame to bypass: Network is down
Dec 3 16:23:42 kvhoit02 mpd: [B-1] CCP: LayerDown
Dec 3 16:23:42 kvhoit02 mpd: [B-1] IPCP: Down event
Dec 3 16:23:42 kvhoit02 mpd: [B-1] IPCP: state change Closed --> Initial
Dec 3 16:23:42 kvhoit02 mpd: [B-1] CCP: Down event
Dec 3 16:23:42 kvhoit02 mpd: [B-1] CCP: LayerFinish
Dec 3 16:23:42 kvhoit02 mpd: [B-1] CCP: state change Closing --> Initial
Dec 3 16:23:42 kvhoit02 mpd: [B-1] Bundle shutdown
Dec 3 16:23:42 kvhoit02 mpd: [L-1] AUTH: Cleanup
Dec 3 16:23:42 kvhoit02 mpd: [L-1] LCP: SendTerminateReq #4
Dec 3 16:23:42 kvhoit02 mpd: [L-1] LCP: LayerDown
Dec 3 16:23:42 kvhoit02 mpd: [L-1] AUTH: Accounting-Thread started
Dec 3 16:23:42 kvhoit02 mpd: [L-1] RADIUS: RadiusAccount for: user (Type: 2)
Dec 3 16:23:42 kvhoit02 mpd: [L-1] RADIUS: Termination cause: Protocol error, RADIUS: 15
Dec 3 16:23:42 kvhoit02 mpd: [L-1] RADIUS: rec'd RAD_ACCOUNTING_RESPONSE for user user
Dec 3 16:23:42 kvhoit02 mpd: [L-1] RADIUS: RadiusGetParams: WARNING no MPPE-Keys received, MPPE will not work
Dec 3 16:23:42 kvhoit02 mpd: [L-1] AUTH: Accounting-Thread finished normally
Dec 3 16:23:42 kvhoit02 mpd: [L-1] PPTP call terminated
Dec 3 16:23:42 kvhoit02 mpd: [L-1] link: DOWN event
Dec 3 16:23:42 kvhoit02 mpd: [L-1] LCP: Down event
Dec 3 16:23:42 kvhoit02 mpd: [L-1] LCP: LayerFinish
Dec 3 16:23:42 kvhoit02 mpd: [L-1] LCP: state change Closing --> Initial
Dec 3 16:23:42 kvhoit02 mpd: [L-1] link: SHUTDOWN event
Вот лог Радиуса
Wed Dec 3 16:23:39 2008 : Auth: Login OK: [user/<no User-Password attribute>] (from client 127.0.0.1 port 1 cli 10.0.16.130)
Какие будут идеи? я так понял что Радиус здесь ни причем... это все МПД вытворяет... почему? :st:

paradox
проходил мимо
Сообщения: 11620
Зарегистрирован: 2008-02-21 18:15:41

Re: MPD 5.0b1 + FreeRADIUS Version 1.1.7 ошибка 734

Непрочитанное сообщение paradox » 2008-12-03 16:34:54

у радиуса есть утилиты радлогин и прочие
тестируйте и настраивайте сначала радиус
а mpd лучше для тестов 3.8 поставте

pawko
рядовой
Сообщения: 20
Зарегистрирован: 2008-11-21 18:41:00

Re: MPD 5.0b1 + FreeRADIUS Version 1.1.7 ошибка 734

Непрочитанное сообщение pawko » 2008-12-04 10:41:10

Радиус здесь ни причем... его задача авторизовать... тоесть вытянуть из БД значения юзер-пас и передать в МПД что все ок... он передает...
А вот МПД уже в свою очередь рубает подключение..
И еще... заметил интересную вещь... после некторого просто я МПД вообще перестает даже передавать значения в радиус...

Переставить МПД? Не выход... выбрана она была по одной простой причине - именно в ней разработчики наконец ввели понятие шаблона, избавив от необходимости копировать 1000 раз одни и ти же строки.
так куда копать в этом МПД?
Авторизацыя проходит наура... потом при регистрации в сети - 734... я уже все что знал перепробовал)) подкиньте новую идейку;)

imroot
мл. сержант
Сообщения: 127
Зарегистрирован: 2007-12-18 14:06:19

Re: MPD 5.0b1 + FreeRADIUS Version 1.1.7 ошибка 734

Непрочитанное сообщение imroot » 2008-12-04 12:44:43

попробуй задать руками Ип на клиенте, авось прокатит. Может у тебя диапазон адресов не указан для клиентов?

pawko
рядовой
Сообщения: 20
Зарегистрирован: 2008-11-21 18:41:00

Re: MPD 5.0b1 + FreeRADIUS Version 1.1.7 ошибка 734

Непрочитанное сообщение pawko » 2008-12-04 17:12:40

ІП как будто получает:) поскольку сообщение вылазит - конфликт ип-адреса с другой системой)) Это тоже к стати еще проблема)))
У меня есть сети
10.0.255.255
я сделал под ВПН 10.1.16.0/32 по 10.1.16.100/32 все равно конфликтует:))) вот только с кем или чем...
А давайте я свой конфиг МПД выложу... просмотрите его... может свежим глазом что-то увидите...
ИП статически попрописовал... не работает

pawko
рядовой
Сообщения: 20
Зарегистрирован: 2008-11-21 18:41:00

Re: MPD 5.0b1 + FreeRADIUS Version 1.1.7 ошибка 734

Непрочитанное сообщение pawko » 2008-12-04 17:15:53

вот конфиг МПД на данный момент:

Код: Выделить всё

#################################################################
#
#       MPD configuration file
#
# This file defines the configuration for mpd: what the
# bundles are, what the links are in those bundles, how
# the interface should be configured, various PPP parameters,
# etc. It contains commands just as you would type them
# in at the console. Lines without padding are labels. Lines
# starting with a "#" are comments.
#
# $Id: mpd.conf.sample,v 1.41 2007/10/05 17:42:52 amotin Exp $
#
#################################################################

startup:
        # configure the console
        # enable TCP-Wrapper (hosts_access(5)) to block unfriendly clients
        set global enable tcp-wrapper
        set console self 10.0.16.89 5005
        set console user pahan admin
        #set console user foo1 bar1
        set console open
        # configure the web server
        #set web self 0.0.0.0 5006
        #set web user foo bar
        #set web open

####################################################################
#Netflow options
        set netflow peer 127.0.0.1      9996
        set netflow self 127.0.0.1      9990
        set netflow timeouts 15 15
        set netflow hook 9000
#       set netflow node netflow

#####################################################################
#
# Default configuration is "dialup"

default:
        load pptp_server

dialup:
#
# Example of a simple PPP dialup account using modem device.
# This will connect whenever there is outgoing demand (DoD), and hangup
# after a 15 minute idle time. It also connects and disconnects
# when signals SIGUSR1 and SIGUSR2 are received, respectively.
#
# Note the "set iface addrs ..." is needed because we're doing
# dial-on-demand and therefore can't wait for the peer to assign
# us IP addresses for the interface. These can be completely phoney
# IP addresses.
#
# We also enable the idle-script "Ringback", which means if we're
# not connected and we detect an incoming call, we don't answer it
# BUT we do initiate a call to the ISP to get connected. This is
# nice to connect yourself when you're away from home, etc.
#

# Create static modem link named L1
#       create link static L1 modem
# Configure modem
        set modem device /dev/cuad0
        set modem var $DialPrefix "DT"
        set modem var $Telephone "1-415-555-1212"
        set modem script DialPeer
        set modem idle-script Ringback
# We expect to be authenticated by peer using any protocol.
        set link disable chap pap
        set link accept chap pap
# Configure the account name. Password will be taken from mpd.secret.
        set auth authname MyLogin
# To make Ringback work we should specify how to handle "incoming"
# calls originated by it.
        set link action bundle B1
        set link enable incoming

# Create static bundle named B1
        create bundle static B1
# Enumerate links participating in DoD
        set bundle links L1
# Configure the interface: dial on demand, default route, idle timeout.
        set iface addrs 1.1.1.1 2.2.2.2
        set iface route default
        set iface enable on-demand
        set iface idle 900

# "Open" interface (but don't actually dial until there's demand)
        open iface

dialin:
#
# This setup answers incoming calls from a remote peer,
# but is not intended for dialing out.
#
# The local IP address is 1.1.1.1 and the remote is 2.2.2.2.
#

#       create bundle static B1
        set iface idle 900
        set ipcp ranges 1.1.1.1/32 2.2.2.2/32

        create link static L1 modem
# Set bundle to use
        set link action bundle B1
# Authenticate peer with chap-md5
        set link no chap pap eap
        set link enable chap-md5
# Configure modem
        set modem device /dev/cuad0
        set modem var $DialPrefix "DT"
        set modem idle-script AnswerCall
# Permit incoming calls using this link
        set link enable incoming

multi_dialup:
#
# Example of a multi-link dialup setup, using links "usr1" and "usr2"
# Similar to the first example, but uses two links together, and
# does not do dial-on-demand.
#

# Create clonable bundle template
        create bundle template B
        set iface route default
        set iface idle 900

# Create links and open them
        create link static L1 modem
        load common
        set modem device /dev/cuad0
        open

        create link static L2 modem
        load common
        set modem device /dev/cuad1
        open

common:
# Enable multilink protocol
        set link enable multilink
# Set bundle template to use
        set link action bundle B
# Allow peer to authenticate us
        set link disable chap pap
        set link accept chap pap
        set auth authname MyLogin
# Set inifinite redial attempts
        set link max-redial 0
        set modem var $DialPrefix "DT"
        set modem var $Telephone "1-415-555-1212"
        set modem script DialPeer

sync:
#
# Dedicated synchronous line using netgraph link.
# The remote router is connected to the 192.168.2.0/24 subnet.
# No authentication required.
#

        create bundle static B1
        set iface route 192.168.2.0/24
        set ipcp ranges 192.168.1.153/32 192.168.2.1/24

        create link static L1 ng
        set link action bundle B1
        set link max-redial 0
        set link no chap pap
        set ng node sr0:
        set ng hook rawdata
        open

pptp_server:
#
# Mpd as a PPTP server compatible with Microsoft Dial-Up Networking clients.
#
# Suppose you have a private Office LAN numbered 192.168.1.0/24 and the
# machine running mpd is at 192.168.1.1, and also has an externally visible
# IP address of 1.2.3.4.
#
# We want to allow a client to connect to 1.2.3.4 from out on the Internet
# via PPTP.  We will assign that client the address 192.168.1.50 and proxy-ARP
# for that address, so the virtual PPP link will be numbered 192.168.1.1 local
# and 192.168.1.50 remote.  From the client machine's perspective, it will
# appear as if it is actually on the 192.168.1.0/24 network, even though in
# reality it is somewhere far away out on the Internet.
#
# Our DNS server is at 192.168.1.3 and our NBNS (WINS server) is at 192.168.1.4.
# If you don't have an NBNS server, leave that line out.
#

# Define dynamic IP address pool.
        set ippool add pool1 10.1.0.1   10.1.255.255

# Create clonable bundle template named B
        create bundle template B
        set iface enable proxy-arp
        set iface idle 1800
        set iface enable tcpmssfix
        set iface up-script "/usr/abills/libexec/linkupdown mpd up"
        set iface down-script "/usr/abills/libexec/linkupdown mpd down"
        set ipcp yes vjcomp
# Specify IP address pool for dynamic assigment.
        set ipcp ranges 10.1.100.1/32 ippool pool1
        set ipcp dns 10.0.31.1
#       set ipcp nbns 192.168.1.4
# The five lines below enable Microsoft Point-to-Point encryption
# (MPPE) using the ng_mppc(8) netgraph node type.
        set bundle enable compression
        set ccp yes mppc
        set ccp yes mpp-e40
        set ccp yes mpp-e128
        set ccp yes mpp-stateless

# Create clonable link template named L
        create link template L pptp
# Set bundle template to use
        set link action bundle B
# Multilink adds some overhead, but gives full 1500 MTU.
        set link enable multilink
        set link yes acfcomp protocomp
        set link no pap chap
        set link enable chap
# We can use use RADIUS authentication/accounting by including
# another config section with label 'radius'.
        load radius
        set link keep-alive 10 60
# We reducing link mtu to avoid GRE packet fragmentation.
        set link mtu 1460
# Configure PPTP
        set pptp self 10.0.16.89
# Allow to accept calls
        set link enable incoming

pptp_vpn:
#
# Mpd using PPTP for LAN to LAN VPN, always connected.
#
# Suppose you have a private Office LAN numbered 192.168.1.0/24 and another
# remote private Office LAN numbered 192.168.2.0/24, and you wanted to route
# between these two private networks using a PPTP VPN over the Internet.
#
# You run mpd on dual-homed machines on either end. Say the local machine
# has internal address 192.168.1.1 and externally visible address 1.2.3.4,
# and the remote machine has internal address 192.168.2.1 and externally
# visible address 2.3.4.5.
#
# Note: mpd does not support the peer's "inside" IP address being the same
# as its "outside" IP address. In the above example, this means that
# 192.168.2.1 != 2.3.4.5.
#
# The "inside" IP addresses are configured by "set ipcp ranges ..."
# (in mpd.conf) while the "outside" IP addreses are configured by
# "set pptp self ..." and "set pptp peer ...".
#

        create bundle static B1
        set ipcp ranges 192.168.1.1/32 192.168.2.1/32
        set iface route 192.168.2.0/24
# Enable Microsoft Point-to-Point encryption (MPPE)
        set bundle enable compression
        set ccp yes mppc
        set ccp yes mpp-e40
        set ccp yes mpp-e128
        set bundle enable crypt-reqd
        set ccp yes mpp-stateless

        create link static L1 pptp
        set link action bundle B1
# Enable both sides to authenticat each other with CHAP
        set link no pap
        set link yes chap
        set auth authname "VpnLogin"
        set auth password "VpnPassword"
        set link mtu 1460
        set link keep-alive 10 75
        set link max-redial 0
# Configure PPTP and open link
        set pptp self 1.2.3.4
        set pptp peer 2.3.4.5
        set link enable incoming
        open

pptp_client:
#
# PPTP client: only outgoing calls, auto reconnect,
# ipcp-negotiated address, one-sided authentication,
# default route points on ISP's end
#

        create bundle static B1
        set iface route default
        set ipcp ranges 0.0.0.0/0 0.0.0.0/0

        create link static L1 pptp
        set link action bundle B1
        set auth authname MyLogin
        set auth password MyPass
        set link max-redial 0
        set link mtu 1460
        set link keep-alive 20 75
        set pptp peer 1.2.3.4
        set pptp disable windowing
        open

pppoe_server:
#
# Multihomed multilink PPPoE server
#

# Create clonable bundle template
        create bundle template B
# Set IP addresses. Peer address will be later replaced by RADIUS.
        set ipcp ranges 10.1.16.0/32 10.1.16.100/32

# Create link template with common info
        create link template common pppoe
# Enable multilink protocol
        set link enable multilink
# Set bundle template to use
        set link action bundle B
# Enable peer authentication
        set link disable chap pap eap
        set link enable pap
        load radius
        set pppoe service "superisp"

# Create templates for ifaces to listen using 'common' template and let them go
        create link template fxp0 common
        set pppoe iface fxp0
        set link enable incoming

        create link template fxp1 common
        set pppoe iface fxp1
        set link enable incoming

pppoe_client:
#
# PPPoE client: only outgoing calls, auto reconnect,
# ipcp-negotiated address, one-sided authentication,
# default route points on ISP's end
#

        create bundle static B1
        set iface route default
        set ipcp ranges 0.0.0.0/0 0.0.0.0/0

        create link static L1 pppoe
        set link action bundle B1
        set auth authname MyLogin
        set auth password MyPass
        set link max-redial 0
        set link mtu 1460
        set link keep-alive 10 60
        set pppoe iface fxp0
        set pppoe service ""
        open

radius:
# You can use radius.conf(5), its useful, because you can share the
# same config with userland-ppp and other apps.
        set radius config /etc/radiusd.conf
# or specify the server directly here
        set radius server 127.0.0.1 radsecret 1812 1813
        set radius retries 3
        set radius timeout 10
# send the given IP in the RAD_NAS_IP_ADDRESS attribute to the server.
        set radius me 127.0.0.1
# send accounting updates every 5 minutes
        set auth acct-update 300
# enable RADIUS, and fallback to mpd.secret, if RADIUS auth failed
        set auth enable radius-auth
# enable RADIUS accounting
        set auth enable radius-acct
# protect our requests with the message-authenticator
        set radius enable message-authentic

simple_lac:
#
# This is a simple L2TP access concentrator which receives PPPoE calls
# and forwards them to LNS on 1.2.3.4
#

        create link template L1 pppoe
        set pppoe iface fxp0
        set link action forward L2
        set link enable incoming

        create link template L2 l2tp
        set l2tp peer 1.2.3.4

complete_lac:
#
# This is more complicated L2TP access concentrator which receives PPPoE calls
# and if peer auth name includes @corp1.net forwards them to LNS on 1.2.3.4,
# if peer auth name includes @corp2.net forwards them to LNS on 2.3.4.5
# all other connections processes itself localy using internal auth and
# assigning dynamic IP from specified pool.
#

        set ippool add pool1 192.168.1.50 192.168.1.99

        create link template L1 pppoe
        set pppoe iface fxp0
# We must ask authentication to get peer login
        set link no pap chap eap
        set link enable pap
        set link action forward L2 "@corp1\\.net$"
        set link action forward L3 "@corp2\\.net$"
        set link action bundle B1
        set link enable incoming

        create link template L2 l2tp
        set l2tp peer 1.2.3.4
        set l2tp secret corp1secret

        create link template L3 l2tp
        set l2tp peer 2.3.4.5
        set l2tp secret corp2secret

        create bundle template B1
        set ipcp ranges 192.168.1.1/32 ippool pool1

paradox
проходил мимо
Сообщения: 11620
Зарегистрирован: 2008-02-21 18:15:41

Re: MPD 5.0b1 + FreeRADIUS Version 1.1.7 ошибка 734

Непрочитанное сообщение paradox » 2008-12-04 18:47:03

обреж это стандартный конфиг
и покажи реально твое

paradox
проходил мимо
Сообщения: 11620
Зарегистрирован: 2008-02-21 18:15:41

Re: MPD 5.0b1 + FreeRADIUS Version 1.1.7 ошибка 734

Непрочитанное сообщение paradox » 2008-12-04 19:21:15

Dec 3 16:23:42 kvhoit02 mpd: [L-1] RADIUS: RadiusAccount for: user (Type: 2)
Dec 3 16:23:42 kvhoit02 mpd: [L-1] RADIUS: Termination cause: Protocol error, RADIUS: 15
Dec 3 16:23:42 kvhoit02 mpd: [L-1] RADIUS: rec'd RAD_ACCOUNTING_RESPONSE for user user
Dec 3 16:23:42 kvhoit02 mpd: [L-1] RADIUS: RadiusGetParams: WARNING no MPPE-Keys received, MPPE will not work
поскольку какой то бред
причем непонятно кто из двух там гонит

начни с проверки радиуса
радтест + мини патчи что бы видно было что радиус отдает все нужные атрибуты
а потом уже будешь mpd настраивать

а ты занимаешь методом научного тыка
что нибудь убрать добавить и перезапустить - а вось заработает
так?

pawko
рядовой
Сообщения: 20
Зарегистрирован: 2008-11-21 18:41:00

Re: MPD 5.0b1 + FreeRADIUS Version 1.1.7 ошибка 734

Непрочитанное сообщение pawko » 2008-12-04 20:18:23

начни с проверки радиуса
радтест + мини патчи что бы видно было что радиус отдает все нужные атрибуты
а потом уже будешь mpd настраивать
Так радиус уже проверял... тоже с ним мучился... радтест проходит отлично... все как положено... авторизует... тянет с базы... в билинг пишет что все ок...
kvhoit02# radtest user 1234567890 10.0.16.10:1812 0 radsecret 0 127.0.0.1
Sending Access-Request of id 24 to 10.0.16.10 port 1812
User-Name = "user"
User-Password = "1234567890"
NAS-IP-Address = 127.0.0.1
NAS-Port = 0
Framed-Protocol = PPP
rad_recv: Access-Accept packet from host 10.0.16.10:1812, id=24, length=38
Session-Timeout = 7400
Framed-IP-Address = 10.0.16.130
Framed-IP-Netmask = 255.255.255.0
kvhoit02#
Радиус в дебаги... в этот момент
rad_recv: Access-Request packet from host 10.0.16.10:59279, id=24, length=62
User-Name = "user"
User-Password = "1234567890"
NAS-IP-Address = 127.0.0.1
NAS-Port = 0
Framed-Protocol = PPP
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
modcall[authorize]: module "preprocess" returns ok for request 1
Using perl at 0x2040c132
Auth-Type := Accept
rlm_perl: Added pair Session-Timeout = 7400
rlm_perl: Added pair Framed-IP-Address = 10.0.16.130
rlm_perl: Added pair Framed-IP-Netmask = 255.255.255.0
rlm_perl: Added pair Auth-Type = Accept
modcall[authorize]: module "perl" returns ok for request 1
modcall: leaving group authorize (returns ok) for request 1
rad_check_password: Found Auth-Type Accept
rad_check_password: Auth-Type = Accept, accepting the user
Sending Access-Accept of id 24 to 10.0.16.10 port 59279
Session-Timeout = 7400
Framed-IP-Address = 10.0.16.130
Framed-IP-Netmask = 255.255.255.0
Finished request 1
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 20 with timestamp 491b5313
Waking up in 5 seconds...
--- Walking the entire request list ---
Cleaning up request 1 ID 24 with timestamp 491b5318
Nothing to do. Sleeping until we see a request.
в лог абилса пишет
kvhoit02# cat /usr/abills/var/log/abills.log

2008-11-12 22:11:11 LOG_INFO: AUTH [user] NAS: 8 (127.0.0.1) GT: 0.00574

paradox
проходил мимо
Сообщения: 11620
Зарегистрирован: 2008-02-21 18:15:41

Re: MPD 5.0b1 + FreeRADIUS Version 1.1.7 ошибка 734

Непрочитанное сообщение paradox » 2008-12-04 20:24:06

нет не то
я сказал с маленькими патчами для радтест

потому как mpd авторизирует по chap-ms2
а ты проверяшеь радиус по pap

pawko
рядовой
Сообщения: 20
Зарегистрирован: 2008-11-21 18:41:00

Re: MPD 5.0b1 + FreeRADIUS Version 1.1.7 ошибка 734

Непрочитанное сообщение pawko » 2008-12-04 20:51:30

а где эти патчи намутить? Я не слышал про такое...

paradox
проходил мимо
Сообщения: 11620
Зарегистрирован: 2008-02-21 18:15:41

Re: MPD 5.0b1 + FreeRADIUS Version 1.1.7 ошибка 734

Непрочитанное сообщение paradox » 2008-12-04 20:56:00

сам напиши
там челенж нужно сформировать правильный
и отправить в атрибутах к радиусу
он в ответ должен сказать хорошо
и выдать атрибуты по ключам

ну и так само проверить времсто старт стор авторизации
сам аккаунтинг старт стоп
и посмотреть что радиус кидает в ответ

pawko
рядовой
Сообщения: 20
Зарегистрирован: 2008-11-21 18:41:00

Re: MPD 5.0b1 + FreeRADIUS Version 1.1.7 ошибка 734

Непрочитанное сообщение pawko » 2008-12-04 21:12:09

писать... мда... ну если и буду... тогда на шеле... думаю можно будет такое наваять - перл плохо знаю... а изучать... сейчас оракл и селекты шпарю.. дойдут руки буду ковырять эту связку...

paradox
проходил мимо
Сообщения: 11620
Зарегистрирован: 2008-02-21 18:15:41

Re: MPD 5.0b1 + FreeRADIUS Version 1.1.7 ошибка 734

Непрочитанное сообщение paradox » 2008-12-04 21:16:17

какое еще перл

less radtest
новые атрибуты токо добавь с праивльными данными
и все

я если найду свой скрипт то выложу...

pawko
рядовой
Сообщения: 20
Зарегистрирован: 2008-11-21 18:41:00

Re: MPD 5.0b1 + FreeRADIUS Version 1.1.7 ошибка 734

Непрочитанное сообщение pawko » 2008-12-05 10:37:12

буду очень благодарен... я еще не настолько силен в юникс-системах, чтобы писать скрипты))
Или поподробней опиши что куда копать... бо даже не знаю как написать... и как прикрутить к радиусу...

pawko
рядовой
Сообщения: 20
Зарегистрирован: 2008-11-21 18:41:00

Re: MPD 5.0b1 + FreeRADIUS Version 1.1.7 ошибка 734

Непрочитанное сообщение pawko » 2008-12-05 10:45:00

Вот мое в конфиге МПД -

Код: Выделить всё

startup:
        # configure the console
        # enable TCP-Wrapper (hosts_access(5)) to block unfriendly clients
        set global enable tcp-wrapper
        set console self 10.0.16.89 5005
        set console user pahan admin
        #set console user foo1 bar1
        set console open
        # configure the web server
        #set web self 0.0.0.0 5006
        #set web user foo bar
        #set web open

####################################################################
#Netflow options
        set netflow peer 127.0.0.1      9996
        set netflow self 127.0.0.1      9990
        set netflow timeouts 15 15
        set netflow hook 9000
#       set netflow node netflow

#####################################################################
#
# Default configuration is "dialup"

default:
        load pptp_server

pptp_server:
# Define dynamic IP address pool.
        set ippool add pool1 10.1.0.1   10.1.255.255

# Create clonable bundle template named B
        create bundle template B
        set iface enable proxy-arp
        set iface idle 1800
        set iface enable tcpmssfix
        set iface up-script "/usr/abills/libexec/linkupdown mpd up"
        set iface down-script "/usr/abills/libexec/linkupdown mpd down"
        set ipcp yes vjcomp
# Specify IP address pool for dynamic assigment.
        set ipcp ranges 10.1.100.1/32 ippool pool1
        set ipcp dns 10.0.31.1
#       set ipcp nbns 192.168.1.4
# The five lines below enable Microsoft Point-to-Point encryption
# (MPPE) using the ng_mppc(8) netgraph node type.
        set bundle enable compression
        set ccp yes mppc
        set ccp yes mpp-e40
        set ccp yes mpp-e128
        set ccp yes mpp-stateless

# Create clonable link template named L
        create link template L pptp
# Set bundle template to use
        set link action bundle B
# Multilink adds some overhead, but gives full 1500 MTU.
        set link enable multilink
        set link yes acfcomp protocomp
        set link no pap chap
        set link enable chap
# We can use use RADIUS authentication/accounting by including
# another config section with label 'radius'.
        load radius
        set link keep-alive 10 60
# We reducing link mtu to avoid GRE packet fragmentation.
        set link mtu 1460
# Configure PPTP
        set pptp self 10.0.16.89
# Allow to accept calls
        set link enable incoming
radius:
# You can use radius.conf(5), its useful, because you can share the
# same config with userland-ppp and other apps.
        set radius config /etc/radiusd.conf
# or specify the server directly here
        set radius server 127.0.0.1 radsecret 1812 1813
        set radius retries 3
        set radius timeout 10
# send the given IP in the RAD_NAS_IP_ADDRESS attribute to the server.
        set radius me 127.0.0.1
# send accounting updates every 5 minutes
        set auth acct-update 300
# enable RADIUS, and fallback to mpd.secret, if RADIUS auth failed
        set auth enable radius-auth
# enable RADIUS accounting
        set auth enable radius-acct
# protect our requests with the message-authenticator
        set radius enable message-authentic

pawko
рядовой
Сообщения: 20
Зарегистрирован: 2008-11-21 18:41:00

Re: MPD 5.0b1 + FreeRADIUS Version 1.1.7 ошибка 734

Непрочитанное сообщение pawko » 2008-12-05 11:19:15

Вот что еще выяснилось...
Отключил я в МПД авторизацию через радиус... прописал в мпд.секркт юзера...
Подключаюсь - авторизация проходит а вот при регистрации ПК в сети - 738 ошибка. сервер не назначил адрес...
При этом в лог пишет следующее

Код: Выделить всё

Dec  5 11:17:04 kvhoit02 mpd: [L-1] Accepting PPTP connection
Dec  5 11:17:04 kvhoit02 mpd: [L-1] link: OPEN event
Dec  5 11:17:04 kvhoit02 mpd: [L-1] LCP: Open event
Dec  5 11:17:04 kvhoit02 mpd: [L-1] LCP: state change Initial --> Starting
Dec  5 11:17:04 kvhoit02 mpd: [L-1] LCP: LayerStart
Dec  5 11:17:04 kvhoit02 mpd: [L-1] PPTP: attaching to peer's outgoing call
Dec  5 11:17:04 kvhoit02 mpd: [L-1] link: UP event
Dec  5 11:17:04 kvhoit02 mpd: [L-1] link: origination is remote
Dec  5 11:17:04 kvhoit02 mpd: [L-1] LCP: Up event
Dec  5 11:17:04 kvhoit02 mpd: [L-1] LCP: state change Starting --> Req-Sent
Dec  5 11:17:04 kvhoit02 mpd: [L-1] LCP: SendConfigReq #1
Dec  5 11:17:04 kvhoit02 mpd:  ACFCOMP
Dec  5 11:17:04 kvhoit02 mpd:  PROTOCOMP
Dec  5 11:17:04 kvhoit02 mpd:  MRU 1500
Dec  5 11:17:04 kvhoit02 mpd:  MAGICNUM 873f3ab4
Dec  5 11:17:04 kvhoit02 mpd:  AUTHPROTO CHAP MSOFTv2
Dec  5 11:17:04 kvhoit02 mpd:  MP MRRU 1600
Dec  5 11:17:04 kvhoit02 mpd:  ENDPOINTDISC [802.1] 00 15 f2 60 31 ce
Dec  5 11:17:04 kvhoit02 mpd: [L-1] LCP: rec'd Configure Request #0 (Req-Sent)
Dec  5 11:17:04 kvhoit02 mpd:  MRU 1400
Dec  5 11:17:04 kvhoit02 mpd:  MAGICNUM 39293f27
Dec  5 11:17:04 kvhoit02 mpd:  PROTOCOMP
Dec  5 11:17:04 kvhoit02 mpd:  ACFCOMP
Dec  5 11:17:04 kvhoit02 mpd:  CALLBACK 6
Dec  5 11:17:04 kvhoit02 mpd: [L-1] LCP: SendConfigRej #0
Dec  5 11:17:04 kvhoit02 mpd:  CALLBACK 6
Dec  5 11:17:04 kvhoit02 mpd: [L-1] LCP: rec'd Configure Request #1 (Req-Sent)
Dec  5 11:17:04 kvhoit02 mpd:  MRU 1400
Dec  5 11:17:04 kvhoit02 mpd:  MAGICNUM 39293f27
Dec  5 11:17:04 kvhoit02 mpd:  PROTOCOMP
Dec  5 11:17:04 kvhoit02 mpd:  ACFCOMP
Dec  5 11:17:04 kvhoit02 mpd: [L-1] LCP: SendConfigAck #1
Dec  5 11:17:04 kvhoit02 mpd:  MRU 1400
Dec  5 11:17:04 kvhoit02 mpd:  MAGICNUM 39293f27
Dec  5 11:17:04 kvhoit02 mpd:  PROTOCOMP
Dec  5 11:17:04 kvhoit02 mpd:  ACFCOMP
Dec  5 11:17:04 kvhoit02 mpd: [L-1] LCP: state change Req-Sent --> Ack-Sent
Dec  5 11:17:06 kvhoit02 mpd: [L-1] LCP: SendConfigReq #2
Dec  5 11:17:06 kvhoit02 mpd:  ACFCOMP
Dec  5 11:17:06 kvhoit02 mpd:  PROTOCOMP
Dec  5 11:17:06 kvhoit02 mpd:  MRU 1500
Dec  5 11:17:06 kvhoit02 mpd:  MAGICNUM 873f3ab4
Dec  5 11:17:06 kvhoit02 mpd:  AUTHPROTO CHAP MSOFTv2
Dec  5 11:17:06 kvhoit02 mpd:  MP MRRU 1600
Dec  5 11:17:06 kvhoit02 mpd:  ENDPOINTDISC [802.1] 00 15 f2 60 31 ce
Dec  5 11:17:06 kvhoit02 mpd: [L-1] LCP: rec'd Configure Reject #2 (Ack-Sent)
Dec  5 11:17:06 kvhoit02 mpd:  MP MRRU 1600
Dec  5 11:17:06 kvhoit02 mpd:  ENDPOINTDISC [802.1] 00 15 f2 60 31 ce
Dec  5 11:17:06 kvhoit02 mpd: [L-1] LCP: SendConfigReq #3
Dec  5 11:17:06 kvhoit02 mpd:  ACFCOMP
Dec  5 11:17:06 kvhoit02 mpd:  PROTOCOMP
Dec  5 11:17:06 kvhoit02 mpd:  MRU 1500
Dec  5 11:17:06 kvhoit02 mpd:  MAGICNUM 873f3ab4
Dec  5 11:17:06 kvhoit02 mpd:  AUTHPROTO CHAP MSOFTv2
Dec  5 11:17:06 kvhoit02 mpd: [L-1] LCP: rec'd Configure Ack #3 (Ack-Sent)
Dec  5 11:17:06 kvhoit02 mpd:  ACFCOMP
Dec  5 11:17:06 kvhoit02 mpd:  PROTOCOMP
Dec  5 11:17:06 kvhoit02 mpd:  MRU 1500
Dec  5 11:17:06 kvhoit02 mpd:  MAGICNUM 873f3ab4
Dec  5 11:17:06 kvhoit02 mpd:  AUTHPROTO CHAP MSOFTv2
Dec  5 11:17:06 kvhoit02 mpd: [L-1] LCP: state change Ack-Sent --> Opened
Dec  5 11:17:06 kvhoit02 mpd: [L-1] LCP: auth: peer wants nothing, I want CHAP
Dec  5 11:17:06 kvhoit02 mpd: [L-1] CHAP: sending CHALLENGE len:17
Dec  5 11:17:06 kvhoit02 mpd: [L-1] LCP: LayerUp
Dec  5 11:17:06 kvhoit02 mpd: [L-1] LCP: rec'd Ident #2 (Opened)
Dec  5 11:17:06 kvhoit02 mpd: [L-1] LCP: rec'd Ident #3 (Opened)
Dec  5 11:17:06 kvhoit02 mpd: [L-1] CHAP: rec'd RESPONSE #1
Dec  5 11:17:06 kvhoit02 mpd:  Name: "user"
Dec  5 11:17:06 kvhoit02 mpd: [L-1] AUTH: Auth-Thread started
Dec  5 11:17:06 kvhoit02 mpd: [L-1] AUTH: Trying INTERNAL
Dec  5 11:17:06 kvhoit02 mpd: [L-1] AUTH: INTERNAL returned undefined
Dec  5 11:17:06 kvhoit02 mpd: [L-1] AUTH: Auth-Thread finished normally
Dec  5 11:17:06 kvhoit02 mpd: [L-1] CHAP: ChapInputFinish: status undefined
Dec  5 11:17:06 kvhoit02 mpd:  Response is valid
Dec  5 11:17:06 kvhoit02 mpd:  Reply message: S=05266E849F78B2A11CD602631C5E31242110A91B
Dec  5 11:17:06 kvhoit02 mpd: [L-1] CHAP: sending SUCCESS len:42
Dec  5 11:17:06 kvhoit02 mpd: [L-1] LCP: authorization successful
Dec  5 11:17:06 kvhoit02 mpd: [L-1] Matched link action 'bundle "B" ""'
Dec  5 11:17:06 kvhoit02 mpd: [L-1] Creating new bundle using template "B".
Dec  5 11:17:06 kvhoit02 mpd: [B-1] using interface ng0
Dec  5 11:17:06 kvhoit02 mpd: [B-1] Bundle up: 1 link, total bandwidth 64000 bps
Dec  5 11:17:06 kvhoit02 mpd: [B-1] IPCP: Open event
Dec  5 11:17:06 kvhoit02 mpd: [B-1] IPCP: state change Initial --> Starting
Dec  5 11:17:06 kvhoit02 mpd: [B-1] IPCP: LayerStart
Dec  5 11:17:06 kvhoit02 mpd: [B-1] CCP: Open event
Dec  5 11:17:06 kvhoit02 mpd: [B-1] CCP: state change Initial --> Starting
Dec  5 11:17:06 kvhoit02 mpd: [B-1] CCP: LayerStart
Dec  5 11:17:06 kvhoit02 mpd: [B-1] IPCP: Up event
Dec  5 11:17:06 kvhoit02 mpd: [B-1] IPCP: state change Starting --> Req-Sent
Dec  5 11:17:06 kvhoit02 mpd: [B-1] IPCP: SendConfigReq #1
Dec  5 11:17:06 kvhoit02 mpd:  IPADDR 10.0.16.89
Dec  5 11:17:06 kvhoit02 mpd:  COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
Dec  5 11:17:06 kvhoit02 mpd: [B-1] CCP: Up event
Dec  5 11:17:06 kvhoit02 mpd: [B-1] CCP: state change Starting --> Req-Sent
Dec  5 11:17:06 kvhoit02 mpd: [B-1] CCP: SendConfigReq #1
Dec  5 11:17:06 kvhoit02 mpd:  MPPC
Dec  5 11:17:06 kvhoit02 mpd:    0x01000060:MPPE(40, 128 bits), stateless
Dec  5 11:17:06 kvhoit02 mpd: [L-1] AUTH: Accounting-Thread started
Dec  5 11:17:06 kvhoit02 mpd: [L-1] AUTH: Accounting-Thread finished normally
Dec  5 11:17:06 kvhoit02 mpd: [B-1] CCP: rec'd Configure Request #4 (Req-Sent)
Dec  5 11:17:06 kvhoit02 mpd:  MPPC
Dec  5 11:17:06 kvhoit02 mpd:    0x010000e1:MPPC, MPPE(40, 56, 128 bits), stateless
Dec  5 11:17:06 kvhoit02 mpd: [B-1] CCP: SendConfigNak #4
Dec  5 11:17:06 kvhoit02 mpd:  MPPC
Dec  5 11:17:06 kvhoit02 mpd:    0x01000040:MPPE(128 bits), stateless
Dec  5 11:17:06 kvhoit02 mpd: [B-1] IPCP: rec'd Configure Request #5 (Req-Sent)
Dec  5 11:17:06 kvhoit02 mpd:  IPADDR 0.0.0.0
Dec  5 11:17:06 kvhoit02 mpd:    no IP address available for peer!
Dec  5 11:17:06 kvhoit02 mpd:    NAKing with 0.0.0.0
Dec  5 11:17:06 kvhoit02 mpd:  PRIDNS 0.0.0.0
Dec  5 11:17:06 kvhoit02 mpd:    NAKing with 10.0.31.1
Dec  5 11:17:06 kvhoit02 mpd:  PRINBNS 0.0.0.0
Dec  5 11:17:06 kvhoit02 mpd:  SECDNS 0.0.0.0
Dec  5 11:17:06 kvhoit02 mpd:  SECNBNS 0.0.0.0
Dec  5 11:17:06 kvhoit02 mpd: [B-1] IPCP: SendConfigRej #5
Dec  5 11:17:06 kvhoit02 mpd:  PRINBNS 0.0.0.0
Dec  5 11:17:06 kvhoit02 mpd:  SECDNS 0.0.0.0
Dec  5 11:17:06 kvhoit02 mpd:  SECNBNS 0.0.0.0
Dec  5 11:17:06 kvhoit02 mpd: [B-1] IPCP: rec'd Configure Reject #1 (Req-Sent)
Dec  5 11:17:06 kvhoit02 mpd:  COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
Dec  5 11:17:06 kvhoit02 mpd: [B-1] IPCP: SendConfigReq #2
Dec  5 11:17:06 kvhoit02 mpd:  IPADDR 10.0.16.89
Dec  5 11:17:06 kvhoit02 mpd: [B-1] CCP: rec'd Configure Nak #1 (Req-Sent)
Dec  5 11:17:06 kvhoit02 mpd:  MPPC
Dec  5 11:17:06 kvhoit02 mpd:    0x01000040:MPPE(128 bits), stateless
Dec  5 11:17:06 kvhoit02 mpd: [B-1] CCP: SendConfigReq #2
Dec  5 11:17:06 kvhoit02 mpd:  MPPC
Dec  5 11:17:06 kvhoit02 mpd:    0x01000040:MPPE(128 bits), stateless
Dec  5 11:17:06 kvhoit02 mpd: [B-1] CCP: rec'd Configure Request #6 (Req-Sent)
Dec  5 11:17:06 kvhoit02 mpd:  MPPC
Dec  5 11:17:06 kvhoit02 mpd:    0x01000040:MPPE(128 bits), stateless
Dec  5 11:17:06 kvhoit02 mpd: [B-1] CCP: SendConfigAck #6
Dec  5 11:17:06 kvhoit02 mpd:  MPPC
Dec  5 11:17:06 kvhoit02 mpd:    0x01000040:MPPE(128 bits), stateless
Dec  5 11:17:06 kvhoit02 mpd: [B-1] CCP: state change Req-Sent --> Ack-Sent
Dec  5 11:17:06 kvhoit02 mpd: [B-1] IPCP: rec'd Configure Request #7 (Req-Sent)
Dec  5 11:17:06 kvhoit02 mpd:  IPADDR 0.0.0.0
Dec  5 11:17:06 kvhoit02 mpd:    no IP address available for peer!
Dec  5 11:17:06 kvhoit02 mpd:    NAKing with 0.0.0.0
Dec  5 11:17:06 kvhoit02 mpd:  PRIDNS 0.0.0.0
Dec  5 11:17:06 kvhoit02 mpd:    NAKing with 10.0.31.1
Dec  5 11:17:06 kvhoit02 mpd: [B-1] IPCP: SendConfigNak #7
Dec  5 11:17:06 kvhoit02 mpd:  IPADDR 0.0.0.0
Dec  5 11:17:06 kvhoit02 mpd:  PRIDNS 10.0.31.1
Dec  5 11:17:06 kvhoit02 mpd: [B-1] IPCP: rec'd Configure Ack #2 (Req-Sent)
Dec  5 11:17:06 kvhoit02 mpd:  IPADDR 10.0.16.89
Dec  5 11:17:06 kvhoit02 mpd: [B-1] IPCP: state change Req-Sent --> Ack-Rcvd
Dec  5 11:17:06 kvhoit02 mpd: [B-1] CCP: rec'd Configure Ack #2 (Ack-Sent)
Dec  5 11:17:06 kvhoit02 mpd:  MPPC
Dec  5 11:17:06 kvhoit02 mpd:    0x01000040:MPPE(128 bits), stateless
Dec  5 11:17:06 kvhoit02 mpd: [B-1] CCP: state change Ack-Sent --> Opened
Dec  5 11:17:06 kvhoit02 mpd: [B-1] CCP: LayerUp
Dec  5 11:17:06 kvhoit02 mpd:   Compress using: mppc (MPPE(128 bits), stateless)
Dec  5 11:17:06 kvhoit02 mpd: Decompress using: mppc (MPPE(128 bits), stateless)
Dec  5 11:17:06 kvhoit02 mpd: [B-1] IPCP: rec'd Terminate Request #8 (Ack-Rcvd)
Dec  5 11:17:06 kvhoit02 mpd: [B-1] IPCP: state change Ack-Rcvd --> Req-Sent
Dec  5 11:17:06 kvhoit02 mpd: [B-1] IPCP: SendTerminateAck #3
Dec  5 11:17:08 kvhoit02 mpd: [B-1] IPCP: SendConfigReq #4
Dec  5 11:17:08 kvhoit02 mpd:  IPADDR 10.0.16.89
Dec  5 11:17:08 kvhoit02 mpd: [B-1] IPCP: rec'd Terminate Request #9 (Req-Sent)
Dec  5 11:17:08 kvhoit02 mpd: [B-1] IPCP: SendTerminateAck #5
Dec  5 11:17:10 kvhoit02 mpd: [B-1] IPCP: SendConfigReq #6
Dec  5 11:17:10 kvhoit02 mpd:  IPADDR 10.0.16.89
Dec  5 11:17:10 kvhoit02 mpd: [L-1] LCP: rec'd Terminate Request #10 (Opened)
Dec  5 11:17:10 kvhoit02 mpd: [L-1] LCP: state change Opened --> Stopping
Dec  5 11:17:10 kvhoit02 mpd: [L-1] AUTH: Accounting data for user user: 6 seconds, 182 octets in, 156 octets out
Dec  5 11:17:10 kvhoit02 mpd: [B-1] Bundle up: 0 links, total bandwidth 9600 bps
Dec  5 11:17:10 kvhoit02 mpd: [B-1] IPCP: Close event
Dec  5 11:17:10 kvhoit02 mpd: [B-1] IPCP: state change Req-Sent --> Closing
Dec  5 11:17:10 kvhoit02 mpd: [B-1] IPCP: SendTerminateReq #7
Dec  5 11:17:10 kvhoit02 mpd: [B-1] error writing len 8 frame to bypass: Network is down
Dec  5 11:17:10 kvhoit02 mpd: [B-1] CCP: Close event
Dec  5 11:17:10 kvhoit02 mpd: [B-1] CCP: state change Opened --> Closing
Dec  5 11:17:10 kvhoit02 mpd: [B-1] CCP: SendTerminateReq #3
Dec  5 11:17:10 kvhoit02 mpd: [B-1] error writing len 8 frame to bypass: Network is down
Dec  5 11:17:10 kvhoit02 mpd: [B-1] CCP: LayerDown
Dec  5 11:17:10 kvhoit02 mpd: [B-1] IPCP: Down event
Dec  5 11:17:10 kvhoit02 mpd: [B-1] IPCP: LayerFinish
Dec  5 11:17:10 kvhoit02 mpd: [B-1] No NCPs left. Closing links...
Dec  5 11:17:10 kvhoit02 mpd: [B-1] IPCP: state change Closing --> Initial
Dec  5 11:17:10 kvhoit02 mpd: [B-1] CCP: Down event
Dec  5 11:17:10 kvhoit02 mpd: [B-1] CCP: LayerFinish
Dec  5 11:17:10 kvhoit02 mpd: [B-1] CCP: state change Closing --> Initial
Dec  5 11:17:10 kvhoit02 mpd: [B-1] Bundle shutdown
Dec  5 11:17:10 kvhoit02 mpd: [L-1] AUTH: Cleanup
Dec  5 11:17:10 kvhoit02 mpd: [L-1] LCP: SendTerminateAck #4
Dec  5 11:17:10 kvhoit02 mpd: [L-1] LCP: LayerDown
Dec  5 11:17:10 kvhoit02 mpd: [L-1] AUTH: Accounting-Thread started
Dec  5 11:17:10 kvhoit02 mpd: [L-1] AUTH: Accounting-Thread finished normally
Dec  5 11:17:12 kvhoit02 mpd: [L-1] LCP: rec'd Terminate Request #11 (Stopping)
Dec  5 11:17:12 kvhoit02 mpd: [L-1] LCP: SendTerminateAck #5
Dec  5 11:17:12 kvhoit02 mpd: [L-1] LCP: state change Stopping --> Stopped
Dec  5 11:17:12 kvhoit02 mpd: [L-1] LCP: LayerFinish
Dec  5 11:17:12 kvhoit02 mpd: [L-1] PPTP call terminated
Dec  5 11:17:12 kvhoit02 mpd: [L-1] link: DOWN event
Dec  5 11:17:12 kvhoit02 mpd: [L-1] LCP: Close event
Dec  5 11:17:12 kvhoit02 mpd: [L-1] LCP: state change Stopped --> Closed
Dec  5 11:17:12 kvhoit02 mpd: [L-1] LCP: Down event
Dec  5 11:17:12 kvhoit02 mpd: [L-1] LCP: state change Closed --> Initial
Dec  5 11:17:12 kvhoit02 mpd: [L-1] link: SHUTDOWN event
Когда руками прописываю идрес, например 10.1.20.5 - все конектиться и держит линк...
Может это все же МПД шалит... но радиус тоже нужно проверить...
Сейчас буду копать в сторону МПД...