MPD
Или может я что-то не понимаю... радиус вроде нормально отрабатывает... вот вывод radius -X[L-1] Accepting PPTP connection
[L-1] link: OPEN event
[L-1] LCP: Open event
[L-1] LCP: state change Initial --> Starting
[L-1] LCP: LayerStart
[L-1] PPTP: attaching to peer's outgoing call
[L-1] link: UP event
[L-1] link: origination is remote
[L-1] LCP: Up event
[L-1] LCP: state change Starting --> Req-Sent
[L-1] LCP: SendConfigReq #1
ACFCOMP
PROTOCOMP
MRU 1500
MAGICNUM 46e73799
AUTHPROTO CHAP MSOFTv2
MP MRRU 1600
ENDPOINTDISC [802.1] 00 15 f2 60 31 ce
[L-1] LCP: rec'd Configure Request #0 (Req-Sent)
MRU 1400
MAGICNUM 0a891978
PROTOCOMP
ACFCOMP
CALLBACK 6
[L-1] LCP: SendConfigRej #0
CALLBACK 6
[L-1] LCP: rec'd Configure Request #1 (Req-Sent)
MRU 1400
MAGICNUM 0a891978
PROTOCOMP
ACFCOMP
[L-1] LCP: SendConfigAck #1
MRU 1400
MAGICNUM 0a891978
PROTOCOMP
ACFCOMP
[L-1] LCP: state change Req-Sent --> Ack-Sent
[L-1] LCP: SendConfigReq #2
ACFCOMP
PROTOCOMP
MRU 1500
MAGICNUM 46e73799
AUTHPROTO CHAP MSOFTv2
MP MRRU 1600
ENDPOINTDISC [802.1] 00 15 f2 60 31 ce
[L-1] LCP: rec'd Configure Reject #2 (Ack-Sent)
MP MRRU 1600
ENDPOINTDISC [802.1] 00 15 f2 60 31 ce
[L-1] LCP: SendConfigReq #3
ACFCOMP
PROTOCOMP
MRU 1500
MAGICNUM 46e73799
AUTHPROTO CHAP MSOFTv2
[L-1] LCP: rec'd Configure Ack #3 (Ack-Sent)
ACFCOMP
PROTOCOMP
MRU 1500
MAGICNUM 46e73799
AUTHPROTO CHAP MSOFTv2
[L-1] LCP: state change Ack-Sent --> Opened
[L-1] LCP: auth: peer wants nothing, I want CHAP
[L-1] CHAP: sending CHALLENGE len:17
[L-1] LCP: LayerUp
[L-1] LCP: rec'd Ident #2 (Opened)
[L-1] LCP: rec'd Ident #3 (Opened)
[L-1] CHAP: rec'd RESPONSE #1
Name: "user"
[L-1] AUTH: Auth-Thread started
[L-1] AUTH: Trying RADIUS
[L-1] RADIUS: RadiusAuthenticate for: user
[L-1] RADIUS: rec'd RAD_ACCESS_ACCEPT for user user
[L-1] AUTH: RADIUS returned authenticated
[L-1] AUTH: Auth-Thread finished normally
[L-1] CHAP: ChapInputFinish: status authenticated
Reply message: S=6DDBB7E7A74CCD77F7C807045E5F94AC662A7634
[L-1] CHAP: sending SUCCESS len:42
[L-1] LCP: authorization successful
[L-1] Matched link action 'bundle "B" ""'
[L-1] Creating new bundle using template "B".
[B-1] using interface ng0
[B-1] Bundle up: 1 link, total bandwidth 64000 bps
[B-1] IPCP: Open event
[B-1] IPCP: state change Initial --> Starting
[B-1] IPCP: LayerStart
[B-1] CCP: Open event
[B-1] CCP: state change Initial --> Starting
[B-1] CCP: LayerStart
[B-1] IPCP: Up event
[B-1] IPCP: state change Starting --> Req-Sent
[B-1] IPCP: SendConfigReq #1
IPADDR 10.0.16.10
COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
[B-1] CCP: Up event
[B-1] CCP: state change Starting --> Req-Sent
[B-1] CCP: SendConfigReq #1
MPPC
0x01000060:MPPE(40, 128 bits), stateless
[B-1] CCP: rec'd Configure Request #4 (Req-Sent)
MPPC
0x01000001:MPPC, stateless
[B-1] CCP: SendConfigNak #4
MPPC
0x01000060:MPPE(40, 128 bits), stateless
[B-1] IPCP: rec'd Configure Request #5 (Req-Sent)
IPADDR 0.0.0.0
NAKing with 10.0.16.130
PRIDNS 0.0.0.0
NAKing with 10.0.31.1
PRINBNS 0.0.0.0
SECDNS 0.0.0.0
SECNBNS 0.0.0.0
[B-1] IPCP: SendConfigRej #5
PRINBNS 0.0.0.0
SECDNS 0.0.0.0
SECNBNS 0.0.0.0
[B-1] IPCP: rec'd Configure Reject #1 (Req-Sent)
COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
[B-1] IPCP: SendConfigReq #2
IPADDR 10.0.16.10
[B-1] CCP: rec'd Configure Nak #1 (Req-Sent)
MPPC
0x01000040:MPPE(128 bits), stateless
[B-1] CCP: SendConfigReq #2
MPPC
0x01000040:MPPE(128 bits), stateless
[B-1] CCP: rec'd Configure Request #6 (Req-Sent)
MPPC
0x01000040:MPPE(128 bits), stateless
[B-1] CCP: SendConfigAck #6
MPPC
0x01000040:MPPE(128 bits), stateless
[B-1] CCP: state change Req-Sent --> Ack-Sent
[B-1] IPCP: rec'd Configure Request #7 (Req-Sent)
IPADDR 0.0.0.0
NAKing with 10.0.16.130
PRIDNS 0.0.0.0
NAKing with 10.0.31.1
[B-1] IPCP: SendConfigNak #7
IPADDR 10.0.16.130
PRIDNS 10.0.31.1
[B-1] IPCP: rec'd Configure Ack #2 (Req-Sent)
IPADDR 10.0.16.10
[B-1] IPCP: state change Req-Sent --> Ack-Rcvd
[B-1] CCP: rec'd Configure Ack #2 (Ack-Sent)
MPPC
0x01000040:MPPE(128 bits), stateless
[B-1] CCP: state change Ack-Sent --> Opened
[B-1] CCP: LayerUp
Compress using: mppc (MPPE(128 bits), stateless)
Decompress using: mppc (MPPE(128 bits), stateless)
[B-1] IPCP: rec'd Configure Request #8 (Ack-Rcvd)
IPADDR 10.0.16.130
10.0.16.130 is OK
PRIDNS 10.0.31.1
[B-1] IPCP: SendConfigAck #8
IPADDR 10.0.16.130
PRIDNS 10.0.31.1
[B-1] IPCP: state change Ack-Rcvd --> Opened
[B-1] IPCP: LayerUp
10.0.16.10 -> 10.0.16.130
[L-1] AUTH: Accounting-Thread started
[L-1] RADIUS: RadiusAccount for: user (Type: 1)
[L-1] RADIUS: rec'd RAD_ACCOUNTING_RESPONSE for user user
[L-1] RADIUS: RadiusGetParams: WARNING no MPPE-Keys received, MPPE will not work
[B-1] IFACE: Up event
[B-1] IPCP: rec'd Terminate Request #9 (Opened)
[B-1] IPCP: state change Opened --> Stopping
[B-1] IPCP: SendTerminateAck #3
[B-1] IPCP: LayerDown
[B-1] IFACE: Down event
[L-1] AUTH: Accounting-Thread finished normally
[B-1] IPCP: rec'd Terminate Request #10 (Stopping)
[B-1] IPCP: SendTerminateAck #4
[B-1] IPCP: state change Stopping --> Stopped
[B-1] IPCP: LayerFinish
[B-1] No NCPs left. Closing links...
[B-1] closing link "L-1"...
[L-1] link: CLOSE event
[L-1] LCP: Close event
[L-1] LCP: state change Opened --> Closing
[L-1] AUTH: Accounting data for user user: 5 seconds, 180 octets in, 150 octets out
[B-1] Bundle up: 0 links, total bandwidth 9600 bps
[B-1] IPCP: Close event
[B-1] IPCP: state change Stopped --> Closed
[B-1] CCP: Close event
[B-1] CCP: state change Opened --> Closing
[B-1] CCP: SendTerminateReq #3
[B-1] error writing len 8 frame to bypass: Network is down
[B-1] CCP: LayerDown
[B-1] IPCP: Down event
[B-1] IPCP: state change Closed --> Initial
[B-1] CCP: Down event
[B-1] CCP: LayerFinish
[B-1] CCP: state change Closing --> Initial
[B-1] Bundle shutdown
[L-1] AUTH: Cleanup
[L-1] LCP: SendTerminateReq #4
[L-1] LCP: LayerDown
[L-1] AUTH: Accounting-Thread started
[L-1] RADIUS: RadiusAccount for: user (Type: 2)
[L-1] RADIUS: Termination cause: Protocol error, RADIUS: 15
[L-1] LCP: rec'd Terminate Ack #4 (Closing)
[L-1] LCP: state change Closing --> Closed
[L-1] LCP: LayerFinish
[L-1] PPTP call terminated
[L-1] link: DOWN event
[L-1] LCP: Down event
[L-1] LCP: state change Closed --> Initial
[L-1] link: SHUTDOWN event
[L-1] RADIUS: rec'd RAD_ACCOUNTING_RESPONSE for user user
[L-1] RADIUS: RadiusGetParams: WARNING no MPPE-Keys received, MPPE will not work
[L-1] AUTH: Accounting-Thread finished normally
Radius
На сколько я понял проблема в шифровании... в клиенте (винда) шифрование я отключил...Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file: /usr/local/etc/raddb/clients.conf
main: prefix = "/usr/local"
main: localstatedir = "/var"
main: logdir = "/var/log"
main: libdir = "/usr/local/lib"
main: radacctdir = "/var/log/radacct"
main: hostname_lookups = no
main: snmp = no
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 2048
main: delete_blocked_requests = 0
main: port = 0
main: allow_core_dumps = no
main: log_stripped_names = no
main: log_file = "/var/log/radius.log"
main: log_auth = no
main: log_auth_badpass = no
main: log_auth_goodpass = no
main: pidfile = "/var/run/radiusd/radiusd.pid"
main: user = "(null)"
main: group = "(null)"
main: usercollide = no
main: lower_user = "no"
main: lower_pass = "no"
main: nospace_user = "no"
main: nospace_pass = "no"
main: checkrad = "/usr/local/sbin/checkrad"
main: proxy_requests = no
security: max_attributes = 200
security: reject_delay = 1
security: status_server = no
main: debug_level = 0
read_config_files: reading dictionary
read_config_files: reading naslist
Using deprecated naslist file. Support for this will go away soon.
read_config_files: reading clients
read_config_files: reading realms
radiusd: entering modules setup
Module: Library search path is /usr/local/lib
Module: Loaded exec
exec: wait = yes
exec: program = "(null)"
exec: input_pairs = "request"
exec: output_pairs = "(null)"
exec: packet_type = "(null)"
rlm_exec: Wait=yes but no output defined. Did you mean output=none?
Module: Instantiated exec (exec)
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded PAP
pap: encryption_scheme = "crypt"
pap: auto_header = yes
Module: Instantiated pap (pap)
Module: Loaded CHAP
Module: Instantiated chap (chap)
Module: Loaded MS-CHAP
mschap: use_mppe = yes
mschap: require_encryption = no
mschap: require_strong = no
mschap: with_ntdomain_hack = no
mschap: passwd = "(null)"
mschap: ntlm_auth = "(null)"
Module: Instantiated mschap (mschap)
Module: Loaded perl
perl: module = "/usr/abills/libexec/rlm_perl.pl"
perl: func_authorize = "authorize"
perl: func_authenticate = "authenticate"
perl: func_accounting = "accounting"
perl: func_preacct = "preacct"
perl: func_checksimul = "checksimul"
perl: func_detach = "detach"
perl: func_xlat = "xlat"
perl: func_pre_proxy = "pre_proxy"
perl: func_post_proxy = "post_proxy"
perl: func_post_auth = "post_auth"
perl: perl_flags = "(null)"
perl: func_start_accounting = "(null)"
perl: func_stop_accounting = "(null)"
Subroutine access_deny redefined at /usr/abills/libexec/rauth.pl line 254.
Reply-Message = "Unknow server ''"
Module: Instantiated perl (perl)
Module: Loaded preprocess
preprocess: huntgroups = "/usr/local/etc/raddb/huntgroups"
preprocess: hints = "/usr/local/etc/raddb/hints"
preprocess: with_ascend_hack = no
preprocess: ascend_channels_per_line = 23
preprocess: with_ntdomain_hack = no
preprocess: with_specialix_jetstream_hack = no
preprocess: with_cisco_vsa_hack = no
preprocess: with_alvarion_vsa_hack = no
Module: Instantiated preprocess (preprocess)
exec: wait = yes
exec: program = "/usr/abills/libexec/rauth.pl pre_auth"
exec: input_pairs = "request"
exec: output_pairs = "config"
exec: packet_type = "(null)"
Module: Instantiated exec (pre_auth)
Module: Loaded Acct-Unique-Session-Id
acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port"
Module: Instantiated acct_unique (acct_unique)
exec: wait = yes
exec: program = "/usr/abills/libexec/rauth.pl post_auth"
exec: input_pairs = "request"
exec: output_pairs = "config"
exec: packet_type = "(null)"
Module: Instantiated exec (post_auth)
Listening on authentication *:1812
Listening on accounting *:1813
Ready to process requests.
rad_recv: Access-Request packet from host 127.0.0.1:60138, id=147, length=194
NAS-Identifier = "kvhoit02.delta.internal"
NAS-IP-Address = 127.0.0.1
Message-Authenticator = 0xaf8ae6e997dfe682431a9fee61ca472b
NAS-Port = 1
NAS-Port-Type = Virtual
Service-Type = Framed-User
Framed-Protocol = PPP
Calling-Station-Id = "10.0.16.130"
User-Name = "user"
MS-CHAP-Challenge = 0xbb1e68e5f9f7e4075717f80a8b357f6c
MS-CHAP2-Response = 0x010088f0b2f0147130c86acfc4a2720fceb90000000000000000f31d540213dbeb829e8d7c30249d93f0a18c14bfbce5fd0a
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
rlm_mschap: Found MS-CHAP attributes. Setting 'Auth-Type = mschap'
modcall[authorize]: module "mschap" returns ok for request 0
Exec-Program output: User-Password == "1234567890"
Exec-Program-Wait: value-pairs: User-Password == "1234567890"
Exec-Program: returned: 0
modcall[authorize]: module "pre_auth" returns ok for request 0
Using perl at 0x2040c136
User-Password == "1234567890"rlm_perl: Added pair Session-Timeout = 7400
rlm_perl: Added pair MS-MPPE-Encryption-Types = 0x00000006
rlm_perl: Added pair Framed-IP-Address = 10.0.16.130
rlm_perl: Added pair Framed-IP-Netmask = 255.255.255.0
rlm_perl: Added pair MS-CHAP2-SUCCESS = 0x01533d33443836384642353943373731363832373033413345424542313032464630324331333133393835
rlm_perl: Added pair MS-MPPE-Encryption-Policy = 0x00000001
rlm_perl: Added pair User-Password = 1234567890
rlm_perl: Added pair Auth-Type = MS-CHAP
modcall[authorize]: module "perl" returns ok for request 0
modcall: leaving group authorize (returns ok) for request 0
rad_check_password: Found Auth-Type MS-CHAP
auth: type "MS-CHAP"
Processing the authenticate section of radiusd.conf
modcall: entering group MS-CHAP for request 0
rlm_mschap: Told to do MS-CHAPv2 for user with NT-Password
rlm_mschap: adding MS-CHAPv2 MPPE keys
modcall[authenticate]: module "mschap" returns ok for request 0
modcall: leaving group MS-CHAP (returns ok) for request 0
Sending Access-Accept of id 147 to 127.0.0.1 port 60138
Session-Timeout = 7400
MS-MPPE-Encryption-Types = 0x00000006
Framed-IP-Address = 10.0.16.130
Framed-IP-Netmask = 255.255.255.0
MS-CHAP2-Success = 0x01533d33443836384642353943373731363832373033413345424542313032464630324331333133393835
MS-MPPE-Encryption-Policy = 0x00000001
MS-CHAP2-Success = 0x01533d33443836384642353943373731363832373033413345424542313032464630324331333133393835
MS-MPPE-Recv-Key = 0x2cf8a29211b4c2d80283be320f6fd808
MS-MPPE-Send-Key = 0x83e7cc6d4768a3aea8dafe7abbb08b3e
MS-MPPE-Encryption-Policy = 0x00000001
MS-MPPE-Encryption-Types = 0x00000006
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Accounting-Request packet from host 127.0.0.1:62272, id=57, length=150
NAS-Identifier = "kvhoit02.delta.internal"
NAS-IP-Address = 127.0.0.1
NAS-Port = 1
NAS-Port-Type = Virtual
Service-Type = Framed-User
Framed-Protocol = PPP
Calling-Station-Id = "10.0.16.130"
Acct-Status-Type = Start
Framed-IP-Address = 10.0.16.130
Framed-IP-Netmask = 255.255.255.0
User-Name = "user"
Acct-Session-Id = "7130413-L-1"
Acct-Multi-Session-Id = "7130413-B-1"
Acct-Link-Count = 1
Acct-Authentic = RADIUS
Processing the preacct section of radiusd.conf
modcall: entering group preacct for request 1
modcall[preacct]: module "preprocess" returns noop for request 1
rlm_acct_unique: Hashing 'NAS-Port = 1,Client-IP-Address = 127.0.0.1,NAS-IP-Address = 127.0.0.1,Acct-Session-Id = "7130413-L-1",User-Name = "user"'
rlm_acct_unique: Acct-Unique-Session-ID = "bc54217738bcfa2b".
modcall[preacct]: module "acct_unique" returns ok for request 1
modcall: leaving group preacct (returns ok) for request 1
Processing the accounting section of radiusd.conf
modcall: entering group accounting for request 1
Using perl at 0x2040c136
modcall[accounting]: module "perl" returns ok for request 1
modcall: leaving group accounting (returns ok) for request 1
Sending Accounting-Response of id 57 to 127.0.0.1 port 62272
Finished request 1
Going to the next request
Cleaning up request 1 ID 57 with timestamp 4924862d
Waking up in 6 seconds...
rad_recv: Accounting-Request packet from host 127.0.0.1:53892, id=33, length=198
NAS-Identifier = "kvhoit02.delta.internal"
NAS-IP-Address = 127.0.0.1
NAS-Port = 1
NAS-Port-Type = Virtual
Service-Type = Framed-User
Framed-Protocol = PPP
Calling-Station-Id = "10.0.16.130"
Framed-IP-Address = 10.0.16.130
Framed-IP-Netmask = 255.255.255.0
User-Name = "user"
Acct-Session-Id = "7130413-L-1"
Acct-Multi-Session-Id = "7130413-B-1"
Acct-Link-Count = 1
Acct-Authentic = RADIUS
Acct-Status-Type = Stop
Acct-Terminate-Cause = Service-Unavailable
Acct-Session-Time = 5
Acct-Input-Octets = 180
Acct-Input-Packets = 11
Acct-Output-Octets = 150
Acct-Output-Packets = 11
Acct-Input-Gigawords = 0
Acct-Output-Gigawords = 0
Processing the preacct section of radiusd.conf
modcall: entering group preacct for request 2
modcall[preacct]: module "preprocess" returns noop for request 2
rlm_acct_unique: Hashing 'NAS-Port = 1,Client-IP-Address = 127.0.0.1,NAS-IP-Address = 127.0.0.1,Acct-Session-Id = "7130413-L-1",User-Name = "user"'
rlm_acct_unique: Acct-Unique-Session-ID = "bc54217738bcfa2b".
modcall[preacct]: module "acct_unique" returns ok for request 2
modcall: leaving group preacct (returns ok) for request 2
Processing the accounting section of radiusd.conf
modcall: entering group accounting for request 2
Using perl at 0x2040c136
modcall[accounting]: module "perl" returns ok for request 2
modcall: leaving group accounting (returns ok) for request 2
Sending Accounting-Response of id 33 to 127.0.0.1 port 53892
Finished request 2
Going to the next request
--- Walking the entire request list ---
Cleaning up request 2 ID 33 with timestamp 49248630
Waking up in 3 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 147 with timestamp 4924862d
Nothing to do. Sleeping until we see a request.
Когда коментирую все строки в радиусе и мпд связанные с
chap
pap
mschap
pam
вылетает ошибка - 738 (сервер не назначил адрес)
Помогите советом, как помирить эту связку и виндовс...
Если будет нужно выложу свои конфиги...
П.С. Хочу настроить все же с шифрованием... чтобы никто ничего лишнего посмотреть не смог...