циску настраивал по этому доку http://wiki.sirmax.noname.com.ua/index.php/Cisco-vpn (у меня тож 1841).
winbindd поднят и работает.
Код: Выделить всё
testsamba# ps -ax | grep winbindd
805 ?? Ss 0:00.22 /usr/local/sbin/winbindd -s /usr/local/etc/smb.conf
819 ?? I 0:00.29 /usr/local/sbin/winbindd -s /usr/local/etc/smb.conf
825 ?? I 0:00.08 /usr/local/sbin/winbindd -s /usr/local/etc/smb.conf
836 ?? I 0:00.01 /usr/local/sbin/winbindd -s /usr/local/etc/smb.conf
858 ?? I 0:00.00 /usr/local/sbin/winbindd -s /usr/local/etc/smb.conf
Код: Выделить всё
testsamba# ps -ax | grep radi
1331 2 I+ 0:02.04 radiusd -X
Код: Выделить всё
rad_recv: Access-Request packet from host 192.168.104.251:1645, id=27, length=168
Framed-Protocol = PPP
User-Name = "testuser@BT"
MS-CHAP-Challenge = 0x7769a9a57c9365b460a35af3124ceaab
MS-CHAP2-Response = 0x0100762c314a34473d29c9da60351bd5e1270000000000000000cb523bf67ae2af70463a071ac102ba08970950968bf77418
NAS-Port-Type = Virtual
Service-Type = Framed-User
NAS-IP-Address = 91.122.53.75
Acct-Session-Id = "0000003B"
NAS-Identifier = "Router_2.bt"
Event-Timestamp = "May 29 2012 18:22:11 SAMST"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
modcall[authorize]: module "preprocess" returns ok for request 1
modcall[authorize]: module "chap" returns noop for request 1
rlm_mschap: Found MS-CHAP attributes. Setting 'Auth-Type = mschap'
modcall[authorize]: module "mschap" returns ok for request 1
rlm_realm: Looking up realm "BT" for User-Name = "testuser@BT"
rlm_realm: No such realm "BT"
modcall[authorize]: module "suffix" returns noop for request 1
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module "eap" returns noop for request 1
users: Matched entry DEFAULT at line 153
users: Matched entry DEFAULT at line 172
users: Matched entry DEFAULT at line 184
modcall[authorize]: module "files" returns ok for request 1
modcall: leaving group authorize (returns ok) for request 1
rad_check_password: Found Auth-Type MS-CHAP
auth: type "MS-CHAP"
Processing the authenticate section of radiusd.conf
modcall: entering group MS-CHAP for request 1
rlm_mschap: No User-Password configured. Cannot create LM-Password.
rlm_mschap: No User-Password configured. Cannot create NT-Password.
rlm_mschap: Told to do MS-CHAPv2 for testuser@BT with NT-Password
radius_xlat: Running registered xlat function of module mschap for string 'NT-Domain'
rlm_mschap: No NT-Domain was found in the User-Name.
radius_xlat: '--domain='
radius_xlat: Running registered xlat function of module mschap for string 'User-Name'
radius_xlat: '--username=testuser@BT'
radius_xlat: Running registered xlat function of module mschap for string 'Challenge'
mschap2: 77
radius_xlat: '--challenge=a547d7e96455338c'
radius_xlat: Running registered xlat function of module mschap for string 'NT-Response'
radius_xlat: '--nt-response=cb523bf67ae2af70463a071ac102ba08970950968bf77418'
Exec-Program output: Reading winbind reply failed! (0xc0000001)
Exec-Program-Wait: plaintext: Reading winbind reply failed! (0xc0000001)
Exec-Program: returned: 1
rlm_mschap: External script failed.
rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
modcall[authenticate]: module "mschap" returns reject for request 1
modcall: leaving group MS-CHAP (returns reject) for request 1
auth: Failed to validate the user.
Delaying request 1 for 1 seconds
Finished request 1
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 27 to 192.168.104.251 port 1645
Waking up in 4 seconds...
--- Walking the entire request list ---
Cleaning up request 1 ID 27 with timestamp 4fc4db63
Nothing to do. Sleeping until we see a request.
rad_recv: Access-Request packet from host 192.168.104.251:1645, id=28, length=165
Framed-Protocol = PPP
User-Name = "testuser"
MS-CHAP-Challenge = 0xcde8b9c404f7498880d6a52c2209f988
MS-CHAP2-Response = 0x010016c79ac0f684b01f93b854d845de85ce0000000000000000b95342632574d96fc6f08c990ef225e9b90da3a397465863
NAS-Port-Type = Virtual
Service-Type = Framed-User
NAS-IP-Address = 91.122.53.75
Acct-Session-Id = "0000003C"
NAS-Identifier = "Router_2.bt"
Event-Timestamp = "May 29 2012 18:22:24 SAMST"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 2
modcall[authorize]: module "preprocess" returns ok for request 2
modcall[authorize]: module "chap" returns noop for request 2
rlm_mschap: Found MS-CHAP attributes. Setting 'Auth-Type = mschap'
modcall[authorize]: module "mschap" returns ok for request 2
rlm_realm: No '@' in User-Name = "testuser", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 2
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module "eap" returns noop for request 2
users: Matched entry DEFAULT at line 153
users: Matched entry DEFAULT at line 172
users: Matched entry DEFAULT at line 184
modcall[authorize]: module "files" returns ok for request 2
modcall: leaving group authorize (returns ok) for request 2
rad_check_password: Found Auth-Type MS-CHAP
auth: type "MS-CHAP"
Processing the authenticate section of radiusd.conf
modcall: entering group MS-CHAP for request 2
rlm_mschap: No User-Password configured. Cannot create LM-Password.
rlm_mschap: No User-Password configured. Cannot create NT-Password.
rlm_mschap: Told to do MS-CHAPv2 for testuser with NT-Password
radius_xlat: Running registered xlat function of module mschap for string 'NT-Domain'
rlm_mschap: No NT-Domain was found in the User-Name.
radius_xlat: '--domain='
radius_xlat: Running registered xlat function of module mschap for string 'User-Name'
radius_xlat: '--username=testuser'
radius_xlat: Running registered xlat function of module mschap for string 'Challenge'
mschap2: cd
radius_xlat: '--challenge=d8e1c604e6d94989'
radius_xlat: Running registered xlat function of module mschap for string 'NT-Response'
radius_xlat: '--nt-response=b95342632574d96fc6f08c990ef225e9b90da3a397465863'
Exec-Program output: Reading winbind reply failed! (0xc0000001)
Exec-Program-Wait: plaintext: Reading winbind reply failed! (0xc0000001)
Exec-Program: returned: 1
rlm_mschap: External script failed.
rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
modcall[authenticate]: module "mschap" returns reject for request 2
modcall: leaving group MS-CHAP (returns reject) for request 2
auth: Failed to validate the user.
Delaying request 2 for 1 seconds
Finished request 2
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 28 to 192.168.104.251 port 1645
Waking up in 4 seconds...
--- Walking the entire request list ---
Cleaning up request 2 ID 28 with timestamp 4fc4db71
Nothing to do. Sleeping until we see a request.
Код: Выделить всё
testsamba# wbinfo -a testuser%12345
plaintext password authentication failed
Could not authenticate user testuser%12345 with plaintext password
challenge/response password authentication succeeded
testsamba# ntlm_auth --request-nt-key --domain=BT --username=testuser
password:
NT_STATUS_OK: Success (0x0)
Ну и эта падла не пишет логи нормально. Приходится запускать с ключом -X чтоб все на экран сыпалось. (права на файлы верные). По ошибке Exec-Program output: Reading winbind reply failed! (0xc0000001) гугл ничего чтобы помогло решить проблему не показал.
Буду благодарен за пинок в нужном направлении.