URL: https://www.opennet.me/cgi-bin/openforum/vsluhboard.cgi
Форум: vsluhforumID1
Нить номер: 67030
[ Назад ]

Исходное сообщение
"Авторизация в РАДИУСЕ"

Отправлено eGor , 20-Июн-06 02:10 
Поставил Радиус 1.0.5 + FreeNIBS 3.0.0 b1. Когда использую radtest то авторизация проходит нормально, а когда кто то пытается подконектится ко мне с другой машины то авторизация не проходит, говорит что неправильный пароль (он почему то так и остается в зашифрованом виде). вот часть лога radiusd -X :

        Service-Type = Framed-User
        Framed-Protocol = PPP
        User-Name = "test"
        CHAP-Password = 0xba180166b4502bdda1527d937ac121a133
        Calling-Station-Id = "10.0.7.17"
        NAS-IP-Address = 10.0.6.10
        NAS-Port = 0

modcall[authorize]: module "nibs" returns ok for request 1
rlm_chap: WARNING: Auth-Type already set.  Not setting to CHAP
modcall[authorize]: module "chap" returns noop for request 1
modcall[authorize]: module "mschap" returns noop for request 1
modcall: group authorize returns ok for request 1
  rad_check_password:  Found Auth-Type Nibs
auth: type "NIBS"

Login incorrect: [test/<CHAP-Password>] (from client localhost port 0 cli 10.0.7.17)


Содержание

Сообщения в этом обсуждении
"Авторизация в РАДИУСЕ"
Отправлено eGor , 20-Июн-06 02:30 
вот полный лог авторизации на всякий случай:
rad_recv: Access-Request packet from host 127.0.0.1:32780, id=100, length=80
        Service-Type = Framed-User
        Framed-Protocol = PPP
        User-Name = "test"
        CHAP-Password = 0x86f30949bd64ac826c94892ad556636269
        Calling-Station-Id = "10.0.7.17"
        NAS-IP-Address = 10.0.6.10
        NAS-Port = 0
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
  modcall[authorize]: module "preprocess" returns ok for request 0
radius_xlat:  'test'
rlm_nibs (sql_set_user): sql_set_user escaped user --> 'test'
rlm_nibs (nibs_fill_user): begin for user `test' ------------
radius_xlat:  'SELECT user, password, auth_type, uid, gid, deposit, credit, unix_timestamp(add_date), blocked, activated, unix_timestamp(expired), total_time, total_traffic, total_money, unix_timestamp(last_connection), framed_ip, framed_mask, callback_number, tos, do_with_tos, direction, fixed, fixed_cost, activation_time, total_time_limit, month_time_limit, week_time_limit, day_time_limit, total_traffic_limit, month_traffic_limit, week_traffic_limit, day_traffic_limit, total_money_limit, month_money_limit, week_money_limit, day_money_limit, login_time, huntgroup_name, simultaneous_use, port_limit, session_timeout, idle_timeout, shape, no_pass, no_acct, allow_callback, other_params, allowed_servers, auth_info FROM users WHERE user = 'test''
sal_get_socket: Reserving sql socket id: 60
sal_mysql: query:  SELECT user, password, auth_type, uid, gid, deposit, credit, unix_timestamp(add_date), blocked, activated, unix_timestamp(expired), total_time, total_traffic, total_money, unix_timestamp(last_connection), framed_ip, framed_mask, callback_number, tos, do_with_tos, direction, fixed, fixed_cost, activation_time, total_time_limit, month_time_limit, week_time_limit, day_time_limit, total_traffic_limit, month_traffic_limit, week_traffic_limit, day_traffic_limit, total_money_limit, month_money_limit, week_money_limit, day_money_limit, login_time, huntgroup_name, simultaneous_use, port_limit, session_timeout, idle_timeout, shape, no_pass, no_acct, allow_callback, other_params, allowed_servers, auth_info FROM users WHERE user = 'test'
sal_release_socket: Released sql socket id: 60
rlm_nibs (nibs_fill_user): end for user `test' ------------
rlm_nibs (nibs_add_attrs): begin for user `test' ------------
rlm_nibs (nibs_add_attrs): add PW_PASSWORD
rlm_nibs (nibs_add_attrs): add PW_FRAMED_IP_ADDRESS
rlm_nibs (nibs_add_attrs): add PW_FRAMED_IP_NETMASK
rlm_nibs (nibs_add_attrs): add PW_IDLE_TIMEOUT
rlm_nibs (nibs_add_attrs): add PW_SIMULTANEOUS_USE
rlm_nibs (nibs_add_attrs): add PW_SESSION_TIMEOUT
rlm_nibs (nibs_add_attrs): add PW_PORT_LIMIT
rlm_nibs (nibs_add_attrs): add all other params
rlm_nibs (nibs_add_attrs): end for user `test' ------------
  modcall[authorize]: module "nibs" returns ok for request 0
  rlm_chap: WARNING: Auth-Type already set.  Not setting to CHAP
  modcall[authorize]: module "chap" returns noop for request 0
  modcall[authorize]: module "mschap" returns noop for request 0
modcall: group authorize returns ok for request 0
  rad_check_password:  Found Auth-Type Nibs
auth: type "NIBS"
  Processing the authenticate section of radiusd.conf
modcall: entering group Auth-Type for request 0
radius_xlat:  'test'
rlm_nibs (sql_set_user): sql_set_user escaped user --> 'test'
radius_xlat:  'SELECT gid, auth_type, password, auth_info FROM users WHERE user = 'test''
sal_get_socket: Reserving sql socket id: 59
sal_mysql: query:  SELECT gid, auth_type, password, auth_info FROM users WHERE user = 'test'
radius_xlat:  'INSERT INTO invalid_attempts (timest, login, reason, call_from) VALUES ('2006-06-20 01:31:38', 'test', '%s', '%s')'
sal_get_socket: Reserving sql socket id: 58
sal_mysql: query:  INSERT INTO invalid_attempts (timest, login, reason, call_from) VALUES ('2006-06-20 01:31:38', 'test', '(rlm_nibs_authorize): Wrong password from user', '10.0.7.17')
sal_mysql: MYSQL check_error: 1146 received
nibs_log_invalid_attempts: database query error - Table 'freenibs.invalid_attempts' doesn't exist
sal_release_socket: Released sql socket id: 58
radius_xlat:  'rlm_nibs (rlm_nibs_authenticate): Wrong password for user `test' [10.0.6.10:0]'
rlm_nibs (rlm_nibs_authenticate): Wrong password for user `test' [10.0.6.10:0]. Called from <10.0.7.17>
sal_release_socket: Released sql socket id: 59
  modcall[authenticate]: module "nibs" returns reject for request 0
modcall: group Auth-Type returns reject for request 0
auth: Failed to validate the user.
Login incorrect: [test/<CHAP-Password>] (from client localhost port 0 cli 10.0.7.17)
Delaying request 0 for 1 seconds
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 100 to 127.0.0.1:32780
Waking up in 4 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 100 with timestamp 449725ca
Nothing to do.  Sleeping until we see a request.

"Авторизация в РАДИУСЕ"
Отправлено akmeslim , 06-Апр-10 13:22 
UP. Аналогичная проблема.

"Авторизация в РАДИУСЕ"
Отправлено akmeslim , 06-Апр-10 16:52 
>UP. Аналогичная проблема.

Решил. В моём случаи была проблема с secret, они не совпадали.