Всем привет.
Помогите настроить MS-CHAP в FreeRADIUS.
Пароли беруться из MySQL. Ниже файлы конфигурации и лог от FreeRADIUS.
Заранее спасибо.
/*********************************************************/
vi /usr/local/raddb/radiusd.conf
$INCLUDE ${confdir}/clients.conf
modules {
mschap {
authtype = MS-CHAP
#use_mppe = no
#require_encryption = yes
#require_strong = yes
}
$INCLUDE ${confdir}/sql.conf
files {
usersfile = ${confdir}/users
compat = no
}
}
authorize {
files
sql
mschap
}
authenticate {
mschap
}
/*********************************************************/
vi /usr/local/etc/raddb/users
DEFAULT Auth-Type := MS-CHAP
Fall-Through = 1
DEFAULT Service-Type == Framed-User
Framed-MTU = 1500,
Service-Type = Framed-User,
Fall-Through = Yes
DEFAULT Framed-Protocol == PPP
Framed-Protocol = PPP
/*********************************************************/
mysql> SELECT * FROM radcheck;
+----+----------+-----------+-------+------+
| id | UserName | Attribute | Value | op |
+----+----------+-----------+-------+------+
| 1 | user | Password | pass | |
+----+----------+-----------+-------+------+
1 row in set (0.01 sec)
mysql> SELECT * FROM radreply;
+----+----------+-------------------+----------------+------+
| id | UserName | Attribute | Value | op |
+----+----------+-------------------+----------------+------+
| 1 | user | Framed-IP-Address | 192.168.200.10 | |
| 2 | user | Framed-Protocol | PPP | |
| 3 | user | Framed-MTU | 1500 | |
| 4 | user | Service-Type | Framed-User | |
+----+----------+-------------------+----------------+------+
4 rows in set (0.01 sec)
/*********************************************************/
/usr/local/sbin/radiusd -X
Listening on IP address *, ports 1812/udp and 1813/udp, with proxy on 1814/udp.
Ready to process requests.
rad_recv: Access-Request packet from host 127.0.0.1:1060, id=40, length=127
User-Name = "user"
Service-Type = Framed-User
Framed-Protocol = PPP
CHAP-Password = 0x012478b145ba612577e1eb439b3893167d46f7d1383866cb3a09a821401b85c9e4070e49cca5a08e6033bde7955a575ff701
CHAP-Challenge = "7618748527158250"
NAS-IP-Address = 192.168.0.40
NAS-Identifier = "bsd"
modcall: entering group authorize
users: Matched DEFAULT at 1
users: Matched DEFAULT at 4
users: Matched DEFAULT at 9
modcall[authorize]: module "files" returns ok
radius_xlat: 'user'
sql_set_user: escaped user --> 'user'
radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'user' ORDER BY id'
rlm_sql: Reserving sql socket id: 4
radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'user' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'
radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = 'user' ORDER BY id'
radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'user' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id'
radius_xlat: 'SELECT Value,Attribute FROM radcheck WHERE UserName = 'user' AND ( Attribute = 'User-Password' OR Attribute = 'Password' OR Attribute = 'Crypt-Password' ) ORDER BY Attribute DESC'
rlm_sql: Released sql socket id: 4
modcall[authorize]: module "sql" returns ok
modcall[authorize]: module "mschap" returns noop
modcall: group authorize returns ok
rad_check_password: Found Auth-Type MS-CHAP
auth: type "MS-CHAP"
modcall: entering group authenticate
rlm_mschap: No LM/NT password configured. Check authorization.
modcall[authenticate]: module "mschap" returns invalid
modcall: group authenticate returns invalid
auth: Failed to validate the user.
Sending Access-Reject of id 40 to 127.0.0.1:1060
Вариант для распечатки
OpenNET: Виртуальная конференция (Public)
on
12-Окт-02, 10:43 (MSK)
