Здавствуйте!
Есть впн клиенты, появилась необходимость сливать аккаунтинг в базу. В качестве радиуса выступал radius-cisctron и с ним циска работала нормально.Так как цистрон не умеет складывать всё это в базу, то решили перейти на freeradius. Вот с ним и возникли проблемы - не работает VPN
Конфиг радиуса включены аутентификация по PAP и CHAP. Подключение не проходит.
Повторюсь, на cistron всё работает без вопросов!
Конфиги радиуса
radius.conf
.
.
.
authorize {
pap
chap
}
authenticate {
Auth-Type PAP {
pap
}
Auth-Type CHAP {
chap
}
}
____________________________________________________________________
clients.conf
bfm_test Auth-Type := Local, User-Password == "bfm_test"
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-IP-Address = 10.78.16.129,
Framed-IP-Netmask = 255.255.255.255,
Session-Timeout = 86400
bfm_test1 Auth-Type := Local, User-Password == "bfm_test"
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-IP-Address = 10.78.16.130,
Framed-IP-Netmask = 255.255.255.255,
Session-Timeout = 86400
DEFAULT Service-Type == Framed-User
Framed-IP-Address = 255.255.255.254,
Framed-MTU = 576,
Service-Type = Framed-User,
Fall-Through = Yes
DEFAULT Framed-Protocol == PPP
Framed-Protocol = PPP,
Framed-Compression = Van-Jacobson-TCP-IP
_______________________________________________________
ЛОГИ на радиусе
Threads: total/active/spare threads = 5/1/4
Framed-Protocol = PPP
User-Name = "bfm_test"
User-Password = "bfm_test"
NAS-Port-Type = Virtual
NAS-Port = 367
NAS-Port-Id = "Uniq-Sess-ID367"
Service-Type = Framed-User
NAS-IP-Address = a.a.a.a
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 7
rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this.
modcall[authorize]: module "pap" returns noop for request 7
modcall[authorize]: module "chap" returns noop for request 7
modcall: leaving group authorize (returns noop) for request 7
auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user
auth: Failed to validate the user.
Login incorrect: [bfm_test/bfm_test] (from client korona port 367)
ЛОГ на циске:
.Apr 10 14:26:59: ppp367 PAP: I AUTH-REQ id 72 len 22 from "bfm_test"
.Apr 10 14:26:59: ppp367 PAP: Authenticating peer bfm_test
.Apr 10 14:26:59: ppp367 PPP: Phase is FORWARDING, Attempting Forward
.Apr 10 14:26:59: ppp367 PPP: Phase is AUTHENTICATING, Unauthenticated User
.Apr 10 14:26:59: RADIUS/ENCODE(000A0509):Orig. component type = VPDN
.Apr 10 14:26:59: RADIUS: AAA Unsupported Attr: interface [158] 15
.Apr 10 14:26:59: RADIUS: 55 6E 69 71 2D 53 65 73 73 2D 49 44 33 [Uniq-Sess-ID3]
.Apr 10 14:26:59: RADIUS(000A0509): Config NAS IP: 0.0.0.0
.Apr 10 14:26:59: RADIUS/ENCODE(000A0509): acct_session_id: 1035783
.Apr 10 14:26:59: RADIUS(000A0509): sending
.Apr 10 14:26:59: RADIUS/ENCODE: Best Local IP-Address a.a.a.afor Radius-Server 77.238.224.254
.Apr 10 14:26:59: RADIUS(000A0509): Send Access-Request to x.x.x.x:xid 1645/128, len 95
.Apr 10 14:26:59: RADIUS: authenticator 6E 41 C9 DC 3D 82 C0 17 - B4 87 16 34 CF B6 53 D7
.Apr 10 14:26:59: RADIUS: Framed-Protocol [7] 6 PPP [1]
.Apr 10 14:26:59: RADIUS: User-Name [1] 10 "bfm_test"
.Apr 10 14:26:59: RADIUS: User-Password [2] 18 *
.Apr 10 14:26:59: RADIUS: NAS-Port-Type [61] 6 Virtual [5]
.Apr 10 14:26:59: RADIUS: NAS-Port [5] 6 367
.Apr 10 14:26:59: RADIUS: NAS-Port-Id [87] 17 "Uniq-Sess-ID367"
.Apr 10 14:26:59: RADIUS: Service-Type [6] 6 Framed [2]
.Apr 10 14:26:59: RADIUS: NAS-IP-Address [4] 6 77.238.225.1
.Apr 10 14:27:02: ppp367 PAP: I AUTH-REQ id 73 len 22 from "bfm_test"
.Apr 10 14:27:02: ppp367 PAP: Ignoring Additional Request
.Apr 10 14:27:04: RADIUS: no sg in radius-timers: ctx 0x4818BF88 sg 0x0000
.Apr 10 14:27:04: RADIUS: Retransmit to (x.x.x.x:1812,1813) for id 1645/128
.Apr 10 14:27:04: RADIUS: Received from id 1645/128 x.x.x.x:1812, Access-Reject, len 20
.Apr 10 14:27:04: RADIUS: Response for non-existent request ident
.Apr 10 14:27:05: ppp367 PAP: I AUTH-REQ id 74 len 22 from "bfm_test"
.Apr 10 14:27:05: ppp367 PAP: Ignoring Additional Request
.Apr 10 14:27:08: ppp367 PAP: I AUTH-REQ id 75 len 22 from "bfm_test"
.Apr 10 14:27:08: ppp367 PAP: Ignoring Additional Request
.Apr 10 14:27:09: ppp367 AUTH: Timeout 1
.Apr 10 14:27:09: RADIUS: no sg in radius-timers: ctx 0x4818BF88 sg 0x0000
.Apr 10 14:27:09: RADIUS: Retransmit to (x.x.x.x:1812,1813) for id 1645/128
.Apr 10 14:27:11: ppp367 PAP: I AUTH-REQ id 76 len 22 from "bfm_test"
.Apr 10 14:27:11: ppp367 PAP: Ignoring Additional Request
.Apr 10 14:27:14: ppp367 PAP: I AUTH-REQ id 77 len 22 from "bfm_test"
.Apr 10 14:27:14: ppp367 PAP: Ignoring Additional Request
.Apr 10 14:27:14: ppp1028 PPP: Send Message[Dynamic Bind Response]
.Apr 10 14:27:14: ppp1028 PPP: Using vpn set call direction
.Apr 10 14:27:14: ppp1028 PPP: Treating connection as a callin
.Apr 10 14:27:14: ppp1028 PPP: Session handle[CB00089B] Session id[1028]
.Apr 10 14:27:14: ppp1028 PPP: Phase is ESTABLISHING, Passive Open
.Apr 10 14:27:14: ppp1028 LCP: State is Listen
.Apr 10 14:27:15: RADIUS: no sg in radius-timers: ctx 0x4818BF88 sg 0x0000
.Apr 10 14:27:15: RADIUS: Retransmit to (x.x.x.x:1812,1813) for id 1645/128
.Apr 10 14:27:15: RADIUS: Received from id 1645/128 x.x.x.x:1812, Access-Reject, len 2
Может забыл какую магическую строчку в конфиг... Если у кого есть рабочий конфиг для фрирадиуса, просьба поделиться! Решение проблемы необходимо, как всегда срочно и в пятницу....
Заранее благодарю за помощь