Вот что у меня имеется poptop последний freeradius2 последний и домен
когда я подключаюсь по vpn то появляется ошибка 778 на виндевот логи с radiusa
rad_recv: Access-Request packet from host 127.0.0.1 port 39747, id=4, length=159
User-Name = "user"
Service-Type = Framed
Framed-Protocol = PPP
MS-CHAP-Challenge = 0x36383436353336333837313231383536
MS-CHAP2-Response = 0x0100ec455fb949bf858a1ff8a3f458adf6260000000000000000c53f2d50cfe6a4e634ff92fb4b6d3046de55075992d06c61
NAS-IP-Address = 192.168.129.17
NAS-Identifier = "name of the server"
NAS-Port-Type = Virtual
+- entering group authorize {...}
Invalid operator for item Prefix: reverting to '=='
Invalid operator for item Prefix: reverting to '=='
Invalid operator for item Prefix: reverting to '=='
Invalid operator for item Prefix: reverting to '=='
++[preprocess] returns ok
++[chap] returns noop
[mschap] Found MS-CHAP attributes. Setting 'Auth-Type = mschap'
++[mschap] returns ok
[suffix] No '@' in User-Name = "user", looking up realm NULL
[suffix] Found realm "NULL"
[suffix] Adding Stripped-User-Name = "user"
[suffix] Adding Realm = "NULL"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns updated
[files] users: Matched entry DEFAULT at line 172
++[files] returns ok
[ldap] performing user authorization for user
[ldap] expand: %{Stripped-User-Name} -> user
[ldap] expand: (&(sAMAccountName=%{%{Stripped-User-Name}:-%{User-Name}})) -> (&(sAMAccountName=user))
[ldap] expand: cn=Users,dc=domain,dc=ru -> cn=Users,dc=domain,dc=ru
[ldap] ldap_get_conn: Checking Id: 0
[ldap] ldap_get_conn: Got Id: 0
[ldap] attempting LDAP reconnection
[ldap] (re)connect to pdcserver.ru:389, authentication 0
[ldap] bind as cn=ldapquery,cn=Users,dc=domain,dc=ru/LdaPassworD to pdcserver.ru:389
[ldap] waiting for bind result ...
[ldap] Bind was successful
[ldap] performing search in cn=Users,dc=domain,dc=ru, with filter (&(sAMAccountName=user))
[ldap] looking for check items in directory...
[ldap] looking for reply items in directory...
WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly?
[ldap] user user authorized to use remote access
[ldap] ldap_release_conn: Release Id: 0
++[ldap] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
Found Auth-Type = MSCHAP
+- entering group MS-CHAP {...}
[mschap] Told to do MS-CHAPv2 for user with NT-Password
[mschap] No NT-Domain was found in the User-Name.
[mschap] expand: %{mschap:NT-Domain} ->
[mschap] ... expanding second conditional
[mschap] expand: --domain=%{%{mschap:NT-Domain}:-DOMAIN} -> --domain=DOMAIN
[mschap] expand: --username=%{mschap:User-Name} -> --username=user
[mschap] mschap2: 36
[mschap] expand: --challenge=%{mschap:Challenge:-00} -> --challenge=3824793742ba3bc3
[mschap] expand: --nt-response=%{mschap:NT-Response:-00} -> --nt-response=c53f2d50cfe6a4e634ff92fb4b6d3046de55075992d06c61
Exec-Program output: NT_KEY: B4C58F170A2F1E34B79FE6F18DA85C95
Exec-Program-Wait: plaintext: NT_KEY: B4C58F170A2F1E34B79FE6F18DA85C95
Exec-Program: returned: 0
[mschap] adding MS-CHAPv2 MPPE keys
++[mschap] returns ok
+- entering group post-auth {...}
[reply_log] expand: /var/log/radacct/%{Client-IP-Address}/reply-detail-%Y%m%d -> /var/log/radacct/127.0.0.1/reply-detail-20100930
[reply_log] /var/log/radacct/%{Client-IP-Address}/reply-detail-%Y%m%d expands to /var/log/radacct/127.0.0.1/reply-detail-20100930
[reply_log] expand: %t -> Thu Sep 30 15:43:46 2010
++[reply_log] returns ok
++[exec] returns noop
Sending Access-Accept of id 4 to 127.0.0.1 port 39747
Framed-Protocol = PPP
Framed-Compression = VJ-TCP-IP
MS-CHAP2-Success = 0x01533d34373341304339443131314546423546304433373530364533393238374534324238453734423646
MS-MPPE-Recv-Key = 0x7bd268e2540446df00d96301c68b69c1
MS-MPPE-Send-Key = 0xedf57cfa9835e7103f45c371367b7945
MS-MPPE-Encryption-Policy = 0x00000002
MS-MPPE-Encryption-Types = 0x00000004
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 0 ID 4 with timestamp +25
Ready to process requests.
вот ещё лог с ppp.log
Sep 30 15:43:46 vpn2 ppp[4651]: Phase: Using interface: tun0
Sep 30 15:43:46 vpn2 ppp[4651]: Phase: deflink: Created in closed state
Sep 30 15:43:46 vpn2 ppp[4651]: Command: loop: set device localhost:pptp
Sep 30 15:43:46 vpn2 ppp[4651]: Command: loop: set dial
Sep 30 15:43:46 vpn2 ppp[4651]: Command: loop: set login
Sep 30 15:43:46 vpn2 ppp[4651]: Command: loop: set ifaddr 192.168.129.17 192.168.150.2-192.168.150.50 255.255.255.255
Sep 30 15:43:46 vpn2 ppp[4651]: IPCP: Selected IP address 192.168.150.2
Sep 30 15:43:46 vpn2 ppp[4651]: Command: loop: set server /tmp/loop ******** 0177
Sep 30 15:43:46 vpn2 ppp[4651]: Phase: Listening at local socket /tmp/loop.
Sep 30 15:43:46 vpn2 ppp[4651]: Command: pptp: disable pap
Sep 30 15:43:46 vpn2 ppp[4651]: Command: pptp: disable passwdauth
Sep 30 15:43:46 vpn2 ppp[4651]: Command: pptp: disable ipv6cp
Sep 30 15:43:46 vpn2 ppp[4651]: Command: pptp: enable proxy
Sep 30 15:43:46 vpn2 ppp[4651]: Command: pptp: accept dns
Sep 30 15:43:46 vpn2 ppp[4651]: Command: pptp: enable MSChapV2
Sep 30 15:43:46 vpn2 ppp[4651]: Command: pptp: enable mppe
Sep 30 15:43:46 vpn2 ppp[4651]: Command: pptp: disable deflate pred1
Sep 30 15:43:46 vpn2 ppp[4651]: Command: pptp: deny deflate pred1
Sep 30 15:43:46 vpn2 ppp[4651]: Command: pptp: set dns 10.1.1.1
Sep 30 15:43:46 vpn2 ppp[4651]: Command: pptp: set device !/etc/ppp/secure
Sep 30 15:43:46 vpn2 ppp[4651]: Command: pptp: set radius /etc/ppp/radius.conf
Sep 30 15:43:46 vpn2 ppp[4651]: Phase: PPP Started (direct mode).
Sep 30 15:43:46 vpn2 ppp[4651]: Phase: bundle: Establish
Sep 30 15:43:46 vpn2 ppp[4651]: Phase: deflink: closed -> opening
Sep 30 15:43:46 vpn2 ppp[4651]: Phase: deflink: Connected!
Sep 30 15:43:46 vpn2 ppp[4651]: Phase: deflink: opening -> carrier
Sep 30 15:43:46 vpn2 ppp[4651]: Phase: deflink: carrier -> lcp
Sep 30 15:43:46 vpn2 ppp[4651]: LCP: FSM: Using "deflink" as a transport
Sep 30 15:43:46 vpn2 ppp[4651]: LCP: deflink: State change Initial --> Closed
Sep 30 15:43:46 vpn2 ppp[4651]: LCP: deflink: State change Closed --> Stopped
Sep 30 15:43:46 vpn2 ppp[4651]: LCP: deflink: RecvConfigReq(0) state = Stopped
Sep 30 15:43:46 vpn2 ppp[4651]: LCP: MRU[4] 1400
Sep 30 15:43:46 vpn2 ppp[4651]: LCP: MAGICNUM[6] 0x2fd12bee
Sep 30 15:43:46 vpn2 ppp[4651]: LCP: PROTOCOMP[2]
Sep 30 15:43:46 vpn2 ppp[4651]: LCP: ACFCOMP[2]
Sep 30 15:43:46 vpn2 ppp[4651]: LCP: CALLBACK[3] CBCP
Sep 30 15:43:46 vpn2 ppp[4651]: LCP: deflink: SendConfigReq(1) state = Stopped
Sep 30 15:43:46 vpn2 ppp[4651]: LCP: ACFCOMP[2]
Sep 30 15:43:46 vpn2 ppp[4651]: LCP: PROTOCOMP[2]
Sep 30 15:43:46 vpn2 ppp[4651]: LCP: ACCMAP[6] 0x00000000
Sep 30 15:43:46 vpn2 ppp[4651]: LCP: MRU[4] 1500
Sep 30 15:43:46 vpn2 ppp[4651]: LCP: MAGICNUM[6] 0xca9deb51
Sep 30 15:43:46 vpn2 ppp[4651]: LCP: AUTHPROTO[5] 0xc223 (CHAP 0x81)
Sep 30 15:43:46 vpn2 ppp[4651]: LCP: deflink: SendConfigRej(0) state = Stopped
Sep 30 15:43:46 vpn2 ppp[4651]: LCP: CALLBACK[3] CBCP
Sep 30 15:43:46 vpn2 ppp[4651]: LCP: deflink: LayerStart
Sep 30 15:43:46 vpn2 ppp[4651]: LCP: deflink: State change Stopped --> Req-Sent
Sep 30 15:43:46 vpn2 ppp[4651]: LCP: deflink: RecvConfigAck(1) state = Req-Sent
Sep 30 15:43:46 vpn2 ppp[4651]: LCP: ACFCOMP[2]
Sep 30 15:43:46 vpn2 ppp[4651]: LCP: PROTOCOMP[2]
Sep 30 15:43:46 vpn2 ppp[4651]: LCP: ACCMAP[6] 0x00000000
Sep 30 15:43:46 vpn2 ppp[4651]: LCP: MRU[4] 1500
Sep 30 15:43:46 vpn2 ppp[4651]: LCP: MAGICNUM[6] 0xca9deb51
Sep 30 15:43:46 vpn2 ppp[4651]: LCP: AUTHPROTO[5] 0xc223 (CHAP 0x81)
Sep 30 15:43:46 vpn2 ppp[4651]: LCP: deflink: State change Req-Sent --> Ack-Rcvd
Sep 30 15:43:46 vpn2 ppp[4651]: LCP: deflink: RecvConfigReq(1) state = Ack-Rcvd
Sep 30 15:43:46 vpn2 ppp[4651]: LCP: MRU[4] 1400
Sep 30 15:43:46 vpn2 ppp[4651]: LCP: MAGICNUM[6] 0x2fd12bee
Sep 30 15:43:46 vpn2 ppp[4651]: LCP: PROTOCOMP[2]
Sep 30 15:43:46 vpn2 ppp[4651]: LCP: ACFCOMP[2]
Sep 30 15:43:46 vpn2 ppp[4651]: LCP: deflink: SendConfigAck(1) state = Ack-Rcvd
Sep 30 15:43:46 vpn2 ppp[4651]: LCP: MRU[4] 1400
Sep 30 15:43:46 vpn2 ppp[4651]: LCP: MAGICNUM[6] 0x2fd12bee
Sep 30 15:43:46 vpn2 ppp[4651]: LCP: PROTOCOMP[2]
Sep 30 15:43:46 vpn2 ppp[4651]: LCP: ACFCOMP[2]
Sep 30 15:43:46 vpn2 ppp[4651]: LCP: deflink: State change Ack-Rcvd --> Opened
Sep 30 15:43:46 vpn2 ppp[4651]: LCP: deflink: LayerUp
Sep 30 15:43:46 vpn2 ppp[4651]: Phase: bundle: Authenticate
Sep 30 15:43:46 vpn2 ppp[4651]: Phase: deflink: his = none, mine = CHAP 0x81
Sep 30 15:43:46 vpn2 ppp[4651]: Phase: Chap Output: CHALLENGE
Sep 30 15:43:46 vpn2 ppp[4651]: LCP: deflink: RecvIdent(2) state = Opened
Sep 30 15:43:46 vpn2 ppp[4651]: LCP: MAGICNUM 2fd12bee
Sep 30 15:43:46 vpn2 ppp[4651]: LCP: TEXT MSRA
Sep 30 15:43:46 vpn2 ppp[4651]: LCP: deflink: RecvIdent(3) state = Opened
Sep 30 15:43:46 vpn2 ppp[4651]: LCP: MAGICNUM 2fd12bee
Sep 30 15:43:46 vpn2 ppp[4651]: LCP: TEXT MSRAS-0-MNI
Sep 30 15:43:46 vpn2 ppp[4651]: LCP: deflink: RecvIdent(4) state = Opened
Sep 30 15:43:46 vpn2 ppp[4651]: LCP: MAGICNUM 2fd12bee
Sep 30 15:43:46 vpn2 ppp[4651]: LCP: TEXT \xb3-rM-^]<M-^MpHM-^O\xa9
Sep 30 15:43:46 vpn2 ppp[4651]: Phase: Chap Input: RESPONSE (49 bytes from user)
Sep 30 15:43:46 vpn2 ppp[4651]: Phase: Radius: Request sent
Sep 30 15:43:46 vpn2 ppp[4651]: Phase: Radius(auth): ACCEPT received
Sep 30 15:43:46 vpn2 ppp[4651]: Phase: VJ enabled
Sep 30 15:43:46 vpn2 ppp[4651]: Phase: MS-CHAP2-Success "S=473A0C9D111EFB5F0D37506E39287E42B8E74B6F"
Sep 30 15:43:46 vpn2 ppp[4651]: Phase: MS-MPPE-Recv-Key ********
Sep 30 15:43:46 vpn2 ppp[4651]: Phase: MS-MPPE-Send-Key ********
Sep 30 15:43:46 vpn2 ppp[4651]: Phase: MS-MPPE-Encryption-Policy Required
Sep 30 15:43:46 vpn2 ppp[4651]: Phase: MS-MPPE-Encryption-Types 128 bit
Sep 30 15:43:46 vpn2 ppp[4651]: Phase: Chap Output: SUCCESS
Sep 30 15:43:46 vpn2 ppp[4651]: Phase: deflink: lcp -> open
Sep 30 15:43:46 vpn2 ppp[4651]: Phase: bundle: Network
Sep 30 15:43:46 vpn2 ppp[4651]: IPCP: FSM: Using "deflink" as a transport
Sep 30 15:43:46 vpn2 ppp[4651]: IPCP: deflink: State change Initial --> Closed
Sep 30 15:43:46 vpn2 ppp[4651]: IPCP: deflink: LayerStart.
Sep 30 15:43:46 vpn2 ppp[4651]: IPCP: deflink: SendConfigReq(1) state = Closed
Sep 30 15:43:46 vpn2 ppp[4651]: IPCP: IPADDR[6] 192.168.150.2
Sep 30 15:43:46 vpn2 ppp[4651]: IPCP: COMPPROTO[6] 16 VJ slots with slot compression
Sep 30 15:43:46 vpn2 ppp[4651]: IPCP: deflink: State change Closed --> Req-Sent
Sep 30 15:43:46 vpn2 ppp[4651]: LCP: deflink: RecvTerminateReq(5) state = Opened
Sep 30 15:43:46 vpn2 ppp[4651]: LCP: deflink: LayerDown
Sep 30 15:43:46 vpn2 ppp[4651]: LCP: deflink: SendTerminateAck(5) state = Opened
Sep 30 15:43:46 vpn2 ppp[4651]: LCP: deflink: State change Opened --> Stopping
Sep 30 15:43:46 vpn2 ppp[4651]: LCP: deflink: State change Stopping --> Closing
Sep 30 15:43:46 vpn2 ppp[4651]: Phase: deflink: open -> lcp
Sep 30 15:43:46 vpn2 ppp[4651]: IPCP: deflink: State change Req-Sent --> Starting
Sep 30 15:43:46 vpn2 ppp[4651]: IPCP: deflink: LayerFinish.
Sep 30 15:43:46 vpn2 ppp[4651]: IPCP: Connect time: 0 secs: 0 octets in, 0 octets out
Sep 30 15:43:46 vpn2 ppp[4651]: IPCP: 0 packets in, 0 packets out
Sep 30 15:43:46 vpn2 ppp[4651]: IPCP: total 0 bytes/sec, peak 0 bytes/sec on Thu Sep 30 15:43:46 2010
Sep 30 15:43:46 vpn2 ppp[4651]: IPCP: deflink: State change Starting --> Initial
Sep 30 15:43:46 vpn2 ppp[4651]: Phase: bundle: Terminate
Sep 30 15:43:46 vpn2 ppp[4651]: Phase: Exception detected on descriptor 0
Sep 30 15:43:46 vpn2 ppp[4651]: LCP: deflink: LayerFinish
Sep 30 15:43:46 vpn2 ppp[4651]: LCP: deflink: State change Closing --> Initial
Sep 30 15:43:46 vpn2 ppp[4651]: Phase: deflink: Disconnected!
Sep 30 15:43:46 vpn2 ppp[4651]: Phase: deflink: Connect time: 0 secs: 362 octets in, 286 octets out
Sep 30 15:43:46 vpn2 ppp[4651]: Phase: deflink: 8 packets in, 8 packets out
Sep 30 15:43:46 vpn2 ppp[4651]: Phase: total 648 bytes/sec, peak 0 bytes/sec on Thu Sep 30 15:43:46 2010
Sep 30 15:43:46 vpn2 ppp[4651]: Phase: deflink: lcp -> closed
Sep 30 15:43:46 vpn2 ppp[4651]: Phase: bundle: Dead
Sep 30 15:43:46 vpn2 ppp[4651]: Phase: PPP Terminated (normal).
Sep 30 15:43:46 vpn2 ppp[4651]: Warning: 192.168.150.2: Cannot determine ethernet address for proxy ARP
так вот мои конфиги с pptpd
debug
nobsdcomp
proxyarp
localip 192.168.129.17
remoteip 192.168.150.2-50
pidfile /var/run/pptpd.pid
+chapms-v2
mppe-40
mppe-128
mppe-stateless
plugin radius.so
plugin radattr.so
конфиг ppp
loop:
set timeout 0
set log phase chat connect lcp ipcp command
set device localhost:pptp
set dial
set login
# Server (local) IP address, Range for Clients, and Netmask
set ifaddr 192.168.129.17 192.168.150.2-192.168.150.50 255.255.255.255
set server /tmp/loop "" 0177
loop-in:
set timeout 0
set log phase lcp ipcp command
allow mode direct
pptp:
load loop
disable pap
disable passwdauth
disable ipv6cp
enable proxy
accept dns
enable MSChapV2
enable mppe
disable deflate pred1
deny deflate pred1
set dns XXX.XXX.XXX.XXX
set device !/etc/ppp/secure
set radius /etc/ppp/radius.conf
конфиг raddb
prefix = /usr/local
exec_prefix = ${prefix}
sysconfdir = ${prefix}/etc
localstatedir = /var
sbindir = ${exec_prefix}/sbin
logdir = /var/log
raddbdir = ${sysconfdir}/raddb
radacctdir = ${logdir}/radacct
name = radiusd
confdir = ${raddbdir}
run_dir = ${localstatedir}/run/${name}
db_dir = ${raddbdir}
libdir = /usr/local/lib/freeradius-2.1.9
pidfile = ${run_dir}/${name}.pid
user = freeradius
group = freeradius
max_request_time = 30
cleanup_delay = 5
max_requests = 1024
listen {
type = auth
ipaddr = *
port = 0
# interface = eth0
ipaddr = *
# ipv6addr = :: # any. ::1 == localhost
port = 0
# interface = eth0
# clients = per_socket_clients
}
listen {
ipaddr = *
# ipv6addr = ::
port = 0
type = acct
# interface = eth0
# clients = per_socket_clients
}
hostname_lookups = no
allow_core_dumps = no
regular_expressions = yes
extended_expressions = yes
log {
destination = files
file = ${logdir}/radius.log
syslog_facility = daemon
stripped_names = no
auth = no
auth_badpass = no
auth_goodpass = no
}
checkrad = ${sbindir}/checkrad
security {
max_attributes = 200
reject_delay = 1
status_server = yes
}
proxy_requests = yes
$INCLUDE ${confdir}/proxy.conf
$INCLUDE clients.conf
thread pool {
start_servers = 5
max_servers = 32
min_spare_servers = 3
max_spare_servers = 10
max_requests_per_server = 0
}
modules {
$INCLUDE ${confdir}/modules/
$INCLUDE eap.conf
# $INCLUDE sql.conf
# $INCLUDE sql/mysql/counter.conf
# $INCLUDE sqlippool.conf
}
instantiate {
exec
expr
# daily
expiration
logintime
#redundant redundant_sql {
# sql1
# sql2
#}
}
$INCLUDE policy.conf
$INCLUDE sites-enabled/
моя машина в домене когда я делаю wbinfo -u или -g то она выдаёт всех юзеро и группы. Насколько я понеял то poptop принимает всё с windows vpn потом посылат всё в радиус тот авторизирует юзера в домене и посылает обратно что всё ок но ответ недаходит или теряться кокаято информация.
Если кто может то помогите добить етот впн
Вариант для распечатки
(ok) on 30-Сен-10, 16:14 
