The OpenNET Project / Index page

[ новости /+++ | форум | wiki | теги | ]

форумы  помощь  поиск  регистрация  майллист  вход/выход  слежка  RSS
"MPD 5.0b1 + FreeRADIUS Version 1.1.7"
Вариант для распечатки  
Пред. тема | След. тема 
Форумы OpenNET: Виртуальная конференция (Public)
Изначальное сообщение [ Отслеживать ]

"MPD 5.0b1 + FreeRADIUS Version 1.1.7"  
Сообщение от pawko (ok) on 19-Ноя-08, 21:34 
Ситуация - ставлю Абілс... все настроил... но вот при попытке залогиниться из винды ошибка 734...
И вот что пишет МПД

[L-1] Accepting PPTP connection
[L-1] link: OPEN event
[L-1] LCP: Open event
[L-1] LCP: state change Initial --> Starting
[L-1] LCP: LayerStart
[L-1] PPTP: attaching to peer's outgoing call
[L-1] link: UP event
[L-1] link: origination is remote
[L-1] LCP: Up event
[L-1] LCP: state change Starting --> Req-Sent
[L-1] LCP: SendConfigReq #1
ACFCOMP
PROTOCOMP
MRU 1500
MAGICNUM 46e73799
AUTHPROTO CHAP MSOFTv2
MP MRRU 1600
ENDPOINTDISC [802.1] 00 15 f2 60 31 ce
[L-1] LCP: rec'd Configure Request #0 (Req-Sent)
MRU 1400
MAGICNUM 0a891978
PROTOCOMP
ACFCOMP
CALLBACK 6
[L-1] LCP: SendConfigRej #0
CALLBACK 6
[L-1] LCP: rec'd Configure Request #1 (Req-Sent)
MRU 1400
MAGICNUM 0a891978
PROTOCOMP
ACFCOMP
[L-1] LCP: SendConfigAck #1
MRU 1400
MAGICNUM 0a891978
PROTOCOMP
ACFCOMP
[L-1] LCP: state change Req-Sent --> Ack-Sent
[L-1] LCP: SendConfigReq #2
ACFCOMP
PROTOCOMP
MRU 1500
MAGICNUM 46e73799
AUTHPROTO CHAP MSOFTv2
MP MRRU 1600
ENDPOINTDISC [802.1] 00 15 f2 60 31 ce
[L-1] LCP: rec'd Configure Reject #2 (Ack-Sent)
MP MRRU 1600
ENDPOINTDISC [802.1] 00 15 f2 60 31 ce
[L-1] LCP: SendConfigReq #3
ACFCOMP
PROTOCOMP
MRU 1500
MAGICNUM 46e73799
AUTHPROTO CHAP MSOFTv2
[L-1] LCP: rec'd Configure Ack #3 (Ack-Sent)
ACFCOMP
PROTOCOMP
MRU 1500
MAGICNUM 46e73799
AUTHPROTO CHAP MSOFTv2
[L-1] LCP: state change Ack-Sent --> Opened
[L-1] LCP: auth: peer wants nothing, I want CHAP
[L-1] CHAP: sending CHALLENGE len:17
[L-1] LCP: LayerUp
[L-1] LCP: rec'd Ident #2 (Opened)
[L-1] LCP: rec'd Ident #3 (Opened)
[L-1] CHAP: rec'd RESPONSE #1
Name: "user"
[L-1] AUTH: Auth-Thread started
[L-1] AUTH: Trying RADIUS
[L-1] RADIUS: RadiusAuthenticate for: user
[L-1] RADIUS: rec'd RAD_ACCESS_ACCEPT for user user
[L-1] AUTH: RADIUS returned authenticated
[L-1] AUTH: Auth-Thread finished normally
[L-1] CHAP: ChapInputFinish: status authenticated
Reply message: S=6DDBB7E7A74CCD77F7C807045E5F94AC662A7634
[L-1] CHAP: sending SUCCESS len:42
[L-1] LCP: authorization successful
[L-1] Matched link action 'bundle "B" ""'
[L-1] Creating new bundle using template "B".
[B-1] using interface ng0
[B-1] Bundle up: 1 link, total bandwidth 64000 bps
[B-1] IPCP: Open event
[B-1] IPCP: state change Initial --> Starting
[B-1] IPCP: LayerStart
[B-1] CCP: Open event
[B-1] CCP: state change Initial --> Starting
[B-1] CCP: LayerStart
[B-1] IPCP: Up event
[B-1] IPCP: state change Starting --> Req-Sent
[B-1] IPCP: SendConfigReq #1
IPADDR 10.0.16.10
COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
[B-1] CCP: Up event
[B-1] CCP: state change Starting --> Req-Sent
[B-1] CCP: SendConfigReq #1
MPPC
0x01000060:MPPE(40, 128 bits), stateless
[B-1] CCP: rec'd Configure Request #4 (Req-Sent)
MPPC
0x01000001:MPPC, stateless
[B-1] CCP: SendConfigNak #4
MPPC
0x01000060:MPPE(40, 128 bits), stateless
[B-1] IPCP: rec'd Configure Request #5 (Req-Sent)
IPADDR 0.0.0.0
NAKing with 10.0.16.130
PRIDNS 0.0.0.0
NAKing with 10.0.31.1
PRINBNS 0.0.0.0
SECDNS 0.0.0.0
SECNBNS 0.0.0.0
[B-1] IPCP: SendConfigRej #5
PRINBNS 0.0.0.0
SECDNS 0.0.0.0
SECNBNS 0.0.0.0
[B-1] IPCP: rec'd Configure Reject #1 (Req-Sent)
COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
[B-1] IPCP: SendConfigReq #2
IPADDR 10.0.16.10
[B-1] CCP: rec'd Configure Nak #1 (Req-Sent)
MPPC
0x01000040:MPPE(128 bits), stateless
[B-1] CCP: SendConfigReq #2
MPPC
0x01000040:MPPE(128 bits), stateless
[B-1] CCP: rec'd Configure Request #6 (Req-Sent)
MPPC
0x01000040:MPPE(128 bits), stateless
[B-1] CCP: SendConfigAck #6
MPPC
0x01000040:MPPE(128 bits), stateless
[B-1] CCP: state change Req-Sent --> Ack-Sent
[B-1] IPCP: rec'd Configure Request #7 (Req-Sent)
IPADDR 0.0.0.0
NAKing with 10.0.16.130
PRIDNS 0.0.0.0
NAKing with 10.0.31.1
[B-1] IPCP: SendConfigNak #7
IPADDR 10.0.16.130
PRIDNS 10.0.31.1
[B-1] IPCP: rec'd Configure Ack #2 (Req-Sent)
IPADDR 10.0.16.10
[B-1] IPCP: state change Req-Sent --> Ack-Rcvd
[B-1] CCP: rec'd Configure Ack #2 (Ack-Sent)
MPPC
0x01000040:MPPE(128 bits), stateless
[B-1] CCP: state change Ack-Sent --> Opened
[B-1] CCP: LayerUp
Compress using: mppc (MPPE(128 bits), stateless)
Decompress using: mppc (MPPE(128 bits), stateless)
[B-1] IPCP: rec'd Configure Request #8 (Ack-Rcvd)
IPADDR 10.0.16.130
10.0.16.130 is OK
PRIDNS 10.0.31.1
[B-1] IPCP: SendConfigAck #8
IPADDR 10.0.16.130
PRIDNS 10.0.31.1
[B-1] IPCP: state change Ack-Rcvd --> Opened
[B-1] IPCP: LayerUp
10.0.16.10 -> 10.0.16.130
[L-1] AUTH: Accounting-Thread started
[L-1] RADIUS: RadiusAccount for: user (Type: 1)
[L-1] RADIUS: rec'd RAD_ACCOUNTING_RESPONSE for user user
[L-1] RADIUS: RadiusGetParams: WARNING no MPPE-Keys received, MPPE will not work
[B-1] IFACE: Up event
[B-1] IPCP: rec'd Terminate Request #9 (Opened)
[B-1] IPCP: state change Opened --> Stopping
[B-1] IPCP: SendTerminateAck #3
[B-1] IPCP: LayerDown
[B-1] IFACE: Down event
[L-1] AUTH: Accounting-Thread finished normally
[B-1] IPCP: rec'd Terminate Request #10 (Stopping)
[B-1] IPCP: SendTerminateAck #4
[B-1] IPCP: state change Stopping --> Stopped
[B-1] IPCP: LayerFinish
[B-1] No NCPs left. Closing links...
[B-1] closing link "L-1"...
[L-1] link: CLOSE event
[L-1] LCP: Close event
[L-1] LCP: state change Opened --> Closing
[L-1] AUTH: Accounting data for user user: 5 seconds, 180 octets in, 150 octets out
[B-1] Bundle up: 0 links, total bandwidth 9600 bps
[B-1] IPCP: Close event
[B-1] IPCP: state change Stopped --> Closed
[B-1] CCP: Close event
[B-1] CCP: state change Opened --> Closing
[B-1] CCP: SendTerminateReq #3
[B-1] error writing len 8 frame to bypass: Network is down
[B-1] CCP: LayerDown
[B-1] IPCP: Down event
[B-1] IPCP: state change Closed --> Initial
[B-1] CCP: Down event
[B-1] CCP: LayerFinish
[B-1] CCP: state change Closing --> Initial
[B-1] Bundle shutdown
[L-1] AUTH: Cleanup
[L-1] LCP: SendTerminateReq #4
[L-1] LCP: LayerDown
[L-1] AUTH: Accounting-Thread started
[L-1] RADIUS: RadiusAccount for: user (Type: 2)
[L-1] RADIUS: Termination cause: Protocol error, RADIUS: 15
[L-1] LCP: rec'd Terminate Ack #4 (Closing)
[L-1] LCP: state change Closing --> Closed
[L-1] LCP: LayerFinish
[L-1] PPTP call terminated
[L-1] link: DOWN event
[L-1] LCP: Down event
[L-1] LCP: state change Closed --> Initial
[L-1] link: SHUTDOWN event
[L-1] RADIUS: rec'd RAD_ACCOUNTING_RESPONSE for user user
[L-1] RADIUS: RadiusGetParams: WARNING no MPPE-Keys received, MPPE will not work
[L-1] AUTH: Accounting-Thread finished normally

а вот что радиус

Starting - reading configuration files ...
reread_config:  reading radiusd.conf
Config:   including file: /usr/local/etc/raddb/clients.conf
main: prefix = "/usr/local"
main: localstatedir = "/var"
main: logdir = "/var/log"
main: libdir = "/usr/local/lib"
main: radacctdir = "/var/log/radacct"
main: hostname_lookups = no
main: snmp = no
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 2048
main: delete_blocked_requests = 0
main: port = 0
main: allow_core_dumps = no
main: log_stripped_names = no
main: log_file = "/var/log/radius.log"
main: log_auth = no
main: log_auth_badpass = no
main: log_auth_goodpass = no
main: pidfile = "/var/run/radiusd/radiusd.pid"
main: user = "(null)"
main: group = "(null)"
main: usercollide = no
main: lower_user = "no"
main: lower_pass = "no"
main: nospace_user = "no"
main: nospace_pass = "no"
main: checkrad = "/usr/local/sbin/checkrad"
main: proxy_requests = no
security: max_attributes = 200
security: reject_delay = 1
security: status_server = no
main: debug_level = 0
read_config_files:  reading dictionary
read_config_files:  reading naslist
Using deprecated naslist file.  Support for this will go away soon.
read_config_files:  reading clients
read_config_files:  reading realms
radiusd:  entering modules setup
Module: Library search path is /usr/local/lib
Module: Loaded exec
exec: wait = yes
exec: program = "(null)"
exec: input_pairs = "request"
exec: output_pairs = "(null)"
exec: packet_type = "(null)"
rlm_exec: Wait=yes but no output defined. Did you mean output=none?
Module: Instantiated exec (exec)
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded PAP
pap: encryption_scheme = "crypt"
pap: auto_header = yes
Module: Instantiated pap (pap)
Module: Loaded CHAP
Module: Instantiated chap (chap)
Module: Loaded MS-CHAP
mschap: use_mppe = yes
mschap: require_encryption = no
mschap: require_strong = no
mschap: with_ntdomain_hack = no
mschap: passwd = "(null)"
mschap: ntlm_auth = "(null)"
Module: Instantiated mschap (mschap)
Module: Loaded perl
perl: module = "/usr/abills/libexec/rlm_perl.pl"
perl: func_authorize = "authorize"
perl: func_authenticate = "authenticate"
perl: func_accounting = "accounting"
perl: func_preacct = "preacct"
perl: func_checksimul = "checksimul"
perl: func_detach = "detach"
perl: func_xlat = "xlat"
perl: func_pre_proxy = "pre_proxy"
perl: func_post_proxy = "post_proxy"
perl: func_post_auth = "post_auth"
perl: perl_flags = "(null)"
perl: func_start_accounting = "(null)"
perl: func_stop_accounting = "(null)"
Subroutine access_deny redefined at /usr/abills/libexec/rauth.pl line 254.
Reply-Message = "Unknow server ''"
Module: Instantiated perl (perl)
Module: Loaded preprocess
preprocess: huntgroups = "/usr/local/etc/raddb/huntgroups"
preprocess: hints = "/usr/local/etc/raddb/hints"
preprocess: with_ascend_hack = no
preprocess: ascend_channels_per_line = 23
preprocess: with_ntdomain_hack = no
preprocess: with_specialix_jetstream_hack = no
preprocess: with_cisco_vsa_hack = no
preprocess: with_alvarion_vsa_hack = no
Module: Instantiated preprocess (preprocess)
exec: wait = yes
exec: program = "/usr/abills/libexec/rauth.pl pre_auth"
exec: input_pairs = "request"
exec: output_pairs = "config"
exec: packet_type = "(null)"
Module: Instantiated exec (pre_auth)
Module: Loaded Acct-Unique-Session-Id
acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port"
Module: Instantiated acct_unique (acct_unique)
exec: wait = yes
exec: program = "/usr/abills/libexec/rauth.pl post_auth"
exec: input_pairs = "request"
exec: output_pairs = "config"
exec: packet_type = "(null)"
Module: Instantiated exec (post_auth)
Listening on authentication *:1812
Listening on accounting *:1813
Ready to process requests.
rad_recv: Access-Request packet from host 127.0.0.1:60138, id=147, length=194
        NAS-Identifier = "kvhoit02.delta.internal"
        NAS-IP-Address = 127.0.0.1
        Message-Authenticator = 0xaf8ae6e997dfe682431a9fee61ca472b
        NAS-Port = 1
        NAS-Port-Type = Virtual
        Service-Type = Framed-User
        Framed-Protocol = PPP
        Calling-Station-Id = "10.0.16.130"
        User-Name = "user"
        MS-CHAP-Challenge = 0xbb1e68e5f9f7e4075717f80a8b357f6c
        MS-CHAP2-Response = 0x010088f0b2f0147130c86acfc4a2720fceb90000000000000000f31d540213dbeb829e8d7c30249d93f0a18c14bfbce5fd0a
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
  modcall[authorize]: module "preprocess" returns ok for request 0
  rlm_mschap: Found MS-CHAP attributes.  Setting 'Auth-Type  = mschap'
  modcall[authorize]: module "mschap" returns ok for request 0
Exec-Program output: User-Password == "1234567890"
Exec-Program-Wait: value-pairs: User-Password == "1234567890"
Exec-Program: returned: 0
  modcall[authorize]: module "pre_auth" returns ok for request 0
Using perl at 0x2040c136
User-Password == "1234567890"rlm_perl: Added pair Session-Timeout = 7400
rlm_perl: Added pair MS-MPPE-Encryption-Types = 0x00000006
rlm_perl: Added pair Framed-IP-Address = 10.0.16.130
rlm_perl: Added pair Framed-IP-Netmask = 255.255.255.0
rlm_perl: Added pair MS-CHAP2-SUCCESS = 0x01533d33443836384642353943373731363832373033413345424542313032464630324331333133393835
rlm_perl: Added pair MS-MPPE-Encryption-Policy = 0x00000001
rlm_perl: Added pair User-Password = 1234567890
rlm_perl: Added pair Auth-Type = MS-CHAP
  modcall[authorize]: module "perl" returns ok for request 0
modcall: leaving group authorize (returns ok) for request 0
  rad_check_password:  Found Auth-Type MS-CHAP
auth: type "MS-CHAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group MS-CHAP for request 0
  rlm_mschap: Told to do MS-CHAPv2 for user with NT-Password
rlm_mschap: adding MS-CHAPv2 MPPE keys
  modcall[authenticate]: module "mschap" returns ok for request 0
modcall: leaving group MS-CHAP (returns ok) for request 0
Sending Access-Accept of id 147 to 127.0.0.1 port 60138
        Session-Timeout = 7400
        MS-MPPE-Encryption-Types = 0x00000006
        Framed-IP-Address = 10.0.16.130
        Framed-IP-Netmask = 255.255.255.0
        MS-CHAP2-Success = 0x01533d33443836384642353943373731363832373033413345424542313032464630324331333133393835
        MS-MPPE-Encryption-Policy = 0x00000001
        MS-CHAP2-Success = 0x01533d33443836384642353943373731363832373033413345424542313032464630324331333133393835
        MS-MPPE-Recv-Key = 0x2cf8a29211b4c2d80283be320f6fd808
        MS-MPPE-Send-Key = 0x83e7cc6d4768a3aea8dafe7abbb08b3e
        MS-MPPE-Encryption-Policy = 0x00000001
        MS-MPPE-Encryption-Types = 0x00000006
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Accounting-Request packet from host 127.0.0.1:62272, id=57, length=150
        NAS-Identifier = "kvhoit02.delta.internal"
        NAS-IP-Address = 127.0.0.1
        NAS-Port = 1
        NAS-Port-Type = Virtual
        Service-Type = Framed-User
        Framed-Protocol = PPP
        Calling-Station-Id = "10.0.16.130"
        Acct-Status-Type = Start
        Framed-IP-Address = 10.0.16.130
        Framed-IP-Netmask = 255.255.255.0
        User-Name = "user"
        Acct-Session-Id = "7130413-L-1"
        Acct-Multi-Session-Id = "7130413-B-1"
        Acct-Link-Count = 1
        Acct-Authentic = RADIUS
  Processing the preacct section of radiusd.conf
modcall: entering group preacct for request 1
  modcall[preacct]: module "preprocess" returns noop for request 1
rlm_acct_unique: Hashing 'NAS-Port = 1,Client-IP-Address = 127.0.0.1,NAS-IP-Address = 127.0.0.1,Acct-Session-Id = "7130413-L-1",User-Name = "user"'
rlm_acct_unique: Acct-Unique-Session-ID = "bc54217738bcfa2b".
  modcall[preacct]: module "acct_unique" returns ok for request 1
modcall: leaving group preacct (returns ok) for request 1
  Processing the accounting section of radiusd.conf
modcall: entering group accounting for request 1
Using perl at 0x2040c136
  modcall[accounting]: module "perl" returns ok for request 1
modcall: leaving group accounting (returns ok) for request 1
Sending Accounting-Response of id 57 to 127.0.0.1 port 62272
Finished request 1
Going to the next request
Cleaning up request 1 ID 57 with timestamp 4924862d
Waking up in 6 seconds...
rad_recv: Accounting-Request packet from host 127.0.0.1:53892, id=33, length=198
        NAS-Identifier = "kvhoit02.delta.internal"
        NAS-IP-Address = 127.0.0.1
        NAS-Port = 1
        NAS-Port-Type = Virtual
        Service-Type = Framed-User
        Framed-Protocol = PPP
        Calling-Station-Id = "10.0.16.130"
        Framed-IP-Address = 10.0.16.130
        Framed-IP-Netmask = 255.255.255.0
        User-Name = "user"
        Acct-Session-Id = "7130413-L-1"
        Acct-Multi-Session-Id = "7130413-B-1"
        Acct-Link-Count = 1
        Acct-Authentic = RADIUS
        Acct-Status-Type = Stop
        Acct-Terminate-Cause = Service-Unavailable
        Acct-Session-Time = 5
        Acct-Input-Octets = 180
        Acct-Input-Packets = 11
        Acct-Output-Octets = 150
        Acct-Output-Packets = 11
        Acct-Input-Gigawords = 0
        Acct-Output-Gigawords = 0
  Processing the preacct section of radiusd.conf
modcall: entering group preacct for request 2
  modcall[preacct]: module "preprocess" returns noop for request 2
rlm_acct_unique: Hashing 'NAS-Port = 1,Client-IP-Address = 127.0.0.1,NAS-IP-Address = 127.0.0.1,Acct-Session-Id = "7130413-L-1",User-Name = "user"'
rlm_acct_unique: Acct-Unique-Session-ID = "bc54217738bcfa2b".
  modcall[preacct]: module "acct_unique" returns ok for request 2
modcall: leaving group preacct (returns ok) for request 2
  Processing the accounting section of radiusd.conf
modcall: entering group accounting for request 2
Using perl at 0x2040c136
  modcall[accounting]: module "perl" returns ok for request 2
modcall: leaving group accounting (returns ok) for request 2
Sending Accounting-Response of id 33 to 127.0.0.1 port 53892
Finished request 2
Going to the next request
--- Walking the entire request list ---
Cleaning up request 2 ID 33 with timestamp 49248630
Waking up in 3 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 147 with timestamp 4924862d
Nothing to do.  Sleeping until we see a request.


Я там понимаю соединение збрасывает МПД... почему? Помогите

Высказать мнение | Ответить | Правка | Cообщить модератору

 Оглавление

Сообщения по теме [Сортировка по времени | RSS]


1. "MPD 5.0b1 + FreeRADIUS Version 1.1.7"  
Сообщение от pawko (ok) on 19-Ноя-08, 21:47 
все как написано здесь зделал... не помогло (http://www.abills.net.ua/wiki/doku.php?id=abills:docs:mschap...)
Вот конфиги радиуса и мпд...

MPD -
#################################################################
#
#       MPD configuration file
#
# This file defines the configuration for mpd: what the
# bundles are, what the links are in those bundles, how
# the interface should be configured, various PPP parameters,
# etc. It contains commands just as you would type them
# in at the console. Lines without padding are labels. Lines
# starting with a "#" are comments.
#
# $Id: mpd.conf.sample,v 1.41 2007/10/05 17:42:52 amotin Exp $
#
#################################################################

startup:
        # configure the console
        # enable TCP-Wrapper (hosts_access(5)) to block unfriendly clients
        set global enable tcp-wrapper
        set console self 10.0.16.10 5005
        set console user pahan admin
        #set console user foo1 bar1
        set console open
        # configure the web server
        #set web self 0.0.0.0 5006
        #set web user foo bar
        #set web open

####################################################################
#Netflow options
#        set netflow peer %MPD_NETFLOW_IP% %MPD_NETFLOW_PORT%
#        set netflow self %MPD_NETFLOW_SOURCE_IP% %MPD_NETFLOW_SOURCE_PORT%
#        set netflow timeouts 15 15
#        set netflow hook 9000
#        #set netflow node netflow

#####################################################################
#
# Default configuration is "dialup"

default:
        load pptp_server

dialup:
#
# Example of a simple PPP dialup account using modem device.
# This will connect whenever there is outgoing demand (DoD), and hangup
# after a 15 minute idle time. It also connects and disconnects
# when signals SIGUSR1 and SIGUSR2 are received, respectively.
#
# Note the "set iface addrs ..." is needed because we're doing
# dial-on-demand and therefore can't wait for the peer to assign
# us IP addresses for the interface. These can be completely phoney
# IP addresses.
#
# We also enable the idle-script "Ringback", which means if we're
# not connected and we detect an incoming call, we don't answer it
# BUT we do initiate a call to the ISP to get connected. This is
# nice to connect yourself when you're away from home, etc.
# Create static modem link named L1
#       create link static L1 modem
# Configure modem
        set modem device /dev/cuad0
        set modem var $DialPrefix "DT"
        set modem var $Telephone "1-415-555-1212"
        set modem script DialPeer
        set modem idle-script Ringback
# We expect to be authenticated by peer using any protocol.
        set link disable chap pap
        set link accept chap pap
# Configure the account name. Password will be taken from mpd.secret.
        set auth authname MyLogin
# To make Ringback work we should specify how to handle "incoming"
# calls originated by it.
        set link action bundle B1
        set link enable incoming

# Create static bundle named B1
        create bundle static B1
# Enumerate links participating in DoD
        set bundle links L1
# Configure the interface: dial on demand, default route, idle timeout.
        set iface addrs 1.1.1.1 2.2.2.2
        set iface route default
        set iface enable on-demand
        set iface idle 900

# "Open" interface (but don't actually dial until there's demand)
        open iface

dialin:
#
# This setup answers incoming calls from a remote peer,
# but is not intended for dialing out.
#
# The local IP address is 1.1.1.1 and the remote is 2.2.2.2.
#

#       create bundle static B1
        set iface idle 900
        set ipcp ranges 1.1.1.1/32 2.2.2.2/32

        create link static L1 modem
# Set bundle to use
        set link action bundle B1
# Authenticate peer with chap-md5
        set link no chap pap eap
        set link enable chap-md5
# Configure modem
        set modem device /dev/cuad0
        set modem var $DialPrefix "DT"
        set modem idle-script AnswerCall
# Permit incoming calls using this link
        set link enable incoming

multi_dialup:
#
# Example of a multi-link dialup setup, using links "usr1" and "usr2"
# Similar to the first example, but uses two links together, and
# does not do dial-on-demand.
#

# Create clonable bundle template
        create bundle template B
        set iface route default
        set iface idle 900

# Create links and open them
        create link static L1 modem
        load common
        set modem device /dev/cuad0
        open

        create link static L2 modem
        load common
        set modem device /dev/cuad1
        open

common:
# Enable multilink protocol
        set link enable multilink
# Set bundle template to use
        set link action bundle B
# Allow peer to authenticate us
        set link disable chap pap
        set link accept chap pap
        set auth authname MyLogin
# Set inifinite redial attempts
        set link max-redial 0
        set modem var $DialPrefix "DT"
        set modem var $Telephone "1-415-555-1212"
        set modem script DialPeer

sync:
#
# Dedicated synchronous line using netgraph link.
# The remote router is connected to the 192.168.2.0/24 subnet.
# No authentication required.
#

        create bundle static B1
        set iface route 192.168.2.0/24
        set ipcp ranges 192.168.1.153/32 192.168.2.1/24

        create link static L1 ng
        set link action bundle B1
        set link max-redial 0
        set link no chap pap
        set ng node sr0:
        set ng hook rawdata
        open

pptp_server:
#
# Mpd as a PPTP server compatible with Microsoft Dial-Up Networking clients.
#
# Suppose you have a private Office LAN numbered 192.168.1.0/24 and the
# machine running mpd is at 192.168.1.1, and also has an externally visible
# IP address of 1.2.3.4.
#
# We want to allow a client to connect to 1.2.3.4 from out on the Internet
# via PPTP.  We will assign that client the address 192.168.1.50 and proxy-ARP
# for that address, so the virtual PPP link will be numbered 192.168.1.1 local
# and 192.168.1.50 remote.  From the client machine's perspective, it will
# appear as if it is actually on the 192.168.1.0/24 network, even though in
# reality it is somewhere far away out on the Internet.
#
# Our DNS server is at 192.168.1.3 and our NBNS (WINS server) is at 192.168.1.4.
# If you don't have an NBNS server, leave that line out.
#

# Define dynamic IP address pool.
        set ippool add pool1 10.1.0.1   10.1.255.255

# Create clonable bundle template named B
        create bundle template B
        set iface enable proxy-arp
        set iface idle 1800
        set iface enable tcpmssfix
        set iface up-script "/usr/abills/libexec/linkupdown mpd up"
        set iface down-script "/usr/abills/libexec/linkupdown mpd down"
        set ipcp yes vjcomp
# Specify IP address pool for dynamic assigment.
        set ipcp ranges 10.1.100.1/32 ippool pool1
        set ipcp dns 10.0.31.1
#       set ipcp nbns 192.168.1.4
# The five lines below enable Microsoft Point-to-Point encryption
# (MPPE) using the ng_mppc(8) netgraph node type.
        set bundle enable compression
        set ccp yes mppc
        set ccp yes mpp-e40
        set ccp yes mpp-e128
        set ccp yes mpp-stateless

# Create clonable link template named L
        create link template L pptp
# Set bundle template to use
        set link action bundle B
# Multilink adds some overhead, but gives full 1500 MTU.
        set link enable multilink
        set link yes acfcomp protocomp
        set link no pap chap
        set link enable chap
# We can use use RADIUS authentication/accounting by including
# another config section with label 'radius'.
        load radius
        set link keep-alive 10 60
# We reducing link mtu to avoid GRE packet fragmentation.
        set link mtu 1460
# Configure PPTP
        set pptp self 10.0.16.10
# Allow to accept calls
        set link enable incoming
pptp_vpn:
#
# Mpd using PPTP for LAN to LAN VPN, always connected.
#
# Suppose you have a private Office LAN numbered 192.168.1.0/24 and another
# remote private Office LAN numbered 192.168.2.0/24, and you wanted to route
# between these two private networks using a PPTP VPN over the Internet.
#
# You run mpd on dual-homed machines on either end. Say the local machine
# has internal address 192.168.1.1 and externally visible address 1.2.3.4,
# and the remote machine has internal address 192.168.2.1 and externally
# visible address 2.3.4.5.
#
# Note: mpd does not support the peer's "inside" IP address being the same
# as its "outside" IP address. In the above example, this means that
# 192.168.2.1 != 2.3.4.5.
#
# The "inside" IP addresses are configured by "set ipcp ranges ..."
# (in mpd.conf) while the "outside" IP addreses are configured by
# "set pptp self ..." and "set pptp peer ...".
#

        create bundle static B1
        set ipcp ranges 192.168.1.1/32 192.168.2.1/32
        set iface route 192.168.2.0/24
# Enable Microsoft Point-to-Point encryption (MPPE)
        set bundle enable compression
        set ccp yes mppc
        set ccp yes mpp-e40
        set ccp yes mpp-e128
        set bundle enable crypt-reqd
        set ccp yes mpp-stateless

        create link static L1 pptp
        set link action bundle B1
# Enable both sides to authenticat each other with CHAP
        set link no pap
        set link yes chap
        set auth authname "VpnLogin"
        set auth password "VpnPassword"
        set link mtu 1460
        set link keep-alive 10 75
        set link max-redial 0
# Configure PPTP and open link
        set pptp self 1.2.3.4
        set pptp peer 2.3.4.5
        set link enable incoming
        open

pptp_client:
#
# PPTP client: only outgoing calls, auto reconnect,
# ipcp-negotiated address, one-sided authentication,
# default route points on ISP's end
#

        create bundle static B1
        set iface route default
        set ipcp ranges 0.0.0.0/0 0.0.0.0/0
  create link static L1 pptp
        set link action bundle B1
        set auth authname MyLogin
        set auth password MyPass
        set link max-redial 0
        set link mtu 1460
        set link keep-alive 20 75
        set pptp peer 1.2.3.4
        set pptp disable windowing
        open

pppoe_server:
#
# Multihomed multilink PPPoE server
#

# Create clonable bundle template
        create bundle template B
# Set IP addresses. Peer address will be later replaced by RADIUS.
        set ipcp ranges 10.1.16.0/32 10.1.16.400/32

# Create link template with common info
        create link template common pppoe
# Enable multilink protocol
        set link enable multilink
# Set bundle template to use
        set link action bundle B
# Enable peer authentication
        set link disable chap pap eap
        set link enable pap
        load radius
        set pppoe service "superisp"

# Create templates for ifaces to listen using 'common' template and let them go
        create link template fxp0 common
        set pppoe iface fxp0
        set link enable incoming

        create link template fxp1 common
        set pppoe iface fxp1
        set link enable incoming

pppoe_client:
#
# PPPoE client: only outgoing calls, auto reconnect,
# ipcp-negotiated address, one-sided authentication,
# default route points on ISP's end
#

        create bundle static B1
        set iface route default
        set ipcp ranges 0.0.0.0/0 0.0.0.0/0

        create link static L1 pppoe
        set link action bundle B1
        set auth authname MyLogin
        set auth password MyPass
        set link max-redial 0
        set link mtu 1460
        set link keep-alive 10 60
        set pppoe iface fxp0
        set pppoe service ""
        open

radius:
# You can use radius.conf(5), its useful, because you can share the
# same config with userland-ppp and other apps.
        set radius config /etc/radiusd.conf
# or specify the server directly here
        set radius server 127.0.0.1 radsecret 1812 1813
        set radius retries 3
        set radius timeout 10
# send the given IP in the RAD_NAS_IP_ADDRESS attribute to the server.
        set radius me 127.0.0.1
# send accounting updates every 5 minutes
        set auth acct-update 300
# enable RADIUS, and fallback to mpd.secret, if RADIUS auth failed
        set auth enable radius-auth
# enable RADIUS accounting
        set auth enable radius-acct
# protect our requests with the message-authenticator
        set radius enable message-authentic

simple_lac:
#
# This is a simple L2TP access concentrator which receives PPPoE calls
# and forwards them to LNS on 1.2.3.4
#

        create link template L1 pppoe
        set pppoe iface fxp0
        set link action forward L2
        set link enable incoming

        create link template L2 l2tp
        set l2tp peer 1.2.3.4

complete_lac:
#
# This is more complicated L2TP access concentrator which receives PPPoE calls
# and if peer auth name includes @corp1.net forwards them to LNS on 1.2.3.4,
# if peer auth name includes @corp2.net forwards them to LNS on 2.3.4.5
# all other connections processes itself localy using internal auth and
# assigning dynamic IP from specified pool.
#

        set ippool add pool1 192.168.1.50 192.168.1.99

        create link template L1 pppoe
        set pppoe iface fxp0
# We must ask authentication to get peer login
        set link no pap chap eap
        set link enable pap
        set link action forward L2 "@corp1\\.net$"
        set link action forward L3 "@corp2\\.net$"
        set link action bundle B1
        set link enable incoming

        create link template L2 l2tp
        set l2tp peer 1.2.3.4
        set l2tp secret corp1secret

        create link template L3 l2tp
        set l2tp peer 2.3.4.5
        set l2tp secret corp2secret

        create bundle template B1
        set ipcp ranges 192.168.1.1/32 ippool pool1


Freeradius -
# FreeRADIUS Version 1.1.5, for host i386-portbld-freebsd6.2
prefix = /usr/local
exec_prefix = ${prefix}
sysconfdir = ${prefix}/etc
localstatedir = /var
sbindir = ${exec_prefix}/sbin
logdir = /var/log
raddbdir = ${sysconfdir}/raddb
radacctdir = ${logdir}/radacct

#  Location of config and logfiles.
confdir = ${raddbdir}
run_dir = ${localstatedir}/run/radiusd
log_file = ${logdir}/radius.log

libdir = ${exec_prefix}/lib
pidfile = ${run_dir}/radiusd.pid
#user = nobody
#group = nobody

#  max_request_time: The maximum time (in seconds) to handle a request.
#
#  Requests which take more time than this to process may be killed, and
#  a REJECT message is returned.
#
#  WARNING: If you notice that requests take a long time to be handled,
#  then this MAY INDICATE a bug in the server, in one of the modules
#  used to handle a request, OR in your local configuration.
#
#  This problem is most often seen when using an SQL database.  If it takes
#  more than a second or two to receive an answer from the SQL database,
#  then it probably means that you haven't indexed the database.  See your
#  SQL server documentation for more information.
#
#  Useful range of values: 5 to 120
#
max_request_time = 30

#  delete_blocked_requests: If the request takes MORE THAN 'max_request_time'
#  to be handled, then maybe the server should delete it.
#
#  If you're running in threaded, or thread pool mode, this setting
#  should probably be 'no'.  Setting it to 'yes' when using a threaded
#  server MAY cause the server to crash!
#
delete_blocked_requests = no

#  cleanup_delay: The time to wait (in seconds) before cleaning up
#  a reply which was sent to the NAS.
#
#  The RADIUS request is normally cached internally for a short period
#  of time, after the reply is sent to the NAS.  The reply packet may be
#  lost in the network, and the NAS will not see it.  The NAS will then
#  re-send the request, and the server will respond quickly with the
#  cached reply.
#
#  If this value is set too low, then duplicate requests from the NAS
#  MAY NOT be detected, and will instead be handled as seperate requests.
#
#  If this value is set too high, then the server will cache too many
#  requests, and some new requests may get blocked.  (See 'max_requests'.)
#
#  Useful range of values: 2 to 10
#
cleanup_delay = 5

#  max_requests: The maximum number of requests which the server keeps
#  track of.  This should be 256 multiplied by the number of clients.
#  e.g. With 4 clients, this number should be 1024.
#
#  If this number is too low, then when the server becomes busy,
#  it will not respond to any new requests, until the 'cleanup_delay'
#  time has passed, and it has removed the old requests.
#
#  If this number is set too high, then the server will use a bit more
#  memory for no real benefit.
#
#  If you aren't sure what it should be set to, it's better to set it
#  too high than too low.  Setting it to 1000 per client is probably
#  the highest it should be.
#
#  Useful range of values: 256 to infinity
#
max_requests = 2048
bind_address = *
port = 0

#listen {
        #  IP address on which to listen.
        #  Allowed values are:
        #       dotted quad (1.2.3.4)
        #       hostname    (radius.example.com)
        #       wildcard    (*)
#       ipaddr = *

        #  Port on which to listen.
        #  Allowed values are:
        #       integer port number (1812)
        #       0 means "use /etc/services for the proper port"
#       port = 0

        #  Type of packets to listen for.
        #  Allowed values are:
        #       auth    listen for authentication packets
        #       acct    listen for accounting packets
        #
#       type = auth
#}


hostname_lookups = no
allow_core_dumps = no
regular_expressions     = yes
extended_expressions    = yes
log_stripped_names = no
log_auth = no
log_auth_badpass = no
log_auth_goodpass = no
usercollide = no
lower_user = no
lower_pass = no
nospace_user = no
nospace_pass = no
#  The program to execute to do concurrency checks.
checkrad = ${sbindir}/checkrad

security {
        max_attributes = 200
        reject_delay = 1
        status_server = no
}

proxy_requests  = no
#$INCLUDE  ${confdir}/proxy.conf
$INCLUDE  ${confdir}/clients.conf
snmp    = no
#$INCLUDE  ${confdir}/snmp.conf


# THREAD POOL CONFIGURATION
#
#  The thread pool is a long-lived group of threads which
#  take turns (round-robin) handling any incoming requests.
#
#  You probably want to have a few spare threads around,
#  so that high-load situations can be handled immediately.  If you
#  don't have any spare threads, then the request handling will
#  be delayed while a new thread is created, and added to the pool.
#
#  You probably don't want too many spare threads around,
#  otherwise they'll be sitting there taking up resources, and
#  not doing anything productive.
#
#  The numbers given below should be adequate for most situations.
#
thread pool {
        #  Number of servers to start initially --- should be a reasonable
        #  ballpark figure.
        start_servers = 5

        #  Limit on the total number of servers running.
        #
        #  If this limit is ever reached, clients will be LOCKED OUT, so it
        #  should NOT BE SET TOO LOW.  It is intended mainly as a brake to
        #  keep a runaway server from taking the system with it as it spirals
        #  down...
        #
        #  You may find that the server is regularly reaching the
        #  'max_servers' number of threads, and that increasing
        #  'max_servers' doesn't seem to make much difference.
        #
        #  If this is the case, then the problem is MOST LIKELY that
        #  your back-end databases are taking too long to respond, and
        #  are preventing the server from responding in a timely manner.
        #
        #  The solution is NOT do keep increasing the 'max_servers'
        #  value, but instead to fix the underlying cause of the
        #  problem: slow database, or 'hostname_lookups=yes'.
        #
        #  For more information, see 'max_request_time', above.
        #
        max_servers = 32

        #  Server-pool size regulation.  Rather than making you guess
        #  how many servers you need, FreeRADIUS dynamically adapts to
        #  the load it sees, that is, it tries to maintain enough
        #  servers to handle the current load, plus a few spare
        #  servers to handle transient load spikes.
        #
        #  It does this by periodically checking how many servers are
        #  waiting for a request.  If there are fewer than
        #  min_spare_servers, it creates a new spare.  If there are
        #  more than max_spare_servers, some of the spares die off.
        #  The default values are probably OK for most sites.
        #
        min_spare_servers = 3
        max_spare_servers = 10

        #  There may be memory leaks or resource allocation problems with
        #  the server.  If so, set this value to 300 or so, so that the
        #  resources will be cleaned up periodically.
        #
        #  This should only be necessary if there are serious bugs in the
        #  server which have not yet been fixed.
        #
        #  '0' is a special value meaning 'infinity', or 'the servers never
        #  exit'
        max_requests_per_server = 0
}

modules {
        exec pre_auth {
                wait = yes
                program = "/usr/abills/libexec/rauth.pl pre_auth"
                input_pairs = request
                output_pairs = config
        }
        exec post_auth {
                wait = yes
                program = "/usr/abills/libexec/rauth.pl post_auth"
                input_pairs = request
                output_pairs = config
        }
        perl {
                module = /usr/abills/libexec/rlm_perl.pl
                func_authorize = authorize
                func_accounting = accounting
                func_authenticate = authenticate
                func_preacct = preacct
                func_checksimul = checksimul
                func_xlat = xlat
        }
        pap {
                auto_header = yes
        }
        chap {
                authtype = CHAP
        }

        pam {
                pam_auth = radiusd
        }


#$INCLUDE ${confdir}/eap.conf

        mschap {
                #use_mppe = no
                #require_encryption = yes
                #require_strong = yes
                #with_ntdomain_hack = no
                #ntlm_auth = "/path/to/ntlm_auth --request-nt-key --username=%{Stripped-User-Name:-%{User-Name:-None}} --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}"
        }

        checkval {
                # The attribute to look for in the request
                item-name = Calling-Station-Id

                # The attribute to look for in check items. Can be multi valued
                check-name = Calling-Station-Id

                # The data type. Can be
                # string,integer,ipaddr,date,abinary,octets
                data-type = string

                # If set to yes and we dont find the item-name attribute in the
                # request then we send back a reject
                # DEFAULT is no
                #notfound-reject = no
        }

        preprocess {
                huntgroups = ${confdir}/huntgroups
                hints = ${confdir}/hints
                with_ascend_hack = no
                ascend_channels_per_line = 23
                with_ntdomain_hack = no
                with_specialix_jetstream_hack = no

                # Cisco (and Quintum in Cisco mode) sends it's VSA attributes
                # with the attribute name *again* in the string, like:
                #
                #   H323-Attribute = "h323-attribute=value".
                #
                # If this configuration item is set to 'yes', then
                # the redundant data in the the attribute text is stripped
                # out.  The result is:
                #
                #  H323-Attribute = "value"
                #
                # If you're not running a Cisco or Quintum NAS, you don't
                # need this hack.
                with_cisco_vsa_hack = no
        }

#       files {
#               usersfile = ${confdir}/users
#               acctusersfile = ${confdir}/acct_users
#               preproxy_usersfile = ${confdir}/preproxy_users
#               compat = no
#       }

        detail {
                detailfile = ${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d
                detailperm = 0600
                #suppress {
                        # User-Password
                #}
        }

        # detail auth_log {
                # detailfile = ${radacctdir}/%{Client-IP-Address}/auth-detail-%Y%m%d

                #
                #  This MUST be 0600, otherwise anyone can read
                #  the users passwords!
                # detailperm = 0600
        # }
        # detail reply_log {
                # detailfile = ${radacctdir}/%{Client-IP-Address}/reply-detail-%Y%m%d

                #
                #  This MUST be 0600, otherwise anyone can read
                #  the users passwords!
                # detailperm = 0600
        # }

        acct_unique {
                key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port"
        }

#       attr_filter {
#               attrsfile = ${confdir}/attrs
#       }

        expr {
        }

        exec {
                wait = yes
                input_pairs = request
        }

}

instantiate {
        exec
        expr
}
authorize {
        preprocess
        pre_auth
        mschap
#       files
        #eap
        perl
}


authenticate {
        Auth-Type PAP {
                pap
        }
        Auth-Type CHAP {
                chap
        }
        Auth-Type MS-CHAP {
                mschap
        }
# don't use simultaneously 'perl' and files
       perl
        #eap
}


preacct {
        preprocess
        acct_unique
}

accounting {
# don't use simultaneously 'perl' and files
       perl
       #detail
}

session {
#       radutmp
#       sql
}


post-auth {
        Post-Auth-Type REJECT {
                post_auth
        }

}

Высказать мнение | Ответить | Правка | Наверх | Cообщить модератору

2. "MPD 5.0b1 + FreeRADIUS Version 1.1.7"  
Сообщение от pawko (ok) on 20-Ноя-08, 14:35 
:up
Высказать мнение | Ответить | Правка | Наверх | Cообщить модератору

3. "MPD 5.0b1 + FreeRADIUS Version 1.1.7"  
Сообщение от sdfg on 27-Апр-09, 12:53 
>:up

down

Высказать мнение | Ответить | Правка | Наверх | Cообщить модератору

4. "MPD 5.0b1 + FreeRADIUS Version 1.1.7"  
Сообщение от sdfg on 27-Апр-09, 17:07 
set bundle enable compression
попробуй отключить компрессию, у самого просто была похожая фигня, помогло отключение.
Высказать мнение | Ответить | Правка | Наверх | Cообщить модератору

Архив | Удалить

Индекс форумов | Темы | Пред. тема | След. тема
Оцените тред (1=ужас, 5=супер)? [ 1 | 2 | 3 | 4 | 5 ] [Рекомендовать для помещения в FAQ]




Спонсоры:
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей
Created 1996-2020 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру