Jump to content

Freeradius и Mikrotik+PPPoE


Nedelin

Recommended Posts

Здравейте,

Наи-напред да подчертая, За първи път се сблъсквам с радиус сървър.

Пуснах фреерадиус на дебиан 5. Микротик се свързва с радиуса но PPPoE акаунта не се закача.

Какъв може да е проблема.

Добавям извадка от фреерадиуса:


rad_recv: Access-Request packet from host 95.158.137.194 port 1035, id=204, length=185

        Service-Type = Framed-User

        Framed-Protocol = PPP

        NAS-Port = 5558

        NAS-Port-Type = Ethernet

        User-Name = "nedelin"

        Calling-Station-Id = "00:90:27:CB:A7:83"

        Called-Station-Id = "PPPoE"

        NAS-Port-Id = "LAN"

        MS-CHAP-Challenge = 0xd6d759261284c099131309676c80d445

        MS-CHAP2-Response = 0x01004959f5013f43df17e552cdb87a427a800000000000000000363702cb009d28f1b0c6b1584418334c1bdf9b228998cafb

        NAS-Identifier = "359-net.com"

        NAS-IP-Address = 95.158.137.194

+- entering group authorize

++[chap] returns noop

  rlm_mschap: Found MS-CHAP attributes.  Setting 'Auth-Type  = mschap'

++[mschap] returns ok

        expand: %{User-Name} -> nedelin

rlm_sql (sql): sql_set_user escaped user --> 'nedelin'

rlm_sql (sql): Reserving sql socket id: 3

        expand: SELECT id, UserName, Attribute, Value, op           FROM radcheck           WHERE Username = '%{SQL-User-Name}'           ORDER BY id -> SELECT id, UserName, Attribute, Value, op           FROM radcheck           WHERE Username = 'nedelin'           ORDER BY id

rlm_sql (sql): User found in radcheck table

        expand: SELECT id, UserName, Attribute, Value, op           FROM radreply           WHERE Username = '%{SQL-User-Name}'           ORDER BY id -> SELECT id, UserName, Attribute, Value, op           FROM radreply           WHERE Username = 'nedelin'           ORDER BY id

        expand: SELECT GroupName FROM usergroup WHERE UserName='%{SQL-User-Name}' -> SELECT GroupName FROM usergroup WHERE UserName='nedelin'

        expand: SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op  FROM radgroupcheck,usergroup WHERE usergroup.Username = '%{SQL-User-Name}' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id -> SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op  FROM radgroupcheck,usergroup WHERE usergroup.Username = 'nedelin' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id

rlm_sql (sql): User found in group 5.5Mbps

        expand: SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op  FROM radgroupreply,usergroup WHERE usergroup.Username = '%{SQL-User-Name}' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id -> SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op  FROM radgroupreply,usergroup WHERE usergroup.Username = 'nedelin' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id

rlm_sql (sql): Released sql socket id: 3

++[sql] returns ok

  rad_check_password:  Found Auth-Type mschap

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

!!!    Replacing User-Password in config items with Cleartext-Password.     !!!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

!!! Please update your configuration so that the "known good"               !!!

!!! clear text password is in Cleartext-Password, and not in User-Password. !!!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

auth: type "MSCHAP"

+- entering group MS-CHAP

  rlm_mschap: Told to do MS-CHAPv2 for nedelin with NT-Password

++[mschap] returns ok

Login OK: [nedelin/<via Auth-Type = mschap>] (from client SingleRouter port 5558 cli 00:90:27:CB:A7:83)

+- entering group post-auth

rlm_sql (sql): Processing sql_postauth

        expand: %{User-Name} -> nedelin

rlm_sql (sql): sql_set_user escaped user --> 'nedelin'

WARNING: Deprecated conditional expansion ":-".  See "man unlang" for details

        expand: INSERT into radpostauth (id, username, pass, reply, authdate) values ('', '%{User-Name}', '%{User-Password:-Chap-Password}', '%{reply:Packet-Type}', NOW()) -> INSERT into radpostauth (id, username, pass, reply, authdate) values ('', 'nedelin', 'Chap-Password', 'Access-Accept', NOW())

rlm_sql (sql) in sql_postauth: query is INSERT into radpostauth (id, username, pass, reply, authdate) values ('', 'nedelin', 'Chap-Password', 'Access-Accept', NOW())

rlm_sql (sql): Reserving sql socket id: 2

rlm_sql (sql): Released sql socket id: 2

++[sql] returns ok

Sending Access-Accept of id 204 to 95.158.137.194 port 1035

        Framed-IP-Address = 10.0.240.140

        Mikrotik-Rate-Limit = "2200000/5500000"

        Session-Timeout = 84800

        Framed-Protocol = PPP

        Service-Type = Framed-User

        Framed-Route = "10.0.240.1"

        MS-CHAP2-Success = 0x01533d31334634334632444242443037374530354332323343433646454132394245383041454433323942

Finished request 53.

Going to the next request

Waking up in 4.9 seconds.

rad_recv: Access-Request packet from host 95.158.137.194 port 1035, id=204, length=185

Sending duplicate reply to client SingleRouter port 1035 - ID: 204

Sending Access-Accept of id 204 to 95.158.137.194 port 1035

Waking up in 4.6 seconds.

rad_recv: Access-Request packet from host 95.158.137.194 port 1035, id=204, length=185

Sending duplicate reply to client SingleRouter port 1035 - ID: 204

Sending Access-Accept of id 204 to 95.158.137.194 port 1035

Waking up in 4.3 seconds.

Link to comment
Share on other sites

Понеже не знам каква информация да ви дам, ме питайте конкретно.

Поздрави!!!

Link to comment
Share on other sites

Сега си виждам грешката.


+- entering group post-auth

rlm_sql (sql): Processing sql_postauth

        expand: %{User-Name} -> nedelin

rlm_sql (sql): sql_set_user escaped user --> 'nedelin'

WARNING: Deprecated conditional expansion ":-".  See "man unlang" for details

        expand: INSERT into radpostauth (id, username, pass, reply, authdate) values ('', '%{User-Name}', '%{User-Password:-Chap-Password}', '%{reply:Packet-Type}', NOW()) -> INSERT into radpostauth (id, username, pass, reply, authdate) values ('', 'nedelin', 'Chap-Password', 'Access-Accept', NOW())

rlm_sql (sql) in sql_postauth: query is INSERT into radpostauth (id, username, pass, reply, authdate) values ('', 'nedelin', 'Chap-Password', 'Access-Accept', NOW())

rlm_sql (sql): Reserving sql socket id: 2


В таблицата "radpostauth" на "pass", какво трябва да се пише. Мисля че '%{User-Password:-Chap-Password}' е грешка. Но какво трява да е точно?

Link to comment
Share on other sites

Не знам къде греша, но започна да ми писва от тъпя радиус. Какво ли не пробвах не ще и не ще. Радиуса пише е върнал отговор на микротика но нищо не сработва. Микротика е настроен правилно. Имам фаируол на димитрии, спирах го но и от него не е проблема, незнам вече. 

Моля ви помогнете!!!

Поздрави!!!!

Link to comment
Share on other sites

  • Administrator

порта на микротик радиуса отворен ли е ?

Харесай поста ^^^
acer.gif htc.gifsigpic4024_2.gif

Форумът е за взаимопомощ а не за свършване на чужда работа


ɹɐǝɥ uɐɔ noʎ ǝɹoɯ ǝɥʇ 'ǝɯoɔǝq noʎ ɹǝʇǝınb ǝɥʇ

Link to comment
Share on other sites

порта на микротик радиуса отворен ли е ?

Ами отворени са. 1812 и 1813 трябва да са отворени, няма какво да ги затваря (от кък firewall). Иначе на радиус в микротика са си насторени портове, ИП, сикрет, глупости и т.н.

Link to comment
Share on other sites

  • Administrator
Харесай поста ^^^
acer.gif htc.gifsigpic4024_2.gif

Форумът е за взаимопомощ а не за свършване на чужда работа


ɹɐǝɥ uɐɔ noʎ ǝɹoɯ ǝɥʇ 'ǝɯoɔǝq noʎ ɹǝʇǝınb ǝɥʇ

Link to comment
Share on other sites

Тези теми са първото което открих. И по тях съм го правил. В лога на микротика пише само че радиус сервера не отгораря (timeout ...)  ....

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.