Freeradius и Mikrotik+PPPoE

[Nedelin]

Здравейте,

Наи-напред да подчертая, За първи път се сблъсквам с радиус сървър.

Пуснах фреерадиус на дебиан 5. Микротик се свързва с радиуса но PPPoE акаунта не се закача.

Какъв може да е проблема.

Добавям извадка от фреерадиуса:

rad_recv: Access-Request packet from host 95.158.137.194 port 1035, id=204, length=185

        Service-Type = Framed-User

        Framed-Protocol = PPP

        NAS-Port = 5558

        NAS-Port-Type = Ethernet

        User-Name = "nedelin"

        Calling-Station-Id = "00:90:27:CB:A7:83"

        Called-Station-Id = "PPPoE"

        NAS-Port-Id = "LAN"

        MS-CHAP-Challenge = 0xd6d759261284c099131309676c80d445

        MS-CHAP2-Response = 0x01004959f5013f43df17e552cdb87a427a800000000000000000363702cb009d28f1b0c6b1584418334c1bdf9b228998cafb

        NAS-Identifier = "359-net.com"

        NAS-IP-Address = 95.158.137.194

+- entering group authorize

++[chap] returns noop

  rlm_mschap: Found MS-CHAP attributes.  Setting 'Auth-Type  = mschap'

++[mschap] returns ok

        expand: %{User-Name} -> nedelin

rlm_sql (sql): sql_set_user escaped user --> 'nedelin'

rlm_sql (sql): Reserving sql socket id: 3

        expand: SELECT id, UserName, Attribute, Value, op           FROM radcheck           WHERE Username = '%{SQL-User-Name}'           ORDER BY id -> SELECT id, UserName, Attribute, Value, op           FROM radcheck           WHERE Username = 'nedelin'           ORDER BY id

rlm_sql (sql): User found in radcheck table

        expand: SELECT id, UserName, Attribute, Value, op           FROM radreply           WHERE Username = '%{SQL-User-Name}'           ORDER BY id -> SELECT id, UserName, Attribute, Value, op           FROM radreply           WHERE Username = 'nedelin'           ORDER BY id

        expand: SELECT GroupName FROM usergroup WHERE UserName='%{SQL-User-Name}' -> SELECT GroupName FROM usergroup WHERE UserName='nedelin'

        expand: SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op  FROM radgroupcheck,usergroup WHERE usergroup.Username = '%{SQL-User-Name}' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id -> SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op  FROM radgroupcheck,usergroup WHERE usergroup.Username = 'nedelin' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id

rlm_sql (sql): User found in group 5.5Mbps

        expand: SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op  FROM radgroupreply,usergroup WHERE usergroup.Username = '%{SQL-User-Name}' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id -> SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op  FROM radgroupreply,usergroup WHERE usergroup.Username = 'nedelin' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id

rlm_sql (sql): Released sql socket id: 3

++[sql] returns ok

  rad_check_password:  Found Auth-Type mschap

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

!!!    Replacing User-Password in config items with Cleartext-Password.     !!!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

!!! Please update your configuration so that the "known good"               !!!

!!! clear text password is in Cleartext-Password, and not in User-Password. !!!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

auth: type "MSCHAP"

+- entering group MS-CHAP

  rlm_mschap: Told to do MS-CHAPv2 for nedelin with NT-Password

++[mschap] returns ok

Login OK: [nedelin/<via Auth-Type = mschap>] (from client SingleRouter port 5558 cli 00:90:27:CB:A7:83)

+- entering group post-auth

rlm_sql (sql): Processing sql_postauth

        expand: %{User-Name} -> nedelin

rlm_sql (sql): sql_set_user escaped user --> 'nedelin'

WARNING: Deprecated conditional expansion ":-".  See "man unlang" for details

        expand: INSERT into radpostauth (id, username, pass, reply, authdate) values ('', '%{User-Name}', '%{User-Password:-Chap-Password}', '%{reply:Packet-Type}', NOW()) -> INSERT into radpostauth (id, username, pass, reply, authdate) values ('', 'nedelin', 'Chap-Password', 'Access-Accept', NOW())

rlm_sql (sql) in sql_postauth: query is INSERT into radpostauth (id, username, pass, reply, authdate) values ('', 'nedelin', 'Chap-Password', 'Access-Accept', NOW())

rlm_sql (sql): Reserving sql socket id: 2

rlm_sql (sql): Released sql socket id: 2

++[sql] returns ok

Sending Access-Accept of id 204 to 95.158.137.194 port 1035

        Framed-IP-Address = 10.0.240.140

        Mikrotik-Rate-Limit = "2200000/5500000"

        Session-Timeout = 84800

        Framed-Protocol = PPP

        Service-Type = Framed-User

        Framed-Route = "10.0.240.1"

        MS-CHAP2-Success = 0x01533d31334634334632444242443037374530354332323343433646454132394245383041454433323942

Finished request 53.

Going to the next request

Waking up in 4.9 seconds.

rad_recv: Access-Request packet from host 95.158.137.194 port 1035, id=204, length=185

Sending duplicate reply to client SingleRouter port 1035 - ID: 204

Sending Access-Accept of id 204 to 95.158.137.194 port 1035

Waking up in 4.6 seconds.

rad_recv: Access-Request packet from host 95.158.137.194 port 1035, id=204, length=185

Sending duplicate reply to client SingleRouter port 1035 - ID: 204

Sending Access-Accept of id 204 to 95.158.137.194 port 1035

Waking up in 4.3 seconds.

[Nedelin]

Понеже не знам каква информация да ви дам, ме питайте конкретно.

Поздрави!!!

[Nedelin]

Сега си виждам грешката.

+- entering group post-auth

rlm_sql (sql): Processing sql_postauth

        expand: %{User-Name} -> nedelin

rlm_sql (sql): sql_set_user escaped user --> 'nedelin'

WARNING: Deprecated conditional expansion ":-".  See "man unlang" for details

        expand: INSERT into radpostauth (id, username, pass, reply, authdate) values ('', '%{User-Name}', '%{User-Password:-Chap-Password}', '%{reply:Packet-Type}', NOW()) -> INSERT into radpostauth (id, username, pass, reply, authdate) values ('', 'nedelin', 'Chap-Password', 'Access-Accept', NOW())

rlm_sql (sql) in sql_postauth: query is INSERT into radpostauth (id, username, pass, reply, authdate) values ('', 'nedelin', 'Chap-Password', 'Access-Accept', NOW())

rlm_sql (sql): Reserving sql socket id: 2

В таблицата "radpostauth" на "pass", какво трябва да се пише. Мисля че '%{User-Password:-Chap-Password}' е грешка. Но какво трява да е точно?

[Nedelin]

Не знам къде греша, но започна да ми писва от тъпя радиус. Какво ли не пробвах не ще и не ще. Радиуса пише е върнал отговор на микротика но нищо не сработва. Микротика е настроен правилно. Имам фаируол на димитрии, спирах го но и от него не е проблема, незнам вече. 

Моля ви помогнете!!!

Поздрави!!!!

[111111]

порта на микротик радиуса отворен ли е ?

[Nedelin]

порта на микротик радиуса отворен ли е ?

Ами отворени са. 1812 и 1813 трябва да са отворени, няма какво да ги затваря (от кък firewall). Иначе на радиус в микротика са си насторени портове, ИП, сикрет, глупости и т.н.

[111111]

това предполагам си изчел

http://wiki.mikrotik.com/wiki/RouterOs_MySql_Freeradius

http://wiki.mikrotik.com/wiki/How_to_setup_up_RADIUS_for_use_with_MikroTik_-_By_Ramona

http://wiki.mikrotik.com/wiki/Bash_scripts_for_Linux/Mysql/Freeradius/PPPoE

какво пише в лога на микротика ?

[Nedelin]

това предполагам си изчел

http://wiki.mikrotik.com/wiki/RouterOs_MySql_Freeradius

http://wiki.mikrotik.com/wiki/How_to_setup_up_RADIUS_for_use_with_MikroTik_-_By_Ramona

http://wiki.mikrotik.com/wiki/Bash_scripts_for_Linux/Mysql/Freeradius/PPPoE

какво пише в лога на микротика ?

Тези теми са първото което открих. И по тях съм го правил. В лога на микротика пише само че радиус сервера не отгораря (timeout ...)  ....