FreeNibs+Freedadius+MPD:ошибка 691, при конекте из
GNU/Linux, UNIX, Open Source → Программное обеспечение
FreeNibs+Freedadius+MPD:ошибка 691, при конекте из под Винды
Помогите плизз!!!
Привет.
ОС: FreeBSD6.0
Выпадает ошибка 691, при конекте из под Винды — включал/выключал шифрование.
mpd v4
Использую Веб-интерфейс: nibs_web(.tar.bz2)
Нибс: freenibs-0.0.3-bf3_freeradius-1.0.1(.tar.bz2)
Радиус:freeradius-1.0.1(.tar.gz)
Использовал для ДБ: nibs_mysql_prof_add.sql,nibs_mysql_cards.sql,nibs_mysql.sql из freenib’s
fireWall:pf
Пользователи не могут подключится…!!!
Если это ошибка не в настройках — то скажите!!!
Я тогда посижу над интерфейсом…
А лутше прислать дамп рабочей базы даных
Привожу свои настройки:
#cat acct-users
DEFAULT
Service-Type == Framed-User,
Service-Type == Login-User,
Login-Service == Telnet,
Login-Service == Rlogin,
Login-Service == TCP-Clear,
Login-TCP-Port <= 65536,
Framed-IP-Address == 255.255.255.254,
Framed-IP-Netmask == 255.255.255.255,
Framed-Protocol == PPP,
Framed-Protocol == SLIP,
Framed-Compression == Van-Jacobson-TCP-IP,
Framed-MTU >= 576,
Framed-Filter-ID =* ANY,
Reply-Message =* ANY,
Proxy-State =* ANY,
Session-Timeout <= 28800,
Idle-Timeout <= 600,
Port-Limit <= 2
#cat huntgroups |grep -v '#'
vpn NAS-IP-Address == 192.168.10.1
# cat radius.conf
acct 127.0.0.1 weldpua 3 2
auth 127.0.0.1 weldpua 3 2
radiusd.conf — не трогал
# cat clients
192.168.10.1 weldpua
127.0.0.1 weldpua
# cat clients.conf
client 127.0.0.1 {
secret= weldpua
shortname = localhost
nastype = other # localhost isn’t usually a NAS…
}
client 192.168.10.1 {
secret = weldpua
shortname = localhost
nastype = other # localhost isn’t usually a NAS…
}
# cat hints
DEFAULT Suffix = «.ppp», Strip-User-Name = Yes
Hint = «PPP»,
Service-Type = Framed-User,
Framed-Protocol = PPP
DEFAULT Suffix = «.slip», Strip-User-Name = Yes
Hint = «SLIP»,
Service-Type = Framed-User,
Framed-Protocol = SLIP
DEFAULT Suffix = «.cslip», Strip-User-Name = Yes
Hint = «CSLIP»,
Service-Type = Framed-User,
Framed-Protocol = SLIP,
Framed-Compression = Van-Jacobson-TCP-IP
# cat naslist
192.168.10.1 local portslave
127.0.0.1 local other
# cat nibs.conf|grep -v '#'
nibs {
driver = «rlm_nibs_mysql»
server = «localhost»
port = «3306»
login = «root»
password = «»
nibs_db = «freenibs»
….остальное без изменений
# cat /usr/local/etc/mpd4/mpd.conf
default:
load pptp0
pptp0:
new -i ng00 pptp0 pptp0
set ipcp ranges 192.168.10.1/24 192.168.11.1/32
load pptp_standart
pptp_standart:
set iface disable on-demand
set bundle enable multilink
set link yes acfcomp protocomp
set link no pap chap
set link enable chap
set link keep-alive 60 180
set ipcp yes vjcomp
set ipcp dns 192.168.10.1
set iface enable proxy-arp
set bundle enable compression
set ccp yes mppc
set ccp yes mpp-e40
set ccp yes mpp-e56
set ccp yes mpp-e128
set ccp yes mpp-stateless
set bundle yes crypt-reqd
set pptp enable incoming
set pptp disable originate
set iface mtu 1500
set link mtu 1500
set radius server 127.0.0.1 weldpua 1812 1813
set radius timeout 10
set radius config /opt/freeradius1.0.1/etc/raddb/radius.conf
set radius retries 3
# ifconfig
rl0: flags=8843 mtu 1500
options=8
inet 192.168.10.1 netmask 0xffffff00 broadcast 192.168.10.255
ether 00:0e:2e:2f:84:68
rl1: flags=8843 mtu 1500
options=8
inet 192.168.129.146 netmask 0xfffff000 broadcast 192.168.143.255
plip0: flags=108810 mtu 1500
pflog0: flags=141 mtu 33208
lo0: flags=8049 mtu 16384
inet 127.0.0.1 netmask 0xff000000
pfsync0: flags=0<> mtu 2020
ng0: flags=8890 mtu 1500
inet6 fe80::20e:2eff:fe2f:8468%ng0 prefixlen 64 scopeid 0×7
Последние комментарии
- OlegL, 17 декабря 2023 года в 15:00 → Перекличка 21
- REDkiy, 8 июня 2023 года в 9:09 → Как «замокать» файл для юниттеста в Python? 2
- fhunter, 29 ноября 2022 года в 2:09 → Проблема с NO_PUBKEY: как получить GPG-ключ и добавить его в базу apt? 6
- Иванн, 9 апреля 2022 года в 8:31 → Ассоциация РАСПО провела первое учредительное собрание 1
- Kiri11.ADV1, 7 марта 2021 года в 12:01 → Логи catalina.out в TomCat 9 в формате JSON 1
При попытке конекта
# mpd4
Multi-link PPP for FreeBSD, by Archie L. Cobbs.
Based on iij-ppp, by Toshiharu OHNO.
mpd: pid 669, version 4.0b4 (root@freebsd 22:24 27-Mar-2006)
[pptp0] ppp node is «mpd669-pptp0»
tcpmss node is «mpd669-mss»
mpd: local IP address for PPTP is 0.0.0.0
[pptp0] using interface ng0
mpd: bundle «pptp0» already exists
mpd: PPTP connection from 192.168.10.99:1766
pptp0: attached to connection with 192.168.10.99:1766
[pptp0] IFACE: Open event
[pptp0] IPCP: Open event
[pptp0] IPCP: state change Initial --> Starting
[pptp0] IPCP: LayerStart
[pptp0] IPCP: Open event
[pptp0] bundle: OPEN event in state CLOSED
[pptp0] opening link «pptp0»…
[pptp0] link: OPEN event
[pptp0] LCP: Open event
[pptp0] LCP: state change Initial --> Starting
[pptp0] LCP: LayerStart
[pptp0] device: OPEN event in state DOWN
[pptp0] attaching to peer’s outgoing call
[pptp0] device is now in state OPENING
[pptp0] device: UP event in state OPENING
[pptp0] device is now in state UP
[pptp0] link: UP event
[pptp0] link: origination is remote
[pptp0] LCP: Up event
[pptp0] LCP: state change Starting --> Req-Sent
[pptp0] LCP: phase shift DEAD --> ESTABLISH
[pptp0] LCP: SendConfigReq #1
ACFCOMP
PROTOCOMP
MRU 1500
MAGICNUM cc327a6f
AUTHPROTO CHAP MSOFTv2
MP MRRU 1600
MP SHORTSEQ
ENDPOINTDISC [802.1] 00 0e 2e 2f 84 68
pptp0-0: ignoring SetLinkInfo
[pptp0] LCP: rec’d Configure Request #0 link 0 (Req-Sent)
MRU 1400
MAGICNUM 19193049
PROTOCOMP
ACFCOMP
CALLBACK
Not supported
[pptp0] LCP: SendConfigRej #0
CALLBACK
[pptp0] LCP: rec’d Configure Request #1 link 0 (Req-Sent)
MRU 1400
MAGICNUM 19193049
PROTOCOMP
ACFCOMP
[pptp0] LCP: SendConfigAck #1
MRU 1400
MAGICNUM 19193049
PROTOCOMP
ACFCOMP
[pptp0] LCP: state change Req-Sent --> Ack-Sent
[pptp0] LCP: SendConfigReq #2
ACFCOMP
PROTOCOMP
MRU 1500
MAGICNUM cc327a6f
AUTHPROTO CHAP MSOFTv2
MP MRRU 1600
MP SHORTSEQ
ENDPOINTDISC [802.1] 00 0e 2e 2f 84 68
[pptp0] LCP: rec’d Configure Reject #2 link 0 (Ack-Sent)
MP MRRU 1600
MP SHORTSEQ
ENDPOINTDISC [802.1] 00 0e 2e 2f 84 68
[pptp0] LCP: SendConfigReq #3
ACFCOMP
PROTOCOMP
MRU 1500
MAGICNUM cc327a6f
AUTHPROTO CHAP MSOFTv2
[pptp0] LCP: rec’d Configure Ack #3 link 0 (Ack-Sent)
ACFCOMP
PROTOCOMP
MRU 1500
MAGICNUM cc327a6f
AUTHPROTO CHAP MSOFTv2
[pptp0] LCP: state change Ack-Sent --> Opened
[pptp0] LCP: phase shift ESTABLISH --> AUTHENTICATE
[pptp0] LCP: auth: peer wants nothing, I want CHAP
[pptp0] CHAP: sending CHALLENGE len:17
[pptp0] LCP: LayerUp
pptp0-0: ignoring SetLinkInfo
[pptp0] LCP: rec’d Ident #2 link 0 (Opened)
MESG: MSRASV5.10
[pptp0] LCP: rec’d Ident #3 link 0 (Opened)
MESG: MSRAS-0-SLIB
[pptp0] CHAP: rec’d RESPONSE #1
Name: «w»
[pptp0] AUTH: Auth-Thread started
[pptp0] AUTH: Trying secret file: mpd.secret
Peer name: «w»
mpd: warning: line too long, truncated
User «w» not found in secret file
[pptp0] AUTH: Auth-Thread finished normally
[pptp0] CHAP: ChapInputFinish: status failed
[pptp0] CHAP: sending FAILURE len:29
[pptp0] LCP: authorization failed
[pptp0] device: CLOSE event in state UP
pptp0-0: clearing call
pptp0-0: killing channel
[pptp0] PPTP call terminated
[pptp0] IFACE: Close event
[pptp0] IPCP: Close event
[pptp0] IPCP: state change Starting --> Initial
[pptp0] IPCP: LayerFinish
[pptp0] IFACE: Close event
pptp0: closing connection with 192.168.10.99:1766
[pptp0] IFACE: Close event
[pptp0] device is now in state CLOSING
[pptp0] bundle: CLOSE event in state OPENED
[pptp0] closing link «pptp0»…
[pptp0] device: DOWN event in state CLOSING
[pptp0] device is now in state DOWN
[pptp0] link: CLOSE event
[pptp0] LCP: Close event
[pptp0] LCP: state change Opened --> Closing
[pptp0] LCP: phase shift AUTHENTICATE --> TERMINATE
[pptp0] LCP: SendTerminateReq #4
[pptp0] error writing len 8 frame to bypass: Network is down
[pptp0] LCP: LayerDown
pptp0: killing connection with 192.168.10.99:1766
[pptp0] device: DOWN event in state DOWN
[pptp0] device is now in state DOWN
[pptp0] link: DOWN event
[pptp0] LCP: Down event
[pptp0] LCP: LayerFinish
[pptp0] LCP: state change Closing --> Initial
[pptp0] LCP: phase shift TERMINATE --> DEAD
[pptp0] device: CLOSE event in state DOWN
[pptp0] device is now in state DOWN
[pptp0] link: DOWN event
[pptp0] LCP: Down event
# radiusd -x
…..
Listening on authentication *:1812
Listening on accounting *:1813
Listening on proxy *:1814
Ready to process requests.
убрал из mpd.conf: set link enable chap
Теперь можно на соеденится с сервером без проблем…
И без пароля — под любым ником…
возвращаю — ошибка 691.
Радиус висит: Ready to process requests.
Все время…
Может Его не видно?
Или конфигурация не так?
Привожу лог mpd во время подключения к серву:
#mpd
…
[pptp99] using interface ng99
[pptp99:pptp99] mpd: PPTP connection from 192.168.10.97:3909
pptp0: attached to connection with 192.168.10.97:3909
[pptp0] IFACE: Open event
[pptp0] IPCP: Open event
[pptp0] IPCP: state change Initial --> Starting
[pptp0] IPCP: LayerStart
[pptp0] IPCP: Open event
[pptp0] bundle: OPEN event in state CLOSED
[pptp0] opening link «pptp0»…
[pptp0] link: OPEN event
[pptp0] LCP: Open event
[pptp0] LCP: state change Initial --> Starting
[pptp0] LCP: LayerStart
[pptp0] device: OPEN event in state DOWN
[pptp0] attaching to peer’s outgoing call
[pptp0] device is now in state OPENING
[pptp0] device: UP event in state OPENING
[pptp0] device is now in state UP
[pptp0] link: UP event
[pptp0] link: origination is remote
[pptp0] LCP: Up event
[pptp0] LCP: state change Starting --> Req-Sent
[pptp0] LCP: phase shift DEAD --> ESTABLISH
[pptp0] LCP: SendConfigReq #1
ACFCOMP
PROTOCOMP
MRU 1500
MAGICNUM 3364fe68
AUTHPROTO CHAP MSOFTv2
MP MRRU 1600
MP SHORTSEQ
ENDPOINTDISC [802.1] 00 0e 2e 2f 84 68
pptp0-0: ignoring SetLinkInfo
[pptp0] LCP: rec’d Configure Request #0 link 0 (Req-Sent)
MRU 1400
MAGICNUM 2d956eef
PROTOCOMP
ACFCOMP
CALLBACK
Not supported
[pptp0] LCP: SendConfigRej #0
CALLBACK
[pptp0] LCP: rec’d Configure Request #1 link 0 (Req-Sent)
MRU 1400
MAGICNUM 2d956eef
PROTOCOMP
ACFCOMP
[pptp0] LCP: SendConfigAck #1
MRU 1400
MAGICNUM 2d956eef
PROTOCOMP
ACFCOMP
[pptp0] LCP: state change Req-Sent --> Ack-Sent
[pptp0] LCP: SendConfigReq #2
ACFCOMP
PROTOCOMP
MRU 1500
MAGICNUM 3364fe68
AUTHPROTO CHAP MSOFTv2
MP MRRU 1600
MP SHORTSEQ
ENDPOINTDISC [802.1] 00 0e 2e 2f 84 68
[pptp0] LCP: rec’d Configure Reject #2 link 0 (Ack-Sent)
MP MRRU 1600
MP SHORTSEQ
ENDPOINTDISC [802.1] 00 0e 2e 2f 84 68
[pptp0] LCP: SendConfigReq #3
ACFCOMP
PROTOCOMP
MRU 1500
MAGICNUM 3364fe68
AUTHPROTO CHAP MSOFTv2
[pptp0] LCP: rec’d Configure Ack #3 link 0 (Ack-Sent)
ACFCOMP
PROTOCOMP
MRU 1500
MAGICNUM 3364fe68
AUTHPROTO CHAP MSOFTv2
[pptp0] LCP: state change Ack-Sent --> Opened
[pptp0] LCP: phase shift ESTABLISH --> AUTHENTICATE
[pptp0] LCP: auth: peer wants nothing, I want CHAP
[pptp0] CHAP: sending CHALLENGE
[pptp0] LCP: LayerUp
pptp0-0: ignoring SetLinkInfo
[pptp0] LCP: rec’d Ident #2 link 0 (Opened)
MESG: MSRASV5.10
[pptp0] LCP: rec’d Ident #3 link 0 (Opened)
MESG: MSRAS-0-SLIB
[pptp0] CHAP: rec’d RESPONSE #1
Name: «w»
Peer name: «w»
mpd: warning: line too long, truncated
Can’t get credentials for «w»
[pptp0] CHAP: sending FAILURE
[pptp0] LCP: authorization failed
[pptp0] device: CLOSE event in state UP
pptp0-0: clearing call
pptp0-0: killing channel
[pptp0] PPTP call terminated
[pptp0] IFACE: Close event
[pptp0] IPCP: Close event
[pptp0] IPCP: state change Starting --> Initial
[pptp0] IPCP: LayerFinish
[pptp0] IFACE: Close event
pptp0: closing connection with 192.168.10.97:3909
[pptp0] IFACE: Close event
[pptp0] device is now in state CLOSING
[pptp0] bundle: CLOSE event in state OPENED
[pptp0] closing link «pptp0»…
[pptp0] device: DOWN event in state CLOSING
[pptp0] device is now in state DOWN
[pptp0] link: CLOSE event
[pptp0] LCP: Close event
[pptp0] LCP: state change Opened --> Closing
[pptp0] LCP: phase shift AUTHENTICATE --> TERMINATE
[pptp0] LCP: SendTerminateReq #4
[pptp0] error writing len 8 frame to bypass: Network is down
[pptp0] LCP: LayerDown
[pptp0] device: DOWN event in state DOWN
[pptp0] device is now in state DOWN
pptp0: killing connection with 192.168.10.97:3909
[pptp0] link: DOWN event
[pptp0] LCP: Down event
[pptp0] LCP: LayerFinish
[pptp0] LCP: state change Closing --> Initial
[pptp0] LCP: phase shift TERMINATE --> DEAD
[pptp0] link: DOWN event
[pptp0] LCP: Down event
[pptp0] device: CLOSE event in state DOWN
[pptp0] device is now in state DOWN
Нашел в чем дело…
В mpd.conf надо было добавить:
set auth acct-update 300
set auth enable radius-auth
set auth enable radius-acct
Но теперь вот такая проблема:
radiusd -x:
…
rad_recv: Access-Request packet from host 192.168.10.1:57733, id=51, length=144
NAS-Identifier = «freebsd»
NAS-IP-Address = 127.0.0.1
NAS-Port = 0
NAS-Port-Type = Virtual
Service-Type = Framed-User
Framed-Protocol = PPP
User-Name = «w»
MS-CHAP-Challenge = 0xbb1e68c8445aee2a776b7becc887c686
MS-CHAP2-Response = 0×0100e89226e511f5a91977ecfc5674253d730000000000000000aa94048293034357e5ce3b80c9f14099231c37938b1564f5
Invalid operator for item Suffix: reverting to '=='
Invalid operator for item Suffix: reverting to '=='
Invalid operator for item Suffix: reverting to '=='
sql_als->sql_get_socket (nibs): Reserving sql socket id: 60
sql_als->sql_release_socket: Released sql socket id: 60
rlm_nibs (rlm_nibs_authorize): Check items do not match with received packet (maybe open passwd or huntgroup) for user `' [127.0.0.1:0]
rad_recv: Access-Request packet from host 192.168.10.1:57733, id=51, length=144
Sending Access-Reject of id 51 to 192.168.10.1:57733
Пришлите Мне на мыло ПЛИЗ дамп Базы!!!
Прошу очень…!!!
Можно по одной записе!!!
weldpua2008@ukr.net
Если конектав не будет — значит в настройках дело, если будет, значит интерфейс буду править!!!
Спасите ПОЖАЛУЙСТА!!!
Новые вопросы:
Теперь уже идет конект и все впорядке — спасибо
http://wiki.bsdportal.ru/doc:vpn та часть, где говорится про радиус…
Но теперь постояно идет запрос у клиента:
radiusd -x:
….
7
[pptp0] RADIUS: RadiusAccount: rad_put_string (RAD_USER_NAME): w1
[pptp0] RADIUS: RadiusAccount: Sending accounting data (Type: 3)
[pptp0] RADIUS: rec’d RAD_ACCOUNTING_RESPONSE for user w1
[pptp0] AUTH: Accounting-Thread finished normally
[pptp0] AUTH: Sending Accounting Update
[pptp0] AUTH: Accounting-Thread started
[pptp0] RADIUS: RadiusAccount for: w1
[pptp0] RADIUS: using /opt/radius.conf
[pptp0] RADIUS: RadiusAddServer Adding 127.0.0.1
[pptp0] RADIUS: RadiusAddServer Adding 127.0.0.1
[pptp0] RADIUS: RadiusStart: rad_put_string(RAD_CALLING_STATION_ID) 192.168.10.97
[pptp0] RADIUS: RadiusAccount: rad_put_string (RAD_USER_NAME): w1
[pptp0] RADIUS: RadiusAccount: Sending accounting data (Type: 3)
[pptp0] RADIUS: rec’d RAD_ACCOUNTING_RESPONSE for user w1
[pptp0] AUTH: Accounting-Thread finished normally
[pptp0] AUTH: Sending Accounting Update
[pptp0] AUTH: Accounting-Thread started
[pptp0] RADIUS: RadiusAccount for: w1
[pptp0] RADIUS: using /opt/radius.conf
[pptp0] RADIUS: RadiusAddServer Adding 127.0.0.1
[pptp0] RADIUS: RadiusAddServer Adding 127.0.0.1
[pptp0] RADIUS: RadiusStart: rad_put_string(RAD_CALLING_STATION_ID) 192.168.10.97
Есть все тот же сервер с FreeBSD 6 +MPD+FreeNIBS+FreeRADIUS
Все успешно работает — пользователи могут приконектится, если есть в Базе FreeNIBS.
Но!Вопрос — если просто подключиться, то начинается что-то искаться и за десять минут Винда нагоняет до 10Мб, что-то ищя…
Что демонстрирует логи радиса…
Вопрос2 — Я должен прописать роутинги для моих интерфейсов, которые записаны в mpd.conf(ngXX)?
И добавить правила для фаервола для Них?