Subnets.ru

**Андрей** » 11 ноя 2009, 10:45

Привет всем.
Настало время разделить биллинг и NAS.
Пересобрал ядро с опциями:

Код: Выделить всё: device pf device pflog options ALTQ options ALTQ_CBQ # Class Bases Queueing options ALTQ_RED # Random Early Detection options ALTQ_RIO # RED In/Out options ALTQ_HFSC # Hierarchical Packet Scheduler options ALTQ_CDNR # Traffic conditioner options ALTQ_PRIQ # Priority Queueing options ALTQ_NOPCC # Required for SMP build options NETGRAPH # options NETGRAPH_PPPOE options NETGRAPH_ECHO options NETGRAPH_ETHER options NETGRAPH_IFACE options NETGRAPH_KSOCKET options NETGRAPH_L2TP options NETGRAPH_MPPC_ENCRYPTION options NETGRAPH_PPP options NETGRAPH_PPTPGRE

Решил я остаться на pf.
В связи с этим скопировал pf конфиг на новую машину, pf завелся, а вот ng ифейса нет. ПОчему не знаю.
На работающей машине был натовский ng0 ифейс с ip 172.16.0.1 (постоянный Ip). Он же был и натовский gateway для ng*.

Сейчас перенес на новую машину mpd5, но ng0 так и не появился.

Может что-то с модулями ядра?
После reboot'a

Код: Выделить всё: kldstat Id Refs Address Size Name 1 5 0xc0400000 a5823c kernel 2 1 0xc0e59000 6a45c acpi.ko 3 1 0xc5e30000 4000 ng_socket.ko

Хотя на рабочем nas ядро пересобиралось с опциями:

Код: Выделить всё: device pf device pflog options ALTQ options ALTQ_CBQ # Class Bases Queueing options ALTQ_RED # Random Early Detection options ALTQ_RIO # RED In/Out options ALTQ_HFSC # Hierarchical Packet Scheduler options ALTQ_CDNR # Traffic conditioner options ALTQ_PRIQ # Priority Queueing options ALTQ_NOPCC # Required for SMP build options NETGRAPH # options NETGRAPH_PPP options NETGRAPH_PPTPGRE

и при загрузке подгружаются модули:

Код: Выделить всё: kldstat Id Refs Address Size Name 1 26 0xc0400000 70a08c kernel 2 1 0xc0b0b000 59f20 acpi.ko 3 1 0xc2575000 16000 linux.ko 4 1 0xc25b9000 4000 ng_socket.ko 5 1 0xc25c0000 3000 ng_mppc.ko 6 1 0xc25c3000 2000 rc4.ko 7 1 0xc264a000 3000 ng_tee.ko 8 1 0xc2658000 4000 ng_ksocket.ko 9 1 0xc28c8000 3000 ng_iface.ko 10 1 0xc28d4000 2000 ng_tcpmss.ko 11 1 0xc28dc000 4000 ng_bpf.ko 12 1 0xc28e0000 4000 ng_car.ko 13 1 0xc31d1000 4000 ng_vjc.ko

Ну и понятное дело ng0 жив на нем.

Подскажите в чем проблема?

ЗЫ. При запуске выскакивает странное сообщение:

Код: Выделить всё: WARNING: attempt to net_add_domain(netgraph) after domainfinalize()

Каждый раз аккуратно поверх записи

Код: Выделить всё: Updating motd

Может в этом проблема?

**root** » 11 ноя 2009, 16:38

интерфейс ngX появится после того как поднимется туннель, от тебя или к тебе

Андрей писал(а):На работающей машине был натовский ng0 ифейс с ip 172.16.0.1 (постоянный Ip). Он же был и натовский gateway для ng*.

значит сам сервер устанавливал соединение куда то, смотри на старой машине, куда именно он его устанавливал

Андрей писал(а):WARNING: attempt to net_add_domain(netgraph) after domainfinalize()

забей, это нормально, так у всех

Андрей писал(а):Каждый раз аккуратно поверх записи
Updating motd

ну а motd то тут вообще не причем

MOTD = Message of the Day (фраза дня), это приветствие после входа в систему и хранится в /etc/motd, это текстовый файл

**Андрей** » 11 ноя 2009, 20:06

root писал(а):ну а motd то тут вообще не причем

Я просто хотел сказать когда именно появляется запись.

root писал(а):значит сам сервер устанавливал соединение куда то, смотри на старой машине, куда именно он его устанавливал

К примеру на шлюз провайдера?
Это получается, что мне надо поднять линк на em0 и все заработает (теоретически)

root писал(а):забей, это нормально, так у всех

Ну нормальнпя адекватная реакция на Warning.

Так у всех.

**Андрей** » 12 ноя 2009, 08:58

Линк поднял на ифейсе, ng0 не поднялся.

Мне тут подсказали, что якобы установил mpd5, и ng0 появился. Установил (уже давно) до сих пор нет ng0.
А это у меня в логах mpd:

Код: Выделить всё: Nov 12 11:17:42 nas mpd: [L-1] Accepting PPTP connection Nov 12 11:17:42 nas mpd: [L-1] Link: OPEN event Nov 12 11:17:42 nas mpd: [L-1] LCP: Open event Nov 12 11:17:42 nas mpd: [L-1] LCP: state change Initial --> Starting Nov 12 11:17:42 nas mpd: [L-1] LCP: LayerStart Nov 12 11:17:42 nas mpd: [L-1] PPTP: attaching to peer's outgoing call Nov 12 11:17:42 nas mpd: [L-1] Link: UP event Nov 12 11:17:42 nas mpd: [L-1] LCP: Up event Nov 12 11:17:42 nas mpd: [L-1] LCP: state change Starting --> Req-Sent Nov 12 11:17:42 nas mpd: [L-1] LCP: SendConfigReq #1 Nov 12 11:17:42 nas mpd: [L-1] ACFCOMP Nov 12 11:17:42 nas mpd: [L-1] PROTOCOMP Nov 12 11:17:42 nas mpd: [L-1] MRU 1500 Nov 12 11:17:42 nas mpd: [L-1] MAGICNUM 0244cf36 Nov 12 11:17:42 nas mpd: [L-1] AUTHPROTO CHAP MSOFTv2 Nov 12 11:17:42 nas mpd: [L-1] MP MRRU 2048 Nov 12 11:17:42 nas mpd: [L-1] MP SHORTSEQ Nov 12 11:17:42 nas mpd: [L-1] ENDPOINTDISC [802.1] 00 11 43 e5 dd d6 Nov 12 11:17:42 nas mpd: [L-1] LCP: rec'd Configure Request #0 (Req-Sent) Nov 12 11:17:42 nas mpd: [L-1] MRU 1400 Nov 12 11:17:42 nas mpd: [L-1] MAGICNUM 0d4b69a9 Nov 12 11:17:42 nas mpd: [L-1] PROTOCOMP Nov 12 11:17:42 nas mpd: [L-1] ACFCOMP Nov 12 11:17:42 nas mpd: [L-1] CALLBACK 6 Nov 12 11:17:42 nas mpd: [L-1] LCP: SendConfigRej #0 Nov 12 11:17:42 nas mpd: [L-1] CALLBACK 6 Nov 12 11:17:42 nas mpd: [L-1] LCP: rec'd Configure Request #1 (Req-Sent) Nov 12 11:17:42 nas mpd: [L-1] MRU 1400 Nov 12 11:17:42 nas mpd: [L-1] MAGICNUM 0d4b69a9 Nov 12 11:17:42 nas mpd: [L-1] PROTOCOMP Nov 12 11:17:42 nas mpd: [L-1] ACFCOMP Nov 12 11:17:42 nas mpd: [L-1] LCP: SendConfigAck #1 Nov 12 11:17:42 nas mpd: [L-1] MRU 1400 Nov 12 11:17:42 nas mpd: [L-1] MAGICNUM 0d4b69a9 Nov 12 11:17:42 nas mpd: [L-1] PROTOCOMP Nov 12 11:17:42 nas mpd: [L-1] ACFCOMP Nov 12 11:17:42 nas mpd: [L-1] LCP: state change Req-Sent --> Ack-Sent Nov 12 11:17:44 nas mpd: [L-1] LCP: SendConfigReq #2 Nov 12 11:17:44 nas mpd: [L-1] ACFCOMP Nov 12 11:17:44 nas mpd: [L-1] PROTOCOMP Nov 12 11:17:44 nas mpd: [L-1] MRU 1500 Nov 12 11:17:44 nas mpd: [L-1] MAGICNUM 0244cf36 Nov 12 11:17:44 nas mpd: [L-1] AUTHPROTO CHAP MSOFTv2 Nov 12 11:17:44 nas mpd: [L-1] MP MRRU 2048 Nov 12 11:17:44 nas mpd: [L-1] MP SHORTSEQ Nov 12 11:17:44 nas mpd: [L-1] ENDPOINTDISC [802.1] 00 11 43 e5 dd d6 Nov 12 11:17:44 nas mpd: [L-1] LCP: rec'd Configure Reject #2 (Ack-Sent) Nov 12 11:17:44 nas mpd: [L-1] MP MRRU 2048 Nov 12 11:17:44 nas mpd: [L-1] MP SHORTSEQ Nov 12 11:17:44 nas mpd: [L-1] ENDPOINTDISC [802.1] 00 11 43 e5 dd d6 Nov 12 11:17:44 nas mpd: [L-1] LCP: SendConfigReq #3 Nov 12 11:17:44 nas mpd: [L-1] ACFCOMP Nov 12 11:17:44 nas mpd: [L-1] PROTOCOMP Nov 12 11:17:44 nas mpd: [L-1] MRU 1500 Nov 12 11:17:44 nas mpd: [L-1] MAGICNUM 0244cf36 Nov 12 11:17:44 nas mpd: [L-1] AUTHPROTO CHAP MSOFTv2 Nov 12 11:17:44 nas mpd: [L-1] LCP: rec'd Configure Ack #3 (Ack-Sent) Nov 12 11:17:44 nas mpd: [L-1] ACFCOMP Nov 12 11:17:44 nas mpd: [L-1] PROTOCOMP Nov 12 11:17:44 nas mpd: [L-1] MRU 1500 Nov 12 11:17:44 nas mpd: [L-1] MAGICNUM 0244cf36 Nov 12 11:17:44 nas mpd: [L-1] AUTHPROTO CHAP MSOFTv2 Nov 12 11:17:44 nas mpd: [L-1] LCP: state change Ack-Sent --> Opened Nov 12 11:17:44 nas mpd: [L-1] LCP: auth: peer wants nothing, I want CHAP Nov 12 11:17:44 nas mpd: [L-1] CHAP: sending CHALLENGE #1 len: 21 Nov 12 11:17:44 nas mpd: [L-1] LCP: LayerUp Nov 12 11:17:44 nas mpd: [L-1] LCP: rec'd Ident #2 (Opened) Nov 12 11:17:44 nas mpd: [L-1] MESG: MSRASV5.10 Nov 12 11:17:44 nas mpd: [L-1] LCP: rec'd Ident #3 (Opened) Nov 12 11:17:44 nas mpd: [L-1] MESG: MSRAS-0-A7B32862460C456 Nov 12 11:17:44 nas mpd: [L-1] CHAP: rec'd RESPONSE #1 len: 62 Nov 12 11:17:44 nas mpd: [L-1] Name: "andrey" Nov 12 11:17:44 nas mpd: [L-1] AUTH: Trying RADIUS Nov 12 11:17:44 nas mpd: [L-1] RADIUS: Authenticating user 'andrey' Nov 12 11:17:44 nas mpd: [L-1] RADIUS: rad_config: Cannot open "/billing/radius.conf": No such file or directory Nov 12 11:17:44 nas mpd: [L-1] AUTH: RADIUS returned error Nov 12 11:17:44 nas mpd: [L-1] AUTH: Trying INTERNAL Nov 12 11:17:44 nas mpd: OpenConfFile: Can't open file '/usr/local/etc/mpd5/mpd.secret': No such file or directory Nov 12 11:17:44 nas mpd: [L-1] AUTH: User "adnrey" not found in secret file Nov 12 11:17:44 nas mpd: [L-1] AUTH: INTERNAL returned: failed Nov 12 11:17:44 nas mpd: [L-1] AUTH: ran out of backends Nov 12 11:17:44 nas mpd: [L-1] CHAP: Auth return status: failed Nov 12 11:17:44 nas mpd: [L-1] CHAP: Reply message: E=691 R=0 M=Login incorrect Nov 12 11:17:44 nas mpd: [L-1] CHAP: sending FAILURE #1 len: 31 Nov 12 11:17:44 nas mpd: [L-1] LCP: authorization failed Nov 12 11:17:44 nas mpd: [L-1] LCP: parameter negotiation failed Nov 12 11:17:44 nas mpd: [L-1] LCP: state change Opened --> Stopping Nov 12 11:17:44 nas mpd: [L-1] LCP: SendTerminateReq #4 Nov 12 11:17:44 nas mpd: [L-1] LCP: LayerDown Nov 12 11:17:44 nas mpd: [L-1] LCP: rec'd Terminate Ack #4 (Stopping) Nov 12 11:17:44 nas mpd: [L-1] LCP: state change Stopping --> Stopped Nov 12 11:17:44 nas mpd: [L-1] LCP: LayerFinish Nov 12 11:17:44 nas mpd: [L-1] PPTP call terminated Nov 12 11:17:44 nas mpd: [L-1] Link: DOWN event Nov 12 11:17:44 nas mpd: [L-1] LCP: Close event Nov 12 11:17:44 nas mpd: [L-1] LCP: state change Stopped --> Closed Nov 12 11:17:44 nas mpd: [L-1] LCP: Down event Nov 12 11:17:44 nas mpd: [L-1] LCP: state change Closed --> Initial Nov 12 11:17:44 nas mpd: [L-1] Link: SHUTDOWN event Nov 12 11:17:44 nas mpd: [L-1] Link: Shutdown

Может быть ng0 не появляется, т.к. nas с радиусом не соединяется? Хотя честно ругани на то, что nas с радиусом не соединился - я не вижу.

**Андрей** » 12 ноя 2009, 10:07

Принудительно указал в mpd.secret свои логин, пароль и ип.
Подключился. Получил ng0, но не с ip 172.16.0.1, а с 172.16.0.2, при этом имела место запись:

Код: Выделить всё: 172.16.0.1 -> 172.16.0.2

**lehisnoe** » 12 ноя 2009, 10:31

Вот эта строка в логах MPD ни о чем тебе не говорит?

Код: Выделить всё: Nov 12 11:17:44 nas mpd: [L-1] RADIUS: rad_config: Cannot open "/billing/radius.conf": No such file or directory

**Андрей** » 12 ноя 2009, 11:55

я потом поменял её. мне пишет:

Код: Выделить всё: Nov 12 13:52:38 nas mpd: [L-1] Accepting PPTP connection Nov 12 13:52:38 nas mpd: [L-1] Link: OPEN event Nov 12 13:52:38 nas mpd: [L-1] LCP: Open event Nov 12 13:52:38 nas mpd: [L-1] LCP: state change Initial --> Starting Nov 12 13:52:38 nas mpd: [L-1] LCP: LayerStart Nov 12 13:52:38 nas mpd: [L-1] PPTP: attaching to peer's outgoing call Nov 12 13:52:38 nas mpd: [L-1] Link: UP event Nov 12 13:52:38 nas mpd: [L-1] LCP: Up event Nov 12 13:52:38 nas mpd: [L-1] LCP: state change Starting --> Req-Sent Nov 12 13:52:38 nas mpd: [L-1] LCP: SendConfigReq #1 Nov 12 13:52:38 nas mpd: [L-1] ACFCOMP Nov 12 13:52:38 nas mpd: [L-1] PROTOCOMP Nov 12 13:52:38 nas mpd: [L-1] MRU 1500 Nov 12 13:52:38 nas mpd: [L-1] MAGICNUM 9c745068 Nov 12 13:52:38 nas mpd: [L-1] AUTHPROTO CHAP MSOFTv2 Nov 12 13:52:38 nas mpd: [L-1] MP MRRU 2048 Nov 12 13:52:38 nas mpd: [L-1] MP SHORTSEQ Nov 12 13:52:38 nas mpd: [L-1] ENDPOINTDISC [802.1] 00 11 43 e5 dd d6 Nov 12 13:52:38 nas mpd: [L-1] LCP: rec'd Configure Request #0 (Req-Sent) Nov 12 13:52:38 nas mpd: [L-1] MRU 1400 Nov 12 13:52:38 nas mpd: [L-1] MAGICNUM 3d75164c Nov 12 13:52:38 nas mpd: [L-1] PROTOCOMP Nov 12 13:52:38 nas mpd: [L-1] ACFCOMP Nov 12 13:52:38 nas mpd: [L-1] CALLBACK 6 Nov 12 13:52:38 nas mpd: [L-1] LCP: SendConfigRej #0 Nov 12 13:52:38 nas mpd: [L-1] CALLBACK 6 Nov 12 13:52:38 nas mpd: [L-1] LCP: rec'd Configure Request #1 (Req-Sent) Nov 12 13:52:38 nas mpd: [L-1] MRU 1400 Nov 12 13:52:38 nas mpd: [L-1] MAGICNUM 3d75164c Nov 12 13:52:38 nas mpd: [L-1] PROTOCOMP Nov 12 13:52:38 nas mpd: [L-1] ACFCOMP Nov 12 13:52:38 nas mpd: [L-1] LCP: SendConfigAck #1 Nov 12 13:52:38 nas mpd: [L-1] MRU 1400 Nov 12 13:52:38 nas mpd: [L-1] MAGICNUM 3d75164c Nov 12 13:52:38 nas mpd: [L-1] PROTOCOMP Nov 12 13:52:38 nas mpd: [L-1] ACFCOMP Nov 12 13:52:38 nas mpd: [L-1] LCP: state change Req-Sent --> Ack-Sent Nov 12 13:52:40 nas mpd: [L-1] LCP: SendConfigReq #2 Nov 12 13:52:40 nas mpd: [L-1] ACFCOMP Nov 12 13:52:40 nas mpd: [L-1] PROTOCOMP Nov 12 13:52:40 nas mpd: [L-1] MRU 1500 Nov 12 13:52:40 nas mpd: [L-1] MAGICNUM 9c745068 Nov 12 13:52:40 nas mpd: [L-1] AUTHPROTO CHAP MSOFTv2 Nov 12 13:52:40 nas mpd: [L-1] MP MRRU 2048 Nov 12 13:52:40 nas mpd: [L-1] MP SHORTSEQ Nov 12 13:52:40 nas mpd: [L-1] ENDPOINTDISC [802.1] 00 11 43 e5 dd d6 Nov 12 13:52:40 nas mpd: [L-1] LCP: rec'd Configure Reject #2 (Ack-Sent) Nov 12 13:52:40 nas mpd: [L-1] MP MRRU 2048 Nov 12 13:52:40 nas mpd: [L-1] MP SHORTSEQ Nov 12 13:52:40 nas mpd: [L-1] ENDPOINTDISC [802.1] 00 11 43 e5 dd d6 Nov 12 13:52:40 nas mpd: [L-1] LCP: SendConfigReq #3 Nov 12 13:52:40 nas mpd: [L-1] ACFCOMP Nov 12 13:52:40 nas mpd: [L-1] PROTOCOMP Nov 12 13:52:40 nas mpd: [L-1] MRU 1500 Nov 12 13:52:40 nas mpd: [L-1] MAGICNUM 9c745068 Nov 12 13:52:40 nas mpd: [L-1] AUTHPROTO CHAP MSOFTv2 Nov 12 13:52:40 nas mpd: [L-1] LCP: rec'd Configure Ack #3 (Ack-Sent) Nov 12 13:52:40 nas mpd: [L-1] ACFCOMP Nov 12 13:52:40 nas mpd: [L-1] PROTOCOMP Nov 12 13:52:40 nas mpd: [L-1] MRU 1500 Nov 12 13:52:40 nas mpd: [L-1] MAGICNUM 9c745068 Nov 12 13:52:40 nas mpd: [L-1] AUTHPROTO CHAP MSOFTv2 Nov 12 13:52:40 nas mpd: [L-1] LCP: state change Ack-Sent --> Opened Nov 12 13:52:40 nas mpd: [L-1] LCP: auth: peer wants nothing, I want CHAP Nov 12 13:52:40 nas mpd: [L-1] CHAP: sending CHALLENGE #1 len: 21 Nov 12 13:52:40 nas mpd: [L-1] LCP: LayerUp Nov 12 13:52:40 nas mpd: [L-1] LCP: rec'd Ident #2 (Opened) Nov 12 13:52:40 nas mpd: [L-1] MESG: MSRASV5.10 Nov 12 13:52:40 nas mpd: [L-1] LCP: rec'd Ident #3 (Opened) Nov 12 13:52:40 nas mpd: [L-1] MESG: MSRAS-0-A7B32862460C456 Nov 12 13:52:40 nas mpd: [L-1] CHAP: rec'd RESPONSE #1 len: 62 Nov 12 13:52:40 nas mpd: [L-1] Name: "andrey" Nov 12 13:52:40 nas mpd: [L-1] AUTH: Trying RADIUS Nov 12 13:52:40 nas mpd: [L-1] RADIUS: Authenticating user 'andrey' Nov 12 13:52:42 nas mpd: [L-1] CHAP: rec'd RESPONSE #1 len: 62 Nov 12 13:52:42 nas mpd: [L-1] Name: "andrey" Nov 12 13:52:42 nas mpd: [L-1] CHAP: Auth return status: busy Nov 12 13:52:44 nas mpd: [L-1] CHAP: rec'd RESPONSE #1 len: 62 Nov 12 13:52:44 nas mpd: [L-1] Name: "andrey" Nov 12 13:52:44 nas mpd: [L-1] CHAP: Auth return status: busy Nov 12 13:52:46 nas mpd: [L-1] CHAP: rec'd RESPONSE #1 len: 62 Nov 12 13:52:46 nas mpd: [L-1] Name: "andrey" Nov 12 13:52:46 nas mpd: [L-1] CHAP: Auth return status: busy Nov 12 13:52:48 nas mpd: [L-1] CHAP: rec'd RESPONSE #1 len: 62 Nov 12 13:52:48 nas mpd: [L-1] Name: "andrey" Nov 12 13:52:48 nas mpd: [L-1] CHAP: Auth return status: busy Nov 12 13:52:49 nas mpd: [L-1] RADIUS: rad_send_request for user 'andrey' failed: No valid RADIUS responses received Nov 12 13:52:49 nas mpd: [L-1] AUTH: RADIUS returned error Nov 12 13:52:49 nas mpd: [L-1] AUTH: Trying INTERNAL Nov 12 13:52:49 nas mpd: [L-1] AUTH: User "andrey" not found in secret file Nov 12 13:52:49 nas mpd: [L-1] AUTH: INTERNAL returned: failed Nov 12 13:52:49 nas mpd: [L-1] AUTH: ran out of backends Nov 12 13:52:49 nas mpd: [L-1] CHAP: Auth return status: failed Nov 12 13:52:49 nas mpd: [L-1] CHAP: Reply message: E=691 R=0 M=Login incorrect Nov 12 13:52:49 nas mpd: [L-1] CHAP: sending FAILURE #1 len: 31 Nov 12 13:52:49 nas mpd: [L-1] LCP: authorization failed Nov 12 13:52:49 nas mpd: [L-1] LCP: parameter negotiation failed Nov 12 13:52:49 nas mpd: [L-1] LCP: state change Opened --> Stopping Nov 12 13:52:49 nas mpd: [L-1] LCP: SendTerminateReq #4 Nov 12 13:52:49 nas mpd: [L-1] LCP: LayerDown Nov 12 13:52:49 nas mpd: [L-1] LCP: rec'd Terminate Ack #4 (Stopping) Nov 12 13:52:49 nas mpd: [L-1] LCP: state change Stopping --> Stopped Nov 12 13:52:49 nas mpd: [L-1] LCP: LayerFinish Nov 12 13:52:49 nas mpd: [L-1] PPTP call terminated Nov 12 13:52:49 nas mpd: [L-1] Link: DOWN event Nov 12 13:52:49 nas mpd: [L-1] LCP: Close event Nov 12 13:52:49 nas mpd: [L-1] LCP: state change Stopped --> Closed Nov 12 13:52:49 nas mpd: [L-1] LCP: Down event Nov 12 13:52:49 nas mpd: [L-1] LCP: state change Closed --> Initial Nov 12 13:52:49 nas mpd: [L-1] Link: SHUTDOWN event Nov 12 13:52:49 nas mpd: [L-1] Link: Shutdown

Это все за одну попытку подключения.

**Андрей** » 13 ноя 2009, 11:22

Помогите проблему решить. (не стал создавать новую тему)
Есть 2 машины. На 1й Billing + RADIUS
на 2й NAS (network access server).
При попытке подключения юзера к nas получаю отказ со словами

Ошибка 691 Данные имя пользователя или пароль не допустимы в этом домене

Вот лог mpd5:

Код: Выделить всё: Nov 13 13:12:02 nas mpd: [L-1] Accepting PPTP connection Nov 13 13:12:02 nas mpd: [L-1] Link: OPEN event Nov 13 13:12:02 nas mpd: [L-1] LCP: Open event Nov 13 13:12:02 nas mpd: [L-1] LCP: state change Initial --> Starting Nov 13 13:12:02 nas mpd: [L-1] LCP: LayerStart Nov 13 13:12:02 nas mpd: [L-1] PPTP: attaching to peer's outgoing call Nov 13 13:12:02 nas mpd: [L-1] Link: UP event Nov 13 13:12:02 nas mpd: [L-1] LCP: Up event Nov 13 13:12:02 nas mpd: [L-1] LCP: state change Starting --> Req-Sent Nov 13 13:12:02 nas mpd: [L-1] LCP: SendConfigReq #1 Nov 13 13:12:02 nas mpd: [L-1] ACFCOMP Nov 13 13:12:02 nas mpd: [L-1] PROTOCOMP Nov 13 13:12:02 nas mpd: [L-1] MRU 1500 Nov 13 13:12:02 nas mpd: [L-1] MAGICNUM d84da5ec Nov 13 13:12:02 nas mpd: [L-1] AUTHPROTO CHAP MSOFTv2 Nov 13 13:12:02 nas mpd: [L-1] MP MRRU 2048 Nov 13 13:12:02 nas mpd: [L-1] MP SHORTSEQ Nov 13 13:12:02 nas mpd: [L-1] ENDPOINTDISC [802.1] 00 11 43 e5 dd d6 Nov 13 13:12:02 nas mpd: [L-1] LCP: rec'd Configure Request #0 (Req-Sent) Nov 13 13:12:02 nas mpd: [L-1] MRU 1400 Nov 13 13:12:02 nas mpd: [L-1] MAGICNUM 12343387 Nov 13 13:12:02 nas mpd: [L-1] PROTOCOMP Nov 13 13:12:02 nas mpd: [L-1] ACFCOMP Nov 13 13:12:02 nas mpd: [L-1] CALLBACK 6 Nov 13 13:12:02 nas mpd: [L-1] LCP: SendConfigRej #0 Nov 13 13:12:02 nas mpd: [L-1] CALLBACK 6 Nov 13 13:12:02 nas mpd: [L-1] LCP: rec'd Configure Request #1 (Req-Sent) Nov 13 13:12:02 nas mpd: [L-1] MRU 1400 Nov 13 13:12:02 nas mpd: [L-1] MAGICNUM 12343387 Nov 13 13:12:02 nas mpd: [L-1] PROTOCOMP Nov 13 13:12:02 nas mpd: [L-1] ACFCOMP Nov 13 13:12:02 nas mpd: [L-1] LCP: SendConfigAck #1 Nov 13 13:12:02 nas mpd: [L-1] MRU 1400 Nov 13 13:12:02 nas mpd: [L-1] MAGICNUM 12343387 Nov 13 13:12:02 nas mpd: [L-1] PROTOCOMP Nov 13 13:12:02 nas mpd: [L-1] ACFCOMP Nov 13 13:12:02 nas mpd: [L-1] LCP: state change Req-Sent --> Ack-Sent Nov 13 13:12:04 nas mpd: [L-1] LCP: SendConfigReq #2 Nov 13 13:12:04 nas mpd: [L-1] ACFCOMP Nov 13 13:12:04 nas mpd: [L-1] PROTOCOMP Nov 13 13:12:04 nas mpd: [L-1] MRU 1500 Nov 13 13:12:04 nas mpd: [L-1] MAGICNUM d84da5ec Nov 13 13:12:04 nas mpd: [L-1] AUTHPROTO CHAP MSOFTv2 Nov 13 13:12:04 nas mpd: [L-1] MP MRRU 2048 Nov 13 13:12:04 nas mpd: [L-1] MP SHORTSEQ Nov 13 13:12:04 nas mpd: [L-1] ENDPOINTDISC [802.1] 00 11 43 e5 dd d6 Nov 13 13:12:04 nas mpd: [L-1] LCP: rec'd Configure Reject #2 (Ack-Sent) Nov 13 13:12:04 nas mpd: [L-1] MP MRRU 2048 Nov 13 13:12:04 nas mpd: [L-1] MP SHORTSEQ Nov 13 13:12:04 nas mpd: [L-1] ENDPOINTDISC [802.1] 00 11 43 e5 dd d6 Nov 13 13:12:04 nas mpd: [L-1] LCP: SendConfigReq #3 Nov 13 13:12:04 nas mpd: [L-1] ACFCOMP Nov 13 13:12:04 nas mpd: [L-1] PROTOCOMP Nov 13 13:12:04 nas mpd: [L-1] MRU 1500 Nov 13 13:12:04 nas mpd: [L-1] MAGICNUM d84da5ec Nov 13 13:12:04 nas mpd: [L-1] AUTHPROTO CHAP MSOFTv2 Nov 13 13:12:04 nas mpd: [L-1] LCP: rec'd Configure Ack #3 (Ack-Sent) Nov 13 13:12:04 nas mpd: [L-1] ACFCOMP Nov 13 13:12:04 nas mpd: [L-1] PROTOCOMP Nov 13 13:12:04 nas mpd: [L-1] MRU 1500 Nov 13 13:12:04 nas mpd: [L-1] MAGICNUM d84da5ec Nov 13 13:12:04 nas mpd: [L-1] AUTHPROTO CHAP MSOFTv2 Nov 13 13:12:04 nas mpd: [L-1] LCP: state change Ack-Sent --> Opened Nov 13 13:12:04 nas mpd: [L-1] LCP: auth: peer wants nothing, I want CHAP Nov 13 13:12:04 nas mpd: [L-1] CHAP: sending CHALLENGE #1 len: 21 Nov 13 13:12:04 nas mpd: [L-1] LCP: LayerUp Nov 13 13:12:04 nas mpd: [L-1] LCP: rec'd Ident #2 (Opened) Nov 13 13:12:04 nas mpd: [L-1] MESG: MSRASV5.10 Nov 13 13:12:04 nas mpd: [L-1] LCP: rec'd Ident #3 (Opened) Nov 13 13:12:04 nas mpd: [L-1] MESG: MSRAS-0-A7B32862460C456 Nov 13 13:12:04 nas mpd: [L-1] CHAP: rec'd RESPONSE #1 len: 62 Nov 13 13:12:04 nas mpd: [L-1] Name: "andrey" Nov 13 13:12:04 nas mpd: [L-1] AUTH: Trying RADIUS Nov 13 13:12:04 nas mpd: [L-1] RADIUS: Authenticating user 'andrey' Nov 13 13:12:06 nas mpd: [L-1] CHAP: rec'd RESPONSE #1 len: 62 Nov 13 13:12:06 nas mpd: [L-1] Name: "andrey" Nov 13 13:12:06 nas mpd: [L-1] CHAP: Auth return status: busy Nov 13 13:12:08 nas mpd: [L-1] CHAP: rec'd RESPONSE #1 len: 62 Nov 13 13:12:08 nas mpd: [L-1] Name: "andrey" Nov 13 13:12:08 nas mpd: [L-1] CHAP: Auth return status: busy Nov 13 13:12:10 nas mpd: [L-1] CHAP: rec'd RESPONSE #1 len: 62 Nov 13 13:12:10 nas mpd: [L-1] Name: "andrey" Nov 13 13:12:10 nas mpd: [L-1] CHAP: Auth return status: busy Nov 13 13:12:12 nas mpd: [L-1] CHAP: rec'd RESPONSE #1 len: 62 Nov 13 13:12:12 nas mpd: [L-1] Name: "andrey" Nov 13 13:12:12 nas mpd: [L-1] CHAP: Auth return status: busy Nov 13 13:12:14 nas mpd: [L-1] RADIUS: rad_send_request for user 'andrey' failed: No valid RADIUS responses received Nov 13 13:12:14 nas mpd: [L-1] AUTH: RADIUS returned error Nov 13 13:12:14 nas mpd: [L-1] AUTH: Trying INTERNAL Nov 13 13:12:14 nas mpd: [L-1] AUTH: User "andrey" not found in secret file Nov 13 13:12:14 nas mpd: [L-1] AUTH: INTERNAL returned: failed Nov 13 13:12:14 nas mpd: [L-1] AUTH: ran out of backends Nov 13 13:12:14 nas mpd: [L-1] CHAP: Auth return status: failed Nov 13 13:12:14 nas mpd: [L-1] CHAP: Reply message: E=691 R=0 M=Login incorrect Nov 13 13:12:14 nas mpd: [L-1] CHAP: sending FAILURE #1 len: 31 Nov 13 13:12:14 nas mpd: [L-1] LCP: authorization failed Nov 13 13:12:14 nas mpd: [L-1] LCP: parameter negotiation failed Nov 13 13:12:14 nas mpd: [L-1] LCP: state change Opened --> Stopping Nov 13 13:12:14 nas mpd: [L-1] LCP: SendTerminateReq #4 Nov 13 13:12:14 nas mpd: [L-1] LCP: LayerDown Nov 13 13:12:14 nas mpd: [L-1] LCP: rec'd Terminate Ack #4 (Stopping) Nov 13 13:12:14 nas mpd: [L-1] LCP: state change Stopping --> Stopped Nov 13 13:12:14 nas mpd: [L-1] LCP: LayerFinish Nov 13 13:12:14 nas mpd: [L-1] PPTP call terminated Nov 13 13:12:14 nas mpd: [L-1] Link: DOWN event Nov 13 13:12:14 nas mpd: [L-1] LCP: Close event Nov 13 13:12:14 nas mpd: [L-1] LCP: state change Stopped --> Closed Nov 13 13:12:14 nas mpd: [L-1] LCP: Down event Nov 13 13:12:14 nas mpd: [L-1] LCP: state change Closed --> Initial Nov 13 13:12:14 nas mpd: [L-1] Link: SHUTDOWN event Nov 13 13:12:14 nas mpd: [L-1] Link: Shutdown

Вот конфиг mpd5:

Код: Выделить всё: # cat /usr/local/etc/mpd5/mpd.conf ################################################################# # # MPD configuration file # # This file defines the configuration for mpd: what the # bundles are, what the links are in those bundles, how # the interface should be configured, various PPP parameters, # etc. It contains commands just as you would type them # in at the console. Lines without padding are labels. Lines # starting with a "#" are comments. # # $Id: mpd.conf.sample,v 1.45 2007/11/26 20:41:37 amotin Exp $ # ################################################################# startup: # configure mpd users set user secret top_secret admin # configure the console set console self 127.0.0.1 5005 set console open # configure the web server set web self 10.10.254.249 5006 set web open # # Default configuration is "dialup" default: load pptp_server pptp_server: create bundle template B set iface enable proxy-arp set iface idle 0 set iface enable tcpmssfix set ipcp yes vjcomp set ipcp ranges 172.16.0.1/32 172.16.0.2/32 set ipcp dns 10.10.0.2 # Enable Microsoft Point-to-Point encryption (MPPE) set bundle enable compression set ccp yes mppc set mppc yes e40 set mppc yes e128 set mppc yes stateless create link template L pptp set link enable multilink set link yes acfcomp protocomp set link action bundle B set link no pap chap set link enable chap set link enable chap-msv1 set link enable chap-msv2 set link mtu 1460 set link keep-alive 10 75 # Configure PPTP and open link set pptp self 10.10.254.249 set link enable incoming set radius config /usr/home/nas/conf/radius.conf set radius server 10.10.0.2 topsecret topsecret 1812 1813 set radius retries 3 set radius timeout 3 set radius me 10.10.0.2 set auth acct-update 300 set auth enable radius-auth set auth enable radius-acct set radius enable message-authentic set auth max-logins 1 set link enable peer-as-calling

Содержимое /usr/home/nas/conf/radius.conf:

Код: Выделить всё: auth 10.10.0.2 topsecret acct 10.10.0.2 topsecret

В чем может быть проблема?
вот правила pf.
На машине с радиусом:

Код: Выделить всё: pass in quick proto tcp from 10.10.254.249 to <me> port {1812, 1813} keep state

ПОмогите разобраться. Заранее благодарен.

**root** » 13 ноя 2009, 14:01

Nov 13 13:12:14 nas mpd: [L-1] RADIUS: rad_send_request for user 'andrey' failed: No valid RADIUS responses received
Nov 13 13:12:14 nas mpd: [L-1] AUTH: RADIUS returned error

говорит о том, что радиус не отвечает

Андрей писал(а):Содержимое /usr/home/nas/conf/radius.conf:

Андрей писал(а):вот правила pf. На машине с радиусом:

это конечно хорошо, что на клиенте все прописано и разрешающее правило есть
а на самом радиус сервере то прописан в конфигах IP и этот же пароль ?
во freeradius это делается в файле clients.conf
tcpdump то смотрел ? происходит обмен пакетами между радус машиной и nas`ом по этим портам ?
в радиусе присутствует логин+пароль пользователя под которым ты пытаешся аторизоваться ?

Андрей писал(а):ПОмогите разобраться

не устаю повторять что бы ты мог в чем то разобраться, ты должен представлять как работают части "механизма" авторизации, который ты пытаешся поднять.
насколько я вижу, ты слабо понимаешь как у тебя работает радиус и как в нем описываются клиенты: nas`ы и сами пользователи.

**Андрей** » 13 ноя 2009, 14:09

root писал(а):во freeradius это делается в файле clients.conf

Это который в /usr/local/etc/raddb?
В файл clients (кроме clients.conf) тоже надо прописывать nas?

Subnets.ru

ng ифейсы

ng ифейсы

Re: ng ифейсы

Re: ng ифейсы

Re: ng ифейсы

Re: ng ифейсы

Re: ng ифейсы

Re: ng ифейсы

Re: ng ифейсы

Re: ng ифейсы

Re: ng ифейсы

Кто сейчас на конференции