nixp.ru v3.0

23 января 2017,
понедельник,
22:00:21 MSK

DevOps с компанией «Флант»
weldpua2008 написал 16 апреля 2006 года в 20:31 (1125 просмотров) Ведет себя неопределенно; открыл 1 тему в форуме, оставил 6 комментариев на сайте.

FreeNibs+Freedadius+MPD:ошибка 691, при конекте из под Винды

Помогите плизз!!!

Привет.

ОС: FreeBSD6.0

Выпадает ошибка 691, при конекте из под Винды — включал/выключал шифрование.

mpd v4

Использую Веб-интерфейс: nibs_web(.tar.bz2)

Нибс: freenibs-0.0.3-bf3_freeradius-1.0.1(.tar.bz2)

Радиус:freeradius-1.0.1(.tar.gz)

Использовал для ДБ: nibs_mysql_prof_add.sql,nibs_mysql_cards.sql,nibs_mysql.sql из freenib’s

fireWall:pf

Пользователи не могут подключится…!!!

Если это ошибка не в настройках — то скажите!!!

Я тогда посижу над интерфейсом…

А лутше прислать дамп рабочей базы даных

Привожу свои настройки:

#cat acct-users

DEFAULT

Service-Type == Framed-User,

Service-Type == Login-User,

Login-Service == Telnet,

Login-Service == Rlogin,

Login-Service == TCP-Clear,

Login-TCP-Port <= 65536,

Framed-IP-Address == 255.255.255.254,

Framed-IP-Netmask == 255.255.255.255,

Framed-Protocol == PPP,

Framed-Protocol == SLIP,

Framed-Compression == Van-Jacobson-TCP-IP,

Framed-MTU >= 576,

Framed-Filter-ID =* ANY,

Reply-Message =* ANY,

Proxy-State =* ANY,

Session-Timeout <= 28800,

Idle-Timeout <= 600,

Port-Limit <= 2

#cat huntgroups |grep -v '#'

vpn NAS-IP-Address == 192.168.10.1

# cat radius.conf

acct 127.0.0.1 weldpua 3 2

auth 127.0.0.1 weldpua 3 2

radiusd.conf — не трогал

# cat clients

192.168.10.1 weldpua

127.0.0.1 weldpua

# cat clients.conf

client 127.0.0.1 {

secret= weldpua

shortname = localhost

nastype = other # localhost isn’t usually a NAS…

}

client 192.168.10.1 {

secret = weldpua

shortname = localhost

nastype = other # localhost isn’t usually a NAS…

}

# cat hints

DEFAULT Suffix = «.ppp», Strip-User-Name = Yes

Hint = «PPP»,

Service-Type = Framed-User,

Framed-Protocol = PPP

DEFAULT Suffix = «.slip», Strip-User-Name = Yes

Hint = «SLIP»,

Service-Type = Framed-User,

Framed-Protocol = SLIP

DEFAULT Suffix = «.cslip», Strip-User-Name = Yes

Hint = «CSLIP»,

Service-Type = Framed-User,

Framed-Protocol = SLIP,

Framed-Compression = Van-Jacobson-TCP-IP

# cat naslist

192.168.10.1 local portslave

127.0.0.1 local other

# cat nibs.conf|grep -v '#'

nibs {

driver = «rlm_nibs_mysql»

server = «localhost»

port = «3306»

login = «root»

password = «»

nibs_db = «freenibs»

….остальное без изменений

# cat /usr/local/etc/mpd4/mpd.conf

default:

load pptp0

pptp0:

new -i ng00 pptp0 pptp0

set ipcp ranges 192.168.10.1/24 192.168.11.1/32

load pptp_standart

pptp_standart:

set iface disable on-demand

set bundle enable multilink

set link yes acfcomp protocomp

set link no pap chap

set link enable chap

set link keep-alive 60 180

set ipcp yes vjcomp

set ipcp dns 192.168.10.1

set iface enable proxy-arp

set bundle enable compression

set ccp yes mppc

set ccp yes mpp-e40

set ccp yes mpp-e56

set ccp yes mpp-e128

set ccp yes mpp-stateless

set bundle yes crypt-reqd

set pptp enable incoming

set pptp disable originate

set iface mtu 1500

set link mtu 1500

set radius server 127.0.0.1 weldpua 1812 1813

set radius timeout 10

set radius config /opt/freeradius1.0.1/etc/raddb/radius.conf

set radius retries 3

# ifconfig

rl0: flags=8843 mtu 1500

options=8

inet 192.168.10.1 netmask 0xffffff00 broadcast 192.168.10.255

ether 00:0e:2e:2f:84:68

rl1: flags=8843 mtu 1500

options=8

inet 192.168.129.146 netmask 0xfffff000 broadcast 192.168.143.255

plip0: flags=108810 mtu 1500

pflog0: flags=141 mtu 33208

lo0: flags=8049 mtu 16384

inet 127.0.0.1 netmask 0xff000000

pfsync0: flags=0<> mtu 2020

ng0: flags=8890 mtu 1500

inet6 fe80::20e:2eff:fe2f:8468%ng0 prefixlen 64 scopeid 0×7

weldpua2008

При попытке конекта

# mpd4

Multi-link PPP for FreeBSD, by Archie L. Cobbs.

Based on iij-ppp, by Toshiharu OHNO.

mpd: pid 669, version 4.0b4 (root@freebsd 22:24 27-Mar-2006)

[pptp0] ppp node is «mpd669-pptp0»

tcpmss node is «mpd669-mss»

mpd: local IP address for PPTP is 0.0.0.0

[pptp0] using interface ng0

mpd: bundle «pptp0» already exists

mpd: PPTP connection from 192.168.10.99:1766

pptp0: attached to connection with 192.168.10.99:1766

[pptp0] IFACE: Open event

[pptp0] IPCP: Open event

[pptp0] IPCP: state change Initial —> Starting

[pptp0] IPCP: LayerStart

[pptp0] IPCP: Open event

[pptp0] bundle: OPEN event in state CLOSED

[pptp0] opening link «pptp0»…

[pptp0] link: OPEN event

[pptp0] LCP: Open event

[pptp0] LCP: state change Initial —> Starting

[pptp0] LCP: LayerStart

[pptp0] device: OPEN event in state DOWN

[pptp0] attaching to peer’s outgoing call

[pptp0] device is now in state OPENING

[pptp0] device: UP event in state OPENING

[pptp0] device is now in state UP

[pptp0] link: UP event

[pptp0] link: origination is remote

[pptp0] LCP: Up event

[pptp0] LCP: state change Starting —> Req-Sent

[pptp0] LCP: phase shift DEAD —> ESTABLISH

[pptp0] LCP: SendConfigReq #1

ACFCOMP

PROTOCOMP

MRU 1500

MAGICNUM cc327a6f

AUTHPROTO CHAP MSOFTv2

MP MRRU 1600

MP SHORTSEQ

ENDPOINTDISC [802.1] 00 0e 2e 2f 84 68

pptp0-0: ignoring SetLinkInfo

[pptp0] LCP: rec’d Configure Request #0 link 0 (Req-Sent)

MRU 1400

MAGICNUM 19193049

PROTOCOMP

ACFCOMP

CALLBACK

Not supported

[pptp0] LCP: SendConfigRej #0

CALLBACK

[pptp0] LCP: rec’d Configure Request #1 link 0 (Req-Sent)

MRU 1400

MAGICNUM 19193049

PROTOCOMP

ACFCOMP

[pptp0] LCP: SendConfigAck #1

MRU 1400

MAGICNUM 19193049

PROTOCOMP

ACFCOMP

[pptp0] LCP: state change Req-Sent —> Ack-Sent

[pptp0] LCP: SendConfigReq #2

ACFCOMP

PROTOCOMP

MRU 1500

MAGICNUM cc327a6f

AUTHPROTO CHAP MSOFTv2

MP MRRU 1600

MP SHORTSEQ

ENDPOINTDISC [802.1] 00 0e 2e 2f 84 68

[pptp0] LCP: rec’d Configure Reject #2 link 0 (Ack-Sent)

MP MRRU 1600

MP SHORTSEQ

ENDPOINTDISC [802.1] 00 0e 2e 2f 84 68

[pptp0] LCP: SendConfigReq #3

ACFCOMP

PROTOCOMP

MRU 1500

MAGICNUM cc327a6f

AUTHPROTO CHAP MSOFTv2

[pptp0] LCP: rec’d Configure Ack #3 link 0 (Ack-Sent)

ACFCOMP

PROTOCOMP

MRU 1500

MAGICNUM cc327a6f

AUTHPROTO CHAP MSOFTv2

[pptp0] LCP: state change Ack-Sent —> Opened

[pptp0] LCP: phase shift ESTABLISH —> AUTHENTICATE

[pptp0] LCP: auth: peer wants nothing, I want CHAP

[pptp0] CHAP: sending CHALLENGE len:17

[pptp0] LCP: LayerUp

pptp0-0: ignoring SetLinkInfo

[pptp0] LCP: rec’d Ident #2 link 0 (Opened)

MESG: MSRASV5.10

[pptp0] LCP: rec’d Ident #3 link 0 (Opened)

MESG: MSRAS-0-SLIB

[pptp0] CHAP: rec’d RESPONSE #1

Name: «w»

[pptp0] AUTH: Auth-Thread started

[pptp0] AUTH: Trying secret file: mpd.secret

Peer name: «w»

mpd: warning: line too long, truncated

User «w» not found in secret file

[pptp0] AUTH: Auth-Thread finished normally

[pptp0] CHAP: ChapInputFinish: status failed

[pptp0] CHAP: sending FAILURE len:29

[pptp0] LCP: authorization failed

[pptp0] device: CLOSE event in state UP

pptp0-0: clearing call

pptp0-0: killing channel

[pptp0] PPTP call terminated

[pptp0] IFACE: Close event

[pptp0] IPCP: Close event

[pptp0] IPCP: state change Starting —> Initial

[pptp0] IPCP: LayerFinish

[pptp0] IFACE: Close event

pptp0: closing connection with 192.168.10.99:1766

[pptp0] IFACE: Close event

[pptp0] device is now in state CLOSING

[pptp0] bundle: CLOSE event in state OPENED

[pptp0] closing link «pptp0»…

[pptp0] device: DOWN event in state CLOSING

[pptp0] device is now in state DOWN

[pptp0] link: CLOSE event

[pptp0] LCP: Close event

[pptp0] LCP: state change Opened —> Closing

[pptp0] LCP: phase shift AUTHENTICATE —> TERMINATE

[pptp0] LCP: SendTerminateReq #4

[pptp0] error writing len 8 frame to bypass: Network is down

[pptp0] LCP: LayerDown

pptp0: killing connection with 192.168.10.99:1766

[pptp0] device: DOWN event in state DOWN

[pptp0] device is now in state DOWN

[pptp0] link: DOWN event

[pptp0] LCP: Down event

[pptp0] LCP: LayerFinish

[pptp0] LCP: state change Closing —> Initial

[pptp0] LCP: phase shift TERMINATE —> DEAD

[pptp0] device: CLOSE event in state DOWN

[pptp0] device is now in state DOWN

[pptp0] link: DOWN event

[pptp0] LCP: Down event

# radiusd -x

…..

Listening on authentication *:1812

Listening on accounting *:1813

Listening on proxy *:1814

Ready to process requests.

weldpua2008

убрал из mpd.conf: set link enable chap

Теперь можно на соеденится с сервером без проблем…

И без пароля — под любым ником…

возвращаю — ошибка 691.

Радиус висит: Ready to process requests.

Все время…

Может Его не видно?

Или конфигурация не так?

Привожу лог mpd во время подключения к серву:

#mpd

[pptp99] using interface ng99

[pptp99:pptp99] mpd: PPTP connection from 192.168.10.97:3909

pptp0: attached to connection with 192.168.10.97:3909

[pptp0] IFACE: Open event

[pptp0] IPCP: Open event

[pptp0] IPCP: state change Initial —> Starting

[pptp0] IPCP: LayerStart

[pptp0] IPCP: Open event

[pptp0] bundle: OPEN event in state CLOSED

[pptp0] opening link «pptp0»…

[pptp0] link: OPEN event

[pptp0] LCP: Open event

[pptp0] LCP: state change Initial —> Starting

[pptp0] LCP: LayerStart

[pptp0] device: OPEN event in state DOWN

[pptp0] attaching to peer’s outgoing call

[pptp0] device is now in state OPENING

[pptp0] device: UP event in state OPENING

[pptp0] device is now in state UP

[pptp0] link: UP event

[pptp0] link: origination is remote

[pptp0] LCP: Up event

[pptp0] LCP: state change Starting —> Req-Sent

[pptp0] LCP: phase shift DEAD —> ESTABLISH

[pptp0] LCP: SendConfigReq #1

ACFCOMP

PROTOCOMP

MRU 1500

MAGICNUM 3364fe68

AUTHPROTO CHAP MSOFTv2

MP MRRU 1600

MP SHORTSEQ

ENDPOINTDISC [802.1] 00 0e 2e 2f 84 68

pptp0-0: ignoring SetLinkInfo

[pptp0] LCP: rec’d Configure Request #0 link 0 (Req-Sent)

MRU 1400

MAGICNUM 2d956eef

PROTOCOMP

ACFCOMP

CALLBACK

Not supported

[pptp0] LCP: SendConfigRej #0

CALLBACK

[pptp0] LCP: rec’d Configure Request #1 link 0 (Req-Sent)

MRU 1400

MAGICNUM 2d956eef

PROTOCOMP

ACFCOMP

[pptp0] LCP: SendConfigAck #1

MRU 1400

MAGICNUM 2d956eef

PROTOCOMP

ACFCOMP

[pptp0] LCP: state change Req-Sent —> Ack-Sent

[pptp0] LCP: SendConfigReq #2

ACFCOMP

PROTOCOMP

MRU 1500

MAGICNUM 3364fe68

AUTHPROTO CHAP MSOFTv2

MP MRRU 1600

MP SHORTSEQ

ENDPOINTDISC [802.1] 00 0e 2e 2f 84 68

[pptp0] LCP: rec’d Configure Reject #2 link 0 (Ack-Sent)

MP MRRU 1600

MP SHORTSEQ

ENDPOINTDISC [802.1] 00 0e 2e 2f 84 68

[pptp0] LCP: SendConfigReq #3

ACFCOMP

PROTOCOMP

MRU 1500

MAGICNUM 3364fe68

AUTHPROTO CHAP MSOFTv2

[pptp0] LCP: rec’d Configure Ack #3 link 0 (Ack-Sent)

ACFCOMP

PROTOCOMP

MRU 1500

MAGICNUM 3364fe68

AUTHPROTO CHAP MSOFTv2

[pptp0] LCP: state change Ack-Sent —> Opened

[pptp0] LCP: phase shift ESTABLISH —> AUTHENTICATE

[pptp0] LCP: auth: peer wants nothing, I want CHAP

[pptp0] CHAP: sending CHALLENGE

[pptp0] LCP: LayerUp

pptp0-0: ignoring SetLinkInfo

[pptp0] LCP: rec’d Ident #2 link 0 (Opened)

MESG: MSRASV5.10

[pptp0] LCP: rec’d Ident #3 link 0 (Opened)

MESG: MSRAS-0-SLIB

[pptp0] CHAP: rec’d RESPONSE #1

Name: «w»

Peer name: «w»

mpd: warning: line too long, truncated

Can’t get credentials for «w»

[pptp0] CHAP: sending FAILURE

[pptp0] LCP: authorization failed

[pptp0] device: CLOSE event in state UP

pptp0-0: clearing call

pptp0-0: killing channel

[pptp0] PPTP call terminated

[pptp0] IFACE: Close event

[pptp0] IPCP: Close event

[pptp0] IPCP: state change Starting —> Initial

[pptp0] IPCP: LayerFinish

[pptp0] IFACE: Close event

pptp0: closing connection with 192.168.10.97:3909

[pptp0] IFACE: Close event

[pptp0] device is now in state CLOSING

[pptp0] bundle: CLOSE event in state OPENED

[pptp0] closing link «pptp0»…

[pptp0] device: DOWN event in state CLOSING

[pptp0] device is now in state DOWN

[pptp0] link: CLOSE event

[pptp0] LCP: Close event

[pptp0] LCP: state change Opened —> Closing

[pptp0] LCP: phase shift AUTHENTICATE —> TERMINATE

[pptp0] LCP: SendTerminateReq #4

[pptp0] error writing len 8 frame to bypass: Network is down

[pptp0] LCP: LayerDown

[pptp0] device: DOWN event in state DOWN

[pptp0] device is now in state DOWN

pptp0: killing connection with 192.168.10.97:3909

[pptp0] link: DOWN event

[pptp0] LCP: Down event

[pptp0] LCP: LayerFinish

[pptp0] LCP: state change Closing —> Initial

[pptp0] LCP: phase shift TERMINATE —> DEAD

[pptp0] link: DOWN event

[pptp0] LCP: Down event

[pptp0] device: CLOSE event in state DOWN

[pptp0] device is now in state DOWN

weldpua2008

Нашел в чем дело…

В mpd.conf надо было добавить:

set auth acct-update 300

set auth enable radius-auth

set auth enable radius-acct

Но теперь вот такая проблема:

radiusd -x:

rad_recv: Access-Request packet from host 192.168.10.1:57733, id=51, length=144

NAS-Identifier = «freebsd»

NAS-IP-Address = 127.0.0.1

NAS-Port = 0

NAS-Port-Type = Virtual

Service-Type = Framed-User

Framed-Protocol = PPP

User-Name = «w»

MS-CHAP-Challenge = 0xbb1e68c8445aee2a776b7becc887c686

MS-CHAP2-Response = 0×0100e89226e511f5a91977ecfc5674253d730000000000000000aa94048293034357e5ce3b80c9f14099231c37938b1564f5

Invalid operator for item Suffix: reverting to '=='

Invalid operator for item Suffix: reverting to '=='

Invalid operator for item Suffix: reverting to '=='

sql_als->sql_get_socket (nibs): Reserving sql socket id: 60

sql_als->sql_release_socket: Released sql socket id: 60

rlm_nibs (rlm_nibs_authorize): Check items do not match with received packet (maybe open passwd or huntgroup) for user `' [127.0.0.1:0]

rad_recv: Access-Request packet from host 192.168.10.1:57733, id=51, length=144

Sending Access-Reject of id 51 to 192.168.10.1:57733

weldpua2008

Пришлите Мне на мыло ПЛИЗ дамп Базы!!!

Прошу очень…!!!

Можно по одной записе!!!

weldpua2008@ukr.net

Если конектав не будет — значит в настройках дело, если будет, значит интерфейс буду править!!!

Спасите ПОЖАЛУЙСТА!!!

weldpua2008

Новые вопросы:

Теперь уже идет конект и все впорядке — спасибо

http://wiki.bsdportal.ru/doc:vpn та часть, где говорится про радиус…

Но теперь постояно идет запрос у клиента:

radiusd -x:

….

7

[pptp0] RADIUS: RadiusAccount: rad_put_string (RAD_USER_NAME): w1

[pptp0] RADIUS: RadiusAccount: Sending accounting data (Type: 3)

[pptp0] RADIUS: rec’d RAD_ACCOUNTING_RESPONSE for user w1

[pptp0] AUTH: Accounting-Thread finished normally

[pptp0] AUTH: Sending Accounting Update

[pptp0] AUTH: Accounting-Thread started

[pptp0] RADIUS: RadiusAccount for: w1

[pptp0] RADIUS: using /opt/radius.conf

[pptp0] RADIUS: RadiusAddServer Adding 127.0.0.1

[pptp0] RADIUS: RadiusAddServer Adding 127.0.0.1

[pptp0] RADIUS: RadiusStart: rad_put_string(RAD_CALLING_STATION_ID) 192.168.10.97

[pptp0] RADIUS: RadiusAccount: rad_put_string (RAD_USER_NAME): w1

[pptp0] RADIUS: RadiusAccount: Sending accounting data (Type: 3)

[pptp0] RADIUS: rec’d RAD_ACCOUNTING_RESPONSE for user w1

[pptp0] AUTH: Accounting-Thread finished normally

[pptp0] AUTH: Sending Accounting Update

[pptp0] AUTH: Accounting-Thread started

[pptp0] RADIUS: RadiusAccount for: w1

[pptp0] RADIUS: using /opt/radius.conf

[pptp0] RADIUS: RadiusAddServer Adding 127.0.0.1

[pptp0] RADIUS: RadiusAddServer Adding 127.0.0.1

[pptp0] RADIUS: RadiusStart: rad_put_string(RAD_CALLING_STATION_ID) 192.168.10.97

weldpua2008

Есть все тот же сервер с FreeBSD 6 +MPD+FreeNIBS+FreeRADIUS

Все успешно работает — пользователи могут приконектится, если есть в Базе FreeNIBS.

Но!Вопрос — если просто подключиться, то начинается что-то искаться и за десять минут Винда нагоняет до 10Мб, что-то ищя…

Что демонстрирует логи радиса…

Вопрос2 — Я должен прописать роутинги для моих интерфейсов, которые записаны в mpd.conf(ngXX)?

И добавить правила для фаервола для Них?

ecobeingecobeing.ru
Экология и вегетарианство на благо всем живым существам Планеты.