форумы  помощь  поиск  регистрация  майллист  ВХОД  слежка

Вариант для распечатки		Архивированная нить - только для чтения!  Пред. тема | След. тема
Форумы OpenNET: Виртуальная конференция (Public)
Изначальное сообщение		[Проследить за развитием треда]

"Radius_password"
Сообщение от brm (??) on 01-Апр-05, 13:35  (MSK)
Hi all ! Помогите кто может с Радиусом : прописываю в файле users testchap Auth-Type := CHAP, User-Password == "passwordhere" у клиента стоит chap запускаю Radius -X , пишет rad_recv: Access-Request packet from host 192.168.3.4:1645, id=124, length         Framed-Protocol = PPP         User-Name = "testchap"         CHAP-Password = 0x01b037c124044d6206cf1198de4f614828         NAS-Port-Type = Virtual         Cisco-NAS-Port = "0/0/0/0"         NAS-Port = 0         Service-Type = Framed-User         NAS-IP-Address = 192.168.3.4   Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0   modcall[authorize]: module "preprocess" returns ok for request 0   rlm_chap: Setting 'Auth-Type := CHAP'   modcall[authorize]: module "chap" returns ok for request 0   modcall[authorize]: module "mschap" returns noop for request 0     rlm_realm: No '@' in User-Name = "testchap", looking up realm NULL     rlm_realm: No such realm "NULL"   modcall[authorize]: module "suffix" returns noop for request 0   rlm_eap: No EAP-Message, not doing EAP   modcall[authorize]: module "eap" returns noop for request 0     users: Matched DEFAULT at 152     users: Matched DEFAULT at 171     users: Matched DEFAULT at 183   modcall[authorize]: module "files" returns ok for request 0 modcall: group authorize returns ok for request 0   rad_check_password:  Found Auth-Type CHAP auth: type "CHAP"   Processing the authenticate section of radiusd.conf modcall: entering group Auth-Type for request 0   rlm_chap: login attempt by "testchap" with CHAP password   rlm_chap: Could not find clear text password for user testchap   modcall[authenticate]: module "chap" returns invalid for request 0 modcall: group Auth-Type returns invalid for request 0 auth: Failed to validate the user. Delaying request 0 for 1 seconds Finished request 0 Going to the next request --- Walking the entire request list --- не пойму где копать ? может cisco виновата , на cisco стоит ppp authentication chap pap callin
	Рекомендовать в FAQ | Cообщить модератору | Наверх

Индекс форумов | Темы | Пред. тема | След. тема

Сообщения по теме

1. "Radius_password"
Сообщение от denn (??) on 01-Апр-05, 19:04  (MSK)
покажи полную запись в users
	Рекомендовать в FAQ | Cообщить модератору | Наверх

	2. "Radius_password"
	Сообщение от brm (??) on 04-Апр-05, 11:05  (MSK)
	>покажи полную запись в users HI ! Вот полная запись в файле users :        http://www.freeradius.org/rfc/attributes.html Deny access for a specific user.  Note that this entry MUST be before any other 'Auth-Type' attribute which results in the user being authenticated. Note that there is NO 'Fall-Through' attribute, so the user will not be given any additional resources. lameuser       Auth-Type := Reject                Reply-Message = "Your account has been disabled." Deny access for a group of users. Note that there is NO 'Fall-Through' attribute, so the user will not be given any additional resources. #DEFAULT        Group == "disabled", Auth-Type := Reject #               Reply-Message = "Your account has been disabled." # # # This is a complete entry for "steve". Note that there is no Fall-Through # entry so that no DEFAULT entry will be used, and the user will NOT # get any attributes in addition to the ones listed here. # #steve  Auth-Type := Local, User-Password == "testing" #       Service-Type = Framed-User, #       Framed-Protocol = PPP, #       Framed-IP-Address = 172.16.3.33, #       Framed-IP-Netmask = 255.255.255.0, #       Framed-Routing = Broadcast-Listen, #       Framed-Filter-Id = "std.ppp", #       Framed-MTU = 1500, #       Framed-Compression = Van-Jacobsen-TCP-IP # # This is an entry for a user with a space in their name. # Note the double quotes surrounding the name. # #"John Doe"     Auth-Type := Local, User-Password == "hello" #               Reply-Message = "Hello, %u" # # Dial user back and telnet to the default host for that port # #Deg    Auth-Type := Local, User-Password == "ge55ged" #       Service-Type = Callback-Login-User, #       Login-IP-Host = 0.0.0.0, #       Callback-Number = "9,5551212", #       Login-Service = Telnet, #       Login-TCP-Port = Telnet # # Another complete entry. After the user "dialbk" has logged in, the # connection will be broken and the user will be dialed back after which # he will get a connection to the host "timeshare1". #dialbk Auth-Type := Local, User-Password == "callme" #       Service-Type = Callback-Login-User, #       Login-IP-Host = timeshare1, #       Login-Service = PortMaster, #       Callback-Number = "9,1-800-555-1212" # # user "swilson" will only get a static IP number if he logs in with # a framed protocol on a terminal server in Alphen (see the huntgroups file). # # Note that by setting "Fall-Through", other attributes will be added from # the following DEFAULT entries # #swilson        Service-Type == Framed-User, Huntgroup-Name == "alphen" #               Framed-IP-Address = 192.168.1.65, #               Fall-Through = Yes # # If the user logs in as 'username.shell', then authenticate them # against the system database, give them shell access, and stop processing # the rest of the file. ##DEFAULT        Suffix == ".shell", Auth-Type := System #               Service-Type = Login-User, #               Login-Service = Telnet, #               Login-IP-Host = your.shell.machine # # # The rest of this file contains the several DEFAULT entries. # DEFAULT entries match with all login names. # Note that DEFAULT entries can also Fall-Through (see first entry). # A name-value pair from a DEFAULT entry will _NEVER_ override # an already existing name-value pair. # # # First setup all accounts to be checked against the UNIX /etc/passwd. # (Unless a password was already given earlier in this file). # DEFAULT Auth-Type = System         Fall-Through = 1 # Set up different IP address pools for the terminal servers. # Note that the "+" behind the IP address means that this is the "base" # IP address. The Port-Id (S0, S1 etc) will be added to it. # #DEFAULT        Service-Type == Framed-User, Huntgroup-Name == "alphen" #               Framed-IP-Address = 192.168.1.32+, #               Fall-Through = Yes #DEFAULT        Service-Type == Framed-User, Huntgroup-Name == "delft" #               Framed-IP-Address = 192.168.2.32+, #               Fall-Through = Yes # # Defaults for all framed connections. # DEFAULT Service-Type == Framed-User         Framed-IP-Address = 255.255.255.254,         Framed-MTU = 576,         Service-Type = Framed-User,         Fall-Through = Yes # Default for PPP: dynamic IP address, PPP mode, VJ-compression. # NOTE: we do not use Hint = "PPP", since PPP might also be auto-detected #       by the terminal server in which case there may not be a "P" suffix. #       The terminal server sends "Framed-Protocol = PPP" for auto PPP. # DEFAULT Framed-Protocol == PPP         Framed-Protocol = PPP,         Framed-Compression = Van-Jacobson-TCP-IP # # Default for CSLIP: dynamic IP address, SLIP mode, VJ-compression. # DEFAULT Hint == "CSLIP"         Framed-Protocol = SLIP,         Framed-Compression = Van-Jacobson-TCP-IP # # Default for SLIP: dynamic IP address, SLIP mode. # DEFAULT Hint == "SLIP"         Framed-Protocol = SLIP # # Last default: rlogin to our main server. # #DEFAULT #       Service-Type = Login-User, #       Login-Service = Rlogin, #       Login-IP-Host = shellbox.ispdomain.com # # # # Last default: shell on the local terminal server. # # # DEFAULT #       Service-Type = Shell-User # On no match, the user is denied access. tester Auth-Type := CHAP, User-Password == "tester" #       Service-Type = Login-User,         Framed-Protocol = PPP,         Framed-IP-Address = 10.50.10.10,         Framed-IP-Netmask = 255.255.255.0,         Reply-Message = "Wellcome to VV-serve я хочу логиниться по "tester" , но ничего не виходит
		Рекомендовать в FAQ | Cообщить модератору | Наверх

	3. "Radius_password"
	Сообщение от denn (??) on 04-Апр-05, 13:32  (MSK)
	tester Auth-Type := CHAP, User-Password == "tester" Fall-Through = 1 перед lameuser и внимательно почитай коменты этого файла
		Рекомендовать в FAQ | Cообщить модератору | Наверх

	4. "Radius_password"
	Сообщение от brm (??) on 04-Апр-05, 17:42  (MSK)
	>tester Auth-Type := CHAP, User-Password == "tester" >Fall-Through = 1 > перед lameuser >и внимательно почитай коменты этого файла большое спасибо - заработало . с Radius никогда не работал - нужно было протестить PPPoE Может знает кто где можно в радиусе прописывать VSA (vendor specific attributes ) , например авторизировать по этим параметрам ?
		Рекомендовать в FAQ | Cообщить модератору | Наверх

	5. "Radius_password"
	Сообщение от denn (??) on 04-Апр-05, 17:59  (MSK)
	>>tester Auth-Type := CHAP, User-Password == "tester" >>Fall-Through = 1 >> перед lameuser >>и внимательно почитай коменты этого файла > > >большое спасибо - заработало . >с Radius никогда не работал - нужно было протестить PPPoE >Может знает кто где можно в радиусе прописывать VSA (vendor specific attributes >) , например авторизировать по этим параметрам ? dictionary
		Рекомендовать в FAQ | Cообщить модератору | Наверх

Удалить

Индекс форумов | Темы | Пред. тема | След. тема

Пожалуйста, прежде чем написать сообщение, ознакомьтесь с данными рекомендациями.