Имеем mpd вот конфиг
startup:
set global enable tcp-wrapper
default:
load pptp0
pptp0:
new -i ng0 pptp0 pptp0
set ipcp ranges 192.168.1.150/32 192.168.1.151/32
load pptp_standart
pptp_standart:
load radius
set iface disable on-demand
set bundle enable multilink
set iface idle 1800
set iface enable tcpmssfix
set link yes acfcomp protocomp
set link no pap chap
set link enable chap
set link mtu 1460
set link keep-alive 60 180
set ipcp yes vjcomp
set ipcp dns 209.160.66.204
set iface enable proxy-arp
set ccp yes mppc
set ccp yes mpp-e40
set ccp yes mpp-e128
set ccp yes mpp-stateless
set pptp self 209.160.66.204
set pptp enable incoming
set pptp disable originate
radius:
set radius config /etc/pam_radius_auth.conf
set radius retries 3
set radius timeout 10
set radius server 127.0.0.1 secret 1812 1813
set auth enable radius-auth
Содержимое pam_radius_auth.conf
acct 127.0.0.1 secret
auth 127.0.0.1 secretПри авторизации через радиус получаю
NAS-Identifier = "xxx.xxx"
NAS-Port = 0
NAS-Port-Type = Virtual
Service-Type = Framed-User
Framed-Protocol = PPP
Calling-Station-Id = "195.230.xxx.xxx"
User-Name = "red"
MS-CHAP-Challenge = 0xbb1e68697518c450ae8808c857fd2e92
MS-CHAP2-Response = 0x0100df40bd9a47559d1f4e4df479f79f90c00000000000000000547ce631d05ad33a2a95760a498ffdf04c92708b43dd72bc
+- entering group authorize
expand: %{User-Name} -> red
rlm_sql (sql): sql_set_user escaped user --> 'red'
rlm_sql (sql): Reserving sql socket id: 4
expand: SELECT id, '%{SQL-User-Name}', attrname, attrvalue, attrop FROM radius_get_check_attrs('%{SQL-User-Name}','%{User-Password}','%{NAS-Identifier}') -> SELECT id, 'red', attrname, attrvalue, attrop FROM radius_get_check_attrs('red','','xxx.xxx')
rlm_sql_postgresql: Status: PGRES_TUPLES_OK
rlm_sql_postgresql: query affected rows = 1 , fields = 5
rlm_sql (sql): User found in radcheck table
expand: SELECT id, '%{SQL-User-Name}', attrname, attrvalue, attrop FROM radius_get_reply_attrs('%{SQL-User-Name}','%{User-Password}','%{NAS-Identifier}') -> SELECT id, 'red', attrname, attrvalue, attrop FROM radius_get_reply_attrs('red','','xxx.xxx')
rlm_sql_postgresql: Status: PGRES_TUPLES_OK
rlm_sql_postgresql: query affected rows = 1 , fields = 5
rlm_sql (sql): Released sql socket id: 4
++[sql] returns ok
rad_check_password: Found Auth-Type Accept
rad_check_password: Auth-Type = Accept, accepting the user
Login OK: [red/<via Auth-Type = Accept>] (from client localhost port 0 cli 195.230.xxx.xxx)
Sending Access-Accept of id 226 to 127.0.0.1 port 61485
В итоге не конектит - лог Mpd:
AUTHPROTO CHAP MSOFTv2
[pptp0] LCP: state change Ack-Sent --> Opened
[pptp0] LCP: auth: peer wants nothing, I want CHAP
[pptp0] CHAP: sending CHALLENGE len:17
[pptp0] LCP: LayerUp
[pptp0] LCP: rec'd Ident #2 (Opened)
[pptp0] LCP: rec'd Ident #3 (Opened)
[pptp0] CHAP: rec'd RESPONSE #1
Name: "red"
[pptp0] AUTH: Auth-Thread started
[pptp0] AUTH: Trying RADIUS
[pptp0] RADIUS: RadiusAuthenticate for: red
[pptp0] RADIUS: rec'd RAD_ACCESS_ACCEPT for user red
[pptp0] RADIUS: RadiusGetParams: PANIC no MS-CHAPv2 response received
[pptp0] AUTH: RADIUS returned authenticated
[pptp0] AUTH: Auth-Thread finished normally
[pptp0] CHAP: ChapInputFinish: status authenticated
Reply message: Welcome
[pptp0] CHAP: sending SUCCESS len:7
[pptp0] LCP: authorization successful
[pptp0] Bundle up: 1 link, total bandwidth 64000 bps
[pptp0] IPCP: Open event
[pptp0] IPCP: state change Initial --> Starting
[pptp0] IPCP: LayerStart
[pptp0] IPCP: Up event
[pptp0] IPCP: state change Starting --> Req-Sent
[pptp0] IPCP: SendConfigReq #1
IPADDR 192.168.1.150
COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
[pptp0] can't get stats, link=0: Invalid argument
[pptp0] LCP: rec'd Terminate Request #4 (Opened)
[pptp0] LCP: state change Opened --> Stopping
[pptp0] can't get stats, link=0: Invalid argument
[pptp0] AUTH: Accounting data for user red: 3 seconds, 0 octets in, 0 octets out
[pptp0] Bundle up: 0 links, total bandwidth 9600 bps
[pptp0] IPCP: Close event
[pptp0] IPCP: state change Req-Sent --> Closing
[pptp0] IPCP: SendTerminateReq #2
[pptp0] IPCP: Down event
[pptp0] IPCP: LayerFinish
[pptp0] No NCPs left. Closing links...
[pptp0] closing link "pptp0"...
[pptp0] IPCP: state change Closing --> Initial
[pptp0] AUTH: Cleanup
[pptp0] LCP: SendTerminateAck #4
[pptp0] LCP: LayerDown
[pptp0] link: CLOSE event
[pptp0] LCP: Close event
[pptp0] LCP: state change Stopping --> Closing
pptp0-0: call cleared by peer
pptp0-0: killing channel
[pptp0] PPTP call terminated
[pptp0] link: DOWN event
[pptp0] LCP: Down event
[pptp0] LCP: LayerFinish
[pptp0] LCP: state change Closing --> Initial
Пугает
[pptp0] RADIUS: rec'd RAD_ACCESS_ACCEPT for user red
[pptp0] RADIUS: RadiusGetParams: PANIC no MS-CHAPv2 response received
Что я делаю не так что ждет mpd от freeradiusа?
И как мне передават не только логин но и пасс?