Re: RE : RE : RE : freeradius, ldap error - HELP ME!
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 peppeska ha scritto: ma script to start pppoe-server is debian:~# cat start-pppoe2.sh #!/bin/bash MAX=250 BASE=10.67.7.1 NAT=10.67.7.0/24 MYIP=193.205.94.13 iptables -A INPUT -i eth0 -s $NAT -j DROP iptables -t nat -A POSTROUTING -s $NAT -j SNAT --to-source $MYIP pppoe-server -T 60 -I eth1 -N $MAX -C PPPoE-R -S PPPoE-R -R $BASE debian:~# nobody can help me? - -- -- |Giuseppe Moscato aka peppeska - Linux User - no html messages---| |[EMAIL PROTECTED] - http://peppeska.altervista.org--| |Fingerprint = 90DC 05A8 2D65 BC04 BD1B 4C07 C389 434B 3201 319D| -- -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGA+6VkA6hcnFZI/YRAp2cAKCov2R+AetOdFgaJrqntCRX/ltpNACgmnoJ 3PvvnqnjYBKDyNeKkFNSr60= =7072 -END PGP SIGNATURE- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE : RE : RE : RE : freeradius, ldap error - HELP ME!
MMM damn! why freeradius don't want work with me? It's not a Freeradius issue, but a ppp/radiusclient issue ;-) P.S. without the Deafult Auth-Type in the users file...it's the same... If I put $INCLUDE instead INCLUDE... work like before... Very strange I've got several servers her using radiusclient with the INCLUDE syntax !! Very very curious, I've checked radiusclient's original code and it seems it is $INCLUDE syntax that is the good one. So keep with this one for now. I just have no clue on why on my system only INCLUDE works !! Sorry for this wrong information ! Had you got new results ? Regards, Thibault - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: RE : RE : RE : freeradius, ldap error - HELP ME!
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ok!!! Now I have this configuration INCLUDE /etc/radiusclient/dictionary.microsoft INCLUDE /etc/radiusclient/dictionary.ascend INCLUDE /etc/radiusclient/dictionary.compat INCLUDE /etc/radiusclient/dictionary.merit $INCLUDE /usr/share/freeradius/dictionary And... (same roll of drumps) rad_recv: Access-Request packet from host 127.0.0.1:1028, id=40, length=136 Service-Type = Framed-User Framed-Protocol = PPP User-Name = peppeska MS-CHAP-Challenge = 0x2b05b4344fc7309510ee443fac5c90bf MS-CHAP2-Response = 0x05006a01dac8d579188fab13d4f5b10524c274aba52270d19850e5169d1e6410fe36c608d63ff061a401 NAS-IP-Address = 127.0.0.1 NAS-Port = 0 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 1 modcall[authorize]: module preprocess returns ok for request 1 rlm_mschap: Found MS-CHAP attributes. Setting 'Auth-Type = mschap' modcall[authorize]: module mschap returns ok for request 1 rlm_realm: No '@' in User-Name = peppeska, looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module suffix returns noop for request 1 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module eap returns noop for request 1 users: Matched entry DEFAULT at line 173 users: Matched entry DEFAULT at line 185 modcall[authorize]: module files returns ok for request 1 rlm_ldap: - authorize rlm_ldap: performing user authorization for peppeska radius_xlat: '(cn=peppeska)' radius_xlat: 'dc=example' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in dc=example, with filter (cn=peppeska) rlm_ldap: Added password billuzzo in check items rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user peppeska authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module ldap returns ok for request 1 modcall: leaving group authorize (returns ok) for request 1 rad_check_password: Found Auth-Type MS-CHAP auth: type MS-CHAP Processing the authenticate section of radiusd.conf modcall: entering group MS-CHAP for request 1 rlm_mschap: Told to do MS-CHAPv2 for peppeska with NT-Password rlm_mschap: adding MS-CHAPv2 MPPE keys modcall[authenticate]: module mschap returns ok for request 1 modcall: leaving group MS-CHAP (returns ok) for request 1 Login OK: [peppeska/no User-Password attribute] (from client localhost port 0) Processing the post-auth section of radiusd.conf modcall: entering group post-auth for request 1 modcall[post-auth]: module ldap returns noop for request 1 modcall: leaving group post-auth (returns noop) for request 1 Sending Access-Accept of id 40 to 127.0.0.1 port 1028 Framed-IP-Address = 255.255.255.254 Framed-MTU = 576 Service-Type = Framed-User Framed-Protocol = PPP Framed-Compression = Van-Jacobson-TCP-IP MS-CHAP2-Success = 0x05533d4638413436383038343733323138354344333539453836393339463645323432363332373143 MS-MPPE-Recv-Key = 0xeb3b2b7a46dfff70bdee5eb89a755804 MS-MPPE-Send-Key = 0xe0d003c9754115e0063f7f832015f1c6 MS-MPPE-Encryption-Policy = 0x0002 MS-MPPE-Encryption-Types = 0x0004 Finished request 1 Going to the next request - --- Walking the entire request list --- Waking up in 6 seconds... - --- Walking the entire request list --- Cleaning up request 1 ID 40 with timestamp 4601688f Nothing to do. Sleeping until we see a request. Well! it work! or not? because.. this is the pppoe-server log debian:~# plog Mar 21 18:33:54 debian pppd[4306]: sent [LCP TermAck id=0x2] Mar 21 18:33:54 debian pppd[4306]: rcvd [LCP TermAck id=0x2] Mar 21 18:33:54 debian pppd[4306]: Connection terminated. Mar 21 18:33:54 debian pppd[4306]: Waiting for 1 child processes... Mar 21 18:33:54 debian pppd[4306]: script /usr/sbin/pppoe -n -I eth1 - -e 5:32:c8:93:a2:15:29 -T 60 -S '', pid 4307 Mar 21 18:33:55 debian pppd[4306]: Script /usr/sbin/pppoe -n -I eth1 -e 5:32:c8:93:a2:15:29 -T 60 -S '' finished (pid 4307), status = 0x1 Mar 21 18:33:55 debian pppd[4306]: Exit. debian:~# boh!! I realy don't now why... - -- -- |Giuseppe Moscato aka peppeska - Linux User - no html messages---| |[EMAIL PROTECTED] - http://peppeska.altervista.org--| |Fingerprint = 90DC 05A8 2D65 BC04 BD1B 4C07 C389 434B 3201 319D| -- -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGAW0PkA6hcnFZI/YRAsv4AJ9wRB4Vl/2clx6Knw8P0zbTrZI1YQCfXmgF skR/gztg4MHbO4l/vq+xiRI= =Gb65 -END PGP SIGNATURE- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: RE : RE : RE : freeradius, ldap error - HELP ME!
peppeska wrote: Ok!!! Now I have this configuration INCLUDE /etc/radiusclient/dictionary.microsoft INCLUDE /etc/radiusclient/dictionary.ascend INCLUDE /etc/radiusclient/dictionary.compat INCLUDE /etc/radiusclient/dictionary.merit $INCLUDE /usr/share/freeradius/dictionary No. radiusclient can't use the FreeRADIUS dictionaries. Once freeradius-client is updated, it will use the FreeRADIUS dictionaries. But radiusclient can't. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: RE : RE : RE : freeradius, ldap error - HELP ME!
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Alan DeKok ha scritto: peppeska wrote: Ok!!! Now I have this configuration INCLUDE /etc/radiusclient/dictionary.microsoft INCLUDE /etc/radiusclient/dictionary.ascend INCLUDE /etc/radiusclient/dictionary.compat INCLUDE /etc/radiusclient/dictionary.merit $INCLUDE /usr/share/freeradius/dictionary No. radiusclient can't use the FreeRADIUS dictionaries. ook now I don't have the freeradius dictionary... now the freradius: Ready to process requests. rad_recv: Access-Request packet from host 127.0.0.1:1028, id=50, length=136 Service-Type = Framed-User Framed-Protocol = PPP User-Name = peppeska MS-CHAP-Challenge = 0x3733ba43d6d8debb5b0302f590250afd MS-CHAP2-Response = 0x0f00997701aa0d8775038e203d7c0487880fe6ba63b22268fbe23624491c47a9744354f94591fc730a90 NAS-IP-Address = 127.0.0.1 NAS-Port = 0 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module preprocess returns ok for request 0 rlm_mschap: Found MS-CHAP attributes. Setting 'Auth-Type = mschap' modcall[authorize]: module mschap returns ok for request 0 rlm_realm: No '@' in User-Name = peppeska, looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module suffix returns noop for request 0 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module eap returns noop for request 0 users: Matched entry DEFAULT at line 173 users: Matched entry DEFAULT at line 185 modcall[authorize]: module files returns ok for request 0 rlm_ldap: - authorize rlm_ldap: performing user authorization for peppeska radius_xlat: '(cn=peppeska)' radius_xlat: 'dc=example' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: attempting LDAP reconnection rlm_ldap: (re)connect to localhost:389, authentication 0 rlm_ldap: bind as cn=admin,dc=example/root to localhost:389 rlm_ldap: waiting for bind result ... rlm_ldap: Bind was successful rlm_ldap: performing search in dc=example, with filter (cn=peppeska) rlm_ldap: Added password billuzzo in check items rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user peppeska authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module ldap returns ok for request 0 modcall: leaving group authorize (returns ok) for request 0 rad_check_password: Found Auth-Type MS-CHAP auth: type MS-CHAP Processing the authenticate section of radiusd.conf modcall: entering group MS-CHAP for request 0 rlm_mschap: Told to do MS-CHAPv2 for peppeska with NT-Password rlm_mschap: adding MS-CHAPv2 MPPE keys modcall[authenticate]: module mschap returns ok for request 0 modcall: leaving group MS-CHAP (returns ok) for request 0 Login OK: [peppeska/no User-Password attribute] (from client localhost port 0) Processing the post-auth section of radiusd.conf modcall: entering group post-auth for request 0 modcall[post-auth]: module ldap returns noop for request 0 modcall: leaving group post-auth (returns noop) for request 0 Sending Access-Accept of id 50 to 127.0.0.1 port 1028 Framed-IP-Address = 255.255.255.254 Framed-MTU = 576 Service-Type = Framed-User Framed-Protocol = PPP Framed-Compression = Van-Jacobson-TCP-IP MS-CHAP2-Success = 0x0f533d33344135313830413334423831353141383738414532454632414341303830394341423344393945 MS-MPPE-Recv-Key = 0x923e2c93c2156b71231ea782495f5b99 MS-MPPE-Send-Key = 0x44fe16f0095f4b51b33c59a5387f512c MS-MPPE-Encryption-Policy = 0x0002 MS-MPPE-Encryption-Types = 0x0004 Finished request 0 Going to the next request - --- Walking the entire request list --- Waking up in 6 seconds... - --- Walking the entire request list --- Cleaning up request 0 ID 50 with timestamp 4601790a Nothing to do. Sleeping until we see a request. but plog: [EMAIL PROTECTED]:/home/peppeska# plog Mar 21 19:21:18 applejack pppd[18527]: Plugin rp-pppoe.so loaded. Mar 21 19:21:18 applejack pppd[18529]: pppd 2.4.4 started by root, uid 0 Mar 21 19:21:19 applejack pppd[18529]: PPP session is 6 Mar 21 19:21:19 applejack pppd[18529]: Using interface ppp0 Mar 21 19:21:19 applejack pppd[18529]: Connect: ppp0 -- tap1 Mar 21 19:21:41 applejack pppd[18529]: MS-CHAP authentication failed: Mar 21 19:21:41 applejack pppd[18529]: CHAP authentication failed Mar 21 19:21:41 applejack pppd[18529]: Connection terminated. [EMAIL PROTECTED]:/home/peppeska# poff UFFA!!! I promitt that I send a Cassata Siciliana to who resolv my problem... - -- -- |Giuseppe Moscato aka peppeska - Linux User - no html messages---| |[EMAIL PROTECTED] - http://peppeska.altervista.org--| |Fingerprint = 90DC 05A8 2D65 BC04 BD1B 4C07 C389 434B 3201 319D|
Re: RE : RE : RE : freeradius, ldap error - HELP ME!
peppeska wrote: ... Sending Access-Accept of id 50 to 127.0.0.1 port 1028 ... Mar 21 19:21:41 applejack pppd[18529]: MS-CHAP authentication failed: PPPD is broken. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: RE : RE : RE : freeradius, ldap error - HELP ME!
but plog: [EMAIL PROTECTED]:/home/peppeska# plog Mar 21 19:21:18 applejack pppd[18527]: Plugin rp-pppoe.so loaded. Mar 21 19:21:18 applejack pppd[18529]: pppd 2.4.4 started by root, uid 0 Mar 21 19:21:19 applejack pppd[18529]: PPP session is 6 Mar 21 19:21:19 applejack pppd[18529]: Using interface ppp0 Mar 21 19:21:19 applejack pppd[18529]: Connect: ppp0 -- tap1 Mar 21 19:21:41 applejack pppd[18529]: MS-CHAP authentication failed: Mar 21 19:21:41 applejack pppd[18529]: CHAP authentication failed Mar 21 19:21:41 applejack pppd[18529]: Connection terminated. [EMAIL PROTECTED]:/home/peppeska# poff UFFA!!! I promitt that I send a Cassata Siciliana to who resolv my problem... plog may not be enough: could you check the /var/log/messages Moreover, what dictionnary.microsoft file are you using ? Maybe it is lacking some attributes and radiusclient doesn't understand them. If you're not using the one I posted today, could you test with this one instead ? Thibault - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: RE : RE : RE : freeradius, ldap error - HELP ME!
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Alan DeKok ha scritto: peppeska wrote: ... Sending Access-Accept of id 50 to 127.0.0.1 port 1028 ... Mar 21 19:21:41 applejack pppd[18529]: MS-CHAP authentication failed: PPPD is broken. And wath I most do now? @Thibault Le Meur I use Your dictonary... the final respone is: Ready to process requests. rad_recv: Access-Request packet from host 127.0.0.1:1028, id=51, length=136 Service-Type = Framed-User Framed-Protocol = PPP User-Name = peppeska MS-CHAP-Challenge = 0xb6b462d0d978bcbfe51e4783f4a3dd32 MS-CHAP2-Response = 0xa0002138a2441156e5ed33506db0e19e960db1cfdb576490d5d29b54d30317856b01d0780f1d51ef5fa7 NAS-IP-Address = 127.0.0.1 NAS-Port = 0 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module preprocess returns ok for request 0 rlm_mschap: Found MS-CHAP attributes. Setting 'Auth-Type = mschap' modcall[authorize]: module mschap returns ok for request 0 rlm_realm: No '@' in User-Name = peppeska, looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module suffix returns noop for request 0 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module eap returns noop for request 0 users: Matched entry DEFAULT at line 173 users: Matched entry DEFAULT at line 185 modcall[authorize]: module files returns ok for request 0 rlm_ldap: - authorize rlm_ldap: performing user authorization for peppeska radius_xlat: '(cn=peppeska)' radius_xlat: 'dc=example' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: attempting LDAP reconnection rlm_ldap: (re)connect to localhost:389, authentication 0 rlm_ldap: bind as cn=admin,dc=example/root to localhost:389 rlm_ldap: waiting for bind result ... rlm_ldap: Bind was successful rlm_ldap: performing search in dc=example, with filter (cn=peppeska) rlm_ldap: Added password billuzzo in check items rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user peppeska authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module ldap returns ok for request 0 modcall: leaving group authorize (returns ok) for request 0 rad_check_password: Found Auth-Type MS-CHAP auth: type MS-CHAP Processing the authenticate section of radiusd.conf modcall: entering group MS-CHAP for request 0 rlm_mschap: Told to do MS-CHAPv2 for peppeska with NT-Password rlm_mschap: adding MS-CHAPv2 MPPE keys modcall[authenticate]: module mschap returns ok for request 0 modcall: leaving group MS-CHAP (returns ok) for request 0 Login OK: [peppeska/no User-Password attribute] (from client localhost port 0) Processing the post-auth section of radiusd.conf modcall: entering group post-auth for request 0 modcall[post-auth]: module ldap returns noop for request 0 modcall: leaving group post-auth (returns noop) for request 0 Sending Access-Accept of id 51 to 127.0.0.1 port 1028 Framed-IP-Address = 255.255.255.254 Framed-MTU = 576 Service-Type = Framed-User Framed-Protocol = PPP Framed-Compression = Van-Jacobson-TCP-IP MS-CHAP2-Success = 0xa0533d32463945383842443446423034313543303139374631363834344244424532413836423234323346 MS-MPPE-Recv-Key = 0xee31ff0993d0e3b1589a2920ac31b3d8 MS-MPPE-Send-Key = 0x61bccd9e7dbd48aa264d2117a72ed2cc MS-MPPE-Encryption-Policy = 0x0002 MS-MPPE-Encryption-Types = 0x0004 Finished request 0 Going to the next request - --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Access-Request packet from host 127.0.0.1:1028, id=51, length=136 Sending duplicate reply to client localhost:1028 - ID: 51 Re-sending Access-Accept of id 51 to 127.0.0.1 port 1028 - --- Walking the entire request list --- Cleaning up request 0 ID 51 with timestamp 46018448 Nothing to do. Sleeping until we see a request. debian:/etc/freeradius# tail /var/log/messages Mar 21 19:38:15 debian -- MARK -- Mar 21 19:58:19 debian -- MARK -- Mar 21 20:15:14 debian pppd[4426]: Plugin radius.so loaded. Mar 21 20:15:14 debian pppd[4426]: RADIUS plugin initialized. Mar 21 20:15:15 debian pppd[4426]: pppd 2.4.4 started by root, uid 0 Mar 21 20:15:17 debian pppd[4426]: Using interface ppp0 Mar 21 20:15:17 debian pppd[4426]: Connect: ppp0 -- /dev/pts/2 Mar 21 20:15:32 debian pppd[4426]: Peer peppeska failed CHAP authentication Mar 21 20:15:32 debian pppd[4426]: Connection terminated. Mar 21 20:15:33 debian pppd[4426]: Exit. debian:/etc/freeradius# ma script to start pppoe-server is debian:~# cat start-pppoe2.sh #!/bin/bash MAX=250 BASE=10.67.7.1 NAT=10.67.7.0/24 MYIP=193.205.94.13 iptables -A INPUT -i eth0 -s $NAT -j DROP iptables -t nat -A POSTROUTING -s $NAT -j SNAT --to-source $MYIP pppoe-server -T 60 -I eth1 -N $MAX -C PPPoE-R
