From: "Alexey S. Kuznetsov" <buster@vostok.net.ua>
To: "Konstantin A. Lepikhov" <community@altlinux.ru>
Subject: Re: [Comm] Re: PPTP + freeradius
Date: Mon, 14 Jun 2004 15:40:17 +0300
Message-ID: <566233257.20040614154017@vostok.net.ua> (raw)
In-Reply-To: <20040614120726.GA18623@lks.home>
Hello Konstantin,
Monday, June 14, 2004, 3:07:26 PM, you wrote:
KAL> Hi Alexey!
KAL> Monday 14, at 02:38:07 PM you wrote:
KAL> <skip>
>> в radiusd.conf убрал все mschap. Рестартовал радиус, попытка
>> подключения:
KAL> <skip>
>> Jun 14 14:27:38 bigbox pppd[7096]: rc_check_reply: received
>> invalid reply digest from RADIUS server
>> Jun 14 14:27:38 bigbox pppd[7096]: Peer buster failed CHAP authentication
KAL> Интересно, а что вообще ответил radius сервер? Запустите его с debug и
KAL> посмотрите, какие атрибуты он отдает. Теоретически, digest что создает
KAL> сервер и digest что создает клиент должны быть идентичны. + Вы не
KAL> упомянули, в этом случае у клиента был выставлен chap и не влключено
KAL> шифрование?
включил mschap-v2 у клиента и шифрование включил, получаю такое:
# radiusd -X
----------------------------------------
rad_recv: Access-Request packet from host 127.0.0.1:35924, id=82, length=134
Service-Type = Framed-User
Framed-Protocol = PPP
User-Name = "buster"
MS-CHAP-Challenge = 0x15f984a0dcbecf78a7953af449e0a789
MS-CHAP2-Response = 0x2600ff568ab105f48ef2aeed4679accd6ad20000000000000000b70b60973eb3387a860eafe14b5811e97188d7b6754c4286
NAS-IP-Address = 192.168.1.2
NAS-Port = 0
modcall: entering group authorize for request 2
modcall[authorize]: module "preprocess" returns ok for request 2
modcall[authorize]: module "chap" returns noop for request 2
rlm_mschap: Found MS-CHAP attributes. Setting 'Auth-Type := MS-CHAP'
modcall[authorize]: module "mschap" returns ok for request 2
rlm_realm: No '@' in User-Name = "buster", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 2
radius_xlat: 'buster'
rlm_sql (sql): sql_set_user escaped user --> 'buster'
radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'buster' ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 2
radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'buster' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'
radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = 'buster' ORDER BY id'
radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'buster' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id'
rlm_sql (sql): Released sql socket id: 2
modcall[authorize]: module "sql" returns ok for request 2
modcall: group authorize returns ok for request 2
rad_check_password: Found Auth-Type MS-CHAP
rad_check_password: Found Auth-Type Local
Warning: Found 2 auth-types on request for user 'buster'
auth: type Local
auth: No User-Password or CHAP-Password attribute in the request
auth: Failed to validate the user.
Как я понял, что используется от клиента MS-CHAP обычный, хотя когда я
ставлю у клиента любой другой аид авторизации (pap, chap,ms-chap) в
дебаге радиуса не пишется ниченго и идёт "Оегистрация компьютера в
сети". Пытается что-то проверять только, когда используется ms-chapv2.
Что это может быть?
--
Sincerely,
Alexey S. Kuznetsov
AK2351-RIPE
next prev parent reply other threads:[~2004-06-14 12:40 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-06-14 7:10 [Comm] " Alexey S. Kuznetsov
2004-06-14 8:02 ` [Comm] " Konstantin A. Lepikhov
2004-06-14 8:42 ` Alexey S. Kuznetsov
2004-06-14 9:32 ` Konstantin A. Lepikhov
2004-06-14 10:33 ` Alexey S. Kuznetsov
2004-06-14 10:52 ` Konstantin A. Lepikhov
2004-06-14 11:38 ` Alexey S. Kuznetsov
2004-06-14 12:07 ` Konstantin A. Lepikhov
2004-06-14 12:40 ` Alexey S. Kuznetsov [this message]
2004-06-14 12:54 ` Konstantin A. Lepikhov
2004-06-14 13:09 ` Alexey S. Kuznetsov
2004-06-14 14:54 ` Konstantin A. Lepikhov
2004-06-15 7:43 ` Alexey S. Kuznetsov
2004-06-15 9:28 ` Sergey Vlasov
2004-06-15 11:14 ` Re[2]: " Alexey S. Kuznetsov
2004-06-15 11:45 ` Alexei Takaseev
2004-06-15 12:24 ` Re[4]: " Alexey S. Kuznetsov
2004-06-15 14:18 ` Alexei Takaseev
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=566233257.20040614154017@vostok.net.ua \
--to=buster@vostok.net.ua \
--cc=community@altlinux.ru \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
ALT Linux Community general discussions
This inbox may be cloned and mirrored by anyone:
git clone --mirror http://lore.altlinux.org/community/0 community/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 community community/ http://lore.altlinux.org/community \
mandrake-russian@linuxteam.iplabs.ru community@lists.altlinux.org community@lists.altlinux.ru community@lists.altlinux.com
public-inbox-index community
Example config snippet for mirrors.
Newsgroup available over NNTP:
nntp://lore.altlinux.org/org.altlinux.lists.community
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git