From: "Alexey S. Kuznetsov" <buster@vostok.net.ua>
To: "Konstantin A. Lepikhov" <community@altlinux.ru>
Subject: Re: [Comm] Re: PPTP + freeradius
Date: Mon, 14 Jun 2004 14:38:07 +0300
Message-ID: <835081874.20040614143807@vostok.net.ua> (raw)
In-Reply-To: <20040614105218.GA13037@lks.home>
Hello Konstantin,
Monday, June 14, 2004, 1:52:18 PM, you wrote:
KAL> Hi Alexey!
KAL> Ага, а freeradius ждет chap digest. Попробуйте либо задействовать
KAL> mschap-v2 плагин (либо собрать FR с его поддержкой), либо отключите на
KAL> стороне клиента mschap, потавив жестко тип авторизации CHAP
Попробовал:
# cat /etc/ppp/options.pptpd
lock
debug
name pptpd
noauth
proxyarp
asyncmap 0
-pap
+chap
-mschap
-mschap-v2
lcp-echo-failure 30
lcp-echo-interval 5
ipcp-accept-local
ipcp-accept-remote
ms-dns xxx.xxx.xxx.xxx
plugin radius.so
в radiusd.conf убрал все mschap. Рестартовал радиус, попытка
подключения:
Jun 14 14:27:31 bigbox pptpd[7095]: CTRL: Client 192.168.2.5 control connection started
Jun 14 14:27:31 bigbox pptpd[7095]: CTRL: Starting call (launching pppd, opening GRE)
Jun 14 14:27:31 bigbox pppd[7096]: Plugin radius.so loaded.
Jun 14 14:27:31 bigbox pppd[7096]: RADIUS plugin initialized.
Jun 14 14:27:31 bigbox pppd[7096]: pppd 2.4.2 started by buster, uid 0
Jun 14 14:27:31 bigbox pptpd[7095]: GRE: Discarding duplicate packet
Jun 14 14:27:31 bigbox pppd[7096]: Using interface ppp0
Jun 14 14:27:31 bigbox pppd[7096]: Connect: ppp0 <--> /dev/pts/1
Jun 14 14:27:31 bigbox pptpd[7095]: GRE: Bad checksum from pppd.
Jun 14 14:27:33 bigbox pptpd[7095]: CTRL: Ignored a SET LINK INFO packet with real ACCMs!
Jun 14 14:27:38 bigbox pppd[7096]: rc_check_reply: received invalid reply digest from RADIUS server
Jun 14 14:27:38 bigbox pppd[7096]: Peer buster failed CHAP authentication
Jun 14 14:27:38 bigbox pppd[7096]: Connection terminated.
Jun 14 14:27:38 bigbox pptpd[7095]: CTRL: Client 192.168.2.5 control connection finished
Jun 14 14:27:38 bigbox pppd[7096]: Terminating on signal 2.
Jun 14 14:27:38 bigbox pppd[7096]: Exit.
потом меняю всё обратно, ставлю в настройках клиента MS-CHAPv2:
Jun 14 14:34:21 bigbox pptpd[7579]: CTRL: Client 192.168.2.5 control connection
started
Jun 14 14:34:21 bigbox pptpd[7579]: CTRL: Starting call (launching pppd, opening
GRE)
Jun 14 14:34:21 bigbox pppd[7580]: Plugin radius.so loaded.
Jun 14 14:34:21 bigbox pppd[7580]: RADIUS plugin initialized.
Jun 14 14:34:21 bigbox pptpd[7579]: GRE: Discarding duplicate packet
Jun 14 14:34:21 bigbox pppd[7580]: pppd 2.4.2 started by buster, uid 0
Jun 14 14:34:21 bigbox pppd[7580]: Using interface ppp0
Jun 14 14:34:21 bigbox pppd[7580]: Connect: ppp0 <--> /dev/pts/1
Jun 14 14:34:21 bigbox pptpd[7579]: GRE: Bad checksum from pppd.
Jun 14 14:34:23 bigbox pptpd[7579]: CTRL: Ignored a SET LINK INFO packet with re
al ACCMs!
Jun 14 14:34:28 bigbox pppd[7580]: Peer buster failed CHAP authentication
Jun 14 14:34:28 bigbox pppd[7580]: Connection terminated.
Jun 14 14:34:28 bigbox pptpd[7579]: CTRL: Client 192.168.2.5 control connection
finished
Jun 14 14:34:28 bigbox pppd[7580]: Terminating on signal 2.
Jun 14 14:34:28 bigbox pppd[7580]: Exit.
Ставлю в настройках клиента просто CHAP, и пароль ставлю абсолютно
произвольный! (при том, что в options.pptpd
-chap
+mschap-v2)
Jun 14 14:36:04 bigbox pptpd[7654]: CTRL: Client 192.168.2.5 control connection
started
Jun 14 14:36:04 bigbox pptpd[7654]: CTRL: Starting call (launching pppd, opening
GRE)
Jun 14 14:36:04 bigbox pppd[7655]: Plugin radius.so loaded.
Jun 14 14:36:04 bigbox pppd[7655]: RADIUS plugin initialized.
Jun 14 14:36:04 bigbox pppd[7655]: pppd 2.4.2 started by buster, uid 0
Jun 14 14:36:04 bigbox pptpd[7654]: GRE: Discarding duplicate packet
Jun 14 14:36:04 bigbox pppd[7655]: Using interface ppp0
Jun 14 14:36:04 bigbox pppd[7655]: Connect: ppp0 <--> /dev/pts/1
Jun 14 14:36:04 bigbox pptpd[7654]: GRE: Bad checksum from pppd.
Jun 14 14:36:06 bigbox pppd[7655]: peer refused to authenticate: terminating lin
k
Jun 14 14:36:06 bigbox pptpd[7654]: CTRL: Ignored a SET LINK INFO packet with re
al ACCMs!
Jun 14 14:36:06 bigbox pppd[7655]: Connection terminated.
Jun 14 14:36:06 bigbox pppd[7655]: Exit.
Jun 14 14:36:06 bigbox pptpd[7654]: GRE: read(fd=5,buffer=804e6e0,len=8196) from
PTY failed: status = -1 error = Input/output error
Jun 14 14:36:06 bigbox pptpd[7654]: CTRL: PTY read or GRE write failed (pty,gre)
=(5,6)
Jun 14 14:36:06 bigbox pptpd[7654]: CTRL: Client 192.168.2.5 control connection
finished
а в Windows XP написало, выдало ошибку уже когда было: Registering
your computer in network. т.е. как я понял фаза авторизации
прошла.....что-то не так.
--
Sincerely,
Alexey S. Kuznetsov
AK2351-RIPE
next prev parent reply other threads:[~2004-06-14 11:38 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-06-14 7:10 [Comm] " Alexey S. Kuznetsov
2004-06-14 8:02 ` [Comm] " Konstantin A. Lepikhov
2004-06-14 8:42 ` Alexey S. Kuznetsov
2004-06-14 9:32 ` Konstantin A. Lepikhov
2004-06-14 10:33 ` Alexey S. Kuznetsov
2004-06-14 10:52 ` Konstantin A. Lepikhov
2004-06-14 11:38 ` Alexey S. Kuznetsov [this message]
2004-06-14 12:07 ` Konstantin A. Lepikhov
2004-06-14 12:40 ` Alexey S. Kuznetsov
2004-06-14 12:54 ` Konstantin A. Lepikhov
2004-06-14 13:09 ` Alexey S. Kuznetsov
2004-06-14 14:54 ` Konstantin A. Lepikhov
2004-06-15 7:43 ` Alexey S. Kuznetsov
2004-06-15 9:28 ` Sergey Vlasov
2004-06-15 11:14 ` Re[2]: " Alexey S. Kuznetsov
2004-06-15 11:45 ` Alexei Takaseev
2004-06-15 12:24 ` Re[4]: " Alexey S. Kuznetsov
2004-06-15 14:18 ` Alexei Takaseev
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=835081874.20040614143807@vostok.net.ua \
--to=buster@vostok.net.ua \
--cc=community@altlinux.ru \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
ALT Linux Community general discussions
This inbox may be cloned and mirrored by anyone:
git clone --mirror http://lore.altlinux.org/community/0 community/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 community community/ http://lore.altlinux.org/community \
mandrake-russian@linuxteam.iplabs.ru community@lists.altlinux.org community@lists.altlinux.ru community@lists.altlinux.com
public-inbox-index community
Example config snippet for mirrors.
Newsgroup available over NNTP:
nntp://lore.altlinux.org/org.altlinux.lists.community
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git