[Sysadmins] pptpd+freeradius+openldap

ALT Linux sysadmins discussion
 help / color / mirror / Atom feed

From: "Olaf Portvineson" <cyberskunk@gmail.com>
To: "ALT Linux sysadmin discuss" <sysadmins@lists.altlinux.org>
Subject: [Sysadmins] pptpd+freeradius+openldap
Date: Thu, 23 Mar 2006 15:14:06 +0300
Message-ID: <59387b920603230414yb05a397k5fee9b0098fdd57a@mail.gmail.com> (raw)

Люди, не подскажете, может я чего-то не понимаю?
Пытаюсь реализовать сабж. Система на ALM2.4.
Все работает с использованием файла chap-secrets, но никак не могу
прикрутить авторизацию через ЛДАП.
В конфигах следующее:
pptpd.conf (тут вроде все нормально,  ничего не менял относительно
того, что было при использовании chap-secrets)
     speed 115200
     option /etc/ppp/options.pptpd
     localip 192.168.2.1
     remoteip 192.168.2.130-200
соответственно, options.pptpd пополнился строчкой plugin radius.so
     lock
     noipdefault
     nodefaultroute
    logfd 2
    name PPTP
    nobsdcomp
    nodeflate
    refuse-pap
    refuse-chap
    require-mppe
    require-mschap
    require-mschap-v2
    plugin radius.so
в /etc/radiusclient/servers что-то типа
    localhost        12345678
аналогично в /etc/raddb/clients.conf что-то вроде
     client 127.0.0.1{
    secret=12345678
    shortname=localhost
    nastype=other}
в radiusd.conf все по умалчанию, только добавлено:
modules{
ldap{
    identity="cn=vpupkin, dc=setki,dc=net"
    password= zloj_parol
    basedn="ou=Users,dc=setki,dc=net"
    filter="(uid=%{Stripped-User-Name:-%{User-Name}})"
    start_tls=no
    tls_mode=no
   accessAttr="dialupAccess"
   dictionary_mapping=${raddbdir}/ldap.attrmap
}}

При этом коннект с виндовой машины не проходит, зависание происходит
на "Opening port...", в логи валится следующее:
Mar 23 15:01:52 skunk pptpd[20663]: MGR: Launching /usr/sbin/pptpctrl
to handle client
Mar 23 15:01:52 skunk pptpd[20663]: CTRL: local address = 192.168.2.1
Mar 23 15:01:52 skunk pptpd[20663]: CTRL: remote address = 192.168.2.131
Mar 23 15:01:52 skunk pptpd[20663]: CTRL: pppd options file =
/etc/ppp/options.pptpd
Mar 23 15:01:52 skunk pptpd[20663]: CTRL: Client 192.168.2.17 control
connection started
Mar 23 15:01:52 skunk pptpd[20663]: CTRL: Received PPTP Control
Message (type: 1)
Mar 23 15:01:52 skunk pptpd[20663]: CTRL: Made a START CTRL CONN RPLY packet
Mar 23 15:01:52 skunk pptpd[20663]: CTRL: I wrote 156 bytes to the client.
Mar 23 15:01:52 skunk pptpd[20663]: CTRL: Sent packet to client
Mar 23 15:01:52 skunk pptpd[20663]: CTRL: Received PPTP Control
Message (type: 7)
Mar 23 15:01:52 skunk pptpd[20663]: CTRL: Set parameters to 1525
maxbps, 64 window size
Mar 23 15:01:52 skunk pptpd[20663]: CTRL: Made a OUT CALL RPLY packet
Mar 23 15:01:52 skunk pptpd[20663]: CTRL: Starting call (launching
pppd, opening GRE)
Mar 23 15:01:52 skunk pptpd[20663]: CTRL: pty_fd = 5
Mar 23 15:01:52 skunk pptpd[20663]: CTRL: tty_fd = 6
Mar 23 15:01:52 skunk pptpd[20663]: CTRL: I wrote 32 bytes to the client.
Mar 23 15:01:52 skunk pptpd[20664]: CTRL (PPPD Launcher): Connection
speed = 115200
Mar 23 15:01:52 skunk pptpd[20664]: CTRL (PPPD Launcher): local
address = 192.168.2.1
Mar 23 15:01:52 skunk pptpd[20664]: CTRL (PPPD Launcher): remote
address = 192.168.2.131
Mar 23 15:01:52 skunk pptpd[20663]: CTRL: Sent packet to client
Mar 23 15:01:52 skunk pptpd[20663]: CTRL: Received PPTP Control
Message (type: 15)
Mar 23 15:01:52 skunk pptpd[20663]: CTRL: Got a SET LINK INFO packet
with standard ACCMs
Mar 23 15:01:53 skunk pppd[20664]: Plugin radius.so loaded.
Mar 23 15:01:53 skunk pptpd[20663]: CTRL: Closing child BCrelay with pid 0
Mar 23 15:01:53 skunk pptpd[20663]: CTRL: Closing child ppp with pid 20664
Mar 23 15:01:53 skunk pptpd[20663]: CTRL: Client 192.168.2.17 control
connection finished
Mar 23 15:01:53 skunk pptpd[20663]: CTRL: Exiting now
Mar 23 15:01:53 skunk pptpd[1486]: MGR: Reaped child 20663

Куда копать? Почему от pppd вообще ничего нет, кроме того, что
загружен плагин? За что его, беднягу, репают?
--
WBR,
   CyberSkunk aka dRuNk Ph!ZiK

next             reply	other threads:[~2006-03-23 12:14 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2006-03-23 12:14 Olaf Portvineson [this message]
2006-03-23 12:30 ` Vladimir V. Kamarzin
2006-03-23 12:54   ` Olaf Portvineson

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=59387b920603230414yb05a397k5fee9b0098fdd57a@mail.gmail.com \
    --to=cyberskunk@gmail.com \
    --cc=sysadmins@lists.altlinux.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

ALT Linux sysadmins discussion

This inbox may be cloned and mirrored by anyone:

	git clone --mirror http://lore.altlinux.org/sysadmins/0 sysadmins/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 sysadmins sysadmins/ http://lore.altlinux.org/sysadmins \
		sysadmins@lists.altlinux.org sysadmins@lists.altlinux.ru sysadmins@lists.altlinux.com
	public-inbox-index sysadmins

Example config snippet for mirrors.
Newsgroup available over NNTP:
	nntp://lore.altlinux.org/org.altlinux.lists.sysadmins


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git