Linux pppoe-server radius client и авторизация через AD

Linux pppoe-server radius client и авторизация через AD

Новый участник

Сообщения: 1
Благодарности: 0

Народ срочно нужна помощь. Поделитесть опытом.
Или подскажите куда двигаться.
Нужно настроить PPPoE сервер на Linuxe, чтобы он брал учётки с AD, а так же IP адрес
для тунеля из вкладки пользователя в AD Dial-Up.
Стоит:
SuSe ES 10, на нём поднят pppoe server rp-pppoe-3.8,
radiusclient, pppd, подгружены модули pppoe.ko, ppp_mppe.ko.
Домен на Windows 2003 server.
Привожу свои конфиги:
/etc/ppp/pppoe-server-options:
---------------------------------
# PPP options for the PPPoE server
# LIC: GPL
logfile /var/log/pppoe.log
debug
mtu 1472
mru 1472
auth
#require-pap
require-chap
#require-mschap-v2
#require-mppe
default-asyncmap
ktune
lcp-echo-interval 20
lcp-echo-failure 2
ms-dns 192.168.1.252
plugin radius.so
plugin radattr.so
#192.168.2.251:
nobsdcomp
noccp
noendpoint
noipdefault
noipx
novj
receive-all
------------------------------------

/etc/ppp/radiusclient/servers:
--------------------------------------------------------
192.168.1.252 xxxxxxx
--------------------------------------------------------

/etc/ppp/radiusclient/radiusclient.conf:
--------------------------------------------------------
#Server Name or Client/Server pair Key
#---------------- ---------------
#portmaster.elemental.net hardlyasecret
#portmaster2.elemental.net donttellanyone
#
# uncomment the following line for simple testing of radlogin
# with radiusd 1.16.1
#localhost/localhost testing123
192.168.1.252 xxxxxxx
gw0:/etc/ppp/radiusclient # cat radiusclient.conf
# General settings

# specify which authentication comes first respectively which
# authentication is used. possible values are: "radius" and "local".
# if you specify "radius,local" then the RADIUS server is asked
# first then the local one. if only one keyword is specified only
# this server is asked.
auth_order radius,local

# maximum login tries a user has
login_tries 4

# timeout for all login tries
# if this time is exceeded the user is kicked out
login_timeout 60

# name of the nologin file which when it exists disables logins.
# it may be extended by the ttyname which will result in
# a terminal specific lock (e.g. /etc/nologin.ttyS2 will disable
# logins on /dev/ttyS2)
nologin /etc/nologin

# name of the issue file. it's only display when no username is passed
# on the radlogin command line
issue /etc/radiusclient/issue

# RADIUS settings

# RADIUS server to use for authentication requests. this config
# item can appear more then one time. if multiple servers are
# defined they are tried in a round robin fashion if one
# server is not answering.
# optionally you can specify a the port number on which is remote
# RADIUS listens separated by a colon from the hostname. if
# no port is specified /etc/services is consulted of the radius
# service. if this fails also a compiled in default is used.
authserver 192.168.1.252:1812

# RADIUS server to use for accouting requests. All that I
# said for authserver applies, too.
#
acctserver 192.168.1.252:1813

# file holding shared secrets used for the communication
# between the RADIUS client and server
servers /etc/radiusclient/servers

# dictionary of allowed attributes and values
# just like in the normal RADIUS distributions
dictionary /etc/radiusclient/dictionary

# program to call for a RADIUS authenticated login
login_radius /usr/sbin/login.radius

# file which holds sequence number for communication with the
# RADIUS server
seqfile /var/run/radius.seq

# file which specifies mapping between ttyname and NAS-Port attribute
mapfile /etc/radiusclient/port-id-map

# default authentication realm to append to all usernames if no
# realm was explicitly specified by the user
# the radiusd directly form Livingston doesnt use any realms, so leave
# it blank then
default_realm

# time to wait for a reply from the RADIUS server
radius_timeout 10

# resend request this many times before trying the next server
radius_retries 3

# LOCAL settings

# program to execute for local login
# it must support the -f flag for preauthenticated login
login_local /bin/login
----------------------------------------------------------------------
при попытке соединения выдаётся следущее в /var/log/pppoe.log:

Feb 22 04:07:07 gw0 pppd[18376]: Plugin radius.so loaded.
Feb 22 04:07:07 gw0 pppd[18376]: RADIUS plugin initialized.
Feb 22 04:07:07 gw0 pppd[18376]: Plugin radattr.so loaded.
Feb 22 04:07:07 gw0 pppd[18376]: RADATTR plugin initialized.
Feb 22 04:07:07 gw0 pppd[18376]: pppd 2.4.3 started by root, uid 0
Feb 22 04:07:07 gw0 pppd[18376]: using channel 43
Feb 22 04:07:07 gw0 pppd[18376]: Using interface ppp0
Feb 22 04:07:07 gw0 pppd[18376]: Connect: ppp0 <--> /dev/pts/4
Feb 22 04:07:07 gw0 pppd[18376]: rcvd [LCP ConfReq id=0x0 <mru 1480> <magic 0x727a6899> <callback CBCP>]
Feb 22 04:07:07 gw0 pppd[18376]: sent [LCP ConfReq id=0x1 <mru 1472> <auth chap MD5> <magic 0x579b48bb>]
Feb 22 04:07:07 gw0 pppd[18376]: sent [LCP ConfRej id=0x0 <callback CBCP>]
Feb 22 04:07:07 gw0 pppd[18376]: rcvd [LCP ConfAck id=0x1 <mru 1472> <auth chap MD5> <magic 0x579b48bb>]
Feb 22 04:07:07 gw0 pppd[18376]: rcvd [LCP ConfReq id=0x1 <mru 1480> <magic 0x727a6899>]
Feb 22 04:07:07 gw0 pppd[18376]: sent [LCP ConfAck id=0x1 <mru 1480> <magic 0x727a6899>]
Feb 22 04:07:07 gw0 pppd[18376]: sent [LCP EchoReq id=0x0 magic=0x579b48bb]
Feb 22 04:07:07 gw0 pppd[18376]: sent [CHAP Challenge id=0x4f <7ef9787b50f194c2be0069d6143513aa>, name = "gw0"]
Feb 22 04:07:07 gw0 pppd[18376]: rcvd [LCP code=0xc id=0x2 72 7a 68 99 4d 53 52 41 53 56 35 2e 31 30]
Feb 22 04:07:07 gw0 pppd[18376]: sent [LCP CodeRej id=0x2 0c 02 00 12 72 7a 68 99 4d 53 52 41 53 56 35 2e 31 30]
Feb 22 04:07:07 gw0 pppd[18376]: rcvd [LCP code=0xc id=0x3 72 7a 68 99 4d 53 52 41 53 2d 30 2d 4c 49 4e 55 58 4f 49 44]
Feb 22 04:07:07 gw0 pppd[18376]: sent [LCP CodeRej id=0x3 0c 03 00 18 72 7a 68 99 4d 53 52 41 53 2d 30 2d 4c 49 4e 55 58 4f 49 44]
Feb 22 04:07:07 gw0 pppd[18376]: rcvd [LCP EchoRep id=0x0 magic=0x727a6899]
Feb 22 04:07:07 gw0 pppd[18376]: rcvd [CHAP Response id=0x4f <95af455dd3afe4f999467c0749951396>, name = "LOTOS\\a.borovkov"]
Feb 22 04:07:07 gw0 pppd[18376]: rc_avpair_new: unknown attribute 60
Feb 22 04:07:40 gw0 pppd[18376]: rc_send_server: no reply from RADIUS server loader.lotos.local:1812
Feb 22 04:07:40 gw0 pppd[18376]: Peer LOTOS\\a.borovkov failed CHAP authentication
Feb 22 04:07:40 gw0 pppd[18376]: sent [CHAP Failure id=0x4f ""]
Feb 22 04:07:40 gw0 pppd[18376]: sent [LCP TermReq id=0x4 "Authentication failed"]
Feb 22 04:07:40 gw0 pppd[18376]: Terminating on signal 15
Feb 22 04:07:40 gw0 pppd[18376]: rcvd [CHAP Response id=0x4f <95af455dd3afe4f999467c0749951396>, name = "LOTOS\\a.borovkov"]
Feb 22 04:07:40 gw0 pppd[18376]: Discarded non-LCP packet when LCP not open
Feb 22 04:07:40 gw0 pppd[18376]: rcvd [CHAP Response id=0x4f <95af455dd3afe4f999467c0749951396>, name = "LOTOS\\a.borovkov"]
Feb 22 04:07:40 gw0 pppd[18376]: Discarded non-LCP packet when LCP not open
Feb 22 04:07:40 gw0 pppd[18376]: rcvd [CHAP Response id=0x4f <95af455dd3afe4f999467c0749951396>, name = "LOTOS\\a.borovkov"]
Feb 22 04:07:40 gw0 pppd[18376]: Discarded non-LCP packet when LCP not open
Feb 22 04:07:40 gw0 pppd[18376]: rcvd [CHAP Response id=0x4f <95af455dd3afe4f999467c0749951396>, name = "LOTOS\\a.borovkov"]
Feb 22 04:07:40 gw0 pppd[18376]: Discarded non-LCP packet when LCP not open
Feb 22 04:07:40 gw0 pppd[18376]: rcvd [CHAP Response id=0x4f <95af455dd3afe4f999467c0749951396>, name = "LOTOS\\a.borovkov"]
Feb 22 04:07:40 gw0 pppd[18376]: Discarded non-LCP packet when LCP not open
Feb 22 04:07:40 gw0 pppd[18376]: rcvd [CHAP Response id=0x4f <95af455dd3afe4f999467c0749951396>, name = "LOTOS\\a.borovkov"]
Feb 22 04:07:40 gw0 pppd[18376]: Discarded non-LCP packet when LCP not open
Feb 22 04:07:40 gw0 pppd[18376]: rcvd [CHAP Response id=0x4f <95af455dd3afe4f999467c0749951396>, name = "LOTOS\\a.borovkov"]
Feb 22 04:07:40 gw0 pppd[18376]: Discarded non-LCP packet when LCP not open
Feb 22 04:07:40 gw0 pppd[18376]: rcvd [CHAP Response id=0x4f <95af455dd3afe4f999467c0749951396>, name = "LOTOS\\a.borovkov"]
Feb 22 04:07:40 gw0 pppd[18376]: Discarded non-LCP packet when LCP not open
Feb 22 04:07:40 gw0 pppd[18376]: rcvd [CHAP Response id=0x4f <95af455dd3afe4f999467c0749951396>, name = "LOTOS\\a.borovkov"]
Feb 22 04:07:40 gw0 pppd[18376]: Discarded non-LCP packet when LCP not open
Feb 22 04:07:40 gw0 pppd[18376]: rcvd [LCP TermReq id=0x4 "rzh\37777777631\000<\37777777715t\000\000\002\37777777716"]
Feb 22 04:07:40 gw0 pppd[18376]: sent [LCP TermAck id=0x4]
Feb 22 04:07:43 gw0 pppd[18376]: sent [LCP TermReq id=0x5 "User request"]
Feb 22 04:07:46 gw0 pppd[18376]: Connection terminated.
Feb 22 04:07:46 gw0 pppd[18376]: Modem hangup
Feb 22 04:07:46 gw0 pppd[18376]: Waiting for 1 child processes...
Feb 22 04:07:46 gw0 pppd[18376]: script /usr/local/rp-pppoe-3.8/sbin/pppoe -n -I eth0 -e 29:00:0c:29:4c:72:7a -S '', pid 18377
Feb 22 04:07:46 gw0 pppd[18376]: Script /usr/local/rp-pppoe-3.8/sbin/pppoe -n -I eth0 -e 29:00:0c:29:4c:72:7a -S '' finished (pid 18377), status = 0x1
Feb 22 04:07:46 gw0 pppd[18376]: RADATTR plugin removed file /var/run/radattr.ppp0.
Feb 22 04:07:46 gw0 pppd[18376]: Exit.

Отправлено: 12:12, 21-02-2007

tratatun

Новый участник

Сообщения: 1
Благодарности: 0

Профиль | Отправить PM | Цитировать

Добрый день
Решаю задачу Linux pppoe-server radius client и авторизация через AD ip из учетной записи- пока безуспешно
Подскажите плз Вам удалось реализовать такую схему?

Отправлено: 09:45, 27-02-2009 | #2

Для отключения данного рекламного блока вам необходимо зарегистрироваться или войти с учетной записью социальной сети.

Если же вы забыли свой пароль на форуме, то воспользуйтесь данной ссылкой для восстановления пароля.