yKpon

ELTEX хорошее железо, зря смуту нагоняете

принимаем оплату через Яндекс.Кассу, деньги падают на р/сч в банке за вычетом 3.5%, абоненты платят прямо с сайта картой по биллингу... костыли парсят е-мейл и через sgconf пополняют счёт

предполагаю что нужно изучать само API от микротика, к биллингу это никакого отношения не имеет

что-то зачастил падать, почти каждый день Mar 14 19:38:52 skyprox kernel: [5078502.396052] stargazer[19908]: segfault at 50 ip b74e2185 sp b5fadfe8 error 4 in libc-2.11.3.so[b746f000+140000] ОС Дебиан 6 просто сборки и запуска в дебаге будет не достаточно? В принципе планируем переустанавливать ОС на сервере, может просто из-за древности

отписал в ЛС

так и сделал, после стопа биллинг не мог стартовать =) 2015-02-25 21:40:14 -- Message queue created successfully. msgKey=5555 msgID=491520 2015-02-25 21:40:14 -- Timer thread started successfully. 2015-02-25 21:40:14 -- Storage plugin: mysql_store v.0.67. Loading successfull. 2015-02-25 21:40:14 -- Cannot read conf for user . 2015-02-25 21:40:14 -- User '' password is blank. 2015-02-25 21:40:14 -- USERS: Error: Cannot read users! 2015-02-25 21:40:14 -- Traffcounter: Stop successfull. 2015-02-25 21:40:14 -- Users: Stop successfull. 2015-02-25 21:40:15 -- Queue removed successfully. 2015-02-25 21:40:16 -- StgTimer: Stop successfull. 2015-02-25 21:40:16 -- Stg stopped successfully. 2015-02-25 21:40:16 -- ---------------------------------------------

могу дать доступ по ssh Skype: skyprox.net.ru

через sgconf сприпт ошибочно создал пользователя с пустым логином и паролем, теперь никак не могу его удалить, конфигуратор пишет ошибку, sgconf через -u '' -l пишет Error

что-то припоминаю про настройку client, там что должно быть?

вот сейчас одна сессия, ввожу верные test 123456 Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /usr/local/etc/raddb/clients.conf Config: including file: /usr/local/etc/raddb/snmp.conf main: prefix = "/usr/local" main: localstatedir = "/var" main: logdir = "/var/log/freeradius" main: libdir = "/usr/local/lib/" main: radacctdir = "/usr/local/var/log/radius/radacct" main: hostname_lookups = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = no main: log_file = "/var/log/freeradius/radius.log" main: log_auth = no main: log_auth_badpass = no main: log_auth_goodpass = no main: pidfile = "/var/run/freeradius/freeradius.pid" main: user = "freerad" main: group = "freerad" main: usercollide = no main: lower_user = "no" main: lower_pass = "no" main: nospace_user = "no" main: nospace_pass = "no" main: checkrad = "/usr/local/sbin/checkrad" main: proxy_requests = yes security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist read_config_files: reading clients read_config_files: reading realms radiusd: entering modules setup Module: Library search path is /usr/local/lib rlm_stg: stg_init() Module: Loaded stg rlm_stg: stg_instantiate() stg: password = "123456" stg: server = "127.0.0.1" stg: port = 6666 stg: local_port = 6667 Module: Instantiated stg (stg) Module: Loaded PAP pap: encryption_scheme = "crypt" pap: auto_header = no Module: Instantiated pap (pap) Module: Loaded CHAP Module: Instantiated chap (chap) Module: Loaded MS-CHAP mschap: use_mppe = yes mschap: require_encryption = yes mschap: require_strong = no mschap: with_ntdomain_hack = no mschap: passwd = "(null)" mschap: ntlm_auth = "(null)" Module: Instantiated mschap (mschap) Module: Loaded preprocess preprocess: huntgroups = "/usr/local/etc/raddb/huntgroups" preprocess: hints = "/usr/local/etc/raddb/hints" preprocess: with_ascend_hack = no preprocess: ascend_channels_per_line = 23 preprocess: with_ntdomain_hack = no preprocess: with_specialix_jetstream_hack = no preprocess: with_cisco_vsa_hack = no preprocess: with_alvarion_vsa_hack = no Module: Instantiated preprocess (preprocess) Module: Loaded Acct-Unique-Session-Id acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port" Module: Instantiated acct_unique (acct_unique) Module: Loaded detail detail: detailfile = "/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d" detail: detailperm = 384 detail: dirperm = 493 detail: locking = no Module: Instantiated detail (detail) Module: Loaded radutmp radutmp: filename = "/var/log/freeradius/radutmp" radutmp: username = "%{User-Name}" radutmp: case_sensitive = yes radutmp: check_with_nas = yes radutmp: perm = 384 radutmp: callerid = yes Module: Instantiated radutmp (radutmp) Listening on authentication *:1812 Listening on accounting *:1813 Ready to process requests. rad_recv: Access-Request packet from host 127.0.0.1:42200, id=69, length=56 User-Name = "test" User-Password = "123456" NAS-IP-Address = 255.255.255.255 NAS-Port = 10 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 rlm_stg: stg_authorize() rlm_stg: stg_authorize() user name defined as 'test' rlm_stg: stg_authorize() request username field: 'test' rlm_stg: stg_authorize() request password field: '123456' rlm_stg: stg_authorize() Service-Type undefined rlm_stg: stg_authorize() stg status: '' modcall[authorize]: module "stg" returns reject for request 0 modcall: leaving group authorize (returns reject) for request 0 Delaying request 0 for 1 seconds Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 69 to 127.0.0.1 port 42200 Waking up in 4 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 69 with timestamp 54ec2361 Nothing to do. Sleeping until we see a request. в stg дебаг radius.cpp > 10:10:03 > RADIUS::ProcessAutzPacket service '' is not allowed to authorize

даже сервер тот же, ОСь дебиан Lenny, ставил 5 лет назад, всё тоже самое =) в чём же может быть дело?

какие ещё конфиги показать? на стенде тот же софт что я делал 4 года назад, не могу никак вспомнить всё точно =( а очень надо, нужен PPPoE NAS отдельный

rlm_stg от stg-2.407-rc1 под первый радиус <Module radius> Password = 123456 ServerIP = 127.0.0.1 Port = 6666 AuthServices = Login-User AcctServices = Framed-User </Module>

собранный в дебаге stg в момент попытки авторизации выплёвывает radius.cpp > 10:30:58 > RADIUS::ProcessAutzPacket service '' is not allowed to authorize

когда ввожу верный логин и пароль, ноль modcall[authorize]: module "stg" returns reject for request 0 а дальше всё так же

и как вылечить? где поправить что? =)

апну бородатую тему пытаюсь воспроизвести что делал 4 года назад, никак не выходит, версия stg-2.407-rc2 с rlm_stg.so от rc1 и freeradius-1.1.6 если получится поднять попробую на 2.408 вот radiusd.conf Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /usr/local/etc/raddb/clients.conf Config: including file: /usr/local/etc/raddb/snmp.conf main: prefix = "/usr/local" main: localstatedir = "/var" main: logdir = "/var/log/freeradius" main: libdir = "/usr/local/lib/" main: radacctdir = "/usr/local/var/log/radius/radacct" main: hostname_lookups = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = no main: log_file = "/var/log/freeradius/radius.log" main: log_auth = no main: log_auth_badpass = no main: log_auth_goodpass = no main: pidfile = "/var/run/freeradius/freeradius.pid" main: user = "freerad" main: group = "freerad" main: usercollide = no main: lower_user = "no" main: lower_pass = "no" main: nospace_user = "no" main: nospace_pass = "no" main: checkrad = "/usr/local/sbin/checkrad" main: proxy_requests = yes security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist read_config_files: reading clients read_config_files: reading realms radiusd: entering modules setup Module: Library search path is /usr/local/lib rlm_stg: stg_init() Module: Loaded stg rlm_stg: stg_instantiate() stg: password = "123456" stg: server = "127.0.0.1" stg: port = 6666 stg: local_port = 6667 Module: Instantiated stg (stg) Module: Loaded PAP pap: encryption_scheme = "crypt" pap: auto_header = no Module: Instantiated pap (pap) Module: Loaded CHAP Module: Instantiated chap (chap) Module: Loaded MS-CHAP mschap: use_mppe = yes mschap: require_encryption = yes mschap: require_strong = no mschap: with_ntdomain_hack = no mschap: passwd = "(null)" mschap: ntlm_auth = "(null)" Module: Instantiated mschap (mschap) Module: Loaded preprocess preprocess: huntgroups = "/usr/local/etc/raddb/huntgroups" preprocess: hints = "/usr/local/etc/raddb/hints" preprocess: with_ascend_hack = no preprocess: ascend_channels_per_line = 23 preprocess: with_ntdomain_hack = no preprocess: with_specialix_jetstream_hack = no preprocess: with_cisco_vsa_hack = no preprocess: with_alvarion_vsa_hack = no Module: Instantiated preprocess (preprocess) Module: Loaded Acct-Unique-Session-Id acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port" Module: Instantiated acct_unique (acct_unique) Module: Loaded detail detail: detailfile = "/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d" detail: detailperm = 384 detail: dirperm = 493 detail: locking = no Module: Instantiated detail (detail) Module: Loaded radutmp radutmp: filename = "/var/log/freeradius/radutmp" radutmp: username = "%{User-Name}" radutmp: case_sensitive = yes radutmp: check_with_nas = yes radutmp: perm = 384 radutmp: callerid = yes Module: Instantiated radutmp (radutmp) Listening on authentication *:1812 Listening on accounting *:1813 Ready to process requests. rad_recv: Access-Request packet from host 127.0.0.1:48163, id=27, length=66 Service-Type = Framed-User Framed-Protocol = PPP User-Name = "test123" Calling-Station-Id = "10.81.1.124" NAS-IP-Address = 127.0.1.1 NAS-Port = 1 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 modcall[authorize]: module "mschap" returns noop for request 0 rlm_stg: stg_authorize() rlm_stg: stg_authorize() user name defined as 'test123' rlm_stg: stg_authorize() request username field: 'test123' rlm_stg: stg_authorize() Service-Type defined as 'Framed-User' rlm_stg: stg_authorize() stg status: '' modcall[authorize]: module "stg" returns reject for request 0 modcall: leaving group authorize (returns reject) for request 0 Delaying request 0 for 1 seconds Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... rad_recv: Access-Request packet from host 127.0.0.1:37621, id=26, length=66 Service-Type = Framed-User Framed-Protocol = PPP User-Name = "test123" Calling-Station-Id = "10.81.1.124" NAS-IP-Address = 127.0.1.1 NAS-Port = 0 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 1 modcall[authorize]: module "preprocess" returns ok for request 1 modcall[authorize]: module "chap" returns noop for request 1 modcall[authorize]: module "mschap" returns noop for request 1 rlm_stg: stg_authorize() rlm_stg: stg_authorize() user name defined as 'test123' rlm_stg: stg_authorize() request username field: 'test123' rlm_stg: stg_authorize() Service-Type defined as 'Framed-User' rlm_stg: stg_authorize() stg status: '' modcall[authorize]: module "stg" returns reject for request 1 modcall: leaving group authorize (returns reject) for request 1 Delaying request 1 for 1 seconds Finished request 1 Going to the next request Sending Access-Reject of id 27 to 127.0.0.1 port 48163 Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 26 to 127.0.0.1 port 37621 Waking up in 3 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 27 with timestamp 54e5df6f Waking up in 1 seconds... --- Walking the entire request list --- Cleaning up request 1 ID 26 with timestamp 54e5df70 Nothing to do. Sleeping until we see a request.

Алексей, спасибо за столь подробный ответ, моё горе не внимательно читаю маны =( не знал что можно запускать один демон на нескольких интерфейсах и опцию -p тоже в общем щас пока всё ок, спасибо! =)

да, всё таки пытался выдать уже привязанный адрес к другой учётке Feb 6 14:47:51 skyprox pppd[29573]: Plugin /usr/lib/pppd/2.4.5/rp-pppoe.so loaded. Feb 6 14:47:51 skyprox pppd[29573]: Plugin rp-pppoe.so loaded. Feb 6 14:47:51 skyprox pppd[29573]: Plugin purestg2.so loaded. Feb 6 14:47:51 skyprox pppd[29573]: Stargazer (purestg2 2.4) auth plugin initialized. Feb 6 14:47:51 skyprox pppd[29573]: purestg2: Chap check is allowed. Feb 6 14:47:51 skyprox pppd[29573]: pppd 2.4.5 started by root, uid 0 Feb 6 14:47:51 skyprox pppd[29573]: purestg2: Connected to stargazer via /var/run/purestg2.sock. Feb 6 14:47:51 skyprox pppd[29573]: purestg2: ifunit set to 218. Feb 6 14:47:51 skyprox pppd[29573]: Connected to d4:ca:6d:6d:db:d1 via interface vlan51 Feb 6 14:47:51 skyprox pppd[29573]: Using interface ppp218 Feb 6 14:47:51 skyprox pppd[29573]: Connect: ppp218 <--> vlan51 Feb 6 14:47:51 skyprox pppd[29573]: purestg2: Chap check is allowed. Feb 6 14:47:51 skyprox pppd[29573]: purestg2: Chap check is allowed. Feb 6 14:47:52 skyprox pppd[29573]: purestg2: CHAP started. Feb 6 14:47:52 skyprox pppd[29573]: purestg2: Got passwd for user pppreserve. Feb 6 14:47:52 skyprox pppd[29573]: peer from calling number D4:CA:6D:6D:DB:D1 authorized Feb 6 14:47:52 skyprox pppd[29573]: purestg2: IP choose started. Feb 6 14:47:52 skyprox pppd[29573]: purestg2: IP choosen: any. Feb 6 14:47:52 skyprox pppd[29573]: purestg2: Check that address 188.130.250.15 is allowed... Feb 6 14:47:52 skyprox pppd[29573]: purestg2: Good address. Feb 6 14:47:52 skyprox pppd[29573]: local IP address 10.168.0.1 Feb 6 14:47:52 skyprox pppd[29573]: remote IP address 188.130.250.15 Feb 6 14:47:52 skyprox pppd[29573]: purestg2: Can't connect user pppreserve with ip 188.130.250.15. Feb 6 14:47:52 skyprox pppd[29573]: Exit. Feb 6 14:47:52 skyprox pppoe-server[839]: Session 16 closed for client d4:ca:6d:6d:db:d1 (188.130.250.15) on vlan51 Feb 6 14:47:52 skyprox pppoe-server[839]: Sent PADT Feb 6 14:47:52 skyprox pppd[29341]: Connection terminated. Feb 6 14:47:52 skyprox pppd[29341]: purestg2: Disconnected from stargazer. Feb 6 14:47:52 skyprox pppd[29341]: Modem hangup Feb 6 14:47:52 skyprox pppd[29341]: Exit. Feb 6 14:47:52 skyprox pppoe-server[839]: Session 101 closed for client d4:ca:6d:6d:db:d1 (188.130.250.100) on vlan51 Feb 6 14:47:52 skyprox pppoe-server[839]: Sent PADT Feb 6 14:47:53 skyprox pppoe-server[29628]: Session 152 created for client d4:ca:6d:6d:db:d1 (188.130.250.151) on vlan51 using Service-Name '' Feb 6 14:47:53 skyprox pppd[29628]: Plugin /usr/lib/pppd/2.4.5/rp-pppoe.so loaded. Feb 6 14:47:53 skyprox pppd[29628]: Plugin rp-pppoe.so loaded. Feb 6 14:47:53 skyprox pppd[29628]: Plugin purestg2.so loaded. Feb 6 14:47:53 skyprox pppd[29628]: Stargazer (purestg2 2.4) auth plugin initialized. Feb 6 14:47:53 skyprox pppd[29628]: purestg2: Chap check is allowed. Feb 6 14:47:53 skyprox pppd[29628]: pppd 2.4.5 started by root, uid 0 Feb 6 14:47:53 skyprox pppd[29628]: purestg2: Connected to stargazer via /var/run/purestg2.sock. Feb 6 14:47:53 skyprox pppd[29628]: purestg2: ifunit set to 184. Feb 6 14:47:53 skyprox pppd[29628]: Connected to d4:ca:6d:6d:db:d1 via interface vlan51 Feb 6 14:47:53 skyprox pppd[29628]: Using interface ppp184 Feb 6 14:47:53 skyprox pppd[29628]: Connect: ppp184 <--> vlan51 Feb 6 14:47:53 skyprox pppd[29628]: purestg2: Chap check is allowed. Feb 6 14:47:53 skyprox pppd[29628]: purestg2: Chap check is allowed. Feb 6 14:47:53 skyprox pppd[29628]: purestg2: CHAP started. Feb 6 14:47:53 skyprox pppd[29628]: purestg2: Got passwd for user pppreserve. Feb 6 14:47:53 skyprox pppd[29628]: peer from calling number D4:CA:6D:6D:DB:D1 authorized Feb 6 14:47:53 skyprox pppd[29628]: purestg2: IP choose started. Feb 6 14:47:53 skyprox pppd[29628]: purestg2: IP choosen: any. Feb 6 14:47:53 skyprox pppd[29628]: purestg2: Check that address 188.130.250.151 is allowed... Feb 6 14:47:53 skyprox pppd[29628]: purestg2: Good address. Feb 6 14:47:53 skyprox pppd[29628]: local IP address 10.168.0.1 Feb 6 14:47:53 skyprox pppd[29628]: remote IP address 188.130.250.151 Feb 6 14:47:53 skyprox pppd[29628]: purestg2: User pppreserve connected with ip 188.130.250.151.

хорошо раз так, тогда вопрос, если несколько vlan-ов /usr/sbin/pppoe-server -I vlan51 -L 10.168.0.1 -R 188.130.250.0 -N 254 -k /usr/sbin/pppoe-server -I vlan52 -L 10.168.0.2 -R 188.130.250.0 -N 254 -k /usr/sbin/pppoe-server -I vlan53 -L 10.168.0.3 -R 188.130.250.0 -N 254 -k /usr/sbin/pppoe-server -I vlan54 -L 10.168.0.4 -R 188.130.250.0 -N 254 -k есть ли шанс совпадения выдаваемого адреса? если абоненты в разных vlan-ах не выдаст ли он динамический адрес совпадающий с прописанным статически в stg у другого абонента?

и так, раздаём реальники, но есть проблема терминируем PPPoE, сервера запускаются так /usr/sbin/pppoe-server -I vlan51 -L 10.168.0.1 -R 188.130.250.0 -N 500 -k сервер выдаёт адреса по порядку и перебрав 254 адреса начинает выдавать 188.130.251.ххх и так далее, а у нас блок /24 было бы замечательно есть можно было задать диапазон, допустим в конфиге, чтобы stg выбирал из заданного диапазона первый свободный и выдавал его Алексей, насколько это реально сделать? я отблагодарю

в бою, работает, через месяц начну выдавать реальники, отпишусь

большое спасибо! собираю =)

Алексей, есть какие новости?

апнем есть сервер stg-2.408 + purestg2 для терминации PPPoE на Debian-е, планируем внедрять Микротик в качестве NAS-ов, возможно ли реализовать PPPoE авторизацию на микротиках и связать с биллингом?