Помогите freeradius 3 + Mikrotik

2019-02-14 11:07:08

Помогите пожалуйста.

ОС freebsd 12/freeradius3/mikrotik os 5.24

Настраивал Ubilling + Mikrotik pppoe по радиусу

В дебаг режиме радиус говорит

Цитата

(3)

 = notfound

			(3)     [files] = noop

			(3)     [expiration] = noop

			(3)     [logintime] = noop

			(3) pap: WARNING: No "known good" password found for the user.  Not setting Auth-Type

			(3) pap: WARNING: Authentication will fail unless a "known good" password is available

			(3)     [pap] = noop

			(3)   } # authorize = ok

			(3) ERROR: No Auth-Type found: rejecting the user via Post-Auth-Type = Reject

			(3) Failed to authenticate the user

			(3) Using Post-Auth-Type Reject

			(3) # Executing group from file /usr/local/etc/raddb/sites-enabled/default

			(3)   Post-Auth-Type REJECT {

			(3) attr_filter.access_reject: EXPAND %{User-Name}

			(3) attr_filter.access_reject:    --> 13ap00_2zha

			(3) attr_filter.access_reject: Matched entry DEFAULT at line 11

			(3)     [attr_filter.access_reject] = updated

			(3)   } # Post-Auth-Type REJECT = updated

			(3) Login incorrect (No Auth-Type found: rejecting the user via Post-Auth-Type = Reject): [13ap00_2zha] (from client Mikrotik port 45 cli 00:1E:58:A7:E8:39)

			(3) Delaying response for 1.000000 seconds

			Waking up in 0.3 seconds.

			(3) (3) Discarding duplicate request from client Mikrotik port 47056 - ID: 25 due to delayed response

			Waking up in 0.6 seconds.

			(3) (3) Discarding duplicate request from client Mikrotik port 47056 - ID: 25 due to delayed response

			Waking up in 0.3 seconds.

			(3) Sending delayed response

			(3) Sent Access-Reject Id 25 from 192.168.10.20:1812 to 192.168.10.1:47056 length 20

			Waking up in 2.0 seconds.

			(2) Cleaning up request packet ID 24 with timestamp +91

			Waking up in 1.9 seconds.

			(3) Cleaning up request packet ID 25 with timestamp +93

			Ready to process requests

Помогите куда копать, тип аутентификации все перепробовал на микроте.

Expand

Відредаговано 2019-02-14 11:14:59 005836

l1ght · 2019-02-14 11:22:36

(3) pap: WARNING: No "known good" password found for the user.  Not setting Auth-Type

(3) pap: WARNING: Authentication will fail unless a "known good" password is available

http://lmgtfy.com/?q=mikrotik+dhcp+freeradius+empty+password

2019-02-14 11:29:18

В 14.02.2019 в 11:22, l1ght сказав:
(3) pap: WARNING: No "known good" password found for the user.  Not setting Auth-Type

(3) pap: WARNING: Authentication will fail unless a "known good" password is available
http://lmgtfy.com/?q=mikrotik+dhcp+freeradius+empty+password
Expand

Спасибо от души, там уже был. Нужен совет куда копать.... 2-й день насилуюсь..

Nerofar1 · 2019-02-15 14:10:56

По этому ману настраивали?

http://wiki.ubilling.net.ua/doku.php?id=multigen

http://wiki.ubilling.net.ua/doku.php?id=mgmikrotikpppoe

если да то

Nerofar1 · 2019-02-15 14:16:01

И дабы не плодить кучу всего в модуле "Статистика сессий NAS КучаГен" ничего не отображается при этом клиенты конектятся

Настраивал

http://wiki.ubilling.net.ua/doku.php?id=multigen

http://wiki.ubilling.net.ua/doku.php?id=mgmikrotikpppoe

/usr/local/etc/raddb/sql.conf тоже всё ок но табличка

mysql> SELECT * FROM `mlg_acct`;
Empty set (0.00 sec)
может кто подскажет?

l1ght · 2019-02-15 15:41:48

В 15.02.2019 в 14:16, Nerofar1 сказав:

И дабы не плодить кучу всего в модуле "Статистика сессий NAS КучаГен" ничего не отображается при этом клиенты конектятся

Настраивал

http://wiki.ubilling.net.ua/doku.php?id=multigen

http://wiki.ubilling.net.ua/doku.php?id=mgmikrotikpppoe

/usr/local/etc/raddb/sql.conf тоже всё ок но табличка

mysql> SELECT * FROM `mlg_acct`;
Empty set (0.00 sec)
может кто подскажет?

Expand

а может начнете слать аккаунтинг со своего микротика?

2019-02-15 16:06:29

Спасибо всем, кто откликнулся, вылечилось путем установки FreeBSD 11.2 =) завелось все с пол пинка=)

prototip · 2019-02-15 22:24:08

Разве это зависит от OS ?

Nerofar1 · 2019-02-18 12:43:16

В 15.02.2019 в 15:41, l1ght сказав:

а может начнете слать аккаунтинг со своего микротика?

Expand

Ну как бы начал:

Или ещё где-то что-то надо?

FreeBSD 12.0, Ubilling 0.9.5 rev 6653

Выхлоп radiusd -X (тоесть с микротика всётаки приходит) :

Відновити прихований контент

(5) Received Accounting-Request Id 8 from 172.24.254.51:38214 to 172.24.254.50:1813 length 44
(5) Acct-Status-Type = Accounting-On
(5) NAS-Identifier = "NAS0"
(5) Acct-Delay-Time = 0
(5) NAS-IP-Address = 172.24.254.51
(5) # Executing section preacct from file /usr/local/etc/raddb/sites-enabled/default
(5) preacct {
(5) [preprocess] = ok
(5) policy acct_unique {
(5) update request {
(5) &Tmp-String-9 := "ai:"
(5) } # update request = noop
(5) if (("%{hex:&Class}" =~ /^%{hex:&Tmp-String-9}/) && ("%{string:&Class}" =~ /^ai:([0-9a-f]{32})/i)) {
(5) EXPAND %{hex:&Class}
(5) -->
(5) EXPAND ^%{hex:&Tmp-String-9}
(5) --> ^61693a
(5) if (("%{hex:&Class}" =~ /^%{hex:&Tmp-String-9}/) && ("%{string:&Class}" =~ /^ai:([0-9a-f]{32})/i)) -> FALSE
(5) else {
(5) update request {
(5) EXPAND %{md5:%{User-Name},%{Acct-Session-ID},%{%{NAS-IPv6-Address}:-%{NAS-IP-Address}},%{NAS-Identifier},%{NAS-Port-ID},%{NAS-Port}}
(5) --> 48a8e2838fa14168aa82e143501a5fdd
(5) &Acct-Unique-Session-Id := 48a8e2838fa14168aa82e143501a5fdd
(5) } # update request = noop
(5) } # else = noop
(5) } # policy acct_unique = noop
(5) } # preacct = ok
(5) # Executing section accounting from file /usr/local/etc/raddb/sites-enabled/default
(5) accounting {
(5) sql: EXPAND %{tolower:type.%{Acct-Status-Type}.query}
(5) sql: --> type.accounting-on.query
(5) sql: Using query template 'query'
rlm_sql (sql): Closing connection (12): Hit idle_timeout, was idle for 128 seconds
rlm_sql (sql): You probably need to lower "min"
rlm_sql_mysql: Socket destructor called, closing socket
rlm_sql (sql): Closing connection (13): Hit idle_timeout, was idle for 128 seconds
rlm_sql (sql): You probably need to lower "min"
rlm_sql_mysql: Socket destructor called, closing socket
rlm_sql (sql): 0 of 0 connections in use. You may need to increase "spare"
rlm_sql (sql): Opening additional connection (14), 1 of 32 pending slots used
rlm_sql_mysql: Starting connect to MySQL server
rlm_sql_mysql: Connected to database 'stg' on Localhost via UNIX socket, server version 5.6.42, protocol version 10
rlm_sql (sql): Reserved connection (14)
(5) sql: EXPAND %{User-Name}
(5) sql: -->
(5) sql: SQL-User-Name set to ''
(5) sql: EXPAND UPDATE mlg_acct SET acctstoptime = FROM_UNIXTIME(%{integer:Event-Timestamp}), acctsessiontime = '%{integer:Event-Timestamp}' - UNIX_TIMESTAMP(acctstarttime), acctterminatecause = '%{%{Acct-Terminate-Cause}:-NAS-Reboot}' WHERE acctstoptime IS NULL AND nasipaddress = '%{NAS-IP-Address}' AND acctstarttime <= FROM_UNIXTIME(%{integer:Event-Timestamp})
(5) sql: --> UPDATE mlg_acct SET acctstoptime = FROM_UNIXTIME(1550493621), acctsessiontime = '1550493621' - UNIX_TIMESTAMP(acctstarttime), acctterminatecause = 'NAS-Reboot' WHERE acctstoptime IS NULL AND nasipaddress = '172.24.254.51' AND acctstarttime <= FROM_UNIXTIME(1550493621)
(5) sql: Executing query: UPDATE mlg_acct SET acctstoptime = FROM_UNIXTIME(1550493621), acctsessiontime = '1550493621' - UNIX_TIMESTAMP(acctstarttime), acctterminatecause = 'NAS-Reboot' WHERE acctstoptime IS NULL AND nasipaddress = '172.24.254.51' AND acctstarttime <= FROM_UNIXTIME(1550493621)
rlm_sql_mysql: Rows matched: 0 Changed: 0 Warnings: 0
(5) sql: SQL query returned: success
(5) sql: 0 record(s) updated
(5) sql: No additional queries configured
rlm_sql (sql): Released connection (14)
Need 2 more connections to reach min connections (3)
rlm_sql (sql): Opening additional connection (15), 1 of 31 pending slots used
rlm_sql_mysql: Starting connect to MySQL server
rlm_sql_mysql: Connected to database 'stg' on Localhost via UNIX socket, server version 5.6.42, protocol version 10
(5)

 = noop

			(5)   } # accounting = noop

			(5) Not sending reply to client.

			(5) Finished request

			(5) Cleaning up request packet ID 8 with timestamp +595

			Ready to process requests

			(6) Received Accounting-Request Id 9 from 172.24.254.51:47552 to 172.24.254.50:1813 length 44

			(6)   Acct-Status-Type = Accounting-On

			(6)   NAS-Identifier = "NAS0"

			(6)   Acct-Delay-Time = 0

			(6)   NAS-IP-Address = 172.24.254.51

			(6) # Executing section preacct from file /usr/local/etc/raddb/sites-enabled/default

			(6)   preacct {

			(6)     [preprocess] = ok

			(6)     policy acct_unique {

			(6)       update request {

			(6)         &Tmp-String-9 := "ai:"

			(6)       } # update request = noop

			(6)       if (("%{hex:&Class}" =~ /^%{hex:&Tmp-String-9}/) &&       ("%{string:&Class}" =~ /^ai:([0-9a-f]{32})/i)) {

			(6)       EXPAND %{hex:&Class}

			(6)          -->

			(6)       EXPAND ^%{hex:&Tmp-String-9}

			(6)          --> ^61693a

			(6)       if (("%{hex:&Class}" =~ /^%{hex:&Tmp-String-9}/) &&       ("%{string:&Class}" =~ /^ai:([0-9a-f]{32})/i))  -> FALSE

			(6)       else {

			(6)         update request {

			(6)           EXPAND %{md5:%{User-Name},%{Acct-Session-ID},%{%{NAS-IPv6-Address}:-%{NAS-IP-Address}},%{NAS-Identifier},%{NAS-Port-ID},%{NAS-Port}}

			(6)              --> 48a8e2838fa14168aa82e143501a5fdd

			(6)           &Acct-Unique-Session-Id := 48a8e2838fa14168aa82e143501a5fdd

			(6)         } # update request = noop

			(6)       } # else = noop

			(6)     } # policy acct_unique = noop

			(6)   } # preacct = ok

			(6) # Executing section accounting from file /usr/local/etc/raddb/sites-enabled/default

			(6)   accounting {

			(6) sql: EXPAND %{tolower:type.%{Acct-Status-Type}.query}

			(6) sql:    --> type.accounting-on.query

			(6) sql: Using query template 'query'

			rlm_sql (sql): Closing connection (14): Hit idle_timeout, was idle for 256 seconds

			rlm_sql (sql): You probably need to lower "min"

			rlm_sql_mysql: Socket destructor called, closing socket

			rlm_sql (sql): Closing connection (15): Hit idle_timeout, was idle for 256 seconds

			rlm_sql (sql): You probably need to lower "min"

			rlm_sql_mysql: Socket destructor called, closing socket

			rlm_sql (sql): 0 of 0 connections in use.  You  may need to increase "spare"

			rlm_sql (sql): Opening additional connection (16), 1 of 32 pending slots used

			rlm_sql_mysql: Starting connect to MySQL server

			rlm_sql_mysql: Connected to database 'stg' on Localhost via UNIX socket, server version 5.6.42, protocol version 10

			rlm_sql (sql): Reserved connection (16)

			(6) sql: EXPAND %{User-Name}

			(6) sql:    -->

			(6) sql: SQL-User-Name set to ''

			(6) sql: EXPAND UPDATE mlg_acct SET acctstoptime = FROM_UNIXTIME(%{integer:Event-Timestamp}), acctsessiontime   = '%{integer:Event-Timestamp}' - UNIX_TIMESTAMP(acctstarttime), acctterminatecause = '%{%{Acct-Terminate-Cause}:-NAS-Reboot}' WHERE acctstoptime IS NULL AND nasipaddress   = '%{NAS-IP-Address}' AND acctstarttime <= FROM_UNIXTIME(%{integer:Event-Timestamp})

			(6) sql:    --> UPDATE mlg_acct SET acctstoptime = FROM_UNIXTIME(1550493877), acctsessiontime   = '1550493877' - UNIX_TIMESTAMP(acctstarttime), acctterminatecause = 'NAS-Reboot' WHERE acctstoptime IS NULL AND nasipaddress   = '172.24.254.51' AND acctstarttime <= FROM_UNIXTIME(1550493877)

			(6) sql: Executing query: UPDATE mlg_acct SET acctstoptime = FROM_UNIXTIME(1550493877), acctsessiontime = '1550493877' - UNIX_TIMESTAMP(acctstarttime), acctterminatecause = 'NAS-Reboot' WHERE acctstoptime IS NULL AND nasipaddress   = '172.24.254.51' AND acctstarttime <= FROM_UNIXTIME(1550493877)

			rlm_sql_mysql: Rows matched: 0  Changed: 0  Warnings: 0

			(6) sql: SQL query returned: success

			(6) sql: 0 record(s) updated

			(6) sql: No additional queries configured

			rlm_sql (sql): Released connection (16)

			Need 2 more connections to reach min connections (3)

			rlm_sql (sql): Opening additional connection (17), 1 of 31 pending slots used

			rlm_sql_mysql: Starting connect to MySQL server

			rlm_sql_mysql: Connected to database 'stg' on Localhost via UNIX socket, server version 5.6.42, protocol version 10

			(6)     [sql] = noop

			(6)   } # accounting = noop

			(6) Not sending reply to client.

			(6) Finished request

			(6) Cleaning up request packet ID 9 with timestamp +851

			Ready to process requests

			(7) Received Accounting-Request Id 10 from 172.24.254.51:37641 to 172.24.254.50:1813 length 44

			(7)   Acct-Status-Type = Accounting-On

			(7)   NAS-Identifier = "NAS0"

			(7)   Acct-Delay-Time = 0

			(7)   NAS-IP-Address = 172.24.254.51

			(7) # Executing section preacct from file /usr/local/etc/raddb/sites-enabled/default

			(7)   preacct {

			(7)     [preprocess] = ok

			(7)     policy acct_unique {

			(7)       update request {

			(7)         &Tmp-String-9 := "ai:"

			(7)       } # update request = noop

			(7)       if (("%{hex:&Class}" =~ /^%{hex:&Tmp-String-9}/) &&       ("%{string:&Class}" =~ /^ai:([0-9a-f]{32})/i)) {

			(7)       EXPAND %{hex:&Class}

			(7)          -->

			(7)       EXPAND ^%{hex:&Tmp-String-9}

			(7)          --> ^61693a

			(7)       if (("%{hex:&Class}" =~ /^%{hex:&Tmp-String-9}/) &&       ("%{string:&Class}" =~ /^ai:([0-9a-f]{32})/i))  -> FALSE

			(7)       else {

			(7)         update request {

			(7)           EXPAND %{md5:%{User-Name},%{Acct-Session-ID},%{%{NAS-IPv6-Address}:-%{NAS-IP-Address}},%{NAS-Identifier},%{NAS-Port-ID},%{NAS-Port}}

			(7)              --> 48a8e2838fa14168aa82e143501a5fdd

			(7)           &Acct-Unique-Session-Id := 48a8e2838fa14168aa82e143501a5fdd

			(7)         } # update request = noop

			(7)       } # else = noop

			(7)     } # policy acct_unique = noop

			(7)   } # preacct = ok

			(7) # Executing section accounting from file /usr/local/etc/raddb/sites-enabled/default

			(7)   accounting {

			(7) sql: EXPAND %{tolower:type.%{Acct-Status-Type}.query}

			(7) sql:    --> type.accounting-on.query

			(7) sql: Using query template 'query'

			rlm_sql (sql): Closing connection (16): Hit idle_timeout, was idle for 512 seconds

			rlm_sql (sql): You probably need to lower "min"

			rlm_sql_mysql: Socket destructor called, closing socket

			rlm_sql (sql): Closing connection (17): Hit idle_timeout, was idle for 512 seconds

			rlm_sql (sql): You probably need to lower "min"

			rlm_sql_mysql: Socket destructor called, closing socket

			rlm_sql (sql): 0 of 0 connections in use.  You  may need to increase "spare"

			rlm_sql (sql): Opening additional connection (18), 1 of 32 pending slots used

			rlm_sql_mysql: Starting connect to MySQL server

			rlm_sql_mysql: Connected to database 'stg' on Localhost via UNIX socket, server version 5.6.42, protocol version 10

			rlm_sql (sql): Reserved connection (18)

			(7) sql: EXPAND %{User-Name}

			(7) sql:    -->

			(7) sql: SQL-User-Name set to ''

			(7) sql: EXPAND UPDATE mlg_acct SET acctstoptime = FROM_UNIXTIME(%{integer:Event-Timestamp}), acctsessiontime   = '%{integer:Event-Timestamp}' - UNIX_TIMESTAMP(acctstarttime), acctterminatecause = '%{%{Acct-Terminate-Cause}:-NAS-Reboot}' WHERE acctstoptime IS NULL AND nasipaddress   = '%{NAS-IP-Address}' AND acctstarttime <= FROM_UNIXTIME(%{integer:Event-Timestamp})

			(7) sql:    --> UPDATE mlg_acct SET acctstoptime = FROM_UNIXTIME(1550494389), acctsessiontime   = '1550494389' - UNIX_TIMESTAMP(acctstarttime), acctterminatecause = 'NAS-Reboot' WHERE acctstoptime IS NULL AND nasipaddress   = '172.24.254.51' AND acctstarttime <= FROM_UNIXTIME(1550494389)

			(7) sql: Executing query: UPDATE mlg_acct SET acctstoptime = FROM_UNIXTIME(1550494389), acctsessiontime = '1550494389' - UNIX_TIMESTAMP(acctstarttime), acctterminatecause = 'NAS-Reboot' WHERE acctstoptime IS NULL AND nasipaddress   = '172.24.254.51' AND acctstarttime <= FROM_UNIXTIME(1550494389)

			rlm_sql_mysql: Rows matched: 0  Changed: 0  Warnings: 0

			(7) sql: SQL query returned: success

			(7) sql: 0 record(s) updated

			(7) sql: No additional queries configured

			rlm_sql (sql): Released connection (18)

			Need 2 more connections to reach min connections (3)

			rlm_sql (sql): Opening additional connection (19), 1 of 31 pending slots used

			rlm_sql_mysql: Starting connect to MySQL server

			rlm_sql_mysql: Connected to database 'stg' on Localhost via UNIX socket, server version 5.6.42, protocol version 10

			(7)     [sql] = noop

			(7)   } # accounting = noop

			(7) Not sending reply to client.

			(7) Finished request

			(7) Cleaning up request packet ID 10 with timestamp +1363

			Ready to process requests

Відредаговано 2019-02-18 13:08:48 Nerofar1
дополнение

l1ght · 2019-02-18 14:00:32

(6) sql: SQL-User-Name set to ''

ну х#$ знает че это оно, да?

rlm_sql_mysql: Rows matched: 0  Changed: 0  Warnings: 0
(6) sql: 0 record(s) updated

Відредаговано 2019-02-18 14:00:41 l1ght

Nerofar1 · 2019-02-19 06:55:51

Если честно то как бы да, х#$ его знает что теперь делать /usr/local/etc/raddb/mods-config/sql/main/mysql/queries.conf скопировал из пресетов, Куда дальше смотреть?

Відредаговано 2019-02-19 07:09:32 Nerofar1

l1ght · 2019-02-19 08:23:09

В 19.02.2019 в 06:55, Nerofar1 сказав:

Если честно то как бы да, х#$ его знает что теперь делать /usr/local/etc/raddb/mods-config/sql/main/mysql/queries.conf скопировал из пресетов, Куда дальше смотреть?

Expand

ищите где напортачили в конфиге и какого хера Username становится пустым

Nerofar1 · 2019-02-19 09:26:53

Самое прикольное что при авторизации находит:

(0) sql: EXPAND SELECT id, username, attribute, value, op FROM mlg_reply WHERE username = '%{SQL-User-Name}' ORDER BY id
(0) sql: --> SELECT id, username, attribute, value, op FROM mlg_reply WHERE username = 'tester' ORDER BY id
(0) sql: Executing select query: SELECT id, username, attribute, value, op FROM mlg_reply WHERE username = 'tester' ORDER BY id

Nerofar1 · 2019-02-21 08:21:21

Да вроде уже всё просмотрел, и портачить особо негде /usr/local/etc/raddb/sql.conf только подключение к базе и /usr/local/etc/raddb/dictionary,

ради чистоты эксперимента на на другой машине поставил freebsd 12.0 установил Ubilling 0.9.5 rev 6653 и один фиг не находит sql: SQL-User-Name set to ''

Відновити прихований контент

(2) Received Accounting-Request Id 16 from 172.24.254.51:49610 to 172.24.254.50:1813 length 44
(2) Acct-Status-Type = Accounting-On
(2) NAS-Identifier = "NAS0"
(2) Acct-Delay-Time = 0
(2) NAS-IP-Address = 172.24.254.51
(2) # Executing section preacct from file /usr/local/etc/raddb/sites-enabled/default
(2) preacct {
(2) [preprocess] = ok
(2) policy acct_unique {
(2) update request {
(2) &Tmp-String-9 := "ai:"
(2) } # update request = noop
(2) if (("%{hex:&Class}" =~ /^%{hex:&Tmp-String-9}/) && ("%{string:&Class}" =~ /^ai:([0-9a-f]{32})/i)) {
(2) EXPAND %{hex:&Class}
(2) -->
(2) EXPAND ^%{hex:&Tmp-String-9}
(2) --> ^61693a
(2) if (("%{hex:&Class}" =~ /^%{hex:&Tmp-String-9}/) && ("%{string:&Class}" =~ /^ai:([0-9a-f]{32})/i)) -> FALSE
(2) else {
(2) update request {
(2) EXPAND %{md5:%{User-Name},%{Acct-Session-ID},%{%{NAS-IPv6-Address}:-%{NAS-IP-Address}},%{NAS-Identifier},%{NAS-Port-ID},%{NAS-Port}}
(2) --> 48a8e2838fa14168aa82e143501a5fdd
(2) &Acct-Unique-Session-Id := 48a8e2838fa14168aa82e143501a5fdd
(2) } # update request = noop
(2) } # else = noop
(2) } # policy acct_unique = noop
(2) } # preacct = ok
(2) # Executing section accounting from file /usr/local/etc/raddb/sites-enabled/default
(2) accounting {
(2) sql: EXPAND %{tolower:type.%{Acct-Status-Type}.query}
(2) sql: --> type.accounting-on.query
(2) sql: Using query template 'query'
rlm_sql (sql): Closing connection (8): Hit idle_timeout, was idle for 1024 seconds
rlm_sql (sql): You probably need to lower "min"
rlm_sql_mysql: Socket destructor called, closing socket
rlm_sql (sql): Closing connection (9): Hit idle_timeout, was idle for 1024 seconds
rlm_sql (sql): You probably need to lower "min"
rlm_sql_mysql: Socket destructor called, closing socket
rlm_sql (sql): 0 of 0 connections in use. You may need to increase "spare"
rlm_sql (sql): Opening additional connection (10), 1 of 32 pending slots used
rlm_sql_mysql: Starting connect to MySQL server
rlm_sql_mysql: Connected to database 'stg' on Localhost via UNIX socket, server version 5.6.42, protocol version 10
rlm_sql (sql): Reserved connection (10)
(2) sql: EXPAND %{User-Name}
(2) sql: -->
(2) sql: SQL-User-Name set to ''
(2) sql: EXPAND UPDATE mlg_acct SET acctstoptime = FROM_UNIXTIME(%{integer:Event-Timestamp}), acctsessiontime = '%{integer:Event-Timestamp}' - UNIX_TIMESTAMP(acctstarttime), acctterminatecause = '%{%{Acct-Terminate-Cause}:-NAS-Reboot}' WHERE acctstoptime IS NULL AND nasipaddress = '%{NAS-IP-Address}' AND acctstarttime <= FROM_UNIXTIME(%{integer:Event-Timestamp})
(2) sql: --> UPDATE mlg_acct SET acctstoptime = FROM_UNIXTIME(1550736135), acctsessiontime = '1550736135' - UNIX_TIMESTAMP(acctstarttime), acctterminatecause = 'NAS-Reboot' WHERE acctstoptime IS NULL AND nasipaddress = '172.24.254.51' AND acctstarttime <= FROM_UNIXTIME(1550736135)
(2) sql: Executing query: UPDATE mlg_acct SET acctstoptime = FROM_UNIXTIME(1550736135), acctsessiontime = '1550736135' - UNIX_TIMESTAMP(acctstarttime), acctterminatecause = 'NAS-Reboot' WHERE acctstoptime IS NULL AND nasipaddress = '172.24.254.51' AND acctstarttime <= FROM_UNIXTIME(1550736135)
rlm_sql_mysql: Rows matched: 0 Changed: 0 Warnings: 0
(2) sql: SQL query returned: success
(2) sql: 0 record(s) updated
(2) sql: No additional queries configured
rlm_sql (sql): Released connection (10)
Need 2 more connections to reach min connections (3)
rlm_sql (sql): Opening additional connection (11), 1 of 31 pending slots used
rlm_sql_mysql: Starting connect to MySQL server
rlm_sql_mysql: Connected to database 'stg' on Localhost via UNIX socket, server version 5.6.42, protocol version 10
(2)

 = noop

			(2)   } # accounting = noop

			(2) Not sending reply to client.

			(2) Finished request

			(2) Cleaning up request packet ID 16 with timestamp +1442

			Ready to process requests

Відредаговано 2019-02-21 08:21:49 Nerofar1

l1ght · 2019-02-21 09:15:10

В 21.02.2019 в 08:21, Nerofar1 сказав:
Да вроде уже всё просмотрел, и портачить особо негде /usr/local/etc/raddb/sql.conf только подключение к базе и /usr/local/etc/raddb/dictionary,

ради чистоты эксперимента на на другой машине поставил freebsd 12.0 установил Ubilling 0.9.5 rev 6653 и один фиг не находит sql: SQL-User-Name set to ''
Відновити прихований контент
(2) Received Accounting-Request Id 16 from 172.24.254.51:49610 to 172.24.254.50:1813 length 44
(2) Acct-Status-Type = Accounting-On
(2) NAS-Identifier = "NAS0"
(2) Acct-Delay-Time = 0
(2) NAS-IP-Address = 172.24.254.51
(2) # Executing section preacct from file /usr/local/etc/raddb/sites-enabled/default
(2) preacct {
(2) [preprocess] = ok
(2) policy acct_unique {
(2) update request {
(2) &Tmp-String-9 := "ai:"
(2) } # update request = noop
(2) if (("%{hex:&Class}" =~ /^%{hex:&Tmp-String-9}/) && ("%{string:&Class}" =~ /^ai:([0-9a-f]{32})/i)) {
(2) EXPAND %{hex:&Class}
(2) -->
(2) EXPAND ^%{hex:&Tmp-String-9}
(2) --> ^61693a
(2) if (("%{hex:&Class}" =~ /^%{hex:&Tmp-String-9}/) && ("%{string:&Class}" =~ /^ai:([0-9a-f]{32})/i)) -> FALSE
(2) else {
(2) update request {
(2) EXPAND %{md5:%{User-Name},%{Acct-Session-ID},%{%{NAS-IPv6-Address}:-%{NAS-IP-Address}},%{NAS-Identifier},%{NAS-Port-ID},%{NAS-Port}}
(2) --> 48a8e2838fa14168aa82e143501a5fdd
(2) &Acct-Unique-Session-Id := 48a8e2838fa14168aa82e143501a5fdd
(2) } # update request = noop
(2) } # else = noop
(2) } # policy acct_unique = noop
(2) } # preacct = ok
(2) # Executing section accounting from file /usr/local/etc/raddb/sites-enabled/default
(2) accounting {
(2) sql: EXPAND %{tolower:type.%{Acct-Status-Type}.query}
(2) sql: --> type.accounting-on.query
(2) sql: Using query template 'query'
rlm_sql (sql): Closing connection (8): Hit idle_timeout, was idle for 1024 seconds
rlm_sql (sql): You probably need to lower "min"
rlm_sql_mysql: Socket destructor called, closing socket
rlm_sql (sql): Closing connection (9): Hit idle_timeout, was idle for 1024 seconds
rlm_sql (sql): You probably need to lower "min"
rlm_sql_mysql: Socket destructor called, closing socket
rlm_sql (sql): 0 of 0 connections in use. You may need to increase "spare"
rlm_sql (sql): Opening additional connection (10), 1 of 32 pending slots used
rlm_sql_mysql: Starting connect to MySQL server
rlm_sql_mysql: Connected to database 'stg' on Localhost via UNIX socket, server version 5.6.42, protocol version 10
rlm_sql (sql): Reserved connection (10)
(2) sql: EXPAND %{User-Name}
(2) sql: -->
(2) sql: SQL-User-Name set to ''
(2) sql: EXPAND UPDATE mlg_acct SET acctstoptime = FROM_UNIXTIME(%{integer:Event-Timestamp}), acctsessiontime = '%{integer:Event-Timestamp}' - UNIX_TIMESTAMP(acctstarttime), acctterminatecause = '%{%{Acct-Terminate-Cause}:-NAS-Reboot}' WHERE acctstoptime IS NULL AND nasipaddress = '%{NAS-IP-Address}' AND acctstarttime <= FROM_UNIXTIME(%{integer:Event-Timestamp})
(2) sql: --> UPDATE mlg_acct SET acctstoptime = FROM_UNIXTIME(1550736135), acctsessiontime = '1550736135' - UNIX_TIMESTAMP(acctstarttime), acctterminatecause = 'NAS-Reboot' WHERE acctstoptime IS NULL AND nasipaddress = '172.24.254.51' AND acctstarttime <= FROM_UNIXTIME(1550736135)
(2) sql: Executing query: UPDATE mlg_acct SET acctstoptime = FROM_UNIXTIME(1550736135), acctsessiontime = '1550736135' - UNIX_TIMESTAMP(acctstarttime), acctterminatecause = 'NAS-Reboot' WHERE acctstoptime IS NULL AND nasipaddress = '172.24.254.51' AND acctstarttime <= FROM_UNIXTIME(1550736135)
rlm_sql_mysql: Rows matched: 0 Changed: 0 Warnings: 0
(2) sql: SQL query returned: success
(2) sql: 0 record(s) updated
(2) sql: No additional queries configured
rlm_sql (sql): Released connection (10)
Need 2 more connections to reach min connections (3)
rlm_sql (sql): Opening additional connection (11), 1 of 31 pending slots used
rlm_sql_mysql: Starting connect to MySQL server
rlm_sql_mysql: Connected to database 'stg' on Localhost via UNIX socket, server version 5.6.42, protocol version 10
(2)
 = noop

			(2)   } # accounting = noop

			(2) Not sending reply to client.

			(2) Finished request

			(2) Cleaning up request packet ID 16 with timestamp +1442

			Ready to process requests
		
	
Expand

заливай свои конфиги в архив и выкладывай

тока пароли к БД не свети

Nerofar1 · 2019-02-21 09:52:23

В 21.02.2019 в 09:15, l1ght сказав:

заливай свои конфиги в архив и выкладывай

тока пароли к БД не свети

Expand

Спасибо Тебе Добрый Человек)

system.tar.gz

l1ght · 2019-02-21 10:11:14

В 21.02.2019 в 09:52, Nerofar1 сказав:

Спасибо Тебе Добрый Человек)

system.tar.gzОтримання інформації

Expand

так, а как логины то выглядят?

маки?

Nerofar1 · 2019-02-21 10:16:28

Логины есть перенесёные (с помощью Миграции 2) типа tester, и генерируемые убиллингом KRBor43ap11_oing, маки мне не нужны так что все авто генерируемые

14:88:25:55:70:83

Відредаговано 2019-02-21 10:18:13 Nerofar1

l1ght · 2019-02-21 10:17:40

В 21.02.2019 в 10:16, Nerofar1 сказав:

Логины есть перенесёные (с помощью Миграции 2) типа tester, и генерируемые убиллингом, маки мне не нужны так что все авто генерируемые

14:88:25:55:70:83

Expand

что у радиуса в качестве юзернейм я имел в виду

собери побольше дебага radiusd -X и выложи целым куском, а то по ошметкам плохо понятно

Nerofar1 · 2019-02-21 10:20:02

sql: SQL-User-Name set to 'tester'

Login OK: [tester] (from client NAS0 port 15728648 cli 60:EB:69:39:6D:25)

l1ght · 2019-02-21 10:22:02

В 21.02.2019 в 10:20, Nerofar1 сказав:

sql: SQL-User-Name set to 'tester'

Login OK: [tester] (from client NAS0 port 15728648 cli 60:EB:69:39:6D:25)

Expand

не кусок лога с минимальным логированием а имеено дебаг

Відредаговано 2019-02-21 10:22:46 l1ght

Nerofar1 · 2019-02-21 10:24:57

В 21.02.2019 в 10:22, l1ght сказав:

не кусок лога в минимальным логированием а имеено дебаг

Expand

Відновити прихований контент

(1) Received Access-Request Id 19 from 172.24.254.51:38917 to 172.24.254.50:1812 length 177
(1) Service-Type = Framed-User
(1) Framed-Protocol = PPP
(1) NAS-Port = 15728648
(1) NAS-Port-Type = Ethernet
(1) User-Name = "tester"
(1) Calling-Station-Id = "60:EB:69:39:6D:25"
(1) Called-Station-Id = "D-com"
(1) NAS-Port-Id = "br1"
(1) MS-CHAP-Challenge = 0x8e1971cefdfd1f41279987fb5dc29ab5
(1) MS-CHAP2-Response = 0x01003d28439cea3199a56ec17d108c08278b00000000000000003d687bd66943a6498aa4e5431f3885a999ea3632db6c020c
(1) NAS-Identifier = "NAS0"
(1) NAS-IP-Address = 172.24.254.51
(1) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
(1) authorize {
(1) [preprocess] = ok
(1) [chap] = noop
(1) mschap: Found MS-CHAP attributes. Setting 'Auth-Type = mschap'
(1) [mschap] = ok
(1) [digest] = noop
(1) eap: No EAP-Message, not doing EAP
(1) [eap] = noop
(1) sql: EXPAND %{User-Name}
(1) sql: --> tester
(1) sql: SQL-User-Name set to 'tester'
rlm_sql (sql): Closing connection (3): Hit idle_timeout, was idle for 1356 seconds
rlm_sql_mysql: Socket destructor called, closing socket
rlm_sql (sql): Closing connection (4): Hit idle_timeout, was idle for 1356 seconds
rlm_sql_mysql: Socket destructor called, closing socket
rlm_sql (sql): Closing connection (0): Hit idle_timeout, was idle for 1356 seconds
rlm_sql_mysql: Socket destructor called, closing socket
rlm_sql (sql): Closing connection (5): Hit idle_timeout, was idle for 1356 seconds
rlm_sql_mysql: Socket destructor called, closing socket
rlm_sql (sql): Closing connection (1): Hit idle_timeout, was idle for 1337 seconds
rlm_sql (sql): You probably need to lower "min"
rlm_sql_mysql: Socket destructor called, closing socket
rlm_sql (sql): Closing connection (6): Hit idle_timeout, was idle for 1337 seconds
rlm_sql (sql): You probably need to lower "min"
rlm_sql_mysql: Socket destructor called, closing socket
rlm_sql (sql): Closing connection (2): Hit idle_timeout, was idle for 1337 seconds
rlm_sql (sql): You probably need to lower "min"
rlm_sql_mysql: Socket destructor called, closing socket
rlm_sql (sql): 0 of 0 connections in use. You may need to increase "spare"
rlm_sql (sql): Opening additional connection (7), 1 of 32 pending slots used
rlm_sql_mysql: Starting connect to MySQL server
rlm_sql_mysql: Connected to database 'stg' on Localhost via UNIX socket, server version 5.6.42, protocol version 10
rlm_sql (sql): Reserved connection (7)
(1) sql: EXPAND SELECT id, username, attribute, value, op FROM mlg_check WHERE username = '%{SQL-User-Name}' ORDER BY id
(1) sql: --> SELECT id, username, attribute, value, op FROM mlg_check WHERE username = 'tester' ORDER BY id
(1) sql: Executing select query: SELECT id, username, attribute, value, op FROM mlg_check WHERE username = 'tester' ORDER BY id
(1) sql: User found in radcheck table
(1) sql: Conditional check items matched, merging assignment check items
(1) sql: Cleartext-Password := "testtest"
(1) sql: EXPAND SELECT id, username, attribute, value, op FROM mlg_reply WHERE username = '%{SQL-User-Name}' ORDER BY id
(1) sql: --> SELECT id, username, attribute, value, op FROM mlg_reply WHERE username = 'tester' ORDER BY id
(1) sql: Executing select query: SELECT id, username, attribute, value, op FROM mlg_reply WHERE username = 'tester' ORDER BY id
(1) sql: User found in radreply table, merging reply items
(1) sql: Framed-IP-Address = 172.16.2.173
(1) sql: Mikrotik-Rate-Limit = "102400k/102400k"
(1) sql: Acct-Interim-Interval = 600
(1) sql: Idle-Timeout = 86400
(1) sql: EXPAND SELECT username FROM mlg_groupreply WHERE username = '%{SQL-User-Name}'
(1) sql: --> SELECT username FROM mlg_groupreply WHERE username = 'tester'
(1) sql: Executing select query: SELECT username FROM mlg_groupreply WHERE username = 'tester'
(1) sql: User found in the group table
(1) sql: EXPAND SELECT id, groupname, attribute, Value, op FROM mlg_groupcheck WHERE groupname = '%{SQL-Group}' ORDER BY id
(1) sql: --> SELECT id, groupname, attribute, Value, op FROM mlg_groupcheck WHERE groupname = 'tester' ORDER BY id
(1) sql: Executing select query: SELECT id, groupname, attribute, Value, op FROM mlg_groupcheck WHERE groupname = 'tester' ORDER BY id
(1) sql: Group "tester": Conditional check items matched
(1) sql: Group "tester": Merging assignment check items
(1) sql: EXPAND SELECT id, username, attribute, value, op FROM mlg_groupreply WHERE `username` = '%{SQL-User-Name}' ORDER BY id
(1) sql: --> SELECT id, username, attribute, value, op FROM mlg_groupreply WHERE `username` = 'tester' ORDER BY id
(1) sql: Executing select query: SELECT id, username, attribute, value, op FROM mlg_groupreply WHERE `username` = 'tester' ORDER BY id
(1) sql: Group "tester": Merging reply items
(1) sql: Mikrotik-Address-List = "NOT_ALLOW"
rlm_sql (sql): Released connection (7)
Need 2 more connections to reach min connections (3)
rlm_sql (sql): Opening additional connection (8), 1 of 31 pending slots used
rlm_sql_mysql: Starting connect to MySQL server
rlm_sql_mysql: Connected to database 'stg' on Localhost via UNIX socket, server version 5.6.42, protocol version 10
(1)

 = ok

			(1)     [files] = noop

			(1)     [expiration] = noop

			(1)     [logintime] = noop

			(1) pap: WARNING: Auth-Type already set.  Not setting to PAP

			(1)     [pap] = noop

			(1)   } # authorize = ok

			(1) Found Auth-Type = mschap

			(1) # Executing group from file /usr/local/etc/raddb/sites-enabled/default

			(1)   authenticate {

			(1) mschap: Found Cleartext-Password, hashing to create NT-Password

			(1) mschap: Found Cleartext-Password, hashing to create LM-Password

			(1) mschap: Creating challenge hash with username: tester

			(1) mschap: Client is using MS-CHAPv2

			(1) mschap: Adding MS-CHAPv2 MPPE keys

			(1)     [mschap] = ok

			(1)   } # authenticate = ok

			(1) # Executing section post-auth from file /usr/local/etc/raddb/sites-enabled/default

			(1)   post-auth {

			(1)     update {

			(1)       No attributes updated

			(1)     } # update = noop

			(1) sql: EXPAND .query

			(1) sql:    --> .query

			(1) sql: Using query template 'query'

			rlm_sql (sql): Reserved connection (7)

			(1) sql: EXPAND %{User-Name}

			(1) sql:    --> tester

			(1) sql: SQL-User-Name set to 'tester'

			(1) sql: EXPAND INSERT INTO mlg_postauth (username, pass, reply, authdate) VALUES ( '%{SQL-User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S')

			(1) sql:    --> INSERT INTO mlg_postauth (username, pass, reply, authdate) VALUES ( 'tester', '', 'Access-Accept', '2019-02-21 11:06:24')

			(1) sql: Executing query: INSERT INTO mlg_postauth (username, pass, reply, authdate) VALUES ( 'tester', '', 'Access-Accept', '2019-02-21 11:06:24')

			(1) sql: SQL query returned: success

			(1) sql: 1 record(s) updated

			rlm_sql (sql): Released connection (7)

			(1)     [sql] = ok

			(1)     [exec] = noop

			(1)   } # post-auth = ok

			(1) Login OK: [tester] (from client NAS0 port 15728648 cli 60:EB:69:39:6D:25)

			(1) Sent Access-Accept Id 19 from 172.24.254.50:1812 to 172.24.254.51:38917 length 0

			(1)   Framed-IP-Address = 172.16.2.173

			(1)   Mikrotik-Rate-Limit = "102400k/102400k"

			(1)   Acct-Interim-Interval = 600

			(1)   Idle-Timeout = 86400

			(1)   Mikrotik-Address-List = "NOT_ALLOW"

			(1)   MS-CHAP2-Success = 0x01533d46413238433546333746414137414236424137363637304430394538343139413744414431423544

			(1)   MS-MPPE-Recv-Key = 0x7198ffa6abfb4bce90c35288c04b7f1e

			(1)   MS-MPPE-Send-Key = 0x1c91fd93bf8306b5508b70df37b7fe75

			(1)   MS-MPPE-Encryption-Policy = Encryption-Allowed

			(1)   MS-MPPE-Encryption-Types = RC4-40or128-bit-Allowed

			(1) Finished request

			Waking up in 4.9 seconds.

			(1) Cleaning up request packet ID 19 with timestamp +1356

			Ready to process requests

l1ght · 2019-02-21 10:28:50

микротик забыл прислать в аккаунтинге юзернейм

прошивку меняйте

Nerofar1 · 2019-02-21 10:33:01

В 21.02.2019 в 10:28, l1ght сказав:

микротик забыл прислать в аккаунтинге юзернейм

прошивку меняйте

Expand

Вот это поворот сейчас стоит RouterOS 6.43.11 на какую поменять не поскажите? Сейчас проверю RouterOS 6.42.11

l1ght · 2019-02-21 10:37:03

В 21.02.2019 в 10:33, Nerofar1 сказав:

Вот это поворот сейчас стоит RouterOS 6.43.11 на какую поменять не поскажите? Сейчас проверю RouterOS 6.42.11

Expand

не подскажу, но знаю что у кого микротики стоят - аккаунтинг работает

а по версиям не знаю

Увійти

Помогите freeradius 3 + Mikrotik

Рекомендованные сообщения

005836 0

Ссылка на сообщение

Поделиться на других сайтах

l1ght 377

Ссылка на сообщение

Поделиться на других сайтах

005836 0

Ссылка на сообщение

Поделиться на других сайтах

Nerofar1 0

Ссылка на сообщение

Поделиться на других сайтах

Nerofar1 0

Ссылка на сообщение

Поделиться на других сайтах

l1ght 377

Ссылка на сообщение

Поделиться на других сайтах

005836 0

Ссылка на сообщение

Поделиться на других сайтах

prototip 284

Ссылка на сообщение

Поделиться на других сайтах

Nerofar1 0

Ссылка на сообщение

Поделиться на других сайтах

l1ght 377

Ссылка на сообщение

Поделиться на других сайтах

Nerofar1 0

Ссылка на сообщение

Поделиться на других сайтах

l1ght 377

Ссылка на сообщение

Поделиться на других сайтах

Nerofar1 0

Ссылка на сообщение

Поделиться на других сайтах

Nerofar1 0

Ссылка на сообщение

Поделиться на других сайтах

l1ght 377

Ссылка на сообщение

Поделиться на других сайтах

Nerofar1 0

Ссылка на сообщение

Поделиться на других сайтах

l1ght 377

Ссылка на сообщение

Поделиться на других сайтах

Nerofar1 0

Ссылка на сообщение

Поделиться на других сайтах

l1ght 377

Ссылка на сообщение

Поделиться на других сайтах

Nerofar1 0

Ссылка на сообщение

Поделиться на других сайтах

l1ght 377

Ссылка на сообщение

Поделиться на других сайтах

Nerofar1 0

Ссылка на сообщение

Поделиться на других сайтах

l1ght 377

Ссылка на сообщение

Поделиться на других сайтах

Nerofar1 0

Ссылка на сообщение

Поделиться на других сайтах

l1ght 377

Ссылка на сообщение

Поделиться на других сайтах

Создайте аккаунт или войдите в него для комментирования

Создать аккаунт