madf 279 Posted 2012-10-17 13:13:56 Share Posted 2012-10-17 13:13:56 Я его сейчас переписываю. Эту ошибку не исправить легко и она не в этом куске кода. Там проблема в том что Алан ДеКок (как же я его ненавижу) любит менять структуры данных от версии к версии и в результате в функции попадает мусор вместо данных. У меня уже есть готовое нормальное рабочее решение для другого биллинга, я его адаптирую к Stg. Link to post Share on other sites
Роман Погосян 0 Posted 2012-10-17 18:00:21 Share Posted 2012-10-17 18:00:21 после долгих измывательств над этим модулем всетаки от него отказался. так как хоть и подпилив его он и начал работать но периодически начинал слать мусор вместо пакета Link to post Share on other sites
timba 0 Posted 2013-10-02 16:11:38 Share Posted 2013-10-02 16:11:38 (edited) Присоединяюсь к человекам, у которых сегфолтится freeradius. А кроме как через rlm_stg можно как-то подружить stargazer с радиусом? Ну или подружить pppoe-server со stargazer без использования radius вообще. Edited 2013-10-02 16:16:27 by timba Link to post Share on other sites
madf 279 Posted 2013-10-02 17:28:17 Share Posted 2013-10-02 17:28:17 Присоединяюсь к человекам, у которых сегфолтится freeradius. А кроме как через rlm_stg можно как-то подружить stargazer с радиусом? Ну или подружить pppoe-server со stargazer без использования radius вообще. Можно FreeRADIUS подружить с базой Stargazer. Link to post Share on other sites
timba 0 Posted 2013-10-02 18:49:09 Share Posted 2013-10-02 18:49:09 (edited) Можно FreeRADIUS подружить с базой Stargazer. Спасибо, буду курить мануалы по FreeRADIUS. И ждать рабочий rlm_stg Edited 2013-10-03 16:52:08 by timba Link to post Share on other sites
Alexey Osipov 38 Posted 2013-10-03 03:06:45 Share Posted 2013-10-03 03:06:45 Ну или подружить pppoe-server со stargazer без использования radius вообще. Можно: http://local.com.ua/forum/topic/25760-purestg2/ Link to post Share on other sites
timba 0 Posted 2013-10-03 17:01:32 Share Posted 2013-10-03 17:01:32 Можно: http://local.com.ua/forum/topic/25760-purestg2/ FreeRADIUS получилось подружить с мускульной базой, но хочется чтобы pppoe-server бегал не напрямую в базу, а через stargazer. Глянул ваш модуль, это что нужно. Буду прикручивать его, спасибо. Link to post Share on other sites
yKpon 8 Posted 2015-02-19 13:06:27 Share Posted 2015-02-19 13:06:27 апну бородатую тему пытаюсь воспроизвести что делал 4 года назад, никак не выходит, версия stg-2.407-rc2 с rlm_stg.so от rc1 и freeradius-1.1.6 если получится поднять попробую на 2.408 вот radiusd.conf prefix = /usr/localexec_prefix = /usr/local sysconfdir = /usr/local/etc localstatedir = /var sbindir = ${exec_prefix}/sbin logdir = /var/log/freeradius raddbdir = /usr/local/etc/raddb radacctdir = /usr/local/var/log/radius/radacct confdir = ${raddbdir} run_dir = ${localstatedir}/run/freeradius log_file = ${logdir}/radius.log libdir = /usr/local/lib/ pidfile = ${run_dir}/freeradius.pid user = freerad group = freerad max_request_time = 30 delete_blocked_requests = no cleanup_delay = 5 max_requests = 1024 bind_address = * port = 0 hostname_lookups = no allow_core_dumps = no regular_expressions = yes extended_expressions = yes log_stripped_names = no log_auth = no log_auth_badpass = no log_auth_goodpass = no usercollide = no lower_user = no lower_pass = no nospace_user = no nospace_pass = no checkrad = ${sbindir}/checkrad security { max_attributes = 200 reject_delay = 1 status_server = no } $INCLUDE ${confdir}/clients.conf snmp = no $INCLUDE ${confdir}/snmp.conf thread pool { start_servers = 5 max_servers = 32 min_spare_servers = 3 max_spare_servers = 10 max_requests_per_server = 0 } modules { pap { encryption_scheme = crypt } chap { authtype = CHAP } mschap { use_mppe = yes authtype = MS-CHAP require_encryption = yes #require_strong = yes #with_ntdomain_hack = no } preprocess { huntgroups = ${confdir}/huntgroups hints = ${confdir}/hints with_ascend_hack = no ascend_channels_per_line = 23 with_ntdomain_hack = no with_specialix_jetstream_hack = no with_cisco_vsa_hack = no } detail { detailfile = ${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d detailperm = 0600 #suppress { # User-Password #} } acct_unique { key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port" } radutmp { filename = ${logdir}/radutmp username = %{User-Name} case_sensitive = yes check_with_nas = yes perm = 0600 callerid = "yes" } radutmp sradutmp { filename = ${logdir}/sradutmp perm = 0644 callerid = "no" } attr_filter { attrsfile = ${confdir}/attrs } counter daily { filename = ${raddbdir}/db.daily key = User-Name count-attribute = Acct-Session-Time reset = daily counter-name = Daily-Session-Time check-name = Max-Daily-Session allowed-servicetype = Framed-User cache-size = 5000 } always fail { rcode = fail } always reject { rcode = reject } always ok { rcode = ok simulcount = 0 mpp = no } stg { local_port = 6667 server = 127.0.0.1 port = 6666 password = 123456 } } instantiate { stg } authorize { preprocess chap mschap stg } authenticate { Auth-Type PAP { stg pap } Auth-Type CHAP { stg chap } Auth-Type MS-CHAP { stg mschap } } preacct { preprocess acct_unique } accounting { detail radutmp stg } session { radutmp } post-auth { stg } pre-proxy { } post-proxy { } вот такой лог, ошибка 691 root@debian:/usr/local/etc/raddb# radiusd -X Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /usr/local/etc/raddb/clients.conf Config: including file: /usr/local/etc/raddb/snmp.conf main: prefix = "/usr/local" main: localstatedir = "/var" main: logdir = "/var/log/freeradius" main: libdir = "/usr/local/lib/" main: radacctdir = "/usr/local/var/log/radius/radacct" main: hostname_lookups = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = no main: log_file = "/var/log/freeradius/radius.log" main: log_auth = no main: log_auth_badpass = no main: log_auth_goodpass = no main: pidfile = "/var/run/freeradius/freeradius.pid" main: user = "freerad" main: group = "freerad" main: usercollide = no main: lower_user = "no" main: lower_pass = "no" main: nospace_user = "no" main: nospace_pass = "no" main: checkrad = "/usr/local/sbin/checkrad" main: proxy_requests = yes security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist read_config_files: reading clients read_config_files: reading realms radiusd: entering modules setup Module: Library search path is /usr/local/lib rlm_stg: stg_init() Module: Loaded stg rlm_stg: stg_instantiate() stg: password = "123456" stg: server = "127.0.0.1" stg: port = 6666 stg: local_port = 6667 Module: Instantiated stg (stg) Module: Loaded PAP pap: encryption_scheme = "crypt" pap: auto_header = no Module: Instantiated pap (pap) Module: Loaded CHAP Module: Instantiated chap (chap) Module: Loaded MS-CHAP mschap: use_mppe = yes mschap: require_encryption = yes mschap: require_strong = no mschap: with_ntdomain_hack = no mschap: passwd = "(null)" mschap: ntlm_auth = "(null)" Module: Instantiated mschap (mschap) Module: Loaded preprocess preprocess: huntgroups = "/usr/local/etc/raddb/huntgroups" preprocess: hints = "/usr/local/etc/raddb/hints" preprocess: with_ascend_hack = no preprocess: ascend_channels_per_line = 23 preprocess: with_ntdomain_hack = no preprocess: with_specialix_jetstream_hack = no preprocess: with_cisco_vsa_hack = no preprocess: with_alvarion_vsa_hack = no Module: Instantiated preprocess (preprocess) Module: Loaded Acct-Unique-Session-Id acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port" Module: Instantiated acct_unique (acct_unique) Module: Loaded detail detail: detailfile = "/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d" detail: detailperm = 384 detail: dirperm = 493 detail: locking = no Module: Instantiated detail (detail) Module: Loaded radutmp radutmp: filename = "/var/log/freeradius/radutmp" radutmp: username = "%{User-Name}" radutmp: case_sensitive = yes radutmp: check_with_nas = yes radutmp: perm = 384 radutmp: callerid = yes Module: Instantiated radutmp (radutmp) Listening on authentication *:1812 Listening on accounting *:1813 Ready to process requests. rad_recv: Access-Request packet from host 127.0.0.1:48163, id=27, length=66 Service-Type = Framed-User Framed-Protocol = PPP User-Name = "test123" Calling-Station-Id = "10.81.1.124" NAS-IP-Address = 127.0.1.1 NAS-Port = 1 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 modcall[authorize]: module "mschap" returns noop for request 0 rlm_stg: stg_authorize() rlm_stg: stg_authorize() user name defined as 'test123' rlm_stg: stg_authorize() request username field: 'test123' rlm_stg: stg_authorize() Service-Type defined as 'Framed-User' rlm_stg: stg_authorize() stg status: '' modcall[authorize]: module "stg" returns reject for request 0 modcall: leaving group authorize (returns reject) for request 0 Delaying request 0 for 1 seconds Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... rad_recv: Access-Request packet from host 127.0.0.1:37621, id=26, length=66 Service-Type = Framed-User Framed-Protocol = PPP User-Name = "test123" Calling-Station-Id = "10.81.1.124" NAS-IP-Address = 127.0.1.1 NAS-Port = 0 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 1 modcall[authorize]: module "preprocess" returns ok for request 1 modcall[authorize]: module "chap" returns noop for request 1 modcall[authorize]: module "mschap" returns noop for request 1 rlm_stg: stg_authorize() rlm_stg: stg_authorize() user name defined as 'test123' rlm_stg: stg_authorize() request username field: 'test123' rlm_stg: stg_authorize() Service-Type defined as 'Framed-User' rlm_stg: stg_authorize() stg status: '' modcall[authorize]: module "stg" returns reject for request 1 modcall: leaving group authorize (returns reject) for request 1 Delaying request 1 for 1 seconds Finished request 1 Going to the next request Sending Access-Reject of id 27 to 127.0.0.1 port 48163 Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 26 to 127.0.0.1 port 37621 Waking up in 3 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 27 with timestamp 54e5df6f Waking up in 1 seconds... --- Walking the entire request list --- Cleaning up request 1 ID 26 with timestamp 54e5df70 Nothing to do. Sleeping until we see a request. Link to post Share on other sites
madf 279 Posted 2015-02-19 14:13:38 Share Posted 2015-02-19 14:13:38 Чего ж тут непонятного, вот: modcall[authorize]: module "stg" returns reject for request 1 Фиг тебе, говорит, а не сервис. Link to post Share on other sites
yKpon 8 Posted 2015-02-19 14:18:36 Share Posted 2015-02-19 14:18:36 Чего ж тут непонятного, вот: modcall[authorize]: module "stg" returns reject for request 1 Фиг тебе, говорит, а не сервис. и как вылечить? где поправить что? =) Link to post Share on other sites
yKpon 8 Posted 2015-02-19 14:30:29 Share Posted 2015-02-19 14:30:29 (edited) когда ввожу верный логин и пароль, ноль modcall[authorize]: module "stg" returns reject for request 0 а дальше всё так же Edited 2015-02-19 14:38:36 by yKpon Link to post Share on other sites
madf 279 Posted 2015-02-19 15:39:11 Share Posted 2015-02-19 15:39:11 Я бы глянул в лог stg. Link to post Share on other sites
yKpon 8 Posted 2015-02-20 07:31:50 Share Posted 2015-02-20 07:31:50 Я бы глянул в лог stg. собранный в дебаге stg в момент попытки авторизации выплёвывает radius.cpp > 10:30:58 > RADIUS::ProcessAutzPacket service '' is not allowed to authorize Link to post Share on other sites
madf 279 Posted 2015-02-20 08:52:38 Share Posted 2015-02-20 08:52:38 Почему-то приходит пустой сервис (Service-Type), хотя по логу там "Framed-User". У вас же там модифицированный rlm_stg? Link to post Share on other sites
yKpon 8 Posted 2015-02-20 09:07:45 Share Posted 2015-02-20 09:07:45 (edited) rlm_stg от stg-2.407-rc1 под первый радиус <Module radius> Password = 123456 ServerIP = 127.0.0.1 Port = 6666 AuthServices = Login-User AcctServices = Framed-User </Module> Edited 2015-02-20 09:16:11 by yKpon Link to post Share on other sites
madf 279 Posted 2015-02-20 09:57:44 Share Posted 2015-02-20 09:57:44 Ну тут варианта два: или rlm_stg не посылает, или mod_radius не принимает. Link to post Share on other sites
yKpon 8 Posted 2015-02-20 10:04:06 Share Posted 2015-02-20 10:04:06 какие ещё конфиги показать? на стенде тот же софт что я делал 4 года назад, не могу никак вспомнить всё точно =( а очень надо, нужен PPPoE NAS отдельный Link to post Share on other sites
madf 279 Posted 2015-02-20 12:25:04 Share Posted 2015-02-20 12:25:04 Вряд ли дело в конфигах. Link to post Share on other sites
yKpon 8 Posted 2015-02-20 12:47:01 Share Posted 2015-02-20 12:47:01 (edited) даже сервер тот же, ОСь дебиан Lenny, ставил 5 лет назад, всё тоже самое =) в чём же может быть дело? Edited 2015-02-20 13:08:57 by yKpon Link to post Share on other sites
madf 279 Posted 2015-02-20 13:41:44 Share Posted 2015-02-20 13:41:44 Да фиг его знает, я бы воткнулся дебаггером и поглядел что там и как в процессе. Я сейчас на работе, нет под рукой исходников rlm_stg с того времени. Есть дома, если будет время - попробую посмотреть. Link to post Share on other sites
madf 279 Posted 2015-02-21 12:30:43 Share Posted 2015-02-21 12:30:43 Я посмотрел внимательно на stg-2.407-p1, не могу даже представить как возможна ситуация в которой rlm_stg пишет что rlm_stg: stg_authorize() Service-Type defined as 'Framed-User' а Stargazer считает что radius.cpp > 10:30:58 > RADIUS::ProcessAutzPacket service '' is not allowed to authorize Это точно логи от одной и той-же сессии? Link to post Share on other sites
yKpon 8 Posted 2015-02-24 07:10:29 Share Posted 2015-02-24 07:10:29 Я посмотрел внимательно на stg-2.407-p1, не могу даже представить как возможна ситуация в которой rlm_stg пишет что rlm_stg: stg_authorize() Service-Type defined as 'Framed-User' а Stargazer считает что radius.cpp > 10:30:58 > RADIUS::ProcessAutzPacket service '' is not allowed to authorize Это точно логи от одной и той-же сессии? вот сейчас одна сессия, ввожу верные test 123456 Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /usr/local/etc/raddb/clients.conf Config: including file: /usr/local/etc/raddb/snmp.conf main: prefix = "/usr/local" main: localstatedir = "/var" main: logdir = "/var/log/freeradius" main: libdir = "/usr/local/lib/" main: radacctdir = "/usr/local/var/log/radius/radacct" main: hostname_lookups = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = no main: log_file = "/var/log/freeradius/radius.log" main: log_auth = no main: log_auth_badpass = no main: log_auth_goodpass = no main: pidfile = "/var/run/freeradius/freeradius.pid" main: user = "freerad" main: group = "freerad" main: usercollide = no main: lower_user = "no" main: lower_pass = "no" main: nospace_user = "no" main: nospace_pass = "no" main: checkrad = "/usr/local/sbin/checkrad" main: proxy_requests = yes security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist read_config_files: reading clients read_config_files: reading realms radiusd: entering modules setup Module: Library search path is /usr/local/lib rlm_stg: stg_init() Module: Loaded stg rlm_stg: stg_instantiate() stg: password = "123456" stg: server = "127.0.0.1" stg: port = 6666 stg: local_port = 6667 Module: Instantiated stg (stg) Module: Loaded PAP pap: encryption_scheme = "crypt" pap: auto_header = no Module: Instantiated pap (pap) Module: Loaded CHAP Module: Instantiated chap (chap) Module: Loaded MS-CHAP mschap: use_mppe = yes mschap: require_encryption = yes mschap: require_strong = no mschap: with_ntdomain_hack = no mschap: passwd = "(null)" mschap: ntlm_auth = "(null)" Module: Instantiated mschap (mschap) Module: Loaded preprocess preprocess: huntgroups = "/usr/local/etc/raddb/huntgroups" preprocess: hints = "/usr/local/etc/raddb/hints" preprocess: with_ascend_hack = no preprocess: ascend_channels_per_line = 23 preprocess: with_ntdomain_hack = no preprocess: with_specialix_jetstream_hack = no preprocess: with_cisco_vsa_hack = no preprocess: with_alvarion_vsa_hack = no Module: Instantiated preprocess (preprocess) Module: Loaded Acct-Unique-Session-Id acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port" Module: Instantiated acct_unique (acct_unique) Module: Loaded detail detail: detailfile = "/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d" detail: detailperm = 384 detail: dirperm = 493 detail: locking = no Module: Instantiated detail (detail) Module: Loaded radutmp radutmp: filename = "/var/log/freeradius/radutmp" radutmp: username = "%{User-Name}" radutmp: case_sensitive = yes radutmp: check_with_nas = yes radutmp: perm = 384 radutmp: callerid = yes Module: Instantiated radutmp (radutmp) Listening on authentication *:1812 Listening on accounting *:1813 Ready to process requests. rad_recv: Access-Request packet from host 127.0.0.1:42200, id=69, length=56 User-Name = "test" User-Password = "123456" NAS-IP-Address = 255.255.255.255 NAS-Port = 10 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 rlm_stg: stg_authorize() rlm_stg: stg_authorize() user name defined as 'test' rlm_stg: stg_authorize() request username field: 'test' rlm_stg: stg_authorize() request password field: '123456' rlm_stg: stg_authorize() Service-Type undefined rlm_stg: stg_authorize() stg status: '' modcall[authorize]: module "stg" returns reject for request 0 modcall: leaving group authorize (returns reject) for request 0 Delaying request 0 for 1 seconds Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 69 to 127.0.0.1 port 42200 Waking up in 4 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 69 with timestamp 54ec2361 Nothing to do. Sleeping until we see a request. в stg дебаг radius.cpp > 10:10:03 > RADIUS::ProcessAutzPacket service '' is not allowed to authorize Link to post Share on other sites
Phsm 19 Posted 2015-02-24 07:18:17 Share Posted 2015-02-24 07:18:17 Ребят, а чем rlm_stg лучше того же rlm_perl, в котором можно написать любую логику авторизации, которую только выдумает фантазия? Я просто бегло прошелся по этому треду, и ничего кроме проблем с этим rlm_stg не увидел. Link to post Share on other sites
madf 279 Posted 2015-02-24 08:28:45 Share Posted 2015-02-24 08:28:45 Ребят, а чем rlm_stg лучше того же rlm_perl, в котором можно написать любую логику авторизации, которую только выдумает фантазия? Я просто бегло прошелся по этому треду, и ничего кроме проблем с этим rlm_stg не увидел. rlm_stg на данный момент не существует. rlm_perl не умеет общаться со Stargazer. Link to post Share on other sites
madf 279 Posted 2015-02-24 08:30:06 Share Posted 2015-02-24 08:30:06 ... вот сейчас одна сессия, ввожу верные test 123456 ... modcall: entering group authorize for request 0 rlm_stg: stg_authorize() rlm_stg: stg_authorize() user name defined as 'test' rlm_stg: stg_authorize() request username field: 'test' rlm_stg: stg_authorize() request password field: '123456' rlm_stg: stg_authorize() Service-Type undefined rlm_stg: stg_authorize() stg status: '' modcall[authorize]: module "stg" returns reject for request 0 modcall: leaving group authorize (returns reject) for request 0 ... в stg дебаг radius.cpp > 10:10:03 > RADIUS::ProcessAutzPacket service '' is not allowed to authorize Ну тут без серьезного дебага не обойтись. Link to post Share on other sites
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now