radtest Access-Accept accel-ppp Access-Reject

[fet4]

Доброго дня!

Подскажите что я упускаю в конфигурации accel-ppp.

Если выполняю

# radtest 74:e5:43:8f:c1:17 '' 172.20.0.2 0 dEoSGodupaHOelCI
Sending Access-Request of id 93 to 172.20.0.2 port 1812
        User-Name = "74:e5:43:8f:c1:17"
        User-Password = ""
        NAS-IP-Address = 127.0.1.1
        NAS-Port = 0
        Message-Authenticator = 0x00000000000000000000000000000000
rad_recv: Access-Accept packet from host 172.20.0.2 port 1812, id=93, length=32
        Framed-IP-Address = 10.194.10.197
        Session-Timeout = 600

все хорошо.

 

А accel 

[2016-12-05 10:33:28]:  info: ipoe0: create interface ipoe0 parent vlan200
[2016-12-05 10:33:28]:  info: ipoe0: send [RADIUS(1) Access-Request id=1 <User-Name "74:e5:43:8f:c1:17"> <NAS-Identifier "accel-ppp-ipoe"> 
<NAS-IP-Address 172.20.0.2> <NAS-Port 133> <NAS-Port-Id "ipoe0"> <NAS-Port-Type Ethernet> <Calling-Station-Id "74:e5:43:8f:c1:17"> 
<Called-Station-Id "vlan200"> <User-Password >]
[2016-12-05 10:33:29]:  info: ipoe0: recv [RADIUS(1) Access-Reject id=1 <Framed-IP-Address 10.194.107.121> <Session-Timeout 600>]
[2016-12-05 10:33:29]: debug: ipoe0: terminate
[2016-12-05 10:33:29]:  info: ipoe0: ipoe: session finished

# cat /etc/accel-ppp.conf
[modules]
log_file
ipoe
radius
shaper

[core]
log-error=/var/log/accel-ppp/core.log
thread-count=2

[common]
single-session=replace

[ipoe]
verbose=1
username=lua:username
lua-file=/etc/accel-ppp.lua
shared=1
ifcfg=1
mode=L2
ip-unnumbered=1
start=dhcpv4
interface=vlan200
attr-dhcp-client-ip=Framed-IP-Address
gw-ip-address=10.194.0.1/16

[dns]
dns1=172.30.0.1
dns2=172.30.1.1

[radius]
dictionary=/usr/local/share/accel-ppp/radius/dictionary
nas-identifier=accel-ppp-ipoe
nas-ip-address=172.20.0.2
server=172.20.0.2,dEoSGodupaHOelCI,auth-port=1812,acct-port=1813,req-limit=0,fail-timeout=0,max-fail=0,weight=1
dae-server=172.20.0.2:3799,dEoSGodupaHOelCI
acct-interim-interval=60
verbose=1
interim-verbose=1

[log]
log-file=/var/log/accel-ppp/accel-ppp.log
log-emerg=/var/log/accel-ppp/emerg.log
log-fail-file=/var/log/accel-ppp/auth-fail.log
copy=1
level=5

[shaper]
attr=Filter-Id
up-limiter=police
down-limiter=tbf
verbose=1

Заранее спасибо.

Відредаговано 5 грудня, 2016 fet4

[~AsmodeuS~]

секретные ключи сравните для radius

[NiTr0]

radiusd -X...

[fet4]

Кажется я понял в чем проблема в User-Password = ""

Это radtest

rad_recv: Access-Request packet from host 172.20.0.2 port 41480, id=202, length=87

        User-Name = "74:e5:43:8f:c1:17"

        User-Password = ""

        NAS-IP-Address = 127.0.1.1

        NAS-Port = 0

        Message-Authenticator = 0x4dec5f0c6bc36e1653f0698ffb57f63e

# Executing section authorize from file /etc/freeradius/sites-enabled/default

+group authorize {

rlm_sql (sql): Reserving sql socket id: 31

[sql]   expand: call radcheck_dhcp('%{User-Name}') -> call radcheck_dhcp('74:e5:43:8f:c1:17')

[sql] User found in radcheck table

[sql]   expand: call radreply_dhcp('%{User-Name}') -> call radreply_dhcp('74:e5:43:8f:c1:17')

rlm_sql (sql): Released sql socket id: 31

++[sql] = ok

+} # group authorize = ok

WARNING: Please update your configuration, and remove 'Auth-Type = Local'

WARNING: Use the PAP or CHAP modules instead.

User-Password in the request is correct.

# Executing section post-auth from file /etc/freeradius/sites-enabled/default

+group post-auth {

[sql]   expand: call radupdate_dhcp('%{User-Name}','%{reply:Framed-IP-Address}',                'nas=%{NAS-IP-Address}') -> call radupdate_dhcp('74:e5:43:8f:c1:17','10.194.13.234',                'nas=127.0.1.1')

rlm_sql (sql) in sql_postauth: query is call radupdate_dhcp('74:e5:43:8f:c1:17','10.194.13.234',                'nas=127.0.1.1')

rlm_sql (sql): Reserving sql socket id: 30

rlm_sql (sql): Released sql socket id: 30

++[sql] = ok

+} # group post-auth = ok

Sending Access-Accept of id 202 to 172.20.0.2 port 41480

        Framed-IP-Address = 10.194.13.234

        Session-Timeout = 600

Finished request 0.

Going to the next request

Waking up in 4.9 seconds.

Cleaning up request 0 ID 202 with timestamp +9

 

А это если указать password=empty в [ipoe] то User-Password = "" вообще нет, если password убрать то там мак-устройства, если  password="" то кавычки экранируются слэшами.

rad_recv: Access-Request packet from host 172.20.0.2 port 45003, id=1, length=110

        User-Name = "74:e5:43:8f:c1:17"

        NAS-Identifier = "accel-ppp-ipoe"

        NAS-IP-Address = 172.20.0.2

        NAS-Port = 211

        NAS-Port-Id = "ipoe0"

        NAS-Port-Type = Ethernet

        Calling-Station-Id = "74:e5:43:8f:c1:17"

        Called-Station-Id = "vlan200"

# Executing section authorize from file /etc/freeradius/sites-enabled/default

+group authorize {

rlm_sql (sql): Reserving sql socket id: 30

[sql]   expand: call radcheck_dhcp('%{User-Name}') -> call radcheck_dhcp('74:e5:43:8f:c1:17')

[sql] User found in radcheck table

[sql]   expand: call radreply_dhcp('%{User-Name}') -> call radreply_dhcp('74:e5:43:8f:c1:17')

rlm_sql (sql): Released sql socket id: 30

++[sql] = ok

+} # group authorize = ok

WARNING: Please update your configuration, and remove 'Auth-Type = Local'

WARNING: Use the PAP or CHAP modules instead.

No User-Password or CHAP-Password attribute in the request.

Cannot perform authentication.

Failed to authenticate the user.

Using Post-Auth-Type REJECT

  WARNING: Unknown value specified for Post-Auth-Type.  Cannot perform requested action.

# Executing group from file /etc/freeradius/sites-enabled/default

Delaying reject of request 1 for 1 seconds

Going to the next request

Waking up in 0.9 seconds.

Sending delayed reject for request 1

Sending Access-Reject of id 1 to 172.20.0.2 port 45003

        Framed-IP-Address = 10.194.7.128

        Session-Timeout = 600

Waking up in 4.9 seconds.

Cleaning up request 1 ID 1 with timestamp +10

 

А как передать именно User-Password = ""

[NiTr0]

LUA...