[Inclusão Digital]Versão FreeRadius
Isaac Sampaio
isaac.sampaio em gmail.com
Quinta Março 8 06:11:37 BRT 2012
Olá Pedro, respondendo sua pergunta, não tem nada firewall configurado
ainda, acabei de instalar tudo. Pior é que já tenho outros servidor pppoe e
nunca tive esse problema.
Marcelo eu fiz o que você sugeriu e pelo menos para mim que não sou nenhum
especialista no assunto não consegui identificar nada no freeradius, ao que
me parece o problema é na recepção dos dados no MK. Vou colocar o retorno
do que me pediu, quem sabe um olhar de quem entende mais que eu possa
encontrar o problema.
rad_recv: Access-Request packet from host 10.0.1.252 port 59064, id=40,
length=194
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 33
NAS-Port-Type = Ethernet
User-Name = "isaac"
Calling-Station-Id = "78:44:76:00:30:F8"
Called-Station-Id = "pppoe-server"
NAS-Port-Id = "BRIDGE"
MS-CHAP-Challenge = 0xceecd27bc38b86782fea1cff8b828f75
MS-CHAP2-Response =
0x0100c3ac459cf91f54d1034002d93d7a972b0000000000000000e265b5340aa4f424cd88740ae9411cef5e861176954a55e3
NAS-Identifier = "servidor-new"
NAS-IP-Address = 10.0.1.252
# Executing section authorize from file
/etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand:
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/var/log/freeradius/radacct/10.0.1.252/auth-detail-20120308
[auth_log]
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands
to /var/log/freeradius/radacct/10.0.1.252/auth-detail-20120308
[auth_log] expand: %t -> Thu Mar 8 05:43:33 2012
++[auth_log] returns ok
++[chap] returns noop
[mschap] Found MS-CHAP attributes. Setting 'Auth-Type = mschap'
++[mschap] returns ok
[suffix] No '@' in User-Name = "isaac", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
[sql] expand: %{User-Name} -> isaac
[sql] sql_set_user escaped user --> 'isaac'
rlm_sql (sql): Reserving sql socket id: 4
[sql] expand: SELECT id, username, attribute, value, op FROM
radcheck WHERE username = '%{SQL-User-Name}' ORDER BY
id -> SELECT
id, username, attribute, value, op FROM radcheck WHERE
username = 'isaac' ORDER BY id
[sql] User found in radcheck table
[sql] expand: SELECT id, username, attribute, value, op FROM
radreply WHERE username = '%{SQL-User-Name}' ORDER BY
id -> SELECT
id, username, attribute, value, op FROM radreply WHERE
username = 'isaac' ORDER BY id
[sql] expand: SELECT groupname FROM radusergroup
WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT
groupname
FROM radusergroup WHERE username = 'isaac' ORDER
BY priority
[sql] expand: SELECT id, groupname, attribute, Value, op
FROM radgroupcheck WHERE groupname = '%{Sql-Group}'
ORDER BY
id -> SELECT id, groupname, attribute, Value, op FROM
radgroupcheck WHERE groupname = '300k' ORDER BY id
[sql] User found in group 300k
[sql] expand: SELECT id, groupname, attribute, value, op
FROM radgroupreply WHERE groupname = '%{Sql-Group}'
ORDER BY
id -> SELECT id, groupname, attribute, value, op FROM
radgroupreply WHERE groupname = '300k' ORDER BY id
rlm_sql (sql): Released sql socket id: 4
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
Found Auth-Type = Accept
Auth-Type = Accept, accepting the user
# Executing section session from file /etc/freeradius/sites-enabled/default
+- entering group session {...}
[radutmp] expand: /var/log/freeradius/radutmp ->
/var/log/freeradius/radutmp
[radutmp] expand: %{User-Name} -> isaac
++[radutmp] returns ok
Login OK: [isaac] (from client servidor-new port 33 cli 78:44:76:00:30:F8)
# Executing section post-auth from file
/etc/freeradius/sites-enabled/default
+- entering group post-auth {...}
[sql] expand: %{User-Name} -> isaac
[sql] sql_set_user escaped user --> 'isaac'
[sql] expand: %{User-Password} ->
[sql] ... expanding second conditional
[sql] expand: %{Chap-Password} ->
[sql] expand: INSERT INTO radpostauth
(username, pass, reply, authdate) VALUES (
'%{User-Name}',
'%{%{User-Password}:-%{Chap-Password}}',
'%{reply:Packet-Type}', '%S') -> INSERT INTO radpo
stauth (username, pass, reply, authdate)
VALUES ( 'isaac',
'', 'Access-Accept', '2012-03-08 05:43:33')
rlm_sql (sql) in sql_postauth: query is INSERT INTO radpostauth
(username, pass, reply, authdate)
VALUES (
'isaac', '',
'Access-Accept', '2012-03-08 05:43:33')
rlm_sql (sql): Reserving sql socket id: 3
rlm_sql (sql): Released sql socket id: 3
++[sql] returns ok
++[exec] returns noop
Sending Access-Accept of id 40 to 10.0.1.252 port 59064
Framed-IP-Address := 10.254.10.100
Framed-IP-Netmask := 255.255.255.0
Mikrotik-Rate-Limit := "100k/300k 0/0 0/0 20/20 8 50k/128k"
Port-Limit := 1
Framed-Compression := Van-Jacobson-TCP-IP
Framed-Protocol := PPP
Service-Type := Framed-User
Framed-MTU := 1480
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Accounting-Request packet from host 10.0.1.252 port 48283, id=41,
length=158
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 33
NAS-Port-Type = Ethernet
User-Name = "isaac"
Calling-Station-Id = "78:44:76:00:30:F8"
Called-Station-Id = "pppoe-server"
NAS-Port-Id = "BRIDGE"
Acct-Session-Id = "81f00016"
Framed-IP-Address = 10.254.10.100
Framed-IP-Netmask = 255.255.255.0
Acct-Authentic = RADIUS
Event-Timestamp = "Mar 8 2012 05:44:13 BRT"
Acct-Status-Type = Start
NAS-Identifier = "servidor-new"
Acct-Delay-Time = 0
NAS-IP-Address = 10.0.1.252
# Executing section preacct from file /etc/freeradius/sites-enabled/default
+- entering group preacct {...}
++[preprocess] returns ok
[acct_unique] Hashing 'NAS-Port = 33,Client-IP-Address =
10.0.1.252,NAS-IP-Address = 10.0.1.252,Acct-Session-Id =
"81f00016",User-Name = "isaac"'
[acct_unique] Acct-Unique-Session-ID = "d8f9a714fdb84ddf".
++[acct_unique] returns ok
[suffix] No '@' in User-Name = "isaac", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
# Executing section accounting from file
/etc/freeradius/sites-enabled/default
+- entering group accounting {...}
[detail] expand:
/var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d ->
/var/log/freeradius/radacct/10.0.1.252/detail-20120308
[detail] /var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d
expands to /var/log/freeradius/radacct/10.0.1.252/detail-20120308
[detail] expand: %t -> Thu Mar 8 05:43:33 2012
++[detail] returns ok
++[unix] returns ok
[radutmp] expand: /var/log/freeradius/radutmp ->
/var/log/freeradius/radutmp
[radutmp] expand: %{User-Name} -> isaac
++[radutmp] returns ok
[sql] expand: %{User-Name} -> isaac
[sql] sql_set_user escaped user --> 'isaac'
[sql] expand: %{Acct-Delay-Time} -> 0
[sql] expand: INSERT INTO radacct (acctsessionid,
acctuniqueid, username, realm, nasipaddress,
naspo
rtid, nasporttype, acctstarttime, acctstoptime,
acctsessiontime, acctauthentic, connectinfo_start,
connectinf
o_stop, acctinputoctets, acctoutputoctets, calledstationid,
callingstationid, acctterminatecause, servicetype,
framedprotocol,
framedipaddress, acctstartdelay, acctstopdelay,
xascendsessionsvrkey) VALUES ('%{Acct-Session-Id}',
'%{Acct-Unique-Ses
sion-Id}', '%{SQL-User-Name}', '%{Realm}',
'%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', '%S',
NULL,
'0', '%{Acct-Authentic}', '%{Connect-Info}', '', '0', '0',
'%{Called-Station-Id}', '%{Calling-Station-Id}', '',
'%{Ser
vice-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}',
rlm_sql (sql): Reserving sql socket id: 2
rlm_sql (sql): Released sql socket id: 2
++[sql] returns ok
++[exec] returns noop
[attr_filter.accounting_response] expand: %{User-Name} -> isaac
attr_filter: Matched entry DEFAULT at line 12
++[attr_filter.accounting_response] returns updated
Sending Accounting-Response of id 41 to 10.0.1.252 port 48283
Finished request 1.
Cleaning up request 1 ID 41 with timestamp +43
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Accounting-Request packet from host 10.0.1.252 port 40441, id=42,
length=206
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 33
NAS-Port-Type = Ethernet
User-Name = "isaac"
Calling-Station-Id = "78:44:76:00:30:F8"
Called-Station-Id = "pppoe-server"
NAS-Port-Id = "BRIDGE"
Acct-Session-Id = "81f00016"
Framed-IP-Address = 10.254.10.100
Framed-IP-Netmask = 255.255.255.0
Acct-Authentic = RADIUS
Event-Timestamp = "Mar 8 2012 05:44:13 BRT"
Acct-Session-Time = 0
Acct-Input-Octets = 0
Acct-Input-Gigawords = 0
Acct-Input-Packets = 0
Acct-Output-Octets = 28
Acct-Output-Gigawords = 0
Acct-Output-Packets = 3
Acct-Status-Type = Stop
Acct-Terminate-Cause = User-Request
NAS-Identifier = "servidor-new"
Acct-Delay-Time = 0
NAS-IP-Address = 10.0.1.252
# Executing section preacct from file /etc/freeradius/sites-enabled/default
+- entering group preacct {...}
++[preprocess] returns ok
[acct_unique] Hashing 'NAS-Port = 33,Client-IP-Address =
10.0.1.252,NAS-IP-Address = 10.0.1.252,Acct-Session-Id =
"81f00016",User-Name = "isaac"'
[acct_unique] Acct-Unique-Session-ID = "d8f9a714fdb84ddf".
++[acct_unique] returns ok
[suffix] No '@' in User-Name = "isaac", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
# Executing section accounting from file
/etc/freeradius/sites-enabled/default
+- entering group accounting {...}
[detail] expand:
/var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d ->
/var/log/freeradius/radacct/10.0.1.252/detail-20120308
[detail] /var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d
expands to /var/log/freeradius/radacct/10.0.1.252/detail-20120308
[detail] expand: %t -> Thu Mar 8 05:43:33 2012
++[detail] returns ok
++[unix] returns ok
[radutmp] expand: /var/log/freeradius/radutmp ->
/var/log/freeradius/radutmp
[radutmp] expand: %{User-Name} -> isaac
++[radutmp] returns ok
[sql] expand: %{User-Name} -> isaac
[sql] sql_set_user escaped user --> 'isaac'
[sql] expand: %{Acct-Input-Gigawords} -> 0
[sql] expand: %{Acct-Input-Octets} -> 0
[sql] expand: %{Acct-Output-Gigawords} -> 0
[sql] expand: %{Acct-Output-Octets} -> 28
[sql] expand: %{Acct-Delay-Time} -> 0
[sql] expand: UPDATE radacct SET acctstoptime
= '%S', acctsessiontime = '%{Acct-Session-Time}',
tinputoctets = '%{%{Acct-Input-Gigawords}:-0}' << 32 |
'%{%{Acct-Input-Octets}:-0}', acctoutputoctets
{Acct-Output-Gigawords}:-0}' << 32 |
'%{%{Acct-Output-Octets}:-0}', acctterminatecause =
'%{Acct-Termina
', acctstopdelay = '%{%{Acct-Delay-Time}:-0}',
connectinfo_stop = '%{Connect-Info}' WHERE acctsessionid =
ession-Id}' AND username = '%{SQL-User-Name}'
AND nasipaddress = '%{NAS-IP-Address}' -> UPDATE radacct SET
acctstoptime = '2012-03-08 05:43:33',
acctsessiontime = '0', acctinputoctets = '0' << 32 |
'0', acctoutputoctets = '0' << 32 |
rlm_sql (sql): Reserving sql socket id: 1
rlm_sql (sql): Released sql socket id: 1
++[sql] returns ok
++[exec] returns noop
[attr_filter.accounting_response] expand: %{User-Name} -> isaac
attr_filter: Matched entry DEFAULT at line 12
++[attr_filter.accounting_response] returns updated
Sending Accounting-Response of id 42 to 10.0.1.252 port 40441
Finished request 2.
Cleaning up request 2 ID 42 with timestamp +43
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 0 ID 40 with timestamp +43
Ready to process requests.
vlw
Em 7 de março de 2012 22:24, Pedro Angones <pedro em globalwave.com.br>escreveu:
> Não tem nenhum DROP na OUTPUT do firewall do radius?
>
> Pedro Angones
>
> Em 07/03/2012, às 22:19, Isaac Sampaio <isaac.sampaio em gmail.com> escreveu:
>
> > Putz!! Estou desde 14:00 brigando com um aqui que não quer funcionar por
> > nada. Pior é que não gera erro. Quando coloco o secrets no MK, funciona,
> > mas quando desabilito ele vai buscar no FreeRadius, dá a mensagem abaixo:
> >
> > Wed Mar 7 22:09:17 2012 : Auth: Login OK: [usertest] (from client
> > servidor-new port 28 cli 78:44:76:00:30:F8)
> >
> > Mas dá erro na conexão e no MK não cria nada.
> >
> > vlw
> >
> > Em 7 de março de 2012 22:12, Alexandre J. Correa - Onda Internet <
> > alexandre em onda.net.br> escreveu:
> >
> >> uso aqui... funciona blz !!
> >> Em 07/03/2012 21:51, Isaac Sampaio escreveu:
> >>
> >>> Olá amigos, alguém de vocês usam o freeradius na versão 2.1.10
> juntamento
> >>> com o mikrotik?
> >>>
> >>> Grato.
> >>>
> >>> Isaac
> >>> ______________________________**_________________
> >>> Inclusaodigital mailing list
> >>> Inclusaodigital em anid.com.br
> >>> http://mail.anid.com.br/**mailman/listinfo/**inclusaodigital<
> http://mail.anid.com.br/mailman/listinfo/inclusaodigital>
> >>>
> >>>
> >>
> >> --
> >> Sds.
> >>
> >> Alexandre Jeronimo Correa
> >> Socio-Administrador
> >>
> >> Onda Internet
> >> www.onda.net.br
> >>
> >> IPV6 Ready !
> >>
> >> ______________________________**_________________
> >> Inclusaodigital mailing list
> >> Inclusaodigital em anid.com.br
> >> http://mail.anid.com.br/**mailman/listinfo/**inclusaodigital<
> http://mail.anid.com.br/mailman/listinfo/inclusaodigital>
> >>
> > _______________________________________________
> > Inclusaodigital mailing list
> > Inclusaodigital em anid.com.br
> > http://mail.anid.com.br/mailman/listinfo/inclusaodigital
> >
> > --
> > This message has been scanned for viruses and
> > dangerous content by MailScanner, and is
> > believed to be clean.
> >
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
> _______________________________________________
> Inclusaodigital mailing list
> Inclusaodigital em anid.com.br
> http://mail.anid.com.br/mailman/listinfo/inclusaodigital
>
Mais detalhes sobre a lista de discussão Inclusaodigital