[Inclusão Digital]Versão FreeRadius
Isaac Sampaio
isaac.sampaio em gmail.com
Quinta Março 8 09:26:45 BRT 2012
Oi Robson, eu não tenho não. Ambos estão no mesmo barramento fisico e
configurados na classe 10.0.1.x.
Vlw
Em 8 de março de 2012 07:36, Robson F. Ramaldes <robson em netnew.com.br>escreveu:
>
>
> Isaac
>
> Voce possui algum NAT entre o MK até o Servidor?
>
> Já vi
> casos em que aparece Login OK e no MK retorna "Radius Timeout"
>
> Ocorria
> devido ao pacote ser enviado para IP X e retornar pelo IP Y, aí o MK não
> aceita o pacote.
>
> Voce pode conferir pelo Torch isso
>
> Att.
>
>
> ---
> Robson F. Ramaldes
> Net New Ltda.
>
> On Thu, 8 Mar 2012 06:11:37
> -0300, Isaac Sampaio wrote:
>
> > Olá Pedro, respondendo sua pergunta, não
> tem nada firewall configurado
> > ainda, acabei de instalar tudo. Pior é
> que já tenho outros servidor pppoe e
> > nunca tive esse problema.
> >
> >
> Marcelo eu fiz o que você sugeriu e pelo menos para mim que não sou
> nenhum
> > especialista no assunto não consegui identificar nada no
> freeradius, ao que
> > me parece o problema é na recepção dos dados no MK.
> Vou colocar o retorno
> > do que me pediu, quem sabe um olhar de quem
> entende mais que eu possa
> > encontrar o problema.
> >
> > rad_recv:
> Access-Request packet from host 10.0.1.252 port 59064, id=40,
> >
> length=194
> > Service-Type = Framed-User
> > Framed-Protocol = PPP
> >
> NAS-Port = 33
> > NAS-Port-Type = Ethernet
> > User-Name = "isaac"
> >
> Calling-Station-Id = "78:44:76:00:30:F8"
> > Called-Station-Id =
> "pppoe-server"
> > NAS-Port-Id = "BRIDGE"
> > MS-CHAP-Challenge =
> 0xceecd27bc38b86782fea1cff8b828f75
> > MS-CHAP2-Response =
> >
>
> 0x0100c3ac459cf91f54d1034002d93d7a972b0000000000000000e265b5340aa4f424cd88740ae9411cef5e861176954a55e3
> >
> NAS-Identifier = "servidor-new"
> > NAS-IP-Address = 10.0.1.252
> > #
> Executing section authorize from file
> >
> /etc/freeradius/sites-enabled/default
> > +- entering group authorize
> {...}
> > ++[preprocess] returns ok
> > [auth_log] expand:
> >
> /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
> >
> /var/log/freeradius/radacct/10.0.1.252/auth-detail-20120308
> >
> [auth_log]
> >
> /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
> expands
> > to
> /var/log/freeradius/radacct/10.0.1.252/auth-detail-20120308
> > [auth_log]
> expand: %t -> Thu Mar 8 05:43:33 2012
> > ++[auth_log] returns ok
> >
> ++[chap] returns noop
> > [mschap] Found MS-CHAP attributes. Setting
> 'Auth-Type = mschap'
> > ++[mschap] returns ok
> > [suffix] No '@' in
> User-Name = "isaac", looking up realm NULL
> > [suffix] No such realm
> "NULL"
> > ++[suffix] returns noop
> > [eap] No EAP-Message, not doing EAP
> >
> ++[eap] returns noop
> > [sql] expand: %{User-Name} -> isaac
> > [sql]
> sql_set_user escaped user --> 'isaac'
> > rlm_sql (sql): Reserving sql
> socket id: 4
> > [sql] expand: SELECT id, username, attribute, value, op
> FROM
> > radcheck WHERE username = '%{SQL-User-Name}' ORDER BY
> > id ->
> SELECT
> > id, username, attribute, value, op FROM radcheck WHERE
> >
> username = 'isaac' ORDER BY id
> > [sql] User found in radcheck table
> >
> [sql] expand: SELECT id, username, attribute, value, op FROM
> > radreply
> WHERE username = '%{SQL-User-Name}' ORDER BY
> > id -> SELECT
> > id,
> username, attribute, value, op FROM radreply WHERE
> > username = 'isaac'
> ORDER BY id
> > [sql] expand: SELECT groupname FROM radusergroup
> > WHERE
> username = '%{SQL-User-Name}' ORDER BY priority -> SELECT
> > groupname
> >
> FROM radusergroup WHERE username = 'isaac' ORDER
> > BY priority
> > [sql]
> expand: SELECT id, groupname, attribute, Value, op
> > FROM radgroupcheck
> WHERE groupname = '%{Sql-Group}'
> > ORDER BY
> > id -> SELECT id,
> groupname, attribute, Value, op FROM
> > radgroupcheck WHERE groupname =
> '300k' ORDER BY id
> > [sql] User found in group 300k
> > [sql] expand:
> SELECT id, groupname, attribute, value, op
> > FROM radgroupreply WHERE
> groupname = '%{Sql-Group}'
> > ORDER BY
> > id -> SELECT id, groupname,
> attribute, value, op FROM
> > radgroupreply WHERE groupname = '300k' ORDER
> BY id
> > rlm_sql (sql): Released sql socket id: 4
> > ++[sql] returns ok
> >
> ++[expiration] returns noop
> > ++[logintime] returns noop
> > Found
> Auth-Type = Accept
> > Auth-Type = Accept, accepting the user
> > #
> Executing section session from file
> /etc/freeradius/sites-enabled/default
> > +- entering group session
> {...}
> > [radutmp] expand: /var/log/freeradius/radutmp ->
> >
> /var/log/freeradius/radutmp
> > [radutmp] expand: %{User-Name} -> isaac
> >
> ++[radutmp] returns ok
> > Login OK: [isaac] (from client servidor-new
> port 33 cli 78:44:76:00:30:F8)
> > # Executing section post-auth from
> file
> > /etc/freeradius/sites-enabled/default
> > +- entering group
> post-auth {...}
> > [sql] expand: %{User-Name} -> isaac
> > [sql]
> sql_set_user escaped user --> 'isaac'
> > [sql] expand: %{User-Password}
> ->
> > [sql] ... expanding second conditional
> > [sql] expand:
> %{Chap-Password} ->
> > [sql] expand: INSERT INTO radpostauth
> > (username,
> pass, reply, authdate) VALUES (
> >
> > '%{User-Name}',
> >
> '%{%{User-Password}:-%{Chap-Password}}',
> > '%{reply:Packet-Type}', '%S')
> -> INSERT INTO radpo
> > stauth (username, pass, reply, authdate)
> > VALUES
> ( 'isaac',
> >
> > '', 'Access-Accept', '2012-03-08 05:43:33')
> > rlm_sql
> (sql) in sql_postauth: query is INSERT INTO radpostauth
> > (username,
> pass, reply, authdate)
> > VALUES (
> > 'isaac', '',
> > 'Access-Accept',
> '2012-03-08 05:43:33')
> > rlm_sql (sql): Reserving sql socket id: 3
> >
> rlm_sql (sql): Released sql socket id: 3
> > ++[sql] returns ok
> > ++[exec]
> returns noop
> > Sending Access-Accept of id 40 to 10.0.1.252 port 59064
> >
> Framed-IP-Address := 10.254.10.100
> > Framed-IP-Netmask :=
> 255.255.255.0
> > Mikrotik-Rate-Limit := "100k/300k 0/0 0/0 20/20 8
> 50k/128k"
> > Port-Limit := 1
> > Framed-Compression :=
> Van-Jacobson-TCP-IP
> > Framed-Protocol := PPP
> > Service-Type :=
> Framed-User
> > Framed-MTU := 1480
> > Finished request 0.
> > Going to the
> next request
> > Waking up in 4.9 seconds.
> > rad_recv: Accounting-Request
> packet from host 10.0.1.252 port 48283, id=41,
> > length=158
> >
> Service-Type = Framed-User
> > Framed-Protocol = PPP
> > NAS-Port = 33
> >
> NAS-Port-Type = Ethernet
> > User-Name = "isaac"
> > Calling-Station-Id =
> "78:44:76:00:30:F8"
> > Called-Station-Id = "pppoe-server"
> > NAS-Port-Id =
> "BRIDGE"
> > Acct-Session-Id = "81f00016"
> > Framed-IP-Address =
> 10.254.10.100
> > Framed-IP-Netmask = 255.255.255.0
> > Acct-Authentic =
> RADIUS
> > Event-Timestamp = "Mar 8 2012 05:44:13 BRT"
> > Acct-Status-Type
> = Start
> > NAS-Identifier = "servidor-new"
> > Acct-Delay-Time = 0
> >
> NAS-IP-Address = 10.0.1.252
> > # Executing section preacct from file
> /etc/freeradius/sites-enabled/default
> > +- entering group preacct
> {...}
> > ++[preprocess] returns ok
> > [acct_unique] Hashing 'NAS-Port =
> 33,Client-IP-Address =
> > 10.0.1.252,NAS-IP-Address =
> 10.0.1.252,Acct-Session-Id =
> > "81f00016",User-Name = "isaac"'
> >
> [acct_unique] Acct-Unique-Session-ID = "d8f9a714fdb84ddf".
> >
> ++[acct_unique] returns ok
> > [suffix] No '@' in User-Name = "isaac",
> looking up realm NULL
> > [suffix] No such realm "NULL"
> > ++[suffix]
> returns noop
> > # Executing section accounting from file
> >
> /etc/freeradius/sites-enabled/default
> > +- entering group accounting
> {...}
> > [detail] expand:
> >
> /var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d ->
> >
> /var/log/freeradius/radacct/10.0.1.252/detail-20120308
> > [detail]
> /var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d
> > expands
> to /var/log/freeradius/radacct/10.0.1.252/detail-20120308
> > [detail]
> expand: %t -> Thu Mar 8 05:43:33 2012
> > ++[detail] returns ok
> > ++[unix]
> returns ok
> > [radutmp] expand: /var/log/freeradius/radutmp ->
> >
> /var/log/freeradius/radutmp
> > [radutmp] expand: %{User-Name} -> isaac
> >
> ++[radutmp] returns ok
> > [sql] expand: %{User-Name} -> isaac
> > [sql]
> sql_set_user escaped user --> 'isaac'
> > [sql] expand: %{Acct-Delay-Time}
> -> 0
> > [sql] expand: INSERT INTO radacct (acctsessionid,
> > acctuniqueid,
> username, realm, nasipaddress,
> > naspo
> > rtid, nasporttype,
> acctstarttime, acctstoptime,
> > acctsessiontime, acctauthentic,
> connectinfo_start,
> > connectinf
> > o_stop, acctinputoctets,
> acctoutputoctets, calledstationid,
> > callingstationid,
> acctterminatecause, servicetype,
> > framedprotocol,
> > framedipaddress,
> acctstartdelay, acctstopdelay,
> > xascendsessionsvrkey) VALUES
> ('%{Acct-Session-Id}',
> > '%{Acct-Unique-Ses
> > sion-Id}',
> '%{SQL-User-Name}', '%{Realm}',
> > '%{NAS-IP-Address}', '%{NAS-Port}',
> '%{NAS-Port-Type}', '%S',
> > NULL,
> > '0', '%{Acct-Authentic}',
> '%{Connect-Info}', '', '0', '0',
> > '%{Called-Station-Id}',
> '%{Calling-Station-Id}', '',
> > '%{Ser
> > vice-Type}',
> '%{Framed-Protocol}', '%{Framed-IP-Address}',
> > rlm_sql (sql): Reserving
> sql socket id: 2
> > rlm_sql (sql): Released sql socket id: 2
> > ++[sql]
> returns ok
> > ++[exec] returns noop
> > [attr_filter.accounting_response]
> expand: %{User-Name} -> isaac
> > attr_filter: Matched entry DEFAULT at
> line 12
> > ++[attr_filter.accounting_response] returns updated
> > Sending
> Accounting-Response of id 41 to 10.0.1.252 port 48283
> > Finished request
> 1.
> > Cleaning up request 1 ID 41 with timestamp +43
> > Going to the next
> request
> > Waking up in 4.9 seconds.
> > rad_recv: Accounting-Request
> packet from host 10.0.1.252 port 40441, id=42,
> > length=206
> >
> Service-Type = Framed-User
> > Framed-Protocol = PPP
> > NAS-Port = 33
> >
> NAS-Port-Type = Ethernet
> > User-Name = "isaac"
> > Calling-Station-Id =
> "78:44:76:00:30:F8"
> > Called-Station-Id = "pppoe-server"
> > NAS-Port-Id =
> "BRIDGE"
> > Acct-Session-Id = "81f00016"
> > Framed-IP-Address =
> 10.254.10.100
> > Framed-IP-Netmask = 255.255.255.0
> > Acct-Authentic =
> RADIUS
> > Event-Timestamp = "Mar 8 2012 05:44:13 BRT"
> > Acct-Session-Time
> = 0
> > Acct-Input-Octets = 0
> > Acct-Input-Gigawords = 0
> >
> Acct-Input-Packets = 0
> > Acct-Output-Octets = 28
> > Acct-Output-Gigawords
> = 0
> > Acct-Output-Packets = 3
> > Acct-Status-Type = Stop
> >
> Acct-Terminate-Cause = User-Request
> > NAS-Identifier = "servidor-new"
> >
> Acct-Delay-Time = 0
> > NAS-IP-Address = 10.0.1.252
> > # Executing section
> preacct from file /etc/freeradius/sites-enabled/default
> > +- entering
> group preacct {...}
> > ++[preprocess] returns ok
> > [acct_unique] Hashing
> 'NAS-Port = 33,Client-IP-Address =
> > 10.0.1.252,NAS-IP-Address =
> 10.0.1.252,Acct-Session-Id =
> > "81f00016",User-Name = "isaac"'
> >
> [acct_unique] Acct-Unique-Session-ID = "d8f9a714fdb84ddf".
> >
> ++[acct_unique] returns ok
> > [suffix] No '@' in User-Name = "isaac",
> looking up realm NULL
> > [suffix] No such realm "NULL"
> > ++[suffix]
> returns noop
> > # Executing section accounting from file
> >
> /etc/freeradius/sites-enabled/default
> > +- entering group accounting
> {...}
> > [detail] expand:
> >
> /var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d ->
> >
> /var/log/freeradius/radacct/10.0.1.252/detail-20120308
> > [detail]
> /var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d
> > expands
> to /var/log/freeradius/radacct/10.0.1.252/detail-20120308
> > [detail]
> expand: %t -> Thu Mar 8 05:43:33 2012
> > ++[detail] returns ok
> > ++[unix]
> returns ok
> > [radutmp] expand: /var/log/freeradius/radutmp ->
> >
> /var/log/freeradius/radutmp
> > [radutmp] expand: %{User-Name} -> isaac
> >
> ++[radutmp] returns ok
> > [sql] expand: %{User-Name} -> isaac
> > [sql]
> sql_set_user escaped user --> 'isaac'
> > [sql] expand:
> %{Acct-Input-Gigawords} -> 0
> > [sql] expand: %{Acct-Input-Octets} -> 0
> >
> [sql] expand: %{Acct-Output-Gigawords} -> 0
> > [sql] expand:
> %{Acct-Output-Octets} -> 28
> > [sql] expand: %{Acct-Delay-Time} -> 0
> >
> [sql] expand: UPDATE radacct SET acctstoptime
> > = '%S', acctsessiontime
> = '%{Acct-Session-Time}',
> > tinputoctets =
> '%{%{Acct-Input-Gigawords}:-0}' UPDATE radacct SET
> > acctstoptime =
> '2012-03-08 05:43:33',
> > acctsessiontime = '0', acctinputoctets = '0'
> Não tem nenhum DROP na OUTPUT do firewall do radius? Pedro Angones Em
> 07/03/2012, às 22:19, Isaac Sampaio escreveu:
> >>
> >>> Putz!! Estou
> desde 14:00 brigando com um aqui que não quer funcionar por nada. Pior é
> que não gera erro. Quando coloco o secrets no MK, funciona, mas quando
> desabilito ele vai buscar no FreeRadius, dá a mensagem abaixo: Wed Mar 7
> 22:09:17 2012 : Auth: Login OK: [usertest] (from client servidor-new
> port 28 cli 78:44:76:00:30:F8) Mas dá erro na conexão e no MK não cria
> nada. vlw Em 7 de março de 2012 22:12, Alexandre J. Correa - Onda
> Internet < alexandre em onda.net.br [1]> escreveu:
> >>>
> >>>> uso aqui...
> funciona blz !! Em 07/03/2012 21:51, Isaac Sampaio escreveu:
> >>>>
>
> >>>>> Olá amigos, alguém de vocês usam o freeradius na versão 2.1.10
> >>
> juntamento
> >>
> >>>>> com o mikrotik? Grato. Isaac
> ______________________________**_________________ Inclusaodigital
> mailing list Inclusaodigital em anid.com.br [2] http://mail.anid.com.br/
> [3]**mailman/listinfo/**inclusaodigital
> >>
> http://mail.anid.com.br/mailman/listinfo/inclusaodigital [7]> -- Sds.
> Alexandre Jeronimo Correa Socio-Administrador Onda Internet
> www.onda.net.br [8] IPV6 Ready !
> ______________________________**_________________ Inclusaodigital mai
> >>
>
> >>>
> nid.com.br/">http://mail.anid.com.br/**mailman/listinfo/**inclusaodigital
> _______________________________________________ Inclusaodigital mailing
> list Inclusaodigital em anid.com.br [5]
> >>
> .com.br/mailman/listinfo/inclusaodigital">
> http://mail.anid.com.br/mailman/listinfo/inclusaodigital
> -- This message has been scanned for viruses and dangerous content by
> MailScanner, and is believed to be clean. -- This message has been
> scanned for viruses and dangerous content by MailScanner, and is
> believed to be clean. _______________________________________________
> Inclusaodigital mailing list Inclusaodigital em anid.com.br [9] http:/
> >>
>
> >>>
> >
> > _______________________________________________
> >
> Inclusaodigital mailing list
> > Inclusaodigital em anid.com.br [11]
> >
> http://mail.anid.com.br/mailman/listinfo/inclusaodigital [12]
> >
> >
>
>
>
> Links:
> ------
> [1]
> mailto:alexandre em onda.net.br
> [2] mailto:Inclusaodigital em anid.com.br
> [3]
> http://mail.anid.com.br/
> [4]
> http://mail.anid.com.br/mailman/listinfo/inclusaodigital
> [5]
> mailto:Inclusaodigital em anid.com.br
> [6]
> mailto:isaac.sampaio em gmail.com
> [7]
> http://mail.anid.com.br/mailman/listinfo/inclusaodigital
> [8]
> http://www.onda.net.br
> [9] mailto:Inclusaodigital em anid.com.br
> [10]
> mailto:pedro em globalwave.com.br
> [11]
> mailto:Inclusaodigital em anid.com.br
> [12]
> http://mail.anid.com.br/mailman/listinfo/inclusaodigital
>
>
> !DSPAM:4f588bc4146327442261251!
> _______________________________________________
> Inclusaodigital mailing list
> Inclusaodigital em anid.com.br
> http://mail.anid.com.br/mailman/listinfo/inclusaodigital
>
Mais detalhes sobre a lista de discussão Inclusaodigital