|
Linux pppoe-server radius client и авторизация через AD
Народ срочно нужна помощь. Поделитесть опытом.
Или подскажите куда двигаться. Нужно настроить PPPoE сервер на Linuxe, чтобы он брал учётки с AD, а так же IP адрес для тунеля из вкладки пользователя в AD Dial-Up. Стоит: SuSe ES 10, на нём поднят pppoe server rp-pppoe-3.8, radiusclient, pppd, подгружены модули pppoe.ko, ppp_mppe.ko. Домен на Windows 2003 server. Привожу свои конфиги: /etc/ppp/pppoe-server-options: --------------------------------- # PPP options for the PPPoE server # LIC: GPL logfile /var/log/pppoe.log debug mtu 1472 mru 1472 auth #require-pap require-chap #require-mschap-v2 #require-mppe default-asyncmap ktune lcp-echo-interval 20 lcp-echo-failure 2 ms-dns 192.168.1.252 plugin radius.so plugin radattr.so #192.168.2.251: nobsdcomp noccp noendpoint noipdefault noipx novj receive-all ------------------------------------ /etc/ppp/radiusclient/servers: -------------------------------------------------------- 192.168.1.252 xxxxxxx -------------------------------------------------------- /etc/ppp/radiusclient/radiusclient.conf: -------------------------------------------------------- #Server Name or Client/Server pair Key #---------------- --------------- #portmaster.elemental.net hardlyasecret #portmaster2.elemental.net donttellanyone # # uncomment the following line for simple testing of radlogin # with radiusd 1.16.1 #localhost/localhost testing123 192.168.1.252 xxxxxxx gw0:/etc/ppp/radiusclient # cat radiusclient.conf # General settings # specify which authentication comes first respectively which # authentication is used. possible values are: "radius" and "local". # if you specify "radius,local" then the RADIUS server is asked # first then the local one. if only one keyword is specified only # this server is asked. auth_order radius,local # maximum login tries a user has login_tries 4 # timeout for all login tries # if this time is exceeded the user is kicked out login_timeout 60 # name of the nologin file which when it exists disables logins. # it may be extended by the ttyname which will result in # a terminal specific lock (e.g. /etc/nologin.ttyS2 will disable # logins on /dev/ttyS2) nologin /etc/nologin # name of the issue file. it's only display when no username is passed # on the radlogin command line issue /etc/radiusclient/issue # RADIUS settings # RADIUS server to use for authentication requests. this config # item can appear more then one time. if multiple servers are # defined they are tried in a round robin fashion if one # server is not answering. # optionally you can specify a the port number on which is remote # RADIUS listens separated by a colon from the hostname. if # no port is specified /etc/services is consulted of the radius # service. if this fails also a compiled in default is used. authserver 192.168.1.252:1812 # RADIUS server to use for accouting requests. All that I # said for authserver applies, too. # acctserver 192.168.1.252:1813 # file holding shared secrets used for the communication # between the RADIUS client and server servers /etc/radiusclient/servers # dictionary of allowed attributes and values # just like in the normal RADIUS distributions dictionary /etc/radiusclient/dictionary # program to call for a RADIUS authenticated login login_radius /usr/sbin/login.radius # file which holds sequence number for communication with the # RADIUS server seqfile /var/run/radius.seq # file which specifies mapping between ttyname and NAS-Port attribute mapfile /etc/radiusclient/port-id-map # default authentication realm to append to all usernames if no # realm was explicitly specified by the user # the radiusd directly form Livingston doesnt use any realms, so leave # it blank then default_realm # time to wait for a reply from the RADIUS server radius_timeout 10 # resend request this many times before trying the next server radius_retries 3 # LOCAL settings # program to execute for local login # it must support the -f flag for preauthenticated login login_local /bin/login ---------------------------------------------------------------------- при попытке соединения выдаётся следущее в /var/log/pppoe.log: Feb 22 04:07:07 gw0 pppd[18376]: Plugin radius.so loaded. Feb 22 04:07:07 gw0 pppd[18376]: RADIUS plugin initialized. Feb 22 04:07:07 gw0 pppd[18376]: Plugin radattr.so loaded. Feb 22 04:07:07 gw0 pppd[18376]: RADATTR plugin initialized. Feb 22 04:07:07 gw0 pppd[18376]: pppd 2.4.3 started by root, uid 0 Feb 22 04:07:07 gw0 pppd[18376]: using channel 43 Feb 22 04:07:07 gw0 pppd[18376]: Using interface ppp0 Feb 22 04:07:07 gw0 pppd[18376]: Connect: ppp0 <--> /dev/pts/4 Feb 22 04:07:07 gw0 pppd[18376]: rcvd [LCP ConfReq id=0x0 <mru 1480> <magic 0x727a6899> <callback CBCP>] Feb 22 04:07:07 gw0 pppd[18376]: sent [LCP ConfReq id=0x1 <mru 1472> <auth chap MD5> <magic 0x579b48bb>] Feb 22 04:07:07 gw0 pppd[18376]: sent [LCP ConfRej id=0x0 <callback CBCP>] Feb 22 04:07:07 gw0 pppd[18376]: rcvd [LCP ConfAck id=0x1 <mru 1472> <auth chap MD5> <magic 0x579b48bb>] Feb 22 04:07:07 gw0 pppd[18376]: rcvd [LCP ConfReq id=0x1 <mru 1480> <magic 0x727a6899>] Feb 22 04:07:07 gw0 pppd[18376]: sent [LCP ConfAck id=0x1 <mru 1480> <magic 0x727a6899>] Feb 22 04:07:07 gw0 pppd[18376]: sent [LCP EchoReq id=0x0 magic=0x579b48bb] Feb 22 04:07:07 gw0 pppd[18376]: sent [CHAP Challenge id=0x4f <7ef9787b50f194c2be0069d6143513aa>, name = "gw0"] Feb 22 04:07:07 gw0 pppd[18376]: rcvd [LCP code=0xc id=0x2 72 7a 68 99 4d 53 52 41 53 56 35 2e 31 30] Feb 22 04:07:07 gw0 pppd[18376]: sent [LCP CodeRej id=0x2 0c 02 00 12 72 7a 68 99 4d 53 52 41 53 56 35 2e 31 30] Feb 22 04:07:07 gw0 pppd[18376]: rcvd [LCP code=0xc id=0x3 72 7a 68 99 4d 53 52 41 53 2d 30 2d 4c 49 4e 55 58 4f 49 44] Feb 22 04:07:07 gw0 pppd[18376]: sent [LCP CodeRej id=0x3 0c 03 00 18 72 7a 68 99 4d 53 52 41 53 2d 30 2d 4c 49 4e 55 58 4f 49 44] Feb 22 04:07:07 gw0 pppd[18376]: rcvd [LCP EchoRep id=0x0 magic=0x727a6899] Feb 22 04:07:07 gw0 pppd[18376]: rcvd [CHAP Response id=0x4f <95af455dd3afe4f999467c0749951396>, name = "LOTOS\\a.borovkov"] Feb 22 04:07:07 gw0 pppd[18376]: rc_avpair_new: unknown attribute 60 Feb 22 04:07:40 gw0 pppd[18376]: rc_send_server: no reply from RADIUS server loader.lotos.local:1812 Feb 22 04:07:40 gw0 pppd[18376]: Peer LOTOS\\a.borovkov failed CHAP authentication Feb 22 04:07:40 gw0 pppd[18376]: sent [CHAP Failure id=0x4f ""] Feb 22 04:07:40 gw0 pppd[18376]: sent [LCP TermReq id=0x4 "Authentication failed"] Feb 22 04:07:40 gw0 pppd[18376]: Terminating on signal 15 Feb 22 04:07:40 gw0 pppd[18376]: rcvd [CHAP Response id=0x4f <95af455dd3afe4f999467c0749951396>, name = "LOTOS\\a.borovkov"] Feb 22 04:07:40 gw0 pppd[18376]: Discarded non-LCP packet when LCP not open Feb 22 04:07:40 gw0 pppd[18376]: rcvd [CHAP Response id=0x4f <95af455dd3afe4f999467c0749951396>, name = "LOTOS\\a.borovkov"] Feb 22 04:07:40 gw0 pppd[18376]: Discarded non-LCP packet when LCP not open Feb 22 04:07:40 gw0 pppd[18376]: rcvd [CHAP Response id=0x4f <95af455dd3afe4f999467c0749951396>, name = "LOTOS\\a.borovkov"] Feb 22 04:07:40 gw0 pppd[18376]: Discarded non-LCP packet when LCP not open Feb 22 04:07:40 gw0 pppd[18376]: rcvd [CHAP Response id=0x4f <95af455dd3afe4f999467c0749951396>, name = "LOTOS\\a.borovkov"] Feb 22 04:07:40 gw0 pppd[18376]: Discarded non-LCP packet when LCP not open Feb 22 04:07:40 gw0 pppd[18376]: rcvd [CHAP Response id=0x4f <95af455dd3afe4f999467c0749951396>, name = "LOTOS\\a.borovkov"] Feb 22 04:07:40 gw0 pppd[18376]: Discarded non-LCP packet when LCP not open Feb 22 04:07:40 gw0 pppd[18376]: rcvd [CHAP Response id=0x4f <95af455dd3afe4f999467c0749951396>, name = "LOTOS\\a.borovkov"] Feb 22 04:07:40 gw0 pppd[18376]: Discarded non-LCP packet when LCP not open Feb 22 04:07:40 gw0 pppd[18376]: rcvd [CHAP Response id=0x4f <95af455dd3afe4f999467c0749951396>, name = "LOTOS\\a.borovkov"] Feb 22 04:07:40 gw0 pppd[18376]: Discarded non-LCP packet when LCP not open Feb 22 04:07:40 gw0 pppd[18376]: rcvd [CHAP Response id=0x4f <95af455dd3afe4f999467c0749951396>, name = "LOTOS\\a.borovkov"] Feb 22 04:07:40 gw0 pppd[18376]: Discarded non-LCP packet when LCP not open Feb 22 04:07:40 gw0 pppd[18376]: rcvd [CHAP Response id=0x4f <95af455dd3afe4f999467c0749951396>, name = "LOTOS\\a.borovkov"] Feb 22 04:07:40 gw0 pppd[18376]: Discarded non-LCP packet when LCP not open Feb 22 04:07:40 gw0 pppd[18376]: rcvd [LCP TermReq id=0x4 "rzh\37777777631\000<\37777777715t\000\000\002\37777777716"] Feb 22 04:07:40 gw0 pppd[18376]: sent [LCP TermAck id=0x4] Feb 22 04:07:43 gw0 pppd[18376]: sent [LCP TermReq id=0x5 "User request"] Feb 22 04:07:46 gw0 pppd[18376]: Connection terminated. Feb 22 04:07:46 gw0 pppd[18376]: Modem hangup Feb 22 04:07:46 gw0 pppd[18376]: Waiting for 1 child processes... Feb 22 04:07:46 gw0 pppd[18376]: script /usr/local/rp-pppoe-3.8/sbin/pppoe -n -I eth0 -e 29:00:0c:29:4c:72:7a -S '', pid 18377 Feb 22 04:07:46 gw0 pppd[18376]: Script /usr/local/rp-pppoe-3.8/sbin/pppoe -n -I eth0 -e 29:00:0c:29:4c:72:7a -S '' finished (pid 18377), status = 0x1 Feb 22 04:07:46 gw0 pppd[18376]: RADATTR plugin removed file /var/run/radattr.ppp0. Feb 22 04:07:46 gw0 pppd[18376]: Exit. |
Добрый день
Решаю задачу Linux pppoe-server radius client и авторизация через AD ip из учетной записи- пока безуспешно Подскажите плз Вам удалось реализовать такую схему? |
| Время: 17:15. |
Время: 17:15.
© OSzone.net 2001-