在配置pptpd+radius+mysql的過程中碰見的問題,望各位達人幫忙指點一下!!!
最近看了網路中盛行的pptpd+radius+mysql -sdathisetsket- 安裝攻略1,2,3 這篇文章,在進行配置的過程中出現一問題,實在無法解決,在這裡希望哪位高人指點一下,萬分感謝,
困惑一個星期了.
錯誤日誌如下:
tail -f /var/log/messages
Apr 2 10:31:16 localhost pptpd: CTRL: Client 219.237.24.160 control connection started
Apr 2 10:31:16 localhost pptpd: CTRL: Starting call (launching pppd, opening GRE)
Apr 2 10:31:16 localhost pppd: Plugin /usr/lib/pppd/2.4.4/radius.so loaded.
Apr 2 10:31:16 localhost pppd: RADIUS plugin initialized.
Apr 2 10:31:16 localhost pppd: Plugin /usr/lib/pptpd/pptpd-logwtmp.so loaded.
Apr 2 10:31:16 localhost pppd: pptpd-logwtmp: $Version$
Apr 2 10:31:16 localhost pppd: pppd options in effect:
Apr 2 10:31:16 localhost pppd: debug # (from /etc/ppp/options.pptpd)
Apr 2 10:31:16 localhost pppd: logfile /var/log/pptpd.log # (from /etc/ppp/options.pptpd)
Apr 2 10:31:16 localhost pppd: dump # (from /etc/ppp/options.pptpd)
Apr 2 10:31:16 localhost pppd: plugin /usr/lib/pppd/2.4.4/radius.so # (from command line)
Apr 2 10:31:16 localhost pppd: plugin /usr/lib/pptpd/pptpd-logwtmp.so # (from command line)
Apr 2 10:31:16 localhost pppd: require-mschap-v2 # (from /etc/ppp/options.pptpd)
Apr 2 10:31:16 localhost pppd: refuse-pap # (from /etc/ppp/options.pptpd)
Apr 2 10:31:16 localhost pppd: refuse-chap # (from /etc/ppp/options.pptpd)
Apr 2 10:31:16 localhost pppd: refuse-mschap # (from /etc/ppp/options.pptpd)
Apr 2 10:31:16 localhost pppd: name pptpd # (from /etc/ppp/options.pptpd)
Apr 2 10:31:16 localhost pppd: pptpd-original-ip 219.237.24.160 # (from command line)
Apr 2 10:31:16 localhost pppd: radius-config-file /etc/radiusclient/radiusclient.conf # (from /etc/ppp/options.pptpd)
Apr 2 10:31:16 localhost pppd: 115200 # (from command line)
Apr 2 10:31:16 localhost pppd: lock # (from /etc/ppp/options.pptpd)
Apr 2 10:31:16 localhost pppd: local # (from command line)
Apr 2 10:31:16 localhost pppd: novj # (from /etc/ppp/options.pptpd)
Apr 2 10:31:16 localhost pppd: novjccomp # (from /etc/ppp/options.pptpd)
Apr 2 10:31:16 localhost pppd: ipparam 219.237.24.160 # (from command line)
Apr 2 10:31:16 localhost pppd: proxyarp # (from /etc/ppp/options.pptpd)
Apr 2 10:31:16 localhost pppd: 192.168.5.10:192.168.7.225 # (from command line)
Apr 2 10:31:16 localhost pppd: nobsdcomp # (from /etc/ppp/options.pptpd)
Apr 2 10:31:16 localhost pppd: require-mppe-128 # (from /etc/ppp/options.pptpd)
Apr 2 10:31:16 localhost pppd: pppd 2.4.4 started by root, uid 0
Apr 2 10:31:16 localhost pppd: Using interface ppp0
Apr 2 10:31:16 localhost pppd: Connect: ppp0 <--> /dev/pts/3
Apr 2 10:31:16 localhost pptpd: CTRL: Ignored a SET LINK INFO packet with real ACCMs!
Apr 2 10:31:26 localhost pppd: Peer miladuo failed CHAP authentication
Apr 2 10:31:26 localhost pppd: Connection terminated.
Apr 2 10:31:26 localhost pppd: Exit.
Apr 2 10:31:26 localhost pptpd: GRE: read(fd=6,buffer=8059680,len=8196) from PTY failed: status = -1 error = Input/output error, usually caused by
unexpected termination of pppd, check option syntax and pppd logs
Apr 2 10:31:26 localhost pptpd: CTRL: PTY read or GRE write failed (pty,gre)=(6,7)
Apr 2 10:31:26 localhost pptpd: CTRL: Client 219.237.24.160 control connection finished
vi /var/log/pptpd.log
proxyarp # (from /etc/ppp/options.pptpd)
192.168.5.10:192.168.7.225 # (from command line)
nobsdcomp # (from /etc/ppp/options.pptpd)
require-mppe-128 # (from /etc/ppp/options.pptpd)
using channel 52
Using interface ppp0
Connect: ppp0 <--> /dev/pts/4
sent
rcvd
sent
rcvd
rcvd
sent
sent
rcvd
rcvd
rcvd
Peer miladuo failed CHAP authentication
sent
sent
rcvd
Discarded non-LCP packet when LCP not open
rcvd
Discarded non-LCP packet when LCP not open
rcvd
Discarded non-LCP packet when LCP not open
rcvd
Discarded non-LCP packet when LCP not open
rcvd
Discarded non-LCP packet when LCP not open
rcvd
Connection terminated.
我的服務配置信息如下:
vi /etc/pptpd.conf
option /etc/ppp/options.pptpd
logwtmp
localip 192.168.5.10-30,192.168.5.33
remoteip 192.168.7.225-238,192.168.7.245
vi /etc/ppp/options.pptpd
name pptpd
refuse-pap
refuse-chap
refuse-mschap
require-mschap-v2
require-mppe-128
proxyarp
debug
dump
lock
nobsdcomp
novj
novjccomp
nologfd
plugin /usr/lib/pppd/2.4.4/radius.so
radius-config-file /etc/radiusclient/radiusclient.conf
logfile /var/log/pptpd.log
vi /etc/ppp/chap-secrets
"miladuo" * "1234qwer" *
"miladuo" pptpd "1234qwer" *
vi /etc/raddb/users
miladuo Auth-Type:= MS-CHAP, User-Password=="1234qwer", Simultaneous-Use:=1
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-IP-Address = 255.255.255.254,
Framed-IP-Netmask = 255.255.255.0
vi /etc/raddb/clients.conf
client 127.0.0.1 {
secret = testing123
shortname = localhost
nastype = other
}
其他配置完全按文章修改,如
編輯 radiusd.conf 使其支持mysql認證;
vi /etc/raddb/radiusd.conf
註釋掉 authorize {
的files
去掉sql前的註釋
註釋掉 preacct {
的files
註釋掉 accounting {
的radutmp
去掉sql前面的#
註釋掉 session{
的radutmp
去掉sql前面的#
去掉 post-auth {
sql前的#
總之就是去掉files模塊,開啟sql模塊
我現在在另外一台win機器上面測試撥號,每次都在驗證用戶名密碼那個地方過不去,報錯誤691.我也看了日誌錯誤,百度,google搜索了N天,實在是找不到解決方案,還望大家幫忙看
看.謝謝!
《解決方案》
回復 #1 miladuo 的帖子
radius -X 看看提示信息
樓主的這個是做什麼用途的,是自己玩玩 還是做什麼,是互聯網上的主機,還是公司內部的虛擬機 呵呵
《解決方案》
回復 #2 kns1024wh 的帖子
現在用的是公網環境配置,公網主機,暫時打算測試玩,以後會用在實際環境中.打算做一個基於WEB界面的VPN伺服器.
錯誤日誌如下:
# /usr/sbin/radiusd -x
Starting - reading configuration files ...
Using deprecated naslist file. Support for this will go away soon.
There appears to be another RADIUS server running on the authentication port 1812
# /usr/sbin/radiusd -x
Starting - reading configuration files ...
Using deprecated naslist file. Support for this will go away soon.
Module: Loaded exec
rlm_exec: Wait=yes but no output defined. Did you mean output=none?
Module: Instantiated exec (exec)
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded PAP
Module: Instantiated pap (pap)
Module: Loaded CHAP
Module: Instantiated chap (chap)
Module: Loaded MS-CHAP
Module: Instantiated mschap (mschap)
Module: Loaded System
Module: Instantiated unix (unix)
Module: Loaded eap
rlm_eap: Loaded and initialized type md5
rlm_eap: Loaded and initialized type leap
rlm_eap: Loaded and initialized type gtc
rlm_eap: Loaded and initialized type mschapv2
Module: Instantiated eap (eap)
Module: Loaded preprocess
Module: Instantiated preprocess (preprocess)
Module: Loaded realm
Module: Instantiated realm (suffix)
Module: Loaded SQL
rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked
rlm_sql (sql): Attempting to connect to
[email protected]:/radius
rlm_sql (sql): starting 0
rlm_sql (sql): Attempting to connect rlm_sql_mysql #0
rlm_sql_mysql: Starting connect to MySQL server for #0
rlm_sql (sql): Connected new DB handle, #0
rlm_sql (sql): starting 1
rlm_sql (sql): Attempting to connect rlm_sql_mysql #1
rlm_sql_mysql: Starting connect to MySQL server for #1
rlm_sql (sql): Connected new DB handle, #1
rlm_sql (sql): starting 2
rlm_sql (sql): Attempting to connect rlm_sql_mysql #2
rlm_sql_mysql: Starting connect to MySQL server for #2
rlm_sql (sql): Connected new DB handle, #2
rlm_sql (sql): starting 3
rlm_sql (sql): Attempting to connect rlm_sql_mysql #3
rlm_sql_mysql: Starting connect to MySQL server for #3
rlm_sql (sql): Connected new DB handle, #3
rlm_sql (sql): starting 4
rlm_sql (sql): Attempting to connect rlm_sql_mysql #4
rlm_sql_mysql: Starting connect to MySQL server for #4
rlm_sql (sql): Connected new DB handle, #4
Module: Instantiated sql (sql)
Module: Loaded Acct-Unique-Session-Id
Module: Instantiated acct_unique (acct_unique)
Module: Loaded detail
Module: Instantiated detail (detail)
Initializing the thread pool...
Listening on authentication *:1812
Listening on accounting *:1813
Ready to process requests.
rad_recv: Access-Request packet from host 127.0.0.1:33266, id=195, length=152
Service-Type = Framed-User
Framed-Protocol = PPP
User-Name = "miladuo"
MS-CHAP-Challenge = 0x0d7e55d4ace2b26d40f47aa6937c338d
MS-CHAP2-Response = 0x4c0003d6ad2f6bddf63cc8b11f3d268e0f10000000000000000023f32c74604cd86da4ec265228d65232282c686dbb72aca9
Calling-Station-Id = "219.237.24.160"
NAS-IP-Address = 127.0.0.1
NAS-Port = 0
rlm_sql (sql): Reserving sql socket id: 4
rlm_sql (sql): Released sql socket id: 4
rad_recv: Access-Request packet from host 127.0.0.1:33266, id=195, length=152
Sending Access-Reject of id 195 to 127.0.0.1 port 33266
《解決方案》
回復 #3 miladuo 的帖子
Access-Reject
《解決方案》
問題已經解決,現在自己結貼.
版本問題,因為我用的freeradius是1.1.7版本
換成1.1.0 或者1.1.3都可以.
《解決方案》
回復 #5 miladuo 的帖子
不會呀,1.1.7的可以的
《解決方案》
原帖由 miladuo 於 2009-4-16 16:53 發表 http://bbs2.chinaunix.net/images/common/back.gif
問題已經解決,現在自己結貼.
版本問題,因為我用的freeradius是1.1.7版本
換成1.1.0 或者1.1.3都可以.
是不是哪裡弄錯了?