Приветствую всех, сегодня попросили посмотреть дружественную сеть, там стали переходить на PPPoE и вот какая штука, для вновь созданных клиентов все работает, для старых нет, ниже примеры:
Новый клиент, все ОК
radtest 220 220 127.0.0.1 0 HfLbEcGfHjKm
Sending Access-Request of id 86 to 127.0.0.1 port 1812
User-Name = "220"
User-Password = "220"
NAS-IP-Address = 255.255.255.255
NAS-Port = 0
rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=86, length=38
Framed-IP-Address = 192.168.4.110
Framed-IP-Netmask = 255.255.255.255
Framed-Protocol = PPP
Старый клиент:
radtest 4125 4125 127.0.0.1 0 HfLbEcGfHjKm
Sending Access-Request of id 124 to 127.0.0.1 port 1812
User-Name = "4125"
User-Password = "4125"
NAS-IP-Address = 255.255.255.255
NAS-Port = 0
Re-sending Access-Request of id 124 to 127.0.0.1 port 1812
User-Name = "4125"
User-Password = "4125"
NAS-IP-Address = 255.255.255.255
NAS-Port = 0
rad_recv: Access-Reject packet from host 127.0.0.1:1812, id=124, length=20
Не работает
В радиусе при этом
rad_recv: Access-Request packet from host 127.0.0.1:47309, id=7, length=56
User-Name = "4125"
User-Password = "4125"
NAS-IP-Address = 255.255.255.255
NAS-Port = 0
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 2
modcall[authorize]: module "preprocess" returns ok for request 2
modcall[authorize]: module "chap" returns noop for request 2
modcall[authorize]: module "mschap" returns noop for request 2
rlm_realm: No '@' in User-Name = "4125", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 2
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module "eap" returns noop for request 2
modcall[authorize]: module "files" returns notfound for request 2
radius_xlat: '4125'
rlm_sql (sql): sql_set_user escaped user --> '4125'
radius_xlat: 'call radcheckmac4('4125')'
rlm_sql (sql): Reserving sql socket id: 1
radius_xlat: ''
radius_xlat: 'call radreply('4125')'
radius_xlat: ''
rlm_sql (sql): Released sql socket id: 1
rlm_sql (sql): No matching entry in the database for request from user [4125]
modcall[authorize]: module "sql" returns notfound for request 2
rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this.
modcall[authorize]: module "pap" returns noop for request 2
modcall: leaving group authorize (returns ok) for request 2
auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user
auth: Failed to validate the user.
Delaying request 2 for 1 seconds
Finished request 2
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 7 to 127.0.0.1 port 47309
Waking up in 4 seconds...
--- Walking the entire request list ---
Cleaning up request 2 ID 7 with timestamp 52288b64
Nothing to do. Sleeping until we see a request.
В базе проверяем пароли:
mysql> call radcheck('220');
+------+------+-----------+-------+----+
| id | name | Attribute | Value | == |
+------+------+-----------+-------+----+
| 2601 | 220 | Password | 220 | == |
+------+------+-----------+-------+----+
1 row in set (0.00 sec)
Query OK, 0 rows affected (0.00 sec)
mysql> call radcheck('4125');
+-----+------+-----------+-------+----+
| id | name | Attribute | Value | == |
+-----+------+-----------+-------+----+
| 644 | 4125 | Password | 4125 | == |
+-----+------+-----------+-------+----+
1 row in set (0.00 sec)
Query OK, 0 rows affected (0.00 sec)
mysql> call radreply('4125');
+------+-------+-------------------+---------------+---+
| NULL | login | Framed-IP-Address | usr_ip | = |
+------+-------+-------------------+---------------+---+
| NULL | 4125 | Framed-IP-Address | 192.168.4.125 | = |
+------+-------+-------------------+---------------+---+
1 row in set (0.00 sec)
+------+-------+-------------------+-----------------+---+
| NULL | login | Framed-IP-Netmask | 255.255.255.255 | = |
+------+-------+-------------------+-----------------+---+
| NULL | 4125 | Framed-IP-Netmask | 255.255.255.255 | = |
+------+-------+-------------------+-----------------+---+
1 row in set (0.00 sec)
+------+-------+-----------------+-----+---+
| NULL | login | Framed-Protocol | PPP | = |
+------+-------+-----------------+-----+---+
| NULL | 4125 | Framed-Protocol | PPP | = |
+------+-------+-----------------+-----+---+
1 row in set (0.00 sec)
Да по серверу:
uname -a
FreeBSD stronglan_sat 9.1-RELEASE-p3 FreeBSD 9.1-RELEASE-p3 #0: Mon May 20 10:10:17 EEST 2013
radiusd -v
radiusd: FreeRADIUS Version 1.1.8, for host amd64-portbld-freebsd9.1, built on Feb 17 2013 at 17:07:15
Nodeny 50.32
Вроди с паролями все нормально, но не авторизирует, при этом со всеми новыми юзерами все ОК, куда смотреть уже не знаю.
Буду благодарен за пинок в нужном направлении.
Вопрос закрыт. Ошибка была в sql.conf
Заменил
# authorize_check_query = "call radcheckmac4('%{SQL-User-Name}')"
на
authorize_check_query = "call radcheck('%{SQL-User-Name}')"
Все завелось.