При попытки соединиться через pppoe от клиента периодически возникают ошибки 691 или 629.
Думаю что бока в радиусе, но могу ошибаться.
Содержание радиуса sql.conf:
#
# Configuration for the SQL module, when using MySQL.
#
# The database schema is available at:
#
# doc/examples/mysql.sql
#
# If you are using PostgreSQL, please use 'postgresql.conf', instead.
# If you are using Oracle, please use 'oracle.conf', instead.
# If you are using MS-SQL, please use 'mssql.conf', instead.
#
# $Id$
#
sql {
# Database type
# Current supported are: rlm_sql_mysql, rlm_sql_postgresql,
# rlm_sql_iodbc, rlm_sql_oracle, rlm_sql_unixodbc, rlm_sql_freetds
driver = "rlm_sql_mysql"
# Connect info
server = "localhost"
login = "bill_kernel"
password = "hardpass4"
# Database table configuration
radius_db = "bill"
# If you want both stop and start records logged to the
# same SQL table, leave this as is. If you want them in
# different tables, put the start table in acct_table1
# and stop table in acct_table2
acct_table1 = "radacct"
acct_table2 = "radacct"
# Allow for storing data after authentication
postauth_table = "radpostauth"
authcheck_table = "radcheck"
authreply_table = "radreply"
groupcheck_table = "radgroupcheck"
groupreply_table = "radgroupreply"
usergroup_table = "usergroup"
# Table to keep radius client info
nas_table = "nas"
# Remove stale session if checkrad does not see a double login
deletestalesessions = yes
# Print all SQL statements when in debug mode (-x)
sqltrace = no
sqltracefile = ${logdir}/sqltrace.sql
# number of sql connections to make to server
num_sql_socks = 5
# number of seconds to dely retrying on a failed database
# connection (per_socket)
connect_failure_retry_delay = 60
# Safe characters list for sql queries. Everything else is replaced
# with their mime-encoded equivalents.
# The default list should be ok
#safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
#######################################################################
# Query config: Username
#######################################################################
# This is the username that will get substituted, escaped, and added
# as attribute 'SQL-User-Name'. '%{SQL-User-Name}' should be used below
# everywhere a username substitution is needed so you you can be sure
# the username passed from the client is escaped properly.
#
# Uncomment the next line, if you want the sql_user_name to mean:
#
# Use Stripped-User-Name, if it's there.
# Else use User-Name, if it's there,
# Else use hard-coded string "DEFAULT" as the user name.
#sql_user_name = "%{Stripped-User-Name:-%{User-Name:-DEFAULT}}"
#
sql_user_name = "%{User-Name}"
#######################################################################
# Default profile
#######################################################################
# This is the default profile. It is found in SQL by group membership.
# That means that this profile must be a member of at least one group
# which will contain the corresponding check and reply items.
# This profile will be queried in the authorize section for every user.
# The point is to assign all users a default profile without having to
# manually add each one to a group that will contain the profile.
# The SQL module will also honor the User-Profile attribute. This
# attribute can be set anywhere in the authorize section (ie the users
# file). It is found exactly as the default profile is found.
# If it is set then it will *overwrite* the default profile setting.
# The idea is to select profiles based on checks on the incoming packets,
# not on user group membership. For example:
# -- users file --
# DEFAULT Service-Type == Outbound-User, User-Profile := "outbound"
# DEFAULT Service-Type == Framed-User, User-Profile := "framed"
#
# By default the default_user_profile is not set
#
#default_user_profile = "DEFAULT"
#
# Determines if we will query the default_user_profile or the User-Profile
# if the user is not found. If the profile is found then we consider the user
# found. By default this is set to 'no'.
#
#
#query_on_not_found = no
#######################################################################
# Authorization Queries
#######################################################################
# These queries compare the check items for the user
# in ${authcheck_table} and setup the reply items in
# ${authreply_table}. You can use any query/tables
# you want, but the return data for each row MUST
# be in the following order:
#
# 0. Row ID (currently unused)
# 1. UserName/GroupName
# 2. Item Attr Name
# 3. Item Attr Value
# 4. Item Attr Operation
#######################################################################
# Use these for case sensitive usernames.
# authorize_check_query = "SELECT id, UserName, Attribute, Value, op \
# FROM ${authcheck_table} \
# WHERE Username = BINARY '%{SQL-User-Name}' \
# ORDER BY id"
# authorize_reply_query = "SELECT id, UserName, Attribute, Value, op \
# FROM ${authreply_table} \
# WHERE Username = BINARY '%{SQL-User-Name}' \
# ORDER BY id"
# The default queries are case insensitive. (for compatibility with
# older versions of FreeRADIUS)
authorize_check_query = "call radcheck('%{SQL-User-Name}')"
authorize_reply_query = "call radreply('%{SQL-User-Name}')"
accounting_update_query = "call radupdate('%{SQL-User-Name}')"
accounting_stop_query = "call radstop('%{SQL-User-Name}')"
}
Содержание mpd:
startup:
set user admin hardpass6
set console self 127.0.0.1 5005
set console open
set web self 0.0.0.0 5006
set web open
default:
load pppoe_server
pppoe_server:
create bundle template B
set ipcp ranges 10.1.1.1/32 127.0.0.2/32
set ipcp dns 82.144.220.2 82.144.220.7
set ccp yes mppc
set mppc yes e40
set mppc yes e56
set mppc yes e128
set mppc yes stateless
set ecp disable dese-bis dese-old
create link template common pppoe
set link enable multilink
set link action bundle B
set link disable chap pap eap
set link enable pap
load radius
set pppoe service "*"
create link template em1 common
set link max-children 1000
set pppoe iface em1
set link enable incoming
radius:
set radius server localhost hardpass5 1812 1813
set radius retries 3
set radius timeout 3
set radius me 127.0.0.1
set auth acct-update 45
set auth enable radius-auth
set auth enable radius-acct
set radius enable message-authentic
Сожержание rc.conf:
ifconfig_em0="DHCP"
ifconfig_em1="inet 10.1.1.2 netmask 255.255.255.0"
hostname="vkuhar.org.ua"
defaultrouter="10.1.10.1"
sshd_enable="YES"
firewall_enable="YES"
gateway_enable="YES"
fsck_y_enable="YES"
background_fsck="NO"
keymap="ru.koi8-r" # keymap in /usr/share/syscons/keymaps/* (or NO).
keyrate="NO" # keyboard rate to: slow, normal, fast (or NO).
scrnmap="koi8-u2cp866u" # screen map in /usr/share/syscons/scrnmaps/* (or NO).
font8x16="cp866u-8x16" # font 8x16 from /usr/share/syscons/fonts/* (or NO).
font8x14="cp866u-8x14" # font 8x14 from /usr/share/syscons/fonts/* (or NO).
font8x8="cp866u-8x8" # font 8x8 from /usr/share/syscons/fonts/* (or NO).
#saver="daemon" # screen saver: Uses /boot/kernel/NO_saver.ko
moused_enable="YES" # Run the mouse daemon.
mousechar_start="3" # if 0xd0-0xd3 default range is occupied in your
# language code table, specify alternative range
# start like mousechar_start=3, see vidcontrol(1)
hald_enable="YES"
dbus_enable="YES"
polkitd_enable="YES"
mysql_enable="YES"
apache22_enable="YES"
pf_enable="YES"
ipcad_enable="YES"
mpd_enable=YES
radiusd_enable="YES"
PS Просьба не ругать за dhcp так это для теста )))
sockstat | grep radius
root radiusd 1222 3 udp4 *:1812 *:*
root radiusd 1222 4 udp4 *:1813 *:*
root radiusd 1222 5 stream -> /tmp/mysql.sock
root radiusd 1222 6 stream -> /tmp/mysql.sock
root radiusd 1222 7 stream -> /tmp/mysql.sock
root radiusd 1222 8 stream -> /tmp/mysql.sock
root radiusd 1222 9 stream -> /tmp/mysql.sock
radtest login pass 127.0.0.1 0 hardpass5
Sending Access-Request of id 4 to 127.0.0.1 port 1812
User-Name = "login"
User-Password = "pass"
NAS-IP-Address = 255.255.255.255
NAS-Port = 0
Re-sending Access-Request of id 4 to 127.0.0.1 port 1812
User-Name = "login"
User-Password = "pass"
NAS-IP-Address = 255.255.255.255
NAS-Port = 0
rad_recv: Access-Reject packet from host 127.0.0.1:1812, id=4, length=20
Если нужна дополнительная инфа напишу, помогите плизз...
