Hey, i copy the dictionary to /etc/radiusclient. But now the connections don't target the Radius Server.
-- epiderme:/etc/radiusclient# ls -l total 68 -rw-r--r-- 1 root root 6593 2008-11-27 15:02 dictionary -rw-r--r-- 1 root root 12388 2006-10-29 08:54 dictionary.ascend -rw-r--r-- 1 root root 1517 2006-10-29 08:54 dictionary.compat -rw-r--r-- 1 root root 646 2008-11-27 14:20 dictionary.merit -rw-r--r-- 1 root root 599 2008-11-27 14:20 dictionary.merit.BKP -rwxr-xr-x 1 root root 3639 2008-11-27 14:42 dictionary.microsoft -rwxr-xr-x 1 root root 2697 2008-11-27 14:20 dictionary.microsoft.BKP -rw-r--r-- 1 root root 135 2006-10-29 08:54 issue -rw-r--r-- 1 root root 410 2006-10-29 08:54 port-id-map -rw-r--r-- 1 root root 508 2008-11-27 13:29 radiusclient.conf -rwxr-xr-x 1 root root 2621 2008-11-24 13:33 radiusclient.conf.EPI -rw-r--r-- 1 root root 435 2008-11-27 12:17 radiusclient.conf.LIMPO -rw------- 1 root root 272 2008-11-24 13:12 servers -- And include on dictionary: -- epiderme:/etc/radiusclient# cat dictionary | grep INCLUDE INCLUDE /etc/radiusclient/dictionary.merit INCLUDE /etc/radiusclient/dictionary.microsoft -- Now, the pptp log: -- Nov 27 15:14:32 epiderme pptpd[13058]: MGR: Launching /usr/sbin/pptpctrl to handle client Nov 27 15:14:32 epiderme pptpd[13058]: CTRL: local address = 150.162.67.200 Nov 27 15:14:32 epiderme pptpd[13058]: CTRL: remote address = 150.162.67.201 Nov 27 15:14:32 epiderme pptpd[13058]: CTRL: pppd options file = /etc/ppp/pptpd-options Nov 27 15:14:32 epiderme pptpd[13058]: CTRL: Client 150.162.67.54 control connection started Nov 27 15:14:32 epiderme pptpd[13058]: CTRL: Received PPTP Control Message (type: 1) Nov 27 15:14:32 epiderme pptpd[13058]: CTRL: Made a START CTRL CONN RPLY packet Nov 27 15:14:32 epiderme pptpd[13058]: CTRL: I wrote 156 bytes to the client. Nov 27 15:14:32 epiderme pptpd[13058]: CTRL: Sent packet to client Nov 27 15:14:32 epiderme pptpd[13058]: CTRL: Received PPTP Control Message (type: 7) Nov 27 15:14:32 epiderme pptpd[13058]: CTRL: Set parameters to 100000000 maxbps, 64 window size Nov 27 15:14:32 epiderme pptpd[13058]: CTRL: Made a OUT CALL RPLY packet Nov 27 15:14:32 epiderme pptpd[13058]: CTRL: Starting call (launching pppd, opening GRE) Nov 27 15:14:32 epiderme pptpd[13058]: CTRL: pty_fd = 6 Nov 27 15:14:32 epiderme pptpd[13058]: CTRL: tty_fd = 7 Nov 27 15:14:32 epiderme pptpd[13059]: CTRL (PPPD Launcher): program binary = /usr/sbin/pppd Nov 27 15:14:32 epiderme pptpd[13059]: CTRL (PPPD Launcher): local address = 150.162.67.200 Nov 27 15:14:32 epiderme pptpd[13059]: CTRL (PPPD Launcher): remote address = 150.162.67.201 Nov 27 15:14:32 epiderme pppd[13059]: Plugin radius.so loaded. Nov 27 15:14:32 epiderme pppd[13059]: RADIUS plugin initialized. Nov 27 15:14:32 epiderme pppd[13059]: Plugin /usr/lib/pptpd/pptpd-logwtmp.so loaded. Nov 27 15:14:32 epiderme pppd[13059]: pptpd-logwtmp: $Version$ Nov 27 15:14:32 epiderme pppd[13059]: pppd 2.4.4 started by root, uid 0 Nov 27 15:14:32 epiderme pptpd[13058]: CTRL: I wrote 32 bytes to the client. Nov 27 15:14:32 epiderme pptpd[13058]: CTRL: Sent packet to client Nov 27 15:14:32 epiderme pppd[13059]: using channel 322 Nov 27 15:14:32 epiderme pppd[13059]: Using interface ppp0 Nov 27 15:14:32 epiderme pptpd[13058]: CTRL: Received PPTP Control Message (type: 15) Nov 27 15:14:32 epiderme pptpd[13058]: CTRL: Got a SET LINK INFO packet with standard ACCMs Nov 27 15:14:32 epiderme pppd[13059]: Connect: ppp0 <--> /dev/pts/2 Nov 27 15:14:32 epiderme pppd[13059]: sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x35f8d0db> <pcomp> <accomp>] Nov 27 15:14:32 epiderme pptpd[13058]: GRE: Bad checksum from pppd. Nov 27 15:14:32 epiderme pptpd[13058]: GRE: accepting packet #0 Nov 27 15:14:32 epiderme pppd[13059]: rcvd [LCP ConfReq id=0x0 <mru 1400> <magic 0x31fa2cf6> <pcomp> <accomp> <callback CBCP>] Nov 27 15:14:32 epiderme pppd[13059]: sent [LCP ConfRej id=0x0 <callback CBCP>] Nov 27 15:14:32 epiderme pptpd[13058]: GRE: accepting packet #1 Nov 27 15:14:32 epiderme pppd[13059]: rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x35f8d0db> <pcomp> <accomp>] Nov 27 15:14:32 epiderme pptpd[13058]: GRE: accepting packet #2 Nov 27 15:14:32 epiderme pppd[13059]: rcvd [LCP ConfReq id=0x1 <mru 1400> <magic 0x31fa2cf6> <pcomp> <accomp>] Nov 27 15:14:32 epiderme pppd[13059]: sent [LCP ConfAck id=0x1 <mru 1400> <magic 0x31fa2cf6> <pcomp> <accomp>] Nov 27 15:14:32 epiderme pppd[13059]: sent [LCP EchoReq id=0x0 magic=0x35f8d0db] Nov 27 15:14:32 epiderme pppd[13059]: sent [CHAP Challenge id=0x43 <8643b88179a03fce2ca15689bf84147b>, name = "pptpd"] Nov 27 15:14:32 epiderme pptpd[13058]: GRE: accepting packet #3 Nov 27 15:14:32 epiderme pptpd[13058]: GRE: accepting packet #4 Nov 27 15:14:32 epiderme pptpd[13058]: GRE: accepting packet #5 Nov 27 15:14:32 epiderme pppd[13059]: rcvd [LCP Ident id=0x2 magic=0x31fa2cf6 "MSRASV5.10"] Nov 27 15:14:32 epiderme pppd[13059]: rcvd [LCP Ident id=0x3 magic=0x31fa2cf6 "MSRAS-0-MOLAR"] Nov 27 15:14:32 epiderme pppd[13059]: rcvd [LCP EchoRep id=0x0 magic=0x31fa2cf6] Nov 27 15:14:32 epiderme pptpd[13058]: GRE: accepting packet #6 Nov 27 15:14:32 epiderme pppd[13059]: rcvd [CHAP Response id=0x43 <318ca3c0e7f2e099a1f93ed8ca10717e00000000000000006b76deecbf9b1bd51ccc27f8183335f703835d5f6589e20400>, name = "douglas"] Nov 27 15:14:32 epiderme pppd[13059]: rc_avpair_new: unknown attribute 6 Nov 27 15:14:32 epiderme pppd[13059]: rc_avpair_new: unknown attribute 7 Nov 27 15:14:32 epiderme pppd[13059]: rc_avpair_new: unknown attribute 1 Nov 27 15:14:32 epiderme pppd[13059]: rc_avpair_new: unknown attribute 4 Nov 27 15:14:32 epiderme pppd[13059]: Peer douglas failed CHAP authentication Nov 27 15:14:32 epiderme pppd[13059]: sent [CHAP Failure id=0x43 ""] Nov 27 15:14:32 epiderme pppd[13059]: sent [LCP TermReq id=0x2 "Authentication failed"] Nov 27 15:14:32 epiderme pptpd[13058]: GRE: accepting packet #7 Nov 27 15:14:32 epiderme pppd[13059]: rcvd [LCP TermAck id=0x2 "Authentication failed"] Nov 27 15:14:32 epiderme pppd[13059]: Connection terminated. Nov 27 15:14:32 epiderme pppd[13059]: Exit. Nov 27 15:14:32 epiderme pptpd[13058]: GRE: read(fd=6,buffer=8058640,len=8196) from PTY failed: status = -1 error = Input/output error, usually caused by unexpected termination of pppd, check option syntax and pppd logs Nov 27 15:14:32 epiderme pptpd[13058]: CTRL: PTY read or GRE write failed (pty,gre)=(6,7) Nov 27 15:14:32 epiderme pptpd[13058]: CTRL: Reaping child PPP[13059] Nov 27 15:14:32 epiderme pptpd[13058]: CTRL: Client 150.162.67.54 control connection finished Nov 27 15:14:32 epiderme pptpd[13058]: CTRL: Exiting now Nov 27 15:14:32 epiderme pptpd[13024]: MGR: Reaped child 13058 -- So, the problem persist: Nov 27 15:10:43 epiderme pppd[13043]: rc_avpair_new: unknown attribute 6 Nov 27 15:10:43 epiderme pppd[13043]: rc_avpair_new: unknown attribute 7 Nov 27 15:10:43 epiderme pppd[13043]: rc_avpair_new: unknown attribute 1 Nov 27 15:10:43 epiderme pppd[13043]: rc_avpair_new: unknown attribute 4 And: Nov 27 15:14:32 epiderme pptpd[13058]: GRE: read(fd=6,buffer=8058640,len=8196) from PTY failed: status = -1 error = Input/output error, usually caused by unexpected termination of pppd, check option syntax and pppd logs Nov 27 15:14:32 epiderme pptpd[13058]: CTRL: PTY read or GRE write failed (pty,gre)=(6,7) What you think? I put de dictionaries here to you look it: (dictionary.microsoft) -- # # Microsoft's VSA's, from RFC 2548 # # $Id: dictionary.microsoft,v 1.1 2002/03/06 13:23:09 dfs Exp $ # VENDOR Microsoft 311 Microsoft ATTRIBUTE MS-CHAP-Response 1 string Microsoft ATTRIBUTE MS-CHAP-Error 2 string Microsoft ATTRIBUTE MS-CHAP-CPW-1 3 string Microsoft ATTRIBUTE MS-CHAP-CPW-2 4 string Microsoft ATTRIBUTE MS-CHAP-LM-Enc-PW 5 string Microsoft ATTRIBUTE MS-CHAP-NT-Enc-PW 6 string Microsoft ATTRIBUTE MS-MPPE-Encryption-Policy 7 string Microsoft # This is referred to as both singular and plural in the RFC. # Plural seems to make more sense. ATTRIBUTE MS-MPPE-Encryption-Type 8 string Microsoft ATTRIBUTE MS-MPPE-Encryption-Types 8 string Microsoft ATTRIBUTE MS-RAS-Vendor 9 integer Microsoft ATTRIBUTE MS-CHAP-Domain 10 string Microsoft ATTRIBUTE MS-CHAP-Challenge 11 string Microsoft ATTRIBUTE MS-CHAP-MPPE-Keys 12 string Microsoft ATTRIBUTE MS-BAP-Usage 13 integer Microsoft ATTRIBUTE MS-Link-Utilization-Threshold 14 integer Microsoft ATTRIBUTE MS-Link-Drop-Time-Limit 15 integer Microsoft ATTRIBUTE MS-MPPE-Send-Key 16 string Microsoft ATTRIBUTE MS-MPPE-Recv-Key 17 string Microsoft ATTRIBUTE MS-RAS-Version 18 string Microsoft ATTRIBUTE MS-Old-ARAP-Password 19 string Microsoft ATTRIBUTE MS-New-ARAP-Password 20 string Microsoft ATTRIBUTE MS-ARAP-PW-Change-Reason 21 integer Microsoft ATTRIBUTE MS-Filter 22 string Microsoft ATTRIBUTE MS-Acct-Auth-Type 23 integer Microsoft ATTRIBUTE MS-Acct-EAP-Type 24 integer Microsoft ATTRIBUTE MS-CHAP2-Response 25 string Microsoft ATTRIBUTE MS-CHAP2-Success 26 string Microsoft ATTRIBUTE MS-CHAP2-CPW 27 string Microsoft ATTRIBUTE MS-Primary-DNS-Server 28 ipaddr Microsoft ATTRIBUTE MS-Secondary-DNS-Server 29 ipaddr Microsoft ATTRIBUTE MS-Primary-NBNS-Server 30 ipaddr Microsoft ATTRIBUTE MS-Secondary-NBNS-Server 31 ipaddr Microsoft #ATTRIBUTE MS-ARAP-Challenge 33 string Microsoft # # Integer Translations # # MS-BAP-Usage Values VALUE MS-BAP-Usage Not-Allowed 0 VALUE MS-BAP-Usage Allowed 1 VALUE MS-BAP-Usage Required 2 # MS-ARAP-Password-Change-Reason Values VALUE MS-ARAP-PW-Change-Reason Just-Change-Password 1 VALUE MS-ARAP-PW-Change-Reason Expired-Password 2 VALUE MS-ARAP-PW-Change-Reason Admin-Requires-Password-Change 3 VALUE MS-ARAP-PW-Change-Reason Password-Too-Short 4 # MS-Acct-Auth-Type Values VALUE MS-Acct-Auth-Type PAP 1 VALUE MS-Acct-Auth-Type CHAP 2 VALUE MS-Acct-Auth-Type MS-CHAP-1 3 VALUE MS-Acct-Auth-Type MS-CHAP-2 4 VALUE MS-Acct-Auth-Type EAP 5 # MS-Acct-EAP-Type Values VALUE MS-Acct-EAP-Type MD5 4 VALUE MS-Acct-EAP-Type OTP 5 VALUE MS-Acct-EAP-Type Generic-Token-Card 6 VALUE MS-Acct-EAP-Type TLS 13 ---- Thanks in advanced! Douglas On Thu, Nov 27, 2008 at 4:06 PM, Alexandre Chapellon < [EMAIL PROTECTED]> wrote: > > > Le 27.11.2008 07:17, Douglas Macedo a écrit : > > Hey TNT, > > On Thu, Nov 27, 2008 at 2:54 PM, <[EMAIL PROTECTED]> wrote: > >> >i force in WIndows Client to use only mschap2, but the problem continue: >> > >> >- >> >Module: Instantiated radutmp (radutmp) >> >Listening on authentication *:1812 >> >Listening on accounting *:1813 >> >Ready to process requests. >> >rad_recv: Access-Request packet from host 150.162.67.254:32858, id=109, >> >length=53 >> > Service-Type = Framed-User >> > Framed-Protocol = PPP >> > User-Name = "douglas" >> > NAS-IP-Address = 1.1.1.1 >> > NAS-Port = 0 >> >> This is nothing to do with freeradius. I don't see your NAS sending >> mschap attributes. >> > > How I can fix that? Where i configure that? > > >> >> >In PPTP debug show: >> > >> .. >> >Nov 27 11:35:39 epiderme pppd[12254]: rc_avpair_new: unknown attribute 11 >> >Nov 27 11:35:39 epiderme pppd[12254]: rc_avpair_new: unknown attribute 25 >> >> Has your radius client got mschap dictionary? >> > > I'm using the RadiusClient1 of Debian. > > -- > epiderme:/etc/radiusclient# ls -l > total 52 > -rw-r--r-- 1 root root 6502 2008-11-26 13:10 dictionary > -rw-r--r-- 1 root root 12388 2006-10-29 08:54 dictionary.ascend > -rw-r--r-- 1 root root 1517 2006-10-29 08:54 dictionary.compat > -rw-r--r-- 1 root root 599 2006-10-29 08:54 dictionary.merit > -rw-r--r-- 1 root root 135 2006-10-29 08:54 issue > -rw-r--r-- 1 root root 410 2006-10-29 08:54 port-id-map > -rw-r--r-- 1 root root 2630 2008-11-24 15:24 radiusclient.conf > -rwxr-xr-x 1 root root 2621 2008-11-24 13:33 radiusclient.conf.EPI > -rw------- 1 root root 272 2008-11-24 13:12 servers > -- > > > Copy microsoft dictionnary from your freeradius install to your pptp > server, and add it to the dictionnary list. > Additionnaly (this may not be related to your problem) having multiple > require-<protocols> in pptpd config is a non-sense, if you want to enable > multiples protocols for authentications, use +pap, +chap, +mschap.... > instead of require-... > > > > -- > epiderme:/etc/radiusclient# cat radiusclient.conf > auth_order radius,local > login_tries 4 > login_timeout 60 > nologin /etc/nologin > issue /etc/radiusclient/issue > authserver ldap.telemedicina.ufsc.br > acctserver ldap.telemedicina.ufsc.br > servers /etc/radiusclient/servers > dictionary /etc/radiusclient/dictionary > login_radius /usr/sbin/login.radius > seqfile /var/run/radius.seq > mapfile /etc/radiusclient/port-id-map > default_realm > radius_timeout 10 > radius_retries 3 > login_local /bin/login > -- > > > But I don't found the attributes to MS-CHAP: > > -- > epiderme:/etc/radiusclient# cat dictionary | grep MS-CHAP > epiderme:/etc/radiusclient# cat dictionary | grep MSCHAP > epiderme:/etc/radiusclient# cat dictionary | grep mschap > -- > > Just to CHAP: > > -- > epiderme:/etc/radiusclient# cat dictionary | grep -i chap > ATTRIBUTE CHAP-Password 3 string > ATTRIBUTE Chap-Challenge 60 string > -- > > That's correct? > > No you need MS-CHAP Attributes > > > Thanks a lot in advanced, > Douglas > > >> >> Ivan Kalik >> Kalik Informatika ISP >> >> - >> List info/subscribe/unsubscribe? See >> http://www.freeradius.org/list/users.html >> > > > > -- > Douglas Macedo > [EMAIL PROTECTED] > -- > Avalia-se a inteligência de um indivíduo pela quantidade de incertezas que > ele é capaz de suportar. > (Immanuel Kant) > > ------------------------------ > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > -- Douglas Macedo [EMAIL PROTECTED] -- Avalia-se a inteligência de um indivíduo pela quantidade de incertezas que ele é capaz de suportar. (Immanuel Kant)
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html