DLink DI-604 --> mpd+utm_radius

[Harchiperonec]

Есть UTM5 + MPD + UTM_Radius
Клиенты WinХР, win98se, Win2k без проблем авторизуются и (почти) все замечательно работает, но авторизация pap chap с дешевых минироутеров проходит только в случае mpd.secret!
При авторизации по радиусу mpd выдает следущее:
-----------------------------------------------
[pptp9:pptp9] mpd: PPTP connection from 192.168.9.79:65534
pptp0: attached to connection with 192.168.9.79:65534
[pptp0] IFACE: Open event
[pptp0] IPCP: Open event
[pptp0] IPCP: state change Initial --> Starting
[pptp0] IPCP: LayerStart
[pptp0] IPCP: Open event
[pptp0] bundle: OPEN event in state CLOSED
[pptp0] opening link "pptp0"...
[pptp0] link: OPEN event
[pptp0] LCP: Open event
[pptp0] LCP: state change Initial --> Starting
[pptp0] LCP: LayerStart
[pptp0] device: OPEN event in state DOWN
[pptp0] attaching to peer's outgoing call
[pptp0] device is now in state OPENING
[pptp0] device: UP event in state OPENING
[pptp0] device is now in state UP
[pptp0] link: UP event
[pptp0] link: origination is remote
[pptp0] LCP: Up event
[pptp0] LCP: state change Starting --> Req-Sent
[pptp0] LCP: phase shift DEAD --> ESTABLISH
[pptp0] LCP: SendConfigReq #5
ACFCOMP
PROTOCOMP
MRU 1500
MAGICNUM 816270d4
AUTHPROTO CHAP MSOFTv2
[pptp0] LCP: rec'd Configure Nak #5 link 0 (Req-Sent)
AUTHPROTO CHAP MSOFT
[pptp0] LCP: SendConfigReq #6
ACFCOMP
PROTOCOMP
MRU 1500
MAGICNUM 816270d4
AUTHPROTO CHAP MSOFT
[pptp0] LCP: rec'd Configure Reject #6 link 0 (Req-Sent)
ACFCOMP
PROTOCOMP
[pptp0] LCP: SendConfigReq #7
MRU 1500
MAGICNUM 816270d4
AUTHPROTO CHAP MSOFT
[pptp0] LCP: rec'd Configure Ack #7 link 0 (Req-Sent)
MRU 1500
MAGICNUM 816270d4
AUTHPROTO CHAP MSOFT
[pptp0] LCP: state change Req-Sent --> Ack-Rcvd
[pptp0] LCP: rec'd Configure Request #29 link 0 (Ack-Rcvd)
MRU 1460
MAGICNUM 14aec900
[pptp0] LCP: SendConfigAck #29
MRU 1460
MAGICNUM 14aec900
[pptp0] LCP: state change Ack-Rcvd --> Opened
[pptp0] LCP: phase shift ESTABLISH --> AUTHENTICATE
[pptp0] LCP: auth: peer wants nothing, I want CHAP
[pptp0] CHAP: sending CHALLENGE
[pptp0] LCP: LayerUp
[pptp0] CHAP: rec'd RESPONSE #1
Name: "garik"
[pptp0] RADIUS: using /etc/radius.conf
[pptp0] RADIUS: RadiusAddServer Adding 192.168.0.1
[pptp0] RADIUS: RadiusPutAuth: RADIUS_CHAP (MSOFTv1) peer name: garik
[pptp0] RADIUS: RadiusSendRequest: RAD_ACCESS_REJECT for user garik
[pptp0] RADIUS: RadiusGetParams: RAD_REPLY_MESSAGE: Authorization failed.
Peer name: "garik"
mpd: fopen(/usr/local/etc/mpd/mpd.secret): No such file or directory
mpd: can't open file "/usr/local/etc/mpd/mpd.secret"
Can't get credentials for "garik"
[pptp0] CHAP: sending FAILURE
[pptp0] LCP: authorization failed
[pptp0] device: CLOSE event in state UP
pptp0-0: clearing call
pptp0-0: killing channel
[pptp0] PPTP call terminated
[pptp0] IFACE: Close event
[pptp0] IPCP: Close event
[pptp0] IPCP: state change Starting --> Initial
[pptp0] IPCP: LayerFinish
[pptp0] IFACE: Close event
pptp0: closing connection with 192.168.9.79:65534
[pptp0] IFACE: Close event
[pptp0] device is now in state CLOSING
[pptp0] LCP: rec'd Terminate Request #30 link 0 (Opened)
[pptp0] LCP: state change Opened --> Stopping
[pptp0] LCP: phase shift AUTHENTICATE --> TERMINATE
[pptp0] LCP: SendTerminateAck #8
[pptp0] error writing len 8 frame to bypass: Network is down
[pptp0] LCP: LayerDown
[pptp0] bundle: CLOSE event in state OPENED
[pptp0] closing link "pptp0"...
[pptp0] device: DOWN event in state CLOSING
[pptp0] device is now in state DOWN
[pptp0] link: CLOSE event
[pptp0] LCP: Close event
[pptp0] LCP: state change Stopping --> Closing
[pptp0] device: DOWN event in state DOWN
[pptp0] device is now in state DOWN
[pptp0] link: DOWN event
[pptp0] LCP: Down event
[pptp0] LCP: LayerFinish
[pptp0] LCP: state change Closing --> Initial
[pptp0] LCP: phase shift TERMINATE --> DEAD
[pptp0] link: DOWN event
[pptp0] LCP: Down event
[pptp0] device: CLOSE event in state DOWN
[pptp0] device is now in state DOWN
pptp0: no reply to StopCtrlConnRequest after 3 sec
pptp0: killing connection with 192.168.9.79:65534
-------------------------------------------------------------

Объяснять счастливым обладателям минроутеров, (у которых есть поддержка впн), что мол реализация мсчап их убогих устройств не подходит для работы с нашим "МЕГА-ВПН" сервером, не годится!
PopTop как решение не предлагать!
Необходимо решение проблемы в существующей связке! Вобщем ХЕЛП если кто знает!

[aospan]

Судя по логу:

[pptp0] RADIUS: RadiusAddServer Adding 192.168.0.1
[pptp0] RADIUS: RadiusPutAuth: RADIUS_CHAP (MSOFTv1) peer name: garik
[pptp0] RADIUS: RadiusSendRequest: RAD_ACCESS_REJECT for user garik
[pptp0] RADIUS: RadiusGetParams: RAD_REPLY_MESSAGE: Authorization failed.

идет попытка использовать MSCHAPv1 (строка из лога - RADIUS_CHAP (MSOFTv1) ). Данная схема авторизации не поддерживается нашим радиусом. Попробуйте настроить железку на использование MSCHAPv2 либо просто CHAP либо в крайнем случае PAP.
Можно еще EAP-MD5 ...

[Spar]

Объяснять счастливым обладателям минроутеров, (у которых есть поддержка впн), что мол реализация мсчап их убогих устройств не подходит для работы с нашим "МЕГА-ВПН" сервером, не годится!
PopTop как решение не предлагать!
Необходимо решение проблемы в существующей связке! Вобщем ХЕЛП если кто знает!

на днях настраивал как раз такую железку (убогая она,блин).. у меня она подключилась с первого раза (по pptp естественно )

во-первых прошей самой свежей прошивкой... во-вторых, если чего могу показать свой конфиг эмпэдэшный

[Harchiperonec]

aospan сенкс за наводку. Впринципе все виды авторизации, которые поддерживает УТМ были включены, но подобные клиенты упорно пытались использовать мсчап-в1. В результате изменения порядка расположения опций описывающих алгоритмы шифрования все заработало.
Правда появилась другая проблема, но это будет уже другой топик

[avegad]

тоже DI-604, но в логах другое

mpd.log

Код: Выделить всё

Feb 18 10:31:07 vpn mpd: [L-58] Link: OPEN event
Feb 18 10:31:07 vpn mpd: [L-58] LCP: Open event
Feb 18 10:31:07 vpn mpd: [L-58] LCP: state change Initial --> Starting
Feb 18 10:31:07 vpn mpd: [L-58] LCP: LayerStart
Feb 18 10:31:07 vpn mpd: [L-58] PPTP: attaching to peer's outgoing call
Feb 18 10:31:07 vpn mpd: [L-58] Link: UP event
Feb 18 10:31:07 vpn mpd: [L-58] Link: origination is remote
Feb 18 10:31:07 vpn mpd: [L-58] LCP: Up event
Feb 18 10:31:07 vpn mpd: [L-58] LCP: state change Starting --> Req-Sent
Feb 18 10:31:07 vpn mpd: [L-58] LCP: SendConfigReq #1
Feb 18 10:31:07 vpn mpd: [L-58]   ACFCOMP
Feb 18 10:31:07 vpn mpd: [L-58]   PROTOCOMP
Feb 18 10:31:07 vpn mpd: [L-58]   MRU 1500
Feb 18 10:31:07 vpn mpd: [L-58]   MAGICNUM 1c810780
Feb 18 10:31:07 vpn mpd: [L-58]   AUTHPROTO CHAP MSOFTv2
Feb 18 10:31:07 vpn mpd: [L-58]   MP MRRU 2048
Feb 18 10:31:07 vpn mpd: [L-58]   MP SHORTSEQ
Feb 18 10:31:07 vpn mpd: [L-58]   ENDPOINTDISC [802.1] 00 1d 92 21 20 0a
Feb 18 10:31:07 vpn mpd: [L-58] LCP: rec'd Configure Nak #1 (Req-Sent)
Feb 18 10:31:07 vpn mpd: [L-58]   AUTHPROTO CHAP MSOFT
Feb 18 10:31:07 vpn mpd: [L-58] LCP: SendConfigReq #2
Feb 18 10:31:07 vpn mpd: [L-58]   ACFCOMP
Feb 18 10:31:07 vpn mpd: [L-58]   PROTOCOMP
Feb 18 10:31:07 vpn mpd: [L-58]   MRU 1500
Feb 18 10:31:07 vpn mpd: [L-58]   MAGICNUM 1c810780
Feb 18 10:31:07 vpn mpd: [L-58]   AUTHPROTO CHAP MSOFT
Feb 18 10:31:07 vpn mpd: [L-58]   MP MRRU 2048
Feb 18 10:31:07 vpn mpd: [L-58]   MP SHORTSEQ
Feb 18 10:31:07 vpn mpd: [L-58]   ENDPOINTDISC [802.1] 00 1d 92 21 20 0a
Feb 18 10:31:07 vpn mpd: [L-58] LCP: rec'd Configure Reject #2 (Req-Sent)
Feb 18 10:31:07 vpn mpd: [L-58]   PROTOCOMP
Feb 18 10:31:07 vpn mpd: [L-58]   MP MRRU 2048
Feb 18 10:31:07 vpn mpd: [L-58]   MP SHORTSEQ
Feb 18 10:31:07 vpn mpd: [L-58]   ENDPOINTDISC [802.1] 00 1d 92 21 20 0a
Feb 18 10:31:07 vpn mpd: [L-58] LCP: SendConfigReq #3
Feb 18 10:31:07 vpn mpd: [L-58]   ACFCOMP
Feb 18 10:31:07 vpn mpd: [L-58]   MRU 1500
Feb 18 10:31:07 vpn mpd: [L-58]   MAGICNUM 1c810780
Feb 18 10:31:07 vpn mpd: [L-58]   AUTHPROTO CHAP MSOFT
Feb 18 10:31:07 vpn mpd: [L-58] LCP: rec'd Configure Ack #3 (Req-Sent)
Feb 18 10:31:07 vpn mpd: [L-58]   ACFCOMP
Feb 18 10:31:07 vpn mpd: [L-58]   MRU 1500
Feb 18 10:31:07 vpn mpd: [L-58]   MAGICNUM 1c810780
Feb 18 10:31:07 vpn mpd: [L-58]   AUTHPROTO CHAP MSOFT
Feb 18 10:31:07 vpn mpd: [L-58] LCP: state change Req-Sent --> Ack-Rcvd
Feb 18 10:31:09 vpn mpd: [L-58] LCP: rec'd Configure Request #1 (Ack-Rcvd)
Feb 18 10:31:09 vpn mpd: [L-58]   MRU 1460
Feb 18 10:31:09 vpn mpd: [L-58]   MAGICNUM a2170000
Feb 18 10:31:09 vpn mpd: [L-58] LCP: SendConfigAck #1
Feb 18 10:31:09 vpn mpd: [L-58]   MRU 1460
Feb 18 10:31:09 vpn mpd: [L-58]   MAGICNUM a2170000
Feb 18 10:31:09 vpn mpd: [L-58] LCP: state change Ack-Rcvd --> Opened
Feb 18 10:31:09 vpn mpd: [L-58] LCP: auth: peer wants nothing, I want CHAP
Feb 18 10:31:09 vpn mpd: [L-58] CHAP: sending CHALLENGE #1 len: 13
Feb 18 10:31:09 vpn mpd: [L-58] LCP: LayerUp
Feb 18 10:31:09 vpn mpd: [L-58] CHAP: rec'd RESPONSE #1 len: 61
Feb 18 10:31:09 vpn mpd: [L-58]   Name: "luxer74"
Feb 18 10:31:09 vpn mpd: [L-58] AUTH: Trying RADIUS
Feb 18 10:31:09 vpn mpd: [L-58] RADIUS: Authenticating user 'luxer74'
Feb 18 10:31:09 vpn mpd: [L-58] RADIUS: Rec'd RAD_ACCESS_REJECT for user luxer74
Feb 18 10:31:09 vpn mpd: [L-58] AUTH: RADIUS returned: failed
Feb 18 10:31:09 vpn mpd: [L-58] AUTH: Trying INTERNAL
Feb 18 10:31:09 vpn mpd: OpenConfFile: Can't open file '/usr/local/etc/mpd5/mpd.secret': No such file or directory
Feb 18 10:31:09 vpn mpd: [L-58] AUTH: User "luxer74" not found in secret file
Feb 18 10:31:09 vpn mpd: [L-58] AUTH: INTERNAL returned: failed
Feb 18 10:31:09 vpn mpd: [L-58] AUTH: ran out of backends
Feb 18 10:31:09 vpn mpd: [L-58] CHAP: Auth return status: failed
Feb 18 10:31:09 vpn mpd: [L-58] CHAP: Reply message: E=691 R=0 M=Login incorrect
Feb 18 10:31:09 vpn mpd: [L-58] CHAP: sending FAILURE #1 len: 31
Feb 18 10:31:09 vpn mpd: [L-58] LCP: authorization failed
Feb 18 10:31:09 vpn mpd: [L-58] LCP: parameter negotiation failed
Feb 18 10:31:09 vpn mpd: [L-58] LCP: state change Opened --> Stopping
Feb 18 10:31:09 vpn mpd: [L-58] LCP: SendTerminateReq #4
Feb 18 10:31:09 vpn mpd: [L-58] LCP: LayerDown
Feb 18 10:31:09 vpn mpd: [L-58] LCP: rec'd Terminate Request #2 (Stopping)
Feb 18 10:31:09 vpn mpd: [L-58] LCP: SendTerminateAck #5
Feb 18 10:31:09 vpn mpd: [L-58] LCP: rec'd Terminate Ack #4 (Stopping)
Feb 18 10:31:09 vpn mpd: [L-58] LCP: state change Stopping --> Stopped
Feb 18 10:31:09 vpn mpd: [L-58] LCP: LayerFinish
Feb 18 10:31:09 vpn mpd: [L-58] PPTP call terminated
Feb 18 10:31:09 vpn mpd: [L-58] Link: DOWN event
Feb 18 10:31:09 vpn mpd: [L-58] LCP: Close event
Feb 18 10:31:09 vpn mpd: [L-58] LCP: state change Stopped --> Closed
Feb 18 10:31:09 vpn mpd: [L-58] LCP: Down event
Feb 18 10:31:09 vpn mpd: [L-58] Link: DOWN event
Feb 18 10:31:09 vpn mpd: [L-58] LCP: Close event
Feb 18 10:31:09 vpn mpd: [L-58] LCP: state change Stopped --> Closed
Feb 18 10:31:09 vpn mpd: [L-58] LCP: Down event
Feb 18 10:31:09 vpn mpd: [L-58] LCP: state change Closed --> Initial
Feb 18 10:31:09 vpn mpd: [L-58] Link: SHUTDOWN event
Feb 18 10:31:09 vpn mpd: [L-58] Link: Shutdown
Feb 18 10:31:11 vpn mpd: [L-58] Accepting PPTP connection
Feb 18 10:31:11 vpn mpd: [L-58] Link: OPEN event
Feb 18 10:31:11 vpn mpd: [L-58] LCP: Open event
Feb 18 10:31:11 vpn mpd: [L-58] LCP: state change Initial --> Starting
Feb 18 10:31:11 vpn mpd: [L-58] LCP: LayerStart
Feb 18 10:31:11 vpn mpd: [L-58] PPTP: attaching to peer's outgoing call
Feb 18 10:31:11 vpn mpd: [L-58] Link: UP event
Feb 18 10:31:11 vpn mpd: [L-58] Link: origination is remote
Feb 18 10:31:11 vpn mpd: [L-58] LCP: Up event
Feb 18 10:31:11 vpn mpd: [L-58] LCP: state change Starting --> Req-Sent
Feb 18 10:31:11 vpn mpd: [L-58] LCP: SendConfigReq #1
Feb 18 10:31:11 vpn mpd: [L-58]   ACFCOMP
Feb 18 10:31:11 vpn mpd: [L-58]   PROTOCOMP
Feb 18 10:31:11 vpn mpd: [L-58]   MRU 1500
Feb 18 10:31:11 vpn mpd: [L-58]   MAGICNUM a4ca9d00
Feb 18 10:31:11 vpn mpd: [L-58]   AUTHPROTO CHAP MSOFTv2
Feb 18 10:31:11 vpn mpd: [L-58]   MP MRRU 2048
Feb 18 10:31:11 vpn mpd: [L-58]   MP SHORTSEQ
Feb 18 10:31:11 vpn mpd: [L-58]   ENDPOINTDISC [802.1] 00 1d 92 21 20 0a
Feb 18 10:31:11 vpn mpd: [L-58] LCP: rec'd Configure Nak #1 (Req-Sent)
Feb 18 10:31:11 vpn mpd: [L-58]   AUTHPROTO CHAP MSOFT
Feb 18 10:31:11 vpn mpd: [L-58] LCP: SendConfigReq #2
Feb 18 10:31:11 vpn mpd: [L-58]   ACFCOMP
Feb 18 10:31:11 vpn mpd: [L-58]   PROTOCOMP
Feb 18 10:31:11 vpn mpd: [L-58]   MRU 1500
Feb 18 10:31:11 vpn mpd: [L-58]   MAGICNUM a4ca9d00
Feb 18 10:31:11 vpn mpd: [L-58]   AUTHPROTO CHAP MSOFT
Feb 18 10:31:11 vpn mpd: [L-58]   MP MRRU 2048
Feb 18 10:31:11 vpn mpd: [L-58]   MP SHORTSEQ
Feb 18 10:31:11 vpn mpd: [L-58]   ENDPOINTDISC [802.1] 00 1d 92 21 20 0a
Feb 18 10:31:11 vpn mpd: [L-58] LCP: rec'd Configure Reject #2 (Req-Sent)
Feb 18 10:31:11 vpn mpd: [L-58]   PROTOCOMP
Feb 18 10:31:11 vpn mpd: [L-58]   MP MRRU 2048
Feb 18 10:31:11 vpn mpd: [L-58]   MP SHORTSEQ
Feb 18 10:31:11 vpn mpd: [L-58]   ENDPOINTDISC [802.1] 00 1d 92 21 20 0a
Feb 18 10:31:11 vpn mpd: [L-58] LCP: SendConfigReq #3
Feb 18 10:31:11 vpn mpd: [L-58]   ACFCOMP
Feb 18 10:31:11 vpn mpd: [L-58]   MRU 1500
Feb 18 10:31:11 vpn mpd: [L-58]   MAGICNUM a4ca9d00
Feb 18 10:31:11 vpn mpd: [L-58]   AUTHPROTO CHAP MSOFT
Feb 18 10:31:12 vpn mpd: [L-58] LCP: rec'd Configure Ack #3 (Req-Sent)
Feb 18 10:31:12 vpn mpd: [L-58]   ACFCOMP
Feb 18 10:31:12 vpn mpd: [L-58]   MRU 1500
Feb 18 10:31:12 vpn mpd: [L-58]   MAGICNUM a4ca9d00
Feb 18 10:31:12 vpn mpd: [L-58]   AUTHPROTO CHAP MSOFT
Feb 18 10:31:12 vpn mpd: [L-58] LCP: state change Req-Sent --> Ack-Rcvd

radius_debug.log

Код: Выделить всё

?Debug &#58; Feb 18 10&#58;30&#58;35 AuthServer&#58; User <luxer74> connecting
?Debug &#58; Feb 18 10&#58;30&#58;35 AuthServer&#58; Session for <luxer74> found in <172.18.1.3> cache
?Debug &#58; Feb 18 10&#58;30&#58;35 AuthServer&#58; Session timeout for <luxer74> exceeded.
?Debug &#58; Feb 18 10&#58;30&#58;35 RADIUS DBA&#58; Info for login <luxer74> found. type <1>
 Notice&#58; Feb 18 10&#58;30&#58;35 AuthServer&#58; Login incorrect <luxer74> from NAS <172.18.1.3> CLID <>
 Notice&#58; Feb 18 10&#58;30&#58;35 AuthServer&#58; Authorization failed for user <luxer74>

Есть варианты куда копать?