Здравствуйте.
У пользователя системная блокировка(отрицательный баланс), но при осуществления вызова, звонок проходит и списываются средства со счета. В логах radius появляется следующее:
?Debug : Aug 17 11:19:54 AuthServer: User <101> connecting
?Debug : Aug 17 11:19:54 AuthServer: Session for sessionid <101> not found in <192.168.0.1> cache
?Debug : Aug 17 11:19:54 RADIUS DBA: Info for login <101> found. type <3>
?Debug : Aug 17 11:19:54 RADIUS DBA: Password found for tel login:101
ERROR : Aug 17 11:19:54 AuthServer: Auth scheme not detected!
?Debug : Aug 17 11:19:54 AuthServer: Auth scheme: NULL
?Debug : Aug 17 11:19:54 AuthServer: NULL: 101: Empty password. Accepting
?Debug : Aug 17 11:19:54 AuthServer: Tel session limit:0 session count:0 for user:101
Info : Aug 17 11:19:54 UT: calc timeout
?Debug : Aug 17 11:19:54 AuthServer: Calculated maximum session time: 0 zoneid: 9 dir id: 1001008
?Debug : Aug 17 11:19:54 AuthServer: Zero session time
?Debug : Aug 17 11:19:54 AuthServer: Calling fill radius attributes for NAS. Attr storage size <0>
Notice: Aug 17 11:19:54 AuthServer: Login incorrect <101> from NAS <192.168.0.1> CLID <102> Calling-station <101>
?Debug : Aug 17 11:19:54 AuthServer: Auth reply: RPacket:
Code: 1; ID: 232
После чего идет Accounting.
Что можно сделать чтобы Radius не пропускал пользователей на которых стоит системная блокировка?
Проблема с Radius авторизацией
> grep vap /netup/utm5/radius5.cfgMakariy писал(а):radius_auth_vap=1
## Description: If the value is set, authorization of blocked users, whose
## logins are set in IP traffic service link, is disallowed.
## Possible values: 1
## Default value: authorization is allowed
## radius_auth_vap
radius_auth_vap=1
Конфиги я сразу все проверил.
UTM5 и radius перегружал.
Пакет приходящий от Radius UTM5
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
13:26:50.718829 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 145)
192.168.0.x.32951 > 192.168.0.y.radius: RADIUS, length: 117
Access Request (1), id: 0x02, Authenticator: 5c039baa8dff1add4e1392c48c774880
Service Type Attribute (6), length: 6, Value: Login
Vendor Specific Attribute (26), length: 38, Value: Vendor: Cisco (9)
Vendor Attribute: 24, Length: 30, Value: h323-conf-id=1282030010-272498
Username Attribute (1), length: 5, Value: 101
Calling Station Attribute (31), length: 5, Value: 101
Called Station Attribute (30), length: 5, Value: 102
Vendor Specific Attribute (26), length: 26, Value: Vendor: Cisco (9)
Vendor Attribute: 33, Length: 18, Value: h323-gw-id=0000000
NAS Port Attribute (5), length: 6, Value: 0
NAS IP Address Attribute (4), length: 6, Value: 192.168.0.x
13:26:50.719516 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 75)
192.168.0.y.radius > 192.168.0.x.32951: RADIUS, length: 47
Access Request (1), id: 0x02, Authenticator: 54b276bd9659b8d75a38fd06e750e1f5
Vendor Specific Attribute (26), length: 27, Value: Vendor: Cisco (9)
Vendor Attribute: 103, Length: 19, Value: h323-return-code=-5
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
13:26:50.718829 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 145)
192.168.0.x.32951 > 192.168.0.y.radius: RADIUS, length: 117
Access Request (1), id: 0x02, Authenticator: 5c039baa8dff1add4e1392c48c774880
Service Type Attribute (6), length: 6, Value: Login
Vendor Specific Attribute (26), length: 38, Value: Vendor: Cisco (9)
Vendor Attribute: 24, Length: 30, Value: h323-conf-id=1282030010-272498
Username Attribute (1), length: 5, Value: 101
Calling Station Attribute (31), length: 5, Value: 101
Called Station Attribute (30), length: 5, Value: 102
Vendor Specific Attribute (26), length: 26, Value: Vendor: Cisco (9)
Vendor Attribute: 33, Length: 18, Value: h323-gw-id=0000000
NAS Port Attribute (5), length: 6, Value: 0
NAS IP Address Attribute (4), length: 6, Value: 192.168.0.x
13:26:50.719516 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 75)
192.168.0.y.radius > 192.168.0.x.32951: RADIUS, length: 47
Access Request (1), id: 0x02, Authenticator: 54b276bd9659b8d75a38fd06e750e1f5
Vendor Specific Attribute (26), length: 27, Value: Vendor: Cisco (9)
Vendor Attribute: 103, Length: 19, Value: h323-return-code=-5