Radius fails

Radius related questions
Post Reply
shadow80
Posts: 3
Joined: 13 Jan 2017, 20:34

Radius fails

Post by shadow80 »

I have working radius authentication and it works good to time when accel-ppp server lose contact with radius server.
Is it posible to change the authentication to chap-secret automaticaly first and if it dont goes ok, check in radius database? Authentication from file chap-secrets works but I need to have working accounting too. Please help. Thx.
dimka88
Posts: 866
Joined: 13 Oct 2014, 05:51
Contact:

Re: Radius fails

Post by dimka88 »

Use 2nd radius auth and acct server on host with accel-ppp.
shadow80
Posts: 3
Joined: 13 Jan 2017, 20:34

Re: Radius fails

Post by shadow80 »

How the radius should be configured to authenticate client in time when accounting server don't works. Accounting serwer is in different location and when it's down or patch to it in not available, computers are not able to authenticate to localhost radius.

My full config file:

Code: Select all

[modules]
log_file
#log_syslog
#log_tcp
#log_pgsql

#pptp
#l2tp
pppoe
#ipoe

#auth_mschap_v2
#auth_mschap_v1
auth_chap_md5
#auth_pap


chap-secrets
radius
#ippool

pppd_compat

#shaper
#net-snmp
#logwtmp
#connlimit

#ipv6_nd
#ipv6_dhcp
#ipv6pool

[core]
log-error=/var/log/accel-ppp/core.log
thread-count=4

[common]
single-session=replace
sid-case=upper
#sid-source=seq

[ppp]
verbose=1
min-mtu=1280
mtu=1400
mru=1400
#accomp=deny
#pcomp=deny
ccp=0
#check-ip=0
mppe=deny
ipv4=require
ipv6=deny
ipv6-intf-id=0:0:0:1
ipv6-peer-intf-id=0:0:0:2
ipv6-accept-peer-intf-id=1
lcp-echo-timeout=120
lcp-echo-interval=30
lcp-echo-failure=3
unit-cache=1

[auth]
#any-login=0
#noauth=0

[pptp]
verbose=1
#echo-interval=30

[pppoe]
verbose=1
#ac-name=xxx
#service-name=netfiber
#pado-delay=0
#pado-delay=0,100:100,200:200,-1:500
called-sid=mac
#tr101=1
#padi-limit=0
#ip-pool=pppoe
#interface=eth1,padi-limit=1000
#sid-uppercase=0
interface=vlan666
interface=vlan100
interface=vlan110
interface=vlan112
interface=vlan120
interface=vlan130
interface=vlan140
interface=vlan150
interface=vlan160
interface=vlan170
interface=vlan172
interface=vlan180
interface=vlan190



[l2tp]
verbose=1
#dictionary=/usr/local/share/accel-ppp/l2tp/dictionary
#hello-interval=60
#timeout=60
#rtimeout=1
#rtimeout-cap=16
#retransmit=5
#recv-window=16
#host-name=accel-ppp
#dir300_quirk=0
#secret=
#dataseq=allow
#reorder-timeout=0
#ip-pool=l2tp

[ipoe]
verbose=1
username=ifname
#password=username
lease-time=600
max-lease-time=3600
#unit-cache=1000
#l4-redirect-table=4
#l4-redirect-ipset=l4
#l4-redirect-on-reject=300
#l4-redirect-ip-pool=pool1
shared=0
ifcfg=1
mode=L2
start=dhcpv4
#ip-unnumbered=1
#proxy-arp=0
#nat=0
#proto=100
#relay=10.10.10.10
#attr-dhcp-client-ip=DHCP-Client-IP-Address
#attr-dhcp-router-ip=DHCP-Router-IP-Address
#attr-dhcp-mask=DHCP-Mask
#attr-dhcp-lease-time=DHCP-Lease-Time
#attr-dhcp-opt82=DHCP-Option82
#attr-dhcp-opt82-remote-id=DHCP-Agent-Remote-Id
#attr-dhcp-opt82-circuit-id=DHCP-Agent-Circuit-Id
#attr-l4-redirect=L4-Redirect
#attr-l4-redirect-table=4
#attr-l4-redirect-ipset=l4-redirect
#local-net=192.168.0.0/16
#lua-file=/etc/accel-ppp.lua
#offer-delay=0,100:100,200:200,-1:1000
#vlan-mon=eth0,10-200
#vlan-timeout=60
#vlan-name=%I.%N
#ip-pool=ipoe
#idle-timeout=0
#session-timeout=0
#soft-terminate=0
#check-mac-change=1
#calling-sid=mac
interface=eth0


[dns]
dns1=8.8.8.8
dns2=8.8.4.4

[wins]
#wins1=172.16.0.1
#wins2=172.16.1.1

[radius]
dictionary=/usr/local/share/accel-ppp/radius/dictionary
nas-identifier=accel-ppp
nas-ip-address=111.222.33.44
gw-ip-address=192.168.100.1
acct-interim-interval=300
server=127.0.0.1,testing123,auth-port=1812,acct-port=0,req-limit=0,fail-time=0
server=191.24.84.43,TaPmn1,auth-port=1812,acct-port=1813,req-limit=0,fail-time=0
#dae-server=127.0.0.1:3799,testing123
verbose=1
#timeout=3
#max-try=3
acct-timeout=0
acct-delay-time=0

[client-ip-range]
10.0.0.0/8

[ip-pool]
gw-ip-address=192.168.0.1
#vendor=Cisco
#attr=Cisco-AVPair
attr=Framed-Pool
192.168.0.2-255
192.168.1.1-255,name=pool1
192.168.2.1-255,name=pool2
192.168.3.1-255,name=pool3
192.168.4.0/24

[log]
log-file=/var/log/accel-ppp/accel-ppp.log
log-emerg=/var/log/accel-ppp/emerg.log
log-fail-file=/var/log/accel-ppp/auth-fail.log
#log-debug=/dev/stdout
#syslog=accel-pppd,daemon
#log-tcp=127.0.0.1:3000
copy=1
#color=1
#per-user-dir=per_user
#per-session-dir=per_session
#per-session=1
level=3

[log-pgsql]
conninfo=user=log
log-table=log

[pppd-compat]
#ip-pre-up=/etc/ppp/ip-pre-up
ip-up=/etc/ppp/ip-up
ip-down=/etc/ppp/ip-down
ip-change=/etc/ppp/ip-change
radattr-prefix=/var/run/radattr
verbose=1

[chap-secrets]
gw-ip-address=192.168.100.1
chap-secrets=/etc/serwer/chap-secrets
#encrypted=0
#username-hash=md5

[shaper]
#attr=Filter-Id
#down-burst-factor=0.1
#up-burst-factor=1.0
#latency=50
#mpu=0
#mtu=0
#r2q=10
#quantum=1500
#moderate-quantum=1
#cburst=1534
#ifb=ifb0
up-limiter=police
down-limiter=tbf
#leaf-qdisc=sfq perturb 10
#leaf-qdisc=fq_codel [limit PACKETS] [flows NUMBER] [target TIME] [interval TIME] [quantum BYTES] [[no]ecn]
#rate-multiplier=1
#fwmark=1
verbose=1

[cli]
verbose=1
telnet=127.0.0.1:2000
tcp=127.0.0.1:2001
password=123

[snmp]
master=0
agent-name=accel-ppp

[connlimit]
limit=10/min
burst=3
timeout=60

[ipv6-pool]
fc00:0:1::/48,64
delegate=fc00:1::/36,48

[ipv6-dns]
#fc00:1::1
#fc00:1::2
#fc00:1::3
#dnssl=suffix1.local.net
#dnssl=suffix2.local.net.

[ipv6-dhcp]
verbose=1
pref-lifetime=604800
valid-lifetime=2592000
route-via-gw=1

Dmitry
Администратор
Posts: 954
Joined: 09 Oct 2014, 10:06

Re: Radius fails

Post by Dmitry »

start of accounting is mandatory, so if it isn't available new sessions won't start
but Interim-Update is not, you can set acct-timeout=0 in [radius] section and active sessions will continue to function even if accounting server isn't responding
Post Reply