IP-POOL STATIC RADIUS

Radius related questions
Post Reply
mmateuslima
Posts: 7
Joined: 03 Jul 2017, 21:35

IP-POOL STATIC RADIUS

Post by mmateuslima »

Hi, I'm using IP-POOL via accel with client authenticating via RADIUS, but when I put a fixed ip on the client to receive via radius it does not authenticate.
Any way to work?
Customers without fixed ip receive pool via accel, and fixed ip clients receive ip through RADIUS.
Thanks.
Dmitry
Администратор
Posts: 954
Joined: 09 Oct 2014, 10:06

Re: IP-POOL STATIC RADIUS

Post by Dmitry »

hi
attach connection log
mmateuslima
Posts: 7
Joined: 03 Jul 2017, 21:35

Re: IP-POOL STATIC RADIUS

Post by mmateuslima »

accel-ppp.log

[2017-07-20 10:23:11]: warn: eth4: radius:packet: vendor 26 not found
[2017-07-20 10:23:11]: warn: eth4: radius:packet: vendor 26 not found
[2017-07-20 10:23:11]: info: ppp1: connect: ppp1 <--> pppoe(4C:5E:0C:D9:46:48)
[2017-07-20 10:23:11]: info: ppp1: mmateuslima: authentication succeeded
[2017-07-20 10:23:11]: info: ppp1: pppd_compat: ip-pre-up started (pid 9367)
[2017-07-20 10:23:11]: info: ppp1: pppd_compat: ip-pre-up finished (0)
[2017-07-20 10:23:11]: info: ppp1: pppd_compat: ip-up started (pid 9401)
[2017-07-20 10:23:12]: info: ppp1: pppd_compat: ip-up finished (0)

LOG RADIUS SERVER -- ACCEL
Info: Existing IP :192.168.100.2 (did 84:44:64:2F:07:13 cli 4C:5E:0C:D9:46:48 port user mmateuslima)

LOG RADIUS SERVER -- MIKROTIK
Info: Released IP 192.168.100.2 (did SERVICEPPP cli 64:3B:6B:7B:0B:7E user mmateuslima)

MY ACCEL-PPP.CONF

[modules]
ippool
log_file
log_syslog
pppoe
auth_chap_md5
auth_pap
radius
pppd_compat
shaper

[common]
#single-session=replace
sid-case=upper

[pppoe]
ac-name=NET
verbose=0
sid-uppercase=1
pado-delay=0,10:10,50:50,100:100,-1:500
mppe=deny
interface=eth0

[dns]
dns1=186.232.16.18
dns2=186.232.16.20

[radius]
gw-ip-address=172.16.16.198
server=X.X.X.X,SECRET,auth-port=1812,acct-port=1813,req-limit=50,fail-timeout=0,max-fail=10,weight=1
acct-timeout=1500
verbose=0

[log]
log-file=/var/log/accel-ppp/accel-ppp.log
log-emerg=/var/log/accel-ppp/emerg.log
log-fail-file=/var/log/accel-ppp/auth-fail.log
log-debug=/dev/stdout
copy=1
level=4

[log-pgsql]
conninfo=user=log
log-table=log

[ip-pool]
gw-ip-address=172.16.16.198
#vendor=Mikrotik
attr=Framed-Pool
#attr=Framed-IP-Address
10.0.10.1-8
10.0.11.1-23

[pppd-compat]
#ip-pre-up=/etc/ppp/ip-pre-up
ip-up=/etc/ppp/ip-up
ip-down=/etc/ppp/ip-down
ip-change=/etc/ppp/ip-change
radattr-prefix=/var/run/radattr
verbose=1

[shaper]
vendor=Mikrotik
attr=Mikrotik-Rate-Limit
rate-multiplier=0.001

[cli]
verbose=1
telnet=127.0.0.1:2000
tcp=127.0.0.1:2001


[accel-dp]
socket=/var/run/accel-dp.sock


Thanks.
Dmitry
Администратор
Posts: 954
Joined: 09 Oct 2014, 10:06

Re: IP-POOL STATIC RADIUS

Post by Dmitry »

this log is very quiet
please set:
[ppp]
verbose=1
[radius]
verbose=1
[pppoe]
verbose=1
[log]
level=5
mmateuslima
Posts: 7
Joined: 03 Jul 2017, 21:35

Re: IP-POOL STATIC RADIUS

Post by mmateuslima »

[2017-07-27 08:56:25]: debug: eth4: fsm timeout 9
[2017-07-27 08:56:25]: info: eth4: send [LCP ConfReq id=1 <auth CHAP-md5> <magic 327b23c6> <mru 1492>]
[2017-07-27 08:56:25]: info: eth4: recv [LCP ConfAck id=1 <auth CHAP-md5> <magic 327b23c6> <mru 1492>]
[2017-07-27 08:56:25]: debug: eth4: lcp_layer_started
[2017-07-27 08:56:25]: debug: eth4: auth_layer_start
[2017-07-27 08:56:25]: info: eth4: send [CHAP Challenge id=1 <d4eb364c4f3f24c7aaf54e3bc777cd54>]
[2017-07-27 08:56:25]: info: eth4: recv [CHAP Response id=1 <f0679ffabc029b17dbf05a5c6cfcc6>, name="mmateuslima"]
[2017-07-27 08:56:25]: debug: eth4: radius(1): req_enter 1
[2017-07-27 08:56:25]: info: eth4: send [RADIUS(1) Access-Request id=1 <User-Name "mmateuslima"> <NAS-Port-Type Virtual> <Service-Type Framed-User> <Framed-Protocol PPP> <Calling-Station-Id "4C:5E:0C:D9:46:48"> <Called-Station-Id "84:44:64:2F:07:13"> <CHAP-Challenge > <CHAP-Password >]
[2017-07-27 08:56:25]: debug: ppp0: recv [LCP EchoReq id=7 <magic 07f29456>]
[2017-07-27 08:56:25]: debug: ppp0: send [LCP EchoRep id=7 <magic 6b8b4567>]
[2017-07-27 08:56:25]: warn: eth4: radius:packet: vendor 26 not found
[2017-07-27 08:56:25]: warn: eth4: radius:packet: vendor 26 not found
[2017-07-27 08:56:25]: debug: eth4: radius(1): req_exit 0
[2017-07-27 08:56:25]: info: eth4: recv [RADIUS(1) Access-Accept id=1 <Framed-IP-Address 192.168.100.2> <Framed-Compression Van-Jacobson-TCP-IP> <Framed-Protocol PPP> <Service-Type Framed-User><Mikrotik Mikrotik-Rate-Limit "4000000/40000000 0/0 0/0 0/0 8 4000000/40000000"> <Vendor-Specific > <Vendor-Specific > <Acct-Interim-Interval 180>]
[2017-07-27 08:56:25]: info: ppp1: connect: ppp1 <--> pppoe(4C:5E:0C:D9:46:48)
[2017-07-27 08:56:25]: debug: ppp1: ppp connected
[2017-07-27 08:56:25]: info: ppp1: send [CHAP Success id=1 "Authentication succeeded"]
[2017-07-27 08:56:25]: debug: ppp1: auth_layer_started
[2017-07-27 08:56:25]: debug: ppp1: ccp_layer_start
[2017-07-27 08:56:25]: debug: ppp1: ipcp_layer_start
[2017-07-27 08:56:25]: debug: ppp1: ipv6cp_layer_start
[2017-07-27 08:56:25]: info: ppp1: mmateuslima: authentication succeeded
[2017-07-27 08:56:25]: info: ppp1: recv [IPCP ConfReq id=1f <addr 0.0.0.0> <dns1 0.0.0.0> <dns2 0.0.0.0>]
[2017-07-27 08:56:25]: info: ppp1: send [IPCP ConfReq id=1 <addr 172.16.16.198>]
[2017-07-27 08:56:25]: info: ppp1: send [IPCP ConfNak id=1f <addr 10.0.10.2> <dns1 8.8.8.8> <dns2 8.8.4.4>]
[2017-07-27 08:56:25]: info: ppp1: send [LCP ProtoRej id=3 <8281>]
[2017-07-27 08:56:25]: info: ppp1: recv [IPCP ConfAck id=1 <addr 172.16.16.198>]
[2017-07-27 08:56:25]: info: ppp1: recv [IPCP ConfReq id=20 <addr 10.0.10.2> <dns1 8.8.8.8> <dns2 8.8.4.4>]
[2017-07-27 08:56:25]: info: ppp1: send [IPCP ConfAck id=20]
[2017-07-27 08:56:25]: debug: ppp1: ipcp_layer_started
[2017-07-27 08:56:25]: debug: ppp1: radius(1): req_enter 1
[2017-07-27 08:56:25]: info: ppp1: send [RADIUS(1) Accounting-Request id=1 <User-Name "mmateuslima"> <NAS-Port 1> <NAS-Port-Id "ppp1"> <NAS-Port-Type Virtual> <Service-Type Framed-User> <Framed-Protocol PPP> <Calling-Station-Id "4C:5E:0C:D9:46:48"> <Called-Station-Id "84:44:64:2F:07:13"> <Acct-Status-Type Start> <Acct-Authentic RADIUS> <Acct-Session-Id "34D1887B213291B1"> <Acct-Session-Time 0> <Acct-Input-Octets 0> <Acct-Output-Octets 0> <Acct-Input-Packets 0> <Acct-Output-Packets 0> <Acct-Input-Gigawords 0> <Acct-Output-Gigawords 0> <Framed-IP-Address 10.0.10.2>]
[2017-07-27 08:56:25]: debug: ppp1: radius(1): req_exit 0
[2017-07-27 08:56:25]: info: ppp1: recv [RADIUS(1) Accounting-Response id=1]
[2017-07-27 08:56:25]: info: ppp1: pppd_compat: ip-pre-up started (pid 31419)
[2017-07-27 08:56:25]: info: ppp1: pppd_compat: ip-pre-up finished (0)
[2017-07-27 08:56:25]: debug: ppp1: pppoe: ppp started
[2017-07-27 08:56:25]: info: ppp1: pppd_compat: ip-up started (pid 31448)
[2017-07-27 08:56:26]: info: ppp1: pppd_compat: ip-up finished (0)


Thanks.
mmateuslima
Posts: 7
Joined: 03 Jul 2017, 21:35

Re: IP-POOL STATIC RADIUS

Post by mmateuslima »

In RADATTR.PPP1

Framed-IP-Address 192.168.100.2
Framed-Compression Van-Jacobson-TCP-IP
Framed-Protocol PPP
Service-Type Framed-User
Mikrotik-Rate-Limit 4000000/40000000 0/0 0/0 0/0 8 4000000/40000000
Vendor-Specific 0000372A0706003D0900
Vendor-Specific 0000372A080602625A00
Acct-Interim-Interval 180
Dmitry
Администратор
Posts: 954
Joined: 09 Oct 2014, 10:06

Re: IP-POOL STATIC RADIUS

Post by Dmitry »

move ippool module below radius like this:
[modules]
log_file
log_syslog
pppoe
auth_chap_md5
auth_pap
radius
pppd_compat
shaper
ippool
mmateuslima
Posts: 7
Joined: 03 Jul 2017, 21:35

Re: IP-POOL STATIC RADIUS

Post by mmateuslima »

My God, sometimes we worry about things so complex that we forget the simple ones, I did not pay attention to the module queue.

Thank you so much.
Post Reply