(RADIATOR) Rediator and VPN with poptop

Nuno Miguel Pais Fernandes npf at eurotux.com
Tue May 25 12:29:19 CDT 2004 

Hello,

I'm trying to put a radius server that can autenticate a user from
poptop vpn server (pptp with mppe)

Anyone has this working?

Thanks
Nuno Fernandes

My conf has:

#VPN
<Handler Client-Identifier=VPN>
        RewriteUsername s/^([^@]+).*/$1/
        UsernameCharset a-zA-Z0-9\._\@-
        AuthByPolicy ContinueUntilAccept
        AuthBy authby_FILE_vpn
        AuthLog log_LocalUsers
</Handler>

Log from radiator file:

Tue May 25 18:13:20 2004: DEBUG: Packet dump:
*** Received from 194.38.142.74 port 32786 ....

Packet length = 135
01 79 00 87 91 7d 07 e9 1c be 07 97 dd 1a 52 59
76 51 d9 cf 06 06 00 00 00 02 07 06 00 00 00 01
01 09 65 75 72 6f 74 75 78 1a 18 00 00 01 37 0b
12 09 ce 64 1e 05 20 dc f4 af c6 15 4e 70 01 30
17 1a 3a 00 00 01 37 19 34 be 00 c8 2b 2b 3c 81
cf d6 6e 79 b2 a7 2d f6 08 37 1b 00 00 00 00 00
00 00 00 7e 7f d4 88 96 92 60 e1 a4 47 2d 1c 99
d8 0f e5 a7 14 6f 95 44 1d 63 23 04 06 7f 00 00
01 05 06 00 00 00 00
Code:       Access-Request
Identifier: 121
Authentic:  <145>}<7><233><28><190><7><151><221><26>RYvQ<217><207>
Attributes:
        Service-Type = Framed-User
        Framed-Protocol = PPP
        User-Name = "XXXXXXXXXX"
        MS-CHAP-Challenge = "<9><206>d<30><5>
<220><244><175><198><21>Np<1>0<23>
"
        MS-CHAP2-Response =
"<190><0><200>++<<129><207><214>ny<178><167>-<246><8
>7<27><0><0><0><0><0><0><0><0>~<127><212><136><150><146>`<225><164>G-<28><153><2
16><15><229><167><20>o<149>D<29>c#"
        NAS-IP-Address = 127.0.0.1
        NAS-Port = 0

Tue May 25 18:13:20 2004: DEBUG: Handling request with Handler
'Client-Identifie
r=Eurotux'
Tue May 25 18:13:20 2004: DEBUG: Rewrote user name to XXXXXXXXX

Tue May 25 18:13:20 2004: DEBUG: Handling with Radius::AuthFILE:
authby_FILE_vpn
Tue May 25 18:13:20 2004: DEBUG: Radius::AuthFILE looks for match with
VPN
Tue May 25 18:13:20 2004: DEBUG: Radius::AuthFILE ACCEPT:
Tue May 25 18:13:20 2004: DEBUG: Access accepted for XXXXXXXX
Tue May 25 18:13:20 2004: DEBUG: Packet dump:
*** Sending to 194.38.142.74 port 32786 ....

Packet length = 71
02 79 00 47 8c c0 e4 35 9a 53 1a c3 42 b8 f7 58
e4 55 6d d4 1a 33 00 00 01 37 1a 2d be 53 3d 33
36 33 37 30 37 39 42 42 30 36 35 34 33 45 32 35
37 33 30 44 43 39 32 30 32 38 34 45 30 44 45 31
44 36 36 33 43 41 32
Code:       Access-Accept
Identifier: 121
Authentic:  <145>}<7><233><28><190><7><151><221><26>RYvQ<217><207>
Attributes:
        MS-CHAP2-Success =
"<190>S=3637079BB06543E25730DC920284E0DE1D663CA2"


Log from poptop:
May 25 18:07:23 fw pptpd[14687]: MGR: Launching
/servicos/vpnd//sbin/pptpctrl to handle client
May 25 18:07:23 fw pptpd[14687]: CTRL: local address = 10.0.6.2
May 25 18:07:23 fw pptpd[14687]: CTRL: remote address = 10.0.7.2
May 25 18:07:23 fw pptpd[14687]: CTRL: pppd speed = 115200
May 25 18:07:23 fw pptpd[14687]: CTRL: pppd options file =
/etc/ppp/options
May 25 18:07:23 fw pptpd[14687]: CTRL: Client 10.10.10.12 control
connection started
May 25 18:07:23 fw pptpd[14687]: CTRL: Received PPTP Control Message
(type: 1)
May 25 18:07:23 fw pptpd[14687]: CTRL: Made a START CTRL CONN RPLY
packet
May 25 18:07:23 fw pptpd[14687]: CTRL: I wrote 156 bytes to the client.
............
............
May 25 18:07:23 fw pppd[14688]: Plugin radius.so loaded.
May 25 18:07:23 fw pppd[14688]: RADIUS plugin initialized.
............
May 25 18:07:25 fw pppd[14688]: rcvd [CHAP Response id=0xbe
<c82b2b3c81cfd66e79b2a72df608371b0000000000000
0007e7fd488969260e1a4472d1c99d80fe5a7146f95441d632300>, name =
"XXXXXXXX"]
May 25 18:07:25 fw pppd[14688]: sent [CHAP Success id=0xbe
"S=3637079BB06543E25730DC920284E0DE1D663CA2"]
May 25 18:07:25 fw pppd[14688]: MPPE required, but keys are not
available.  Possible plugin problem?
May 25 18:07:25 fw pppd[14688]: sent [LCP TermReq id=0x4 "MPPE required
but not available"]
May 25 18:07:25 fw pppd[14688]: rcvd [CCP ConfReq id=0x5 <mppe +H +M +S
+L -D +C>]
May 25 18:07:25 fw pppd[14688]: Discarded non-LCP packet when LCP not
open


-- 
Nuno Miguel Pais Fernandes <npf at eurotux.com>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://www.open.com.au/pipermail/radiator/attachments/20040525/62bc1f6f/attachment.bin>

More information about the radiator mailing list