korsakik Posted October 9, 2015 · Report post Здравствуйте! Случилось так что техподдержка биллинга голимая, а документация просто в хаотическом порядке представлена... Решил обновить сервер биллинга (Centos 6.6) yum update и обновился пакет freeradius, после чего он уже не запускался... Сначала была ошибка об отсутствии Perl, сейчас об eap модуле. radiusd -X radiusd: FreeRADIUS Version 2.2.6, for host x86_64-redhat-linux-gnu, built on Sep 22 2015 at 15:27:25 Copyright (C) 1999-2013 The FreeRADIUS server project and contributors. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License. For more information about these matters, see the file named COPYRIGHT. Starting - reading configuration files ... including configuration file /etc/raddb/radiusd.conf including files in directory /etc/raddb/modules/ including configuration file /etc/raddb/modules/checkval including configuration file /etc/raddb/modules/realm including configuration file /etc/raddb/modules/soh including configuration file /etc/raddb/modules/always including configuration file /etc/raddb/modules/pap including configuration file /etc/raddb/modules/sql_log including configuration file /etc/raddb/modules/otp including configuration file /etc/raddb/modules/detail including configuration file /etc/raddb/modules/radrelay including configuration file /etc/raddb/modules/cui including configuration file /etc/raddb/modules/rediswho including configuration file /etc/raddb/modules/inner-eap including configuration file /etc/raddb/modules/preprocess including configuration file /etc/raddb/modules/expr including configuration file /etc/raddb/modules/pam including configuration file /etc/raddb/modules/sqlcounter_expire_on_login including configuration file /etc/raddb/modules/ippool including configuration file /etc/raddb/modules/chap including configuration file /etc/raddb/modules/ntlm_auth including configuration file /etc/raddb/modules/acct_unique including configuration file /etc/raddb/modules/exec including configuration file /etc/raddb/modules/unix including configuration file /etc/raddb/modules/dynamic_clients including configuration file /etc/raddb/modules/linelog including configuration file /etc/raddb/modules/smbpasswd including configuration file /etc/raddb/modules/smsotp including configuration file /etc/raddb/modules/mac2ip including configuration file /etc/raddb/modules/policy including configuration file /etc/raddb/modules/mac2vlan including configuration file /etc/raddb/modules/expiration including configuration file /etc/raddb/modules/files including configuration file /etc/raddb/modules/attr_filter including configuration file /etc/raddb/modules/digest including configuration file /etc/raddb/modules/echo including configuration file /etc/raddb/modules/dhcp_sqlippool including configuration file /etc/raddb/modules/logintime including configuration file /etc/raddb/modules/passwd including configuration file /etc/raddb/modules/perl including configuration file /etc/raddb/modules/redis including configuration file /etc/raddb/modules/radutmp including configuration file /etc/raddb/modules/wimax including configuration file /etc/raddb/modules/sradutmp including configuration file /etc/raddb/modules/opendirectory including configuration file /etc/raddb/modules/mschap including configuration file /etc/raddb/modules/etc_group including configuration file /etc/raddb/modules/detail.log including configuration file /etc/raddb/modules/counter including configuration file /etc/raddb/modules/attr_rewrite including configuration file /etc/raddb/modules/replicate including configuration file /etc/raddb/modules/detail.example.com including configuration file /etc/raddb/modules/cache including configuration file /etc/raddb/sql.conf including configuration file /etc/raddb/mikbill.conf including files in directory /etc/raddb/sites-enabled/ including configuration file /etc/raddb/sites-enabled/mikbill including configuration file /etc/raddb/sites-enabled/default including configuration file /etc/raddb/sites-enabled/inner-tunnel including configuration file /etc/raddb/sites-enabled/control-socket main { allow_core_dumps = no } including dictionary file /etc/raddb/dictionary main { name = "radiusd" prefix = "/usr" localstatedir = "/var" sbindir = "/usr/sbin" logdir = "/var/log/radius" run_dir = "/var/run/radiusd" libdir = "/usr/lib/freeradius" radacctdir = "/var/log/radius/radacct" hostname_lookups = no max_request_time = 9 cleanup_delay = 1 max_requests = 65535 pidfile = "/var/run/radiusd/radiusd.pid" checkrad = "/usr/sbin/checkrad" debug_level = 0 proxy_requests = off log { stripped_names = no auth = no auth_badpass = no auth_goodpass = no } security { max_attributes = 3000 reject_delay = 0 status_server = yes } } radiusd: #### Loading Realms and Home Servers #### radiusd: #### Loading Clients #### radiusd: #### Instantiating modules #### instantiate { Module: Linked to module rlm_expr Module: Instantiating module "expr" from file /etc/raddb/modules/expr } radiusd: #### Loading Virtual Servers #### server { # from file modules { Module: Creating Auth-Type = Perl Module: Checking authenticate {...} for more modules to load Module: Linked to module rlm_always Module: Instantiating module "ok" from file /etc/raddb/modules/always always ok { rcode = "ok" simulcount = 0 mpp = no } Module: Linked to module rlm_perl Module: Instantiating module "perl" from file /etc/raddb/modules/perl perl { module = "/etc/raddb/example.pl" func_authorize = "authorize" func_authenticate = "authenticate" func_accounting = "accounting" func_preacct = "preacct" func_checksimul = "checksimul" func_detach = "detach" func_xlat = "xlat" func_pre_proxy = "pre_proxy" func_post_proxy = "post_proxy" func_post_auth = "post_auth" func_recv_coa = "recv_coa" func_send_coa = "send_coa" } Module: Checking authorize {...} for more modules to load Module: Linked to module rlm_preprocess Module: Instantiating module "preprocess" from file /etc/raddb/modules/preprocess preprocess { huntgroups = "/etc/raddb/huntgroups" hints = "/etc/raddb/hints" with_ascend_hack = no ascend_channels_per_line = 23 with_ntdomain_hack = no with_specialix_jetstream_hack = no with_cisco_vsa_hack = no with_alvarion_vsa_hack = no } reading pairlist file /etc/raddb/huntgroups reading pairlist file /etc/raddb/hints Module: Linked to module rlm_realm Module: Instantiating module "suffix" from file /etc/raddb/modules/realm realm suffix { format = "suffix" delimiter = "@" ignore_default = no ignore_null = no } Module: Linked to module rlm_mschap Module: Instantiating module "mschap" from file /etc/raddb/modules/mschap mschap { use_mppe = yes require_encryption = no require_strong = no with_ntdomain_hack = no allow_retry = yes } Module: Checking preacct {...} for more modules to load Module: Linked to module rlm_acct_unique Module: Instantiating module "acct_unique" from file /etc/raddb/modules/acct_unique acct_unique { key = "User-Name, Acct-Session-Id, NAS-IP-Address, NAS-Identifier, NAS-Port" } Module: Checking accounting {...} for more modules to load Module: Checking session {...} for more modules to load Module: Linked to module rlm_sql Module: Instantiating module "sql" from file /etc/raddb/sql.conf sql { driver = "rlm_sql_mysql" server = "localhost" port = "3306" login = "mikbill" password = "ПАРОЛЬ" radius_db = "mikbill" read_groups = yes sqltrace = no sqltracefile = "/var/log/radius/sqltrace.sql" readclients = yes deletestalesessions = yes num_sql_socks = 1 lifetime = 0 max_queries = 0 sql_user_name = "%{User-Name}" default_user_profile = "" nas_query = "SELECT id, nasname, shortname, type, secret FROM radnas" authorize_check_query = "SELECT id, username, attribute, value, op FROM radcheck WHERE username = BINARY '%{SQL-User-Name}' ORDER BY id" authorize_reply_query = "SELECT id, username, attribute, value, op FROM radreply WHERE username = BINARY '%{SQL-User-Name}' ORDER BY id" authorize_group_check_query = "SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id" authorize_group_reply_query = "SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id" accounting_onoff_query = " UPDATE radacct SET acctstoptime = '%S', acctsessiontime = unix_timestamp('%S') - unix_timestamp(acctstarttime), acctterminatecause = '%{Acct-Terminate-Cause}', acctstopdelay = %{%{Acct-Delay-Time}:-0} WHERE acctstoptime IS NULL AND nasipaddress = '%{NAS-IP-Address}' AND acctstarttime <= '%S'" accounting_update_query = " UPDATE radacct SET framedipaddress = '%{Framed-IP-Address}', acctsessiontime = '%{Acct-Session-Time}', acctinputoctets = '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}' WHERE acctsessionid = '%{Acct-Session-Id}' AND username = '%{SQL-User-Name}' AND nasipaddress = '%{NAS-IP-Address}'" accounting_update_query_alt = " INSERT INTO radacct (acctsessionid, acctuniqueid, username, realm, nasipaddress, nasportid, nasporttype, acctstarttime, acctsessiontime, acctauthentic, connectinfo_start, acctinputoctets, acctoutputoctets, calledstationid, callingstationid, servicetype, framedprotocol, framedipaddress, acctstartdelay, xascendsessionsvrkey) VALUES ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', DATE_SUB('%S', INTERVAL (%{%{Acct-Session-Time}:-0} + %{%{Acct-Delay-Time}:-0}) SECOND), '%{Acct-Session-Time}', '%{Acct-Authentic}', '', '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}', '%{Called-Station-Id}', '%{Calling-Station-Id}', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '0', '%{X-Ascend-Session-Svr-Key}')" accounting_start_query = " INSERT INTO radacct (acctsessionid, acctuniqueid, username, realm, nasipaddress, nasportid, nasporttype, acctstarttime, acctstoptime, acctsessiontime, acctauthentic, connectinfo_start, connectinfo_stop, acctinputoctets, acctoutputoctets, calledstationid, callingstationid, acctterminatecause, servicetype, framedprotocol, framedipaddress, acctstartdelay, acctstopdelay, xascendsessionsvrkey) VALUES ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', '%S', NULL, '0', '%{Acct-Authentic}', '%{Connect-Info}', '', '0', '0', '%{Called-Station-Id}', '%{Calling-Station-Id}', 'Online', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '%{%{Acct-Delay-Time}:-0}', '0', '%{X-Ascend-Session-Svr-Key}')" accounting_start_query_alt = " UPDATE radacct SET acctstarttime = '%S', acctterminatecause = 'Online', acctstartdelay = '%{%{Acct-Delay-Time}:-0}', connectinfo_start = '%{Connect-Info}' WHERE acctsessionid = '%{Acct-Session-Id}' AND username = '%{SQL-User-Name}' AND nasipaddress = '%{NAS-IP-Address}'" accounting_stop_query = " UPDATE radacct SET acctstoptime = '%S', acctsessiontime = '%{Acct-Session-Time}', acctinputoctets = '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}', acctterminatecause = '%{Acct-Terminate-Cause}', acctstopdelay = '%{%{Acct-Delay-Time}:-0}', connectinfo_stop = '%{Connect-Info}' WHERE acctsessionid = '%{Acct-Session-Id}' AND username = '%{SQL-User-Name}' AND nasipaddress = '%{NAS-IP-Address}'" accounting_stop_query_alt = " INSERT INTO radacct (acctsessionid, acctuniqueid, username, realm, nasipaddress, nasportid, nasporttype, acctstarttime, acctstoptime, acctsessiontime, acctauthentic, connectinfo_start, connectinfo_stop, acctinputoctets, acctoutputoctets, calledstationid, callingstationid, acctterminatecause, servicetype, framedprotocol, framedipaddress, acctstartdelay, acctstopdelay) VALUES ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', DATE_SUB('%S', INTERVAL (%{%{Acct-Session-Time}:-0} + %{%{Acct-Delay-Time}:-0}) SECOND), '%S', '%{Acct-Session-Time}', '%{Acct-Authentic}', '', '%{Connect-Info}', '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}', '%{Called-Station-Id}', '%{Calling-Station-Id}', '%{Acct-Terminate-Cause}', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '0', '%{%{Acct-Delay-Time}:-0}')" group_membership_query = "SELECT groupname FROM radusergroup WHERE username = BINARY '%{SQL-User-Name}' ORDER BY priority" connect_failure_retry_delay = 60 simul_count_query = "SELECT COUNT(*) FROM radacct WHERE username = '%{SQL-User-Name}' AND acctterminatecause = 'Online'" simul_verify_query = "SELECT radacctid, acctsessionid, username, nasipaddress, nasportid, framedipaddress, callingstationid, framedprotocol FROM radacct WHERE username = '%{SQL-User-Name}' AND acctterminatecause = 'Online'" postauth_query = "INSERT INTO radpostauth (username, pass, packettype,replymessage, nasipaddress, nasportid, callingstationid, authdate) VALUES ( '%{User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}','%{reply:Reply-Message}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{Calling-Station-Id}', '%S')" safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /" } rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked rlm_sql (sql): Attempting to connect to mikbill@localhost:3306/mikbill rlm_sql (sql): starting 0 rlm_sql (sql): Attempting to connect rlm_sql_mysql #0 rlm_sql_mysql: Starting connect to MySQL server for #0 rlm_sql (sql): Connected new DB handle, #0 rlm_sql (sql): Processing generate_sql_clients rlm_sql (sql) in generate_sql_clients: query is SELECT id, nasname, shortname, type, secret FROM radnas rlm_sql (sql): Reserving sql socket id: 0 rlm_sql (sql): Read entry nasname=localhost,shortname=localhost,secret=secret rlm_sql (sql): Adding client 127.0.0.1 (localhost, server=<none>) to clients list rlm_sql (sql): Read entry nasname=10.1.0.1,shortname=NAS-1,secret=secret rlm_sql (sql): Adding client 10.1.0.1 (NAS-1, server=<none>) to clients list rlm_sql (sql): Released sql socket id: 0 Module: Checking post-proxy {...} for more modules to load } # modules } # server server inner-tunnel { # from file /etc/raddb/sites-enabled/inner-tunnel modules { Module: Creating Post-Auth-Type = REJECT Module: Checking authenticate {...} for more modules to load Module: Linked to module rlm_pap Module: Instantiating module "pap" from file /etc/raddb/modules/pap pap { encryption_scheme = "auto" auto_header = no } Module: Linked to module rlm_chap Module: Instantiating module "chap" from file /etc/raddb/modules/chap Module: Linked to module rlm_unix Module: Instantiating module "unix" from file /etc/raddb/modules/unix unix { radwtmp = "/var/log/radius/radwtmp" } /etc/raddb/sites-enabled/inner-tunnel[237]: Failed to find "eap" in the "modules" section. /etc/raddb/sites-enabled/inner-tunnel[190]: Errors parsing authenticate section. В интернете нашёл только про реген ключей в cert, я их сгенерировал, но толку не дало... Может кто сталкивался с таким, подскажите пожалуйста как решить такую проблему... Переустановка системы и биллинга, по мне, очень плохой вариант... Вставить ник Quote Ответить с цитированием Share this post Link to post Share on other sites More sharing options...
pppoetest Posted October 9, 2015 · Report post grep eap /etc/raddb/sites-enabled/inner-tunnel ls /etc/raddb/modules/* | grep eap А также строки 190 и 237 /etc/raddb/sites-enabled/inner-tunnel Вставить ник Quote Ответить с цитированием Share this post Link to post Share on other sites More sharing options...
avb1987 Posted October 9, 2015 (edited) · Report post Скорее всего при обновлении пакета freeradius были добавлены ненужные файлы конфигурации в /etc/raddb. Посмотрите - в архиве с установщиком mikbill есть каталог с конфигурацией freeradius. Я бы попробовал использовать его вместо существующей конфигурации (сохранив то, что есть сейчас). Или можете посмотреть по дате - какие файлы были добавлены и переместить их куда-нибудь из /etc/raddb. У вас много модулей которые вообще не нужны в данном случае. Вот достаточный минимум: acct_unique always chap detail detail.log expiration expr linelog logintime mschap pap perl preprocess radutmp realm sradutmp unix Edited October 9, 2015 by avb1987 Вставить ник Quote Ответить с цитированием Share this post Link to post Share on other sites More sharing options...
korsakik Posted October 9, 2015 · Report post ibdir = /usr/lib/freeradius libdir = /usr/lib64/freeradius proxy_requests = off proxy_requests = no некоторые несовпадения в конфиге старого и нового. Ошибку выдавало из-за отсутствия $INCLUDE eap.conf в modules секции radiusd.conf Но после успешного запуска radius клиент залогиниться по-прежнему не может, пока не могу понять из-за чего... Сейчас лог выглядит так: radiusd -Xradiusd: FreeRADIUS Version 2.2.6, for host x86_64-redhat-linux-gnu, built on Sep 22 2015 at 15:27:25Copyright © 1999-2013 The FreeRADIUS server project and contributors.There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR APARTICULAR PURPOSE.You may redistribute copies of FreeRADIUS under the terms of theGNU General Public License.For more information about these matters, see the file named COPYRIGHT.Starting - reading configuration files ...including configuration file /etc/raddb/radiusd.confincluding files in directory /etc/raddb/modules/including configuration file /etc/raddb/modules/realmincluding configuration file /etc/raddb/modules/alwaysincluding configuration file /etc/raddb/modules/papincluding configuration file /etc/raddb/modules/detailincluding configuration file /etc/raddb/modules/preprocessincluding configuration file /etc/raddb/modules/exprincluding configuration file /etc/raddb/modules/chapincluding configuration file /etc/raddb/modules/acct_uniqueincluding configuration file /etc/raddb/modules/execincluding configuration file /etc/raddb/modules/unixincluding configuration file /etc/raddb/modules/expirationincluding configuration file /etc/raddb/modules/filesincluding configuration file /etc/raddb/modules/attr_filterincluding configuration file /etc/raddb/modules/digestincluding configuration file /etc/raddb/modules/logintimeincluding configuration file /etc/raddb/modules/perlincluding configuration file /etc/raddb/modules/radutmpincluding configuration file /etc/raddb/modules/sradutmpincluding configuration file /etc/raddb/modules/mschapincluding configuration file /etc/raddb/modules/detail.logincluding configuration file /etc/raddb/eap.confincluding configuration file /etc/raddb/sql.confincluding configuration file /etc/raddb/sql/mysql/dialup.confincluding files in directory /etc/raddb/sites-enabled/including configuration file /etc/raddb/sites-enabled/mikbillincluding configuration file /etc/raddb/sites-enabled/defaultincluding configuration file /etc/raddb/sites-enabled/inner-tunnelincluding configuration file /etc/raddb/sites-enabled/control-socketmain { allow_core_dumps = no}including dictionary file /etc/raddb/dictionarymain { name = "radiusd" prefix = "/usr" localstatedir = "/var" sbindir = "/usr/sbin" logdir = "/var/log/radius" run_dir = "/var/run/radiusd" libdir = "/usr/lib64/freeradius" radacctdir = "/var/log/radius/radacct" hostname_lookups = no max_request_time = 30 cleanup_delay = 1 max_requests = 65535 pidfile = "/var/run/radiusd/radiusd.pid" checkrad = "/usr/sbin/checkrad" debug_level = 0 proxy_requests = offlog { stripped_names = no auth = yes auth_badpass = yes auth_goodpass = yes}security { max_attributes = 500 reject_delay = 0 status_server = yes}}radiusd: #### Loading Realms and Home Servers ####radiusd: #### Loading Clients ####radiusd: #### Instantiating modules ####instantiate {Module: Linked to module rlm_exprModule: Instantiating module "expr" from file /etc/raddb/modules/expr}radiusd: #### Loading Virtual Servers ####server { # from filemodules { Module: Creating Auth-Type = PerlModule: Checking authenticate {...} for more modules to loadModule: Linked to module rlm_alwaysModule: Instantiating module "ok" from file /etc/raddb/modules/always always ok { rcode = "ok" simulcount = 0 mpp = no }Module: Linked to module rlm_perlModule: Instantiating module "perl" from file /etc/raddb/modules/perl perl { module = "/etc/raddb/mikbill.pl" func_authorize = "authorize" func_authenticate = "authenticate" func_accounting = "accounting" func_preacct = "preacct" func_checksimul = "checksimul" func_detach = "detach" func_xlat = "xlat" func_pre_proxy = "pre_proxy" func_post_proxy = "post_proxy" func_post_auth = "post_auth" func_recv_coa = "recv_coa" func_send_coa = "send_coa" }Module: Checking authorize {...} for more modules to loadModule: Linked to module rlm_preprocessModule: Instantiating module "preprocess" from file /etc/raddb/modules/preprocess preprocess { huntgroups = "/etc/raddb/huntgroups" with_ascend_hack = no ascend_channels_per_line = 23 with_ntdomain_hack = no with_specialix_jetstream_hack = no with_cisco_vsa_hack = no with_alvarion_vsa_hack = no }reading pairlist file /etc/raddb/huntgroupsModule: Linked to module rlm_realmModule: Instantiating module "suffix" from file /etc/raddb/modules/realm realm suffix { format = "suffix" delimiter = "@" ignore_default = no ignore_null = no }Module: Linked to module rlm_mschapModule: Instantiating module "mschap" from file /etc/raddb/modules/mschap mschap { use_mppe = yes require_encryption = no require_strong = no with_ntdomain_hack = no allow_retry = yes }Module: Checking preacct {...} for more modules to loadModule: Linked to module rlm_acct_uniqueModule: Instantiating module "acct_unique" from file /etc/raddb/modules/acct_unique acct_unique { key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port" }Module: Checking accounting {...} for more modules to loadModule: Checking session {...} for more modules to loadModule: Linked to module rlm_sqlModule: Instantiating module "sql" from file /etc/raddb/sql.conf sql { driver = "rlm_sql_mysql" server = "localhost" port = "3306" login = "mikbill" password = "пароль" radius_db = "mikbill" read_groups = yes sqltrace = no sqltracefile = "/var/log/radius/sqltrace.sql" readclients = no deletestalesessions = yes num_sql_socks = 16 lifetime = 0 max_queries = 0 sql_user_name = "%{User-Name}" default_user_profile = "" nas_query = "SELECT id, nasname, shortname, type, secret, server FROM nas" authorize_check_query = "SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id" authorize_reply_query = "SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id" authorize_group_check_query = "SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id" authorize_group_reply_query = "SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id" accounting_onoff_query = " UPDATE radacct SET acctstoptime = '%S', acctsessiontime = unix_timestamp('%S') - unix_timestamp(acctstarttime), acctterminatecause = '%{Acct-Terminate-Cause}', acctstopdelay = %{%{Acct-Delay-Time}:-0} WHERE acctstoptime IS NULL AND nasipaddress = '%{NAS-IP-Address}' AND acctstarttime <= '%S'" accounting_update_query = " UPDATE radacct SET framedipaddress = '%{Framed-IP-Address}', acctsessiontime = '%{%{Acct-Session-Time}:-0}', acctinputoctets = '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}' WHERE acctsessionid = '%{Acct-Session-Id}' AND username = '%{SQL-User-Name}' AND nasipaddress = '%{NAS-IP-Address}'" accounting_update_query_alt = " INSERT INTO radacct (acctsessionid, acctuniqueid, username, realm, nasipaddress, nasportid, nasporttype, acctstarttime, acctsessiontime, acctauthentic, connectinfo_start, acctinputoctets, acctoutputoctets, calledstationid, callingstationid, servicetype, framedprotocol, framedipaddress, acctstartdelay, xascendsessionsvrkey) VALUES ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', DATE_SUB('%S', INTERVAL (%{%{Acct-Session-Time}:-0} + %{%{Acct-Delay-Time}:-0}) SECOND), '%{%{Acct-Session-Time}:-0}', '%{Acct-Authentic}', '', '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}', '%{Called-Station-Id}', '%{Calling-Station-Id}', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '0', '%{X-Ascend-Session-Svr-Key}')" accounting_start_query = " INSERT INTO radacct (acctsessionid, acctuniqueid, username, realm, nasipaddress, nasportid, nasporttype, acctstarttime, acctstoptime, acctsessiontime, acctauthentic, connectinfo_start, connectinfo_stop, acctinputoctets, acctoutputoctets, calledstationid, callingstationid, acctterminatecause, servicetype, framedprotocol, framedipaddress, acctstartdelay, acctstopdelay, xascendsessionsvrkey) VALUES ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', '%S', NULL, '0', '%{Acct-Authentic}', '%{Connect-Info}', '', '0', '0', '%{Called-Station-Id}', '%{Calling-Station-Id}', '', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '%{%{Acct-Delay-Time}:-0}', '0', '%{X-Ascend-Session-Svr-Key}')" accounting_start_query_alt = " UPDATE radacct SET acctstarttime = '%S', acctstartdelay = '%{%{Acct-Delay-Time}:-0}', connectinfo_start = '%{Connect-Info}' WHERE acctsessionid = '%{Acct-Session-Id}' AND username = '%{SQL-User-Name}' AND nasipaddress = '%{NAS-IP-Address}'" accounting_stop_query = " UPDATE radacct SET acctstoptime = '%S', acctsessiontime = '%{%{Acct-Session-Time}:-0}', acctinputoctets = '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}', acctterminatecause = '%{Acct-Terminate-Cause}', acctstopdelay = '%{%{Acct-Delay-Time}:-0}', connectinfo_stop = '%{Connect-Info}' WHERE acctsessionid = '%{Acct-Session-Id}' AND username = '%{SQL-User-Name}' AND nasipaddress = '%{NAS-IP-Address}'" accounting_stop_query_alt = " INSERT INTO radacct (acctsessionid, acctuniqueid, username, realm, nasipaddress, nasportid, nasporttype, acctstarttime, acctstoptime, acctsessiontime, acctauthentic, connectinfo_start, connectinfo_stop, acctinputoctets, acctoutputoctets, calledstationid, callingstationid, acctterminatecause, servicetype, framedprotocol, framedipaddress, acctstartdelay, acctstopdelay) VALUES ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', DATE_SUB('%S', INTERVAL (%{%{Acct-Session-Time}:-0} + %{%{Acct-Delay-Time}:-0}) SECOND), '%S', '%{%{Acct-Session-Time}:-0}', '%{Acct-Authentic}', '', '%{Connect-Info}', '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}', '%{Called-Station-Id}', '%{Calling-Station-Id}', '%{Acct-Terminate-Cause}', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '0', '%{%{Acct-Delay-Time}:-0}')" group_membership_query = "SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority" connect_failure_retry_delay = 60 simul_count_query = "" simul_verify_query = "SELECT radacctid, acctsessionid, username, nasipaddress, nasportid, framedipaddress, callingstationid, framedprotocol FROM radacct WHERE username = '%{SQL-User-Name}' AND acctstoptime IS NULL" postauth_query = "INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S')" safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /" }rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linkedrlm_sql (sql): Attempting to connect to mikbill@localhost:3306/mikbillrlm_sql (sql): starting 0rlm_sql (sql): Attempting to connect rlm_sql_mysql #0rlm_sql_mysql: Starting connect to MySQL server for #0rlm_sql (sql): Connected new DB handle, #0rlm_sql (sql): starting 1rlm_sql (sql): Attempting to connect rlm_sql_mysql #1rlm_sql_mysql: Starting connect to MySQL server for #1rlm_sql (sql): Connected new DB handle, #1rlm_sql (sql): starting 2rlm_sql (sql): Attempting to connect rlm_sql_mysql #2rlm_sql_mysql: Starting connect to MySQL server for #2rlm_sql (sql): Connected new DB handle, #2rlm_sql (sql): starting 3rlm_sql (sql): Attempting to connect rlm_sql_mysql #3rlm_sql_mysql: Starting connect to MySQL server for #3rlm_sql (sql): Connected new DB handle, #3rlm_sql (sql): starting 4rlm_sql (sql): Attempting to connect rlm_sql_mysql #4rlm_sql_mysql: Starting connect to MySQL server for #4rlm_sql (sql): Connected new DB handle, #4rlm_sql (sql): starting 5rlm_sql (sql): Attempting to connect rlm_sql_mysql #5rlm_sql_mysql: Starting connect to MySQL server for #5rlm_sql (sql): Connected new DB handle, #5rlm_sql (sql): starting 6rlm_sql (sql): Attempting to connect rlm_sql_mysql #6rlm_sql_mysql: Starting connect to MySQL server for #6rlm_sql (sql): Connected new DB handle, #6rlm_sql (sql): starting 7rlm_sql (sql): Attempting to connect rlm_sql_mysql #7rlm_sql_mysql: Starting connect to MySQL server for #7rlm_sql (sql): Connected new DB handle, #7rlm_sql (sql): starting 8rlm_sql (sql): Attempting to connect rlm_sql_mysql #8rlm_sql_mysql: Starting connect to MySQL server for #8rlm_sql (sql): Connected new DB handle, #8rlm_sql (sql): starting 9rlm_sql (sql): Attempting to connect rlm_sql_mysql #9rlm_sql_mysql: Starting connect to MySQL server for #9rlm_sql (sql): Connected new DB handle, #9rlm_sql (sql): starting 10rlm_sql (sql): Attempting to connect rlm_sql_mysql #10rlm_sql_mysql: Starting connect to MySQL server for #10rlm_sql (sql): Connected new DB handle, #10rlm_sql (sql): starting 11rlm_sql (sql): Attempting to connect rlm_sql_mysql #11rlm_sql_mysql: Starting connect to MySQL server for #11rlm_sql (sql): Connected new DB handle, #11rlm_sql (sql): starting 12rlm_sql (sql): Attempting to connect rlm_sql_mysql #12rlm_sql_mysql: Starting connect to MySQL server for #12rlm_sql (sql): Connected new DB handle, #12rlm_sql (sql): starting 13rlm_sql (sql): Attempting to connect rlm_sql_mysql #13rlm_sql_mysql: Starting connect to MySQL server for #13rlm_sql (sql): Connected new DB handle, #13rlm_sql (sql): starting 14rlm_sql (sql): Attempting to connect rlm_sql_mysql #14rlm_sql_mysql: Starting connect to MySQL server for #14rlm_sql (sql): Connected new DB handle, #14rlm_sql (sql): starting 15rlm_sql (sql): Attempting to connect rlm_sql_mysql #15rlm_sql_mysql: Starting connect to MySQL server for #15rlm_sql (sql): Connected new DB handle, #15Module: Checking post-proxy {...} for more modules to load} # modules} # serverserver inner-tunnel { # from file /etc/raddb/sites-enabled/inner-tunnelmodules { Module: Creating Post-Auth-Type = REJECTModule: Checking authenticate {...} for more modules to loadModule: Linked to module rlm_papModule: Instantiating module "pap" from file /etc/raddb/modules/pap pap { encryption_scheme = "auto" auto_header = no }Module: Linked to module rlm_chapModule: Instantiating module "chap" from file /etc/raddb/modules/chapModule: Linked to module rlm_unixModule: Instantiating module "unix" from file /etc/raddb/modules/unix unix { radwtmp = "/var/log/radius/radwtmp" }Module: Linked to module rlm_eapModule: Instantiating module "eap" from file /etc/raddb/eap.conf eap { default_eap_type = "md5" timer_expire = 60 ignore_unknown_eap_types = no cisco_accounting_username_bug = no max_sessions = 65535 }Module: Linked to sub-module rlm_eap_md5Module: Instantiating eap-md5Module: Linked to sub-module rlm_eap_leapModule: Instantiating eap-leapModule: Linked to sub-module rlm_eap_gtcModule: Instantiating eap-gtc gtc { challenge = "Password: " auth_type = "PAP" }Module: Linked to sub-module rlm_eap_tlsModule: Instantiating eap-tls tls { rsa_key_exchange = no dh_key_exchange = yes rsa_key_length = 512 dh_key_length = 512 verify_depth = 0 CA_path = "/etc/raddb/certs" pem_file_type = yes private_key_file = "/etc/raddb/certs/server.pem" certificate_file = "/etc/raddb/certs/server.pem" CA_file = "/etc/raddb/certs/ca.pem" private_key_password = "whatever" dh_file = "/etc/raddb/certs/dh" fragment_size = 1024 include_length = yes check_crl = no cipher_list = "DEFAULT" ecdh_curve = "prime256v1" cache { enable = no lifetime = 24 max_entries = 255 } verify { } ocsp { enable = no override_cert_url = yes url = "http://127.0.0.1/ocsp/" use_nonce = yes timeout = 0 softfail = no } }Module: Linked to sub-module rlm_eap_ttlsModule: Instantiating eap-ttls ttls { default_eap_type = "md5" copy_request_to_tunnel = no use_tunneled_reply = no virtual_server = "inner-tunnel" include_length = yes }Module: Linked to sub-module rlm_eap_peapModule: Instantiating eap-peap peap { default_eap_type = "mschapv2" copy_request_to_tunnel = no use_tunneled_reply = no proxy_tunneled_request_as_eap = yes virtual_server = "inner-tunnel" soh = no }Module: Linked to sub-module rlm_eap_mschapv2Module: Instantiating eap-mschapv2 mschapv2 { with_ntdomain_hack = no send_error = no }Module: Checking authorize {...} for more modules to loadModule: Linked to module rlm_filesModule: Instantiating module "files" from file /etc/raddb/modules/files files { usersfile = "/etc/raddb/users" acctusersfile = "/etc/raddb/acct_users" preproxy_usersfile = "/etc/raddb/preproxy_users" compat = "no" }reading pairlist file /etc/raddb/usersreading pairlist file /etc/raddb/acct_usersreading pairlist file /etc/raddb/preproxy_usersModule: Linked to module rlm_expirationModule: Instantiating module "expiration" from file /etc/raddb/modules/expiration expiration { reply-message = "Password Has Expired " }Module: Linked to module rlm_logintimeModule: Instantiating module "logintime" from file /etc/raddb/modules/logintime logintime { reply-message = "You are calling outside your allowed timespan " minimum-timeout = 60 }Module: Checking session {...} for more modules to loadModule: Linked to module rlm_radutmpModule: Instantiating module "radutmp" from file /etc/raddb/modules/radutmp radutmp { filename = "/var/log/radius/radutmp" username = "%{User-Name}" case_sensitive = yes check_with_nas = yes perm = 384 callerid = yes }Module: Checking post-proxy {...} for more modules to loadModule: Checking post-auth {...} for more modules to loadModule: Linked to module rlm_attr_filterModule: Instantiating module "attr_filter.access_reject" from file /etc/raddb/modules/attr_filter attr_filter attr_filter.access_reject { attrsfile = "/etc/raddb/attrs.access_reject" key = "%{User-Name}" relaxed = no }reading pairlist file /etc/raddb/attrs.access_reject} # modules} # serverradiusd: #### Opening IP addresses and Ports ####listen { type = "auth" ipaddr = * port = 0}listen { type = "acct" ipaddr = * port = 0}listen { type = "control"listen { socket = "/var/run/radiusd/radiusd.sock"}}listen { type = "auth" ipaddr = 127.0.0.1 port = 18120}Listening on authentication address * port 1812Listening on accounting address * port 1813Listening on command file /var/run/radiusd/radiusd.sockListening on authentication address 127.0.0.1 port 18120 as server inner-tunnelReady to process requests.Ignoring request to accounting address * port 1813 from unknown client 10.1.0.1 port 48252Ready to process requests.Ignoring request to accounting address * port 1813 from unknown client 10.1.0.1 port 52039Ready to process requests.Ignoring request to accounting address * port 1813 from unknown client 10.1.0.1 port 52039Ready to process requests.Ignoring request to accounting address * port 1813 from unknown client 10.1.0.1 port 52039Ready to process requests.Ignoring request to accounting address * port 1813 from unknown client 10.1.0.1 port 33283Ready to process requests.Ignoring request to accounting address * port 1813 from unknown client 10.1.0.1 port 45537Ready to process requests.Ignoring request to accounting address * port 1813 from unknown client 10.1.0.1 port 33283Ready to process requests.Ignoring request to accounting address * port 1813 from unknown client 10.1.0.1 port 45537Ready to process requests.Ignoring request to accounting address * port 1813 from unknown client 10.1.0.1 port 33283Ready to process requests.Ignoring request to accounting address * port 1813 from unknown client 10.1.0.1 port 45537Ready to process requests.Ignoring request to accounting address * port 1813 from unknown client 10.1.0.1 port 50025Ready to process requests.Ignoring request to accounting address * port 1813 from unknown client 10.1.0.1 port 50025Ready to process requests.Ignoring request to accounting address * port 1813 from unknown client 10.1.0.1 port 50025Ready to process requests.Ignoring request to accounting address * port 1813 from unknown client 10.1.0.1 port 34121Ready to process requests.Ignoring request to accounting address * port 1813 from unknown client 10.1.0.1 port 34121Ready to process requests.Ignoring request to accounting address * port 1813 from unknown client 10.1.0.1 port 34121Ready to process requests.Ignoring request to accounting address * port 1813 from unknown client 10.1.0.1 port 56104Ready to process requests.Ignoring request to accounting address * port 1813 from unknown client 10.1.0.1 port 56104Ready to process requests.Ignoring request to accounting address * port 1813 from unknown client 10.1.0.1 port 56104Ready to process requests.Ignoring request to accounting address * port 1813 from unknown client 10.1.0.1 port 42813Ready to process requests.Ignoring request to accounting address * port 1813 from unknown client 10.1.0.1 port 42813Ready to process requests.Ignoring request to accounting address * port 1813 from unknown client 10.1.0.1 port 42813Ready to process requests.^C Вставить ник Quote Ответить с цитированием Share this post Link to post Share on other sites More sharing options...
pppoetest Posted October 9, 2015 · Report post В логах написано, что клиент 10.1.0.1 серверу не известен. Смотрите как описаны клиенты. Вставить ник Quote Ответить с цитированием Share this post Link to post Share on other sites More sharing options...
avb1987 Posted October 9, 2015 (edited) · Report post Под клиентом здесь подразумевается сервер доступа (т.е. NAS). Посмотрите - возможно у него поменялся IP-адрес? Совпадает ли он с тем, что указан в справочнике NAS в Mikbill? ИМХО, проблема будет решена гораздо быстрее если вы обратитесь в платную техподдержку. Edited October 9, 2015 by avb1987 Вставить ник Quote Ответить с цитированием Share this post Link to post Share on other sites More sharing options...
korsakik Posted October 10, 2015 (edited) · Report post Под клиентом здесь подразумевается сервер доступа (т.е. NAS). Посмотрите - возможно у него поменялся IP-адрес? Совпадает ли он с тем, что указан в справочнике NAS в Mikbill? В "сервера NAS" вижу записи с верными адресами, в базе тоже эти записи имеются. Надо ли что-то делать с clients.conf ? Если информация идёт с БД то зачем что-то записывать в файл? Правил строки client 10.1.0.1 { secret = secret shortname = 10.1.0.1 } Но ожидаемого результата не дало :( Edited October 10, 2015 by korsakik Вставить ник Quote Ответить с цитированием Share this post Link to post Share on other sites More sharing options...
avb1987 Posted October 10, 2015 · Report post Вы заменили каталог raddb каталогом с конфигурацией из установщика Mikbill? Если да то откуда у вас clients.conf? его быть не должно. Никакого EAP там тоже быть не должно. Вставить ник Quote Ответить с цитированием Share this post Link to post Share on other sites More sharing options...
avb1987 Posted October 10, 2015 · Report post Если вы перемещали лишние файлы, то попробуйте еще оттуда переместить все из sites-enabled кроме dhcp и mikbill. А также: /etc/raddb/sql/mysql/dialup.conf /etc/raddb/eap.conf Если вы добавили вручную ссылки на эти файлы из radiusd.conf то закомментируйте. Вставить ник Quote Ответить с цитированием Share this post Link to post Share on other sites More sharing options...
avb1987 Posted October 10, 2015 (edited) · Report post Модули digest и files тоже стоит отключить. Небольшое пояснение: Модуль EAP может понадобиться если вы используете авторизацию 802.1x. В таком случае нужно брать файлы из /freeradius/EAP - соответствующие конфигурации сайтов, модуля EAP и т.д. Во всех остальных случаях он обычно не используется и конфигурацию (в том числе сайтов) надо брать из /Centos6x/raddb (или из другого каталога соответствующего вашей ОС). Если вы не используете Mikbill DHCP, то dhcp в sites-enabled так же быть не должно. Edited October 10, 2015 by avb1987 Вставить ник Quote Ответить с цитированием Share this post Link to post Share on other sites More sharing options...
korsakik Posted October 10, 2015 · Report post Вы заменили каталог raddb каталогом с конфигурацией из установщика Mikbill? Если да то откуда у вас clients.conf? его быть не должно. Никакого EAP там тоже быть не должно. Как раз при использовании файлов из дистрибутива я и получаю ошибку. Получал точнее. Я действовал немного по-другому, удалил freeradius полностью, с папкой. Потом установил заново пакеты, начинал править конфигурацию, так как на старой мне выдавало ошибки, и он запустился, но пока unknown host. Вставить ник Quote Ответить с цитированием Share this post Link to post Share on other sites More sharing options...
avb1987 Posted October 10, 2015 · Report post Хорошо, давайте попробуем сначала. Пакет freeradius у вас уже установлен. Удалите каталог raddb (сделав бекап) и замените его каталогом DISTR/Centos6x/raddb. Скопируйте файл raddb/serialize.pm в /usr/lib/perl5/vendor_perl/5.X.X/ В файле raddb/sql.conf укажите настройки для подключения к БД. После этого запустите radiusd -f -X и скопируйте сюда лог. Вставить ник Quote Ответить с цитированием Share this post Link to post Share on other sites More sharing options...
avb1987 Posted October 10, 2015 (edited) · Report post Если у вас 64-битная ОС то копировать serialize.pm нужно в /usr/lib64/perl5/vendor_perl/ Edited October 10, 2015 by avb1987 Вставить ник Quote Ответить с цитированием Share this post Link to post Share on other sites More sharing options...
korsakik Posted October 10, 2015 · Report post Хорошо, давайте попробуем сначала. Пакет freeradius у вас уже установлен. Удалите каталог raddb (сделав бекап) и замените его каталогом DISTR/Centos6x/raddb. Скопируйте файл raddb/serialize.pm в /usr/lib/perl5/vendor_perl/5.X.X/ В файле raddb/sql.conf укажите настройки для подключения к БД. После этого запустите radiusd -f -X и скопируйте сюда лог. Даже и не знаю как Вас отблагодарить, всё заработало, спасибо Вам огромное! Вставить ник Quote Ответить с цитированием Share this post Link to post Share on other sites More sharing options...
avb1987 Posted October 10, 2015 · Report post Ну, хорошо если так. Вставить ник Quote Ответить с цитированием Share this post Link to post Share on other sites More sharing options...
korsakik Posted October 10, 2015 · Report post Ну, хорошо если так. Очень жаль, что та информация, которая представлена разработчиками биллинга либо неактуальна, либо неполная. К примеру нужно было банально PCQ шейпера настроить для тарифов день\ночь, в документации сказано одно, тех отдел мне открытым текстом говорит что статья неправильная, по ней не делайте, делайте по другой статье, и кидают ссылку на отельную доку, которая ни с чем не связана, только в догадках... Уже не раз говорил об этом, даже не я один, но никто не прислушивается, к сожалению. Вставить ник Quote Ответить с цитированием Share this post Link to post Share on other sites More sharing options...