-LSV- Posted March 27, 2006 Posted March 27, 2006 Задача такая... Создавать доступ в и-нет по учёткам из AD. Конечно можно дублировать учётки на Фре, но а если их несколько тысяч и их нужно иногда включать и выключать. В общем нужно создавать учётки и работать с ними только в одном месне АД! Вот конфиги: mpd.conf default: load pptp0 load pptp1 load pptp2 pptp0: new -i ng0 pptp000 pptp000 load pptp_standard pptp1: new -i ng1 pptp001 pptp001 load pptp_standard pptp2: new -i ng2 pptp002 pptp002 load pptp_standard pptp_standard: set ipcp ranges 192.168.0.0/254 192.168.0.164/16 set pptp self 192.168.0.160 set pptp enable incoming set pptp disable originate set iface disable on-demand set iface enable proxy-arp set iface idle 2400 set iface enable tcpmssfix # set iface mtu 1300 set bundle disable multilink set link yes acfcomp protocomp set iface up-script /root/drs/utils/upiface.sh set iface down-script /root/drs/utils/downiface.sh set link no pap chap set link enable chap set link yes chap-md5 set link no chap-msv1 set link no chap-msv2 # set link mtu 1460 set link mtu 1360 set link mru 1360 set link keep-alive 60 180 set ipcp yes vjcomp set ipcp dns 212.122.1.2 set bundle enable compression set ccp yes mppc set ccp yes mpp-e40 set ccp yes mpp-e128 set ccp yes mpp-stateless # RADIUS set radius retries 3 set radius timeout 10 set radius server 192.168.0.4 secret 1812 1813 set radius acct-update 60 set radius me X.X.X.X set ipcp enable radius-ip # enable RADIUS, and fallback to mpd.secret, if RADIUS auth failed set bundle enable radius-acct set bundle enable radius-auth set radius update-limit-in 100000 set radius update-limit-out 100000 # set bundle enable radius-fallback # use idle-timeout and mtu from the RADIUS server # set iface enable radius-idle radius-mtu # let the RADIUS server assign MPPE-types and MPPE-policies # set ccp enable radius mpd.links pptp000: set link type pptp pptp001: set link type pptp pptp002: set link type pptp Вот кусок лога... Now 2 14:13:16 host mpd: [pptp0] LCP: LayerDown Now 2 14:13:16 host mpd: [pptp0] device: DOWN event in state DOWN Now 2 14:13:16 host mpd: [pptp0] device is now in stste DOWN Now 2 14:13:16 host mpd: [pptp0] killconnection with 192.168.0.44:1599 Now 2 14:13:16 host mpd: [pptp0] link: DOWN event Now 2 14:13:16 host mpd: [pptp0] LCP: Down event Now 2 14:13:16 host mpd: [pptp0] LCP: LayerFinish Now 2 14:13:16 host mpd: [pptp0] LCP: state change Closing --> Initial Now 2 14:13:16 host mpd: [pptp0] LCP: phase shift TERMINATE --> DEAD Now 2 14:13:16 host mpd: [pptp0] link: DOWN event Now 2 14:13:16 host mpd: [pptp0] LCP: Down event Now 2 14:13:16 host mpd: [pptp0] device: CLOSE event in state DOWN Now 2 14:13:16 host mpd: [pptp0] device is now in stste DOWN А вот http://personal.primorye.ru/lsv/img/vpn_error.gif ошибка А что нужно писать тут? set radius me X.X.X.X Вставить ник Quote
balamutang Posted March 27, 2006 Posted March 27, 2006 у меня сделано так (правда радиус на фре всетаки) mpd.conf set radius config /etc/radius.conf set radius timeout 10 set radius retries 3 set radius acct-update 60 set radius update-limit-in 100000 set radius update-limit-out 100000 set bundle enable radius-auth set bundle enable radius-acct set ipcp yes radius-ip /etc/radius.conf acct xxx.xxx.xxx.xxx myPa55wd auth xxx.xxx.xxx.xxx myPa55wd где xxx.xxx.xxx.xxx - ip радиуса myPa55wd - пароль к радиусу Вставить ник Quote
.png.5d2afa2996cc6a85d0f2c09b92dd0a28.png)
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.