Jump to content
Калькуляторы

NetUp UTM5 + Freeradius попытка запустить freeradius

Здравствуйте пожалуйста всем!

У меня следующая проблема - работаю не так давно у провайдера, решили запустить в сети dchp opt82 и прикрутить Freeradius

Биллинг NetUP UTM5 - ОС CentOS-5.5 FreeRadius 2, на форуме netup.ru ,были скрипты чтоб радиус обращался к базе биллинга но что то у меня не получается даже привязать радиус к биллингу - вот ссылка на мой пост

плиз посмотрите своим профессиональным взглядом скажите что не так?

 

http://www.netup.ru/phpbb/viewtopic.php?t=...40b84126035cfc4

Share this post


Link to post
Share on other sites

Установил фрирадиус заново решил снуля протестировать - создал пользователя - проверяю радтестом - и меня реджектит скажите плиз кто с талкивался с этим - почему?

 

./radtest shad test 127.0.0.1 1812 123
Sending Access-Request of id 47 to 127.0.0.1 port 1812
        User-Name = "shad"
        User-Password = "test"
        NAS-IP-Address = 127.0.0.1
        NAS-Port = 1812
rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=47, length=20

 

вот что в дебаге пишет

 

+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "shad", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns notfound
WARNING: Found User-Password == "...".
WARNING: Are you sure you don't mean Cleartext-Password?
WARNING: See "man rlm_pap" for more information.
[files] users: Matched entry shad at line 76
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user.  Authentication may fail because of this.
++[pap] returns noop
Found Auth-Type = Local
WARNING: Please update your configuration, and remove 'Auth-Type = Local'
WARNING: Use the PAP or CHAP modules instead.
No "known good" password was configured for the user.
As a result, we cannot authenticate the user.
Login incorrect (No password configured for the user): [shad/test] (from client localhost port 1812)
Failed to authenticate the user.
Login incorrect: [shad/test] (from client localhost port 1812)
Using Post-Auth-Type Reject
+- entering group REJECT {...}
[attr_filter.access_reject]     expand: %{User-Name} -> shad
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 2 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 2
Sending Access-Reject of id 113 to 127.0.0.1 port 58368
Waking up in 4.9 seconds.
Cleaning up request 2 ID 113 with timestamp +494
Ready to process requests.

Edited by vlad_odmin

Share this post


Link to post
Share on other sites

все нашел ошибку вот здесь - вдруг кому интересно

http://www.linux.org.ru/forum/admin/4687789

в конфиге юзерс не так немного прописал у меня трабла в точности как в этом посте )))) (была)

Share this post


Link to post
Share on other sites

сегодня переставил фрирадиус - действия записывал последовательно на будущее - посмотрел где лежат мускульные файлы

[root@admin sbin]# whereis mysql
mysql: /usr/bin/mysql /usr/lib/mysql /usr/include/mysql /usr/share/mysql /usr/share/man/man1/mysql.1.gz

 

 ./configure --prefix=/opt/freeradius --with-rlm-mysql-lib-dir=/usr/lib/mysql —with-rlm-mysql-include-dir=/usr/include/mysql 
make all install
chown -R radiusd:radiusd /opt/freeradius
Добавляю в файл users 
shad Auth-Type = Local, User-Password := "test" 
    Service-Type = Framed-User, 
    Framed-Protocol = PPP, 
    Framed-IP-Address = 195.168.0.15, 
    Framed-IP-Netmask = 255.255.255.0, 

В clients.conf правим 
secret = 123
shortname = localhost
nastype = other
правим radiusd.conf
user=radiusd
group=radiusd

listen {
        ipaddr = *
#       ipv6addr = ::
        port = 18132
        type = auth
#       interface = eth0
#       clients = per_socket_clients

listen {
        ipaddr = *
#       ipv6addr = ::
        port = 1813
        type = acct
#       interface = eth0
#       clients = per_socket_clients

hostname_lookups = yes

 

так вот посе установки и небольшой настройки при первом запуске пишет вот какие ошибки

Generating DH parameters, 1024 bit long safe prime, generator 2
This is going to take a long time
.................................................................+........+.....
........+..........................................+..................+.........+
.....................+...+.......+.+..........................+...+..............
.......................................+.....................+...................
.........................................+.......................................
..+............Child PID 20002 is taking too much time: forcing failure and killing child.
rlm_eap: Failed to initialize type tls
/opt/freeradius/etc/raddb/eap.conf[17]: Instantiation failed for module "eap"
/opt/freeradius/etc/raddb/sites-enabled/inner-tunnel[223]: Failed to load module "eap".
/opt/freeradius/etc/raddb/sites-enabled/inner-tunnel[176]: Errors parsing authenticate section.

 

а вот после второго запуска - прям следом за первым попробывал - вот что выдал

[root@admin sbin]# ./radiusd -X
FreeRADIUS Version 2.1.9, for host i686-pc-linux-gnu, built on Jun 29 2010 at 10:43:06
Copyright (C) 1999-2009 The FreeRADIUS server project and contributors. 
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A 
PARTICULAR PURPOSE. 
You may redistribute copies of FreeRADIUS under the terms of the 
GNU General Public License v2. 
Starting - reading configuration files ...
including configuration file /opt/freeradius/etc/raddb/radiusd.conf
including configuration file /opt/freeradius/etc/raddb/proxy.conf
including configuration file /opt/freeradius/etc/raddb/clients.conf
including files in directory /opt/freeradius/etc/raddb/modules/
including configuration file /opt/freeradius/etc/raddb/modules/sqlcounter_expire_on_login
including configuration file /opt/freeradius/etc/raddb/modules/sql_log
including configuration file /opt/freeradius/etc/raddb/modules/counter
including configuration file /opt/freeradius/etc/raddb/modules/acct_unique
including configuration file /opt/freeradius/etc/raddb/modules/unix
including configuration file /opt/freeradius/etc/raddb/modules/attr_rewrite
including configuration file /opt/freeradius/etc/raddb/modules/echo
including configuration file /opt/freeradius/etc/raddb/modules/sradutmp
including configuration file /opt/freeradius/etc/raddb/modules/detail
including configuration file /opt/freeradius/etc/raddb/modules/realm
including configuration file /opt/freeradius/etc/raddb/modules/chap
including configuration file /opt/freeradius/etc/raddb/modules/always
including configuration file /opt/freeradius/etc/raddb/modules/ippool
including configuration file /opt/freeradius/etc/raddb/modules/exec
including configuration file /opt/freeradius/etc/raddb/modules/preprocess
including configuration file /opt/freeradius/etc/raddb/modules/files
including configuration file /opt/freeradius/etc/raddb/modules/smsotp
including configuration file /opt/freeradius/etc/raddb/modules/mschap
including configuration file /opt/freeradius/etc/raddb/modules/krb5
including configuration file /opt/freeradius/etc/raddb/modules/radutmp
including configuration file /opt/freeradius/etc/raddb/modules/expiration
including configuration file /opt/freeradius/etc/raddb/modules/detail.log
including configuration file /opt/freeradius/etc/raddb/modules/mac2ip
including configuration file /opt/freeradius/etc/raddb/modules/cui
including configuration file /opt/freeradius/etc/raddb/modules/attr_filter
including configuration file /opt/freeradius/etc/raddb/modules/etc_group
including configuration file /opt/freeradius/etc/raddb/modules/logintime
including configuration file /opt/freeradius/etc/raddb/modules/expr
including configuration file /opt/freeradius/etc/raddb/modules/mac2vlan
including configuration file /opt/freeradius/etc/raddb/modules/perl
including configuration file /opt/freeradius/etc/raddb/modules/wimax
including configuration file /opt/freeradius/etc/raddb/modules/pap
including configuration file /opt/freeradius/etc/raddb/modules/checkval
including configuration file /opt/freeradius/etc/raddb/modules/detail.example.com
including configuration file /opt/freeradius/etc/raddb/modules/ntlm_auth
including configuration file /opt/freeradius/etc/raddb/modules/smbpasswd
including configuration file /opt/freeradius/etc/raddb/modules/policy
including configuration file /opt/freeradius/etc/raddb/modules/passwd
including configuration file /opt/freeradius/etc/raddb/modules/pam
including configuration file /opt/freeradius/etc/raddb/modules/ldap
including configuration file /opt/freeradius/etc/raddb/modules/otp
including configuration file /opt/freeradius/etc/raddb/modules/linelog
including configuration file /opt/freeradius/etc/raddb/modules/digest
including configuration file /opt/freeradius/etc/raddb/modules/inner-eap
including configuration file /opt/freeradius/etc/raddb/eap.conf
including configuration file /opt/freeradius/etc/raddb/policy.conf
including files in directory /opt/freeradius/etc/raddb/sites-enabled/
including configuration file /opt/freeradius/etc/raddb/sites-enabled/inner-tunnel
including configuration file /opt/freeradius/etc/raddb/sites-enabled/default
including configuration file /opt/freeradius/etc/raddb/sites-enabled/control-socket
main {
        user = "radiusd"
        group = "radiusd"
        allow_core_dumps = no
}
including dictionary file /opt/freeradius/etc/raddb/dictionary
main {
        prefix = "/opt/freeradius"
        localstatedir = "/opt/freeradius/var"
        logdir = "/opt/freeradius/var/log/radius"
        libdir = "/opt/freeradius/lib"
        radacctdir = "/opt/freeradius/var/log/radius/radacct"
        hostname_lookups = yes
        max_request_time = 30
        cleanup_delay = 5
        max_requests = 1024
        pidfile = "/opt/freeradius/var/run/radiusd/radiusd.pid"
        checkrad = "/opt/freeradius/sbin/checkrad"
        debug_level = 0
        proxy_requests = yes
log {
        stripped_names = no
        auth = no
        auth_badpass = no
        auth_goodpass = no
}
security {
        max_attributes = 200
        reject_delay = 1
        status_server = yes
}
}
radiusd: #### Loading Realms and Home Servers ####
proxy server {
        retry_delay = 5
        retry_count = 3
        default_fallback = no
        dead_time = 120
        wake_all_if_all_dead = no
}
home_server localhost {
        ipaddr = 127.0.0.1
        port = 1812
        type = "auth"
        secret = "testing123"
        response_window = 20
        max_outstanding = 65536
        require_message_authenticator = no
        zombie_period = 40
        status_check = "status-server"
        ping_interval = 30
        check_interval = 30
        num_answers_to_alive = 3
        num_pings_to_alive = 3
        revive_interval = 120
        status_check_timeout = 4
        irt = 2
        mrt = 16
        mrc = 5
        mrd = 30
}
home_server_pool my_auth_failover {
        type = fail-over
        home_server = localhost
}
realm example.com {
        auth_pool = my_auth_failover
}
realm LOCAL {
}
radiusd: #### Loading Clients ####
client localhost {
        ipaddr = 127.0.0.1
        require_message_authenticator = no
        secret = "123"
        shortname = "localhost"
        nastype = "other"
}
radiusd: #### Instantiating modules ####
instantiate {
Module: Linked to module rlm_exec
Module: Instantiating exec
  exec {
        wait = no
        input_pairs = "request"
        shell_escape = yes
  }
Module: Linked to module rlm_expr
Module: Instantiating expr
Module: Linked to module rlm_expiration
Module: Instantiating expiration
  expiration {
        reply-message = "Password Has Expired  "
  }
Module: Linked to module rlm_logintime
Module: Instantiating logintime
  logintime {
        reply-message = "You are calling outside your allowed timespan  "
        minimum-timeout = 60
  }
}
radiusd: #### Loading Virtual Servers ####
server inner-tunnel {
modules {
Module: Checking authenticate {...} for more modules to load
Module: Linked to module rlm_pap
Module: Instantiating pap
  pap {
        encryption_scheme = "auto"
        auto_header = no
  }
Module: Linked to module rlm_chap
Module: Instantiating chap
Module: Linked to module rlm_mschap
Module: Instantiating mschap
  mschap {
        use_mppe = yes
        require_encryption = no
        require_strong = no
        with_ntdomain_hack = no
  }
Module: Linked to module rlm_unix
Module: Instantiating unix
  unix {
        radwtmp = "/opt/freeradius/var/log/radius/radwtmp"
  }
Module: Linked to module rlm_eap
Module: Instantiating eap
  eap {
        default_eap_type = "md5"
        timer_expire = 60
        ignore_unknown_eap_types = no
        cisco_accounting_username_bug = no
        max_sessions = 4096
  }
Module: Linked to sub-module rlm_eap_md5
Module: Instantiating eap-md5
Module: Linked to sub-module rlm_eap_leap
Module: Instantiating eap-leap
Module: Linked to sub-module rlm_eap_gtc
Module: Instantiating eap-gtc
   gtc {
        challenge = "Password: "
        auth_type = "PAP"
   }
Module: Linked to sub-module rlm_eap_tls
Module: Instantiating eap-tls
   tls {
        rsa_key_exchange = no
        dh_key_exchange = yes
        rsa_key_length = 512
        dh_key_length = 512
        verify_depth = 0
        pem_file_type = yes
        private_key_file = "/opt/freeradius/etc/raddb/certs/server.pem"
        certificate_file = "/opt/freeradius/etc/raddb/certs/server.pem"
        CA_file = "/opt/freeradius/etc/raddb/certs/ca.pem"
        private_key_password = "whatever"
        dh_file = "/opt/freeradius/etc/raddb/certs/dh"
        random_file = "/opt/freeradius/etc/raddb/certs/random"
        fragment_size = 1024
        include_length = yes
        check_crl = no
        cipher_list = "DEFAULT"
        make_cert_command = "/opt/freeradius/etc/raddb/certs/bootstrap"
    cache {
        enable = no
        lifetime = 24
        max_entries = 255
    }
   }
Generating a 2048 bit RSA private key
.................+++
...............................+++
unable to write 'random state'
writing new private key to 'server.key'
-----
Generating a 2048 bit RSA private key
......................+++
...........................................................+++
unable to write 'random state'
writing new private key to 'ca.key'
-----
Using configuration from ./server.cnf
Check that the request matches the signature
Signature ok
Certificate Details:
        Serial Number: 1 (0x1)
        Validity
            Not Before: Jul  6 06:44:02 2010 GMT
            Not After : Jul  6 06:44:02 2011 GMT
        Subject:
            countryName               = FR
            stateOrProvinceName       = Radius
            organizationName          = Example Inc.
            commonName                = Example Server Certificate
            emailAddress              = admin@example.com
        X509v3 extensions:
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication
Certificate is to be certified until Jul  6 06:44:02 2011 GMT (365 days)

Write out database with 1 new entries
Data Base Updated
unable to write 'random state'
unable to write 'random state'
MAC verified OK
Exec-Program output: openssl req -new  -out server.csr -keyout server.key -config ./server.cnf openssl req -new -x509 -keyout ca.key -out ca.pem \               -days `grep default_days ca.cnf | sed 's/.*=//;s/^ *//'` -config ./ca.cnf openssl ca -batch -keyfile ca.key -cert ca.pem -in server.csr  -key `grep output_password ca.cnf | sed 's/.*=//;s/^ *//'` -out server.crt -extensions xpserver_ext -extfile xpextensions -config ./server.cnf openssl pkcs12 -export -in server.crt -inkey server.key -out server.p12  -passin pass:`grep output_password server.cnf | sed 's/.*=//;s/^ *//'` -passout pass:`grep output_password server.cnf | sed 's/.*=//;s/^ *//'` openssl pkcs12 -in server.p12 -out server.pem -passin pass:`grep output_password server.cnf | sed 's/.*=//;s/^ *//'` -passout pass:`grep output_password server.cnf | sed 's/.*=//;s/^ *//'` openssl x509 -inform PEM -outform DER -in ca.pem -out ca.der 
Exec-Program-Wait: plaintext: openssl req -new  -out server.csr -keyout server.key -config ./server.cnf openssl req -new -x509 -keyout ca.key -out ca.pem \              -days `grep default_days ca.cnf | sed 's/.*=//;s/^ *//'` -config ./ca.cnf openssl ca -batch -keyfile ca.key -cert ca.pem -in server.csr  -key `grep output_password ca.cnf | sed 's/.*=//;s/^ *//'` -out server.crt -extensions xpserver_ext -extfile xpextensions -config ./server.cnf openssl pkcs12 -export -in server.crt -inkey server.key -out server.p12  -passin pass:`grep output_password server.cnf | sed 's/.*=//;s/^ *//'` -passout pass:`grep output_password server.cnf | sed 's/.*=//;s/^ *//'` openssl pkcs12 -in server.p12 -out server.pem -passin pass:`grep output_password server.cnf | sed 's/.*=//;s/^ *//'` -passout pass:`grep output_password server.cnf | sed 's/.*=//;s/^ *//'` openssl x509 -inform PEM -outform DER -in ca.pem -out ca.der 
Exec-Program: returned: 0
Module: Linked to sub-module rlm_eap_ttls
Module: Instantiating eap-ttls
   ttls {
        default_eap_type = "md5"
        copy_request_to_tunnel = no
        use_tunneled_reply = no
        virtual_server = "inner-tunnel"
        include_length = yes
   }
Module: Linked to sub-module rlm_eap_peap
Module: Instantiating eap-peap
   peap {
        default_eap_type = "mschapv2"
        copy_request_to_tunnel = no
        use_tunneled_reply = no
        proxy_tunneled_request_as_eap = yes
        virtual_server = "inner-tunnel"
   }
Module: Linked to sub-module rlm_eap_mschapv2
Module: Instantiating eap-mschapv2
   mschapv2 {
        with_ntdomain_hack = no
   }
Module: Checking authorize {...} for more modules to load
Module: Linked to module rlm_realm
Module: Instantiating suffix
  realm suffix {
        format = "suffix"
        delimiter = "@"
        ignore_default = no
        ignore_null = no
  }
Module: Linked to module rlm_files
Module: Instantiating files
  files {
        usersfile = "/opt/freeradius/etc/raddb/users"
        acctusersfile = "/opt/freeradius/etc/raddb/acct_users"
        preproxy_usersfile = "/opt/freeradius/etc/raddb/preproxy_users"
        compat = "no"
  }
Module: Checking session {...} for more modules to load
Module: Linked to module rlm_radutmp
Module: Instantiating radutmp
  radutmp {
        filename = "/opt/freeradius/var/log/radius/radutmp"
        username = "%{User-Name}"
        case_sensitive = yes
        check_with_nas = yes
        perm = 384
        callerid = yes
  }
Module: Checking post-proxy {...} for more modules to load
Module: Checking post-auth {...} for more modules to load
Module: Linked to module rlm_attr_filter
Module: Instantiating attr_filter.access_reject
  attr_filter attr_filter.access_reject {
        attrsfile = "/opt/freeradius/etc/raddb/attrs.access_reject"
        key = "%{User-Name}"
  }
} # modules
} # server
server {
modules {
Module: Checking authenticate {...} for more modules to load
Module: Checking authorize {...} for more modules to load
Module: Linked to module rlm_preprocess
Module: Instantiating preprocess
  preprocess {
        huntgroups = "/opt/freeradius/etc/raddb/huntgroups"
        hints = "/opt/freeradius/etc/raddb/hints"
        with_ascend_hack = no
        ascend_channels_per_line = 23
        with_ntdomain_hack = no
        with_specialix_jetstream_hack = no
        with_cisco_vsa_hack = no
        with_alvarion_vsa_hack = no
  }
Module: Checking preacct {...} for more modules to load
Module: Linked to module rlm_acct_unique
Module: Instantiating acct_unique
  acct_unique {
        key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port"
  }
Module: Checking accounting {...} for more modules to load
Module: Linked to module rlm_detail
Module: Instantiating detail
  detail {
        detailfile = "/opt/freeradius/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
        header = "%t"
        detailperm = 384
        dirperm = 493
        locking = no
        log_packet_header = no
  }
Module: Instantiating attr_filter.accounting_response
  attr_filter attr_filter.accounting_response {
        attrsfile = "/opt/freeradius/etc/raddb/attrs.accounting_response"
        key = "%{User-Name}"
  }
Module: Checking session {...} for more modules to load
Module: Checking post-proxy {...} for more modules to load
Module: Checking post-auth {...} for more modules to load
} # modules
} # server
radiusd: #### Opening IP addresses and Ports ####
listen {
        type = "auth"
        ipaddr = *
        port = 1812
}
listen {
        type = "acct"
        ipaddr = *
        port = 1813
}
listen {
        type = "control"
listen {
        socket = "/opt/freeradius/var/run/radiusd/radiusd.sock"
}
}
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on command file /opt/freeradius/var/run/radiusd/radiusd.sock
Listening on proxy address * port 1814
Ready to process requests.

ЧТо то не пойму почему так? может не правильно собрал? Собираю на CentOS 5.5

 

Share this post


Link to post
Share on other sites

делаю так

authorize_check_query="SELECT ip_groups.ip_group_id, ip_groups.uname, 'Password', ip_groups.upass, ':=' FROM UTM5.ip_groups, UTM5.iptraffic_service_links, UTM5.service_links, UTM5.accounts WHERE ip_groups.uname = '%{SQL-User-Name}' AND ip_groups.is_deleted='0' AND iptraffic_service_links.is_deleted='0' AND service_links.is_deleted='0' AND accounts.is_deleted='0' AND accounts.is_blocked='0' AND ip_groups.ip_group_id=iptraffic_service_links.ip_group_id AND iptraffic_service_links.id=service_links.id AND service_links.account_id=accounts.id" 

authorize_reply_query="SELECT ip_group_id, uname, 'Framed-IP-Address', inet_ntoa(ip_groups.ip & 0xFFFFFFFF) AS a, ':=' FROM UTM5.ip_groups WHERE uname='%{SQL-User-Name}' AND is_deleted='0' AND av='' UNION SELECT ip_group_id, uname, 'Auth-Type', 'Reject' as a, ':=' FROM ip_groups WHERE uname='%{SQL-User-Name}' AND is_deleted='0' AND av='1'" 

accounting_stop_query="INSERT INTO dhs_sessions_log (account_id, recv_date, last_update_date, Framed_IP_Address, NAS_Port, Acct_Delay_Time, Acct_Session_Id, NAS_Port_Type, User_Name, Service_Type, Framed_Protocol, NAS_IP_Address, NAS_Id, Acct_Status_Type, Acct_Input_Packets, Acct_Input_Octets, Acct_Output_Packets, Acct_Output_Octets, Acct_Session_Time, Called_Station_Id, Calling_Station_Id) SELECT basic_account, (%l-%{Acct-Session-Time}), '%l', ((inet_aton('%{Framed-IP-Address}') &0xFFFFFFFF)-4294967296), '%{NAS-Port}', '%{Acct-Delay-Time}', '%{Acct-Session-Id}', '%{NAS-Port-Type}', '%{SQL-User-Name}', '%{Service-Type}', '%{Framed-Protocol}', ((inet_aton('%{NAS-IP-Address}')&0xFFFFFFFF)-4294967296), '%{NAS-IP-Address}', '2', '%{Acct-Input-Packets}', '%{Acct-Input-Octets}', '%{Acct-Input-Octets}', '%{Acct-Output-Octets}', '%{Acct-Session-Time}', '%{Tunnel-Server-Endpoint}', '%{Calling-Station-Id}%{Tunnel-Client-Endpoint}' FROM users WHERE login='%{SQL-User-Name}';"

И получаю в ответ вот это

rad_recv: Access-Request packet from host 172.16.2.40 port 1645, id=21, length=138
        Framed-Protocol = PPP
        User-Name = "vlad"
        MS-CHAP-Challenge = 0xd21158a08b74e1aeef47a54468f7bf7b
        MS-CHAP2-Response = 0x01bf598b922c56c5d1e04a804a93df9fd82eb702000000295a6f72fd436d98cdb3fa4d6130d226
abc1713ab90cbbd2b9260e
        NAS-Port-Type = Virtual
        NAS-Port = 21
        Service-Type = Framed-User
        NAS-IP-Address = 172.16.2.40
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
[mschap] Found MS-CHAP attributes.  Setting 'Auth-Type  = mschap'
++[mschap] returns ok
[suffix] No '@' in User-Name = "vlad", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns notfound
[files] users: Matched entry DEFAULT at line 179
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user.  Authentication may fail because of this.
++[pap] returns noop
Found Auth-Type = MSCHAP
+- entering group MS-CHAP {...}
[mschap] No Cleartext-Password configured.  Cannot create LM-Password.
[mschap] No Cleartext-Password configured.  Cannot create NT-Password.
[mschap] Told to do MS-CHAPv2 for vlad with NT-Password
[mschap] FAILED: No NT/LM-Password.  Cannot perform authentication.
[mschap] FAILED: MS-CHAP2-Response is incorrect
++[mschap] returns reject
Failed to authenticate the user.
Login incorrect: [vlad/<via Auth-Type = mschap>] (from client cisco3660 port 21)
Using Post-Auth-Type Reject
+- entering group REJECT {...}
[attr_filter.access_reject]     expand: %{User-Name} -> vlad
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 21 to 172.16.2.40 port 1645
Waking up in 4.9 seconds.
Cleaning up request 0 ID 21 with timestamp +20
Ready to process requests.

 

помогите в чем тут проблема?

Share this post


Link to post
Share on other sites

Ну круто, что ещё сказать...

 

по логу видно, что sql не используется при авторизации

пилите конфиг

Share this post


Link to post
Share on other sites

устанавлявал радиус так yum install freeradius2 friradius2-mysql

хотел импортировать из /usr/share/doc/freeradius/examples mysql.sql чтобы протестить.... но ее там нет постгри олдап есть авот мускуля нету - кто нить сталкивался уже и из исходников собирал все равно нету базы мускульной в examles (((((

Share this post


Link to post
Share on other sites

её там и не будет

 

/usr/local/etc/raddb/sql/mysql - тут лежат дампы MySQL таблиц для радиуса

 

/usr/local/etc/raddb/sites-available/default - конфиг авторизации, там и укажите, что авторизация у вас будет через SQL, остальное выключайте нафик

 

и гуглите, гуглите и ещё раз гуглите, там всё что нужно сможете найти.

Share this post


Link to post
Share on other sites

спасибо так и сделаю.... а гуглю я ужо давненько... трудно потому как в провайдерской сфере не оч долго, потому бывают тупики в некоторых вопросах...

 

её там и не будет

 

/usr/local/etc/raddb/sql/mysql - тут лежат дампы MySQL таблиц для радиуса

 

/usr/local/etc/raddb/sites-available/default - конфиг авторизации, там и укажите, что авторизация у вас будет через SQL, остальное выключайте нафик

 

и гуглите, гуглите и ещё раз гуглите, там всё что нужно сможете найти.

usr/local/etc/raddb/sql/mysql - тутава у меня пусто вернее у меня в этом каталоге ничего нет usr/local/etc/raddb/

Share this post


Link to post
Share on other sites

основа моих действий - http://www.lissyara.su/articles/freebsd/security/mpd_10/

мои дейтсвия

1 - yum install freeradius2 freeradius2-mysql freeradius2-utils
2 - во т по этому мануалу проверил локального не скьэльного пользователя все гут - http://wiki.dodex.org/2009/07/21/freeradiusmysql/
3 - mysql -u root
> CREATE DATABASE radius;
> CRANT ALL PRIVILEGES ON radius.* TO radius@localhost IDENTIFIED BY "123";
Поскольку при установке в examples у меня не появился дамп мускульной базы скачал фрирадиус версии 2-0-0 пре1 от куад и взял дамп
mysql -u root radius < /tmp/examples/mysql.sql 
>INSERT INTO radcheck (UserName, Attribute, op, Value) VALUES ('testsql', 'Cleartext-Password', ':=', 'test123');
>INSERT INTO radreply (UserName, Attribute, op, Value) VALUES ('testsql', 'Framed-IP-Address', '=', '192.168.1.13');
>INSERT INTO radreply (UserName, Attribute, op, Value) VALUES ('testsql', 'Framed-IP-Netmask', '=', '255.255.255.255');
> INSERT INTO radreply (UserName, Attribute, op, Value) VALUES ('testsql', 'Framed-Protocol', '=', 'PPP');
> select * from radreply where UserName = 'testsql'; - проверил введеные данные
mysql> select * from radreply;
+----+----------+-------------------+----+-----------------+
| id | UserName | Attribute         | op | Value           |
+----+----------+-------------------+----+-----------------+
|  1 | testsql  | Framed-IP-Address | =  | 192.168.1.13    | 
|  2 | testsql  | Framed-IP-Netmask | =  | 255.255.255.255 | 
|  3 | testsql  | Framed-Protocol   | =  | PPP             | 
+----+----------+-------------------+----+-----------------+
3 rows in set (0.00 sec)

>mysql> select id, UserName, Attribute, op, value FROM radcheck;
+----+----------+--------------------+----+---------+
| id | UserName | Attribute          | op | value   |
+----+----------+--------------------+----+---------+
|  1 | testsql  | Cleartext-Password | := | test123 | 
+----+----------+--------------------+----+---------+

4 - раскоментировал sql в raddb/sites-available/default в секциях authorize{}, accounting{}, session{}, post-auth{}
5 - d radius.conf раскоментировал $INCLUDE sql.conf
6 - /usr/sbin/./radiusd -X
7 - в другой консоли тестирую /usr/bin/./radtest testsql test123 localhost 1812 123

 

Вот что в дебаге пишет

Ready to process requests.
rad_recv: Access-Request packet from host 127.0.0.1 port 49296, id=220, length=59
        User-Name = "testsql"
        User-Password = "test123"
        NAS-IP-Address = 127.0.0.1
        NAS-Port = 1812
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "testsql", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns notfound
++[files] returns noop
[sql]   expand: %{User-Name} -> testsql
[sql] sql_set_user escaped user --> 'testsql'
rlm_sql (sql): Reserving sql socket id: 3
[sql]   expand: SELECT id, username, attribute, op, value           FROM radcheck           WHERE username = '%{SQL-User-Name}'           ORDER BY id -> SELECT id, username, attribute, op, value           FROM radcheck           WHERE username = 'testsql'           ORDER BY id
rlm_sql: Invalid operator "test123" for attribute Cleartext-Password
rlm_sql (sql): Error getting data from database
[sql] SQL query error; rejecting user
rlm_sql (sql): Released sql socket id: 3
++[sql] returns fail
Invalid user: [testsql/test123] (from client localhost port 1812)
Using Post-Auth-Type Reject
+- entering group REJECT {...}
[attr_filter.access_reject]     expand: %{User-Name} -> testsql
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 220 to 127.0.0.1 port 49296
Waking up in 4.9 seconds.

 

Не пойму вроде у всех получается - по тем же манам ставлю - у меня не выходит

Правда в основном все ставят freeradius 1 - там не большие отличия

 

freeradius 2 
shad  Auth-Type = Local, Cleartext-Password := "test"
   Service-Type = Framed-User,
   Framed-Protocol = PPP,
   Framed-IP-Address = 192.168.0.7,
   Framed-IP-Netmask = 255.255.255.0,

freeradius 1

shad  Auth-Type := Local, User-Password == “test”
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-IP-Address = 192.168.0.7,
Framed-IP-Netmask = 255.255.255.0

Edited by vlad_odmin

Share this post


Link to post
Share on other sites

Ошибка походу дела тут:

 

>INSERT INTO radcheck (UserName, Attribute, op, Value) VALUES ('testsql', 'Cleartext-Password', ':=', 'test123');

>INSERT INTO radreply (UserName, Attribute, op, Value) VALUES ('testsql', 'Framed-IP-Address', '=', '192.168.1.13');

>INSERT INTO radreply (UserName, Attribute, op, Value) VALUES ('testsql', 'Framed-IP-Netmask', '=', '255.255.255.255');

> INSERT INTO radreply (UserName, Attribute, op, Value) VALUES ('testsql', 'Framed-Protocol', '=', 'PPP');

Пароль - сравнивается, а не назначается, значит op должен быть ==

Flamed атрибуты назначаются, а не сравниваются, значит op должны быть :=

 

Так-же проверьте руками вывод SQL запроса:

SELECT id, username, attribute, op, value FROM radcheck WHERE username = 'testsql' ORDER BY id

 

Всё ли он верно возвращает в ващем случае.

Edited by terrible

Share this post


Link to post
Share on other sites

ошбка идентична (((

 

mysql> SELECT id, username, attribute, op, value FROM radcheck WHERE username = 'vova' ORDER BY id;
+----+----------+--------------------+----+-------+
| id | username | attribute          | op | value |
+----+----------+--------------------+----+-------+
|  4 | vova     | Cleartext-Password | == | vvv   | 
+----+----------+--------------------+----+-------+
1 row in set (0.00 sec)


Ready to process requests.
rad_recv: Access-Request packet from host 127.0.0.1 port 35617, id=69, length=56
        User-Name = "vova"
        User-Password = "vvv"
        NAS-IP-Address = 127.0.0.1
        NAS-Port = 1812
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "vova", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns notfound
++[files] returns noop
[sql]   expand: %{User-Name} -> vova
[sql] sql_set_user escaped user --> 'vova'
rlm_sql (sql): Reserving sql socket id: 2
[sql]   expand: SELECT id, username, attribute, op, value           FROM radcheck           WHERE username = '%{SQL-User-Name}'           ORDER BY id -> SELECT id, username, attribute, op, value           FROM radcheck           WHERE username = 'vova'           ORDER BY id
rlm_sql: Invalid operator "vvv" for attribute Cleartext-Password
rlm_sql (sql): Error getting data from database
[sql] SQL query error; rejecting user
rlm_sql (sql): Released sql socket id: 2
++[sql] returns fail
Invalid user: [vova/vvv] (from client localhost port 1812)
Using Post-Auth-Type Reject
+- entering group REJECT {...}
[attr_filter.access_reject]     expand: %{User-Name} -> vova
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 1 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 1
Sending Access-Reject of id 69 to 127.0.0.1 port 35617
Waking up in 4.9 seconds.
Cleaning up request 1 ID 69 with timestamp +1114
Ready to process requests.

Edited by vlad_odmin

Share this post


Link to post
Share on other sites

Странный реквест на радиус, в логах у себя не нахожу такой атрибут:

 

Wed May 12 14:32:20 2010
    Packet-Type = Access-Request
    NAS-Identifier = "mpd"
    NAS-IP-Address = 192.168.49.36
    Message-Authenticator = 0x39b678fa6d88acce1a38844bea14fd07
    Acct-Session-Id = "3660340-P-2"
    NAS-Port = 2
    NAS-Port-Type = Virtual
    Service-Type = Framed-User
    Framed-Protocol = PPP
    Calling-Station-Id = "192.168.180.152"
    mpd-link = "P-2"
    Tunnel-Type:0 = PPTP
    Tunnel-Medium-Type:0 = IPv4
    Tunnel-Server-Endpoint:0 = "192.168.49.36"
    Tunnel-Client-Endpoint:0 = "192.168.180.152"
    User-Name = "user33884772"
    MS-CHAP-Challenge = 0xbb1e68ce78a2360637af22a5823b9c22
    MS-CHAP2-Response =0x0100ec4bc05e61461cfde1d9d05bf708ea38000000000000000058b5b53bcc564382fa96068c1
96ad6b455ced808a123b13a

 

Share this post


Link to post
Share on other sites

terrible вроде аутентификация проходи т вот посмотри дебаг - но вот акцепт не выдает на экран видно затык в Post-Auth-Type Reject - скажи что это такое?

Ready to process requests.
rad_recv: Access-Request packet from host 127.0.0.1 port 50103, id=157, length=59
        User-Name = "testing"
        User-Password = "777"
        NAS-IP-Address = 127.0.0.1
        NAS-Port = 1812
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "testing", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns notfound
++[files] returns noop
[sql]   expand: %{User-Name} -> testing
[sql] sql_set_user escaped user --> 'testing'
rlm_sql (sql): Reserving sql socket id: 3
[sql]   expand: SELECT id, username, attribute, value, op           FROM radcheck           WHERE username = '%{SQL-User-Name}'           ORDER BY id -> SELECT id, username, attribute, value, op           FROM radcheck           WHERE username = 'testing'           ORDER BY id
[sql] User found in radcheck table
[sql]   expand: SELECT id, username, attribute, value, op           FROM radreply           WHERE username = '%{SQL-User-Name}'           ORDER BY id -> SELECT id, username, attribute, value, op           FROM radreply           WHERE username = 'testing'           ORDER BY id
[sql]   expand: SELECT groupname           FROM radusergroup           WHERE username = '%{SQL-User-Name}'           ORDER BY priority -> SELECT groupname           FROM radusergroup           WHERE username = 'testing'           ORDER BY priority
[sql]   expand: SELECT id, groupname, attribute,           Value, op           FROM radgroupcheck           WHERE groupname = '%{Sql-Group}'           ORDER BY id -> SELECT id, groupname, attribute,           Value, op           FROM radgroupcheck           WHERE groupname = 'static'           ORDER BY id
[sql] User found in group static
[sql]   expand: SELECT id, groupname, attribute,           value, op           FROM radgroupreply           WHERE groupname = '%{Sql-Group}'           ORDER BY id -> SELECT id, groupname, attribute,           value, op           FROM radgroupreply           WHERE groupname = 'static'           ORDER BY id
rlm_sql (sql): Released sql socket id: 3
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns updated
Found Auth-Type = PAP
+- entering group PAP {...}
[pap] login attempt with password "777"
[pap] Using clear text password "777"
[pap] User authenticated successfully
++[pap] returns ok
Login OK: [testing] (from client localhost port 1812)
+- entering group post-auth {...}
[sql]   expand: %{User-Name} -> testing
[sql] sql_set_user escaped user --> 'testing'
[sql]   expand: %{User-Password} -> 777
[sql]   expand: INSERT INTO radpostauth                           (username, pass, reply, authdate)                           VALUES (                           '%{User-Name}',                           '%{%{User-Password}:-%{Chap-Password}}',                           '%{reply:Packet-Type}', '%S') -> INSERT INTO radpostauth                           (username, pass, reply, authdate)                           VALUES (                           'testing',                           '777',                           'Access-Accept', '2010-07-08 14:50:49')
rlm_sql (sql) in sql_postauth: query is INSERT INTO radpostauth                           (username, pass, reply, authdate)                           VALUES (                           'testing',                           '777',                           'Access-Accept', '2010-07-08 14:50:49')
rlm_sql (sql): Reserving sql socket id: 2
rlm_sql_mysql: MYSQL check_error: 1054 received
rlm_sql (sql) in sql_postauth: Database query error - Unknown column 'username' in 'field list'
rlm_sql (sql): Released sql socket id: 2
++[sql] returns fail
Using Post-Auth-Type Reject
+- entering group REJECT {...}
[attr_filter.access_reject]     expand: %{User-Name} -> testing
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 157 to 127.0.0.1 port 50103
Waking up in 4.9 seconds.
Cleaning up request 0 ID 157 with timestamp +9
Ready to process requests.

 

Такое чувство что вот вот получится - кажется всего не чего - я вот еще чап и мсчап не настраивал... думаю для локальных тестов они не нужны?

Edited by vlad_odmin

Share this post


Link to post
Share on other sites

все ЗАМЕЧАТЕЛЬНО !!!!!!! все получилось!!!!!!!!!!!!! первый мой опыт локальной установки и тестирования сначла юзера с файла а затем и из базы данных увенчалась успехом..... спасибо огромное запомощь!!!!!!!!

Как я говорил заминка была в Post-Auth в /raddb/sites-enable/default закоментировал sql - раскоментировал его я по мануалу нарытому в гугле... собственно у еня заременый вариант заработал

Теперь буду пытаться прикрутить к базу NetUP UTM5.2.1-007 )))))

Share this post


Link to post
Share on other sites

Ну в логе же написано:

 

[sql]   expand: INSERT INTO radpostauth                           (username, pass, reply, authdate)                           VALUES (                           '%{User-Name}',                           '%{%{User-Password}:-%{Chap-Password}}',                           '%{reply:Packet-Type}', '%S') -> INSERT INTO radpostauth                           (username, pass, reply, authdate)                           VALUES (                           'testing',                           '777',                           'Access-Accept', '2010-07-08 14:50:49')
rlm_sql (sql) in sql_postauth: query is INSERT INTO radpostauth                           (username, pass, reply, authdate)                           VALUES (                           'testing',                           '777',                           'Access-Accept', '2010-07-08 14:50:49')
rlm_sql (sql): Reserving sql socket id: 2
rlm_sql_mysql: MYSQL check_error: 1054 received
rlm_sql (sql) in sql_postauth: Database query error - Unknown column 'username' in 'field list'
rlm_sql (sql): Released sql socket id: 2

 

У тебя таблица radpostauth кривая походу, что такой запрос не может быть выполнен. (нет поля username)

 

Ты если видишь MYSQL check_error - ковыряйся с запросами и таблицами, в радиусе всё ровно.

Share this post


Link to post
Share on other sites

А я вообще отказался от sql запросов средствами радиуса, навесил скриптов, которые всё это выполняют (запрос к базе, проверку, возврат результата), необходимость возникла в это из-за того что надо было выдавать динамические внешние ип (это можно сделать если использовать радиус от утм, но учитывая кривость самой утм, ещё брать их радиус - это просто приобретение геморроя на всё тело). Суть в том что при выдачи ип, скрипт выполняет урфа запрос к утм прописывая ип за клиентом, в общем всё работает как часы. И ещё пропатчил freeradius теперь при не правильной авторизации или иной другой ошибке (например отрицательный баланс или заблокирован администратором) выдаю любую ошибку винды а не 691.

Edited by polmax

Share this post


Link to post
Share on other sites

А я вообще отказался от sql запросов средствами радиуса, навесил скриптов, которые всё это выполняют (запрос к базе, проверку, возврат результата), необходимость возникла в это из-за того что надо было выдавать динамические внешние ип (это можно сделать если использовать радиус от утм, но учитывая кривость самой утм, ещё брать их радиус - это просто приобретение геморроя на всё тело). Суть в том что при выдачи ип, скрипт выполняет урфа запрос к утм прописывая ип за клиентом, в общем всё работает как часы. И ещё пропатчил freeradius теперь при не правильной авторизации или иной другой ошибке (например отрицательный баланс или заблокирован администратором) выдаю любую ошибку винды а не 691.

Где-то видел это решение на форуме Netup, ссылочку не подкините, может потребоваться для одного проекта.

Share this post


Link to post
Share on other sites

terrible спасибо за совет про check_error - в sql - запросах не специалист, но в личное время изучаю язык sql

http://www.netup.ru/phpbb/viewtopic.php?t=...cb7b07d850f8a31

 

вот как раз ссылка

Edited by vlad_odmin

Share this post


Link to post
Share on other sites

делаю по этой ссылке только IP смени на свои 95.215.70.0 - 255

http://www.netup.ru/phpbb/viewtopic.php?t=...ql&start=15

оставил только запросы все остальное заремил

Дебаг

rad_recv: Access-Request packet from host 172.16.2.40 port 1645, id=73, length=138 
        Framed-Protocol = PPP 
        User-Name = "vlad" 
        MS-CHAP-Challenge = 0xde36c5ef55e18022613031affca5c2c4 
        MS-CHAP2-Response = 0x01bf637bfd891c9e7eb03b9e0d8835135180b70200000029fa44b57353e8631fdd2ce3b9c0b6e4
afe2857423624b910bf951 
        NAS-Port-Type = Virtual 
        NAS-Port = 73 
        Service-Type = Framed-User 
        NAS-IP-Address = 172.16.2.40 
+- entering group authorize {...} 
++[preprocess] returns ok 
++[chap] returns noop 
[mschap] Found MS-CHAP attributes.  Setting 'Auth-Type  = mschap' 
++[mschap] returns ok 
[sql]   expand: %{User-Name} -> vlad 
[sql] sql_set_user escaped user --> 'vlad' 
rlm_sql (sql): Reserving sql socket id: 4 
[sql]   expand: SELECT id,uname,'Cleartext-Password',upass,':=' FROM ip_groups WHERE uname='%{SQL-User-Name}' AND is_deleted='0' AND mask='-1' AND upass!='' AND (4294967295 & ip)>=INET_ATON('95.215.70.0') AND (4294967295 & ip)<=INET_ATON('95.215.70.255') AND allowed_cid!='' AND ('%{Calling-Station-Id}'=allowed_cid OR '%{Calling-Station-Id} REGEXP allowed_cid) -> SELECT id,uname,'Cleartext-Password',upass,':=' FROM ip_groups WHERE uname='vlad' AND is_deleted='0' AND mask='-1' AND upass!='' AND (4294967295 & ip)>=INET_ATON('95.215.70.0') AND (4294967295 & ip)<=INET_ATON('95.215.70.255') AND allowed_cid!='' AND (''=allowed_cid OR ' REGEXP allowed_cid) 
rlm_sql_mysql: MYSQL check_error: 1064 received 
rlm_sql_getvpdata: database query error 
[sql] SQL query error; rejecting user 
rlm_sql (sql): Released sql socket id: 4 
++[sql] returns fail 
Invalid user: [vlad/<via Auth-Type = mschap>] (from client cisco3660 port 73) 
Using Post-Auth-Type Reject 
+- entering group REJECT {...} 
[attr_filter.access_reject]     expand: %{User-Name} -> vlad 
attr_filter: Matched entry DEFAULT at line 11 
++[attr_filter.access_reject] returns updated 
Delaying reject of request 0 for 1 seconds 
Going to the next request 
Waking up in 0.9 seconds. 
Sending delayed reject for request 0 
Sending Access-Reject of id 73 to 172.16.2.40 port 1645 
Waking up in 4.9 seconds. 
Cleaning up request 0 ID 73 with timestamp +8 
Ready to process requests.

Share this post


Link to post
Share on other sites

Есть ли у кого нибудь работающий вариант Freeradius + UTM5 (статические и динамические IP-адреса - pptp) , плюс ко всему чтобы динамические адреса хранились в базе данных mysql Либо в UTM5 либо в в другой и привязывался к клиенту чтоб подсчет трафика был по нетфлоу... да и адреса из одного диапазона 95.X.X.1/255,255,255,128 статика остальной блок адресов динамика

Буду признателен любой помощи

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this