Назад | Перейти на главную страницу

Проблема аутентификации FreeRadius

Возникла странная проблема с pptp и freeradiuss на VPS CentOS 6.4. У меня 1 VPS в качестве основного сервера freeradius. 2 других VPS используются для подключения через pptp с использованием удаленного свободного радиуса для аутентификации. 1 VPS работает нормально, но другой при попытке подключения дает следующее:

rad_recv: Access-Request packet from host xxxxx port 49241, id=223, length=76
    Service-Type = Framed-User
    Framed-Protocol = PPP
    User-Name = "xxxxx"
    Calling-Station-Id = "xxxxx"
    NAS-IP-Address = xxxxx
    NAS-Port = 0
# Executing section authorize from file /etc/raddb/sites-enabled/default
+group authorize {
++[preprocess] = ok
++[chap] = noop
++[mschap] = noop
++[digest] = noop
[suffix] Looking up realm "xxxxx" for User-Name = "xxxxx"
[suffix] No such realm "xxxxx"
++[suffix] = noop
[eap] No EAP-Message, not doing EAP
++[eap] = noop
[files] users: Matched entry DEFAULT at line 172
++[files] = ok
[sql]   expand: %{User-Name} -> xxxxx
[sql] sql_set_user escaped user --> 'xxxxx'
rlm_sql (sql): Reserving sql socket id: 24
[sql]   expand: SELECT id, username, attribute, value, op           FROM radcheck           WHERE username = '%{SQL-User-Name}'           ORDER BY id -> SELECT id, username, attribute, value, op           FROM radcheck           WHERE username = 'xxxxx'           ORDER BY id
[sql] User found in radcheck table
[sql]   expand: SELECT id, username, attribute, value, op           FROM radreply           WHERE username = '%{SQL-User-Name}'           ORDER BY id -> SELECT id, username, attribute, value, op           FROM radreply           WHERE username = 'xxxxx'           ORDER BY id
[sql]   expand: SELECT groupname           FROM radusergroup           WHERE username = '%{SQL-User-Name}'           ORDER BY priority -> SELECT groupname           FROM radusergroup           WHERE username = 'xxxxx'           ORDER BY priority
[sql]   expand: SELECT id, groupname, attribute,           Value, op           FROM radgroupcheck           WHERE groupname = '%{Sql-Group}'           ORDER BY id -> SELECT id, groupname, attribute,           Value, op           FROM radgroupcheck           WHERE groupname = 'basic'           ORDER BY id
[sql] User found in group basic
[sql]   expand: SELECT id, groupname, attribute,           value, op           FROM radgroupreply           WHERE groupname = '%{Sql-Group}'           ORDER BY id -> SELECT id, groupname, attribute,           value, op           FROM radgroupreply           WHERE groupname = 'basic'           ORDER BY id
rlm_sql (sql): Released sql socket id: 24
++[sql] = ok
++[expiration] = noop
++[logintime] = noop
[pap] No clear-text password in the request.  Not performing PAP.
++[pap] = noop
+} # group authorize = ok
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!    Replacing User-Password in config items with Cleartext-Password.     !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Please update your configuration so that the "known good"               !!!
!!! clear text password is in Cleartext-Password, and not in User-Password. !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
WARNING: Please update your configuration, and remove 'Auth-Type = Local'
WARNING: Use the PAP or CHAP modules instead.
No User-Password or CHAP-Password attribute in the request.
Cannot perform authentication.
Failed to authenticate the user.
Using Post-Auth-Type REJECT
# Executing group from file /etc/raddb/sites-enabled/default
+group REJECT {
[attr_filter.access_reject]     expand: %{User-Name} -> xxxxx
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] = updated
+} # group REJECT = updated
Delaying reject of request 7 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 7
Sending Access-Reject of id 223 to xxxxx port 49241
Waking up in 4.9 seconds.
Cleaning up request 7 ID 223 with timestamp +570
Ready to process requests.

Может ли кто-нибудь указать мне правильное направление, чтобы исправить это, пожалуйста?

Файл пользователя:

#
# Default for PPP: dynamic IP address, PPP mode, VJ-compression.
# NOTE: we do not use Hint = "PPP", since PPP might also be auto-detected
#       by the terminal server in which case there may not be a "P" suffix.
#       The terminal server sends "Framed-Protocol = PPP" for auto PPP.
DEFAULT Framed-Protocol == PPP
        Framed-Protocol = PPP,
        Framed-Compression = Van-Jacobson-TCP-IP

#
# Default for CSLIP: dynamic IP address, SLIP mode, VJ-compression.
DEFAULT Hint == "CSLIP"
        Framed-Protocol = SLIP,
        Framed-Compression = Van-Jacobson-TCP-IP

#
# Default for SLIP: dynamic IP address, SLIP mode.
DEFAULT Hint == "SLIP"
        Framed-Protocol = SLIP

В запросе нет атрибута User-Password или CHAP-Password.

Вот почему запрос не работает. Запрос не предоставляет никакого пароля!