pptp + perl + freeradius???

Oguzhan Kayhan oguzhank at bilkent.edu.tr
Wed Nov 18 15:05:32 CET 2009


Ok, I am updating my question.
I tried to make vpn work with inner-tunnel and it works via mysql without
any problems.
As i understand  ms-chap asks the username to mysql.

So, how can i use perl script instead of using mysql to authenticate???


> Hello, I am using a perl script to authenticate my users for hotspots with
> freeradius.
> I got no problem regarding to it.
> Now i planned to move my existing vpn server to freeradius also..
> Read some howtos about it (with poptop mostly)
> Here is how my perl script works.. When it gets a username/pass it checks
> it via an xml page and if it is correct it adds the username to mysql
> table with auth-type == local parameter. When second time this user tries
> to login it just checks the password.. So I got Auth-Type parameter for
> users in mysql.
>
> And.. here is debug of my freeradius, pptp daemon,mysql query.. and my
> site config on freeradius
>
>
> freeradius:
> rad_recv: Access-Request packet from host 127.0.0.1 port 33646, id=29,
> length=138
>         Service-Type = Framed-User
>         Framed-Protocol = PPP
>         User-Name = "7798"
>         MS-CHAP-Challenge = 0xf42766132ee2e3d828c770c460e8588e
>         MS-CHAP2-Response =
> 0x44006948a59f2dbc8c838083bdea3e846fc300000000000000003f4aeadca9c80f730fd668686d8eac96570d941da2b4c2fd
>         Calling-Station-Id = ".931"
>         NAS-IP-Address = 192.168.10.213
>         NAS-Port = 0
> auth: No authenticate method (Auth-Type) configuration found for the
> request: Rejecting the user
> auth: Failed to validate the user.
> Login incorrect: [7798/<no User-Password attribute>] (from client
> localhost port 0 cli .931)
>   Found Post-Auth-Type Reject
>   WARNING: Unknown value specified for Post-Auth-Type.  Cannot perform
> requested action.
>
>
>
>
> pptp:
>
> Client 192.168.16.243 control connection started
> Nov 18 12:49:30 pptp pptpd[4898]: CTRL: Starting call (launching pppd,
> opening GRE)
> Nov 18 12:49:30 pptp pppd[4900]: Plugin radius.so loaded.
> Nov 18 12:49:30 pptp pppd[4900]: RADIUS plugin initialized.
> Nov 18 12:49:30 pptp pppd[4900]: Plugin radattr.so loaded.
> Nov 18 12:49:30 pptp pppd[4900]: RADATTR plugin initialized.
> Nov 18 12:49:30 pptp pppd[4900]: Plugin /usr/lib/pptpd/pptpd-logwtmp.so
> loaded.
> Nov 18 12:49:30 pptp pppd[4900]: pppd 2.4.4 started by root, uid 0
> Nov 18 12:49:30 pptp pppd[4900]: Using interface ppp0
> Nov 18 12:49:30 pptp pppd[4900]: Connect: ppp0 <--> /dev/pts/1
> Nov 18 12:49:30 pptp pptpd[4898]: GRE: Bad checksum from pppd.
> Nov 18 12:49:33 pptp pptpd[4898]: CTRL: Ignored a SET LINK INFO packet
> with real ACCMs!
> Nov 18 12:49:34 pptp pppd[4900]: Peer 7798 failed CHAP authentication
> Nov 18 12:49:34 pptp pppd[4900]: Connection terminated.
> Nov 18 12:49:34 pptp pppd[4900]: Exit.
>
>
> Mysql Query
> mysql> select * from radcheck where Username = '7798';
> +-------+----------+------------------+----+-------------------------+
> | id    | UserName | Attribute        | op | Value                   |
> +-------+----------+------------------+----+-------------------------+
> | 48225 | 7798     | UserType         | := | B                       |
> | 48224 | 7798     | email            | := | a at b.com                 |
> | 48223 | 7798     | NameSurname      | := | Test                    |
> | 49754 | 7798     | Auth-Type        | == | Local                   |
> | 76810 | 7798     | Simultaneous-Use | := | 4                       |
> +-------+----------+------------------+----+-------------------------+
> 5 rows in set (0.00 sec)
>
>
> freeradius config
> server vpn {
>                  authorize {
>                                 preprocess
>                                 files
>                                 mschap
>                                      update control {
>                                      Auth-Type := perl
>                                                      }
>                                       perl
>                             }
>
>                 authenticate {
>
>
>                         Auth-Type MS-CHAP  {
>                                     mschap
>                                            }
>                         Auth-Type Perl   {
>                                          perl
>                                          }
>                                }
>                         ................
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>





More information about the Freeradius-Users mailing list