[HOWTO] Ubuntu 11.04+abills0.5 для малого офиса или мелкого провайдера.

[Nesmit]

Я не прошу пару строк кинуть из евгения онегина. Мне нужно все что выдает программа во время запуска и подключения.

[deFont]

(Нажмите, чтобы показать/скрыть)

secret = "radsecret"
        shortname = "shortname"
 }
radiusd: #### Loading Realms and Home Servers ####
 proxy server {
        retry_delay = 5
        retry_count = 3
        default_fallback = no
        dead_time = 120
        wake_all_if_all_dead = no
 }
 home_server localhost {
        ipaddr = 127.0.0.1
        port = 1812
        type = "auth"
        secret = "testing123"
        response_window = 20
        max_outstanding = 65536
        zombie_period = 40
        status_check = "status-server"
        ping_check = "none"
        ping_interval = 30
        check_interval = 30
        num_answers_to_alive = 3
        num_pings_to_alive = 3
        revive_interval = 120
        status_check_timeout = 4
 }
 home_server_pool my_auth_failover {
        type = fail-over
        home_server = localhost
 }
 realm example.com {
        auth_pool = my_auth_failover
 }
 realm LOCAL {
 }
radiusd: #### Instantiating modules ####
 instantiate {
 Module: Linked to module rlm_exec
 Module: Instantiating exec
  exec {
        wait = yes
        input_pairs = "request"
        output_pairs = "reply"
        shell_escape = yes
  }
 Module: Linked to module rlm_expr
 Module: Instantiating expr
 Module: Linked to module rlm_expiration
 Module: Instantiating expiration
  expiration {
        reply-message = "Password Has Expired  "
  }
 Module: Linked to module rlm_logintime
 Module: Instantiating logintime
  logintime {
        reply-message = "You are calling outside your allowed timespan  "
        minimum-timeout = 60
  }
 }
radiusd: #### Loading Virtual Servers ####
server inner-tunnel {
 modules {
 Module: Checking authenticate {...} for more modules to load
 Module: Linked to module rlm_pap
 Module: Instantiating pap
  pap {
        encryption_scheme = "auto"
        auto_header = no
  }
 Module: Linked to module rlm_chap
 Module: Instantiating chap
 Module: Linked to module rlm_mschap
 Module: Instantiating mschap
  mschap {
        use_mppe = yes
        require_encryption = no
        require_strong = no
        with_ntdomain_hack = no
  }
 Module: Linked to module rlm_unix
 Module: Instantiating unix
  unix {
        radwtmp = "/var/log/freeradius/radwtmp"
  }
 Module: Linked to module rlm_eap
 Module: Instantiating eap
  eap {
        default_eap_type = "md5"
        timer_expire = 60
        ignore_unknown_eap_types = no
        cisco_accounting_username_bug = no
  }
 Module: Linked to sub-module rlm_eap_md5
 Module: Instantiating eap-md5
 Module: Linked to sub-module rlm_eap_leap
 Module: Instantiating eap-leap
 Module: Linked to sub-module rlm_eap_gtc
 Module: Instantiating eap-gtc
   gtc {
        challenge = "Password: "
        auth_type = "PAP"
   }
rlm_eap: Ignoring EAP-Type/tls because we do not have OpenSSL support.
rlm_eap: Ignoring EAP-Type/ttls because we do not have OpenSSL support.
rlm_eap: Ignoring EAP-Type/peap because we do not have OpenSSL support.
 Module: Linked to sub-module rlm_eap_mschapv2
 Module: Instantiating eap-mschapv2
   mschapv2 {
        with_ntdomain_hack = no
   }
 Module: Checking authorize {...} for more modules to load
 Module: Linked to module rlm_realm
 Module: Instantiating suffix
  realm suffix {
        format = "suffix"
        delimiter = "@"
        ignore_default = no
        ignore_null = no
  }
 Module: Linked to module rlm_files
 Module: Instantiating files
  files {
        usersfile = "/etc/freeradius/users"
        acctusersfile = "/etc/freeradius/acct_users"
        preproxy_usersfile = "/etc/freeradius/preproxy_users"
        compat = "no"
  }
 Module: Checking session {...} for more modules to load
 Module: Linked to module rlm_radutmp
 Module: Instantiating radutmp
  radutmp {
        filename = "/var/log/freeradius/radutmp"
        username = "%{User-Name}"
        case_sensitive = yes
        check_with_nas = yes
        perm = 384
        callerid = yes
  }
 Module: Checking post-proxy {...} for more modules to load
 Module: Checking post-auth {...} for more modules to load
 Module: Linked to module rlm_attr_filter
 Module: Instantiating attr_filter.access_reject
  attr_filter attr_filter.access_reject {
        attrsfile = "/etc/freeradius/attrs.access_reject"
        key = "%{User-Name}"
  }
 }
}
server {
 modules {
 Module: Checking authenticate {...} for more modules to load
 Module: Checking authorize {...} for more modules to load
 Module: Linked to module rlm_preprocess
 Module: Instantiating preprocess
  preprocess {
        huntgroups = "/etc/freeradius/huntgroups"
        hints = "/etc/freeradius/hints"
        with_ascend_hack = no
        ascend_channels_per_line = 23
        with_ntdomain_hack = no
        with_specialix_jetstream_hack = no
        with_cisco_vsa_hack = no
        with_alvarion_vsa_hack = no
  }
 Module: Instantiating abills_preauth
  exec abills_preauth {
        wait = yes
        program = "/usr/abills/libexec/rauth.pl pre_auth"
        input_pairs = "request"
        output_pairs = "config"
        shell_escape = yes
  }
 Module: Instantiating abills_auth
  exec abills_auth {
        wait = yes
        program = "/usr/abills/libexec/rauth.pl"
        input_pairs = "request"
        output_pairs = "reply"
        shell_escape = yes
  }
 Module: Checking preacct {...} for more modules to load
 Module: Instantiating abills_acc
  exec abills_acc {
        wait = yes
        program = "/usr/abills/libexec/racct.pl"
        input_pairs = "request"
        output_pairs = "reply"
        shell_escape = yes
  }
 Module: Checking accounting {...} for more modules to load
 Module: Linked to module rlm_detail
 Module: Instantiating detail
  detail {
        detailfile = "/var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
        header = "%t"
        detailperm = 384
        dirperm = 493
        locking = no
        log_packet_header = no
  }
 Module: Instantiating attr_filter.accounting_response
  attr_filter attr_filter.accounting_response {
        attrsfile = "/etc/freeradius/attrs.accounting_response"
        key = "%{User-Name}"
  }
 Module: Checking session {...} for more modules to load
 Module: Checking post-proxy {...} for more modules to load
 Module: Checking post-auth {...} for more modules to load
 Module: Instantiating abills_postauth
  exec abills_postauth {
        wait = yes
        program = "/usr/abills/libexec/rauth.pl post_auth"
        input_pairs = "request"
        output_pairs = "config"
        shell_escape = yes
  }
 }
}
radiusd: #### Opening IP addresses and Ports ####
listen {
        type = "auth"
        ipaddr = *
        port = 0
}
listen {
        type = "acct"
        ipaddr = *
        port = 0
}
main {
        snmp = no
        smux_password = ""
        snmp_write_access = no
}
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on proxy address * port 1814
Ready to process requests.
Ignoring request to authentication address * port 1812 from unknown client 192.168.3.2 port 52409
Ready to process requests.
Ignoring request to authentication address * port 1812 from unknown client 192.168.3.2 port 52409
Ready to process requests.
Ignoring request to authentication address * port 1812 from unknown client 192.168.3.2 port 52409
Ready to process requests.

[Nesmit]

Ignoring request to authentication address * port 1812 from unknown client 192.168.3.2 port 52409
Ready to process requests.
На какие мысли на водит? Почему фрирадиус клиент лезет с ip 192.168.3.2, когда он должен по локалхост ходить?

Еще нужно cat /etc/network/interfaces

[deFont]

Наводит на мысли, только по чему он ломинтся на 192.168.3.2.

(Нажмите, чтобы показать/скрыть)

# The loopback network interface
auto lo
iface lo inet loopback


allow-hotplug eth3
iface eth3 inet static
        address 192.168.30.87
        netmask 255.255.255.0
        network 192.168.30.0
        broadcast 192.168.30.255
        gateway 192.168.30.1



allow-hotplug eth2
iface eth2 inet static
        address 192.168.3.2
        netmask 255.255.255.0
        network 192.168.3.0
        broadcast 192.168.3.255
        gateway 192.168.3.1


allow-hotplug eth1
iface eth1 inet static
        address 192.168.4.2
        netmask 255.255.255.0
        network 192.168.4.0
        broadcast 192.168.4.255
        gateway 192.168.4.1

[Nikopol_86]

Добрый день снова всем. Есть у меня вопросец. Столкнулся с тем, что Abills не считает трафик совсем, а мне это позарез надо. Может есть у когото мысли?

[Nesmit]

Добрый день снова всем. Есть у меня вопросец. Столкнулся с тем, что Abills не считает трафик совсем, а мне это позарез надо. Может есть у когото мысли?

Машина не едет, я стою на обочине в лыжи обутый. Что делать?
Экстрасенсы в отпуске.

Ignoring request to authentication address * port 1812 from unknown client 192.168.3.2 port 52409
Ready to process requests.
На какие мысли на водит? Почему фрирадиус клиент лезет с ip 192.168.3.2, когда он должен по локалхост ходить?

Еще нужно cat /etc/network/interfaces

Придется тебе еще и radiusclient конфиги выложить. Тогда есть смысл разбираться.

[deFont]

server:/etc/radiusclient# cat /etc/radiusclient/servers
# Make sure that this file is mode 600 (readable only to owner)!
#
#Server Name or Client/Server pair      Key      
#----------------            ---------------
#portmaster.elemental.net         hardlyasecret
#portmaster2.elemental.net             donttellanyone
127.0.0.1 radsecret

(Нажмите, чтобы показать/скрыть)

server:/etc/radiusclient# cat /etc/radiusclient/radiusclient.conf
# General settings

# specify which authentication comes first respectively which
# authentication is used. possible values are: "radius" and "local".
# if you specify "radius,local" then the RADIUS server is asked
# first then the local one. if only one keyword is specified only
# this server is asked.
auth_order   radius,local

# maximum login tries a user has
login_tries   4

# timeout for all login tries
# if this time is exceeded the user is kicked out
login_timeout   60

# name of the nologin file which when it exists disables logins.
# it may be extended by the ttyname which will result in
# a terminal specific lock (e.g. /etc/nologin.ttyS2 will disable
# logins on /dev/ttyS2)
nologin /etc/nologin

# name of the issue file. it's only display when no username is passed
# on the radlogin command line
issue   /etc/radiusclient/issue

# RADIUS settings

# RADIUS server to use for authentication requests. this config
# item can appear more then one time. if multiple servers are
# defined they are tried in a round robin fashion if one
# server is not answering.
# optionally you can specify a the port number on which is remote
# RADIUS listens separated by a colon from the hostname. if
# no port is specified /etc/services is consulted of the radius
# service. if this fails also a compiled in default is used.
authserver    127.0.0.1

# RADIUS server to use for accouting requests. All that I
# said for authserver applies, too.
#
acctserver    127.0.0.1

# file holding shared secrets used for the communication
# between the RADIUS client and server
servers      /etc/radiusclient/servers

# dictionary of allowed attributes and values
# just like in the normal RADIUS distributions
dictionary    /etc/radiusclient/dictionary

# program to call for a RADIUS authenticated login
login_radius   /usr/sbin/login.radius

# file which holds sequence number for communication with the
# RADIUS server
seqfile      /var/run/radius.seq

# file which specifies mapping between ttyname and NAS-Port attribute
mapfile      /etc/radiusclient/port-id-map

# default authentication realm to append to all usernames if no
# realm was explicitly specified by the user
# the radiusd directly form Livingston doesnt use any realms, so leave
# it blank then
default_realm

# time to wait for a reply from the RADIUS server
radius_timeout   10

# resend request this many times before trying the next server
radius_retries   3

# LOCAL settings

# program to execute for local login
# it must support the -f flag for preauthenticated login
login_local   /bin/login

[Nikopol_86]

Машина не едет, я стою на обочине в лыжи обутый. Что делать?
Экстрасенсы в отпуске.

Юмор оценил, теперь давайте по сути, что Вам необходимо, какие конфиги и какие логи дабы не засорять форум ерундой и не грубить друг другу.
С уважением!

[Nesmit]

Юмор оценил, теперь давайте по сути, что Вам необходимо, какие конфиги и какие логи дабы не засорять форум ерундой и не грубить друг другу.
С уважением!

это хорошо, а теперь давай согласно этому:

выложите то что выдает freeradius -X, если он запустился успешно попробуйте соединиться клиентом.

повторите это действие и используйте сполеры

Пользователь решил продолжить мысль 23 Сентября 2010, 08:15:27:

server:/etc/radiusclient# cat /etc/radiusclient/servers
# Make sure that this file is mode 600 (readable only to owner)!
#
#Server Name or Client/Server pair      Key      
#----------------            ---------------
#portmaster.elemental.net         hardlyasecret
#portmaster2.elemental.net             donttellanyone
127.0.0.1 radsecret

(Нажмите, чтобы показать/скрыть)

server:/etc/radiusclient# cat /etc/radiusclient/radiusclient.conf
# General settings

# specify which authentication comes first respectively which
# authentication is used. possible values are: "radius" and "local".
# if you specify "radius,local" then the RADIUS server is asked
# first then the local one. if only one keyword is specified only
# this server is asked.
auth_order   radius,local

# maximum login tries a user has
login_tries   4

# timeout for all login tries
# if this time is exceeded the user is kicked out
login_timeout   60

# name of the nologin file which when it exists disables logins.
# it may be extended by the ttyname which will result in
# a terminal specific lock (e.g. /etc/nologin.ttyS2 will disable
# logins on /dev/ttyS2)
nologin /etc/nologin

# name of the issue file. it's only display when no username is passed
# on the radlogin command line
issue   /etc/radiusclient/issue

# RADIUS settings

# RADIUS server to use for authentication requests. this config
# item can appear more then one time. if multiple servers are
# defined they are tried in a round robin fashion if one
# server is not answering.
# optionally you can specify a the port number on which is remote
# RADIUS listens separated by a colon from the hostname. if
# no port is specified /etc/services is consulted of the radius
# service. if this fails also a compiled in default is used.
authserver    127.0.0.1

# RADIUS server to use for accouting requests. All that I
# said for authserver applies, too.
#
acctserver    127.0.0.1

# file holding shared secrets used for the communication
# between the RADIUS client and server
servers      /etc/radiusclient/servers

# dictionary of allowed attributes and values
# just like in the normal RADIUS distributions
dictionary    /etc/radiusclient/dictionary

# program to call for a RADIUS authenticated login
login_radius   /usr/sbin/login.radius

# file which holds sequence number for communication with the
# RADIUS server
seqfile      /var/run/radius.seq

# file which specifies mapping between ttyname and NAS-Port attribute
mapfile      /etc/radiusclient/port-id-map

# default authentication realm to append to all usernames if no
# realm was explicitly specified by the user
# the radiusd directly form Livingston doesnt use any realms, so leave
# it blank then
default_realm

# time to wait for a reply from the RADIUS server
radius_timeout   10

# resend request this many times before trying the next server
radius_retries   3

# LOCAL settings

# program to execute for local login
# it must support the -f flag for preauthenticated login
login_local   /bin/login

Далее кусок инструкции из за чего может не работать, проверьтесь сами или приведите их тут:
/etc/freeradius/clients.conf
/etc/radiusclient/servers
/etc/hosts

Редактируем /etc/freeradius/clients.conf коментируем все, в конец добавляем (клиент/сервер на локальной машине, если будут на разных кодовое слово лучше поменять)
Цитата
client localhost {
ipaddr = 127.0.0.1
secret = radsecret
shortname = shortname
}

Переходим к редактированию файла /etc/freeradius/dictionary, добавляем в конец
6. Настраиваем radiusclient.
Редактируем /etc/radiusclient/servers
127.0.0.1 radsecret

dictionary.microsoft кладем в /etc/radiusclient/ эти файлы отвечают за поддержку mschap v2 и mppe
взять фаил можно с http://cakebilling.googlecode.com/files/etc.tar.bz2 без него mschap2 и mppe работать отказывается.
в фаил dictionary добавляем строки:
INCLUDE /etc/radiusclient/dictionary.microsoft


правим фаил /etc/hosts
127.0.0.1   localhost vpn-server
127.0.1.1   localhost vpn-server

[deFont]

/etc/freeradius/clients.conf

(Нажмите, чтобы показать/скрыть)

client localhost {
ipaddr = 127.0.0.1
secret = radsecret
shortname = shortname
}

/etc/radiusclient/servers

(Нажмите, чтобы показать/скрыть)

# Make sure that this file is mode 600 (readable only to owner)!
#
#Server Name or Client/Server pair      Key      
#----------------            ---------------
#portmaster.elemental.net         hardlyasecret
#portmaster2.elemental.net             donttellanyone
127.0.0.1 radsecret

/etc/hosts

(Нажмите, чтобы показать/скрыть)

127.0.0.1       localhost
# The following lines are desirable for IPv6 capable hosts
::1     localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts
127.0.0.1 localhost vpn-server
127.0.1.1 localhost vpn-server

[Nikopol_86]

clients.conf

(Нажмите, чтобы показать/скрыть)

##
## clients.conf -- client configuration directives
##
##   $Id$

#######################################################################
#
#  Define RADIUS clients (usually a NAS, Access Point, etc.).

#
#  Defines a RADIUS client.
#
#  '127.0.0.1' is another name for 'localhost'.  It is enabled by default,
#  to allow testing of the server after an initial installation.  If you
#  are not going to be permitting RADIUS queries from localhost, we suggest
#  that you delete, or comment out, this entry.
#
#

#
#  Each client has a "short name" that is used to distinguish it from
#  other clients.
#
#  In version 1.x, the string after the word "client" was the IP
#  address of the client.  In 2.0, the IP address is configured via
#  the "ipaddr" or "ipv6addr" fields.  For compatibility, the 1.x
#  format is still accepted.
#
#client localhost {
   #  Allowed values are:
   #   dotted quad (1.2.3.4)
   #       hostname    (radius.example.com)
#   ipaddr = 127.0.0.1

   #  OR, you can use an IPv6 address, but not both
   #  at the same time.
#   ipv6addr = ::   # any.  ::1 == localhost

   #
   #  A note on DNS:  We STRONGLY recommend using IP addresses
   #  rather than host names.  Using host names means that the
   #  server will do DNS lookups when it starts, making it
   #  dependent on DNS.  i.e. If anything goes wrong with DNS,
   #  the server won't start!
   #
   #  The server also looks up the IP address from DNS once, and
   #  only once, when it starts.  If the DNS record is later
   #  updated, the server WILL NOT see that update.
   #

   #  One client definition can be applied to an entire network.
   #  e.g. 127/8 should be defined with "ipaddr = 127.0.0.0" and
   #  "netmask = 8"
   #
   #  If not specified, the default netmask is 32 (i.e. /32)
   #
   #  We do NOT recommend using anything other than 32.  There
   #  are usually other, better ways to acheive the same goal.
   #  Using netmasks of other than 32 can cause security issues.
   #
   #  You can specify overlapping networks (127/8 and 127.0/16)
   #  In that case, the smallest possible network will be used
   #  as the "best match" for the client.
   #
   #  Clients can also be defined dynamically at run time, based
   #  on any criteria.  e.g. SQL lookups, keying off of NAS-Identifier,
   #  etc.
   #  See raddb/sites-available/dynamic-clients for details.
   #

#   netmask = 32

   #
   #  The shared secret use to "encrypt" and "sign" packets between
   #  the NAS and FreeRADIUS.  You MUST change this secret from the
   #  default, otherwise it's not a secret any more!
   #
   #  The secret can be any string, up to 8k characters in length.
   #
   #  Control codes can be entered vi octal encoding,
   #   e.g. "\101\102" == "AB"
   #  Quotation marks can be entered by escaping them,
   #   e.g. "foo\"bar"
   #
   #  A note on security:  The security of the RADIUS protocol
   #  depends COMPLETELY on this secret!  We recommend using a
   #  shared secret that is composed of:
   #
   #   upper case letters
   #   lower case letters
   #   numbers
   #
   #  And is at LEAST 8 characters long, preferably 16 characters in
   #  length.  The secret MUST be random, and should not be words,
   #  phrase, or anything else that is recognizable.
   #
   #  The default secret below is only for testing, and should
   #  not be used in any real environment.
   #
#   secret      = testing123

   #
   #  Old-style clients do not send a Message-Authenticator
   #  in an Access-Request.  RFC 5080 suggests that all clients
   #  SHOULD include it in an Access-Request.  The configuration
   #  item below allows the server to require it.  If a client
   #  is required to include a Message-Authenticator and it does
   #  not, then the packet will be silently discarded.
   #
   #  allowed values: yes, no
#   require_message_authenticator = no

   #
   #  The short name is used as an alias for the fully qualified
   #  domain name, or the IP address.
   #
   #  It is accepted for compatibility with 1.x, but it is no
   #  longer necessary in 2.0
   #
#   shortname   = localhost

   #
   # the following three fields are optional, but may be used by
   # checkrad.pl for simultaneous use checks
   #

   #
   # The nastype tells 'checkrad.pl' which NAS-specific method to
   #  use to query the NAS for simultaneous use.
   #
   #  Permitted NAS types are:
   #
   #   cisco
   #   computone
   #   livingston
   #   max40xx
   #   multitech
   #   netserver
   #   pathras
   #   patton
   #   portslave
   #   tc
   #   usrhiper
   #   other      # for all other types

   #
#   nastype     = other   # localhost isn't usually a NAS...

   #
   #  The following two configurations are for future use.
   #  The 'naspasswd' file is currently used to store the NAS
   #  login name and password, which is used by checkrad.pl
   #  when querying the NAS for simultaneous use.
   #
#   login       = !root
#   password    = someadminpas

   #
   #  As of 2.0, clients can also be tied to a virtual server.
   #  This is done by setting the "virtual_server" configuration
   #  item, as in the example below.
   #
#   virtual_server = home1

   #
   #  A pointer to the "home_server_pool" OR a "home_server"
   #  section that contains the CoA configuration for this
   #  client.  For an example of a coa home server or pool,
   #  see raddb/sites-available/originate-coa
#   coa_server = coa
#}

# IPv6 Client
#client ::1 {
#   secret      = testing123
#   shortname   = localhost
#}
#
# All IPv6 Site-local clients
#client fe80::/16 {
#   secret      = testing123
#   shortname   = localhost
#}

#client some.host.org {
#   secret      = testing123
#   shortname   = localhost
#}

#
#  You can now specify one secret for a network of clients.
#  When a client request comes in, the BEST match is chosen.
#  i.e. The entry from the smallest possible network.
#
#client 192.168.0.0/24 {
#   secret      = testing123-1
#   shortname   = private-network-1
#}
#
#client 192.168.0.0/16 {
#   secret      = testing123-2
#   shortname   = private-network-2
#}


#client 10.10.10.10 {
#   # secret and password are mapped through the "secrets" file.
#   secret      = testing123
#   shortname   = liv1
#       # the following three fields are optional, but may be used by
#       # checkrad.pl for simultaneous usage checks
#   nastype     = livingston
#   login       = !root
#   password    = someadminpas
#}

#######################################################################
#
#  Per-socket client lists.  The configuration entries are exactly
#  the same as above, but they are nested inside of a section.
#
#  You can have as many per-socket client lists as you have "listen"
#  sections, or you can re-use a list among multiple "listen" sections.
#
#  Un-comment this section, and edit a "listen" section to add:
#  "clients = per_socket_clients".  That IP address/port combination
#  will then accept ONLY the clients listed in this section.
#
#clients per_socket_clients {
#   client 192.168.3.4 {
#      secret = testing123
#        }
#}


client localhost {
ipaddr = 127.0.0.1
secret = radsecret
shortname = shortname
} 

servers

(Нажмите, чтобы показать/скрыть)

# Make sure that this file is mode 600 (readable only to owner)!
#
#Server Name or Client/Server pair      Key      
#----------------            ---------------
#portmaster.elemental.net         hardlyasecret
#portmaster2.elemental.net             donttellanyone
127.0.0.1 radsecret
#localhost radsecret

hosts

(Нажмите, чтобы показать/скрыть)

127.0.0.1   localhost nas-clatp
127.0.1.1   localhost nas-clatp


# The following lines are desirable for IPv6 capable hosts
::1     localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

freeradius -X

(Нажмите, чтобы показать/скрыть)

FreeRADIUS Version 2.1.8, for host i486-pc-linux-gnu, built on Jan  5 2010 at 02:49:11
Copyright (C) 1999-2009 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License v2.
Starting - reading configuration files ...
including configuration file /etc/freeradius/radiusd.conf
including configuration file /etc/freeradius/proxy.conf
including configuration file /etc/freeradius/clients.conf
including files in directory /etc/freeradius/modules/
including configuration file /etc/freeradius/modules/mac2ip
including configuration file /etc/freeradius/modules/mschap
including configuration file /etc/freeradius/modules/otp
including configuration file /etc/freeradius/modules/exec
including configuration file /etc/freeradius/modules/radutmp
including configuration file /etc/freeradius/modules/smsotp
including configuration file /etc/freeradius/modules/acct_unique
including configuration file /etc/freeradius/modules/chap
including configuration file /etc/freeradius/modules/checkval
including configuration file /etc/freeradius/modules/sql_log
including configuration file /etc/freeradius/modules/expr
including configuration file /etc/freeradius/modules/pam
including configuration file /etc/freeradius/modules/smbpasswd
including configuration file /etc/freeradius/modules/always
including configuration file /etc/freeradius/modules/cui
including configuration file /etc/freeradius/modules/policy
including configuration file /etc/freeradius/modules/linelog
including configuration file /etc/freeradius/modules/passwd
including configuration file /etc/freeradius/modules/digest
including configuration file /etc/freeradius/modules/counter
including configuration file /etc/freeradius/modules/ntlm_auth
including configuration file /etc/freeradius/modules/detail
including configuration file /etc/freeradius/modules/krb5
including configuration file /etc/freeradius/modules/files
including configuration file /etc/freeradius/modules/inner-eap
including configuration file /etc/freeradius/modules/attr_rewrite
including configuration file /etc/freeradius/modules/realm
including configuration file /etc/freeradius/modules/expiration
including configuration file /etc/freeradius/modules/detail.example.com
including configuration file /etc/freeradius/modules/ldap
including configuration file /etc/freeradius/modules/logintime
including configuration file /etc/freeradius/modules/sradutmp
including configuration file /etc/freeradius/modules/perl
including configuration file /etc/freeradius/modules/mac2vlan
including configuration file /etc/freeradius/modules/detail.log
including configuration file /etc/freeradius/modules/attr_filter
including configuration file /etc/freeradius/modules/ippool
including configuration file /etc/freeradius/modules/etc_group
including configuration file /etc/freeradius/modules/pap
including configuration file /etc/freeradius/modules/preprocess
including configuration file /etc/freeradius/modules/unix
including configuration file /etc/freeradius/modules/wimax
including configuration file /etc/freeradius/modules/echo
including configuration file /etc/freeradius/modules/sqlcounter_expire_on_login
including configuration file /etc/freeradius/eap.conf
including configuration file /etc/freeradius/policy.conf
including files in directory /etc/freeradius/sites-enabled/
including configuration file /etc/freeradius/sites-enabled/default
including configuration file /etc/freeradius/sites-enabled/inner-tunnel
main {
   user = "freerad"
   group = "freerad"
   allow_core_dumps = no
}
including dictionary file /etc/freeradius/dictionary
main {
   prefix = "/usr"
   localstatedir = "/var"
   logdir = "/var/log/freeradius"
   libdir = "/usr/lib/freeradius"
   radacctdir = "/var/log/freeradius/radacct"
   hostname_lookups = no
   max_request_time = 30
   cleanup_delay = 5
   max_requests = 1024
   pidfile = "/var/run/freeradius/freeradius.pid"
   checkrad = "/usr/sbin/checkrad"
   debug_level = 0
   proxy_requests = yes
 log {
   stripped_names = no
   auth = no
   auth_badpass = no
   auth_goodpass = no
 }
 security {
   max_attributes = 200
   reject_delay = 1
   status_server = yes
 }
}
radiusd: #### Loading Realms and Home Servers ####
 proxy server {
   retry_delay = 5
   retry_count = 3
   default_fallback = no
   dead_time = 120
   wake_all_if_all_dead = no
 }
 home_server localhost {
   ipaddr = 127.0.0.1
   port = 1812
   type = "auth"
   secret = "testing123"
   response_window = 20
   max_outstanding = 65536
   require_message_authenticator = no
   zombie_period = 40
   status_check = "status-server"
   ping_interval = 30
   check_interval = 30
   num_answers_to_alive = 3
   num_pings_to_alive = 3
   revive_interval = 120
   status_check_timeout = 4
   irt = 2
   mrt = 16
   mrc = 5
   mrd = 30
 }
 home_server_pool my_auth_failover {
   type = fail-over
   home_server = localhost
 }
 realm example.com {
   auth_pool = my_auth_failover
 }
 realm LOCAL {
 }
radiusd: #### Loading Clients ####
 client localhost {
   ipaddr = 127.0.0.1
   require_message_authenticator = no
   secret = "radsecret"
   shortname = "shortname"
 }
radiusd: #### Instantiating modules ####
 instantiate {
 Module: Linked to module rlm_exec
 Module: Instantiating exec
  exec {
   wait = yes
   input_pairs = "request"
   output_pairs = "reply"
   shell_escape = yes
  }
 Module: Linked to module rlm_expr
 Module: Instantiating expr
 Module: Linked to module rlm_expiration
 Module: Instantiating expiration
  expiration {
   reply-message = "Password Has Expired  "
  }
 Module: Linked to module rlm_logintime
 Module: Instantiating logintime
  logintime {
   reply-message = "You are calling outside your allowed timespan  "
   minimum-timeout = 60
  }
 }
radiusd: #### Loading Virtual Servers ####
server inner-tunnel {
 modules {
 Module: Checking authenticate {...} for more modules to load
 Module: Linked to module rlm_pap
 Module: Instantiating pap
  pap {
   encryption_scheme = "auto"
   auto_header = no
  }
 Module: Linked to module rlm_chap
 Module: Instantiating chap
 Module: Linked to module rlm_mschap
 Module: Instantiating mschap
  mschap {
   use_mppe = yes
   require_encryption = no
   require_strong = no
   with_ntdomain_hack = no
  }
 Module: Linked to module rlm_unix
 Module: Instantiating unix
  unix {
   radwtmp = "/var/log/freeradius/radwtmp"
  }
 Module: Linked to module rlm_eap
 Module: Instantiating eap
  eap {
   default_eap_type = "md5"
   timer_expire = 60
   ignore_unknown_eap_types = no
   cisco_accounting_username_bug = no
   max_sessions = 4096
  }
 Module: Linked to sub-module rlm_eap_md5
 Module: Instantiating eap-md5
 Module: Linked to sub-module rlm_eap_leap
 Module: Instantiating eap-leap
 Module: Linked to sub-module rlm_eap_gtc
 Module: Instantiating eap-gtc
   gtc {
   challenge = "Password: "
   auth_type = "PAP"
   }
 Module: Linked to sub-module rlm_eap_tls
 Module: Instantiating eap-tls
   tls {
   rsa_key_exchange = no
   dh_key_exchange = yes
   rsa_key_length = 512
   dh_key_length = 512
   verify_depth = 0
   pem_file_type = yes
   private_key_file = "/etc/freeradius/certs/server.key"
   certificate_file = "/etc/freeradius/certs/server.pem"
   CA_file = "/etc/freeradius/certs/ca.pem"
   private_key_password = "whatever"
   dh_file = "/etc/freeradius/certs/dh"
   random_file = "/etc/freeradius/certs/random"
   fragment_size = 1024
   include_length = yes
   check_crl = no
   cipher_list = "DEFAULT"
   make_cert_command = "/etc/freeradius/certs/bootstrap"
    cache {
   enable = no
   lifetime = 24
   max_entries = 255
    }
   }
 Module: Linked to sub-module rlm_eap_ttls
 Module: Instantiating eap-ttls
   ttls {
   default_eap_type = "md5"
   copy_request_to_tunnel = no
   use_tunneled_reply = no
   virtual_server = "inner-tunnel"
   include_length = yes
   }
 Module: Linked to sub-module rlm_eap_peap
 Module: Instantiating eap-peap
   peap {
   default_eap_type = "mschapv2"
   copy_request_to_tunnel = no
   use_tunneled_reply = no
   proxy_tunneled_request_as_eap = yes
   virtual_server = "inner-tunnel"
   }
 Module: Linked to sub-module rlm_eap_mschapv2
 Module: Instantiating eap-mschapv2
   mschapv2 {
   with_ntdomain_hack = no
   }
 Module: Checking authorize {...} for more modules to load
 Module: Linked to module rlm_realm
 Module: Instantiating suffix
  realm suffix {
   format = "suffix"
   delimiter = "@"
   ignore_default = no
   ignore_null = no
  }
 Module: Linked to module rlm_files
 Module: Instantiating files
  files {
   usersfile = "/etc/freeradius/users"
   acctusersfile = "/etc/freeradius/acct_users"
   preproxy_usersfile = "/etc/freeradius/preproxy_users"
   compat = "no"
  }
 Module: Checking session {...} for more modules to load
 Module: Linked to module rlm_radutmp
 Module: Instantiating radutmp
  radutmp {
   filename = "/var/log/freeradius/radutmp"
   username = "%{User-Name}"
   case_sensitive = yes
   check_with_nas = yes
   perm = 384
   callerid = yes
  }
 Module: Checking post-proxy {...} for more modules to load
 Module: Checking post-auth {...} for more modules to load
 Module: Linked to module rlm_attr_filter
 Module: Instantiating attr_filter.access_reject
  attr_filter attr_filter.access_reject {
   attrsfile = "/etc/freeradius/attrs.access_reject"
   key = "%{User-Name}"
  }
 } # modules
} # server
server {
 modules {
 Module: Checking authenticate {...} for more modules to load
 Module: Checking authorize {...} for more modules to load
 Module: Linked to module rlm_preprocess
 Module: Instantiating preprocess
  preprocess {
   huntgroups = "/etc/freeradius/huntgroups"
   hints = "/etc/freeradius/hints"
   with_ascend_hack = no
   ascend_channels_per_line = 23
   with_ntdomain_hack = no
   with_specialix_jetstream_hack = no
   with_cisco_vsa_hack = no
   with_alvarion_vsa_hack = no
  }
 Module: Instantiating abills_preauth
  exec abills_preauth {
   wait = yes
   program = "/usr/abills/libexec/rauth.pl pre_auth"
   input_pairs = "request"
   output_pairs = "config"
   shell_escape = yes
  }
 Module: Instantiating abills_auth
  exec abills_auth {
   wait = yes
   program = "/usr/abills/libexec/rauth.pl"
   input_pairs = "request"
   output_pairs = "reply"
   shell_escape = yes
  }
 Module: Checking preacct {...} for more modules to load
 Module: Instantiating abills_acc
  exec abills_acc {
   wait = yes
   program = "/usr/abills/libexec/racct.pl"
   input_pairs = "request"
   output_pairs = "reply"
   shell_escape = yes
  }
 Module: Checking accounting {...} for more modules to load
 Module: Linked to module rlm_detail
 Module: Instantiating detail
  detail {
   detailfile = "/var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
   header = "%t"
   detailperm = 384
   dirperm = 493
   locking = no
   log_packet_header = no
  }
 Module: Instantiating attr_filter.accounting_response
  attr_filter attr_filter.accounting_response {
   attrsfile = "/etc/freeradius/attrs.accounting_response"
   key = "%{User-Name}"
  }
 Module: Checking session {...} for more modules to load
 Module: Checking post-proxy {...} for more modules to load
 Module: Checking post-auth {...} for more modules to load
 Module: Instantiating abills_postauth
  exec abills_postauth {
   wait = yes
   program = "/usr/abills/libexec/rauth.pl post_auth"
   input_pairs = "request"
   output_pairs = "config"
   shell_escape = yes
  }
 } # modules
} # server
radiusd: #### Opening IP addresses and Ports ####
listen {
   type = "auth"
   ipaddr = *
   port = 0
}
listen {
   type = "acct"
   ipaddr = *
   port = 0
}
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on proxy address * port 1814
Ready to process requests.

[Nesmit]

/etc/freeradius/clients.conf

(Нажмите, чтобы показать/скрыть)

client localhost {
ipaddr = 127.0.0.1
secret = radsecret
shortname = shortname
}

/etc/radiusclient/servers

(Нажмите, чтобы показать/скрыть)

# Make sure that this file is mode 600 (readable only to owner)!
#
#Server Name or Client/Server pair      Key      
#----------------            ---------------
#portmaster.elemental.net         hardlyasecret
#portmaster2.elemental.net             donttellanyone
127.0.0.1 radsecret

/etc/hosts

(Нажмите, чтобы показать/скрыть)

127.0.0.1       localhost
# The following lines are desirable for IPv6 capable hosts
::1     localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts
127.0.0.1 localhost vpn-server
127.0.1.1 localhost vpn-server

У вас имя компьютера точно vpn-server, как у меня?
$ cat /etc/hostname сделайте
Пользователь решил продолжить мысль 24 Сентября 2010, 11:11:15:

Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on proxy address * port 1814
Ready to process requests.

Проверяйте словари фрирадиуса и радиусклиента. По ним передается информация в биллинг о том сколько трафик скушал абонент.

[Nikopol_86]

Да у меня уже глаза провалились раз 15 пересмотрел, все как по мануалу, а в результате ноль. Может это проблема в версии радиуса у меня 2.1.8?

Сейчас сделал обновление до 0.52 ничего не поменялось  .
Может Вам словари выложить, вдруг Вы чего высмотрите?

freeradius dictionary

(Нажмите, чтобы показать/скрыть)

#
#   This is the master dictionary file, which references the
#   pre-defined dictionary files included with the server.
#
#   Any new/changed attributes MUST be placed in this file, as
#   the pre-defined dictionaries SHOULD NOT be edited.
#
#   $Id$
#

#
#   The filename given here should be an absolute path.
#
$INCLUDE   /usr/share/freeradius/dictionary

#
#   Place additional attributes or $INCLUDEs here.  They will
#   over-ride the definitions in the pre-defined dictionaries.
#
#   See the 'man' page for 'dictionary' for information on
#   the format of the dictionary files.

#
#   If you want to add entries to the dictionary file,
#   which are NOT going to be placed in a RADIUS packet,
#   add them here.  The numbers you pick should be between
#   3000 and 4000.
#

#ATTRIBUTE   My-Local-String      3000   string
#ATTRIBUTE   My-Local-IPAddr      3001   ipaddr
#ATTRIBUTE   My-Local-Integer   3002   integer

### Abills
###########################################################
# Limit session traffic
ATTRIBUTE       Session-Octets-Limit            227     integer
# What to assume as limit - 0 in+out, 1 in, 2 out, 3 max(in,out)
ATTRIBUTE       Octets-Direction                228     integer
# Connection Speed Limit
ATTRIBUTE       PPPD-Upstream-Speed-Limit       230     integer
ATTRIBUTE       PPPD-Downstream-Speed-Limit     231     integer
ATTRIBUTE       PPPD-Upstream-Speed-Limit-1     232     integer
ATTRIBUTE       PPPD-Downstream-Speed-Limit-1   233     integer
ATTRIBUTE       PPPD-Upstream-Speed-Limit-2     234     integer
ATTRIBUTE       PPPD-Downstream-Speed-Limit-2   235     integer
ATTRIBUTE       PPPD-Upstream-Speed-Limit-3     236     integer
ATTRIBUTE       PPPD-Downstream-Speed-Limit-3   237     integer
ATTRIBUTE    Acct-Interim-Interval       85    integer

 

freradius client

(Нажмите, чтобы показать/скрыть)

#
# Updated 97/06/13 to livingston-radius-2.01 miquels@cistron.nl
#
#   This file contains dictionary translations for parsing
#   requests and generating responses.  All transactions are
#   composed of Attribute/Value Pairs.  The value of each attribute
#   is specified as one of 4 data types.  Valid data types are:
#
#   string - 0-253 octets
#   ipaddr - 4 octets in network byte order
#   integer - 32 bit value in big endian order (high byte first)
#   date - 32 bit value in big endian order - seconds since
#               00:00:00 GMT,  Jan.  1,  1970
#
#   Enumerated values are stored in the user file with dictionary
#   VALUE translations for easy administration.
#
#   Example:
#
#   ATTRIBUTE     VALUE
#   ---------------   -----
#   Framed-Protocol = PPP
#   7      = 1   (integer encoding)
#

#
#   Following are the proper new names. Use these.
#
ATTRIBUTE   User-Name      1   string
ATTRIBUTE   Password      2   string
ATTRIBUTE   CHAP-Password      3   string
ATTRIBUTE   NAS-IP-Address      4   ipaddr
ATTRIBUTE   NAS-Port-Id      5   integer
ATTRIBUTE   Service-Type      6   integer
ATTRIBUTE   Framed-Protocol      7   integer
ATTRIBUTE   Framed-IP-Address   8   ipaddr
ATTRIBUTE   Framed-IP-Netmask   9   ipaddr
ATTRIBUTE   Framed-Routing      10   integer
ATTRIBUTE   Filter-Id      11   string
ATTRIBUTE   Framed-MTU      12   integer
ATTRIBUTE   Framed-Compression   13   integer
ATTRIBUTE   Login-IP-Host      14   ipaddr
ATTRIBUTE   Login-Service      15   integer
ATTRIBUTE   Login-TCP-Port      16   integer
ATTRIBUTE   Reply-Message      18   string
ATTRIBUTE   Callback-Number      19   string
ATTRIBUTE   Callback-Id      20   string
ATTRIBUTE   Framed-Route      22   string
ATTRIBUTE   Framed-IPX-Network   23   ipaddr
ATTRIBUTE   State         24   string
ATTRIBUTE   Session-Timeout      27   integer
ATTRIBUTE   Idle-Timeout      28   integer
ATTRIBUTE   Termination-Action   29   integer
ATTRIBUTE   Called-Station-Id   30   string
ATTRIBUTE   Calling-Station-Id   31   string
ATTRIBUTE   Acct-Status-Type   40   integer
ATTRIBUTE   Acct-Delay-Time      41   integer
ATTRIBUTE   Acct-Input-Octets   42   integer
ATTRIBUTE   Acct-Output-Octets   43   integer
ATTRIBUTE   Acct-Session-Id      44   string
ATTRIBUTE   Acct-Authentic      45   integer
ATTRIBUTE   Acct-Session-Time   46   integer
ATTRIBUTE   Acct-Input-Packets   47   integer
ATTRIBUTE   Acct-Output-Packets   48   integer
ATTRIBUTE   Acct-Terminate-Cause   49   integer
ATTRIBUTE   Chap-Challenge      60   string
ATTRIBUTE   NAS-Port-Type      61   integer
ATTRIBUTE   Port-Limit      62   integer
ATTRIBUTE   Connect-Info      77   string

#
#   Experimental Non Protocol Attributes used by Cistron-Radiusd
#
ATTRIBUTE   Huntgroup-Name      221   string
ATTRIBUTE   User-Category      1029   string
ATTRIBUTE   Group-Name      1030   string
ATTRIBUTE   Simultaneous-Use   1034   integer
ATTRIBUTE   Strip-User-Name      1035   integer
ATTRIBUTE   Fall-Through      1036   integer
ATTRIBUTE   Add-Port-To-IP-Address   1037   integer
ATTRIBUTE   Exec-Program      1038   string
ATTRIBUTE   Exec-Program-Wait   1039   string
ATTRIBUTE   Hint         1040   string


#
#   Non-Protocol Attributes
#   These attributes are used internally by the server
#
ATTRIBUTE   Expiration        21   date
ATTRIBUTE   Auth-Type      1000   integer
ATTRIBUTE   Menu         1001   string
ATTRIBUTE   Termination-Menu   1002   string
ATTRIBUTE   Prefix         1003   string
ATTRIBUTE   Suffix         1004   string
ATTRIBUTE   Group         1005   string
ATTRIBUTE   Crypt-Password      1006   string
ATTRIBUTE   Connect-Rate      1007   integer

#
#   Integer Translations
#

#   User Types

VALUE      Service-Type      Login-User      1
VALUE      Service-Type      Framed-User      2
VALUE      Service-Type      Callback-Login-User   3
VALUE      Service-Type      Callback-Framed-User   4
VALUE      Service-Type      Outbound-User      5
VALUE      Service-Type      Administrative-User   6
VALUE      Service-Type      NAS-Prompt-User      7

#   Framed Protocols

VALUE      Framed-Protocol      PPP         1
VALUE      Framed-Protocol      SLIP         2

#   Framed Routing Values

VALUE      Framed-Routing      None         0
VALUE      Framed-Routing      Broadcast      1
VALUE      Framed-Routing      Listen         2
VALUE      Framed-Routing      Broadcast-Listen   3

#   Framed Compression Types

VALUE      Framed-Compression   None         0
VALUE      Framed-Compression   Van-Jacobson-TCP-IP   1

#   Login Services

VALUE      Login-Service      Telnet         0
VALUE      Login-Service      Rlogin         1
VALUE      Login-Service      TCP-Clear      2
VALUE      Login-Service      PortMaster      3

#   Status Types

VALUE      Acct-Status-Type   Start         1
VALUE      Acct-Status-Type   Stop         2
VALUE      Acct-Status-Type   Accounting-On      7
VALUE      Acct-Status-Type   Accounting-Off      8

#   Authentication Types

VALUE      Acct-Authentic      RADIUS         1
VALUE      Acct-Authentic      Local         2
VALUE      Acct-Authentic      PowerLink128      100

#   Termination Options

VALUE      Termination-Action   Default         0
VALUE      Termination-Action   RADIUS-Request      1

#   NAS Port Types, available in 3.3.1 and later

VALUE      NAS-Port-Type      Async         0
VALUE      NAS-Port-Type      Sync         1
VALUE      NAS-Port-Type      ISDN         2
VALUE      NAS-Port-Type      ISDN-V120      3
VALUE      NAS-Port-Type      ISDN-V110      4

#   Acct Terminate Causes, available in 3.3.2 and later

VALUE           Acct-Terminate-Cause    User-Request            1
VALUE           Acct-Terminate-Cause    Lost-Carrier            2
VALUE           Acct-Terminate-Cause    Lost-Service            3
VALUE           Acct-Terminate-Cause    Idle-Timeout            4
VALUE           Acct-Terminate-Cause    Session-Timeout         5
VALUE           Acct-Terminate-Cause    Admin-Reset             6
VALUE           Acct-Terminate-Cause    Admin-Reboot            7
VALUE           Acct-Terminate-Cause    Port-Error              8
VALUE           Acct-Terminate-Cause    NAS-Error               9
VALUE           Acct-Terminate-Cause    NAS-Request             10
VALUE           Acct-Terminate-Cause    NAS-Reboot              11
VALUE           Acct-Terminate-Cause    Port-Unneeded           12
VALUE           Acct-Terminate-Cause    Port-Preempted          13
VALUE           Acct-Terminate-Cause    Port-Suspended          14
VALUE           Acct-Terminate-Cause    Service-Unavailable     15
VALUE           Acct-Terminate-Cause    Callback                16
VALUE           Acct-Terminate-Cause    User-Error              17
VALUE           Acct-Terminate-Cause    Host-Request            18

#
#   Non-Protocol Integer Translations
#

VALUE      Auth-Type      Local         0
VALUE      Auth-Type      System         1
VALUE      Auth-Type      SecurID         2
VALUE      Auth-Type      Crypt-Local      3
VALUE      Auth-Type      Reject         4

#
#   Cistron extensions
#
VALUE      Auth-Type      Pam         253
VALUE      Auth-Type      None         254

#
#   Experimental Non-Protocol Integer Translations for Cistron-Radiusd
#
VALUE      Fall-Through      No         0
VALUE      Fall-Through      Yes         1
VALUE      Add-Port-To-IP-Address   No         0
VALUE      Add-Port-To-IP-Address   Yes         1

#
#   Configuration Values
#   uncomment these two lines to turn account expiration on
#

#VALUE      Server-Config      Password-Expiration   30
#VALUE      Server-Config      Password-Warning   5

###############################################################
# Abills

INCLUDE /etc/radiusclient/dictionary.microsoft

# Limit session traffic
ATTRIBUTE       Session-Octets-Limit            227     integer
# What to assume as limit - 0 in+out, 1 in, 2 out, 3 max(in,out)
ATTRIBUTE       Octets-Direction                228     integer
# Connection Speed Limit
ATTRIBUTE       PPPD-Upstream-Speed-Limit       230     integer
ATTRIBUTE       PPPD-Downstream-Speed-Limit     231     integer
ATTRIBUTE       PPPD-Upstream-Speed-Limit-1     232     integer
ATTRIBUTE       PPPD-Downstream-Speed-Limit-1   233     integer
ATTRIBUTE       PPPD-Upstream-Speed-Limit-2     234     integer
ATTRIBUTE       PPPD-Downstream-Speed-Limit-2   235     integer
ATTRIBUTE       PPPD-Upstream-Speed-Limit-3     236     integer
ATTRIBUTE       PPPD-Downstream-Speed-Limit-3   237     integer
ATTRIBUTE       Acct-Interim-Interval            85     integer

##################################################################

microsoft словать тоже есть, без него не конектица вообще, собстаенно как Вы и писали.
Где еще можно глянуть? И можно ли где то посмотреть логи клиента, если они есть, а то я как то их не нашел.
Пользователь решил продолжить мысль 24 Сентября 2010, 15:29:56:Сейчас начал анализировать ситуацию и выяснилось, что у меня биллинг не отображает и текущие сесии, кроме отображение об ошибках никакой статистики нет!

[Nesmit]

На первый взгляд ничего криминального не вижу, но у меня такое было с версией 0.42. Пришлось откат делать на 0.41, так и сижу до сих пор.
Пользователь решил продолжить мысль 24 Сентября 2010, 15:51:43:фрирадиус тут не причем.
глянте содержимое файлов
/var/run/radattr.ppp*
там что нить есть?

[deFont]

 cat /etc/hostname
vpn-server
cat /etc/freeradius/dictionary

(Нажмите, чтобы показать/скрыть)

#
#   This is the master dictionary file, which references the
#   pre-defined dictionary files included with the server.
#
#   Any new/changed attributes MUST be placed in this file, as
#   the pre-defined dictionaries SHOULD NOT be edited.
#
#   $Id: dictionary.in,v 1.4 2004/04/14 15:26:20 aland Exp $
#

#
#   The filename given here should be an absolute path.
#
$INCLUDE   /usr/share/freeradius/dictionary

#
#   Place additional attributes or $INCLUDEs here.  They will
#   over-ride the definitions in the pre-defined dictionaries.
#
#   See the 'man' page for 'dictionary' for information on
#   the format of the dictionary files.

#
#   If you want to add entries to the dictionary file,
#   which are NOT going to be placed in a RADIUS packet,
#   add them here.  The numbers you pick should be between
#   3000 and 4000.
#

#ATTRIBUTE   My-Local-String      3000   string
#ATTRIBUTE   My-Local-IPAddr      3001   ipaddr
#ATTRIBUTE   My-Local-Integer   3002   integer
# Limit session traffic
ATTRIBUTE Session-Octets-Limit 227 integer
# What to assume as limit - 0 in+out, 1 in, 2 out, 3 max(in,out)
ATTRIBUTE Octets-Direction 228 integer
# Connection Speed Limit
ATTRIBUTE PPPD-Upstream-Speed-Limit 230 integer
ATTRIBUTE PPPD-Downstream-Speed-Limit 231 integer
ATTRIBUTE PPPD-Upstream-Speed-Limit-1 232 integer
ATTRIBUTE PPPD-Downstream-Speed-Limit-1 233 integer
ATTRIBUTE PPPD-Upstream-Speed-Limit-2 234 integer
ATTRIBUTE PPPD-Downstream-Speed-Limit-2 235 integer
ATTRIBUTE PPPD-Upstream-Speed-Limit-3 236 integer
ATTRIBUTE PPPD-Downstream-Speed-Limit-3 237 integer
ATTRIBUTE Acct-Interim-Interval 85 integer

cat /etc/radiusclient/dictionary

(Нажмите, чтобы показать/скрыть)

#
# Updated 97/06/13 to livingston-radius-2.01 miquels@cistron.nl
#
#   This file contains dictionary translations for parsing
#   requests and generating responses.  All transactions are
#   composed of Attribute/Value Pairs.  The value of each attribute
#   is specified as one of 4 data types.  Valid data types are:
#
#   string - 0-253 octets
#   ipaddr - 4 octets in network byte order
#   integer - 32 bit value in big endian order (high byte first)
#   date - 32 bit value in big endian order - seconds since
#               00:00:00 GMT,  Jan.  1,  1970
#
#   Enumerated values are stored in the user file with dictionary
#   VALUE translations for easy administration.
#
#   Example:
#
#   ATTRIBUTE     VALUE
#   ---------------   -----
#   Framed-Protocol = PPP
#   7      = 1   (integer encoding)
#

#
#   Following are the proper new names. Use these.
#
ATTRIBUTE   User-Name      1   string
ATTRIBUTE   Password      2   string
ATTRIBUTE   CHAP-Password      3   string
ATTRIBUTE   NAS-IP-Address      4   ipaddr
ATTRIBUTE   NAS-Port-Id      5   integer
ATTRIBUTE   Service-Type      6   integer
ATTRIBUTE   Framed-Protocol      7   integer
ATTRIBUTE   Framed-IP-Address   8   ipaddr
ATTRIBUTE   Framed-IP-Netmask   9   ipaddr
ATTRIBUTE   Framed-Routing      10   integer
ATTRIBUTE   Filter-Id      11   string
ATTRIBUTE   Framed-MTU      12   integer
ATTRIBUTE   Framed-Compression   13   integer
ATTRIBUTE   Login-IP-Host      14   ipaddr
ATTRIBUTE   Login-Service      15   integer
ATTRIBUTE   Login-TCP-Port      16   integer
ATTRIBUTE   Reply-Message      18   string
ATTRIBUTE   Callback-Number      19   string
ATTRIBUTE   Callback-Id      20   string
ATTRIBUTE   Framed-Route      22   string
ATTRIBUTE   Framed-IPX-Network   23   ipaddr
ATTRIBUTE   State         24   string
ATTRIBUTE   Session-Timeout      27   integer
ATTRIBUTE   Idle-Timeout      28   integer
ATTRIBUTE   Termination-Action   29   integer
ATTRIBUTE   Called-Station-Id   30   string
ATTRIBUTE   Calling-Station-Id   31   string
ATTRIBUTE   Acct-Status-Type   40   integer
ATTRIBUTE   Acct-Delay-Time      41   integer
ATTRIBUTE   Acct-Input-Octets   42   integer
ATTRIBUTE   Acct-Output-Octets   43   integer
ATTRIBUTE   Acct-Session-Id      44   string
ATTRIBUTE   Acct-Authentic      45   integer
ATTRIBUTE   Acct-Session-Time   46   integer
ATTRIBUTE   Acct-Input-Packets   47   integer
ATTRIBUTE   Acct-Output-Packets   48   integer
ATTRIBUTE   Acct-Terminate-Cause   49   integer
ATTRIBUTE   Chap-Challenge      60   string
ATTRIBUTE   NAS-Port-Type      61   integer
ATTRIBUTE   Port-Limit      62   integer
ATTRIBUTE   Connect-Info      77   string

#
#   Experimental Non Protocol Attributes used by Cistron-Radiusd
#
ATTRIBUTE   Huntgroup-Name      221   string
ATTRIBUTE   User-Category      1029   string
ATTRIBUTE   Group-Name      1030   string
ATTRIBUTE   Simultaneous-Use   1034   integer
ATTRIBUTE   Strip-User-Name      1035   integer
ATTRIBUTE   Fall-Through      1036   integer
ATTRIBUTE   Add-Port-To-IP-Address   1037   integer
ATTRIBUTE   Exec-Program      1038   string
ATTRIBUTE   Exec-Program-Wait   1039   string
ATTRIBUTE   Hint         1040   string

#
#   Non-Protocol Attributes
#   These attributes are used internally by the server
#
ATTRIBUTE   Expiration        21   date
ATTRIBUTE   Auth-Type      1000   integer
ATTRIBUTE   Menu         1001   string
ATTRIBUTE   Termination-Menu   1002   string
ATTRIBUTE   Prefix         1003   string
ATTRIBUTE   Suffix         1004   string
ATTRIBUTE   Group         1005   string
ATTRIBUTE   Crypt-Password      1006   string
ATTRIBUTE   Connect-Rate      1007   integer

#
#   Integer Translations
#

#   User Types

VALUE      Service-Type      Login-User      1
VALUE      Service-Type      Framed-User      2
VALUE      Service-Type      Callback-Login-User   3
VALUE      Service-Type      Callback-Framed-User   4
VALUE      Service-Type      Outbound-User      5
VALUE      Service-Type      Administrative-User   6
VALUE      Service-Type      NAS-Prompt-User      7

#   Framed Protocols

VALUE      Framed-Protocol      PPP         1
VALUE      Framed-Protocol      SLIP         2

#   Framed Routing Values

VALUE      Framed-Routing      None         0
VALUE      Framed-Routing      Broadcast      1
VALUE      Framed-Routing      Listen         2
VALUE      Framed-Routing      Broadcast-Listen   3

#   Framed Compression Types

VALUE      Framed-Compression   None         0
VALUE      Framed-Compression   Van-Jacobson-TCP-IP   1

#   Login Services

VALUE      Login-Service      Telnet         0
VALUE      Login-Service      Rlogin         1
VALUE      Login-Service      TCP-Clear      2
VALUE      Login-Service      PortMaster      3

#   Status Types

VALUE      Acct-Status-Type   Start         1
VALUE      Acct-Status-Type   Stop         2
VALUE      Acct-Status-Type   Accounting-On      7
VALUE      Acct-Status-Type   Accounting-Off      8

#   Authentication Types

VALUE      Acct-Authentic      RADIUS         1
VALUE      Acct-Authentic      Local         2
VALUE      Acct-Authentic      PowerLink128      100

#   Termination Options

VALUE      Termination-Action   Default         0
VALUE      Termination-Action   RADIUS-Request      1

#   NAS Port Types, available in 3.3.1 and later

VALUE      NAS-Port-Type      Async         0
VALUE      NAS-Port-Type      Sync         1
VALUE      NAS-Port-Type      ISDN         2
VALUE      NAS-Port-Type      ISDN-V120      3
VALUE      NAS-Port-Type      ISDN-V110      4

#   Acct Terminate Causes, available in 3.3.2 and later

VALUE           Acct-Terminate-Cause    User-Request            1
VALUE           Acct-Terminate-Cause    Lost-Carrier            2
VALUE           Acct-Terminate-Cause    Lost-Service            3
VALUE           Acct-Terminate-Cause    Idle-Timeout            4
VALUE           Acct-Terminate-Cause    Session-Timeout         5
VALUE           Acct-Terminate-Cause    Admin-Reset             6
VALUE           Acct-Terminate-Cause    Admin-Reboot            7
VALUE           Acct-Terminate-Cause    Port-Error              8
VALUE           Acct-Terminate-Cause    NAS-Error               9
VALUE           Acct-Terminate-Cause    NAS-Request             10
VALUE           Acct-Terminate-Cause    NAS-Reboot              11
VALUE           Acct-Terminate-Cause    Port-Unneeded           12
VALUE           Acct-Terminate-Cause    Port-Preempted          13
VALUE           Acct-Terminate-Cause    Port-Suspended          14
VALUE           Acct-Terminate-Cause    Service-Unavailable     15
VALUE           Acct-Terminate-Cause    Callback                16
VALUE           Acct-Terminate-Cause    User-Error              17
VALUE           Acct-Terminate-Cause    Host-Request            18

#
#   Non-Protocol Integer Translations
#

VALUE      Auth-Type      Local         0
VALUE      Auth-Type      System         1
VALUE      Auth-Type      SecurID         2
VALUE      Auth-Type      Crypt-Local      3
VALUE      Auth-Type      Reject         4

#
#   Cistron extensions
#
VALUE      Auth-Type      Pam         253
VALUE      Auth-Type      None         254

#
#   Experimental Non-Protocol Integer Translations for Cistron-Radiusd
#
VALUE      Fall-Through      No         0
VALUE      Fall-Through      Yes         1
VALUE      Add-Port-To-IP-Address   No         0
VALUE      Add-Port-To-IP-Address   Yes         1

#
#   Configuration Values
#   uncomment these two lines to turn account expiration on
#

#VALUE      Server-Config      Password-Expiration   30
#VALUE      Server-Config      Password-Warning   5
INCLUDE /etc/radiusclient/dictionary.microsoft
# Limit session traffic
ATTRIBUTE Session-Octets-Limit 227 integer
# What to assume as limit - 0 in+out, 1 in, 2 out, 3 max(in,out)
ATTRIBUTE Octets-Direction 228 integer
# Connection Speed Limit
ATTRIBUTE PPPD-Upstream-Speed-Limit 230 integer
ATTRIBUTE PPPD-Downstream-Speed-Limit 231 integer
ATTRIBUTE PPPD-Upstream-Speed-Limit-1 232 integer
ATTRIBUTE PPPD-Downstream-Speed-Limit-1 233 integer
ATTRIBUTE PPPD-Upstream-Speed-Limit-2 234 integer
ATTRIBUTE PPPD-Downstream-Speed-Limit-2 235 integer
ATTRIBUTE PPPD-Upstream-Speed-Limit-3 236 integer
ATTRIBUTE PPPD-Downstream-Speed-Limit-3 237 integer
ATTRIBUTE Acct-Interim-Interval 85 integer
INCLUDE /etc/radiusclient/dictionary.microsoft