Inet-Admins mailing list archive (inet-admins@info.east.ru)
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[inet-admins] Re: AAA & RADIUS
>> Чего-то я в собственных штанах запутался, похоже.... Ж;-))
>> Кто-ть обьяснит как должен выглядеть конфиг ААА на кошке,
>> что-бы она юзеру проставляла атрибуты выданные РАДИУСом?
>> (ну например Framed-IP-Addr)
>> Асинк может при этом в дедикатеде стоять?
>> ААА авторизация нужна?
>
>Да как и с tac+. Значимая часть (для тебя, чтобы ip addr etc брался) - авторизация.
>
>aaa new-model
>!
>aaa authentication login default radius enable
>aaa authentication ppp default if-needed radius
>aaa authentication username-prompt "login: "
>!
>aaa authorization exec radius if-authenticated
>aaa authorization network radius if-authenticated
>!
Да хрена, если я выставляю авторизацию юзер вообще не ходит -
насколько я понял нужно в радиусе хренову тучу сервисов под юзера прописывать, неприятно это....
Посмотрите аттачмент
по логам видно, что радиус передает в атрибуте 8 6 адрес для юзера всегда, независимо от того стоит авторизация или
нет.
сначала авторизацию не включаем - хрена (спасибо хоть пустили)
включаем через радиус - шишь нам, а не ППП!
включаем, но авторизуем всегда (aaa authorization if_authetifeced) - пускают, но адрес берут опять из пула!
Едрена вошь!!!!
Так, есть еще в доках:
------------
You typically have three methods for configuring default authorization on the security server. The following three sample
configurations are entries that could exist in a security server's configuration file:
To override the default denial or authorization from a non-existent user, specify authorization at the top level of the
configuration file:
default authorization = permit
At the user level, inside the braces of the user declaration, the default for a user who does not have a service or command
explicitly authorized is to deny that service or command. To permit it:
default service = permit
-----------
Нифига непонятно, где? На кошке - шишь, нет такого слова...
На радиусе? - где ставить, да и не обращается кошатина к радиусу-то....
Мммдааа.....
Так вот, собственно еще раз вопросы:
Необходимо-ли включать авторизацию? (насколько я понимаю это вещь не для передачи атрибутов придуманна, а
для разделения сервисов по юзерам....) Если да, то какие атрибуты придется записать на стандартного юзера,
приходящего только за ППП(ну с IP поверх - понятно...) LCP? что еще там.... Ж;-))
Может-ли быть юзеровский асинк в дедикатеде, или все-таки нужен интерактив (может здесь собака порылась? -
счаз попробую)
Может это баг конкретного ИОСА? Хотя в тулките не значится.... 11.3.2 IP+
С уважением,
Андрей Зимин
horgi@cnt.ru
### radius user config
tst1 Encrypted-Password = "6.KKp6J/p/wB."
Service-Type = Framed,
Framed-Protocol = PPP,
Framed-IP-Address = 194.84.246.254,
### cisco config
!
interface Group-Async1
ip unnumbered Loopback1
encapsulation ppp
async mode dedicated
peer default ip address pool as53-2_pool
no fair-queue
no cdp enable
ppp authentication pap
group-range 1 120
hold-queue 64 out
!
ip local pool as53-2_pool 194.84.246.130 194.84.246.249
!
line 1 120
exec-timeout 0 0
no activation-character
modem InOut
modem autoconfigure type mica-K56Flex
transport input telnet
### radius debug
radrecv: 1 len:83 as53-2.cnt.ru port:1645 id:66
NAS-IP-Address = "194.84.17.132"
NAS-Port = 102
NAS-Port-Type = Async
User-Name = "tst1"
Called-Station-Id = "9951015"
User-Password = "b...../X..d....."
Password:ww
Service-Type = Framed
Framed-Protocol = PPP
Framed-Protocol = PPP
Framed-IP-Address = "194.84.246.254"
Vendor = 4
#### cisco debug many things.....
################ authe only
Jul 15 01:56:44 as53-2.cnt.ru 69968: %LINK-3-UPDOWN: Interface Async102, changed state to up
Jul 15 01:56:45 as53-2.cnt.ru 69969: As102 PPP: Treating connection as a dedicated line
Jul 15 01:56:45 as53-2.cnt.ru 69970: As102 PPP: Phase is ESTABLISHING, Active Open
Jul 15 01:56:45 as53-2.cnt.ru 69971: As102 LCP: O CONFREQ [Closed] id 63 len 24
Jul 15 01:56:45 as53-2.cnt.ru 69972: As102 LCP: ACCM 0x000A0000 (0x0206000A0000)
Jul 15 01:56:45 as53-2.cnt.ru 69973: As102 LCP: AuthProto PAP (0x0304C023)
Jul 15 01:56:45 as53-2.cnt.ru 69974: As102 LCP: MagicNumber 0x68172D39 (0x050668172D39)
Jul 15 01:56:45 as53-2.cnt.ru 69975: As102 LCP: PFC (0x0702)
Jul 15 01:56:45 as53-2.cnt.ru 69976: As102 LCP: ACFC (0x0802)
Jul 15 01:56:45 as53-2.cnt.ru 69977: As102 LCP: I CONFACK [REQsent] id 63 len 24
Jul 15 01:56:45 as53-2.cnt.ru 69978: As102 LCP: ACCM 0x000A0000 (0x0206000A0000)
Jul 15 01:56:45 as53-2.cnt.ru 69979: As102 LCP: AuthProto PAP (0x0304C023)
Jul 15 01:56:45 as53-2.cnt.ru 69980: As102 LCP: MagicNumber 0x68172D39 (0x050668172D39)
Jul 15 01:56:45 as53-2.cnt.ru 69981: As102 LCP: PFC (0x0702)
Jul 15 01:56:45 as53-2.cnt.ru 69982: As102 LCP: ACFC (0x0802)
Jul 15 01:56:45 as53-2.cnt.ru 69983: As102 LCP: I CONFREQ [ACKrcvd] id 2 len 23
Jul 15 01:56:45 as53-2.cnt.ru 69984: As102 LCP: ACCM 0x000A0000 (0x0206000A0000)
Jul 15 01:56:45 as53-2.cnt.ru 69985: As102 LCP: MagicNumber 0x00173610 (0x050600173610)
Jul 15 01:56:45 as53-2.cnt.ru 69986: As102 LCP: PFC (0x0702)
Jul 15 01:56:45 as53-2.cnt.ru 69987: As102 LCP: ACFC (0x0802)
Jul 15 01:56:45 as53-2.cnt.ru 69988: As102 LCP: Callback 6 (0x0D0306)
Jul 15 01:56:45 as53-2.cnt.ru 69989: As102 LCP: O CONFREJ [ACKrcvd] id 2 len 7
Jul 15 01:56:45 as53-2.cnt.ru 69990: As102 LCP: Callback 6 (0x0D0306)
Jul 15 01:56:45 as53-2.cnt.ru 69991: As102 LCP: I CONFREQ [ACKrcvd] id 3 len 20
Jul 15 01:56:45 as53-2.cnt.ru 69992: As102 LCP: ACCM 0x000A0000 (0x0206000A0000)
Jul 15 01:56:46 as53-2.cnt.ru 69993: As102 LCP: MagicNumber 0x00173610 (0x050600173610)
Jul 15 01:56:46 as53-2.cnt.ru 69994: As102 LCP: PFC (0x0702)
Jul 15 01:56:46 as53-2.cnt.ru 69995: As102 LCP: ACFC (0x0802)
Jul 15 01:56:46 as53-2.cnt.ru 69996: As102 LCP: O CONFACK [ACKrcvd] id 3 len 20
Jul 15 01:56:46 as53-2.cnt.ru 69997: As102 LCP: ACCM 0x000A0000 (0x0206000A0000)
Jul 15 01:56:46 as53-2.cnt.ru 69998: As102 LCP: MagicNumber 0x00173610 (0x050600173610)
Jul 15 01:56:46 as53-2.cnt.ru 69999: As102 LCP: PFC (0x0702)
Jul 15 01:56:46 as53-2.cnt.ru 70000: As102 LCP: ACFC (0x0802)
Jul 15 01:56:46 as53-2.cnt.ru 70001: As102 LCP: State is Open
Jul 15 01:56:46 as53-2.cnt.ru 70002: As102 PPP: Phase is AUTHENTICATING, by this end
Jul 15 01:56:46 as53-2.cnt.ru 70003: As102 PAP: I AUTH-REQ id 1 len 12 from "tst1"
Jul 15 01:56:46 as53-2.cnt.ru 70004: As102 PAP: Authenticating peer tst1
Jul 15 01:56:46 as53-2.cnt.ru 70005: AAA/AUTHEN: create_user (0x6126CAD4) user='tst1' ruser='' port='Async102' rem_addr='async/9951015' authen_type=PAP service=PPP priv=1
Jul 15 01:56:46 as53-2.cnt.ru 70006: AAA/AUTHEN/START (2239593697): port='Async102' list='' action=LOGIN service=PPP
Jul 15 01:56:46 as53-2.cnt.ru 70007: AAA/AUTHEN/START (2239593697): using "default" list
Jul 15 01:56:46 as53-2.cnt.ru 70008: AAA/AUTHEN/START (2239593697): Method=RADIUS
Jul 15 01:56:46 as53-2.cnt.ru 70009: RADIUS: Initial Transmit id 66 194.84.17.35:1645, Access-Request, len 83
Jul 15 01:56:46 as53-2.cnt.ru 70010: Attribute 4 6 C2541184
Jul 15 01:56:46 as53-2.cnt.ru 70011: Attribute 5 6 00000066
Jul 15 01:56:46 as53-2.cnt.ru 70012: Attribute 61 6 00000000
Jul 15 01:56:46 as53-2.cnt.ru 70013: Attribute 1 6 74737431
Jul 15 01:56:46 as53-2.cnt.ru 70014: Attribute 30 9 39393531
Jul 15 01:56:46 as53-2.cnt.ru 70015: Attribute 2 18 62FCDBD9
Jul 15 01:56:46 as53-2.cnt.ru 70016: Attribute 6 6 00000002
Jul 15 01:56:46 as53-2.cnt.ru 70017: Attribute 7 6 00000001
Jul 15 01:56:46 as53-2.cnt.ru 70018: RADIUS: Received from id 66 194.84.17.35:1645, Access-Accept, len 32
Jul 15 01:56:46 as53-2.cnt.ru 70019: Attribute 7 6 00000001
Jul 15 01:56:46 as53-2.cnt.ru 70020: Attribute 8 6 C254F6FE
Jul 15 01:56:46 as53-2.cnt.ru 70021: RADIUS: saved authorization data for user 6126CAD4 at 61152070
Jul 15 01:56:46 as53-2.cnt.ru 70022: AAA/AUTHEN (2239593697): status = PASS
Jul 15 01:56:46 as53-2.cnt.ru 70023: As102 PAP: O AUTH-ACK id 1 len 5
Jul 15 01:56:46 as53-2.cnt.ru 70024: As102 PPP: Phase is UP
Jul 15 01:56:46 as53-2.cnt.ru 70025: As102 IPCP: O CONFREQ [Closed] id 146 len 10
Jul 15 01:56:46 as53-2.cnt.ru 70026: As102 IPCP: Address 194.84.246.129 (0x0306C254F681)
Jul 15 01:56:46 as53-2.cnt.ru 70027: RADIUS: server 194.84.17.35 doesn't support type 4
Jul 15 01:56:46 as53-2.cnt.ru 70028: RADIUS: Initial Transmit id 67 194.84.17.34:1646, Accounting-Request, len 93
Jul 15 01:56:46 as53-2.cnt.ru 70029: Attribute 4 6 C2541184
Jul 15 01:56:46 as53-2.cnt.ru 70030: Attribute 5 6 00000066
Jul 15 01:56:46 as53-2.cnt.ru 70031: Attribute 61 6 00000000
Jul 15 01:56:46 as53-2.cnt.ru 70032: Attribute 1 6 74737431
Jul 15 01:56:46 as53-2.cnt.ru 70033: Attribute 30 9 39393531
Jul 15 01:56:46 as53-2.cnt.ru 70034: Attribute 40 6 00000001
Jul 15 01:56:46 as53-2.cnt.ru 70035: Attribute 45 6 00000001
Jul 15 01:56:46 as53-2.cnt.ru 70036: Attribute 6 6 00000002
Jul 15 01:56:46 as53-2.cnt.ru 70037: Attribute 44 10 30303030
Jul 15 01:56:46 as53-2.cnt.ru 70038: Attribute 7 6 00000001
Jul 15 01:56:46 as53-2.cnt.ru 70039: Attribute 41 6 00000000
Jul 15 01:56:46 as53-2.cnt.ru 70040: RADIUS: Received from id 67 194.84.17.34:1646, Accounting-response, len 20
Jul 15 01:56:46 as53-2.cnt.ru 70041: As102 IPCP: I CONFREQ [REQsent] id 1 len 34
Jul 15 01:56:46 as53-2.cnt.ru 70042: As102 IPCP: Address 0.0.0.0 (0x030600000000)
Jul 15 01:56:46 as53-2.cnt.ru 70043: As102 IPCP: PrimaryDNS 194.84.17.34 (0x8106C2541122)
Jul 15 01:56:46 as53-2.cnt.ru 70044: As102 IPCP: PrimaryWINS 0.0.0.0 (0x820600000000)
Jul 15 01:56:46 as53-2.cnt.ru 70045: As102 IPCP: SecondaryDNS 194.84.17.35 (0x8306C2541123)
Jul 15 01:56:46 as53-2.cnt.ru 70046: As102 IPCP: SecondaryWINS 0.0.0.0 (0x840600000000)
Jul 15 01:56:46 as53-2.cnt.ru 70047: As102 IPCP: Using pool 'as53-2_pool'
Jul 15 01:56:46 as53-2.cnt.ru 70048: As102 IPCP: Pool returned 194.84.246.149
Jul 15 01:56:46 as53-2.cnt.ru 70049: As102 IPCP: O CONFREJ [REQsent] id 1 len 16
Jul 15 01:56:46 as53-2.cnt.ru 70050: As102 IPCP: PrimaryWINS 0.0.0.0 (0x820600000000)
Jul 15 01:56:46 as53-2.cnt.ru 70051: As102 IPCP: SecondaryWINS 0.0.0.0 (0x840600000000)
Jul 15 01:56:46 as53-2.cnt.ru 70052: As102 IPCP: I CONFACK [REQsent] id 146 len 10
Jul 15 01:56:46 as53-2.cnt.ru 70053: As102 IPCP: Address 194.84.246.129 (0x0306C254F681)
Jul 15 01:56:46 as53-2.cnt.ru 70054: As102 IPCP: I CONFREQ [ACKrcvd] id 2 len 22
Jul 15 01:56:46 as53-2.cnt.ru 70055: As102 IPCP: Address 0.0.0.0 (0x030600000000)
Jul 15 01:56:46 as53-2.cnt.ru 70056: As102 IPCP: PrimaryDNS 194.84.17.34 (0x8106C2541122)
Jul 15 01:56:46 as53-2.cnt.ru 70057: As102 IPCP: SecondaryDNS 194.84.17.35 (0x8306C2541123)
Jul 15 01:56:46 as53-2.cnt.ru 70058: As102 IPCP: O CONFNAK [ACKrcvd] id 2 len 10
Jul 15 01:56:46 as53-2.cnt.ru 70059: As102 IPCP: Address 194.84.246.149 (0x0306C254F695)
Jul 15 01:56:46 as53-2.cnt.ru 70060: As102 IPCP: I CONFREQ [ACKrcvd] id 3 len 22
Jul 15 01:56:46 as53-2.cnt.ru 70061: As102 IPCP: Address 194.84.246.149 (0x0306C254F695)
Jul 15 01:56:47 as53-2.cnt.ru 70062: As102 IPCP: PrimaryDNS 194.84.17.34 (0x8106C2541122)
Jul 15 01:56:47 as53-2.cnt.ru 70063: As102 IPCP: SecondaryDNS 194.84.17.35 (0x8306C2541123)
Jul 15 01:56:47 as53-2.cnt.ru 70064: As102 IPCP: O CONFACK [ACKrcvd] id 3 len 22
Jul 15 01:56:47 as53-2.cnt.ru 70065: As102 IPCP: Address 194.84.246.149 (0x0306C254F695)
Jul 15 01:56:47 as53-2.cnt.ru 70066: As102 IPCP: PrimaryDNS 194.84.17.34 (0x8106C2541122)
Jul 15 01:56:47 as53-2.cnt.ru 70067: As102 IPCP: SecondaryDNS 194.84.17.35 (0x8306C2541123)
Jul 15 01:56:47 as53-2.cnt.ru 70068: As102 IPCP: State is Open
Jul 15 01:56:47 as53-2.cnt.ru 70069: As102 AAA/AUTHOR: IP_UP
Jul 15 01:56:47 as53-2.cnt.ru 70070: As102 AAA/PER-USER: processing author params.
Jul 15 01:56:47 as53-2.cnt.ru 70071: As102 IPCP: Install route to 194.84.246.149
Jul 15 01:56:48 as53-2.cnt.ru 70072: %LINEPROTO-5-UPDOWN: Line protocol on Interface Async102, changed state to up
####################### athe + autho netw radius
Jul 15 02:14:58 as53-2.cnt.ru 70184: AAA/AUTHEN: free_user (0x6126CAD4) user='tst1' ruser='' port='Async102' rem_addr='async/9951015' authen_type=PAP service=PPP priv=1
Jul 15 02:15:44 as53-2.cnt.ru 70185: %LINK-3-UPDOWN: Interface Async37, changed state to up
Jul 15 02:15:45 as53-2.cnt.ru 70186: As37 PPP: Treating connection as a dedicated line
Jul 15 02:15:45 as53-2.cnt.ru 70187: As37 PPP: Phase is ESTABLISHING, Active Open
Jul 15 02:15:45 as53-2.cnt.ru 70188: As37 LCP: O CONFREQ [Closed] id 66 len 24
Jul 15 02:15:45 as53-2.cnt.ru 70189: As37 LCP: ACCM 0x000A0000 (0x0206000A0000)
Jul 15 02:15:45 as53-2.cnt.ru 70190: As37 LCP: AuthProto PAP (0x0304C023)
Jul 15 02:15:45 as53-2.cnt.ru 70191: As37 LCP: MagicNumber 0x68289256 (0x050668289256)
Jul 15 02:15:45 as53-2.cnt.ru 70192: As37 LCP: PFC (0x0702)
Jul 15 02:15:45 as53-2.cnt.ru 70193: As37 LCP: ACFC (0x0802)
Jul 15 02:15:45 as53-2.cnt.ru 70194: As37 LCP: I CONFACK [REQsent] id 66 len 24
Jul 15 02:15:45 as53-2.cnt.ru 70195: As37 LCP: ACCM 0x000A0000 (0x0206000A0000)
Jul 15 02:15:45 as53-2.cnt.ru 70196: As37 LCP: AuthProto PAP (0x0304C023)
Jul 15 02:15:45 as53-2.cnt.ru 70197: As37 LCP: MagicNumber 0x68289256 (0x050668289256)
Jul 15 02:15:45 as53-2.cnt.ru 70198: As37 LCP: PFC (0x0702)
Jul 15 02:15:45 as53-2.cnt.ru 70199: As37 LCP: ACFC (0x0802)
Jul 15 02:15:45 as53-2.cnt.ru 70200: As37 LCP: I CONFREQ [ACKrcvd] id 2 len 23
Jul 15 02:15:45 as53-2.cnt.ru 70201: As37 LCP: ACCM 0x000A0000 (0x0206000A0000)
Jul 15 02:15:45 as53-2.cnt.ru 70202: As37 LCP: MagicNumber 0x00289C37 (0x050600289C37)
Jul 15 02:15:45 as53-2.cnt.ru 70203: As37 LCP: PFC (0x0702)
Jul 15 02:15:45 as53-2.cnt.ru 70204: As37 LCP: ACFC (0x0802)
Jul 15 02:15:45 as53-2.cnt.ru 70205: As37 LCP: Callback 6 (0x0D0306)
Jul 15 02:15:45 as53-2.cnt.ru 70206: As37 LCP: O CONFREJ [ACKrcvd] id 2 len 7
Jul 15 02:15:45 as53-2.cnt.ru 70207: As37 LCP: Callback 6 (0x0D0306)
Jul 15 02:15:45 as53-2.cnt.ru 70208: As37 LCP: I CONFREQ [ACKrcvd] id 3 len 20
Jul 15 02:15:45 as53-2.cnt.ru 70209: As37 LCP: ACCM 0x000A0000 (0x0206000A0000)
Jul 15 02:15:45 as53-2.cnt.ru 70210: As37 LCP: MagicNumber 0x00289C37 (0x050600289C37)
Jul 15 02:15:45 as53-2.cnt.ru 70211: As37 LCP: PFC (0x0702)
Jul 15 02:15:45 as53-2.cnt.ru 70212: As37 LCP: ACFC (0x0802)
Jul 15 02:15:45 as53-2.cnt.ru 70213: As37 LCP: O CONFACK [ACKrcvd] id 3 len 20
Jul 15 02:15:45 as53-2.cnt.ru 70214: As37 LCP: ACCM 0x000A0000 (0x0206000A0000)
Jul 15 02:15:45 as53-2.cnt.ru 70215: As37 LCP: MagicNumber 0x00289C37 (0x050600289C37)
Jul 15 02:15:45 as53-2.cnt.ru 70216: As37 LCP: PFC (0x0702)
Jul 15 02:15:45 as53-2.cnt.ru 70217: As37 LCP: ACFC (0x0802)
Jul 15 02:15:45 as53-2.cnt.ru 70218: As37 LCP: State is Open
Jul 15 02:15:45 as53-2.cnt.ru 70219: As37 PPP: Phase is AUTHENTICATING, by this end
Jul 15 02:15:45 as53-2.cnt.ru 70220: As37 PAP: I AUTH-REQ id 1 len 12 from "tst1"
Jul 15 02:15:45 as53-2.cnt.ru 70221: As37 PAP: Authenticating peer tst1
Jul 15 02:15:45 as53-2.cnt.ru 70222: AAA/AUTHEN: create_user (0x610E7674) user='tst1' ruser='' port='Async37' rem_addr='async/9951015' authen_type=PAP service=PPP priv=1
Jul 15 02:15:45 as53-2.cnt.ru 70223: AAA/AUTHEN/START (2049094064): port='Async37' list='' action=LOGIN service=PPP
Jul 15 02:15:45 as53-2.cnt.ru 70224: AAA/AUTHEN/START (2049094064): using "default" list
Jul 15 02:15:46 as53-2.cnt.ru 70225: AAA/AUTHEN/START (2049094064): Method=RADIUS
Jul 15 02:15:46 as53-2.cnt.ru 70226: RADIUS: Initial Transmit id 79 194.84.17.35:1645, Access-Request, len 83
Jul 15 02:15:46 as53-2.cnt.ru 70227: Attribute 4 6 C2541184
Jul 15 02:15:46 as53-2.cnt.ru 70228: Attribute 5 6 00000025
Jul 15 02:15:46 as53-2.cnt.ru 70229: Attribute 61 6 00000000
Jul 15 02:15:46 as53-2.cnt.ru 70230: Attribute 1 6 74737431
Jul 15 02:15:46 as53-2.cnt.ru 70231: Attribute 30 9 39393531
Jul 15 02:15:46 as53-2.cnt.ru 70232: Attribute 2 18 39A8076E
Jul 15 02:15:46 as53-2.cnt.ru 70233: Attribute 6 6 00000002
Jul 15 02:15:46 as53-2.cnt.ru 70234: Attribute 7 6 00000001
Jul 15 02:15:46 as53-2.cnt.ru 70235: RADIUS: Received from id 79 194.84.17.35:1645, Access-Accept, len 32
Jul 15 02:15:46 as53-2.cnt.ru 70236: Attribute 7 6 00000001
Jul 15 02:15:46 as53-2.cnt.ru 70237: Attribute 8 6 C254F6FE
Jul 15 02:15:46 as53-2.cnt.ru 70238: %RADIUS-6-SERVERALIVE: Radius server 194.84.17.35 is responding again (previously dead).
Jul 15 02:15:46 as53-2.cnt.ru 70239: RADIUS: saved authorization data for user 610E7674 at 60F82DEC
Jul 15 02:15:46 as53-2.cnt.ru 70240: AAA/AUTHEN (2049094064): status = PASS
Jul 15 02:15:46 as53-2.cnt.ru 70241: AAA/AUTHOR/LCP As37: Authorize LCP
Jul 15 02:15:46 as53-2.cnt.ru 70242: AAA/AUTHOR/LCP: Async37: (3189578723): user='tst1'
Jul 15 02:15:46 as53-2.cnt.ru 70243: AAA/AUTHOR/LCP: Async37: (3189578723): send AV service=ppp
Jul 15 02:15:46 as53-2.cnt.ru 70244: AAA/AUTHOR/LCP: Async37: (3189578723): send AV protocol=lcp
Jul 15 02:15:46 as53-2.cnt.ru 70245: AAA/AUTHOR/LCP: Async37: (3189578723): Method=RADIUS
Jul 15 02:15:46 as53-2.cnt.ru 70246: RADIUS: no appropriate authorization type for user.
Jul 15 02:15:46 as53-2.cnt.ru 70247: AAA/AUTHOR (3189578723): Post authorization status = FAIL
Jul 15 02:15:46 as53-2.cnt.ru 70248: AAA/AUTHOR/LCP As37: Denied
Jul 15 02:15:46 as53-2.cnt.ru 70249: AAA/AUTHEN: free_user (0x610E7674) user='tst1' ruser='' port='Async37' rem_addr='async/9951015' authen_type=PAP service=PPP priv=1
Jul 15 02:15:46 as53-2.cnt.ru 70250: As37 PAP: O AUTH-NAK id 1 len 25 msg is "Authorization failed"
Jul 15 02:15:46 as53-2.cnt.ru 70251: As37 PPP: Phase is TERMINATING
Jul 15 02:15:46 as53-2.cnt.ru 70252: As37 LCP: O TERMREQ [Open] id 67 len 4
Jul 15 02:15:46 as53-2.cnt.ru 70253: As37 AAA/AUTHOR: LCP_DOWN
Jul 15 02:15:46 as53-2.cnt.ru 70254: As37 LCP: I TERMACK [TERMsent] id 67 len 4
Jul 15 02:15:46 as53-2.cnt.ru 70255: As37 LCP: State is Closed
Jul 15 02:15:46 as53-2.cnt.ru 70256: As37 PPP: Phase is DOWN
Jul 15 02:15:46 as53-2.cnt.ru 70257: As37 PPP: Phase is ESTABLISHING, Passive Open
Jul 15 02:15:46 as53-2.cnt.ru 70258: As37 LCP: State is Listen
Jul 15 02:15:47 as53-2.cnt.ru 70259: %ISDN-6-DISCONNECT: Interface Serial2:28 disconnected from unknown , call lasted 22 seconds
Jul 15 02:15:48 as53-2.cnt.ru 70260: %LINK-5-CHANGED: Interface Async37, changed state to reset
Jul 15 02:15:49 as53-2.cnt.ru 70261: As37 LCP: State is Closed
Jul 15 02:15:49 as53-2.cnt.ru 70262: As37 PPP: Phase is DOWN
Jul 15 02:15:53 as53-2.cnt.ru 70263: %LINK-3-UPDOWN: Interface Async37, changed state to down
Jul 15 02:15:54 as53-2.cnt.ru 70264: As37 LCP: State is Closed
Jul 15 02:15:54 as53-2.cnt.ru 70265: As37 PPP: Phase is DOWN
################## authe + autho netw if_authe
Jul 15 02:58:34 as53-2.cnt.ru 70520: %LINK-3-UPDOWN: Interface Async39, changed state to up
Jul 15 02:58:35 as53-2.cnt.ru 70521: As39 PPP: Treating connection as a dedicated line
Jul 15 02:58:35 as53-2.cnt.ru 70522: As39 PPP: Phase is ESTABLISHING, Active Open
Jul 15 02:58:35 as53-2.cnt.ru 70523: As39 LCP: O CONFREQ [Closed] id 166 len 24
Jul 15 02:58:35 as53-2.cnt.ru 70524: As39 LCP: ACCM 0x000A0000 (0x0206000A0000)
Jul 15 02:58:35 as53-2.cnt.ru 70525: As39 LCP: AuthProto PAP (0x0304C023)
Jul 15 02:58:35 as53-2.cnt.ru 70526: As39 LCP: MagicNumber 0x684FCBEE (0x0506684FCBEE)
Jul 15 02:58:35 as53-2.cnt.ru 70527: As39 LCP: PFC (0x0702)
Jul 15 02:58:35 as53-2.cnt.ru 70528: As39 LCP: ACFC (0x0802)
Jul 15 02:58:35 as53-2.cnt.ru 70529: As39 LCP: I CONFACK [REQsent] id 166 len 24
Jul 15 02:58:35 as53-2.cnt.ru 70530: As39 LCP: ACCM 0x000A0000 (0x0206000A0000)
Jul 15 02:58:35 as53-2.cnt.ru 70531: As39 LCP: AuthProto PAP (0x0304C023)
Jul 15 02:58:35 as53-2.cnt.ru 70532: As39 LCP: MagicNumber 0x684FCBEE (0x0506684FCBEE)
Jul 15 02:58:35 as53-2.cnt.ru 70533: As39 LCP: PFC (0x0702)
Jul 15 02:58:35 as53-2.cnt.ru 70534: As39 LCP: ACFC (0x0802)
Jul 15 02:58:35 as53-2.cnt.ru 70535: As39 LCP: I CONFREQ [ACKrcvd] id 2 len 23
Jul 15 02:58:35 as53-2.cnt.ru 70536: As39 LCP: ACCM 0x000A0000 (0x0206000A0000)
Jul 15 02:58:35 as53-2.cnt.ru 70537: As39 LCP: MagicNumber 0x004FD602 (0x0506004FD602)
Jul 15 02:58:35 as53-2.cnt.ru 70538: As39 LCP: PFC (0x0702)
Jul 15 02:58:35 as53-2.cnt.ru 70539: As39 LCP: ACFC (0x0802)
Jul 15 02:58:35 as53-2.cnt.ru 70540: As39 LCP: Callback 6 (0x0D0306)
Jul 15 02:58:35 as53-2.cnt.ru 70541: As39 LCP: O CONFREJ [ACKrcvd] id 2 len 7
Jul 15 02:58:35 as53-2.cnt.ru 70542: As39 LCP: Callback 6 (0x0D0306)
Jul 15 02:58:35 as53-2.cnt.ru 70543: As39 LCP: I CONFREQ [ACKrcvd] id 3 len 20
Jul 15 02:58:35 as53-2.cnt.ru 70544: As39 LCP: ACCM 0x000A0000 (0x0206000A0000)
Jul 15 02:58:35 as53-2.cnt.ru 70545: As39 LCP: MagicNumber 0x004FD602 (0x0506004FD602)
Jul 15 02:58:35 as53-2.cnt.ru 70546: As39 LCP: PFC (0x0702)
Jul 15 02:58:35 as53-2.cnt.ru 70547: As39 LCP: ACFC (0x0802)
Jul 15 02:58:35 as53-2.cnt.ru 70548: As39 LCP: O CONFACK [ACKrcvd] id 3 len 20
Jul 15 02:58:35 as53-2.cnt.ru 70549: As39 LCP: ACCM 0x000A0000 (0x0206000A0000)
Jul 15 02:58:35 as53-2.cnt.ru 70550: As39 LCP: MagicNumber 0x004FD602 (0x0506004FD602)
Jul 15 02:58:35 as53-2.cnt.ru 70551: As39 LCP: PFC (0x0702)
Jul 15 02:58:35 as53-2.cnt.ru 70552: As39 LCP: ACFC (0x0802)
Jul 15 02:58:35 as53-2.cnt.ru 70553: As39 LCP: State is Open
Jul 15 02:58:35 as53-2.cnt.ru 70554: As39 PPP: Phase is AUTHENTICATING, by this end
Jul 15 02:58:35 as53-2.cnt.ru 70555: As39 PAP: I AUTH-REQ id 1 len 12 from "tst1"
Jul 15 02:58:35 as53-2.cnt.ru 70556: As39 PAP: Authenticating peer tst1
Jul 15 02:58:35 as53-2.cnt.ru 70557: AAA/AUTHEN: create_user (0x60AAE62C) user='tst1' ruser='' port='Async39' rem_addr='async/9951015' authen_type=PAP service=PPP priv=1
Jul 15 02:58:35 as53-2.cnt.ru 70558: AAA/AUTHEN/START (4205452119): port='Async39' list='' action=LOGIN service=PPP
Jul 15 02:58:35 as53-2.cnt.ru 70559: AAA/AUTHEN/START (4205452119): using "default" list
Jul 15 02:58:35 as53-2.cnt.ru 70560: AAA/AUTHEN/START (4205452119): Method=RADIUS
Jul 15 02:58:35 as53-2.cnt.ru 70561: RADIUS: server 194.84.17.35 marked dead, skipping
Jul 15 02:58:35 as53-2.cnt.ru 70562: RADIUS: server 194.84.17.34 doesn't support type 1
Jul 15 02:58:35 as53-2.cnt.ru 70563: RADIUS: Initial Transmit id 105 194.84.17.35:1645, Access-Request, len 83
Jul 15 02:58:35 as53-2.cnt.ru 70564: Attribute 4 6 C2541184
Jul 15 02:58:35 as53-2.cnt.ru 70565: Attribute 5 6 00000027
Jul 15 02:58:35 as53-2.cnt.ru 70566: Attribute 61 6 00000000
Jul 15 02:58:35 as53-2.cnt.ru 70567: Attribute 1 6 74737431
Jul 15 02:58:35 as53-2.cnt.ru 70568: Attribute 30 9 39393531
Jul 15 02:58:35 as53-2.cnt.ru 70569: Attribute 2 18 D0428460
Jul 15 02:58:35 as53-2.cnt.ru 70570: Attribute 6 6 00000002
Jul 15 02:58:35 as53-2.cnt.ru 70571: Attribute 7 6 00000001
Jul 15 02:58:35 as53-2.cnt.ru 70572: RADIUS: Received from id 105 194.84.17.35:1645, Access-Accept, len 32
Jul 15 02:58:35 as53-2.cnt.ru 70573: Attribute 7 6 00000001
Jul 15 02:58:35 as53-2.cnt.ru 70574: Attribute 8 6 C254F6FE
Jul 15 02:58:35 as53-2.cnt.ru 70575: RADIUS: saved authorization data for user 60AAE62C at 61125164
Jul 15 02:58:35 as53-2.cnt.ru 70576: AAA/AUTHEN (4205452119): status = PASS
Jul 15 02:58:35 as53-2.cnt.ru 70577: AAA/AUTHOR/LCP As39: Authorize LCP
Jul 15 02:58:35 as53-2.cnt.ru 70578: AAA/AUTHOR/LCP: Async39: (2063792303): user='tst1'
Jul 15 02:58:35 as53-2.cnt.ru 70579: AAA/AUTHOR/LCP: Async39: (2063792303): send AV service=ppp
Jul 15 02:58:35 as53-2.cnt.ru 70580: AAA/AUTHOR/LCP: Async39: (2063792303): send AV protocol=lcp
Jul 15 02:58:35 as53-2.cnt.ru 70581: AAA/AUTHOR/LCP: Async39: (2063792303): Method=IF_AUTHEN
Jul 15 02:58:35 as53-2.cnt.ru 70582: AAA/AUTHOR (2063792303): Post authorization status = PASS_ADD
Jul 15 02:58:35 as53-2.cnt.ru 70583: As39 PAP: O AUTH-ACK id 1 len 5
Jul 15 02:58:35 as53-2.cnt.ru 70584: As39 PPP: Phase is UP
Jul 15 02:58:35 as53-2.cnt.ru 70585: AAA/AUTHOR/FSM As39: (0): Can we start IPCP?
Jul 15 02:58:35 as53-2.cnt.ru 70586: AAA/AUTHOR/FSM: Async39: (357576884): user='tst1'
Jul 15 02:58:35 as53-2.cnt.ru 70587: AAA/AUTHOR/FSM: Async39: (357576884): send AV service=ppp
Jul 15 02:58:35 as53-2.cnt.ru 70588: AAA/AUTHOR/FSM: Async39: (357576884): send AV protocol=ip
Jul 15 02:58:35 as53-2.cnt.ru 70589: AAA/AUTHOR/FSM: Async39: (357576884): Method=IF_AUTHEN
Jul 15 02:58:35 as53-2.cnt.ru 70590: AAA/AUTHOR (357576884): Post authorization status = PASS_ADD
Jul 15 02:58:35 as53-2.cnt.ru 70591: AAA/AUTHOR/FSM As39: We can start IPCP
Jul 15 02:58:35 as53-2.cnt.ru 70592: As39 IPCP: O CONFREQ [Closed] id 175 len 10
Jul 15 02:58:35 as53-2.cnt.ru 70593: As39 IPCP: Address 194.84.246.129 (0x0306C254F681)
Jul 15 02:58:35 as53-2.cnt.ru 70594: RADIUS: server 194.84.17.35 doesn't support type 4
Jul 15 02:58:35 as53-2.cnt.ru 70595: RADIUS: server 194.84.17.34 marked dead, skipping
Jul 15 02:58:35 as53-2.cnt.ru 70596: RADIUS: Initial Transmit id 106 194.84.17.35:0, Accounting-Request, len 93
Jul 15 02:58:35 as53-2.cnt.ru 70597: Attribute 4 6 C2541184
Jul 15 02:58:35 as53-2.cnt.ru 70598: Attribute 5 6 00000027
Jul 15 02:58:35 as53-2.cnt.ru 70599: Attribute 61 6 00000000
Jul 15 02:58:35 as53-2.cnt.ru 70600: Attribute 1 6 74737431
Jul 15 02:58:35 as53-2.cnt.ru 70601: Attribute 30 9 39393531
Jul 15 02:58:35 as53-2.cnt.ru 70602: Attribute 40 6 00000001
Jul 15 02:58:35 as53-2.cnt.ru 70603: Attribute 45 6 00000001
Jul 15 02:58:35 as53-2.cnt.ru 70604: Attribute 6 6 00000002
Jul 15 02:58:35 as53-2.cnt.ru 70605: Attribute 44 10 30303030
Jul 15 02:58:35 as53-2.cnt.ru 70606: Attribute 7 6 00000001
Jul 15 02:58:35 as53-2.cnt.ru 70607: Attribute 41 6 00000000
Jul 15 02:58:35 as53-2.cnt.ru 70608: As39 IPCP: I CONFREQ [REQsent] id 1 len 34
Jul 15 02:58:35 as53-2.cnt.ru 70609: As39 IPCP: Address 0.0.0.0 (0x030600000000)
Jul 15 02:58:35 as53-2.cnt.ru 70610: As39 IPCP: PrimaryDNS 194.84.17.34 (0x8106C2541122)
Jul 15 02:58:35 as53-2.cnt.ru 70611: As39 IPCP: PrimaryWINS 0.0.0.0 (0x820600000000)
Jul 15 02:58:35 as53-2.cnt.ru 70612: As39 IPCP: SecondaryDNS 194.84.17.35 (0x8306C2541123)
Jul 15 02:58:35 as53-2.cnt.ru 70613: As39 IPCP: SecondaryWINS 0.0.0.0 (0x840600000000)
Jul 15 02:58:36 as53-2.cnt.ru 70614: AAA/AUTHOR/IPCP As39: Start. Her address 0.0.0.0, we want 0.0.0.0
Jul 15 02:58:36 as53-2.cnt.ru 70615: AAA/AUTHOR/IPCP As39: Processing AV service=ppp
Jul 15 02:58:36 as53-2.cnt.ru 70616: AAA/AUTHOR/IPCP As39: Processing AV protocol=ip
Jul 15 02:58:36 as53-2.cnt.ru 70617: AAA/AUTHOR/IPCP As39: Authorization succeeded
Jul 15 02:58:36 as53-2.cnt.ru 70618: AAA/AUTHOR/IPCP As39: Done. Her address 0.0.0.0, we want 0.0.0.0
Jul 15 02:58:36 as53-2.cnt.ru 70619: As39 IPCP: Using pool 'as53-2_pool'
Jul 15 02:58:36 as53-2.cnt.ru 70620: As39 IPCP: Pool returned 194.84.246.149
Jul 15 02:58:36 as53-2.cnt.ru 70621: As39 IPCP: O CONFREJ [REQsent] id 1 len 16
Jul 15 02:58:36 as53-2.cnt.ru 70622: As39 IPCP: PrimaryWINS 0.0.0.0 (0x820600000000)
Jul 15 02:58:36 as53-2.cnt.ru 70623: As39 IPCP: SecondaryWINS 0.0.0.0 (0x840600000000)
Jul 15 02:58:36 as53-2.cnt.ru 70624: As39 IPCP: I CONFACK [REQsent] id 175 len 10
Jul 15 02:58:36 as53-2.cnt.ru 70625: As39 IPCP: Address 194.84.246.129 (0x0306C254F681)
Jul 15 02:58:36 as53-2.cnt.ru 70626: %LINEPROTO-5-UPDOWN: Line protocol on Interface Async39, changed state to up
Jul 15 02:58:36 as53-2.cnt.ru 70627: As39 IPCP: I CONFREQ [ACKrcvd] id 2 len 22
Jul 15 02:58:36 as53-2.cnt.ru 70628: As39 IPCP: Address 0.0.0.0 (0x030600000000)
Jul 15 02:58:36 as53-2.cnt.ru 70629: As39 IPCP: PrimaryDNS 194.84.17.34 (0x8106C2541122)
Jul 15 02:58:36 as53-2.cnt.ru 70630: As39 IPCP: SecondaryDNS 194.84.17.35 (0x8306C2541123)
Jul 15 02:58:36 as53-2.cnt.ru 70631: AAA/AUTHOR/IPCP As39: Start. Her address 0.0.0.0, we want 194.84.246.149
Jul 15 02:58:36 as53-2.cnt.ru 70632: AAA/AUTHOR/IPCP As39: Processing AV service=ppp
Jul 15 02:58:36 as53-2.cnt.ru 70633: AAA/AUTHOR/IPCP As39: Processing AV protocol=ip
Jul 15 02:58:36 as53-2.cnt.ru 70634: AAA/AUTHOR/IPCP As39: Authorization succeeded
Jul 15 02:58:36 as53-2.cnt.ru 70635: AAA/AUTHOR/IPCP As39: Done. Her address 0.0.0.0, we want 194.84.246.149
Jul 15 02:58:36 as53-2.cnt.ru 70636: As39 IPCP: O CONFNAK [ACKrcvd] id 2 len 10
Jul 15 02:58:36 as53-2.cnt.ru 70637: As39 IPCP: Address 194.84.246.149 (0x0306C254F695)
Jul 15 02:58:36 as53-2.cnt.ru 70638: As39 IPCP: I CONFREQ [ACKrcvd] id 3 len 22
Jul 15 02:58:36 as53-2.cnt.ru 70639: As39 IPCP: Address 194.84.246.149 (0x0306C254F695)
Jul 15 02:58:36 as53-2.cnt.ru 70640: As39 IPCP: PrimaryDNS 194.84.17.34 (0x8106C2541122)
Jul 15 02:58:36 as53-2.cnt.ru 70641: As39 IPCP: SecondaryDNS 194.84.17.35 (0x8306C2541123)
Jul 15 02:58:36 as53-2.cnt.ru 70642: AAA/AUTHOR/IPCP As39: Start. Her address 194.84.246.149, we want 194.84.246.149
Jul 15 02:58:36 as53-2.cnt.ru 70643: AAA/AUTHOR/IPCP: Async39: (657314869): user='tst1'
Jul 15 02:58:36 as53-2.cnt.ru 70644: AAA/AUTHOR/IPCP: Async39: (657314869): send AV service=ppp
Jul 15 02:58:36 as53-2.cnt.ru 70645: AAA/AUTHOR/IPCP: Async39: (657314869): send AV protocol=ip
Jul 15 02:58:36 as53-2.cnt.ru 70646: AAA/AUTHOR/IPCP: Async39: (657314869): send AV addr*194.84.246.149
Jul 15 02:58:36 as53-2.cnt.ru 70647: AAA/AUTHOR/IPCP: Async39: (657314869): Method=IF_AUTHEN
Jul 15 02:58:36 as53-2.cnt.ru 70648: AAA/AUTHOR (657314869): Post authorization status = PASS_ADD
Jul 15 02:58:36 as53-2.cnt.ru 70649: AAA/AUTHOR/IPCP As39: Processing AV service=ppp
Jul 15 02:58:37 as53-2.cnt.ru 70650: AAA/AUTHOR/IPCP As39: Processing AV protocol=ip
Jul 15 02:58:37 as53-2.cnt.ru 70651: AAA/AUTHOR/IPCP As39: Processing AV addr*194.84.246.149
Jul 15 02:58:37 as53-2.cnt.ru 70652: AAA/AUTHOR/IPCP As39: Authorization succeeded
Jul 15 02:58:37 as53-2.cnt.ru 70653: AAA/AUTHOR/IPCP As39: Done. Her address 194.84.246.149, we want 194.84.246.149
Jul 15 02:58:37 as53-2.cnt.ru 70654: As39 IPCP: O CONFACK [ACKrcvd] id 3 len 22
Jul 15 02:58:37 as53-2.cnt.ru 70655: As39 IPCP: Address 194.84.246.149 (0x0306C254F695)
Jul 15 02:58:37 as53-2.cnt.ru 70656: As39 IPCP: PrimaryDNS 194.84.17.34 (0x8106C2541122)
Jul 15 02:58:37 as53-2.cnt.ru 70657: As39 IPCP: SecondaryDNS 194.84.17.35 (0x8306C2541123)
Jul 15 02:58:37 as53-2.cnt.ru 70658: As39 IPCP: State is Open
Jul 15 02:58:37 as53-2.cnt.ru 70659: As39 AAA/AUTHOR: IP_UP
Jul 15 02:58:37 as53-2.cnt.ru 70660: As39 AAA/PER-USER: processing author params.
Jul 15 02:58:37 as53-2.cnt.ru 70661: As39 IPCP: Install route to 194.84.246.149
######################
|
