ПРОЕКТЫ 


  АРХИВ 


Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 

  СТАТЬИ 


  ПЕРСОНАЛЬНОЕ 


  ПРОГРАММЫ 



ПИШИТЕ
ПИСЬМА












     АРХИВ :: Inet-Admins
Inet-Admins mailing list archive (inet-admins@info.east.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[inet-admins] Re: AAA & RADIUS



>> Чего-то я в собственных штанах запутался, похоже.... Ж;-))
>> Кто-ть обьяснит как должен выглядеть конфиг ААА на кошке,
>> что-бы она юзеру проставляла атрибуты выданные РАДИУСом?
>> (ну например Framed-IP-Addr)
>> Асинк может при этом в дедикатеде стоять?
>> ААА авторизация нужна?
>
>Да как и с tac+. Значимая часть (для тебя, чтобы ip addr etc брался) - авторизация.
>
>aaa new-model
>!
>aaa authentication login default radius enable
>aaa authentication ppp default if-needed radius
>aaa authentication username-prompt "login: "
>!
>aaa authorization exec radius if-authenticated
>aaa authorization network radius if-authenticated
>!
Да хрена, если я выставляю авторизацию юзер вообще не ходит -
насколько я понял нужно в радиусе хренову тучу сервисов под юзера прописывать, неприятно это....

Посмотрите аттачмент
по логам видно, что радиус передает в атрибуте 8 6 адрес для юзера всегда, независимо от того стоит авторизация или
нет.
сначала авторизацию не включаем - хрена (спасибо хоть пустили)
включаем через радиус - шишь нам, а не ППП!
включаем, но авторизуем всегда (aaa authorization if_authetifeced) - пускают, но адрес берут опять из пула!

Едрена вошь!!!!
Так, есть еще в доках:
------------
You typically have three methods for configuring default authorization on the security server. The following three sample
configurations are entries that could exist in a security server's configuration file:

To override the default denial or authorization from a non-existent user, specify authorization at the top level of the
configuration file:

default authorization = permit

At the user level, inside the braces of the user declaration, the default for a user who does not have a service or command
explicitly authorized is to deny that service or command. To permit it:

default service = permit
-----------

Нифига непонятно, где? На кошке - шишь, нет такого слова...
На радиусе? - где ставить, да и не обращается кошатина к радиусу-то....

Мммдааа.....

Так вот, собственно еще раз вопросы:

Необходимо-ли включать авторизацию? (насколько я понимаю это вещь не для передачи атрибутов придуманна, а
для разделения сервисов по юзерам....) Если да, то какие атрибуты придется записать на стандартного юзера,
приходящего только за ППП(ну с IP поверх - понятно...) LCP? что еще там.... Ж;-))

Может-ли быть юзеровский асинк в дедикатеде, или все-таки нужен интерактив (может здесь собака порылась? -
счаз попробую)

Может это баг конкретного ИОСА? Хотя в тулките не значится.... 11.3.2 IP+

С уважением,
          Андрей Зимин
horgi@cnt.ru

### radius user config

tst1    Encrypted-Password = "6.KKp6J/p/wB."
                Service-Type = Framed,
                Framed-Protocol = PPP,
                Framed-IP-Address = 194.84.246.254,

### cisco config
!
interface Group-Async1
 ip unnumbered Loopback1
 encapsulation ppp
 async mode dedicated
 peer default ip address pool as53-2_pool
 no fair-queue
 no cdp enable
 ppp authentication pap
 group-range 1 120
 hold-queue 64 out
!
ip local pool as53-2_pool 194.84.246.130 194.84.246.249
!
line 1 120
 exec-timeout 0 0
 no activation-character
 modem InOut
 modem autoconfigure type mica-K56Flex
 transport input telnet


### radius debug

radrecv: 1 len:83 as53-2.cnt.ru port:1645 id:66
    NAS-IP-Address = "194.84.17.132"
    NAS-Port = 102
    NAS-Port-Type = Async
    User-Name = "tst1"
    Called-Station-Id = "9951015"
    User-Password = "b...../X..d....."
        Password:ww
    Service-Type = Framed
    Framed-Protocol = PPP
    Framed-Protocol = PPP
    Framed-IP-Address = "194.84.246.254"
    Vendor = 4


#### cisco debug many things.....
################ authe only
Jul 15 01:56:44 as53-2.cnt.ru 69968: %LINK-3-UPDOWN: Interface Async102, changed state to up
Jul 15 01:56:45 as53-2.cnt.ru 69969: As102 PPP: Treating connection as a dedicated line
Jul 15 01:56:45 as53-2.cnt.ru 69970: As102 PPP: Phase is ESTABLISHING, Active Open
Jul 15 01:56:45 as53-2.cnt.ru 69971: As102 LCP: O CONFREQ [Closed] id 63 len 24
Jul 15 01:56:45 as53-2.cnt.ru 69972: As102 LCP:    ACCM 0x000A0000 (0x0206000A0000)
Jul 15 01:56:45 as53-2.cnt.ru 69973: As102 LCP:    AuthProto PAP (0x0304C023)
Jul 15 01:56:45 as53-2.cnt.ru 69974: As102 LCP:    MagicNumber 0x68172D39 (0x050668172D39)
Jul 15 01:56:45 as53-2.cnt.ru 69975: As102 LCP:    PFC (0x0702)
Jul 15 01:56:45 as53-2.cnt.ru 69976: As102 LCP:    ACFC (0x0802)
Jul 15 01:56:45 as53-2.cnt.ru 69977: As102 LCP: I CONFACK [REQsent] id 63 len 24
Jul 15 01:56:45 as53-2.cnt.ru 69978: As102 LCP:    ACCM 0x000A0000 (0x0206000A0000)
Jul 15 01:56:45 as53-2.cnt.ru 69979: As102 LCP:    AuthProto PAP (0x0304C023)
Jul 15 01:56:45 as53-2.cnt.ru 69980: As102 LCP:    MagicNumber 0x68172D39 (0x050668172D39)
Jul 15 01:56:45 as53-2.cnt.ru 69981: As102 LCP:    PFC (0x0702)
Jul 15 01:56:45 as53-2.cnt.ru 69982: As102 LCP:    ACFC (0x0802)
Jul 15 01:56:45 as53-2.cnt.ru 69983: As102 LCP: I CONFREQ [ACKrcvd] id 2 len 23
Jul 15 01:56:45 as53-2.cnt.ru 69984: As102 LCP:    ACCM 0x000A0000 (0x0206000A0000)
Jul 15 01:56:45 as53-2.cnt.ru 69985: As102 LCP:    MagicNumber 0x00173610 (0x050600173610)
Jul 15 01:56:45 as53-2.cnt.ru 69986: As102 LCP:    PFC (0x0702)
Jul 15 01:56:45 as53-2.cnt.ru 69987: As102 LCP:    ACFC (0x0802)
Jul 15 01:56:45 as53-2.cnt.ru 69988: As102 LCP:    Callback 6  (0x0D0306)
Jul 15 01:56:45 as53-2.cnt.ru 69989: As102 LCP: O CONFREJ [ACKrcvd] id 2 len 7
Jul 15 01:56:45 as53-2.cnt.ru 69990: As102 LCP:    Callback 6  (0x0D0306)
Jul 15 01:56:45 as53-2.cnt.ru 69991: As102 LCP: I CONFREQ [ACKrcvd] id 3 len 20
Jul 15 01:56:45 as53-2.cnt.ru 69992: As102 LCP:    ACCM 0x000A0000 (0x0206000A0000)
Jul 15 01:56:46 as53-2.cnt.ru 69993: As102 LCP:    MagicNumber 0x00173610 (0x050600173610)
Jul 15 01:56:46 as53-2.cnt.ru 69994: As102 LCP:    PFC (0x0702)
Jul 15 01:56:46 as53-2.cnt.ru 69995: As102 LCP:    ACFC (0x0802)
Jul 15 01:56:46 as53-2.cnt.ru 69996: As102 LCP: O CONFACK [ACKrcvd] id 3 len 20
Jul 15 01:56:46 as53-2.cnt.ru 69997: As102 LCP:    ACCM 0x000A0000 (0x0206000A0000)
Jul 15 01:56:46 as53-2.cnt.ru 69998: As102 LCP:    MagicNumber 0x00173610 (0x050600173610)
Jul 15 01:56:46 as53-2.cnt.ru 69999: As102 LCP:    PFC (0x0702)
Jul 15 01:56:46 as53-2.cnt.ru 70000: As102 LCP:    ACFC (0x0802)
Jul 15 01:56:46 as53-2.cnt.ru 70001: As102 LCP: State is Open
Jul 15 01:56:46 as53-2.cnt.ru 70002: As102 PPP: Phase is AUTHENTICATING, by this end
Jul 15 01:56:46 as53-2.cnt.ru 70003: As102 PAP: I AUTH-REQ id 1 len 12 from "tst1"
Jul 15 01:56:46 as53-2.cnt.ru 70004: As102 PAP: Authenticating peer tst1
Jul 15 01:56:46 as53-2.cnt.ru 70005: AAA/AUTHEN: create_user (0x6126CAD4) user='tst1' ruser='' port='Async102' rem_addr='async/9951015' authen_type=PAP service=PPP priv=1
Jul 15 01:56:46 as53-2.cnt.ru 70006: AAA/AUTHEN/START (2239593697): port='Async102' list='' action=LOGIN service=PPP
Jul 15 01:56:46 as53-2.cnt.ru 70007: AAA/AUTHEN/START (2239593697): using "default" list
Jul 15 01:56:46 as53-2.cnt.ru 70008: AAA/AUTHEN/START (2239593697): Method=RADIUS
Jul 15 01:56:46 as53-2.cnt.ru 70009: RADIUS: Initial Transmit id 66 194.84.17.35:1645, Access-Request, len 83
Jul 15 01:56:46 as53-2.cnt.ru 70010:         Attribute 4 6 C2541184
Jul 15 01:56:46 as53-2.cnt.ru 70011:         Attribute 5 6 00000066
Jul 15 01:56:46 as53-2.cnt.ru 70012:         Attribute 61 6 00000000
Jul 15 01:56:46 as53-2.cnt.ru 70013:         Attribute 1 6 74737431
Jul 15 01:56:46 as53-2.cnt.ru 70014:         Attribute 30 9 39393531
Jul 15 01:56:46 as53-2.cnt.ru 70015:         Attribute 2 18 62FCDBD9
Jul 15 01:56:46 as53-2.cnt.ru 70016:         Attribute 6 6 00000002
Jul 15 01:56:46 as53-2.cnt.ru 70017:         Attribute 7 6 00000001
Jul 15 01:56:46 as53-2.cnt.ru 70018: RADIUS: Received from id 66 194.84.17.35:1645, Access-Accept, len 32
Jul 15 01:56:46 as53-2.cnt.ru 70019:         Attribute 7 6 00000001
Jul 15 01:56:46 as53-2.cnt.ru 70020:         Attribute 8 6 C254F6FE
Jul 15 01:56:46 as53-2.cnt.ru 70021: RADIUS: saved authorization data for user 6126CAD4 at 61152070
Jul 15 01:56:46 as53-2.cnt.ru 70022: AAA/AUTHEN (2239593697): status = PASS
Jul 15 01:56:46 as53-2.cnt.ru 70023: As102 PAP: O AUTH-ACK id 1 len 5
Jul 15 01:56:46 as53-2.cnt.ru 70024: As102 PPP: Phase is UP
Jul 15 01:56:46 as53-2.cnt.ru 70025: As102 IPCP: O CONFREQ [Closed] id 146 len 10
Jul 15 01:56:46 as53-2.cnt.ru 70026: As102 IPCP:    Address 194.84.246.129 (0x0306C254F681)
Jul 15 01:56:46 as53-2.cnt.ru 70027: RADIUS: server 194.84.17.35 doesn't support type 4
Jul 15 01:56:46 as53-2.cnt.ru 70028: RADIUS: Initial Transmit id 67 194.84.17.34:1646, Accounting-Request, len 93
Jul 15 01:56:46 as53-2.cnt.ru 70029:         Attribute 4 6 C2541184
Jul 15 01:56:46 as53-2.cnt.ru 70030:         Attribute 5 6 00000066
Jul 15 01:56:46 as53-2.cnt.ru 70031:         Attribute 61 6 00000000
Jul 15 01:56:46 as53-2.cnt.ru 70032:         Attribute 1 6 74737431
Jul 15 01:56:46 as53-2.cnt.ru 70033:         Attribute 30 9 39393531
Jul 15 01:56:46 as53-2.cnt.ru 70034:         Attribute 40 6 00000001
Jul 15 01:56:46 as53-2.cnt.ru 70035:         Attribute 45 6 00000001
Jul 15 01:56:46 as53-2.cnt.ru 70036:         Attribute 6 6 00000002
Jul 15 01:56:46 as53-2.cnt.ru 70037:         Attribute 44 10 30303030
Jul 15 01:56:46 as53-2.cnt.ru 70038:         Attribute 7 6 00000001
Jul 15 01:56:46 as53-2.cnt.ru 70039:         Attribute 41 6 00000000
Jul 15 01:56:46 as53-2.cnt.ru 70040: RADIUS: Received from id 67 194.84.17.34:1646, Accounting-response, len 20
Jul 15 01:56:46 as53-2.cnt.ru 70041: As102 IPCP: I CONFREQ [REQsent] id 1 len 34
Jul 15 01:56:46 as53-2.cnt.ru 70042: As102 IPCP:    Address 0.0.0.0 (0x030600000000)
Jul 15 01:56:46 as53-2.cnt.ru 70043: As102 IPCP:    PrimaryDNS 194.84.17.34 (0x8106C2541122)
Jul 15 01:56:46 as53-2.cnt.ru 70044: As102 IPCP:    PrimaryWINS 0.0.0.0 (0x820600000000)
Jul 15 01:56:46 as53-2.cnt.ru 70045: As102 IPCP:    SecondaryDNS 194.84.17.35 (0x8306C2541123)
Jul 15 01:56:46 as53-2.cnt.ru 70046: As102 IPCP:    SecondaryWINS 0.0.0.0 (0x840600000000)
Jul 15 01:56:46 as53-2.cnt.ru 70047: As102 IPCP: Using pool 'as53-2_pool'
Jul 15 01:56:46 as53-2.cnt.ru 70048: As102 IPCP: Pool returned 194.84.246.149
Jul 15 01:56:46 as53-2.cnt.ru 70049: As102 IPCP: O CONFREJ [REQsent] id 1 len 16
Jul 15 01:56:46 as53-2.cnt.ru 70050: As102 IPCP:    PrimaryWINS 0.0.0.0 (0x820600000000)
Jul 15 01:56:46 as53-2.cnt.ru 70051: As102 IPCP:    SecondaryWINS 0.0.0.0 (0x840600000000)
Jul 15 01:56:46 as53-2.cnt.ru 70052: As102 IPCP: I CONFACK [REQsent] id 146 len 10
Jul 15 01:56:46 as53-2.cnt.ru 70053: As102 IPCP:    Address 194.84.246.129 (0x0306C254F681)
Jul 15 01:56:46 as53-2.cnt.ru 70054: As102 IPCP: I CONFREQ [ACKrcvd] id 2 len 22
Jul 15 01:56:46 as53-2.cnt.ru 70055: As102 IPCP:    Address 0.0.0.0 (0x030600000000)
Jul 15 01:56:46 as53-2.cnt.ru 70056: As102 IPCP:    PrimaryDNS 194.84.17.34 (0x8106C2541122)
Jul 15 01:56:46 as53-2.cnt.ru 70057: As102 IPCP:    SecondaryDNS 194.84.17.35 (0x8306C2541123)
Jul 15 01:56:46 as53-2.cnt.ru 70058: As102 IPCP: O CONFNAK [ACKrcvd] id 2 len 10
Jul 15 01:56:46 as53-2.cnt.ru 70059: As102 IPCP:    Address 194.84.246.149 (0x0306C254F695)
Jul 15 01:56:46 as53-2.cnt.ru 70060: As102 IPCP: I CONFREQ [ACKrcvd] id 3 len 22
Jul 15 01:56:46 as53-2.cnt.ru 70061: As102 IPCP:    Address 194.84.246.149 (0x0306C254F695)
Jul 15 01:56:47 as53-2.cnt.ru 70062: As102 IPCP:    PrimaryDNS 194.84.17.34 (0x8106C2541122)
Jul 15 01:56:47 as53-2.cnt.ru 70063: As102 IPCP:    SecondaryDNS 194.84.17.35 (0x8306C2541123)
Jul 15 01:56:47 as53-2.cnt.ru 70064: As102 IPCP: O CONFACK [ACKrcvd] id 3 len 22
Jul 15 01:56:47 as53-2.cnt.ru 70065: As102 IPCP:    Address 194.84.246.149 (0x0306C254F695)
Jul 15 01:56:47 as53-2.cnt.ru 70066: As102 IPCP:    PrimaryDNS 194.84.17.34 (0x8106C2541122)
Jul 15 01:56:47 as53-2.cnt.ru 70067: As102 IPCP:    SecondaryDNS 194.84.17.35 (0x8306C2541123)
Jul 15 01:56:47 as53-2.cnt.ru 70068: As102 IPCP: State is Open
Jul 15 01:56:47 as53-2.cnt.ru 70069: As102 AAA/AUTHOR: IP_UP
Jul 15 01:56:47 as53-2.cnt.ru 70070: As102 AAA/PER-USER: processing author params.
Jul 15 01:56:47 as53-2.cnt.ru 70071: As102 IPCP: Install route to 194.84.246.149
Jul 15 01:56:48 as53-2.cnt.ru 70072: %LINEPROTO-5-UPDOWN: Line protocol on Interface Async102, changed state to up
####################### athe + autho netw radius
Jul 15 02:14:58 as53-2.cnt.ru 70184: AAA/AUTHEN: free_user (0x6126CAD4) user='tst1' ruser='' port='Async102' rem_addr='async/9951015' authen_type=PAP service=PPP priv=1
Jul 15 02:15:44 as53-2.cnt.ru 70185: %LINK-3-UPDOWN: Interface Async37, changed state to up
Jul 15 02:15:45 as53-2.cnt.ru 70186: As37 PPP: Treating connection as a dedicated line
Jul 15 02:15:45 as53-2.cnt.ru 70187: As37 PPP: Phase is ESTABLISHING, Active Open
Jul 15 02:15:45 as53-2.cnt.ru 70188: As37 LCP: O CONFREQ [Closed] id 66 len 24
Jul 15 02:15:45 as53-2.cnt.ru 70189: As37 LCP:    ACCM 0x000A0000 (0x0206000A0000)
Jul 15 02:15:45 as53-2.cnt.ru 70190: As37 LCP:    AuthProto PAP (0x0304C023)
Jul 15 02:15:45 as53-2.cnt.ru 70191: As37 LCP:    MagicNumber 0x68289256 (0x050668289256)
Jul 15 02:15:45 as53-2.cnt.ru 70192: As37 LCP:    PFC (0x0702)
Jul 15 02:15:45 as53-2.cnt.ru 70193: As37 LCP:    ACFC (0x0802)
Jul 15 02:15:45 as53-2.cnt.ru 70194: As37 LCP: I CONFACK [REQsent] id 66 len 24
Jul 15 02:15:45 as53-2.cnt.ru 70195: As37 LCP:    ACCM 0x000A0000 (0x0206000A0000)
Jul 15 02:15:45 as53-2.cnt.ru 70196: As37 LCP:    AuthProto PAP (0x0304C023)
Jul 15 02:15:45 as53-2.cnt.ru 70197: As37 LCP:    MagicNumber 0x68289256 (0x050668289256)
Jul 15 02:15:45 as53-2.cnt.ru 70198: As37 LCP:    PFC (0x0702)
Jul 15 02:15:45 as53-2.cnt.ru 70199: As37 LCP:    ACFC (0x0802)
Jul 15 02:15:45 as53-2.cnt.ru 70200: As37 LCP: I CONFREQ [ACKrcvd] id 2 len 23
Jul 15 02:15:45 as53-2.cnt.ru 70201: As37 LCP:    ACCM 0x000A0000 (0x0206000A0000)
Jul 15 02:15:45 as53-2.cnt.ru 70202: As37 LCP:    MagicNumber 0x00289C37 (0x050600289C37)
Jul 15 02:15:45 as53-2.cnt.ru 70203: As37 LCP:    PFC (0x0702)
Jul 15 02:15:45 as53-2.cnt.ru 70204: As37 LCP:    ACFC (0x0802)
Jul 15 02:15:45 as53-2.cnt.ru 70205: As37 LCP:    Callback 6  (0x0D0306)
Jul 15 02:15:45 as53-2.cnt.ru 70206: As37 LCP: O CONFREJ [ACKrcvd] id 2 len 7
Jul 15 02:15:45 as53-2.cnt.ru 70207: As37 LCP:    Callback 6  (0x0D0306)
Jul 15 02:15:45 as53-2.cnt.ru 70208: As37 LCP: I CONFREQ [ACKrcvd] id 3 len 20
Jul 15 02:15:45 as53-2.cnt.ru 70209: As37 LCP:    ACCM 0x000A0000 (0x0206000A0000)
Jul 15 02:15:45 as53-2.cnt.ru 70210: As37 LCP:    MagicNumber 0x00289C37 (0x050600289C37)
Jul 15 02:15:45 as53-2.cnt.ru 70211: As37 LCP:    PFC (0x0702)
Jul 15 02:15:45 as53-2.cnt.ru 70212: As37 LCP:    ACFC (0x0802)
Jul 15 02:15:45 as53-2.cnt.ru 70213: As37 LCP: O CONFACK [ACKrcvd] id 3 len 20
Jul 15 02:15:45 as53-2.cnt.ru 70214: As37 LCP:    ACCM 0x000A0000 (0x0206000A0000)
Jul 15 02:15:45 as53-2.cnt.ru 70215: As37 LCP:    MagicNumber 0x00289C37 (0x050600289C37)
Jul 15 02:15:45 as53-2.cnt.ru 70216: As37 LCP:    PFC (0x0702)
Jul 15 02:15:45 as53-2.cnt.ru 70217: As37 LCP:    ACFC (0x0802)
Jul 15 02:15:45 as53-2.cnt.ru 70218: As37 LCP: State is Open
Jul 15 02:15:45 as53-2.cnt.ru 70219: As37 PPP: Phase is AUTHENTICATING, by this end
Jul 15 02:15:45 as53-2.cnt.ru 70220: As37 PAP: I AUTH-REQ id 1 len 12 from "tst1"
Jul 15 02:15:45 as53-2.cnt.ru 70221: As37 PAP: Authenticating peer tst1
Jul 15 02:15:45 as53-2.cnt.ru 70222: AAA/AUTHEN: create_user (0x610E7674) user='tst1' ruser='' port='Async37' rem_addr='async/9951015' authen_type=PAP service=PPP priv=1
Jul 15 02:15:45 as53-2.cnt.ru 70223: AAA/AUTHEN/START (2049094064): port='Async37' list='' action=LOGIN service=PPP
Jul 15 02:15:45 as53-2.cnt.ru 70224: AAA/AUTHEN/START (2049094064): using "default" list
Jul 15 02:15:46 as53-2.cnt.ru 70225: AAA/AUTHEN/START (2049094064): Method=RADIUS
Jul 15 02:15:46 as53-2.cnt.ru 70226: RADIUS: Initial Transmit id 79 194.84.17.35:1645, Access-Request, len 83
Jul 15 02:15:46 as53-2.cnt.ru 70227:         Attribute 4 6 C2541184
Jul 15 02:15:46 as53-2.cnt.ru 70228:         Attribute 5 6 00000025
Jul 15 02:15:46 as53-2.cnt.ru 70229:         Attribute 61 6 00000000
Jul 15 02:15:46 as53-2.cnt.ru 70230:         Attribute 1 6 74737431
Jul 15 02:15:46 as53-2.cnt.ru 70231:         Attribute 30 9 39393531
Jul 15 02:15:46 as53-2.cnt.ru 70232:         Attribute 2 18 39A8076E
Jul 15 02:15:46 as53-2.cnt.ru 70233:         Attribute 6 6 00000002
Jul 15 02:15:46 as53-2.cnt.ru 70234:         Attribute 7 6 00000001
Jul 15 02:15:46 as53-2.cnt.ru 70235: RADIUS: Received from id 79 194.84.17.35:1645, Access-Accept, len 32
Jul 15 02:15:46 as53-2.cnt.ru 70236:         Attribute 7 6 00000001
Jul 15 02:15:46 as53-2.cnt.ru 70237:         Attribute 8 6 C254F6FE
Jul 15 02:15:46 as53-2.cnt.ru 70238: %RADIUS-6-SERVERALIVE: Radius server 194.84.17.35 is responding again (previously dead).
Jul 15 02:15:46 as53-2.cnt.ru 70239: RADIUS: saved authorization data for user 610E7674 at 60F82DEC
Jul 15 02:15:46 as53-2.cnt.ru 70240: AAA/AUTHEN (2049094064): status = PASS
Jul 15 02:15:46 as53-2.cnt.ru 70241: AAA/AUTHOR/LCP As37: Authorize LCP
Jul 15 02:15:46 as53-2.cnt.ru 70242: AAA/AUTHOR/LCP: Async37: (3189578723): user='tst1'
Jul 15 02:15:46 as53-2.cnt.ru 70243: AAA/AUTHOR/LCP: Async37: (3189578723): send AV service=ppp
Jul 15 02:15:46 as53-2.cnt.ru 70244: AAA/AUTHOR/LCP: Async37: (3189578723): send AV protocol=lcp
Jul 15 02:15:46 as53-2.cnt.ru 70245: AAA/AUTHOR/LCP: Async37: (3189578723): Method=RADIUS
Jul 15 02:15:46 as53-2.cnt.ru 70246: RADIUS: no appropriate authorization type for user.
Jul 15 02:15:46 as53-2.cnt.ru 70247: AAA/AUTHOR (3189578723): Post authorization status = FAIL
Jul 15 02:15:46 as53-2.cnt.ru 70248: AAA/AUTHOR/LCP As37: Denied
Jul 15 02:15:46 as53-2.cnt.ru 70249: AAA/AUTHEN: free_user (0x610E7674) user='tst1' ruser='' port='Async37' rem_addr='async/9951015' authen_type=PAP service=PPP priv=1
Jul 15 02:15:46 as53-2.cnt.ru 70250: As37 PAP: O AUTH-NAK id 1 len 25 msg is "Authorization failed"
Jul 15 02:15:46 as53-2.cnt.ru 70251: As37 PPP: Phase is TERMINATING
Jul 15 02:15:46 as53-2.cnt.ru 70252: As37 LCP: O TERMREQ [Open] id 67 len 4
Jul 15 02:15:46 as53-2.cnt.ru 70253: As37 AAA/AUTHOR: LCP_DOWN
Jul 15 02:15:46 as53-2.cnt.ru 70254: As37 LCP: I TERMACK [TERMsent] id 67 len 4
Jul 15 02:15:46 as53-2.cnt.ru 70255: As37 LCP: State is Closed
Jul 15 02:15:46 as53-2.cnt.ru 70256: As37 PPP: Phase is DOWN
Jul 15 02:15:46 as53-2.cnt.ru 70257: As37 PPP: Phase is ESTABLISHING, Passive Open
Jul 15 02:15:46 as53-2.cnt.ru 70258: As37 LCP: State is Listen
Jul 15 02:15:47 as53-2.cnt.ru 70259: %ISDN-6-DISCONNECT: Interface Serial2:28  disconnected from unknown , call lasted 22 seconds
Jul 15 02:15:48 as53-2.cnt.ru 70260: %LINK-5-CHANGED: Interface Async37, changed state to reset
Jul 15 02:15:49 as53-2.cnt.ru 70261: As37 LCP: State is Closed
Jul 15 02:15:49 as53-2.cnt.ru 70262: As37 PPP: Phase is DOWN
Jul 15 02:15:53 as53-2.cnt.ru 70263: %LINK-3-UPDOWN: Interface Async37, changed state to down
Jul 15 02:15:54 as53-2.cnt.ru 70264: As37 LCP: State is Closed
Jul 15 02:15:54 as53-2.cnt.ru 70265: As37 PPP: Phase is DOWN
################## authe + autho netw if_authe
Jul 15 02:58:34 as53-2.cnt.ru 70520: %LINK-3-UPDOWN: Interface Async39, changed state to up
Jul 15 02:58:35 as53-2.cnt.ru 70521: As39 PPP: Treating connection as a dedicated line
Jul 15 02:58:35 as53-2.cnt.ru 70522: As39 PPP: Phase is ESTABLISHING, Active Open
Jul 15 02:58:35 as53-2.cnt.ru 70523: As39 LCP: O CONFREQ [Closed] id 166 len 24
Jul 15 02:58:35 as53-2.cnt.ru 70524: As39 LCP:    ACCM 0x000A0000 (0x0206000A0000)
Jul 15 02:58:35 as53-2.cnt.ru 70525: As39 LCP:    AuthProto PAP (0x0304C023)
Jul 15 02:58:35 as53-2.cnt.ru 70526: As39 LCP:    MagicNumber 0x684FCBEE (0x0506684FCBEE)
Jul 15 02:58:35 as53-2.cnt.ru 70527: As39 LCP:    PFC (0x0702)
Jul 15 02:58:35 as53-2.cnt.ru 70528: As39 LCP:    ACFC (0x0802)
Jul 15 02:58:35 as53-2.cnt.ru 70529: As39 LCP: I CONFACK [REQsent] id 166 len 24
Jul 15 02:58:35 as53-2.cnt.ru 70530: As39 LCP:    ACCM 0x000A0000 (0x0206000A0000)
Jul 15 02:58:35 as53-2.cnt.ru 70531: As39 LCP:    AuthProto PAP (0x0304C023)
Jul 15 02:58:35 as53-2.cnt.ru 70532: As39 LCP:    MagicNumber 0x684FCBEE (0x0506684FCBEE)
Jul 15 02:58:35 as53-2.cnt.ru 70533: As39 LCP:    PFC (0x0702)
Jul 15 02:58:35 as53-2.cnt.ru 70534: As39 LCP:    ACFC (0x0802)
Jul 15 02:58:35 as53-2.cnt.ru 70535: As39 LCP: I CONFREQ [ACKrcvd] id 2 len 23
Jul 15 02:58:35 as53-2.cnt.ru 70536: As39 LCP:    ACCM 0x000A0000 (0x0206000A0000)
Jul 15 02:58:35 as53-2.cnt.ru 70537: As39 LCP:    MagicNumber 0x004FD602 (0x0506004FD602)
Jul 15 02:58:35 as53-2.cnt.ru 70538: As39 LCP:    PFC (0x0702)
Jul 15 02:58:35 as53-2.cnt.ru 70539: As39 LCP:    ACFC (0x0802)
Jul 15 02:58:35 as53-2.cnt.ru 70540: As39 LCP:    Callback 6  (0x0D0306)
Jul 15 02:58:35 as53-2.cnt.ru 70541: As39 LCP: O CONFREJ [ACKrcvd] id 2 len 7
Jul 15 02:58:35 as53-2.cnt.ru 70542: As39 LCP:    Callback 6  (0x0D0306)
Jul 15 02:58:35 as53-2.cnt.ru 70543: As39 LCP: I CONFREQ [ACKrcvd] id 3 len 20
Jul 15 02:58:35 as53-2.cnt.ru 70544: As39 LCP:    ACCM 0x000A0000 (0x0206000A0000)
Jul 15 02:58:35 as53-2.cnt.ru 70545: As39 LCP:    MagicNumber 0x004FD602 (0x0506004FD602)
Jul 15 02:58:35 as53-2.cnt.ru 70546: As39 LCP:    PFC (0x0702)
Jul 15 02:58:35 as53-2.cnt.ru 70547: As39 LCP:    ACFC (0x0802)
Jul 15 02:58:35 as53-2.cnt.ru 70548: As39 LCP: O CONFACK [ACKrcvd] id 3 len 20
Jul 15 02:58:35 as53-2.cnt.ru 70549: As39 LCP:    ACCM 0x000A0000 (0x0206000A0000)
Jul 15 02:58:35 as53-2.cnt.ru 70550: As39 LCP:    MagicNumber 0x004FD602 (0x0506004FD602)
Jul 15 02:58:35 as53-2.cnt.ru 70551: As39 LCP:    PFC (0x0702)
Jul 15 02:58:35 as53-2.cnt.ru 70552: As39 LCP:    ACFC (0x0802)
Jul 15 02:58:35 as53-2.cnt.ru 70553: As39 LCP: State is Open
Jul 15 02:58:35 as53-2.cnt.ru 70554: As39 PPP: Phase is AUTHENTICATING, by this end
Jul 15 02:58:35 as53-2.cnt.ru 70555: As39 PAP: I AUTH-REQ id 1 len 12 from "tst1"
Jul 15 02:58:35 as53-2.cnt.ru 70556: As39 PAP: Authenticating peer tst1
Jul 15 02:58:35 as53-2.cnt.ru 70557: AAA/AUTHEN: create_user (0x60AAE62C) user='tst1' ruser='' port='Async39' rem_addr='async/9951015' authen_type=PAP service=PPP priv=1
Jul 15 02:58:35 as53-2.cnt.ru 70558: AAA/AUTHEN/START (4205452119): port='Async39' list='' action=LOGIN service=PPP
Jul 15 02:58:35 as53-2.cnt.ru 70559: AAA/AUTHEN/START (4205452119): using "default" list
Jul 15 02:58:35 as53-2.cnt.ru 70560: AAA/AUTHEN/START (4205452119): Method=RADIUS
Jul 15 02:58:35 as53-2.cnt.ru 70561: RADIUS: server 194.84.17.35 marked dead, skipping
Jul 15 02:58:35 as53-2.cnt.ru 70562: RADIUS: server 194.84.17.34 doesn't support type 1
Jul 15 02:58:35 as53-2.cnt.ru 70563: RADIUS: Initial Transmit id 105 194.84.17.35:1645, Access-Request, len 83
Jul 15 02:58:35 as53-2.cnt.ru 70564:         Attribute 4 6 C2541184
Jul 15 02:58:35 as53-2.cnt.ru 70565:         Attribute 5 6 00000027
Jul 15 02:58:35 as53-2.cnt.ru 70566:         Attribute 61 6 00000000
Jul 15 02:58:35 as53-2.cnt.ru 70567:         Attribute 1 6 74737431
Jul 15 02:58:35 as53-2.cnt.ru 70568:         Attribute 30 9 39393531
Jul 15 02:58:35 as53-2.cnt.ru 70569:         Attribute 2 18 D0428460
Jul 15 02:58:35 as53-2.cnt.ru 70570:         Attribute 6 6 00000002
Jul 15 02:58:35 as53-2.cnt.ru 70571:         Attribute 7 6 00000001
Jul 15 02:58:35 as53-2.cnt.ru 70572: RADIUS: Received from id 105 194.84.17.35:1645, Access-Accept, len 32
Jul 15 02:58:35 as53-2.cnt.ru 70573:         Attribute 7 6 00000001
Jul 15 02:58:35 as53-2.cnt.ru 70574:         Attribute 8 6 C254F6FE
Jul 15 02:58:35 as53-2.cnt.ru 70575: RADIUS: saved authorization data for user 60AAE62C at 61125164
Jul 15 02:58:35 as53-2.cnt.ru 70576: AAA/AUTHEN (4205452119): status = PASS
Jul 15 02:58:35 as53-2.cnt.ru 70577: AAA/AUTHOR/LCP As39: Authorize LCP
Jul 15 02:58:35 as53-2.cnt.ru 70578: AAA/AUTHOR/LCP: Async39: (2063792303): user='tst1'
Jul 15 02:58:35 as53-2.cnt.ru 70579: AAA/AUTHOR/LCP: Async39: (2063792303): send AV service=ppp
Jul 15 02:58:35 as53-2.cnt.ru 70580: AAA/AUTHOR/LCP: Async39: (2063792303): send AV protocol=lcp
Jul 15 02:58:35 as53-2.cnt.ru 70581: AAA/AUTHOR/LCP: Async39: (2063792303): Method=IF_AUTHEN
Jul 15 02:58:35 as53-2.cnt.ru 70582: AAA/AUTHOR (2063792303): Post authorization status = PASS_ADD
Jul 15 02:58:35 as53-2.cnt.ru 70583: As39 PAP: O AUTH-ACK id 1 len 5
Jul 15 02:58:35 as53-2.cnt.ru 70584: As39 PPP: Phase is UP
Jul 15 02:58:35 as53-2.cnt.ru 70585: AAA/AUTHOR/FSM As39: (0): Can we start IPCP?
Jul 15 02:58:35 as53-2.cnt.ru 70586: AAA/AUTHOR/FSM: Async39: (357576884): user='tst1'
Jul 15 02:58:35 as53-2.cnt.ru 70587: AAA/AUTHOR/FSM: Async39: (357576884): send AV service=ppp
Jul 15 02:58:35 as53-2.cnt.ru 70588: AAA/AUTHOR/FSM: Async39: (357576884): send AV protocol=ip
Jul 15 02:58:35 as53-2.cnt.ru 70589: AAA/AUTHOR/FSM: Async39: (357576884): Method=IF_AUTHEN
Jul 15 02:58:35 as53-2.cnt.ru 70590: AAA/AUTHOR (357576884): Post authorization status = PASS_ADD
Jul 15 02:58:35 as53-2.cnt.ru 70591: AAA/AUTHOR/FSM As39: We can start IPCP
Jul 15 02:58:35 as53-2.cnt.ru 70592: As39 IPCP: O CONFREQ [Closed] id 175 len 10
Jul 15 02:58:35 as53-2.cnt.ru 70593: As39 IPCP:    Address 194.84.246.129 (0x0306C254F681)
Jul 15 02:58:35 as53-2.cnt.ru 70594: RADIUS: server 194.84.17.35 doesn't support type 4
Jul 15 02:58:35 as53-2.cnt.ru 70595: RADIUS: server 194.84.17.34 marked dead, skipping
Jul 15 02:58:35 as53-2.cnt.ru 70596: RADIUS: Initial Transmit id 106 194.84.17.35:0, Accounting-Request, len 93
Jul 15 02:58:35 as53-2.cnt.ru 70597:         Attribute 4 6 C2541184
Jul 15 02:58:35 as53-2.cnt.ru 70598:         Attribute 5 6 00000027
Jul 15 02:58:35 as53-2.cnt.ru 70599:         Attribute 61 6 00000000
Jul 15 02:58:35 as53-2.cnt.ru 70600:         Attribute 1 6 74737431
Jul 15 02:58:35 as53-2.cnt.ru 70601:         Attribute 30 9 39393531
Jul 15 02:58:35 as53-2.cnt.ru 70602:         Attribute 40 6 00000001
Jul 15 02:58:35 as53-2.cnt.ru 70603:         Attribute 45 6 00000001
Jul 15 02:58:35 as53-2.cnt.ru 70604:         Attribute 6 6 00000002
Jul 15 02:58:35 as53-2.cnt.ru 70605:         Attribute 44 10 30303030
Jul 15 02:58:35 as53-2.cnt.ru 70606:         Attribute 7 6 00000001
Jul 15 02:58:35 as53-2.cnt.ru 70607:         Attribute 41 6 00000000
Jul 15 02:58:35 as53-2.cnt.ru 70608: As39 IPCP: I CONFREQ [REQsent] id 1 len 34
Jul 15 02:58:35 as53-2.cnt.ru 70609: As39 IPCP:    Address 0.0.0.0 (0x030600000000)
Jul 15 02:58:35 as53-2.cnt.ru 70610: As39 IPCP:    PrimaryDNS 194.84.17.34 (0x8106C2541122)
Jul 15 02:58:35 as53-2.cnt.ru 70611: As39 IPCP:    PrimaryWINS 0.0.0.0 (0x820600000000)
Jul 15 02:58:35 as53-2.cnt.ru 70612: As39 IPCP:    SecondaryDNS 194.84.17.35 (0x8306C2541123)
Jul 15 02:58:35 as53-2.cnt.ru 70613: As39 IPCP:    SecondaryWINS 0.0.0.0 (0x840600000000)
Jul 15 02:58:36 as53-2.cnt.ru 70614: AAA/AUTHOR/IPCP As39: Start.  Her address 0.0.0.0, we want 0.0.0.0
Jul 15 02:58:36 as53-2.cnt.ru 70615: AAA/AUTHOR/IPCP As39: Processing AV service=ppp
Jul 15 02:58:36 as53-2.cnt.ru 70616: AAA/AUTHOR/IPCP As39: Processing AV protocol=ip
Jul 15 02:58:36 as53-2.cnt.ru 70617: AAA/AUTHOR/IPCP As39: Authorization succeeded
Jul 15 02:58:36 as53-2.cnt.ru 70618: AAA/AUTHOR/IPCP As39: Done.  Her address 0.0.0.0, we want 0.0.0.0
Jul 15 02:58:36 as53-2.cnt.ru 70619: As39 IPCP: Using pool 'as53-2_pool'
Jul 15 02:58:36 as53-2.cnt.ru 70620: As39 IPCP: Pool returned 194.84.246.149
Jul 15 02:58:36 as53-2.cnt.ru 70621: As39 IPCP: O CONFREJ [REQsent] id 1 len 16
Jul 15 02:58:36 as53-2.cnt.ru 70622: As39 IPCP:    PrimaryWINS 0.0.0.0 (0x820600000000)
Jul 15 02:58:36 as53-2.cnt.ru 70623: As39 IPCP:    SecondaryWINS 0.0.0.0 (0x840600000000)
Jul 15 02:58:36 as53-2.cnt.ru 70624: As39 IPCP: I CONFACK [REQsent] id 175 len 10
Jul 15 02:58:36 as53-2.cnt.ru 70625: As39 IPCP:    Address 194.84.246.129 (0x0306C254F681)
Jul 15 02:58:36 as53-2.cnt.ru 70626: %LINEPROTO-5-UPDOWN: Line protocol on Interface Async39, changed state to up
Jul 15 02:58:36 as53-2.cnt.ru 70627: As39 IPCP: I CONFREQ [ACKrcvd] id 2 len 22
Jul 15 02:58:36 as53-2.cnt.ru 70628: As39 IPCP:    Address 0.0.0.0 (0x030600000000)
Jul 15 02:58:36 as53-2.cnt.ru 70629: As39 IPCP:    PrimaryDNS 194.84.17.34 (0x8106C2541122)
Jul 15 02:58:36 as53-2.cnt.ru 70630: As39 IPCP:    SecondaryDNS 194.84.17.35 (0x8306C2541123)
Jul 15 02:58:36 as53-2.cnt.ru 70631: AAA/AUTHOR/IPCP As39: Start.  Her address 0.0.0.0, we want 194.84.246.149
Jul 15 02:58:36 as53-2.cnt.ru 70632: AAA/AUTHOR/IPCP As39: Processing AV service=ppp
Jul 15 02:58:36 as53-2.cnt.ru 70633: AAA/AUTHOR/IPCP As39: Processing AV protocol=ip
Jul 15 02:58:36 as53-2.cnt.ru 70634: AAA/AUTHOR/IPCP As39: Authorization succeeded
Jul 15 02:58:36 as53-2.cnt.ru 70635: AAA/AUTHOR/IPCP As39: Done.  Her address 0.0.0.0, we want 194.84.246.149
Jul 15 02:58:36 as53-2.cnt.ru 70636: As39 IPCP: O CONFNAK [ACKrcvd] id 2 len 10
Jul 15 02:58:36 as53-2.cnt.ru 70637: As39 IPCP:    Address 194.84.246.149 (0x0306C254F695)
Jul 15 02:58:36 as53-2.cnt.ru 70638: As39 IPCP: I CONFREQ [ACKrcvd] id 3 len 22
Jul 15 02:58:36 as53-2.cnt.ru 70639: As39 IPCP:    Address 194.84.246.149 (0x0306C254F695)
Jul 15 02:58:36 as53-2.cnt.ru 70640: As39 IPCP:    PrimaryDNS 194.84.17.34 (0x8106C2541122)
Jul 15 02:58:36 as53-2.cnt.ru 70641: As39 IPCP:    SecondaryDNS 194.84.17.35 (0x8306C2541123)
Jul 15 02:58:36 as53-2.cnt.ru 70642: AAA/AUTHOR/IPCP As39: Start.  Her address 194.84.246.149, we want 194.84.246.149
Jul 15 02:58:36 as53-2.cnt.ru 70643: AAA/AUTHOR/IPCP: Async39: (657314869): user='tst1'
Jul 15 02:58:36 as53-2.cnt.ru 70644: AAA/AUTHOR/IPCP: Async39: (657314869): send AV service=ppp
Jul 15 02:58:36 as53-2.cnt.ru 70645: AAA/AUTHOR/IPCP: Async39: (657314869): send AV protocol=ip
Jul 15 02:58:36 as53-2.cnt.ru 70646: AAA/AUTHOR/IPCP: Async39: (657314869): send AV addr*194.84.246.149
Jul 15 02:58:36 as53-2.cnt.ru 70647: AAA/AUTHOR/IPCP: Async39: (657314869): Method=IF_AUTHEN
Jul 15 02:58:36 as53-2.cnt.ru 70648: AAA/AUTHOR (657314869): Post authorization status = PASS_ADD
Jul 15 02:58:36 as53-2.cnt.ru 70649: AAA/AUTHOR/IPCP As39: Processing AV service=ppp
Jul 15 02:58:37 as53-2.cnt.ru 70650: AAA/AUTHOR/IPCP As39: Processing AV protocol=ip
Jul 15 02:58:37 as53-2.cnt.ru 70651: AAA/AUTHOR/IPCP As39: Processing AV addr*194.84.246.149
Jul 15 02:58:37 as53-2.cnt.ru 70652: AAA/AUTHOR/IPCP As39: Authorization succeeded
Jul 15 02:58:37 as53-2.cnt.ru 70653: AAA/AUTHOR/IPCP As39: Done.  Her address 194.84.246.149, we want 194.84.246.149
Jul 15 02:58:37 as53-2.cnt.ru 70654: As39 IPCP: O CONFACK [ACKrcvd] id 3 len 22
Jul 15 02:58:37 as53-2.cnt.ru 70655: As39 IPCP:    Address 194.84.246.149 (0x0306C254F695)
Jul 15 02:58:37 as53-2.cnt.ru 70656: As39 IPCP:    PrimaryDNS 194.84.17.34 (0x8106C2541122)
Jul 15 02:58:37 as53-2.cnt.ru 70657: As39 IPCP:    SecondaryDNS 194.84.17.35 (0x8306C2541123)
Jul 15 02:58:37 as53-2.cnt.ru 70658: As39 IPCP: State is Open
Jul 15 02:58:37 as53-2.cnt.ru 70659: As39 AAA/AUTHOR: IP_UP
Jul 15 02:58:37 as53-2.cnt.ru 70660: As39 AAA/PER-USER: processing author params.
Jul 15 02:58:37 as53-2.cnt.ru 70661: As39 IPCP: Install route to 194.84.246.149
######################


 




Copyright © Lexa Software, 1996-2009.