[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Radiusplugin-users] IAS Accounting not working
|
From: |
Ralf Lübben |
|
Subject: |
Re: [Radiusplugin-users] IAS Accounting not working |
|
Date: |
Thu, 2 Apr 2009 12:50:36 +0200 |
|
User-agent: |
KMail/1.11.2 (Linux/2.6.28-11-generic; KDE/4.2.2; i686; ; ) |
Hi,
the log seems to be o.k. so far.
Can you increase your OpenVPN verbosity level to 5? And send it again.
Can you check if all OpenVPN processes are running? You should see 3
processes.
Ralf
On Thursday 02 April 2009 12:23:40 Tom Stage wrote:
> Hi All
>
> Iam trying to get the Radiusplugin for OpenVPN to work with our Windows
> 2003 AD server using IAS.
>
> Versions:
> CentOS 5.x
> OpenVPN 2.0.9 x86_64-redhat-linux-gnu [SSL] [LZO] [EPOLL] built on Mar 8
> 2007 Radiusplugin v2.0c
> Windows 2003 R2 fully updated.
>
> OpenVPN Server config:
> port 1194
> proto tcp-server
> dev tun0
> fast-io
> ca keys/decon/ca.crt
> cert keys/decon/deconvpn.crt
> key keys/decon/deconvpn.key
> dh keys/decon/dh2048.pem
> server 10.0.10.0 255.255.255.0
> crl-verify keys/decon/crl.pem
> ifconfig-pool-persist servers/Decon_VPN/logs/ipp.txt
> tls-auth servers/Decon_VPN/ta.key 0
> cipher DES-CBC
> user nobody
> group adm
> status servers/Decon_VPN/logs/openvpn-status.log
> log-append servers/Decon_VPN/logs/openvpn.log
> verb 3
> mute 20
> max-clients 100
> mssfix 1400
> local 10.0.0.6
> management 127.0.0.1 7505
> keepalive 10 120
> client-config-dir /etc/openvpn/servers/Decon_VPN/ccd
> tls-server
> comp-lzo
> persist-key
> persist-tun
> ccd-exclusive
> plugin /etc/openvpn/radiusplugin.so /etc/openvpn/radiusplugin.cnf
> push "dhcp-option DNS 10.0.0.5"
> push "dhcp-option WINS 10.0.0.5"
> push "route 10.0.0.0 255.255.255.0"
>
> Radiusplugin config:
> NAS-Identifier=OpenVpn
> Service-Type=5
> Framed-Protocol=1
> NAS-Port-Type=5
> NAS-IP-Address=10.0.0.6
> OpenVPNConfig=/etc/openvpn/Decon_VPN.conf
> overwriteccfiles=true
> server
> {
> acctport=1813
> authport=1812
> name=10.0.0.5
> retry=3
> wait=3
> sharedsecret=secret
> }
>
> OpenVPN Client config:
> client
> proto tcp-client
> dev tun
> ca ca.crt
> dh dh2048.pem
> cert tom_vpn.crt
> key tom_vpn.key
> remote 90.184.139.227 1194
> tls-auth ta.key 1
> cipher DES-CBC
> verb 2
> mute 20
> mssfix 1400
> keepalive 10 120
> comp-lzo
> persist-key
> persist-tun
> float
> resolv-retry infinite
> nobind
> ns-cert-type server
> auth-user-pass
>
> When i connect with my clients they get the following in the OpenVPN log
> file: Thu Apr 2 10:00:44 2009 Initialization Sequence Completed
> Thu Apr 2 10:29:04 2009 MULTI: multi_create_instance called
> Thu Apr 2 10:29:04 2009 Re-using SSL/TLS context
> Thu Apr 2 10:29:04 2009 LZO compression initialized
> Thu Apr 2 10:29:04 2009 Control Channel MTU parms [ L:1544 D:168 EF:68
> EB:0 ET:0 EL:0 ] Thu Apr 2 10:29:04 2009 Data Channel MTU parms [ L:1544
> D:1400 EF:44 EB:135 ET:0 EL:0 AF:3/1 ] Thu Apr 2 10:29:04 2009 Local
> Options hash (VER=V4): '5e56b428'
> Thu Apr 2 10:29:04 2009 Expected Remote Options hash (VER=V4): '64fc6ce3'
> Thu Apr 2 10:29:04 2009 TCP connection established with
> 80.251.195.31:59217 Thu Apr 2 10:29:04 2009 TCPv4_SERVER link local:
> [undef]
> Thu Apr 2 10:29:04 2009 TCPv4_SERVER link remote: 80.251.195.31:59217
> Thu Apr 2 10:29:04 2009 80.251.195.31:59217 TLS: Initial packet from
> 80.251.195.31:59217, sid=085fc3a6 15cd388e Thu Apr 2 10:29:09 2009
> 80.251.195.31:59217 CRL CHECK OK:
> /C=DK/ST=CPH/L=Copenhagen/O=Decon_Aps./address@hidden Thu Apr 2
> 10:29:09 2009 80.251.195.31:59217 VERIFY OK: depth=1,
> /C=DK/ST=CPH/L=Copenhagen/O=Decon_Aps./address@hidden Thu Apr 2
> 10:29:09 2009 80.251.195.31:59217 CRL CHECK OK:
> /C=DK/ST=CPH/L=Copenhagen/O=Decon_Aps./OU=Office/CN=tom_vpn/emailAddress=th
>address@hidden Thu Apr 2 10:29:09 2009 80.251.195.31:59217 VERIFY OK: depth=0,
> /C=DK/ST=CPH/L=Copenhagen/O=Decon_Aps./OU=Office/CN=tom_vpn/emailAddress=th
>address@hidden RADIUS-PLUGIN: No attributes Acct Interim Interval or bad
>length.
> RADIUS-PLUGIN: FOREGROUND: Add user to map.
> Thu Apr 2 10:29:10 2009 80.251.195.31:59217 PLUGIN_CALL: POST
> /etc/openvpn/radiusplugin.so/PLUGIN_AUTH_USER_PASS_VERIFY status=0 Thu Apr
> 2 10:29:10 2009 80.251.195.31:59217 TLS: Username/Password authentication
> succeeded for username 'ths' Thu Apr 2 10:29:10 2009 80.251.195.31:59217
> Data Channel Encrypt: Cipher 'DES-CBC' initialized with 64 bit key Thu Apr
> 2 10:29:10 2009 80.251.195.31:59217 Data Channel Encrypt: Using 160 bit
> message hash 'SHA1' for HMAC authentication Thu Apr 2 10:29:10 2009
> 80.251.195.31:59217 Data Channel Decrypt: Cipher 'DES-CBC' initialized with
> 64 bit key Thu Apr 2 10:29:10 2009 80.251.195.31:59217 Data Channel
> Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Thu Apr
> 2 10:29:11 2009 80.251.195.31:59217 Control Channel: TLSv1, cipher
> TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA Thu Apr 2 10:29:11 2009
> 80.251.195.31:59217 [tom_vpn] Peer Connection Initiated with
> 80.251.195.31:59217 Thu Apr 2 10:29:11 2009 tom_vpn/80.251.195.31:59217
> OPTIONS IMPORT: reading client specific options from:
> /etc/openvpn/servers/Decon_VPN/ccd/tom_vpn Thu Apr 2 10:29:11 2009
> tom_vpn/80.251.195.31:59217 PLUGIN_CALL: POST
> /etc/openvpn/radiusplugin.so/PLUGIN_CLIENT_CONNECT status=0 Thu Apr 2
> 10:29:11 2009 tom_vpn/80.251.195.31:59217 MULTI: Learn: 10.0.10.14 ->
> tom_vpn/80.251.195.31:59217 Thu Apr 2 10:29:11 2009
> tom_vpn/80.251.195.31:59217 MULTI: primary virtual IP for
> tom_vpn/80.251.195.31:59217: 10.0.10.14 Thu Apr 2 10:29:12 2009
> tom_vpn/80.251.195.31:59217 PUSH: Received control message: 'PUSH_REQUEST'
> Thu Apr 2 10:29:12 2009 tom_vpn/80.251.195.31:59217 SENT CONTROL
> [tom_vpn]: 'PUSH_REPLY,dhcp-option DNS 10.0.0.5,dhcp-option WINS
> 10.0.0.5,route 10.0.0.0 255.255.255.0,route 10.0.10.1,ping 10,ping-restart
> 120,ifconfig 10.0.10.14 10.0.10.13' (status=1)
>
> Iam not sure what i do wrong so i anybody can point me in the right
> direction that would be great.
>
> Cheers
> Tom Stage