|
From: | Tom Stage |
Subject: | [Radiusplugin-users] IAS Accounting not working |
Date: | Thu, 2 Apr 2009 12:23:40 +0200 |
Hi All Iam trying to get the Radiusplugin for OpenVPN to work with our Windows 2003 AD server using IAS. Versions: CentOS 5.x OpenVPN 2.0.9 x86_64-redhat-linux-gnu [SSL] [LZO] [EPOLL] built on Mar 8 2007 Radiusplugin v2.0c Windows 2003 R2 fully updated. OpenVPN Server config: port 1194 proto tcp-server dev tun0 fast-io ca keys/decon/ca.crt cert keys/decon/deconvpn.crt key keys/decon/deconvpn.key dh keys/decon/dh2048.pem server 10.0.10.0 255.255.255.0 crl-verify keys/decon/crl.pem ifconfig-pool-persist servers/Decon_VPN/logs/ipp.txt tls-auth servers/Decon_VPN/ta.key 0 cipher DES-CBC user nobody group adm status servers/Decon_VPN/logs/openvpn-status.log log-append servers/Decon_VPN/logs/openvpn.log verb 3 mute 20 max-clients 100 mssfix 1400 local 10.0.0.6 management 127.0.0.1 7505 keepalive 10 120 client-config-dir /etc/openvpn/servers/Decon_VPN/ccd tls-server comp-lzo persist-key persist-tun ccd-exclusive plugin /etc/openvpn/radiusplugin.so /etc/openvpn/radiusplugin.cnf push "dhcp-option DNS 10.0.0.5" push "dhcp-option WINS 10.0.0.5" push "route 10.0.0.0 255.255.255.0" Radiusplugin config: NAS-Identifier=OpenVpn Service-Type=5 Framed-Protocol=1 NAS-Port-Type=5 NAS-IP-Address=10.0.0.6 OpenVPNConfig=/etc/openvpn/Decon_VPN.conf overwriteccfiles=true server { acctport=1813 authport=1812 name=10.0.0.5 retry=3 wait=3 sharedsecret=secret } OpenVPN Client config: client proto tcp-client dev tun ca ca.crt dh dh2048.pem cert tom_vpn.crt key tom_vpn.key remote 90.184.139.227 1194 tls-auth ta.key 1 cipher DES-CBC verb 2 mute 20 mssfix 1400 keepalive 10 120 comp-lzo persist-key persist-tun float resolv-retry infinite nobind ns-cert-type server auth-user-pass When i connect with my clients they get the following in the OpenVPN log file: Thu Apr 2 10:00:44 2009 Initialization Sequence Completed Thu Apr 2 10:29:04 2009 MULTI: multi_create_instance called Thu Apr 2 10:29:04 2009 Re-using SSL/TLS context Thu Apr 2 10:29:04 2009 LZO compression initialized Thu Apr 2 10:29:04 2009 Control Channel MTU parms [ L:1544 D:168 EF:68 EB:0 ET:0 EL:0 ] Thu Apr 2 10:29:04 2009 Data Channel MTU parms [ L:1544 D:1400 EF:44 EB:135 ET:0 EL:0 AF:3/1 ] Thu Apr 2 10:29:04 2009 Local Options hash (VER=V4): '5e56b428' Thu Apr 2 10:29:04 2009 Expected Remote Options hash (VER=V4): '64fc6ce3' Thu Apr 2 10:29:04 2009 TCP connection established with 80.251.195.31:59217 Thu Apr 2 10:29:04 2009 TCPv4_SERVER link local: [undef] Thu Apr 2 10:29:04 2009 TCPv4_SERVER link remote: 80.251.195.31:59217 Thu Apr 2 10:29:04 2009 80.251.195.31:59217 TLS: Initial packet from 80.251.195.31:59217, sid=085fc3a6 15cd388e Thu Apr 2 10:29:09 2009 80.251.195.31:59217 CRL CHECK OK: /C=DK/ST=CPH/L=Copenhagen/O=Decon_Aps./address@hidden Thu Apr 2 10:29:09 2009 80.251.195.31:59217 VERIFY OK: depth=1, /C=DK/ST=CPH/L=Copenhagen/O=Decon_Aps./address@hidden Thu Apr 2 10:29:09 2009 80.251.195.31:59217 CRL CHECK OK: /C=DK/ST=CPH/L=Copenhagen/O=Decon_Aps./OU=Office/CN=tom_vpn/address@hidden Thu Apr 2 10:29:09 2009 80.251.195.31:59217 VERIFY OK: depth=0, /C=DK/ST=CPH/L=Copenhagen/O=Decon_Aps./OU=Office/CN=tom_vpn/address@hidden RADIUS-PLUGIN: No attributes Acct Interim Interval or bad length. RADIUS-PLUGIN: FOREGROUND: Add user to map. Thu Apr 2 10:29:10 2009 80.251.195.31:59217 PLUGIN_CALL: POST /etc/openvpn/radiusplugin.so/PLUGIN_AUTH_USER_PASS_VERIFY status=0 Thu Apr 2 10:29:10 2009 80.251.195.31:59217 TLS: Username/Password authentication succeeded for username 'ths' Thu Apr 2 10:29:10 2009 80.251.195.31:59217 Data Channel Encrypt: Cipher 'DES-CBC' initialized with 64 bit key Thu Apr 2 10:29:10 2009 80.251.195.31:59217 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Thu Apr 2 10:29:10 2009 80.251.195.31:59217 Data Channel Decrypt: Cipher 'DES-CBC' initialized with 64 bit key Thu Apr 2 10:29:10 2009 80.251.195.31:59217 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Thu Apr 2 10:29:11 2009 80.251.195.31:59217 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA Thu Apr 2 10:29:11 2009 80.251.195.31:59217 [tom_vpn] Peer Connection Initiated with 80.251.195.31:59217 Thu Apr 2 10:29:11 2009 tom_vpn/80.251.195.31:59217 OPTIONS IMPORT: reading client specific options from: /etc/openvpn/servers/Decon_VPN/ccd/tom_vpn Thu Apr 2 10:29:11 2009 tom_vpn/80.251.195.31:59217 PLUGIN_CALL: POST /etc/openvpn/radiusplugin.so/PLUGIN_CLIENT_CONNECT status=0 Thu Apr 2 10:29:11 2009 tom_vpn/80.251.195.31:59217 MULTI: Learn: 10.0.10.14 -> tom_vpn/80.251.195.31:59217 Thu Apr 2 10:29:11 2009 tom_vpn/80.251.195.31:59217 MULTI: primary virtual IP for tom_vpn/80.251.195.31:59217: 10.0.10.14 Thu Apr 2 10:29:12 2009 tom_vpn/80.251.195.31:59217 PUSH: Received control message: 'PUSH_REQUEST' Thu Apr 2 10:29:12 2009 tom_vpn/80.251.195.31:59217 SENT CONTROL [tom_vpn]: 'PUSH_REPLY,dhcp-option DNS 10.0.0.5,dhcp-option WINS 10.0.0.5,route 10.0.0.0 255.255.255.0,route 10.0.10.1,ping 10,ping-restart 120,ifconfig 10.0.10.14 10.0.10.13' (status=1) Iam not sure what i do wrong so i anybody can point me in the right direction that would be great. Cheers Tom Stage |
[Prev in Thread] | Current Thread | [Next in Thread] |