radiusplugin-users
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Radiusplugin-users] IAS Accounting not working

From: Tom Stage
Subject: [Radiusplugin-users] IAS Accounting not working
Date: Thu, 2 Apr 2009 12:23:40 +0200
Hi All

Iam trying to get the Radiusplugin for OpenVPN  to work with our Windows 2003 AD server using IAS.

Versions:
CentOS 5.x
OpenVPN 2.0.9 x86_64-redhat-linux-gnu [SSL] [LZO] [EPOLL] built on Mar  8 2007
Radiusplugin v2.0c
Windows 2003 R2 fully updated.

OpenVPN Server config:
port 1194
proto tcp-server
dev tun0
fast-io
ca keys/decon/ca.crt
cert keys/decon/deconvpn.crt
key keys/decon/deconvpn.key
dh keys/decon/dh2048.pem
server 10.0.10.0 255.255.255.0
crl-verify keys/decon/crl.pem
ifconfig-pool-persist servers/Decon_VPN/logs/ipp.txt
tls-auth servers/Decon_VPN/ta.key 0
cipher DES-CBC
user nobody
group adm
status servers/Decon_VPN/logs/openvpn-status.log
log-append servers/Decon_VPN/logs/openvpn.log
verb 3
mute 20
max-clients 100
mssfix 1400
local 10.0.0.6
management 127.0.0.1 7505
keepalive 10 120
client-config-dir /etc/openvpn/servers/Decon_VPN/ccd
tls-server
comp-lzo
persist-key
persist-tun
ccd-exclusive
plugin /etc/openvpn/radiusplugin.so /etc/openvpn/radiusplugin.cnf
push "dhcp-option DNS 10.0.0.5"
push "dhcp-option WINS 10.0.0.5"
push "route 10.0.0.0 255.255.255.0"
 
Radiusplugin config:
NAS-Identifier=OpenVpn
Service-Type=5
Framed-Protocol=1
NAS-Port-Type=5
NAS-IP-Address=10.0.0.6
OpenVPNConfig=/etc/openvpn/Decon_VPN.conf
overwriteccfiles=true
server
{
    acctport=1813
    authport=1812
    name=10.0.0.5
    retry=3
    wait=3
    sharedsecret=secret
}

OpenVPN Client config:
client
proto tcp-client
dev tun
ca ca.crt
dh dh2048.pem
cert tom_vpn.crt
key tom_vpn.key
remote 90.184.139.227 1194
tls-auth ta.key 1
cipher DES-CBC
verb 2
mute 20
mssfix 1400
keepalive 10 120
comp-lzo
persist-key
persist-tun
float
resolv-retry infinite
nobind
ns-cert-type server
auth-user-pass

When i connect with my clients they get the following in the OpenVPN log file:
Thu Apr  2 10:00:44 2009 Initialization Sequence Completed
Thu Apr  2 10:29:04 2009 MULTI: multi_create_instance called
Thu Apr  2 10:29:04 2009 Re-using SSL/TLS context
Thu Apr  2 10:29:04 2009 LZO compression initialized
Thu Apr  2 10:29:04 2009 Control Channel MTU parms [ L:1544 D:168 EF:68 EB:0 ET:0 EL:0 ]
Thu Apr  2 10:29:04 2009 Data Channel MTU parms [ L:1544 D:1400 EF:44 EB:135 ET:0 EL:0 AF:3/1 ]
Thu Apr  2 10:29:04 2009 Local Options hash (VER=V4): '5e56b428'
Thu Apr  2 10:29:04 2009 Expected Remote Options hash (VER=V4): '64fc6ce3'
Thu Apr  2 10:29:04 2009 TCP connection established with 80.251.195.31:59217
Thu Apr  2 10:29:04 2009 TCPv4_SERVER link local: [undef]
Thu Apr  2 10:29:04 2009 TCPv4_SERVER link remote: 80.251.195.31:59217
Thu Apr  2 10:29:04 2009 80.251.195.31:59217 TLS: Initial packet from 80.251.195.31:59217, sid=085fc3a6 15cd388e
Thu Apr  2 10:29:09 2009 80.251.195.31:59217 CRL CHECK OK: /C=DK/ST=CPH/L=Copenhagen/O=Decon_Aps./address@hidden
Thu Apr  2 10:29:09 2009 80.251.195.31:59217 VERIFY OK: depth=1, /C=DK/ST=CPH/L=Copenhagen/O=Decon_Aps./address@hidden
Thu Apr  2 10:29:09 2009 80.251.195.31:59217 CRL CHECK OK: /C=DK/ST=CPH/L=Copenhagen/O=Decon_Aps./OU=Office/CN=tom_vpn/address@hidden
Thu Apr  2 10:29:09 2009 80.251.195.31:59217 VERIFY OK: depth=0, /C=DK/ST=CPH/L=Copenhagen/O=Decon_Aps./OU=Office/CN=tom_vpn/address@hidden
RADIUS-PLUGIN: No attributes Acct Interim Interval or bad length.
RADIUS-PLUGIN: FOREGROUND: Add user to map.
Thu Apr  2 10:29:10 2009 80.251.195.31:59217 PLUGIN_CALL: POST /etc/openvpn/radiusplugin.so/PLUGIN_AUTH_USER_PASS_VERIFY status=0
Thu Apr  2 10:29:10 2009 80.251.195.31:59217 TLS: Username/Password authentication succeeded for username 'ths'
Thu Apr  2 10:29:10 2009 80.251.195.31:59217 Data Channel Encrypt: Cipher 'DES-CBC' initialized with 64 bit key
Thu Apr  2 10:29:10 2009 80.251.195.31:59217 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Apr  2 10:29:10 2009 80.251.195.31:59217 Data Channel Decrypt: Cipher 'DES-CBC' initialized with 64 bit key
Thu Apr  2 10:29:10 2009 80.251.195.31:59217 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Apr  2 10:29:11 2009 80.251.195.31:59217 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Thu Apr  2 10:29:11 2009 80.251.195.31:59217 [tom_vpn] Peer Connection Initiated with 80.251.195.31:59217
Thu Apr  2 10:29:11 2009 tom_vpn/80.251.195.31:59217 OPTIONS IMPORT: reading client specific options from: /etc/openvpn/servers/Decon_VPN/ccd/tom_vpn
Thu Apr  2 10:29:11 2009 tom_vpn/80.251.195.31:59217 PLUGIN_CALL: POST /etc/openvpn/radiusplugin.so/PLUGIN_CLIENT_CONNECT status=0
Thu Apr  2 10:29:11 2009 tom_vpn/80.251.195.31:59217 MULTI: Learn: 10.0.10.14 -> tom_vpn/80.251.195.31:59217
Thu Apr  2 10:29:11 2009 tom_vpn/80.251.195.31:59217 MULTI: primary virtual IP for tom_vpn/80.251.195.31:59217: 10.0.10.14
Thu Apr  2 10:29:12 2009 tom_vpn/80.251.195.31:59217 PUSH: Received control message: 'PUSH_REQUEST'
Thu Apr  2 10:29:12 2009 tom_vpn/80.251.195.31:59217 SENT CONTROL [tom_vpn]: 'PUSH_REPLY,dhcp-option DNS 10.0.0.5,dhcp-option WINS 10.0.0.5,route 10.0.0.0 255.255.255.0,route 10.0.10.1,ping 10,ping-restart 120,ifconfig 10.0.10.14 10.0.10.13' (status=1)

Iam not sure what i do wrong so i anybody can point me in the right direction that would be great.

Cheers
Tom Stage
reply via email to
[Prev in Thread] Current Thread [Next in Thread]