Hi guys, I've been playing with this BSDRP lab setup in VMware. It worked fine as illustrated. But then I wanted to make R3 (PPPoE server) authenticate from OpenRADIUS that we're running.
Here are R3's logs at the time of authentication failure:
From inspecting openradius.log I can see that among the attributes received there's no User-Password. But why? Here are respective mpd.conf:
R1 (client):
R2 (L2TP repeater - normally not needed but is used in the lab):
R3 (real PPPoE server):
R4 is a simple PC that we can eventually ping from R1.
It's not sending a password
I've read the whole documentation section here, but still have no clue about what's going on.
Here are R3's logs at the time of authentication failure:
Code:
Nov 11 15:39:53 R3 ppp: [L-1] LCP: state change Ack-Sent --> Opened
Nov 11 15:39:53 R3 ppp: [L-1] LCP: auth: peer wants nothing, I want CHAP
Nov 11 15:39:53 R3 ppp: [L-1] CHAP: sending CHALLENGE #1 len: 21
Nov 11 15:39:53 R3 ppp: [L-1] LCP: LayerUp
Nov 11 15:39:53 R3 ppp: [L-1] CHAP: rec'd RESPONSE #1 len: 60
Nov 11 15:39:53 R3 ppp: [L-1] Name: "rihad"
Nov 11 15:39:53 R3 ppp: [L-1] AUTH: Trying RADIUS
Nov 11 15:39:53 R3 ppp: [L-1] RADIUS: Authenticating user 'rihad'
Nov 11 15:39:53 R3 ppp: [L-1] RADIUS: rad_send_request for user 'rihad' failed: No valid RADIUS responses received
Nov 11 15:39:53 R3 ppp: [L-1] AUTH: RADIUS returned error
Nov 11 15:39:53 R3 ppp: [L-1] AUTH: ran out of backends
Nov 11 15:39:53 R3 ppp: [L-1] CHAP: Auth return status: failed
Nov 11 15:39:53 R3 ppp: [L-1] CHAP: Reply message: E=691 R=0 M=Login incorrect
Nov 11 15:39:53 R3 ppp: [L-1] CHAP: sending FAILURE #1 len: 31
Nov 11 15:39:53 R3 ppp: [L-1] LCP: authorization failed
Nov 11 15:39:53 R3 ppp: [L-1] LCP: parameter negotiation failed
Nov 11 15:39:53 R3 ppp: [L-1] LCP: state change Opened --> StoppingFrom inspecting openradius.log I can see that among the attributes received there's no User-Password. But why? Here are respective mpd.conf:
R1 (client):
Code:
default:
create bundle static B1
set bundle enable ipv6cp
set ipcp enable req-pri-dns
set ipcp enable req-sec-dns
set iface route default
create link static L1 pppoe
set link action bundle B1
set auth disable internal
set auth authname rihad
set auth password whatever
set pppoe iface em1
set link max-redial 0
openR2 (L2TP repeater - normally not needed but is used in the lab):
Code:
default:
create link template L1 pppoe
set pppoe iface em1
set link action forward L2
set link enable incoming
create link template L2 l2tp
set l2tp peer 10.0.24.3R3 (real PPPoE server):
Code:
default:
set radius server radius.localnet myc00lpass 1812 1812
set radius enable message-authentic
set radius me em0
set auth disable internal
set auth enable radius-auth radius-acct
set ippool add pool1 88.88.0.1 88.88.0.99
create bundle template B
set ipcp ranges 88.88.0.254/32 ippool pool1
set ipcp dns 8.8.8.8
set bundle enable ipv6cp
create link template L l2tp
set l2tp enable length
set link action bundle B
set link enable pap chap
set l2tp self 10.0.24.3
set link enable peer-as-calling
set link enable report-mac
set link enable incomingR4 is a simple PC that we can eventually ping from R1.
It's not sending a password
I've read the whole documentation section here, but still have no clue about what's going on.