[RP-PPPoE] Question on PPPoE with radius.

Ben Greear greearb at candelatech.com
Wed Jun 15 01:47:45 EDT 2011 

Ok, getting farther now.

Seems there is no freeradius-client rpm on Fedora, so I installed
it from freeradius.org.

That fixes up the dictionary stuff.

I had to comment out the bindaddr and deadtime config options,
probably because the pppd radius.so is old.  I haven't found
out how to upgrade that, but maybe it doesn't matter.

I do see radius messages now, and there's a chance that the radius
server is responding correctly.  But, on the pppoe server side,
still no joy:

Jun 14 22:34:36 build-32 pppoe-server[12510]: Session 40 created for client 00:90:0b:13:ed:ea (10.67.15.40) on br0 using Service-Name ''
Jun 14 22:34:36 build-32 pppd[12510]: Plugin radius.so loaded.
Jun 14 22:34:36 build-32 pppd[12510]: RADIUS plugin initialized.
Jun 14 22:34:36 build-32 pppd[12510]: Plugin radattr.so loaded.
Jun 14 22:34:36 build-32 pppd[12510]: RADATTR plugin initialized.
Jun 14 22:34:36 build-32 pppd[12510]: pppd 2.4.5 started by root, uid 0
Jun 14 22:34:36 build-32 pppd[12510]: Using interface ppp0
Jun 14 22:34:36 build-32 pppd[12510]: Connect: ppp0 <--> /dev/pts/9
Jun 14 22:34:37 build-32 pppd[12510]: EAP: Identity prompt "Name"
Jun 14 22:34:37 build-32 pppd[12510]: EAP: received too many Request messages
Jun 14 22:34:37 build-32 pppd[12510]: Connection terminated.
Jun 14 22:34:37 build-32 pppoe[12511]: read (asyncReadFromPPP): Session 40: Input/output error
Jun 14 22:34:37 build-32 pppd[12510]: Exit.


I'm not sure what that EAP too many messages thing is about, but it appears
to be the problem now.

Here's freeradius output in case that helps:

...
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group CHAP {...}
[chap] login attempt by "ben" with CHAP password
[chap] Using clear text password "ben1" for user ben authentication.
[chap] chap user ben authenticated succesfully
++[chap] returns ok
# Executing section post-auth from file /etc/raddb/sites-enabled/default
+- entering group post-auth {...}
++[exec] returns noop
Sending Access-Accept of id 30 to 192.168.100.20 port 58305
Finished request 6.
Going to the next request
Waking up in 0.7 seconds.
Cleaning up request 4 ID 28 with timestamp +14
Waking up in 2.1 seconds.

[root at lec2010-ath9k-1 raddb]# tshark -n -i eth0 host 192.168.100.20

Running as user "root" and group "root". This could be dangerous.

Capturing on eth0
   0.000000 00:30:48:d8:f1:d4 -> ff:ff:ff:ff:ff:ff ARP Who has 192.168.100.138?  Tell 192.168.100.20
   0.000112 00:90:0b:13:ed:ea -> 00:30:48:d8:f1:d4 ARP 192.168.100.138 is at 00:90:0b:13:ed:ea
   0.000332 192.168.100.20 -> 192.168.100.138 RADIUS Access-Request(1) (id=34, l=86)
   0.001270 192.168.100.138 -> 192.168.100.20 RADIUS Access-Accept(2) (id=34, l=20)
   2.141805 192.168.100.20 -> 192.168.100.138 RADIUS Access-Request(1) (id=35, l=88)
   2.142492 192.168.100.138 -> 192.168.100.20 RADIUS Access-Accept(2) (id=35, l=20)
   4.272625 192.168.100.20 -> 192.168.100.138 RADIUS Access-Request(1) (id=36, l=89)
   4.273987 192.168.100.138 -> 192.168.100.20 RADIUS Access-Accept(2) (id=36, l=20)
   5.004679 00:90:0b:13:ed:ea -> 00:30:48:d8:f1:d4 ARP Who has 192.168.100.20?  Tell 192.168.100.138
   5.004820 00:30:48:d8:f1:d4 -> 00:90:0b:13:ed:ea ARP 192.168.100.20 is at 00:30:48:d8:f1:d4
   6.399908 192.168.100.20 -> 192.168.100.138 RADIUS Access-Request(1) (id=37, l=86)
   6.400416 192.168.100.138 -> 192.168.100.20 RADIUS Access-Accept(2) (id=37, l=20)
   8.527968 192.168.100.20 -> 192.168.100.138 RADIUS Access-Request(1) (id=38, l=89)
   8.528509 192.168.100.138 -> 192.168.100.20 RADIUS Access-Accept(2) (id=38, l=20)
  10.664774 192.168.100.20 -> 192.168.100.138 RADIUS Access-Request(1) (id=39, l=93)
  10.665274 192.168.100.138 -> 192.168.100.20 RADIUS Access-Accept(2) (id=39, l=20)
  12.782692 192.168.100.20 -> 192.168.100.138 RADIUS Access-Request(1) (id=40, l=92)
  12.783145 192.168.100.138 -> 192.168.100.20 RADIUS Access-Accept(2) (id=40, l=20)
  14.910039 192.168.100.20 -> 192.168.100.138 RADIUS Access-Request(1) (id=41, l=86)
  14.910605 192.168.100.138 -> 192.168.100.20 RADIUS Access-Accept(2) (id=41, l=20)
  17.041755 192.168.100.20 -> 192.168.100.138 RADIUS Access-Request(1) (id=42, l=86)
  17.042187 192.168.100.138 -> 192.168.100.20 RADIUS Access-Accept(2) (id=42, l=20)

-- 
Ben Greear <greearb at candelatech.com>
Candela Technologies Inc  http://www.candelatech.com

More information about the RP-PPPoE mailing list