forum.bitel.ru :: Просмотр темы - Session-Error-Msg=Authentication failure

Автор:

marahovsky [ 21 окт 2013, 19:11 ]

Заголовок сообщения:

Session-Error-Msg=Authentication failure

Приветствую!
Пытаюсь поднять pppoe сессию, Access пишет следующее:

Код:

Packet type: Access-Request
Identifier: 106
Authenticator: {88 6C 8E B3 4E 05 B1 67 97 57 CC 8B 3E AE 2C 99}
Attributes:
  User-Name=testpppoe
  NAS-Port-Id=2/1 pppoe 232
  NAS-Identifier=RedBackSE100
  CHAP-Password={01 26 53 FA E5 AE 8C D7 6E D1 48 14 A9 50 8E 4D EE}
  NAS-IP-Address=10.225.0.6
  NAS-Port=553648360
  Service-Type=2
  Framed-Protocol=1
  NAS-Port-Type=5
  CHAP-Challenge=�l��N�g�W̋>�,�
  Platform-Type=4
  Medium-Type=11
  OS-Version=12.1.1.4p1
  Mac-Addr=00-50-bf-4a-a8-2e
  NAS-Real-Port=33619968

10-21/16:59:32  INFO [rdsLstnr-p-7-t-1] InetRadiusProcessor - REQUEST_AFTER_PREPROCESS:
Packet type: Access-Request
Identifier: 106
Authenticator: {88 6C 8E B3 4E 05 B1 67 97 57 CC 8B 3E AE 2C 99}
Attributes:
  User-Name=testpppoe
  NAS-Port-Id=2/1 pppoe 232
  NAS-Identifier=RedBackSE100
  CHAP-Password={01 26 53 FA E5 AE 8C D7 6E D1 48 14 A9 50 8E 4D EE}
  NAS-IP-Address=10.225.0.6
  NAS-Port=553648360
  Service-Type=2
  Framed-Protocol=1
  NAS-Port-Type=5
  CHAP-Challenge=�l��N�g�W̋>�,�
  Platform-Type=4
  Medium-Type=11
  OS-Version=12.1.1.4p1
  Mac-Addr=00-50-bf-4a-a8-2e
  NAS-Real-Port=33619968
Common options: {deviceState=1}
10-21/16:59:32  INFO [rdsLstnr-p-7-t-1] InetNas - Search by username=testpppoe
10-21/16:59:32  INFO [rdsLstnr-p-7-t-1] InetRadiusProcessor - [username=testpppoe] Authenticated as inetServId:7
10-21/16:59:32  INFO [rdsLstnr-p-7-t-1] InetApplication - inetServ[id=7] balance ok: 5.00 [0]
10-21/16:59:32  INFO [rdsLstnr-p-7-t-1] InetApplication - TariffOptionMap: {}
10-21/16:59:32  INFO [rdsLstnr-p-7-t-1] InetApplication - OptionSet: [1]
10-21/16:59:32  INFO [rdsLstnr-p-7-t-1] InetRadiusProcessor - Set ip from pool
10-21/16:59:32  INFO [rdsLstnr-p-7-t-1] InetRadiusProcessor - Write new waiting connection to DB
10-21/16:59:32  INFO [rdsLstnr-p-7-t-1] InetRadiusProcessor - New connection id=102
10-21/16:59:32  INFO [rdsLstnr-p-7-t-1] InetRadiusProcessor - Return code=0
10-21/16:59:32  INFO [rdsLstnr-p-7-t-1] InetDhcpHelperProcessor - Skip userName: testpppoe
10-21/16:59:32  INFO [rdsLstnr-p-7-t-1] InetRadiusProcessor - RESPONSE_BEFORE_POSTPROCESS:
Packet type: Access-Accept
Identifier: 106
Authenticator: {}
Attributes:
  Framed-IP-Address=XXX.XXX.XXX.XXX
  Service-Options:1=1
  Service-Parameter:1=Rate=100000 Burst=12500000
  IP-Interface-Name=ACCESS;Service-Name:1=RSE-SVC-EXT

Process time auth: 93

10-21/16:59:32  INFO [rdsLstnr-p-7-t-1] HourlyDataLogEntry - Create dataLog file: /opt/BGInetAccess/data/radius/source_5/2013/2013-10/2013-10-21/log_2013-10-21-16.003.bgdl
10-21/16:59:32  INFO [rdsLstnr-p-7-t-1] InetRadiusListenerWorker - RESPONSE:
Packet type: Access-Accept
Identifier: 106
Authenticator: {51 AA 2D 33 2F 02 99 CB A9 3B 86 EF 72 A0 E1 D2}
Attributes:
  Framed-IP-Address=XXX.XXX.XXX.XXX
  Service-Options:1=1
  Service-Parameter:1=Rate=100000 Burst=12500000
  IP-Interface-Name=ACCESS;Service-Name:1=RSE-SVC-EXT

Process time auth: 153

А Accounting ругается:

Код:

10-21/16:59:32  INFO [rdsLstnr-p-6-t-2] InetRadiusProcessor - REQUEST_AFTER_PREPROCESS:
Packet type: Accounting-Request
Identifier: 19
Authenticator: {B3 04 B9 D6 59 89 61 4D 6B 58 07 12 1D 45 31 74}
Attributes:
  User-Name=testpppoe
  NAS-Identifier=RedBackSE100
  NAS-IP-Address=10.225.0.6
  NAS-Port=553648360
  Service-Type=2
  Framed-Protocol=1
  Acct-Input-Octets=0
  Acct-Output-Octets=0
  Acct-Status-Type=2
  Acct-Session-Time=0
  Acct-Input-Packets=0
  Acct-Session-Id=0100FFFF680000E8-52652532
  Acct-Authentic=1
  Acct-Terminate-Cause=17
  NAS-Port-Id=2/1 pppoe 232
  Acct-Output-Packets=0
  Event-Timestamp=1382360371
  Acct-Output-Gigawords=0
  Acct-Input-Gigawords=0
  NAS-Port-Type=5
  Acct-Mcast-Out-Packets-64={00 00 00 00 00 00 00 00}
  Medium-Type=11
  Platform-Type=4
  Session-Error-Msg=Authentication failure
  Session-Error-Code=24
  Acct-Output-Octets-64={00 00 00 00 00 00 00 00}
  Acct-Input-Octets-64={00 00 00 00 00 00 00 00}
  Acct-Output-Packets-64={00 00 00 00 00 00 00 00}
  Acct-Input-Packets-64={00 00 00 00 00 00 00 00}
  Acct-Mcast-In-Octets-64={00 00 00 00 00 00 00 00}
  Acct-Mcast-In-Packets-64={00 00 00 00 00 00 00 00}
  Acct-Mcast-Out-Octets-64={00 00 00 00 00 00 00 00}
  OS-Version=12.1.1.4p1
  Mac-Addr=00-50-bf-4a-a8-2e
  Acct-Mcast-In-Octets=0
  Acct-Mcast-Out-Octets=0
  NAS-Real-Port=33619968
  Acct-Mcast-In-Packets=0
  Acct-Mcast-Out-Packets=0
Common options: {deviceState=1}
10-21/16:59:32  INFO [rdsLstnr-p-6-t-2] InetNas - Search by username=testpppoe
10-21/16:59:32  WARN [rdsLstnr-p-6-t-2] InetRadiusProcessor - Creating NasConnection from accounting packet [statusType=2]
10-21/16:59:32 ERROR [rdsLstnr-p-6-t-2] InetRadiusProcessor - Session ip address not found in packet!
10-21/16:59:32  WARN [rdsLstnr-p-6-t-2] InetNas - NasConnection not found
10-21/16:59:32  INFO [rdsLstnr-p-6-t-2] RadiusListenerWorker - RESPONSE:
Packet type: Accounting-Response
Identifier: 19
Authenticator: {AD 9C AB D8 9B B6 1F C9 25 66 74 46 3C C3 04 A9}
Attributes:

Process time stop: 7

10-21/17:01:23  INFO [hrlydtlggr-p-5-t-1] HourlyDataLoggerTracker - Checking data log files to close [hours=1]...
10-21/17:01:23  INFO [hrlydtlggr-p-5-t-1] HourlyDataLoggerTracker - Remove dataLog file from writers map [/opt/BGInetAccounting/data/radius/source_5/2013/2013-10/2013-10-21/log_2013-10-21-16.002.bgdl]
10-21/17:01:25  INFO [hrlydtlggr-p-5-t-1] HourlyDataLoggerTracker - Close dataLog file [/opt/BGInetAccounting/data/radius/source_5/2013/2013-10/2013-10-21/log_2013-10-21-16.002.bgdl]

Конфигурация NAS'a в биллинге:

Код:

accounting.worker.1.tariffication.1.batchSize=100
accounting.worker.1.tariffication.1.delay=10
accounting.worker.1.tariffication.1.minDeltaAmount=0
accounting.worker.1.thread.count=1
accounting.worker.1.tracking.1.batchSize=100
accounting.worker.1.tracking.1.delay=20
accounting.worker.2.flushing.1.batchSize=500
accounting.worker.2.flushing.1.delay=20
accounting.worker.2.flushing.1.minDeltaAccount=0
accounting.worker.2.thread.count=1
accounting.worker.3.finishing.1.batchSize=500
accounting.worker.3.finishing.1.delay=20
accounting.worker.3.thread.count=1
card.moduleId=2
coa.log=1
connection.close.timeout=900
connection.start.fromAccept=1
connection.suspend.timeout=900
const.access.attributes=IP-Interface-Name=ACCESS;
contract.status.active.codes=0
contract.status.suspend.codes=3,4
deviceId=5
dhcp.relay.deviceTypeIds=1
nas.inspector.class=bitel.billing.server.processor.PoDNASConnectionInspector
nas.inspector.coa.retries=2
nas.inspector.coa.threads=4
nas.inspector.coa.timeout=5
nas.inspector.radius.attributes=
nas.inspector.radius.secret=*********
nas.radius.deviceTypeIds=1
nas.radius.disable.accessCodes=1,2,3,4,10,11,12
nas.radius.disable.attributes=IP-Interface-Name=NO_ACCESS;HTTP-Redirect-Profile-Name=NO_ACCESS;Forward-Policy=in:NO_ACCESS;
nas.radius.disable.ipCategories=10
nas.radius.disable.pattern.attributes=HTTP-Redirect-Profile-Name=NO_ACCESS
nas.radius.inetOption.1.attributes=IP-Interface-Name=ACCESS;;Service-Name:1=RSE-SVC-EXT;Service-Options:1=1;Service-Parameter:1=Rate=100000 Burst=12500000
nas.radius.inetOption.2.attributes=IP-Interface-Name=ACCESS;;{@option.2.attributes}
nas.radius.inetOption.3.attributes=IP-Interface-Name=ACCESS;;Service-Name:1=RSE-SVC-EXT;Service-Options:1=1;Service-Parameter:1=Rate=20000 Burst=2500000
nas.radius.parentAcctSessionId.type=1
nas.radius.realm.default.attributes=
nas.radius.realm.default.ipCategories=9
nas.radius.secret=*******
option.1.attributes=Service-Name:1=RSE-SVC-EXT;Service-Options:1=1;Service-Parameter:1=Rate=100000 Burst=12500000
option.3.attributes=Service-Name:1=RSE-SVC-EXT;Service-Options:1=1;Service-Parameter:1=Rate=20000 Burst=2500000
radius.deviceTypeIds=1
radius.disable.accessCodes=1,2,3,4,10,11,12
radius.disable.attributes=IP-Interface-Name=NO_ACCESS;HTTP-Redirect-Profile-Name=NO_ACCESS;Forward-Policy=in:NO_ACCESS;
radius.disable.ipCategories=10
radius.disable.pattern.attributes=HTTP-Redirect-Profile-Name=NO_ACCESS
radius.inetOption.1.attributes=IP-Interface-Name=ACCESS;;Service-Name:1=RSE-SVC-EXT;Service-Options:1=1;Service-Parameter:1=Rate=100000 Burst=12500000
radius.inetOption.2.attributes=IP-Interface-Name=ACCESS;;{@option.2.attributes}
radius.inetOption.3.attributes=IP-Interface-Name=ACCESS;;Service-Name:1=RSE-SVC-EXT;Service-Options:1=1;Service-Parameter:1=Rate=20000 Burst=2500000
radius.parentAcctSessionId.type=1
radius.realm.default.attributes=
radius.realm.default.ipCategories=9
radius.secret=*******
redirect.attributes=HTTP-Redirect-Profile-Name=NO_ACCESS;Forward-Policy=in:NO_ACCESS;
sa.radius.connection.attributes=Acct-Session-Id
sa.radius.disable.attributes=HTTP-Redirect-Profile-Name=NO_ACCESS;Forward-Policy=in:NO_ACCESS;
sa.radius.option.attributesPrefix=option.
sa.radius.service.closeAttributes=Deactivate-Service-Name:1=RSE-SVC-EXT

Брас пишет вот это:

Код:

Oct 21 16:22:53: %AAA-7-RADIUS: rad_mgr, Process radius requests in db response queue
Oct 21 16:22:53: %AAA-7-RAD_ATTR: rad_parse_pkt: Receive RFC attr 8 (Framed_IP_Address), tag = 32, status = success
Oct 21 16:22:53: %AAA-7-RAD_ATTR: val=2e 22 98 36 42 d0 25 2c  (8)
Oct 21 16:22:53: %AAA-7-RAD_ATTR: rad_attr_parse_svc_attr: Service options 0x1
Oct 21 16:22:53: %AAA-7-RAD_ATTR: rad_attr_add_svc_attrs_tlv: Service attribute 191 add to list with tag 35 status success ec 1
Oct 21 16:22:53: %AAA-7-RAD_ATTR: rad_attr_parse_svc_attr: Service attribute 191 with tag 35 parser status success
Oct 21 16:22:53: %AAA-7-RAD_ATTR: rad_parse_vsa: Receive Redback attr 191 (Service_Options), tag = 35, status = success
Oct 21 16:22:53: %AAA-7-RAD_ATTR: val=00 00 00 01  (4)
Oct 21 16:22:53: [0004]: [2/1:511:63:31/6/2/229]: %AAA-7-AUTHEN: aaa_idx 100000d6: Deleting session term cause 24
Oct 21 16:22:53: [0004]: [2/1:511:63:31/6/2/229]: %AAA-7-AUTHEN: aaa_idx 100000d6: clear_all_ipv6_prefixes: no ipv6 author attrs for subscriber testpppoe
Oct 21 16:22:53: %AAA-7-RADIUS: rad_mgr, Process radius requests in db request queue
Oct 21 16:22:53: [0004]: [2/1:511:63:31/6/2/229]: %AAA-7-RADIUS: aaa_idx 100000d6: rad_process_aaad_req: Receive request (Accounting Stop)

Что-то не могу понять где у меня лыжи не едут, может кто-нибудь сможет подсказать?
Заранее спасибо!

Автор:	marahovsky [ 22 окт 2013, 16:28 ]
Заголовок сообщения:	Re: Session-Error-Msg=Authentication failure
UPD Еще вот такую ошибку заметил radius-processor 10-22/12:52:21 ERROR [event-proc-p-2-t-1] NasList - argument type mismatch java.lang.IllegalArgumentException: argument type mismatch at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57) at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) at java.lang.reflect.Constructor.newInstance(Constructor.java:526) at ru.bitel.bgbilling.kernel.network.radius.nas.NasConnectionInspector.newInstance(NasConnectionInspector.java:172) at ru.bitel.bgbilling.kernel.network.radius.nas.NasList.setNas(NasList.java:131) at ru.bitel.bgbilling.modules.inet.radius.InetNasList.load(InetNasList.java:105) at ru.bitel.bgbilling.modules.inet.radius.InetRadiusProcessor.reloadNasList(InetRadiusProcessor.java:292) at ru.bitel.bgbilling.modules.inet.radius.InetRadiusProcessor$1.notify(InetRadiusProcessor.java:261) at ru.bitel.bgbilling.kernel.event.AbstractConsumer.notify(AbstractConsumer.java:344) at ru.bitel.bgbilling.kernel.event.Consumer.notify(Consumer.java:1) at ru.bitel.bgbilling.kernel.event.Consumer.onMessage0(Consumer.java:112) at ru.bitel.bgbilling.kernel.event.Consumer$EventListenerRunnable.runImpl(Consumer.java:51) at ru.bitel.common.worker.WorkerTask.run(WorkerTask.java:86) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) at java.lang.Thread.run(Thread.java:724) at ru.bitel.common.worker.WorkerThread.run(WorkerThread.java:40)

Автор:	marahovsky [ 22 окт 2013, 21:16 ]
Заголовок сообщения:	Re: Session-Error-Msg=Authentication failure
Проблема была в настройках браса, через глобальную аутентификацию не завелось

Автор:	Amir [ 22 окт 2013, 21:20 ]
Заголовок сообщения:	Re: Session-Error-Msg=Authentication failure
Нужно чтобы старт-пакеты приходили от NAS'а. Также попробуйте указать в конфиге корневого ус-ва (Access+Accounting) connection.start.fromAccept=1

Автор:	marahovsky [ 22 окт 2013, 23:58 ]
Заголовок сообщения:	Re: Session-Error-Msg=Authentication failure
Amir писал(а): Нужно чтобы старт-пакеты приходили от NAS'а. Также попробуйте указать в конфиге корневого ус-ва (Access+Accounting) connection.start.fromAccept=1 Опцию поставил, с браса летит стоп, но это уже проблемы с настройкой браса скорее всего, по брасу отписал сюда http://forum.bitel.ru/viewtopic.php?f=44&t=5986

forum.bitel.ru http://forum.bitel.ru/

Session-Error-Msg=Authentication failure http://forum.bitel.ru/viewtopic.php?f=44&t=8612	Страница 1 из 1

Страница 1 из 1	Часовой пояс: UTC + 5 часов [ Летнее время ]
Powered by phpBB® Forum Software © phpBB Group http://www.phpbb.com/