Народ срочно нужна помощь. Поделитесть опытом.
Или подскажите куда двигаться.
Нужно настроить PPPoE сервер на Linuxe, чтобы он брал учётки с AD, а так же IP адрес
для тунеля из вкладки пользователя в AD Dial-Up.
Стоит:
SuSe ES 10, на нём поднят pppoe server rp-pppoe-3.8,
radiusclient, pppd, подгружены модули pppoe.ko, ppp_mppe.ko.
Домен на Windows 2003 server.
Привожу свои конфиги:
/etc/ppp/pppoe-server-options:
---------------------------------
# PPP options for the PPPoE server
# LIC: GPL
           logfile /var/log/pppoe.log
           debug
           mtu 1472
           mru 1472
           auth
           #require-pap
           require-chap
           #require-mschap-v2
           #require-mppe
           default-asyncmap
           ktune
           lcp-echo-interval 20
           lcp-echo-failure 2
           ms-dns 192.168.1.252
           plugin radius.so
           plugin radattr.so
           #192.168.2.251:
           nobsdcomp
           noccp
           noendpoint
           noipdefault
           noipx
           novj
           receive-all
------------------------------------

/etc/ppp/radiusclient/servers:
--------------------------------------------------------
192.168.1.252                                   xxxxxxx
--------------------------------------------------------

/etc/ppp/radiusclient/radiusclient.conf:
--------------------------------------------------------
#Server Name or Client/Server pair              Key
#----------------                               ---------------
#portmaster.elemental.net                       hardlyasecret
#portmaster2.elemental.net                      donttellanyone
#
# uncomment the following line for simple testing of radlogin
# with radiusd 1.16.1
#localhost/localhost                            testing123
192.168.1.252                                   xxxxxxx
gw0:/etc/ppp/radiusclient # cat radiusclient.conf
# General settings

# specify which authentication comes first respectively which
# authentication is used. possible values are: "radius" and "local".
# if you specify "radius,local" then the RADIUS server is asked
# first then the local one. if only one keyword is specified only
# this server is asked.
auth_order      radius,local

# maximum login tries a user has
login_tries     4

# timeout for all login tries
# if this time is exceeded the user is kicked out
login_timeout   60

# name of the nologin file which when it exists disables logins.
# it may be extended by the ttyname which will result in
# a terminal specific lock (e.g. /etc/nologin.ttyS2 will disable
# logins on /dev/ttyS2)
nologin /etc/nologin

# name of the issue file. it's only display when no username is passed
# on the radlogin command line
issue   /etc/radiusclient/issue

# RADIUS settings

# RADIUS server to use for authentication requests. this config
# item can appear more then one time. if multiple servers are
# defined they are tried in a round robin fashion if one
# server is not answering.
# optionally you can specify a the port number on which is remote
# RADIUS listens separated by a colon from the hostname. if
# no port is specified /etc/services is consulted of the radius
# service. if this fails also a compiled in default is used.
authserver      192.168.1.252:1812

# RADIUS server to use for accouting requests. All that I
# said for authserver applies, too.
#
acctserver      192.168.1.252:1813

# file holding shared secrets used for the communication
# between the RADIUS client and server
servers         /etc/radiusclient/servers

# dictionary of allowed attributes and values
# just like in the normal RADIUS distributions
dictionary      /etc/radiusclient/dictionary

# program to call for a RADIUS authenticated login
login_radius    /usr/sbin/login.radius

# file which holds sequence number for communication with the
# RADIUS server
seqfile         /var/run/radius.seq

# file which specifies mapping between ttyname and NAS-Port attribute
mapfile         /etc/radiusclient/port-id-map

# default authentication realm to append to all usernames if no
# realm was explicitly specified by the user
# the radiusd directly form Livingston doesnt use any realms, so leave
# it blank then
default_realm

# time to wait for a reply from the RADIUS server
radius_timeout  10

# resend request this many times before trying the next server
radius_retries  3

# LOCAL settings

# program to execute for local login
# it must support the -f flag for preauthenticated login
login_local     /bin/login
----------------------------------------------------------------------
при попытке соединения выдаётся следущее в /var/log/pppoe.log:

#Server Name or Client/Server pair              Key
#----------------                               ---------------
#portmaster.elemental.net                       hardlyasecret
#portmaster2.elemental.net                      donttellanyone
#
# uncomment the following line for simple testing of radlogin
# with radiusd 1.16.1
#localhost/localhost                            testing123
192.168.1.252                                   dfhybyu
gw0:/etc/ppp/radiusclient # cat radiusclient.conf
# General settings

# specify which authentication comes first respectively which
# authentication is used. possible values are: "radius" and "local".
# if you specify "radius,local" then the RADIUS server is asked
# first then the local one. if only one keyword is specified only
# this server is asked.
auth_order      radius,local

# maximum login tries a user has
login_tries     4

# timeout for all login tries
# if this time is exceeded the user is kicked out
login_timeout   60

# name of the nologin file which when it exists disables logins.
# it may be extended by the ttyname which will result in
# a terminal specific lock (e.g. /etc/nologin.ttyS2 will disable
# logins on /dev/ttyS2)
nologin /etc/nologin

# name of the issue file. it's only display when no username is passed
# on the radlogin command line
issue   /etc/radiusclient/issue

# RADIUS settings

# RADIUS server to use for authentication requests. this config
# item can appear more then one time. if multiple servers are
# defined they are tried in a round robin fashion if one
# server is not answering.
# optionally you can specify a the port number on which is remote
# RADIUS listens separated by a colon from the hostname. if
# no port is specified /etc/services is consulted of the radius
# service. if this fails also a compiled in default is used.
authserver      192.168.1.252:1812

# RADIUS server to use for accouting requests. All that I
# said for authserver applies, too.
#
acctserver      192.168.1.252:1813

# file holding shared secrets used for the communication
# between the RADIUS client and server
servers         /etc/radiusclient/servers

# dictionary of allowed attributes and values
# just like in the normal RADIUS distributions
dictionary      /etc/radiusclient/dictionary

# program to call for a RADIUS authenticated login
login_radius    /usr/sbin/login.radius

# file which holds sequence number for communication with the
# RADIUS server
seqfile         /var/run/radius.seq

# file which specifies mapping between ttyname and NAS-Port attribute
mapfile         /etc/radiusclient/port-id-map

# default authentication realm to append to all usernames if no
# realm was explicitly specified by the user
# the radiusd directly form Livingston doesnt use any realms, so leave
# it blank then
default_realm

# time to wait for a reply from the RADIUS server
radius_timeout  10

# resend request this many times before trying the next server
radius_retries  3

# LOCAL settings

# program to execute for local login
# it must support the -f flag for preauthenticated login
login_local     /bin/login
-----------------------------------------------------------------------------