2

I setup PPTP server based on Debian. I test it using standard pap-secrets file and itu work as expected.

I try to use radius as it's AAA. First I can not fine any /etc/radiusclient/radiusclient.conf

So I download the radius client source from freeRadius git. compie and make a test

First I got this error :

Jan 7 04:56:39 core pppd[32761]: /usr/local/etc/radiusclient/radiusclient.conf: line 81: unrecognized keyword: radius_deadtime Jan 7 04:56:39 core pppd[32761]: /usr/local/etc/radiusclient/radiusclient.conf: seqfile not specified Jan 7 04:56:39 core pppd[32761]: sent [PAP AuthNak id=0x84 "RADIUS: Can't read config file /usr/local/etc/radiusclient/radiusclient.conf"]

So I comented the 'radius_deadtime' line, and add line :

Re-test, and got following error:

Jan 7 05:00:41 core pppd[386]: rc_read_dictionary: invalid type on line 121 of dictionary /usr/local/etc/radiusclient/dictionary Jan 7 05:00:41 core pppd[386]: sent [PAP AuthNak id=0x89 "RADIUS: Can't read dictionary file /usr/local/etc/radiusclient/dictionary"]

I check what is in that line 121, and it says :

ATTRIBUTE Framed-IPv6-Prefix 97 ipv6prefix

Kindly please give me some clue how to fix this.

Tom Yan
  • 9,075
  • 2
  • 17
  • 36
Bino Oetomo
  • 133
  • 2

1 Answers1

0

This is because a set of awful thing happended to the radiusclient in Debian:

  • first it was deleted in Stretch (some packages were still referencing it, but it was gone)
  • then about somewhere in Buster it was readded back, as libradcli
  • but with weird and badly damaged dictionaries, with wrong types and incomplete configuration files (yeah !)

So basically radcli has fixed set of built-in errors:

  • rc_avpair_new: unknown attribute - means the dictionary is just wrong, one need to get proper one from older release of radiusclient-ng (for instance from 0.5.6)
  • seqfile not specified - one need to specify seqfile, a file created on the fly by a radcli
  • mapfile not specified - one need to get port-id-map from older release (for instance from 0.5.6) and specify it in the configuration file

After that basically it will start to work fine.

u1686_grawity
  • 426,297
  • 64
  • 894
  • 966
drookie
  • 143
  • 7