[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Winbind + PAM

Boa tarde pessoal!!!

Criei uma servidor vpn com o openswan + l2tpd, autenticando no samba em dominio PDC, é autenticado pelo PAM via winbind. Ele autentica o cliente vpn de boa, o problema é quando eu coloco um usuario ou uma senha que não seja válido ele não vai conectar, até tudo certo, entretanto se eu tentar conectar com usuario que é válido não é possível efetuar a autenticação, só consigo autenticar se o winbind for reiniciado. Gostaria de saber se alguem sabe o que está acontecendo ou já teve esse problema. Segue abaixo os arquivos de log:

syslog

  Oct  7 17:57:37 ares xl2tpd[3308]: control_finish: Peer requested tunnel 52 twice, ignoring second one.
Oct  7 17:57:37 ares xl2tpd[3308]: Connection established to 10.32.1.88, 1701.  Local: 36098, Remote: 52 (ref=0/0).  LNS session is 'default'
Oct  7 17:57:37 ares xl2tpd[3308]: start_pppd: I'm running:
Oct  7 17:57:37 ares xl2tpd[3308]: "/usr/sbin/pppd"
Oct  7 17:57:37 ares xl2tpd[3308]: "passive"
Oct  7 17:57:37 ares xl2tpd[3308]: "nodetach"
Oct  7 17:57:37 ares xl2tpd[3308]: "10.32.2.1:10.32.2.2"
Oct  7 17:57:37 ares xl2tpd[3308]: "refuse-pap"
Oct  7 17:57:37 ares xl2tpd[3308]: "refuse-chap"
Oct  7 17:57:37 ares xl2tpd[3308]: "auth"
Oct  7 17:57:37 ares xl2tpd[3308]: "debug"
Oct  7 17:57:37 ares xl2tpd[3308]: "file"
Oct  7 17:57:37 ares xl2tpd[3308]: "/etc/ppp/options.xl2tpd"
Oct  7 17:57:37 ares xl2tpd[3308]: "/dev/pts/1"
Oct  7 17:57:37 ares xl2tpd[3308]: Call established with 10.32.1.88, Local: 12502, Remote: 1, Serial: 0
Oct  7 17:57:37 ares pppd[3949]: Plugin winbind.so loaded.
Oct  7 17:57:37 ares pppd[3949]: WINBIND plugin initialized.
Oct  7 17:57:37 ares pppd[3949]: pppd 2.4.5 started by root, uid 0
Oct  7 17:57:37 ares pppd[3949]: using channel 23
Oct  7 17:57:37 ares pppd[3949]: Using interface ppp0
Oct  7 17:57:37 ares pppd[3949]: Connect: ppp0 <--> /dev/pts/1
Oct  7 17:57:37 ares pppd[3949]: sent [LCP ConfReq id=0x1 <mru 1410> <asyncmap 0x0> <auth chap MD5> <magic 0x1846d1af> <pcomp> <accomp>]
Oct  7 17:57:37 ares pppd[3949]: rcvd [LCP ConfReq id=0x0 <mru 1400> <magic 0x5a1600d> <pcomp> <accomp> <callback CBCP>]
Oct  7 17:57:37 ares pppd[3949]: sent [LCP ConfRej id=0x0 <callback CBCP>]
Oct  7 17:57:37 ares pppd[3949]: rcvd [LCP ConfNak id=0x1 <auth chap MS-v2>]
Oct  7 17:57:37 ares pppd[3949]: sent [LCP ConfReq id=0x2 <mru 1410> <asyncmap 0x0> <auth chap MS-v2> <magic 0x1846d1af> <pcomp> <accomp>]
Oct  7 17:57:37 ares pppd[3949]: rcvd [LCP ConfReq id=0x1 <mru 1400> <magic 0x5a1600d> <pcomp> <accomp>]
Oct  7 17:57:37 ares pppd[3949]: sent [LCP ConfAck id=0x1 <mru 1400> <magic 0x5a1600d> <pcomp> <accomp>]
Oct  7 17:57:37 ares pppd[3949]: rcvd [LCP ConfAck id=0x2 <mru 1410> <asyncmap 0x0> <auth chap MS-v2> <magic 0x1846d1af> <pcomp> <accomp>]
Oct  7 17:57:37 ares pppd[3949]: sent [LCP EchoReq id=0x0 magic=0x1846d1af]
Oct  7 17:57:37 ares pppd[3949]: sent [CHAP Challenge id=0x4e <c489626c420ca8843dfe95810cd206f0>, name = "l2tpd"]
Oct  7 17:57:37 ares pppd[3949]: rcvd [LCP Ident id=0x2 magic=0x5a1600d "MSRASV5.10"]
Oct  7 17:57:37 ares pppd[3949]: rcvd [LCP Ident id=0x3 magic=0x5a1600d "MSRAS-0-IA2"]
Oct  7 17:57:37 ares pppd[3949]: rcvd [LCP EchoRep id=0x0 magic=0x5a1600d]
Oct  7 17:57:37 ares pppd[3949]: rcvd [CHAP Response id=0x4e <77e03b4e0b5870bfc6cdaeecbc11007f0000000000000000614bf4d1db79a364b7958757bbc48fc87b3077cc3e1139cb00>, name = "devair"]
Oct  7 17:57:37 ares pppd[3949]: Winbind has declined authentication for user!
Oct  7 17:57:37 ares pppd[3949]: NT code 0x1c010002
Oct  7 17:57:37 ares pppd[3949]: Peer devair failed CHAP authentication
Oct  7 17:57:37 ares pppd[3949]: sent [CHAP Failure id=0x4e "E=691 R=1 C=c489626c420ca8843dfe95810cd206f0 V=0 M=NT code 0x1c010002"]
Oct  7 17:57:37 ares pppd[3949]: sent [LCP TermReq id=0x3 "Authentication failed"]
Oct  7 17:57:37 ares pppd[3949]: rcvd [LCP TermAck id=0x3 "Authentication failed"]
Oct  7 17:57:37 ares pppd[3949]: Connection terminated.
Oct  7 17:57:37 ares pppd[3949]: Exit.
Oct  7 17:57:37 ares xl2tpd[3308]: child_handler : pppd exited for call 1 with code 11
Oct  7 17:57:37 ares xl2tpd[3308]: call_close: Call 12502 to 10.32.1.88 disconnected
Oct  7 17:57:37 ares xl2tpd[3308]: control_finish: Connection closed to 10.32.1.88, port 1701 (), Local: 36098, Remote: 52
Oct  7 17:57:37 ares xl2tpd[3308]: Terminating pppd: sending TERM signal to pid 3949

auth.log

Oct  7 17:57:34 ares pluto[3552]: packet from 10.32.1.88:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
Oct  7 17:57:34 ares pluto[3552]: packet from 10.32.1.88:500: ignoring Vendor ID payload [FRAGMENTATION]
Oct  7 17:57:34 ares pluto[3552]: packet from 10.32.1.88:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106
Oct  7 17:57:34 ares pluto[3552]: packet from 10.32.1.88:500: ignoring Vendor ID payload [Vid-Initial-Contact]
Oct  7 17:57:34 ares pluto[3552]: "L2TP-PSK-NAT"[10] 10.32.1.88 #19: responding to Main Mode from unknown peer 10.32.1.88
Oct  7 17:57:34 ares pluto[3552]: "L2TP-PSK-NAT"[10] 10.32.1.88 #19: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Oct  7 17:57:34 ares pluto[3552]: "L2TP-PSK-NAT"[10] 10.32.1.88 #19: STATE_MAIN_R1: sent MR1, expecting MI2
Oct  7 17:57:35 ares pluto[3552]: "L2TP-PSK-NAT"[10] 10.32.1.88 #19: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: no NAT detected
Oct  7 17:57:35 ares pluto[3552]: "L2TP-PSK-NAT"[10] 10.32.1.88 #19: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Oct  7 17:57:35 ares pluto[3552]: "L2TP-PSK-NAT"[10] 10.32.1.88 #19: STATE_MAIN_R2: sent MR2, expecting MI3
Oct  7 17:57:35 ares pluto[3552]: "L2TP-PSK-NAT"[10] 10.32.1.88 #19: Main mode peer ID is ID_IPV4_ADDR: '10.32.1.88'
Oct  7 17:57:35 ares pluto[3552]: "L2TP-PSK-NAT"[10] 10.32.1.88 #19: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Oct  7 17:57:35 ares pluto[3552]: "L2TP-PSK-NAT"[10] 10.32.1.88 #19: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp2048}
Oct  7 17:57:35 ares pluto[3552]: "L2TP-PSK-NAT"[10] 10.32.1.88 #19: the peer proposed: 10.32.1.13/32:17/1701 -> 10.32.1.88/32:17/0
Oct  7 17:57:35 ares pluto[3552]: "L2TP-PSK-NAT"[10] 10.32.1.88 #20: responding to Quick Mode proposal {msgid:74eb713b}
Oct  7 17:57:35 ares pluto[3552]: "L2TP-PSK-NAT"[10] 10.32.1.88 #20:     us: 10.32.1.13<10.32.1.13>[+S=C]:17/1701
Oct  7 17:57:35 ares pluto[3552]: "L2TP-PSK-NAT"[10] 10.32.1.88 #20:   them: 10.32.1.88[+S=C]:17/1701
Oct  7 17:57:35 ares pluto[3552]: "L2TP-PSK-NAT"[10] 10.32.1.88 #20: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
Oct  7 17:57:35 ares pluto[3552]: "L2TP-PSK-NAT"[10] 10.32.1.88 #20: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
Oct  7 17:57:35 ares pluto[3552]: "L2TP-PSK-NAT"[10] 10.32.1.88 #20: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Oct  7 17:57:35 ares pluto[3552]: "L2TP-PSK-NAT"[10] 10.32.1.88 #20: STATE_QUICK_R2: IPsec SA established transport mode {ESP=>0xaf75cfce <0x50fb4d91 xfrm=3DES_0-HMAC_MD5 NATOA=none NATD=none DPD=none}
Oct  7 17:57:37 ares pluto[3552]: "L2TP-PSK-NAT"[10] 10.32.1.88 #19: received Delete SA(0xaf75cfce) payload: deleting IPSEC State #20
Oct  7 17:57:37 ares pluto[3552]: "L2TP-PSK-NAT"[10] 10.32.1.88 #19: received and ignored informational message
Oct  7 17:57:37 ares pluto[3552]: "L2TP-PSK-NAT"[10] 10.32.1.88 #19: received Delete SA payload: deleting ISAKMP State #19
Oct  7 17:57:37 ares pluto[3552]: "L2TP-PSK-NAT"[10] 10.32.1.88: deleting connection "L2TP-PSK-NAT" instance with peer 10.32.1.88 {isakmp=#0/ipsec=#0}
Oct  7 17:57:37 ares pluto[3552]: packet from 10.32.1.88:500: received and ignored informational message

Desde já agradeço a todos e uma boa tarde.

Clark
Reply to: