PPPoE pap 驗證失敗，即使密碼正確

我在 ubuntu 18.04LTS 上設置了一個虛擬機中的 ppp 伺服器，用於測試 puproces，具有以下設置：

• /etc/ppp/pap-secrets:

#
# /etc/ppp/pap-secrets
#
# This is a pap-secrets file to be used with the AUTO_PPP function of
# mgetty. mgetty-0.99 is preconfigured to startup pppd with the login option
# which will cause pppd to consult /etc/passwd (and /etc/shadow in turn)
# after a user has passed this file. Don't be disturbed therefore by the fact
# that this file defines logins with any password for users. /etc/passwd
# (again, /etc/shadow, too) will catch passwd mismatches.
#
# This file should block ALL users that should not be able to do AUTO_PPP.
# AUTO_PPP bypasses the usual login program so it's necessary to list all
# system userids with regular passwords here.
#
# ATTENTION: The definitions here can allow users to login without a
# password if you don't use the login option of pppd! The mgetty Debian
# package already provides this option; make sure you don't change that.

# INBOUND connections

# Every regular user can use PPP and has to use passwords from /etc/passwd
*   hostname    ""  *

# UserIDs that cannot use PPP at all. Check your /etc/passwd and add any
# other accounts that should not be able to use pppd!
guest   hostname    "*" -
master  hostname    "*" -
root    hostname    "*" -
support hostname    "*" -
stats   hostname    "*" -

# OUTBOUND connections

# Here you should add your userid password to connect to your providers via
# PAP. The * means that the password is to be used for ANY host you connect
# to. Thus you do not have to worry about the foreign machine name. Just
# replace password with your password.
# If you have different providers with different passwords then you better
# remove the following line.

#   *   password
"user1" *   "user1" *

• 並/etc/ppp/pppoe-server-options具有以下設置：

# PPP options for the PPPoE server
# LIC: GPL
auth
debug
#plugin /etc/ppp/plugins/rp-pppoe.so
require-pap
login
mtu 500
mru 500
ktune
proxyarp
lcp-echo-interval 10
lcp-echo-failure 2
nobsdcomp
noccp
novj
noipx 

然後我通過以下方式啟動 pppoe 伺服器：

sudo pppoe-server -C dummyppoe -I enp0s8 -L 10.0.0.1 -l -R 10.0.0.2 -N 265 -O /etc/ppp/pppoe-server-options

此外，我在 virtualbox vm 中有一個 Ubuntu 18.04LTS 客戶端，我通過以下命令創建了一個新的 ppp 連接：

nmcli con edit type pppoe con-name "Dummy PPP"

然後在提示的命令界面中輸入以下命令：

set pppoe.username user1
set pppoe.password user1
save
quit

並通過命令提示連接：

sudo nmcli device connect enp0s3

但在我的伺服器上，/var/log/syslog我收到以下錯誤：

May 31 11:53:27 ppp-server pppoe-server[3059]: Session 18 created for client 08:00:27:d0:71:55 (10.0.0.19) on enp0s8 using Service-Name ''
May 31 11:53:27 ppp-server pppd[3059]: pppd 2.4.7 started by user, uid 0
May 31 11:53:27 ppp-server pppd[3059]: using channel 60
May 31 11:53:27 ppp-server pppd[3059]: Using interface ppp0
May 31 11:53:27 ppp-server pppd[3059]: Connect: ppp0 <--> /dev/pts/2
May 31 11:53:27 ppp-server systemd-udevd[3061]: link_config: autonegotiation is unset or enabled, the speed and duplex are not writable.
May 31 11:53:27 ppp-server pppd[3059]: rcvd [LCP ConfReq id=0x1 <mru 1492> <magic 0x8877ed71>]
May 31 11:53:27 ppp-server pppd[3059]: sent [LCP ConfReq id=0x1 <mru 1492> <auth pap> <magic 0xf28cfd90>]
May 31 11:53:27 ppp-server pppd[3059]: sent [LCP ConfAck id=0x1 <mru 1492> <magic 0x8877ed71>]
May 31 11:53:27 ppp-server pppd[3059]: rcvd [LCP ConfAck id=0x1 <mru 1492> <auth pap> <magic 0xf28cfd90>]
May 31 11:53:27 ppp-server pppd[3059]: sent [LCP EchoReq id=0x0 magic=0xf28cfd90]
May 31 11:53:27 ppp-server systemd-timesyncd[603]: Network configuration changed, trying to establish connection.
May 31 11:53:27 ppp-server networkd-dispatcher[1011]: WARNING:Unknown index 63 seen, reloading interface list
May 31 11:53:27 ppp-server pppd[3059]: rcvd [PAP AuthReq id=0x1 user="user1" password=<hidden>]
May 31 11:53:27 ppp-server pppd[3059]: Initializing PAM (3) for user user1
May 31 11:53:27 ppp-server pppd[3059]: ---> PAM INIT Result = 0
May 31 11:53:27 ppp-server pppd[3059]: Attempting PAM authentication
May 31 11:53:27 ppp-server systemd-timesyncd[603]: Synchronized to time server 91.189.89.198:123 (ntp.ubuntu.com).
May 31 11:53:28 ppp-server pppd[3059]: PAM Authentication failed: 7: Authentication failure
May 31 11:53:28 ppp-server pppd[3059]: PAP peer authentication failed for user1
May 31 11:53:28 ppp-server pppd[3059]: Connection terminated.
May 31 11:53:28 ppp-server pppoe[3063]: read (asyncReadFromPPP): Session 18: Input/output error
May 31 11:53:28 ppp-server systemd-timesyncd[603]: Network configuration changed, trying to establish connection.
May 31 11:53:28 ppp-server pppd[3059]: Exit.
May 31 11:53:28 ppp-server pppoe-server[2786]: Session 18 closed for client 08:00:27:d0:71:55 (10.0.0.19) on enp0s8
May 31 11:53:28 ppp-server pppoe-server[2786]: Sent PADT
May 31 11:53:28 ppp-server pppoe-server[2786]: PADT for session 18 received from 08:00:27:D0:71:55; should be from 00:00:00:00:00:00
May 31 11:53:28 ppp-server systemd-timesyncd[603]: Synchronized to time server 91.189.89.198:123 (ntp.ubuntu.com).

此外，客戶端通過wireshark擷取的身份驗證過程數據包顯示我輸入了正確的密碼（我知道顯示密碼不好，但這是一個實驗性設置，而不是沒有任何公共訪問權限的生產設置）：

287 296.597405  PcsCompu_d0:71:55   PcsCompu_7b:9e:7b   PPP PAP 60  Authenticate-Request (Peer-ID='user1', Password='user1')

我做錯了什麼？

為了使其正常工作，您還應該在您的 ppp 伺服器中創建一個系統使用者。在您的範例中 user1 已被使用，那麼您也應該使用以下命令：

sudo useradd user1
sudo passwd user1

並提供密碼user1（或任何其他密碼，假設這是一個實驗設置，因此我也放置密碼）。沒有系統使用者，我無法做到。

另一種方法是從 中刪除該選項login，pppoe-server-options該選項也需要使用系統使用者作為 ppp 使用者。

引用自：https://serverfault.com/questions/969645