Package: xtradius
Version: 1.2.1-beta2
This authentication problem is detected only for amd64 architecture,
radius key does not match after transfer Cisco IOS (different version and
model).
...but on i386 architecture working properly.
debian:~# uname -a
Linux debian 2.6.26-2-amd64 #1 SMP Thu Nov 25 04:30:55 UTC 2010 x86_64
GNU/Linux
libc Version: 2.7-18lenny6
debian:~# radiusd -sxxy
Starting - reading configuration files ...
Ready to process requests.
radrecv: Packet from host 172.16.0.131 code=1, id=160, length=125
User-Name = "testuser"
User-Password = "\263\352\311ZNY\221x4YW\250,2\3531"
NAS-Port = 7
Attr-87 = "tty7"
NAS-Port-Type = Virtual
Calling-Station-Id = "172.16.0.201"
Service-Type = Login-User
NAS-IP-Address = 172.16.0.131
Acct-Session-Id = "AC100083000001BE"
NAS-Identifier = "gw-test"
Event-Timestamp (Unknown Type 3)
users: Matched DEFAULT at line 136
auth: System
Sending Reject of id 160 to 172.16.0.131
Login incorrect: [testuser/�����f7����;���:] (from nas
gw-test/S7 cli 172.16.0.201)
Cisco debug:
011913: Dec 1 19:47:47.001 MSK: RADIUS/ENCODE(000001C1): ask "Password: "
011914: Dec 1 19:47:47.001 MSK: RADIUS/ENCODE(000001C1): send packet;
GET_PASSWORD
011915: Dec 1 19:47:49.801 MSK: RADIUS/ENCODE(000001C1):Orig. component
type = EXEC
011916: Dec 1 19:47:49.801 MSK: RADIUS: AAA Unsupported Attr: interface
[174] 4
011917: Dec 1 19:47:49.801 MSK: RADIUS: 74 74 [tt]
011918: Dec 1 19:47:49.801 MSK: RADIUS(000001C1): Config NAS IP:
172.16.0.131
011919: Dec 1 19:47:49.801 MSK: RADIUS/ENCODE(000001C1): acct_session_id:
446
011920: Dec 1 19:47:49.801 MSK: RADIUS(000001C1): Config NAS IP:
172.16.0.131
011921: Dec 1 19:47:49.801 MSK: RADIUS(000001C1): sending
011922: Dec 1 19:47:49.801 MSK: RADIUS(000001C1): Send Access-Request to
172.16.0.168:1812 id 1645/160, len 125
011923: Dec 1 19:47:49.805 MSK: RADIUS: authenticator 7F 70 2E 68 09 30
D8 C2 - 73 82 1F B8 BD A8 DB 45
011924: Dec 1 19:47:49.805 MSK: RADIUS: User-Name [1] 10 "
testuser"
011925: Dec 1 19:47:49.805 MSK: RADIUS: User-Password [2] 18 *
011926: Dec 1 19:47:49.805 MSK: RADIUS: NAS-Port [5] 6 7
011927: Dec 1 19:47:49.805 MSK: RADIUS: NAS-Port-Id [87] 6
"tty7"
011928: Dec 1 19:47:49.805 MSK: RADIUS: NAS-Port-Type [61] 6
Virtual [5]
011929: Dec 1 19:47:49.805 MSK: RADIUS: Calling-Station-Id [31] 14
"172.16.0.201"
011930: Dec 1 19:47:49.805 MSK: RADIUS: Service-Type [6] 6
Login [1]
011931: Dec 1 19:47:49.805 MSK: RADIUS: NAS-IP-Address [4] 6
172.16.0.131
011932: Dec 1 19:47:49.805 MSK: RADIUS: Acct-Session-Id [44] 18
"AC100083000001BE"
011933: Dec 1 19:47:49.805 MSK: RADIUS: Nas-Identifier [32] 9 "
gw-test"
011934: Dec 1 19:47:49.805 MSK: RADIUS: Event-Timestamp [55] 6
1291222069
011935: Dec 1 19:47:49.809 MSK: RADIUS: Received from id 1645/160
172.16.0.168:1812, Access-Reject, len 20
011936: Dec 1 19:47:49.809 MSK: RADIUS: authenticator F4 71 CC C3 B7 6B
1C 74 - 50 DB 3C 9D AD D6 B6 6C
011937: Dec 1 19:47:49.809 MSK: RADIUS: response-authenticator decrypt
fail, pak len 20
011938: Dec 1 19:47:49.809 MSK: RADIUS: packet dump:
03A00014F471CCC3B76B1C7450DB3C9DADD6B66C
011939: Dec 1 19:47:49.809 MSK: RADIUS: expected digest:
FFFFFFA0FFFFFFE25842FFFFFFE8FFFFFFD7FFFFFFF4FFFFFF9668FFFFFFF3FFFFFFBA6D1E7B32FFFFFFBE
011940: Dec 1 19:47:49.809 MSK: RADIUS: response authen:
FFFFFFF471FFFFFFCCFFFFFFC3FFFFFFB76B1C7450FFFFFFDB3CFFFFFF9DFFFFFFADFFFFFFD6FFFFFFB66C
011941: Dec 1 19:47:49.809 MSK: RADIUS: request authen:
7F702E680930D8C273821FB8BDA8DB45
011942: Dec 1 19:47:49.809 MSK: RADIUS: Response (160) failed decrypt
-----------------------------------------------------------------------------------------------------------------------------------------------------------
lenny386:~$ uname -a
Linux lenny386 2.6.26-2-686 #1 SMP Thu Nov 25 01:53:57 UTC 2010 i686
GNU/Linux
libc Version: 2.7-18lenny6
lenny386:/# radiusd -sxxy
Starting - reading configuration files ...
Ready to process requests.
radrecv: Packet from host 172.16.0.131 code=1, id=171, length=125
User-Name = "testuser"
User-Password = "<8t\325fg\355-\207\304\r\262revP"
NAS-Port = 7
Attr-87 = "tty7"
NAS-Port-Type = Virtual
Calling-Station-Id = "172.16.0.201"
Service-Type = Login-User
NAS-IP-Address = 172.16.0.131
Acct-Session-Id = "AC100083000001CA"
NAS-Identifier = "gw-test"
Event-Timestamp (Unknown Type 3)
users: Matched DEFAULT at line 136
auth: System
Sending Ack of id 171 to 172.16.0.131
Login OK: [testuser] (from nas 172.16.0.131/S7)
Cisco debug:
012250: Dec 1 20:12:46.622 MSK: RADIUS/ENCODE(000001CD): ask "Password: "
012251: Dec 1 20:12:46.622 MSK: RADIUS/ENCODE(000001CD): send packet;
GET_PASSWORD
012252: Dec 1 20:12:49.398 MSK: RADIUS/ENCODE(000001CD):Orig. component
type = EXEC
012253: Dec 1 20:12:49.398 MSK: RADIUS: AAA Unsupported Attr: interface
[174] 4
012254: Dec 1 20:12:49.398 MSK: RADIUS: 74 74 [tt]
012255: Dec 1 20:12:49.398 MSK: RADIUS(000001CD): Config NAS IP:
172.16.0.131
012256: Dec 1 20:12:49.398 MSK: RADIUS/ENCODE(000001CD): acct_session_id:
458
012257: Dec 1 20:12:49.398 MSK: RADIUS(000001CD): Config NAS IP:
172.16.0.131
012258: Dec 1 20:12:49.398 MSK: RADIUS(000001CD): sending
012259: Dec 1 20:12:49.398 MSK: RADIUS(000001CD): Send Access-Request to
172.16.0.168:1812 id 1645/171, len 125
012260: Dec 1 20:12:49.398 MSK: RADIUS: authenticator 2C 35 01 81 E8 1D
D9 FB - A7 E1 90 65 16 13 BD A2
012261: Dec 1 20:12:49.398 MSK: RADIUS: User-Name [1] 10 "
testuser"
012262: Dec 1 20:12:49.398 MSK: RADIUS: User-Password [2] 18 *
012263: Dec 1 20:12:49.398 MSK: RADIUS: NAS-Port [5] 6 7
012264: Dec 1 20:12:49.398 MSK: RADIUS: NAS-Port-Id [87] 6
"tty7"
012265: Dec 1 20:12:49.398 MSK: RADIUS: NAS-Port-Type [61] 6
Virtual [5]
012266: Dec 1 20:12:49.398 MSK: RADIUS: Calling-Station-Id [31] 14
"172.16.0.201"but on i386 architecture working properly...
012267: Dec 1 20:12:49.398 MSK: RADIUS: Service-Type [6] 6
Login [1]
012268: Dec 1 20:12:49.398 MSK: RADIUS: NAS-IP-Address [4] 6
172.16.0.131
012269: Dec 1 20:12:49.398 MSK: RADIUS: Acct-Session-Id [44] 18
"AC100083000001CA"
012270: Dec 1 20:12:49.398 MSK: RADIUS: Nas-Identifier [32] 9
"gw-test"
012271: Dec 1 20:12:49.398 MSK: RADIUS: Event-Timestamp [55] 6
1291223569
012272: Dec 1 20:12:49.402 MSK: RADIUS: Received from id 1645/171
172.16.0.168:1812, Access-Accept, len 20
012273: Dec 1 20:12:49.402 MSK: RADIUS: authenticator 39 95 66 9B 0B CE
A1 1A - 62 06 23 D8 3A F7 17 A4
012274: Dec 1 20:12:49.402 MSK: RADIUS(000001CD): Received from id
1645/171
Best Regards,
Serge Khmel
