Folks,
Bay has already solved this problem.
We and checked our 5399s and thought we were running the latest software
load. It turns out we were wrong. :( The software we were running on
the 5399s used straight MD5 to generate the Message-Authenticator
attribute. This has been corrected in their 18.0.2 revision.
We upgraded our 5399s to the 18.0.2 revision and the blades now
authenticate correctly with the current version of Free-Radius.
Thank you very much for your input and help with this. It got me
looking in the right place and asking the right questions of the Bay-ISP
list and my co-workers to track down where the problem was.
Tim Mayo
Chris Parker wrote:
>
> At 05:29 PM 9/6/2001 -0400, Tim Mayo wrote:
> >Are you aware that the Attribute number is also the one assigned to
> >Ascend-Client-Assign-WINS? This may be the problem. Both of them are
> >attribute 80. I can't remember of hand if the 5399s are in Ascend
> >compat mode by default and I won't be able to check this until Monday. :(
> >
> >Changing the NAS config is a bit rough since these are in a live
> >production system. I will see what I can do though. Again, it won't be
> >until Monday.
>
> Ahh the joys of what happens when a large company blatantly ignores
> the RFC and does their own thing.
>
> Attribute 80 is Message-Authenticator. Ascend way back in the day
> drank some braincell killing koolaid and decided they didn't have
> to follow the RFC and put their attributes into a VSA, but could just
> start using the remaining unused ( but RESERVED! ) attributes.
>
> Probably need to implement a flag for ascend clients running in "OLD"
> mode, so that they don't have problems authenticating.
>
> *sigh*
>
> Anyone know who at Ascend made that call way back in the day?
>
> -Chris
> --
> \\\|||/// \ Chris Parker - Manager, Development Engineering
> \ ~ ~ / \ WX *is* Wireless! \ [EMAIL PROTECTED]
> | @ @ | \ http://www.starnetwx.net \ (847) 963-0116
> oOo---(_)---oOo--\------------------------------------------------------
> \ Without C we would have 'obol', 'basi', and 'pasal'
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
---------------------------------
Timothy L. Mayo mailto:[EMAIL PROTECTED]
Senior System Administrator
The National Business Network Inc.
localconnect(sm)
http://www.localconnect.net/
The National Business Network Inc. http://www.nb.net/
One Monroeville Center, Suite 850
Monroeville, PA 15146
(412) 810-8888 Phone
(412) 810-8886 Fax
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
