Thanks for your comments Alan.
I have since installed the stock standard freeradius server from the
freeradius.tar.gz on a stock standard Debian Potato system and the same
thing happened.
I noticed there is a difference between making the radiusd listen on port
1812/13 and 1645/46. I also noticed this on other implementations but
never mentioned it before so it's not unique just because it's on this
sytem.
These are the responses from a winNT dialup.
When listening on 1812
Timed out while waiting for a valid response from the remote ppp server.
When listening on 1645
Verifying username and password.
Error 5
So their radius proxy server must be receiving the reply. Perhaps there is
something wrong with the reply information.
I have asked the proxy server operator if I am not sending enough reply
information.
Here is what the radius server received and sent back. It also shows the
username/password was accepted by our server.
Listening on IP address 203.16.135.45, ports 1645/udp and 1646/udp, with
proxy on 1647/udp.
Ready to process requests.
rad_recv: Access-Request packet from host 203.194.56.120:1812, id=91,
length=271
NAS-IP-Address = 203.220.246.49
NAS-Port-Type = Async
Called-Station-Id = "142330358016426"
Calling-Station-Id = "358711419"
Service-Type = Framed-User
Framed-Protocol = PPP
Password = "4\217=\261\345s.\360 \\\260\262Sq\357\222"
User-Name = "steve"
Proxy-State =
0x42535032696d7330312d7379642f333237414542433746393833453544433931354532303830354
4443333323545304544343946433130454346353543424246433142314331313234343937373233353145343030344631333041
4135313734314434373846313432393846383743414531424641373045444435304145384542324335443137343744433744323
73232463333324336314139364345364538383643324341373733324541
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
modcall[authorize]: module "suffix" returns ok
users: Matched steve at 72
modcall[authorize]: module "files" returns ok
modcall: group authorize returns ok
rad_check_password: Found Auth-Type Local
auth: type Local
auth: user supplied Password matches local Password
Sending Access-Accept of id 91 to 203.194.56.120:1812
Framed-Protocol = PPP
Framed-IP-Netmask = 255.255.255.255
Proxy-State =
0x42535032696d7330312d7379642f333237414542433746393833453544433931354532303830354
4443333323545304544343946433130454346353543424246433142314331313234343937373233353145343030344631333041
4135313734314434373846313432393846383743414531424641373045444435304145384542324335443137343744433744323
73232463333324336314139364345364538383643324341373733324541
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 91 with timestamp 3bcadfa8
Nothing to do. Sleeping until we see a request.
On Mon, 15 Oct 2001 [EMAIL PROTECTED] wrote:
> Mervyn Jack <[EMAIL PROTECTED]> wrote:
> > You'll notice the first line of tcpdump, shows the request coming in
> > on port 1645 and a return port of 1812. (I assume that's a return
> > port. Here is that first line..
> >
> > 14:23:22.959993 203.194.56.120.1812 > 203.16.135.45.1645:
> > rad-access-req 271 [id 95] Attr[ NAS_ipaddr{203.220.246.49}
> > NAS_port_type{#30} Called_station{142330358 016426} [|radius] (DF)
>
> This is the access request packet. It looks fine.
> x.. chomp..
Mervyn Jack, Technical Services, Country Netlink, Cobram, Vic, Australia.
Providing Internet access to the Cobram, Shepparton & Benalla local call
areas.
Phone 03 5871 1000 | Fax 03 5871 1874 | Mobile 0409 960 520
Work: http://www.cnl.com.au | Pers: http://www.cnl.com.au/users/mervynj
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
