I wrote a script in perl at one point to do radius testing, but can't find
it. I think FreeRadius ships with a command line tool to do queries and
dump the results. These kinds of tools would be your best bet for
debugging.
--
Roy Hooper
Project Manager & Senior UNIX Consultant
Decisive Technologies Inc.
----- Original Message -----
From: "Thomas Keitel" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, March 13, 2002 8:18 PM
Subject: radiusd passing bogus ATTRIBUTES to Foundry Boxes (incl. debug
outputs)
According to the dictionary.foundry file the ATTRIBUTE id's for the
attributes I set in the DEFAULT user configuration should be values 1 2
and 3 repectively, however it looks to me that the foundry is recieving
a authentication reply packet from the server with incorrect ATTRIBUTE
id's (the ID's in the packet also appear to be identical as 0x1a):
Start radiusd -X debug output
---------------------------------------------------------------------
rad_recv: Access-Request packet from host *removed*:1645, id=121, length=65
User-Name = "tkeitel"
User-Password = "ej\236\210:-l\332\260\250\272\266\247\375\025\373"
Service-Type = 0
NAS-IP-Address = *removed*
NAS-Port = 1
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
modcall[authorize]: module "suffix" returns ok
users: Matched DEFAULT at 1
modcall[authorize]: module "files" returns ok
modcall: group authorize returns ok
rad_check_password: Found Auth-Type System
auth: type "System"
modcall: entering group authenticate
modcall[authenticate]: module "unix" returns ok
modcall: group authenticate returns ok
Login OK: [tkeitel] (from nas UNKNOWN-NAS port 1)
Sending Access-Accept of id 121 to *removed*:1645
foundry-privilege-level = 5
foundry-command-string = "show"
foundry-command-exception-flag = 1
Finished request 7
----------------------------------------------------------------------
Start Foundry ptrace aaa
---------------------------------------------------------------------
ptrace output from Foundry:
Radius message received from server.
Tracing the received Radius packet..
Radius Header (hex): Code=02 Identifier=7c Length=0038
Authenticator (hex):967feb280d44ee630d8850103e632171
Attribute Type(hex)=1a Len(hex)=0c Value (hex)=000007c7010600000005
Attribute Type(hex)=1a Len(hex)=0c Value (hex)=000007c7020673686f77
Attribute Type(hex)=1a Len(hex)=0c Value (hex)=000007c7030600000001
----------------------------------------------------------------------------
-----------
I only have one user set up in the users file
DEFAULT Auth-Type := System
foundry-privilige-level = 5,
foundry-command-string = show,
foundry-command-exception-flag = 1
So is the Foundry screwing up this packet after ingress to the AAA
process or is the actual radius packet being incorrectly generated?
Thanks,
Tom
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
