I used this and looked at the output which looks correct. I am going to pursue the issue with the vendor. Thanks all!
Cheers, Tom Roy Hooper wrote: >I wrote a script in perl at one point to do radius testing, but can't find >it. I think FreeRadius ships with a command line tool to do queries and >dump the results. These kinds of tools would be your best bet for >debugging. > >-- >Roy Hooper >Project Manager & Senior UNIX Consultant >Decisive Technologies Inc. > > >----- Original Message ----- >From: "Thomas Keitel" <[EMAIL PROTECTED]> >To: <[EMAIL PROTECTED]> >Sent: Wednesday, March 13, 2002 8:18 PM >Subject: radiusd passing bogus ATTRIBUTES to Foundry Boxes (incl. debug >outputs) > > >According to the dictionary.foundry file the ATTRIBUTE id's for the >attributes I set in the DEFAULT user configuration should be values 1 2 >and 3 repectively, however it looks to me that the foundry is recieving >a authentication reply packet from the server with incorrect ATTRIBUTE >id's (the ID's in the packet also appear to be identical as 0x1a): > >Start radiusd -X debug output >--------------------------------------------------------------------- > >rad_recv: Access-Request packet from host *removed*:1645, id=121, length=65 > User-Name = "tkeitel" > User-Password = "ej\236\210:-l\332\260\250\272\266\247\375\025\373" > Service-Type = 0 > NAS-IP-Address = *removed* > NAS-Port = 1 >modcall: entering group authorize > modcall[authorize]: module "preprocess" returns ok > modcall[authorize]: module "suffix" returns ok > users: Matched DEFAULT at 1 > modcall[authorize]: module "files" returns ok >modcall: group authorize returns ok > rad_check_password: Found Auth-Type System >auth: type "System" >modcall: entering group authenticate > modcall[authenticate]: module "unix" returns ok >modcall: group authenticate returns ok >Login OK: [tkeitel] (from nas UNKNOWN-NAS port 1) >Sending Access-Accept of id 121 to *removed*:1645 > foundry-privilege-level = 5 > foundry-command-string = "show" > foundry-command-exception-flag = 1 >Finished request 7 >---------------------------------------------------------------------- > > > > >Start Foundry ptrace aaa >--------------------------------------------------------------------- >ptrace output from Foundry: > >Radius message received from server. >Tracing the received Radius packet.. >Radius Header (hex): Code=02 Identifier=7c Length=0038 >Authenticator (hex):967feb280d44ee630d8850103e632171 > Attribute Type(hex)=1a Len(hex)=0c Value (hex)=000007c7010600000005 > Attribute Type(hex)=1a Len(hex)=0c Value (hex)=000007c7020673686f77 > Attribute Type(hex)=1a Len(hex)=0c Value (hex)=000007c7030600000001 >---------------------------------------------------------------------------- >----------- > >I only have one user set up in the users file > >DEFAULT Auth-Type := System > foundry-privilige-level = 5, > foundry-command-string = show, > foundry-command-exception-flag = 1 > >So is the Foundry screwing up this packet after ingress to the AAA >process or is the actual radius packet being incorrectly generated? > > >Thanks, > >Tom > > > >- >List info/subscribe/unsubscribe? See >http://www.freeradius.org/list/users.html > > > > >- >List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
