Here it is (tcpdump output)
Seems not to be interpreted correclty by the radius server ...
---
16:47:27.301490 eth0 < authpix-nominal.radius-acct > authserv.radius-acct:
udp 155
4500 00b7 e273 0000 ff11 b699 0a0f 0701
0a0f 070a 0715 0715 00a3 674c 0481 009b
e2f1 a03a b883 8e9f 7f3a cebe 2615 9943
2806 0000 0001 0406 0a0f 0701 0e06 0ae7
0975 1006 0000 0050 2c0c 3078 3030 3030
3232 3365 0108 5330 3135 3531 1a17 536f
7572 6365 2d49 503d 3137 322e 3138 2e31
352e 331a 1253 6f75 7263 652d 506f 7274
3d31 3236 371a 1d44 6573 7469 6e61 7469
6f6e 2d49 503d 3130 2e32 3331 2e39 2e31
3137 1a15 4465 7374 696e 6174 696f 6e2d
506f 7274 3d38 30
E^@ ^@.. .. s ^@^@ ..^Q .... ^J^O ^G^A
^J^O ^G^J ^G^U ^G^U ^@.. g L ^D.. ^@..
.... .. : .... .... ^� : .... &^U .. C
(^F ^@^@ ^@^A ^D^F ^J^O ^G^A ^N^F ^J..
^I u ^P^F ^@^@ ^@ P ,^L 0 x 0 0 0 0
2 2 3 e ^A^H S 0 1 5 5 1 ^Z^W S o
u r c e - I P = 1 7 2 . 1 8 . 1
5 . 3^Z ^R S o u r c e - P o r t
= 1 2 6 7^Z ^] D e s t i n a t i
o n - I P = 1 0 . 2 3 1 . 9 . 1
1 7 ^Z^U D e s t i n a t i o n -
P o r t = 8 0
16:47:27.499504 eth0 < authpix-nominal.radius-acct > authserv.radius-acct:
udp 173
4500 00c9 e27a 0000 ff11 b680 0a0f 0701
0a0f 070a 0715 0715 00b5 6209 0482 00ad
8ec8 6f8b b9a8 d3aa 22f6 d320 2fa0 a426
2806 0000 0002 0406 0a0f 0701 0e06 0ae7
0975 1006 0000 0050 2c0c 3078 3030 3030
3232 3365 0108 5330 3135 3531 2e06 0000
0000 2a06 0000 0178 2b06 0000 029d 1a17
536f 7572 6365 2d49 503d 3137 322e 3138
2e31 352e 331a 1253 6f75 7263 652d 506f
7274 3d31 3236 371a 1d44 6573 7469 6e61
7469 6f6e 2d49 503d 3130 2e32 3331 2e39
2e31 3137 1a15 4465 7374 696e 6174 696f
6e2d 506f 7274 3d38 30
E^@ ^@.. .. z ^@^@ ..^Q .... ^J^O ^G^A
^J^O ^G^J ^G^U ^G^U ^@.. b^I ^D.. ^@..
.... o.. .... .... ".. .. /.. .. &
(^F ^@^@ ^@^B ^D^F ^J^O ^G^A ^N^F ^J..
^I u ^P^F ^@^@ ^@ P ,^L 0 x 0 0 0 0
2 2 3 e ^A^H S 0 1 5 5 1 .^F ^@^@
^@^@ *^F ^@^@ ^A x +^F ^@^@ ^B.. ^Z^W
S o u r c e - I P = 1 7 2 . 1 8
. 1 5 . 3^Z ^R S o u r c e - P o
r t = 1 2 6 7^Z ^] D e s t i n a
t i o n - I P = 1 0 . 2 3 1 . 9
. 1 1 7 ^Z^U D e s t i n a t i o
n - P o r t = 8
0
16:47:35.822592 eth0 < authpix-nominal.radius-acct > authserv.radius-acct:
udp 155
4500 00b7 e27d 0000 ff11 b68f 0a0f 0701
0a0f 070a 0715 0715 00a3 352d 0483 009b
f411 2aa0 6b35 7f8f 3bff 3661 ef27 9dbe
2806 0000 0001 0406 0a0f 0701 0e06 0ae7
0975 1006 0000 0050 2c0c 3078 3030 3030
3232 3366 0108 5330 3135 3531 1a17 536f
7572 6365 2d49 503d 3137 322e 3138 2e31
352e 331a 1253 6f75 7263 652d 506f 7274
3d31 3236 381a 1d44 6573 7469 6e61 7469
6f6e 2d49 503d 3130 2e32 3331 2e39 2e31
3137 1a15 4465 7374 696e 6174 696f 6e2d
506f 7274 3d38 30
E^@ ^@.. .. } ^@^@ ..^Q .... ^J^O ^G^A
^J^O ^G^J ^G^U ^G^U ^@.. 5 - ^D.. ^@..
..^Q *.. k 5 ^�.. ;.. 6 a .. ' ....
(^F ^@^@ ^@^A ^D^F ^J^O ^G^A ^N^F ^J..
^I u ^P^F ^@^@ ^@ P ,^L 0 x 0 0 0 0
2 2 3 f ^A^H S 0 1 5 5 1 ^Z^W S o
u r c e - I P = 1 7 2 . 1 8 . 1
5 . 3^Z ^R S o u r c e - P o r t
= 1 2 6 8^Z ^] D e s t i n a t i
o n - I P = 1 0 . 2 3 1 . 9 . 1
1 7 ^Z^U D e s t i n a t i o n -
P o r t = 8 0
-----Message d'origine-----
De : 3APA3A [mailto:[EMAIL PROTECTED]]
Envoy� : mercredi 20 mars 2002 09:44
� : Pierre Strazza
Objet : Re[2]: PIX v6.1 accounting problem
Dear Pierre Strazza,
It means Cisco has a Vendor-Specific packet structure different from one
recommended in RFC (or sends a buggy packet). Can you sniff the packet?
--Wednesday, March 20, 2002, 3:45:27 AM, you wrote to
[EMAIL PROTECTED]:
PS> Here is the radius.log extract :
PS> Wed Mar 20 01:41:30 2002 : Error: WARNING: Malformed RADIUS packet from
host
PS> x.x.x.x: Vendor specific attributes do not exactly fill Vendor-Specific
PS> Same error is reported while running in debug mode.
PS> No further accounting information is logged.
PS> The cisco box is a PIX firewall v6.1, authenticating users thru the
PS> freeradius server for VPN access.
PS> Pierre.
PS> -----Message d'origine-----
PS> De : Chris Parker [mailto:[EMAIL PROTECTED]]
PS> Envoy� : mardi 19 mars 2002 19:13
PS> � : [EMAIL PROTECTED]
PS> Objet : RE: PIX v6.1 accounting problem
PS> At 05:19 PM 3/19/2002 +0100, Pierre Strazza wrote:
>>The request is not loggued since an error message is reported in the
>>radius.log file, indicating some non conform attributes - not proceeded.
>>
>>the dictionary.cisco seems to be already included in the dictionary file
by
>>default ..
>>
>>Any idea ?
PS> It would really really really help if you could provide the error
message
PS> printed by the server, as well as any printed when you run it in debug
PS> mode.
PS> -Chris
PS> --
PS> \\\|||/// \ StarNet Inc. \ Chris Parker
PS> \ ~ ~ / \ WX *is* Wireless! \ Director, Engineering
PS> | @ @ | \ http://www.starnetwx.net \ (847) 963-0116
PS> oOo---(_)---oOo--\------------------------------------------------------
PS> \ Wholesale Internet Services -
http://www.megapop.net
PS> -
PS> List info/subscribe/unsubscribe? See
PS> http://www.freeradius.org/list/users.html
PS> .
PS> .
PS> .
PS> -
PS> List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
--
~/ZARAZA
�� �����... � ���������� ����� ������������ ���, ��
������� ������������� � �����-�� �������� ������ ����. (����)
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
.
.
.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
