Hello Alan,
Wednesday, June 05, 2002, 6:42:27 PM, you wrote:
AD> Ruslan Spivak <[EMAIL PROTECTED]> wrote:
>> Authentication works well, but accounting messages from radius: Malformed packet
>....
>>
>> Alan wrote that I need to upgrade the firmware.
>> I did it but the problem remained. (firmware ver 4.02.00)
>> I do not know what to do now. Do I need to make a patch for this?
>> Or can it be solved by another way?
AD> Use 'tcpdump' or something similar to grab the accounting packets as
AD> raw data. Post one example to the list. I can take a look at it, and
AD> see if I can figure out where the NAS is screwing up.
AD> Alan DeKok.
Here it is:
tcpdump -x -X -vv -s 250 dst host 192.168.100.10 and dst port 1646
01:12:32.491773 192.168.100.101.datametrics > pyzope.sa-msg-port: [udp sum ok]
rad-account-req 101 [id 13] Attr[ User{test} NAS_ipaddr{192.168.100.101}
Acct_status{Start} Acct_session_id{test126478362} Acct_delay{00 secs}
Acct_authentic{RADIUS} Service_type{Administrative} Login_service{Telnet}
Login_TCP_port{62818} Login_iphost{is.is.lg.ua} NAS_port_type{Async} ] (ttl 255, id
990, len 129)
0x0000 4500 0081 03de 0000 ff11 6dcd c0a8 6465 E.........m...de
0x0010 c0a8 640a 066d 066e 006d c593 040d 005f ..d..m.n.m....._
0x0020 8678 2be9 b22f 9529 598e 2d2a 58e6 7485 .x+../.)Y.-*X.t.
0x0030 0106 7465 7374 0406 c0a8 6465 2806 0000 ..test....de(...
0x0040 0001 2c0f 7465 7374 3132 3634 3738 3336 ..,.test12647836
0x0050 3229 0600 0000 002d 0600 0000 0106 0600 2).....-........
0x0060 0000 060f 0600 0000 0010 0600 00f5 620e ..............b.
0x0070 06c0 a864 013d 0600 0000 0000 0000 0000 ...d.=..........
0x0080 00 .
01:13:00.311773 192.168.100.101.datametrics > pyzope.sa-msg-port: [udp sum ok]
rad-account-req 101 [id 14] Attr[ User{test} NAS_ipaddr{192.168.100.101}
Acct_status{Stop} Acct_session_id{test126478362} Acct_delay{00 secs}
Acct_authentic{RADIUS} Service_type{Administrative} Login_service{Telnet}
Login_TCP_port{62818} Login_iphost{is.is.lg.ua} Acct_session_time{28 secs} ] (ttl 255,
id 1001, len 129)
0x0000 4500 0081 03e9 0000 ff11 6dc2 c0a8 6465 E.........m...de
0x0010 c0a8 640a 066d 066e 006d 43a9 040e 005f ..d..m.n.mC...._
0x0020 a71e 658b ceae 7a51 0858 a700 1b52 9381 ..e...zQ.X...R..
0x0030 0106 7465 7374 0406 c0a8 6465 2806 0000 ..test....de(...
0x0040 0002 2c0f 7465 7374 3132 3634 3738 3336 ..,.test12647836
0x0050 3229 0600 0000 002d 0600 0000 0106 0600 2).....-........
0x0060 0000 060f 0600 0000 0010 0600 00f5 620e ..............b.
0x0070 06c0 a864 012e 0600 0000 1c00 0000 0000 ...d............
0x0080 00
Alan, my actions were:
lib/radius.c - function rad_recv
When I changed length in header to received length(hdr->length to
data->packet_len) radius began to write
such messages:
Dropping conflicting authentication packet from client
totalcontrol...
Unresponsive child
CHILD: exit on signal (11)
When I did this: packet->dat_len = totallen; radius began to write:
Received Accounting-Request with invalid signature. After that I
commented the code in function rad_decode between
case PW_ACCOUNTING_REQUEST: and break;
Accounting began to work normal.
I understand that it's naive approach, but I do not yet understand
freeradius internals, so would you be so kind to explain me possible consequnces
from that approach and possible decision to that. Thanks in advance
--
Best regards,
alienoid mailto:[EMAIL PROTECTED]
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
