Dear feiends,
There are some bugs in the program.
something is wrong with (pairdelete in valuepair.c).
please check it.
best regards
myw
-----ԭʼ�ʼ�-----
������: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]����
[EMAIL PROTECTED]
����ʱ��: 2003��1��10�� 3:42
�ռ���: [EMAIL PROTECTED]
����: Freeradius-Users digest, Vol 1 #1408 - 11 msgs
Send Freeradius-Users mailing list submissions to
[EMAIL PROTECTED]
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.cistron.nl/mailman/listinfo/freeradius-users
or, via email, send a message with subject or body 'help' to
[EMAIL PROTECTED]
You can reach the person managing the list at
[EMAIL PROTECTED]
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Freeradius-Users digest..."
Today's Topics:
1. Re: PAP & CHAP (3APA3A)
2. Error compiling the krb5 Module (Stefan Immel)
3. Re: Error compiling the krb5 Module (Guillermo Schimmel)
4. Postgres Error - DEBUG: pq_recvbuf: unexpected EOF on client connection
(Guillermo Schimmel)
5. Allowed Session (Duane Barnes)
6. FR0.8.1 segfaulting in pgGetc from rad_accounting (=?ISO-8859-1?Q?Mois=E9s?=
David =?ISO-8859-1?Q?Rinc=F3n?= D'Hoyos)
7. Re: Need help with fail-over config (Alan DeKok)
8. Re: PAP & CHAP (Alan DeKok)
9. Cisco Attributes (Olney, Matthew)
10. authenticate on Nortel Baystack 450 (Markus Sleziona)
11. ip pool and netmasks with cicso as5400 ([EMAIL PROTECTED])
--__--__--
Message: 1
Date: Thu, 9 Jan 2003 11:55:31 +0300
From: 3APA3A <[EMAIL PROTECTED]>
Organization: http://www.security.nnov.ru
To: "Chris Knipe" <[EMAIL PROTECTED]>
CC: [EMAIL PROTECTED]
Subject: Re: PAP & CHAP
Reply-To: [EMAIL PROTECTED]
Dear Chris Knipe,
Set Auth-Type to PAP, add chap module to authorize section and make sure
you have
chap {
authtype = CHAP
}
in module configuration. In this case default authentication will be
PAP, but if CHAP-Password attribute will be found in request Auth-Type
will be changed to CHAP during authorization. This behavior is explained
in doc/rlm_mschap for MS-CHAP authentication which is very similar to
CHAP.
--Thursday, January 9, 2003, 6:47:32 AM, you wrote to
[EMAIL PROTECTED]:
CK> Lo everyone,
CK> I think I have a little bit of a problem (or maybe not)...
CK> I want to use PAP and CHAP authentication... Basically, a user should be
CK> able to authenticate using PAP or CHAP... I've created a group attribute
CK> request (Auth-Type := PAP as well as Auth-Type := CHAP). However,
CK> Freeradius only takes the first one it gets from the database (PAP), and
CK> disregards the CHAP.
CK> I know this is stupid, but I am presuming that Auth-Type is sent from the
CK> NAS to the Radius server in any case? How can do I get freeradius to accept
CK> both password types? My PAP is stored cleartext to make it compatible with
CK> CHAP, and when I manually remove PAP for CHAP I can authenticate using both
CK> types... Right now though, I don't really see a way how I can use both at
CK> the same time on the same accounts?
CK> --
CK> me
CK> -
CK> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
~/ZARAZA
����?� �� ������ ��? �� ��������?������������. ����������?��?�. (����)
--__--__--
Message: 2
Subject: Error compiling the krb5 Module
Date: Thu, 9 Jan 2003 10:06:20 +0100
From: "Stefan Immel" <[EMAIL PROTECTED]>
To: "Freeradius-Users (E-Mail)" <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Hi all
I got an error compiling freeradius, there seems to be something wrong =
with the krb5 module.
I tried both the 0.8.1. stable version and the current CVS snapshot =
(20030108).
My platform is SuSE Linux 8.0.
Is there any way to disable the krb5 module ? I tried using =
--disable-krb5 and --without-krb5 both but that doesn't seem to work.
I'm not good enought in C to fix those errors.
Can anybody help me there ?
In file included from /usr/include/heimdal/krb5.h:670,
from rlm_krb5.c:39:
/usr/include/heimdal/krb5-protos.h:116: warning: declaration of `close' =
shadows global declaration
/usr/include/heimdal/krb5-protos.h:1115: warning: declaration of `index' =
shadows global declaration
/usr/include/heimdal/krb5-protos.h:1337: warning: declaration of =
`version' shadows global declaration
/usr/include/heimdal/krb5-protos.h:1852: warning: declaration of `ctime' =
shadows global declaration
/usr/include/heimdal/krb5-protos.h:2359: warning: declaration of =
`version' shadows global declaration
rlm_krb5.c: In function `verify_krb5_tgt':
rlm_krb5.c:60: warning: implicit declaration of function =
`krb5_princ_component'
rlm_krb5.c:60: `c' undeclared (first use in this function)
rlm_krb5.c:60: (Each undeclared identifier is reported only once
rlm_krb5.c:60: for each function it appears in.)
rlm_krb5.c:60: invalid type argument of `->'
rlm_krb5.c:60: invalid type argument of `->'
rlm_krb5.c:60: invalid type argument of `->'
rlm_krb5.c:60: invalid type argument of `->'
rlm_krb5.c:60: invalid type argument of `->'
rlm_krb5.c:113: warning: implicit declaration of function =
`krb5_free_data_contents'
rlm_krb5.c: In function `krb5_auth':
rlm_krb5.c:150: warning: initialization makes pointer from integer =
without a cast
rlm_krb5.c:152: warning: excess elements in struct initializer
rlm_krb5.c:152: warning: (near initialization for `tgtname')
rlm_krb5.c:221: request for member `length' in something not a structure =
or union
rlm_krb5.c:222: request for member `data' in something not a structure =
or union
rlm_krb5.c:225: request for member `length' in something not a structure =
or union
rlm_krb5.c:226: request for member `data' in something not a structure =
or union
gmake[6]: *** [rlm_krb5.o] Error 1
--------------------------------------------------
Stefan Immel
|N|O|C Network Operation Center
-+-+-+-------
| Grove
Auf der Stuecke 6 Tel. +49 2773-8167-0
35708 Haiger / Germany Fax +49 2773-8167-20
--------------------------------------------------
mailto:[EMAIL PROTECTED] http://www.grove.de
"There is always hope, only because it is the one
thing nobody's figured out how to kill yet."
~ Galen, Crusade "Racing The Night"
--------------------------------------------------
http://www.nocr2.de -> NOC R2
die L=F6sung f=FCr den IT-Workflow
--------------------------------------------------
--__--__--
Message: 3
Date: Thu, 09 Jan 2003 09:18:00 -0300
From: Guillermo Schimmel <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Re: Error compiling the krb5 Module
Reply-To: [EMAIL PROTECTED]
I have the same error. Since I don't use krb, what I have done is
delete the src/modules/rlm_krb directory. That worked fine for me.
Regards
Stefan Immel wrote:
>Hi all
>
>I got an error compiling freeradius, there seems to be something wrong with the krb5
>module.
>
>I tried both the 0.8.1. stable version and the current CVS snapshot (20030108).
>
>My platform is SuSE Linux 8.0.
>
>Is there any way to disable the krb5 module ? I tried using --disable-krb5 and
>--without-krb5 both but that doesn't seem to work.
>
>I'm not good enought in C to fix those errors.
>
>
>Can anybody help me there ?
>
>
>
>In file included from /usr/include/heimdal/krb5.h:670,
> from rlm_krb5.c:39:
>/usr/include/heimdal/krb5-protos.h:116: warning: declaration of `close' shadows
>global declaration
>/usr/include/heimdal/krb5-protos.h:1115: warning: declaration of `index' shadows
>global declaration
>/usr/include/heimdal/krb5-protos.h:1337: warning: declaration of `version' shadows
>global declaration
>/usr/include/heimdal/krb5-protos.h:1852: warning: declaration of `ctime' shadows
>global declaration
>/usr/include/heimdal/krb5-protos.h:2359: warning: declaration of `version' shadows
>global declaration
>rlm_krb5.c: In function `verify_krb5_tgt':
>rlm_krb5.c:60: warning: implicit declaration of function `krb5_princ_component'
>rlm_krb5.c:60: `c' undeclared (first use in this function)
>rlm_krb5.c:60: (Each undeclared identifier is reported only once
>rlm_krb5.c:60: for each function it appears in.)
>rlm_krb5.c:60: invalid type argument of `->'
>rlm_krb5.c:60: invalid type argument of `->'
>rlm_krb5.c:60: invalid type argument of `->'
>rlm_krb5.c:60: invalid type argument of `->'
>rlm_krb5.c:60: invalid type argument of `->'
>rlm_krb5.c:113: warning: implicit declaration of function `krb5_free_data_contents'
>rlm_krb5.c: In function `krb5_auth':
>rlm_krb5.c:150: warning: initialization makes pointer from integer without a cast
>rlm_krb5.c:152: warning: excess elements in struct initializer
>rlm_krb5.c:152: warning: (near initialization for `tgtname')
>rlm_krb5.c:221: request for member `length' in something not a structure or union
>rlm_krb5.c:222: request for member `data' in something not a structure or union
>rlm_krb5.c:225: request for member `length' in something not a structure or union
>rlm_krb5.c:226: request for member `data' in something not a structure or union
>gmake[6]: *** [rlm_krb5.o] Error 1
>
>
>
>
>--------------------------------------------------
>Stefan Immel
> |N|O|C Network Operation Center
>-+-+-+-------
> | Grove
>Auf der Stuecke 6 Tel. +49 2773-8167-0
>35708 Haiger / Germany Fax +49 2773-8167-20
>--------------------------------------------------
>mailto:[EMAIL PROTECTED] http://www.grove.de
>"There is always hope, only because it is the one
> thing nobody's figured out how to kill yet."
> ~ Galen, Crusade "Racing The Night"
>--------------------------------------------------
> http://www.nocr2.de -> NOC R2
> die L�sung f�r den IT-Workflow
>--------------------------------------------------
>
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>
>
>
--__--__--
Message: 4
Date: Thu, 09 Jan 2003 11:39:23 -0300
From: Guillermo Schimmel <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Postgres Error - DEBUG: pq_recvbuf: unexpected EOF on client connection
Reply-To: [EMAIL PROTECTED]
Hi list:
I've been using freeradius for a long time, and allways had this error
on the PostgreSQL logs.
I used to think that it was a configuration problem with my
installation of postgres, but now I think that I have it properly
configurated, and pretty optimized.
I have several applications using the same db backend, and freeradius
is the only one that generates this messages.
Today, I have installed the last CVS, which I note that have some
changes in the SQL code, but it still does this.
Don't know if it is related to this, but I keep losing some account
records. (aprox 10%)
The version of Psql is 7.2.
Anybody has any idea?
Thanks in advance
Guillermo
--__--__--
Message: 5
From: "Duane Barnes" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Subject: Allowed Session
Date: Thu, 9 Jan 2003 09:55:49 -0500
Reply-To: [EMAIL PROTECTED]
Hello,
I am using the newest version of Free Radius, and I have a question about
the dialup_admin interface. There is a section stating: Allowed Session
user can login for 39 minutes, 23 seconds . How do I make this unlimited?
--__--__--
Message: 6
Subject: FR0.8.1 segfaulting in pgGetc from rad_accounting
From:
"=?ISO-8859-1?Q?Mois=E9s?= David =?ISO-8859-1?Q?Rinc=F3n?= D'Hoyos"
<[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Date: 09 Jan 2003 11:27:00 -0500
Reply-To: [EMAIL PROTECTED]
Hi,
I'm making some tests with FR0.8.1 looking forward to upgrade from
0.7.2. The box is a RH7.3 with all the updates, the backend is postgres
7.2.1. The configuration, it's all the same used with the previous
version, just added a couple of lines present in the new radiusd.conf.
The problem I'm having is FR segfaults a few hours after starting. This
seems to be not a FR but a postgres issue as can be seen from the core
dumped:
(gdb) bt
#0 0x400c2723 in pqGetc () from /usr/lib/libpq.so.2
#1 0x400c0de5 in parseInput () from /usr/lib/libpq.so.2
#2 0x400c138a in PQgetResult () from /usr/lib/libpq.so.2
#3 0x400c148e in PQexec () from /usr/lib/libpq.so.2
#4 0x4009ff79 in sql_query (sqlsocket=0x80bbb10, config=0x80bdf98,
querystr=0x410fe8dc "UPDATE radacct SET AcctStopTime = '2002-12-31
10:35:09', AcctSessionTime = 618, AcctInputOctets = 279062,
AcctOutputOctets = 2323442, AcctTerminateCause = '', AcctStopDelay = 8,
FramedIPAddress = '200"...) at sql_postgresql.c:203
#5 0x400afaba in rlm_sql_query (sqlsocket=0x80bbb10, inst=0x80bdb80,
query=0x410fe8dc "UPDATE radacct SET AcctStopTime = '2002-12-31
10:35:09', AcctSessionTime =
618, AcctInputOctets = 279062, AcctOutputOctets = 2323442,
AcctTerminateCause = '', AcctStopDelay = 8, FramedIPAddress = '200"...)
at sql.c:380
#6 0x400aed0b in rlm_sql_accounting (instance=0x80bdb80,
request=0x40d49450) at rlm_sql.c:745
#7 0x08054981 in module_post_auth ()
#8 0x08054aca in modcall ()
#9 0x080549cb in module_post_auth ()
#10 0x08054a91 in modcall ()
#11 0x0805466a in module_accounting ()
#12 0x0804f736 in rad_accounting ()
#13 0x0804d2fa in rad_respond ()
#14 0x0805635c in radius_xlat ()
#15 0x40073faf in pthread_start_thread () from /lib/i686/libpthread.so.0
Before it segfaults everything works fine, the only problem is a lot of:
Error: rlm_sql (sql): failed after re-connect
in the log.
With FR0.7.1 this never happened. Anyone have any ideas of what can be
causing it? How can it be solved? Maybe a way to get over it?
--__--__--
Message: 7
From: "Alan DeKok" <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Re: Need help with fail-over config
Date: Thu, 09 Jan 2003 11:42:52 -0500
Reply-To: [EMAIL PROTECTED]
"chris" <[EMAIL PROTECTED]> wrote:
> I've read doc/configurable_failover and gone through a ton of messages in
> the archives. Right when I think I understand it, I see another message
> that conflicts with it. Seems that alot has changed over the versions.
Nothing has changed in the configurable failover code for nearly a
year and a half. However, the SQL modules weren't able to take
advantage of it until 0.8.
> I have FR working with MySQL but want to add fail-over. Could some kind
> person post a FULL example of their config?
The examples in the documentation SHOULD work.
My suggestion is to try using configurable fail-over with ANOTHER
module (e.g. the 'always' module), for testing. Once you've got it
failing over, then switch to using the SQL module. If that stops
working, then there's a problem with SQL, not with configurable
fail-over.
Alan DeKok.
--__--__--
Message: 8
From: "Alan DeKok" <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Re: PAP & CHAP
Date: Thu, 09 Jan 2003 11:46:07 -0500
Reply-To: [EMAIL PROTECTED]
"Chris Knipe" <[EMAIL PROTECTED]> wrote:
> I want to use PAP and CHAP authentication... Basically, a user should be
> able to authenticate using PAP or CHAP...
The server does this by default. Read the FAQ, and do the tests it
says for 'bob'. Then use 'radclient' to send a similar request, with
Chap-Password = "bob". Both should work.
> I've created a group attribute
> request (Auth-Type := PAP as well as Auth-Type := CHAP). However,
> Freeradius only takes the first one it gets from the database (PAP), and
> disregards the CHAP.
Yes, you've changed the default config to pick only one.
> I know this is stupid, but I am presuming that Auth-Type is sent from the
> NAS to the Radius server in any case?
No. The server decides what to do.
> How can do I get freeradius to accept both password types?
Don't do anything to the default config, except add a test user as
in the FAQ. Send a request with a CHAP-Password, and it will work.
Alan DeKok.
--__--__--
Message: 9
From: "Olney, Matthew" <[EMAIL PROTECTED]>
To: "'[EMAIL PROTECTED]'"
<[EMAIL PROTECTED]>
Subject: Cisco Attributes
Date: Thu, 9 Jan 2003 12:24:39 -0500
Reply-To: [EMAIL PROTECTED]
I am trying to move from Cisco's ACS to FreeRadius. I've successfully
managed to, (with Alan's generous help), set up the FreeRadius server to
authenticate against the UNIX user accounts, accept USER.en as an enabled
user and log accounting information.
However I want to set up some accounts to allow only some commands. I have
the following in the hints file:
Cisco-AVPair += "shell:priv-lvl=15"
I would think the default command would be something like:
Cisco-AVPair += "shell:default-cmd=yes"
But when I enable authorization on the switch it locks me out, and I have to
reboot.
Cisco doesn't seem to want you to figure out how to do this, and their
documentation is somewhat... less than what one would hope.
QUESTION: Does anyone know the Cisco-AVPair setup to instruct the NAS
device to allow certain users (NOC personnel) to be able to only use the
show commands, for instance?
Thanks,
Matt
--__--__--
Message: 10
From: Markus Sleziona <[EMAIL PROTECTED]>
Date: Thu, 09 Jan 2003 17:54:29 GMT
Subject: authenticate on Nortel Baystack 450
To: [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
Hello,
i'm looking for radius configuration working with a Nortel BayStack 450.=
=20
Could't work?
Did anybody tried with Cistron Radius 1.6.x ?? Who can help me ?
Thanks a lot !!
--=20
Markus Sleziona, E-Mail: [EMAIL PROTECTED]
Bezirksamt Charlottenburg-Wilmersdorf von Berlin, Otto-Suhr-Alle 100,=20
10585 Berlin
Tel.: +4930902912373, Fax: +4930902912012
--__--__--
Message: 11
Subject: ip pool and netmasks with cicso as5400
To: [EMAIL PROTECTED]
From: [EMAIL PROTECTED]
Date: Thu, 9 Jan 2003 13:41:37 -0600
Reply-To: [EMAIL PROTECTED]
I have a cisco as5400 with an ip pool setup for dynamic ip address
assignment. For ip address assignment I use a script on the radius server
to lookup the ip in a file, if there isn't one it assigns 255.255.255.254.
Here are the default entries in the users file and the quick and very dirty
perl script...
DEFAULT Auth-Type := System
Fall-Through = 1
DEFAULT Service-Type == Framed-User
Framed-IP-Netmask = 255.255.252.0,
Framed-MTU = 1500,
Service-Type = Framed-User,
Exec-Program-Wait = "/usr/local/etc/raddb/getip.pl %u",
Fall-Through = Yes
DEFAULT Framed-Protocol == PPP
Framed-Protocol = PPP,
Framed-Compression = Van-Jacobson-TCP-IP
====================================================
#!/usr/bin/perl
$user = $ARGV[0];
chop($pass = `grep -w ^$user /path/to/somefile`);
($userid, $f2, $pwd, $ip) = split(' ', $pass);
$ip = "255.255.255.254" unless $ip;
print "Framed-IP-Address = $ip,\n";
exit 0;
===================================================
The correct ip address is being assigned to the client but the netmask is
not. The addresses are a subnet of a class B and the mask that gets
assigned is always 255.255.0.0 instead of the 255.255.252.0 even thought
the radius server is sending the correct mask to the as5400. Here is the
radius and ppp debugging output on the cisco:
*Jan 30 00:16:16.671: RADIUS/ENCODE(00000075): ask "Username: "
*Jan 30 00:16:16.671: RADIUS/ENCODE(00000075): send packet; GET_USER
*Jan 30 00:16:16.791: As1/78 PPP: Treating connection as a callin
*Jan 30 00:16:16.791: As1/78 PPP: Phase is ESTABLISHING, Passive Open
*Jan 30 00:16:16.791: As1/78 LCP: State is Listen
*Jan 30 00:16:16.799: As1/78 LCP: I CONFREQ [Listen] id 1 len 23
*Jan 30 00:16:16.799: As1/78 LCP: ACCM 0x000A0000 (0x0206000A0000)
*Jan 30 00:16:16.799: As1/78 LCP: MagicNumber 0x1EA24B6F
(0x05061EA24B6F)
*Jan 30 00:16:16.799: As1/78 LCP: PFC (0x0702)
*Jan 30 00:16:16.799: As1/78 LCP: ACFC (0x0802)
*Jan 30 00:16:16.799: As1/78 LCP: Callback 6 (0x0D0306)
*Jan 30 00:16:16.799: As1/78 LCP: O CONFREQ [Listen] id 1 len 24
*Jan 30 00:16:16.799: As1/78 LCP: ACCM 0x000A0000 (0x0206000A0000)
*Jan 30 00:16:16.799: As1/78 LCP: AuthProto PAP (0x0304C023)
*Jan 30 00:16:16.799: As1/78 LCP: MagicNumber 0x9FF19824
(0x05069FF19824)
*Jan 30 00:16:16.799: As1/78 LCP: PFC (0x0702)
*Jan 30 00:16:16.799: As1/78 LCP: ACFC (0x0802)
*Jan 30 00:16:16.799: As1/78 LCP: O CONFREJ [Listen] id 1 len 7
*Jan 30 00:16:16.799: As1/78 LCP: Callback 6 (0x0D0306)
*Jan 30 00:16:16.903: As1/78 LCP: I CONFREQ [REQsent] id 2 len 20
*Jan 30 00:16:16.903: As1/78 LCP: ACCM 0x000A0000 (0x0206000A0000)
*Jan 30 00:16:16.903: As1/78 LCP: MagicNumber 0x1EA24B6F
(0x05061EA24B6F)
*Jan 30 00:16:16.903: As1/78 LCP: PFC (0x0702)
*Jan 30 00:16:16.903: As1/78 LCP: ACFC (0x0802)
*Jan 30 00:16:16.903: As1/78 LCP: O CONFACK [REQsent] id 2 len 20
*Jan 30 00:16:16.903: As1/78 LCP: ACCM 0x000A0000 (0x0206000A0000)
*Jan 30 00:16:16.903: As1/78 LCP: MagicNumber 0x1EA24B6F
(0x05061EA24B6F)
*Jan 30 00:16:16.903: As1/78 LCP: PFC (0x0702)
*Jan 30 00:16:16.903: As1/78 LCP: ACFC (0x0802)
*Jan 30 00:16:18.795: As1/78 LCP: TIMEout: State ACKsent
*Jan 30 00:16:18.795: As1/78 LCP: O CONFREQ [ACKsent] id 2 len 24
*Jan 30 00:16:18.795: As1/78 LCP: ACCM 0x000A0000 (0x0206000A0000)
*Jan 30 00:16:18.795: As1/78 LCP: AuthProto PAP (0x0304C023)
*Jan 30 00:16:18.795: As1/78 LCP: MagicNumber 0x9FF19824
(0x05069FF19824)
*Jan 30 00:16:18.795: As1/78 LCP: PFC (0x0702)
*Jan 30 00:16:18.795: As1/78 LCP: ACFC (0x0802)
*Jan 30 00:16:18.883: As1/78 LCP: I CONFACK [ACKsent] id 2 len 24
*Jan 30 00:16:18.883: As1/78 LCP: ACCM 0x000A0000 (0x0206000A0000)
*Jan 30 00:16:18.883: As1/78 LCP: AuthProto PAP (0x0304C023)
*Jan 30 00:16:18.883: As1/78 LCP: MagicNumber 0x9FF19824
(0x05069FF19824)
*Jan 30 00:16:18.883: As1/78 LCP: PFC (0x0702)
*Jan 30 00:16:18.883: As1/78 LCP: ACFC (0x0802)
*Jan 30 00:16:18.883: As1/78 LCP: State is Open
*Jan 30 00:16:18.883: As1/78 PPP: Phase is AUTHENTICATING, by this end
*Jan 30 00:16:18.895: As1/78 PAP: I AUTH-REQ id 1 len 19 from "iptest"
*Jan 30 00:16:18.895: As1/78 PAP: Authenticating peer iptest
*Jan 30 00:16:18.895: As1/78 PPP: Phase is FORWARDING, Attempting Forward
*Jan 30 00:16:18.895: As1/78 PPP: Phase is AUTHENTICATING, Unauthenticated
User
*Jan 30 00:16:18.895: RADIUS/ENCODE: Attribute has no value set for AAA
attribute clid
*Jan 30 00:16:18.895: RADIUS: AAA Unsupported [91] 21
*Jan 30 00:16:18.895: RADIUS: 41 73 79 6E 63 31 2F 37 38 2A 53 65 72 69
61 6C [Async1/78*Serial]
*Jan 30 00:16:18.895: RADIUS: 37 2F 31
[7/1]
*Jan 30 00:16:18.895: RADIUS/ENCODE(00000075): Unsupported AAA attribute
parent-interface
*Jan 30 00:16:18.895: RADIUS/ENCODE(00000075): Unsupported AAA attribute
parent-interface-type
*Jan 30 00:16:18.895: RADIUS/ENCODE(00000075): acct_session_id: 163
*Jan 30 00:16:18.895: RADIUS(00000075): sending
*Jan 30 00:16:18.895: RADIUS: Send to unknown id 80 165.104.1.246:1812,
Access-Request, len 85
*Jan 30 00:16:18.895: RADIUS: authenticator 37 EB CA 75 2F B8 FE BE - 69
DB 71 01 B2 89 73 B9
*Jan 30 00:16:18.895: RADIUS: Framed-Protocol [7] 6 PPP
[1]
*Jan 30 00:16:18.899: RADIUS: User-Name [1] 8 "iptest"
*Jan 30 00:16:18.899: RADIUS: User-Password [2] 18 *
*Jan 30 00:16:18.899: RADIUS: Called-Station-Id [30] 9 "5555555"
*Jan 30 00:16:18.899: RADIUS: NAS-Port [5] 6 78
*Jan 30 00:16:18.899: RADIUS: NAS-Port-Type [61] 6 Async
[0]
*Jan 30 00:16:18.899: RADIUS: Service-Type [6] 6 Framed
[2]
*Jan 30 00:16:18.899: RADIUS: NAS-IP-Address [4] 6 165.104.1.247
*Jan 30 00:16:18.943: RADIUS: Received from id 80 165.104.1.246:1812,
Access-Accept, len 56
*Jan 30 00:16:18.943: RADIUS: authenticator 4F 4B C2 E1 F5 28 38 83 - 5B
5F 66 EB C8 70 D8 B0
*Jan 30 00:16:18.943: RADIUS: Framed-IP-Netmask [9] 6 255.255.252.0
*Jan 30 00:16:18.943: RADIUS: Framed-MTU [12] 6 1500
*Jan 30 00:16:18.943: RADIUS: Service-Type [6] 6 Framed
[2]
*Jan 30 00:16:18.943: RADIUS: Framed-Protocol [7] 6 PPP
[1]
*Jan 30 00:16:18.943: RADIUS: Framed-Compression [13] 6 VJ TCP/IP
Header Compressi[1]
*Jan 30 00:16:18.943: RADIUS: Framed-IP-Address [8] 6 165.104.79.199
*Jan 30 00:16:18.943: RADIUS: Received from id 75
*Jan 30 00:16:18.943: As1/78 PPP: Phase is FORWARDING, Attempting Forward
*Jan 30 00:16:18.943: As1/78 PPP: Phase is AUTHENTICATING, Authenticated
User
*Jan 30 00:16:18.943: As1/78 PAP: O AUTH-ACK id 1 len 5
*Jan 30 00:16:18.943: As1/78 PPP: Phase is UP
*Jan 30 00:16:18.943: As1/78 IPCP: O CONFREQ [Closed] id 1 len 16
*Jan 30 00:16:18.943: As1/78 IPCP: CompressType VJ 15 slots
(0x0206002D0F00)
*Jan 30 00:16:18.943: As1/78 IPCP: Address 165.104.76.1 (0x0306A5684C01)
*Jan 30 00:16:18.947: As1/78 IPCP: O CONFREQ [REQsent] id 2 len 16
*Jan 30 00:16:18.947: As1/78 IPCP: CompressType VJ 15 slots
(0x0206002D0F00)
*Jan 30 00:16:18.947: As1/78 IPCP: Address 165.104.76.1 (0x0306A5684C01)
*Jan 30 00:16:19.035: As1/78 IPCP: I CONFREQ [REQsent] id 1 len 40
*Jan 30 00:16:19.035: As1/78 IPCP: CompressType VJ 15 slots
CompressSlotID (0x0206002D0F01)
*Jan 30 00:16:19.035: As1/78 IPCP: Address 0.0.0.0 (0x030600000000)
*Jan 30 00:16:19.035: As1/78 IPCP: PrimaryDNS 0.0.0.0 (0x810600000000)
*Jan 30 00:16:19.035: As1/78 IPCP: PrimaryWINS 0.0.0.0 (0x820600000000)
*Jan 30 00:16:19.035: As1/78 IPCP: SecondaryDNS 0.0.0.0 (0x830600000000)
*Jan 30 00:16:19.035: As1/78 IPCP: SecondaryWINS 0.0.0.0
(0x840600000000)
*Jan 30 00:16:19.035: As1/78 AAA/AUTHOR/IPCP: Start. Her address 0.0.0.0,
we want 165.104.76.11
*Jan 30 00:16:19.035: As1/78 AAA/AUTHOR/IPCP: Done. Her address 0.0.0.0,
we want 165.104.79.199
*Jan 30 00:16:19.035: As1/78 IPCP: O CONFREJ [REQsent] id 1 len 16
*Jan 30 00:16:19.035: As1/78 IPCP: PrimaryWINS 0.0.0.0 (0x820600000000)
*Jan 30 00:16:19.035: As1/78 IPCP: SecondaryWINS 0.0.0.0
(0x840600000000)
*Jan 30 00:16:19.039: As1/78 CCP: I CONFREQ [Not negotiated] id 1 len 15
*Jan 30 00:16:19.043: As1/78 CCP: MS-PPC supported bits 0x00000001
(0x120600000001)
*Jan 30 00:16:19.043: As1/78 CCP: Stacker history 1 check mode EXTENDED
(0x1105000104)
*Jan 30 00:16:19.043: As1/78 LCP: O PROTREJ [Open] id 3 len 21 protocol CCP
*Jan 30 00:16:19.043: As1/78 LCP: (0x80FD0101000F12060000000111050001)
*Jan 30 00:16:19.043: As1/78 LCP: (0x04)
*Jan 30 00:16:19.051: As1/78 IPCP: I CONFACK [REQsent] id 1 len 16
*Jan 30 00:16:19.051: As1/78 IPCP: CompressType VJ 15 slots
(0x0206002D0F00)
*Jan 30 00:16:19.051: As1/78 IPCP: Address 165.104.76.1 (0x0306A5684C01)
*Jan 30 00:16:19.051: As1/78 IPCP: ID 1 didn't match 2, discarding packet
*Jan 30 00:16:19.051: As1/78 IPCP: I CONFACK [REQsent] id 2 len 16
*Jan 30 00:16:19.051: As1/78 IPCP: CompressType VJ 15 slots
(0x0206002D0F00)
*Jan 30 00:16:19.051: As1/78 IPCP: Address 165.104.76.1 (0x0306A5684C01)
*Jan 30 00:16:19.123: As1/78 IPCP: I CONFREQ [ACKrcvd] id 2 len 28
*Jan 30 00:16:19.123: As1/78 IPCP: CompressType VJ 15 slots
CompressSlotID (0x0206002D0F01)
*Jan 30 00:16:19.123: As1/78 IPCP: Address 0.0.0.0 (0x030600000000)
*Jan 30 00:16:19.127: As1/78 IPCP: PrimaryDNS 0.0.0.0 (0x810600000000)
*Jan 30 00:16:19.127: As1/78 IPCP: SecondaryDNS 0.0.0.0 (0x830600000000)
*Jan 30 00:16:19.127: As1/78 IPCP: O CONFNAK [ACKrcvd] id 2 len 22
*Jan 30 00:16:19.127: As1/78 IPCP: Address 165.104.79.199
(0x0306A5684FC7)
*Jan 30 00:16:19.127: As1/78 IPCP: PrimaryDNS 165.104.1.246
(0x8106A56801F6)
*Jan 30 00:16:19.127: As1/78 IPCP: SecondaryDNS 165.104.1.24
(0x8306A5680118)
*Jan 30 00:16:19.215: As1/78 IPCP: I CONFREQ [ACKrcvd] id 3 len 28
*Jan 30 00:16:19.215: As1/78 IPCP: CompressType VJ 15 slots
CompressSlotID (0x0206002D0F01)
*Jan 30 00:16:19.215: As1/78 IPCP: Address 165.104.79.199
(0x0306A5684FC7)
*Jan 30 00:16:19.215: As1/78 IPCP: PrimaryDNS 165.104.1.246
(0x8106A56801F6)
*Jan 30 00:16:19.215: As1/78 IPCP: SecondaryDNS 165.104.1.24
(0x8306A5680118)
*Jan 30 00:16:19.215: As1/78 IPCP: O CONFACK [ACKrcvd] id 3 len 28
*Jan 30 00:16:19.215: As1/78 IPCP: CompressType VJ 15 slots
CompressSlotID (0x0206002D0F01)
*Jan 30 00:16:19.215: As1/78 IPCP: Address 165.104.79.199
(0x0306A5684FC7)
*Jan 30 00:16:19.215: As1/78 IPCP: PrimaryDNS 165.104.1.246
(0x8106A56801F6)
*Jan 30 00:16:19.215: As1/78 IPCP: SecondaryDNS 165.104.1.24
(0x8306A5680118)
*Jan 30 00:16:19.215: As1/78 IPCP: State is Open
*Jan 30 00:16:19.219: As1/78 IPCP: Install route to 165.104.79.199
*Jan 30 00:16:19.219: As1/78 IPCP: Add link info for cef entry
165.104.79.199
*Jan 30 00:16:19.219: RADIUS/ENCODE(00000075): Unsupported AAA attribute
timezone
*Jan 30 00:16:19.219: RADIUS/ENCODE: Attribute has no value set for AAA
attribute clid
*Jan 30 00:16:19.219: RADIUS/ENCODE(00000075): Unsupported AAA attribute
parent-interface
*Jan 30 00:16:19.219: RADIUS/ENCODE(00000075): Unsupported AAA attribute
parent-interface-type
*Jan 30 00:16:19.219: RADIUS(00000075): sending
*Jan 30 00:16:19.223: RADIUS: Send to unknown id 116 165.104.1.246:1813,
Accounting-Request, len 130
*Jan 30 00:16:19.223: RADIUS: authenticator 6F 2D 56 D2 20 7C 3D 89 - 81
FF 90 78 D3 08 7A 3B
*Jan 30 00:16:19.223: RADIUS: Acct-Session-Id [44] 10 "000000A3"
*Jan 30 00:16:19.223: RADIUS: Framed-Protocol [7] 6 PPP
[1]
*Jan 30 00:16:19.223: RADIUS: Framed-IP-Address [8] 6 165.104.79.199
*Jan 30 00:16:19.223: RADIUS: Connect-Info [77] 29 "49333/26400
V90/V42bis/LAPM"
*Jan 30 00:16:19.223: RADIUS: Authentic [45] 6 RADIUS
[1]
*Jan 30 00:16:19.223: RADIUS: User-Name [1] 8 "iptest"
*Jan 30 00:16:19.223: RADIUS: Acct-Status-Type [40] 6 Start
[1]
*Jan 30 00:16:19.223: RADIUS: Called-Station-Id [30] 9 "5555555"
*Jan 30 00:16:19.223: RADIUS: NAS-Port [5] 6 78
*Jan 30 00:16:19.223: RADIUS: NAS-Port-Type [61] 6 Async
[0]
*Jan 30 00:16:19.223: RADIUS: Service-Type [6] 6 Framed
[2]
*Jan 30 00:16:19.223: RADIUS: NAS-IP-Address [4] 6 165.104.1.247
*Jan 30 00:16:19.223: RADIUS: Acct-Delay-Time [41] 6 0
*Jan 30 00:16:19.227: RADIUS: Received from id 116 165.104.1.246:1813,
Accounting-response, len 20
*Jan 30 00:16:19.231: RADIUS: authenticator F4 00 1D 54 F0 C8 FC 9D - 48
C4 1F B7 D9 37 64 CD
Even with the incorrect mask the client works just fine and I see that the
netmask doesn't even seem to be negotiated by the peers which I guess makes
sense since this is a ppp connection and the mask is somewhat irrelevant.
But can somebody tell me why the client doesn't get the correct mask?
In addition, is there anything wrong about the way I am doing the ip
address assignment? That is, should I be doing the ip pooling for dynamic
addressing on the radius box instead of the as5400? Does it make a
difference? It seems to work regardless. TIA...
--
Scott Knight, Network Analyst - SSM Health Care, Information Center
email: [EMAIL PROTECTED] + phone: 314.644.7344 + fax: 314.647.1037
"Dad, when you come home with only shattered pieces of your dreams, your
little one can mend them like new with two magic words - 'Hi Dad!'"
- Alan Beck in "Fathers and Sons" -
--__--__--
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
End of Freeradius-Users Digest
���b��?���r��{�����r��y'���i��0���z����(�����ǫ��f�������������������������������������
