Hello all, Apologies if this is a long post ;-) We are a small ISP based in the UK. We are migrating our users method of authentication from our old DEC Alpha servers running TRU64 unix 4.0G and a very old flavour of ascend specific radius version 1.16.
We have installed version 0.9.4 of freeradius on two red hat 9.0 linux boxes. We have switched our ascends to use the new radius server (the second is a failover) and it works perfectly. The problem is with our ADSL users. When our telco switches over authentication on the home gateway to the new servers we see an authentication attempt in the freeradius logs and it says authentication is OK but we are not seeing any accounting records being created. I will enclose the logs below if someone would kindly take a look at them and point out any errors it would be very much appreciated. The primary radius server has 2 interfaces, what we noticed in the log supplied to us by our telco was the ADSL home gateway was sending a request to eth0 interface and was receiving a reply from eth1 interface thus discounting the authentication. We have thoroughly tested, this morning, downing the current 'live' radius server, and reassigning the address to the secondary server as that machine only has one interface but we are still seeing exactly the same problem. Logs enclosed and thank you in advance for any help you may be able to give. ----------Start of current ADSL authentication which works-------------- MANNET_HG# 27w0d: RADIUS(00002E43): Using existing nas_port 642 27w0d: RADIUS(00002E43): Config NAS IP: 195.10.119.149 27w0d: RADIUS(00002E43): sending 27w0d: RADIUS(00002E43): Send Accounting-Request to 195.10.105.3:1646 id 21711/7 8, len 228 27w0d: RADIUS: authenticator 76 B9 4F 39 DC 36 50 62 - 93 F1 C2 40 E1 3E D7 9D 27w0d: RADIUS: Acct-Session-Id [44] 10 "000036EA" 27w0d: RADIUS: Tunnel-Server-Endpoi[67] 15 "195.10.119.68" 27w0d: RADIUS: Tunnel-Client-Endpoi[66] 15 "195.10.119.66" 27w0d: RADIUS: Tunnel-Assignment-Id[82] 3 "2" 27w0d: RADIUS: Tunnel-Type [64] 6 00:L2TP [3] 27w0d: RADIUS: Acct-Tunnel-Connecti[68] 12 "2386162581" 27w0d: RADIUS: Tunnel-Client-Auth-I[90] 21 "MANNET-fixed-tunnel" 27w0d: RADIUS: Tunnel-Server-Auth-I[91] 11 "MANNET_HG" 27w0d: RADIUS: Framed-Protocol [7] 6 PPP [1] 27w0d: RADIUS: Framed-IP-Address [8] 6 195.10.114.25 27w0d: RADIUS: Acct-Authentic [45] 6 RADIUS [1] 27w0d: RADIUS: Acct-Session-Time [46] 6 53 27w0d: RADIUS: Acct-Input-Octets [42] 6 1258 27w0d: RADIUS: Acct-Output-Octets [43] 6 1194 27w0d: RADIUS: Acct-Input-Packets [47] 6 18 27w0d: RADIUS: Acct-Output-Packets [48] 6 19 27w0d: RADIUS: Acct-Terminate-Cause[49] 6 lost-carrier [2] 27w0d: RADIUS: User-Name [1] 25 "[EMAIL PROTECTED]" 27w0d: RADIUS: Acct-Status-Type [40] 6 Stop [2] 27w0d: RADIUS: NAS-Port-Type [61] 6 Virtual [5] 27w0d: RADIUS: NAS-Port [5] 6 642 27w0d: RADIUS: Service-Type [6] 6 Framed [2] 27w0d: RADIUS: NAS-IP-Address [4] 6 195.10.119.149 27w0d: RADIUS: Acct-Delay-Time [41] 6 0 *Sep 6 19:02:39: %LINK-3-UPDOWN: Interface Virtual-Access25, changed state to d own 27w0d: RADIUS: Received from id 21711/78 195.10.105.3:1646, Accounting- response, len 20 27w0d: RADIUS: authenticator E7 D2 EF AF 81 14 33 C1 - D9 3E B1 85 D1 AE 0E E4 *Sep 6 19:02:40: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access 25, changed state to down 27w0d: RADIUS: AAA Unsupported [152] 15 27w0d: RADIUS: 55 6E 69 71 2D 53 65 73 73 2D 49 44 36 [Uniq- Sess-ID6 ] 27w0d: RADIUS(00002E44): Storing nasport 643 in rad_db 27w0d: RADIUS(00002E44): Config NAS IP: 195.10.119.149 27w0d: RADIUS/ENCODE(00002E44): acct_session_id: 14060 27w0d: RADIUS(00002E44): sending 27w0d: RADIUS(00002E44): Send Access-Request to 195.10.105.3:1645 id 21711/79, l en 94 27w0d: RADIUS: authenticator B0 4B 31 6B B2 3E 73 FA - CC 73 1D 05 81 69 2F E7 27w0d: RADIUS: Framed-Protocol [7] 6 PPP [1] 27w0d: RADIUS: User-Name [1] 25 "[EMAIL PROTECTED]" 27w0d: RADIUS: CHAP-Password [3] 19 * 27w0d: RADIUS: NAS-Port-Type [61] 6 Virtual [5] 27w0d: RADIUS: NAS-Port [5] 6 643 27w0d: RADIUS: Service-Type [6] 6 Framed [2] 27w0d: RADIUS: NAS-IP-Address [4] 6 195.10.119.149 27w0d: RADIUS: Received from id 21711/79 195.10.105.3:1645, Access- Accept, len 5 0 27w0d: RADIUS: authenticator 96 B4 32 2F 05 94 63 FA - 38 38 7A F4 26 DF 0A D9 27w0d: RADIUS: Service-Type [6] 6 Framed [2] 27w0d: RADIUS: Framed-IP-Address [8] 6 195.10.114.25 27w0d: RADIUS: NAS-IP-Address [4] 6 195.10.119.149 27w0d: RADIUS: NAS-Port-Type [61] 6 Virtual [5] 27w0d: RADIUS: Framed-Protocol [7] 6 PPP [1] 27w0d: RADIUS(00002E44): Received from id 21711/79 *Sep 6 19:02:40: %FIB-4-FIBIDB: Missing cef idb for Virtual-Access28 during add ress change *Sep 6 19:02:40: %LINK-3-UPDOWN: Interface Virtual-Access28, changed state to u p 27w0d: RADIUS(00002E44): Using existing nas_port 643 27w0d: RADIUS(00002E44): Config NAS IP: 195.10.119.149 27w0d: RADIUS(00002E44): sending 27w0d: RADIUS(00002E44): Send Accounting-Request to 195.10.105.3:1646 id 21711/8 0, len 186 27w0d: RADIUS: authenticator F7 1B 51 F0 C2 82 E0 9B - E5 DD 6D FD A0 C0 37 30 27w0d: RADIUS: Acct-Session-Id [44] 10 "000036EC" 27w0d: RADIUS: Tunnel-Server-Endpoi[67] 15 "195.10.119.68" 27w0d: RADIUS: Tunnel-Client-Endpoi[66] 15 "195.10.119.66" 27w0d: RADIUS: Tunnel-Assignment-Id[82] 3 "2" 27w0d: RADIUS: Tunnel-Type [64] 6 00:L2TP [3] 27w0d: RADIUS: Acct-Tunnel-Connecti[68] 12 "2386162582" 27w0d: RADIUS: Tunnel-Client-Auth-I[90] 21 "MANNET-fixed-tunnel" 27w0d: RADIUS: Tunnel-Server-Auth-I[91] 11 "MANNET_HG" 27w0d: RADIUS: Framed-Protocol [7] 6 PPP [1] 27w0d: RADIUS: Acct-Authentic [45] 6 RADIUS [1] 27w0d: RADIUS: User-Name [1] 25 "[EMAIL PROTECTED]" 27w0d: RADIUS: Acct-Status-Type [40] 6 Start [1] 27w0d: RADIUS: NAS-Port-Type [61] 6 Virtual [5] 27w0d: RADIUS: NAS-Port [5] 6 643 27w0d: RADIUS: Service-Type [6] 6 Framed [2] 27w0d: RADIUS: NAS-IP-Address [4] 6 195.10.119.149 27w0d: RADIUS: Acct-Delay-Time [41] 6 0 27w0d: RADIUS(00002E44): Using existing nas_port 643 27w0d: RADIUS(00002E44): Config NAS IP: 195.10.119.149 27w0d: RADIUS(00002E44): sending 27w0d: RADIUS: Received from id 21711/80 195.10.105.3:1646, Accounting- response, len 20 27w0d: RADIUS: authenticator A1 64 13 02 05 5B 63 15 - 34 5F 16 4A 0F F6 B7 D1 27w0d: RADIUS(00002E44): Send Accounting-Request to 195.10.105.3:1646 id 21711/8 1, len 222 27w0d: RADIUS: authenticator DC F2 2B D9 9D B8 12 53 - 05 1C F0 6A DA 40 1A 5E 27w0d: RADIUS: Acct-Session-Id [44] 10 "000036EC" 27w0d: RADIUS: Tunnel-Server-Endpoi[67] 15 "195.10.119.68" 27w0d: RADIUS: Tunnel-Client-Endpoi[66] 15 "195.10.119.66" 27w0d: RADIUS: Tunnel-Assignment-Id[82] 3 "2" 27w0d: RADIUS: Tunnel-Type [64] 6 00:L2TP [3] 27w0d: RADIUS: Acct-Tunnel-Connecti[68] 12 "2386162582" 27w0d: RADIUS: Tunnel-Client-Auth-I[90] 21 "MANNET-fixed-tunnel" 27w0d: RADIUS: Tunnel-Server-Auth-I[91] 11 "MANNET_HG" 27w0d: RADIUS: Framed-Protocol [7] 6 PPP [1] 27w0d: RADIUS: Framed-IP-Address [8] 6 195.10.114.25 27w0d: RADIUS: Acct-Session-Time [46] 6 0 27w0d: RADIUS: Acct-Input-Octets [42] 6 66 27w0d: RADIUS: Acct-Output-Octets [43] 6 74 27w0d: RADIUS: Acct-Input-Packets [47] 6 3 27w0d: RADIUS: Acct-Output-Packets [48] 6 4 27w0d: RADIUS: Acct-Authentic [45] 6 RADIUS [1] 27w0d: RADIUS: User-Name [1] 25 "[EMAIL PROTECTED]" 27w0d: RADIUS: Acct-Status-Type [40] 6 Watchdog [3] 27w0d: RADIUS: NAS-Port-Type [61] 6 Virtual [5] 27w0d: RADIUS: NAS-Port [5] 6 643 27w0d: RADIUS: Service-Type [6] 6 Framed [2] 27w0d: RADIUS: NAS-IP-Address [4] 6 195.10.119.149 27w0d: RADIUS: Acct-Delay-Time [41] 6 0 27w0d: RADIUS: Received from id 21711/81 195.10.105.3:1646, Accounting- response, len 20 27w0d: RADIUS: authenticator 79 A0 9F 70 4E 59 D3 69 - EC 51 84 08 0D 87 54 16 *Sep 6 19:02:41: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access 28, changed state to up 27w0d: RADIUS(00002E44): Using existing nas_port 643 27w0d: RADIUS(00002E44): Config NAS IP: 195.10.119.149 27w0d: RADIUS(00002E44): sending 27w0d: RADIUS(00002E44): Send Accounting-Request to 195.10.105.3:1646 id 21711/8 2, len 228 27w0d: RADIUS: authenticator CF BB 1D C1 5C 34 67 E6 - 2A D3 C8 F6 7F 25 BE BF 27w0d: RADIUS: Acct-Session-Id [44] 10 "000036EC" 27w0d: RADIUS: Tunnel-Server-Endpoi[67] 15 "195.10.119.68" 27w0d: RADIUS: Tunnel-Client-Endpoi[66] 15 "195.10.119.66" 27w0d: RADIUS: Tunnel-Assignment-Id[82] 3 "2" 27w0d: RADIUS: Tunnel-Type [64] 6 00:L2TP [3] 27w0d: RADIUS: Acct-Tunnel-Connecti[68] 12 "2386162582" 27w0d: RADIUS: Tunnel-Client-Auth-I[90] 21 "MANNET-fixed-tunnel" 27w0d: RADIUS: Tunnel-Server-Auth-I[91] 11 "MANNET_HG" 27w0d: RADIUS: Framed-Protocol [7] 6 PPP [1] 27w0d: RADIUS: Framed-IP-Address [8] 6 195.10.114.25 27w0d: RADIUS: Acct-Authentic [45] 6 RADIUS [1] 27w0d: RADIUS: Acct-Session-Time [46] 6 10 27w0d: RADIUS: Acct-Input-Octets [42] 6 100 27w0d: RADIUS: Acct-Output-Octets [43] 6 90 27w0d: RADIUS: Acct-Input-Packets [47] 6 6 27w0d: RADIUS: Acct-Output-Packets [48] 6 5 27w0d: RADIUS: Acct-Terminate-Cause[49] 6 user-request [1] 27w0d: RADIUS: User-Name [1] 25 "[EMAIL PROTECTED]" 27w0d: RADIUS: Acct-Status-Type [40] 6 Stop [2] 27w0d: RADIUS: NAS-Port-Type [61] 6 Virtual [5] 27w0d: RADIUS: NAS-Port [5] 6 643 27w0d: RADIUS: Service-Type [6] 6 Framed [2] 27w0d: RADIUS: NAS-IP-Address [4] 6 195.10.119.149 27w0d: RADIUS: Acct-Delay-Time [41] 6 0 27w0d: RADIUS: Received from id 21711/82 195.10.105.3:1646, Accounting- response, len 20 27w0d: RADIUS: authenticator 5B 6E B5 2E 16 0E 8F 2F - 8E D8 73 09 E6 2C EE BD *Sep 6 19:02:53: %LINK-3-UPDOWN: Interface Virtual-Access28, changed state to d own *Sep 6 19:02:54: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access 28, changed state to down 27w0d: RADIUS: AAA Unsupported [152] 15 27w0d: RADIUS: 55 6E 69 71 2D 53 65 73 73 2D 49 44 36 [Uniq- Sess-ID6 ] 27w0d: RADIUS(00002E45): Storing nasport 644 in rad_db 27w0d: RADIUS(00002E45): Config NAS IP: 195.10.119.149 27w0d: RADIUS/ENCODE(00002E45): acct_session_id: 14062 27w0d: RADIUS(00002E45): sending 27w0d: RADIUS(00002E45): Send Access-Request to 195.10.105.3:1645 id 21711/83, l en 94 27w0d: RADIUS: authenticator EB 3C 7A 6A C3 65 F2 B1 - CC 73 1D 05 AB 45 E5 AD 27w0d: RADIUS: Framed-Protocol [7] 6 PPP [1] 27w0d: RADIUS: User-Name [1] 25 "[EMAIL PROTECTED]" 27w0d: RADIUS: CHAP-Password [3] 19 * 27w0d: RADIUS: NAS-Port-Type [61] 6 Virtual [5] 27w0d: RADIUS: NAS-Port [5] 6 644 27w0d: RADIUS: Service-Type [6] 6 Framed [2] 27w0d: RADIUS: NAS-IP-Address [4] 6 195.10.119.149 27w0d: RADIUS: Received from id 21711/83 195.10.105.3:1645, Access- Accept, len 5 0 27w0d: RADIUS: authenticator 65 62 77 D2 33 11 A5 1F - DB C7 2D 80 68 95 52 37 27w0d: RADIUS: Service-Type [6] 6 Framed [2] 27w0d: RADIUS: Framed-IP-Address [8] 6 195.10.114.25 27w0d: RADIUS: NAS-IP-Address [4] 6 195.10.119.149 27w0d: RADIUS: NAS-Port-Type [61] 6 Virtual [5] 27w0d: RADIUS: Framed-Protocol [7] 6 PPP [1] 27w0d: RADIUS(00002E45): Received from id 21711/83 *Sep 6 19:02:54: %FIB-4-FIBIDB: Missing cef idb for Virtual-Access21 during add ress change *Sep 6 19:02:54: %LINK-3-UPDOWN: Interface Virtual-Access21, changed state to u p 27w0d: RADIUS(00002E45): Using existing nas_port 644 27w0d: RADIUS(00002E45): Config NAS IP: 195.10.119.149 27w0d: RADIUS(00002E45): sending 27w0d: RADIUS(00002E45): Send Accounting-Request to 195.10.105.3:1646 id 21711/8 4, len 186 27w0d: RADIUS: authenticator 9C F5 34 AC 29 3D 21 A0 - F5 97 EE 1A E8 1C 37 89 27w0d: RADIUS: Acct-Session-Id [44] 10 "000036EE" 27w0d: RADIUS: Tunnel-Server-Endpoi[67] 15 "195.10.119.68" 27w0d: RADIUS: Tunnel-Client-Endpoi[66] 15 "195.10.119.66" 27w0d: RADIUS: Tunnel-Assignment-Id[82] 3 "2" 27w0d: RADIUS: Tunnel-Type [64] 6 00:L2TP [3] 27w0d: RADIUS: Acct-Tunnel-Connecti[68] 12 "2386162583" 27w0d: RADIUS: Tunnel-Client-Auth-I[90] 21 "MANNET-fixed-tunnel" 27w0d: RADIUS: Tunnel-Server-Auth-I[91] 11 "MANNET_HG" 27w0d: RADIUS: Framed-Protocol [7] 6 PPP [1] 27w0d: RADIUS: Acct-Authentic [45] 6 RADIUS [1] 27w0d: RADIUS: User-Name [1] 25 "[EMAIL PROTECTED]" 27w0d: RADIUS: Acct-Status-Type [40] 6 Start [1] 27w0d: RADIUS: NAS-Port-Type [61] 6 Virtual [5] 27w0d: RADIUS: NAS-Port [5] 6 644 27w0d: RADIUS: Service-Type [6] 6 Framed [2] 27w0d: RADIUS: NAS-IP-Address [4] 6 195.10.119.149 27w0d: RADIUS: Acct-Delay-Time [41] 6 0 27w0d: RADIUS(00002E45): Using existing nas_port 644 27w0d: RADIUS(00002E45): Config NAS IP: 195.10.119.149 27w0d: RADIUS(00002E45): sending 27w0d: RADIUS(00002E45): Send Accounting-Request to 195.10.105.3:1646 id 21711/8 5, len 222 27w0d: RADIUS: authenticator AC 58 60 24 B7 D3 E6 0D - C8 94 45 43 3D D5 D6 CF 27w0d: RADIUS: Acct-Session-Id [44] 10 "000036EE" 27w0d: RADIUS: Tunnel-Server-Endpoi[67] 15 "195.10.119.68" 27w0d: RADIUS: Tunnel-Client-Endpoi[66] 15 "195.10.119.66" 27w0d: RADIUS: Tunnel-Assignment-Id[82] 3 "2" 27w0d: RADIUS: Tunnel-Type [64] 6 00:L2TP [3] 27w0d: RADIUS: Acct-Tunnel-Connecti[68] 12 "2386162583" 27w0d: RADIUS: Tunnel-Client-Auth-I[90] 21 "MANNET-fixed-tunnel" 27w0d: RADIUS: Tunnel-Server-Auth-I[91] 11 "MANNET_HG" 27w0d: RADIUS: Framed-Protocol [7] 6 PPP [1] 27w0d: RADIUS: Framed-IP-Address [8] 6 195.10.114.25 27w0d: RADIUS: Acct-Session-Time [46] 6 0 27w0d: RADIUS: Acct-Input-Octets [42] 6 66 27w0d: RADIUS: Acct-Output-Octets [43] 6 74 27w0d: RADIUS: Acct-Input-Packets [47] 6 3 27w0d: RADIUS: Acct-Output-Packets [48] 6 4 27w0d: RADIUS: Acct-Authentic [45] 6 RADIUS [1] 27w0d: RADIUS: User-Name [1] 25 "[EMAIL PROTECTED]" 27w0d: RADIUS: Acct-Status-Type [40] 6 Watchdog [3] 27w0d: RADIUS: NAS-Port-Type [61] 6 Virtual [5] 27w0d: RADIUS: NAS-Port [5] 6 644 27w0d: RADIUS: Service-Type [6] 6 Framed [2] 27w0d: RADIUS: NAS-IP-Address [4] 6 195.10.119.149 27w0d: RADIUS: Acct-Delay-Time [41] 6 0 27w0d: RADIUS: Received from id 21711/84 195.10.105.3:1646, Accounting- response, len 20 27w0d: RADIUS: authenticator 10 C2 29 CA A4 6D E4 B6 - 5B 31 75 A8 C4 D1 2E DC 27w0d: RADIUS: Received from id 21711/85 195.10.105.3:1646, Accounting- response, len 20 27w0d: RADIUS: authenticator 98 43 84 2A B0 4B 90 2D - 0F 30 C9 CF B5 34 93 4D *Sep 6 19:02:55: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access -----------------END OF CURRENT AUTHENTICATION------------------------ --------------START OF BAD AUTHENTICATION LOG--------------------------- 26w3d: RADIUS: AAA Unsupported [152] 15 26w3d: RADIUS: 55 6E 69 71 2D 53 65 73 73 2D 49 44 35 [Uniq- Sess-ID5 ] 26w3d: RADIUS(00002E13): Storing nasport 589 in rad_db 26w3d: RADIUS(00002E13): Config NAS IP: 195.10.119.149 26w3d: RADIUS/ENCODE(00002E13): acct_session_id: 13951 26w3d: RADIUS(00002E13): sending 26w3d: RADIUS(00002E13): Send Access-Request to 195.10.96.2:1645 id 21710/212, l en 94 26w3d: RADIUS: authenticator 40 66 39 E2 B7 B4 FD A3 - CC 73 1D 05 74 CE A9 37 26w3d: RADIUS: Framed-Protocol [7] 6 PPP [1] 26w3d: RADIUS: User-Name [1] 25 "[EMAIL PROTECTED]" 26w3d: RADIUS: CHAP-Password [3] 19 * 26w3d: RADIUS: NAS-Port-Type [61] 6 Virtual [5] 26w3d: RADIUS: NAS-Port [5] 6 589 26w3d: RADIUS: Service-Type [6] 6 Framed [2] 26w3d: RADIUS: NAS-IP-Address [4] 6 195.10.119.149 26w3d: RADIUS: Received from id 21710/212 213.137.18.29:1645, Access- Accept, len 60 26w3d: RADIUS: Response for non-existent request ident 26w3d: RADIUS: Retransmit to (195.10.96.2:1645,1646) for id 21710/212 26w3d: RADIUS: Received from id 21710/212 213.137.18.29:1645, Access- Accept, len 60 26w3d: RADIUS: Response for non-existent request ident 26w3d: RADIUS: Retransmit to (195.10.96.2:1645,1646) for id 21710/212 26w3d: RADIUS: Received from id 21710/212 213.137.18.29:1645, Access- Accept, len 60 26w3d: RADIUS: Response for non-existent request ident 26w3d: RADIUS: Retransmit to (195.10.96.2:1645,1646) for id 21710/212 26w3d: RADIUS: Received from id 21710/212 213.137.18.29:1645, Access- Accept, len 60 26w3d: RADIUS: Response for non-existent request ident 26w3d: RADIUS: No response from (195.10.96.2:1645,1646) for id 21710/212 26w3d: RADIUS/DECODE: parse response no app start; FAIL 26w3d: RADIUS/DECODE: parse response; FAIL -----------------END OF BAD AUTHENTICATION---------------------------- -EXERPT FROM FREERADIUS LOG SHOWING AUTHENTICATION IS OK BUT IT IS NOT- Fri Jun 25 11:37:43 2004 : Auth: Login OK: [EMAIL PROTECTED] bus512/<CHAP-Passwo rd>] (from client domicilium port 567) Fri Jun 25 11:37:50 2004 : Auth: Login OK: [EMAIL PROTECTED] bus512/<CHAP-Passwo rd>] (from client domicilium port 578) Fri Jun 25 11:38:00 2004 : Auth: Login OK: [EMAIL PROTECTED] bus512/<CHAP-Passwo rd>] (from client domicilium port 578) Fri Jun 25 11:38:05 2004 : Auth: Login OK: [EMAIL PROTECTED] bus512/<CHAP-Passwo rd>] (from client domicilium port 585) Fri Jun 25 11:38:15 2004 : Auth: Login OK: [EMAIL PROTECTED] bus512/<CHAP-Passwo rd>] (from client domicilium port 585) --------------------------END----------------------------------------- -- MANNET Technical Support - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html