Hi,
Radiator still rejects login request from the NAS (Ascend MAX 4000).
I have attached my radius.cfg file (towards the bottom), my users file for
<AuthBy File> is like:
fred User-Password = "fred"
Service-Type = Framed-User,
Ascend-Metric = 2,
Ascend-Assign-IP-Pool = 0,
Framed-Routing = None,
Ascend-Idle-Limit = 900
With all the user records in the above format, when a request comes in
from NAS, radiator logs:
*** Received from xxx.xx.xxx.xx port xxxx ....
Code: Access-Request
Identifier: 237
Authentic: <191><184><137><226>]sVK<193>Ht<243>#V<239><231>
Attributes:
User-Name = "fred"
User-Password = "<255>Y{<199><207><204><30><208><153>"
NAS-Identifier = xxx.xxx.xxx.xxx
NAS-Port = 20103
NAS-Port-Type = Async
Service-Type = Login-User
State = ""
Ascend-Third-Prompt = ""
Client-Port-DNIS = "xxxxxxx"
Acct-Session-Id = "292382139"
Thu Jul 15 23:12:18 1999: INFO: Duplicate request id 237 received from
xxx.xx.xxx.xx: ignored
Thu Jul 15 23:12:20 1999: DEBUG: Packet dump:
Has anyone of you seen or experienced any problem like this.
thanks,
[EMAIL PROTECTED]
On Fri, 16 Jul 1999, Mike McCauley wrote:
>Date: Fri, 16 Jul 1999 12:17:08 -0500
>From: Mike McCauley <[EMAIL PROTECTED]>
>To: postmaster <[EMAIL PROTECTED]>
>Subject: Re: (RADIATOR) Why is radiator rejecting auth request ?
>
>On Jul 15, 8:51pm, postmaster wrote:
>> Subject: Re: (RADIATOR) Why is radiator rejecting auth request ?
>>
>> Mike,
>>
>> Even for users who are in my users file, it rejects the login request. No
>> one can log in. Can you please tell me why it's rejecting valid users.
>Hello.
>
>Its very hard to tell what the problem is without more information. The
>information that we need to look at problems is your configuration file (no
>secrtets) and your radiator log file at atrace level 4, showing what happens
>inside Radaitor.
>
>But, the usual cause of problems like that might be:
>
>1. Users file does not exist, is unreadable etc.
>2. The shared secret configured into Radiator is not correct for your NAS.
>
>Its very hard to tell which (or maybe something else) without the log file.
>
>BTW, it might be better if you address any future questions you
>might have to the Radiator mailing list. That way others can learn
>from the question and answer, and possibly contribute in areas
>where I am not expert. Also, we have other staff on the mailing list
>who can respond when I am not available.
>
>You can join the Radiator mailing list by sending email with the
>single word subscribe in the body (not in the subject line) to
>[EMAIL PROTECTED]
>There is an archive at http://www.thesite.com.au/~radiator/
>
>
>Cheers.
>
>>
>> thanks.
>> [EMAIL PROTECTED]
>>
>> On Wed, 14 Jul 1999, Mike McCauley wrote:
>>
>> >Date: Wed, 14 Jul 1999 16:52:09 -0500
>> >From: Mike McCauley <[EMAIL PROTECTED]>
>> >To: postmaster <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
>> >Subject: Re: (RADIATOR) Why is radiator rejecting auth request ?
>> >
>> >Hello,
>> >
>> >Your config looks fine.
>> >However, Ascends can be configured to query radius for some components of
>their
>> >internal configuration, and that is what you are seeing.
>> >If you do not wish to use these, you will have to change your MAX
>> >configuration.
>> >
>> >Radiator is correctly rejecting those "pseudo-users" because they are not in
>> >your user database.
>> >
>> >Hope that helps.
>> >
>> >Cheers.
>> >
>> >On Jul 14, 12:11am, postmaster wrote:
>> >> Subject: (RADIATOR) Why is radiator rejecting auth request ?
>> >>
>> >> Hello,
>> >>
>> >> I am using Radiator-2.13.1 on Solaris 2.5.1. I have radiator setup to
>> >> do mSQL Accounting and Auth by File. My radius.cfg is shown below:
>> >>
>> >> Note: NAS is is Ascend MAX
>> >>
>-----------------------------------------------------------------------------
>> >> Foreground
>> >> LogStdout
>> >> AuthPort 1645
>> >> AcctPort 1646
>> >> LogDir .
>> >> # LogFile %L/%Y-logfile
>> >> DbDir .
>> >> DictionaryFile %D/dictionary.ascend
>> >> FingerProg /bin/finger
>> >> Trace 4
>> >>
>> >> <Client DEFAULT>
>> >> Secret xxxxxxx
>> >> NasType Ascend
>> >> </Client>
>> >>
>> >> <Realm DEFAULT>
>> >> AuthByPolicy ContinueUntilAccept
>> >> RewriteUsername tr/[A-Z]/[a-z]/
>> >> MaxSessions 1
>> >> RejectHasReason
>> >> <AuthBy SQL>
>> >> AuthSelect
>> >> DBSource dbi:mSQL:radius
>> >> AccountingTable ACCOUNTING
>> >> AcctColumnDef Username,User-Name
>> >> AcctColumnDef
> the_date,Timestamp,formatted-date,'%e-%m-%Y'
>> >> AcctColumnDef the_time,Timestamp,formatted-date,'%H:%M:%S'
>> >> AcctColumnDef NAS_Identifier,NAS-Identifier
>> >> AcctColumnDef NAS_Port,NAS-Port,integer
>> >> AcctColumnDef Acct_Status_Type,Acct-Status-Type
>> >> AcctColumnDef Acct_Delay_Time,Acct-Delay-Time,integer
>> >> AcctColumnDef Acct_Session_Id,Acct-Session-Id
>> >> AcctColumnDef Acct_Session_Time,Acct-Session-Time,integer
>> >> AcctColumnDef Acct_Input_Octets,Acct-Input-Octets,integer
>> >> AcctColumnDef
>Acct_Output_Octets,Acct-Output-Octets,integer
>> >> AcctColumnDef Acct_Term_Cause,Acct-Terminate-Cause
>> >> AcctColumnDef Framed_Address,Framed-IP-Address
>> >> AcctColumnDef Framed_Protocol,Framed-Protocol
>> >> AcctColumnDef Connect_Rate,Ascend-Data-Rate
>> >> AcctColumnDef Disconnect_Cause,Ascend-Disconnect-Cause
>> >> AcctColumnDef First_Destination,Ascend-First-Dest
>> >> AcctColumnDef Client_Port_DNIS,Client-Port-DNIS
>> >> </AuthBy>
>> >> # If SQL fails then authenticate from flat file
>> >> <AuthBy FILE>
>> >> DefaultSimultaneousUse 1
>> >> Filename ./users
>> >> </AuthBy>
>> >> </Realm>
>> >>
>> >> <SessionDatabase SQL>
>> >> DBSource dbi:mSQL:radius
>> >>
>> >> AddQuery insert into RADONLINE (Username, Time_Stamp, \
>> >> NAS_Identifier, NAS_Port, Acct_Session_Id, Framed_Address, \
>> >> Nas_Port_Type, Service_Type) values ('%n', %{Timestamp},'%N', \
>> >> %{NAS-Port}, '%{Acct-Session-Id}', '%{Framed-IP-Address}', \
>> >> '%{Port-Type}', '%{Service-Type}')
>> >>
>> >> DeleteQuery delete from RADONLINE where Username='%n' and \
>> >> NAS_Identifier='%N' and NAS_Port=%{NAS-Port}
>> >>
>> >> ClearNasQuery delete from RADONLINE where NAS_Identifier='%N'
>> >>
>> >> CountQuery select NAS_Identifier, NAS_Port, Acct_Session_Id from \
>> >> RADONLINE where Username='%n'
>> >> </SessionDatabase>
>> >>
>> >>
>> >> -------------------------------------------------------------------
>> >>
>> >> this works fine in 'radpwtst'. But, when the users connect, I get the foll
>> >> errors, Has anyone seen these errors: If so, please let me know:
>> >>
>> >> Note: Note that instead of the actual Username it's sending incorrect data
>> >> like 'route-max4-1', "pools-max4", "permconn-max4-1" as the
>> >> username.
>> >>
>> >> PS: the xxx.xxx.xxx.xxx are the actual IP Addresses.
>> >>
>> >> *** Received from xxx.xxx.xxx.xxx port 1025 ....
>> >> Code: Access-Request
>> >> Identifier: 1
>> >> Authentic: ...................................
>> >> Attributes:
>> >> User-Name = "route-max4-1"
>> >> User-Password = "............."
>> >> NAS-Identifier = xxx.xxx.xxx.xxx
>> >> NAS-Port = 0
>> >> NAS-Port-Type = Virtual
>> >> Service-Type = Dialout-Framed-User
>> >>
>> >> Tue Jul 13 23:54:16 1999: DEBUG: Handling request with Handler
>> >> 'Realm=DEFAULT'
>> >> Tue Jul 13 23:54:16 1999: DEBUG: Rewrote user name to route-max4-1
>> >> Tue Jul 13 23:54:16 1999: DEBUG: Query is: select NAS_Identifier,
>> >> NAS_Port, Acct_Session_Id from RADONLINE where Username='route-max4-1'
>> >>
>> >> Tue Jul 13 23:54:16 1999: DEBUG: Handling with Radius::AuthSQL
>> >> Tue Jul 13 23:54:16 1999: DEBUG: Handling with Radius::AuthFILE
>> >> Tue Jul 13 23:54:16 1999: DEBUG: Radius::AuthFILE looks for match with
>> >> route-max4-1
>> >> Tue Jul 13 23:54:16 1999: INFO: Access rejected for route-max4-1: No such
>> >> user
>> >> Tue Jul 13 23:54:16 1999: DEBUG: Packet dump:
>> >> *** Sending to xxx.xxx.xxx.xxx port 1025 ....
>> >> Code: Access-Reject
>> >> Identifier: 1
>> >> Authentic: ..................................................
>> >> Attributes:
>> >> Reply-Message = "Request Denied"
>> >> Reply-Message = "No such user"
>> >>
>> >> Tue Jul 13 23:54:16 1999: DEBUG: Packet dump:
>> >>
>> >>
>> >>
>> >> ===
>> >> Archive at http://www.thesite.com.au/~radiator/
>> >> To unsubscribe, email '[EMAIL PROTECTED]' with
>> >> 'unsubscribe radiator' in the body of the message.
>> >>-- End of excerpt from postmaster
>> >
>> >
>> >
>> >--
>> >Mike McCauley [EMAIL PROTECTED]
>> >Open System Consultants Pty. Ltd Unix, Perl, Motif, C++, WWW
>> >24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au
>> >Phone +61 3 9598-0985 Fax +61 3 9598-0955
>> >
>> >Radiator: the most portable, flexible and configurable RADIUS server
>> >anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
>> >Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8,
>> >NT, Rhapsody
>> >
>>
>>
>>-- End of excerpt from postmaster
>
>
>
>--
>Mike McCauley [EMAIL PROTECTED]
>Open System Consultants Pty. Ltd Unix, Perl, Motif, C++, WWW
>24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au
>Phone +61 3 9598-0985 Fax +61 3 9598-0955
>
>Radiator: the most portable, flexible and configurable RADIUS server
>anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
>Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8,
>NT, Rhapsody
>
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
