Something interesting:  I had an NT customer call me up today and he told me that he 
was able to connect and browse yesterday just fine for about two hours today he can't. 
 The logfile and detail file showed no difference in what happened, except that it was 
logged in the detail file multiple times.  There were two start accounting records and 
three stop all with the same session ID the only difference is that the 
"Acct-Delay-time" is different.  I have noticed this in many other locations in the 
detail file as well.

More info:  When an NI customer connects and can't browse (open socket connections) 
the are able to ping, trace and perform host name lookups, so it doesn't appear to be 
a routing issue.

Here are portions of the logfile at trace level 4.  I have included what the startup 
looks like, what an NT (bad) connection looks liks and what a 98 (good) connection 
looks like.  I am not sure why it says that thoes attribute numbers are not defined 
because they are, they are Ascend specific attributes, but that only seems to affect 
accounting.

------------------START UP INFO FROM LOG FILE------------------

Mon Aug  9 09:42:03 1999: NOTICE: SIGTERM received: stopping
Mon Aug  9 09:42:09 1999: DEBUG: Reading users file /etc/radiator/users
Mon Aug  9 09:42:09 1999: DEBUG: Reading password file /etc/master.passwd
Mon Aug  9 09:42:15 1999: DEBUG: Reading group file /etc/group
Mon Aug  9 09:42:16 1999: INFO: Server started
Mon Aug  9 09:42:16 1999: ERR: Attribute number 120 (vendor 529) is not defined in 
your dictionary
Mon Aug  9 09:42:16 1999: ERR: Attribute number 122 (vendor 529) is not defined in 
your dictionary
Mon Aug  9 09:42:16 1999: ERR: Attribute number 121 (vendor 529) is not defined in 
your dictionary
Mon Aug  9 09:42:16 1999: DEBUG: Packet dump:
*** Received from 209.244.17.8 port 53603 ....
Code:       Accounting-Request
Identifier: 163
Authentic:  Z]j<249><178><196>[<233>%Uvr<13>0<225><200>
Attributes:
        User-Name = "militarypress"
        NAS-Identifier = "209.244.42.44"
        NAS-Port = 391
        Framed-Protocol = PPP
        Framed-Address = 216.98.152.250
        Client-Port-DNIS = "6196644638"
        Caller-Id = "8585772916"
        Acct-Status-Type = Start
        Acct-Delay-Time = 0
        Acct-Session-Id = "285706089"
        Acct-Authentic = RADIUS
        NAS-Port-Type = Async

Mon Aug  9 09:42:16 1999: DEBUG: Handling request with Handler 'Realm=DEFAULT'
Mon Aug  9 09:42:16 1999: DEBUG: SDB1 Adding session for militarypress, 209.244.42.44, 
391
Mon Aug  9 09:42:16 1999: DEBUG: Handling with Radius::AuthFILE
Mon Aug  9 09:42:16 1999: DEBUG: Accounting accepted
Mon Aug  9 09:42:16 1999: DEBUG: Packet dump:
*** Sending to 209.244.17.8 port 53603 ....
Code:       Accounting-Response
Identifier: 163
Authentic:  Z]j<249><178><196>[<233>%Uvr<13>0<225><200>
Attributes:

Mon Aug  9 09:42:16 1999: DEBUG: Packet dump:
*** Received from 216.98.155.2 port 1026 ....
Code:       Access-Request
Identifier: 214
Authentic:  <205><141>8<169>u:#<157><246><183><157><154><135><184><233>j
Attributes:
        User-Name = "beachchair1"
        User-Password = "<133><182>b`<145><192>E<250>}d(<189>o9<7><170>"
        NAS-Identifier = "216.98.155.2"
        NAS-Port = 3
        NAS-Port-Type = Async
        Service-Type = Framed-User
        Framed-Protocol = PPP
        Connect-Info = "26400 LAPM/V42BIS"

Mon Aug  9 09:42:16 1999: DEBUG: Handling request with Handler 'Realm=DEFAULT'
Mon Aug  9 09:42:16 1999: DEBUG: SDB1 Deleting session for beachchair1, 216.98.155.2, 3
Mon Aug  9 09:42:16 1999: DEBUG: Handling with Radius::AuthFILE
Mon Aug  9 09:42:16 1999: DEBUG: Radius::AuthFILE looks for match with beachchair1
Mon Aug  9 09:42:16 1999: DEBUG: Radius::AuthFILE looks for match with DEFAULT
Mon Aug  9 09:42:16 1999: DEBUG: Handling with Radius::AuthUNIX
Mon Aug  9 09:42:16 1999: DEBUG: Radius::AuthUNIX looks for match with beachchair1
Mon Aug  9 09:42:16 1999: DEBUG: Radius::AuthUNIX ACCEPT: 
Mon Aug  9 09:42:16 1999: DEBUG: Radius::AuthFILE ACCEPT: 
Mon Aug  9 09:42:16 1999: DEBUG: Access accepted for beachchair1
Mon Aug  9 09:42:16 1999: DEBUG: Packet dump:
*** Sending to 216.98.155.2 port 1026 ....
Code:       Access-Accept
Identifier: 214
Authentic:  <205><141>8<169>u:#<157><246><183><157><154><135><184><233>j
Attributes:
        Framed-Address = 255.255.255.254
        User-Service-Type = Framed-User
        Framed-Protocol = PPP
        Framed-IP-Netmask = 255.255.255.0
        Framed-Routing = None
        Framed-MTU = 1500
        Framed-Compression = Van-Jacobsen-TCP-IP
        Session-Timeout = 28800
        Idle-Timeout = 1800

Mon Aug  9 09:42:16 1999: ERR: Attribute number 120 (vendor 529) is not defined in 
your dictionary
Mon Aug  9 09:42:16 1999: ERR: Attribute number 122 (vendor 529) is not defined in 
your dictionary
Mon Aug  9 09:42:16 1999: ERR: Attribute number 121 (vendor 529) is not defined in 
your dictionary

------------------NT LOGIN THAT COULDN'T BROWSE------------------

Mon Aug  9 09:53:32 1999: DEBUG: Packet dump:
*** Received from 216.98.155.2 port 1026 ....
Code:       Access-Request
Identifier: 244
Authentic:  ~<244><149><209><139><21><159>&&#<21><175>0<245><138><30>
Attributes:
        User-Name = "jwdavid"
        User-Password = "<140>|<30><203>rX<208><222>o<19>UZ<182><182>><206>"
        NAS-Identifier = "216.98.155.2"
        NAS-Port = 34
        NAS-Port-Type = Async
        Service-Type = Framed-User
        Framed-Protocol = PPP
        Connect-Info = "28800 LAPM/V42BIS"

Mon Aug  9 09:53:32 1999: DEBUG: Handling request with Handler 'Realm=DEFAULT'
Mon Aug  9 09:53:32 1999: DEBUG: SDB1 Deleting session for jwdavid, 216.98.155.2, 34
Mon Aug  9 09:53:32 1999: DEBUG: Handling with Radius::AuthFILE
Mon Aug  9 09:53:32 1999: DEBUG: Radius::AuthFILE looks for match with jwdavid
Mon Aug  9 09:53:32 1999: DEBUG: Radius::AuthFILE looks for match with DEFAULT
Mon Aug  9 09:53:32 1999: DEBUG: Handling with Radius::AuthUNIX
Mon Aug  9 09:53:32 1999: DEBUG: Radius::AuthUNIX looks for match with jwdavid
Mon Aug  9 09:53:32 1999: DEBUG: Radius::AuthUNIX ACCEPT: 
Mon Aug  9 09:53:32 1999: DEBUG: Radius::AuthFILE ACCEPT: 
Mon Aug  9 09:53:32 1999: DEBUG: Access accepted for jwdavid
Mon Aug  9 09:53:32 1999: DEBUG: Packet dump:
*** Sending to 216.98.155.2 port 1026 ....
Code:       Access-Accept
Identifier: 244
Authentic:  ~<244><149><209><139><21><159>&&#<21><175>0<245><138><30>
Attributes:
        Framed-Address = 255.255.255.254
        User-Service-Type = Framed-User
        Framed-Protocol = PPP
        Framed-IP-Netmask = 255.255.255.0
        Framed-Routing = None
        Framed-MTU = 1500
        Framed-Compression = Van-Jacobsen-TCP-IP
        Session-Timeout = 28800
        Idle-Timeout = 1800

Mon Aug  9 09:53:33 1999: DEBUG: Packet dump:
*** Received from 216.98.155.2 port 1026 ....
Code:       Accounting-Request
Identifier: 245
Authentic:  <148>Lel<226><169><251><132><131><239><223>|<182><193><253><171>
Attributes:
        Acct-Session-Id = "3B006FE4"
        User-Name = "jwdavid"
        NAS-Identifier = "216.98.155.2"
        NAS-Port = 34
        NAS-Port-Type = Async
        Acct-Status-Type = Start
        Acct-Authentic = RADIUS
        Connect-Info = "28800 LAPM/V42BIS"
        Service-Type = Framed-User
        Framed-Protocol = PPP
        Framed-Address = 216.98.155.37
        Acct-Delay-Time = 0

Mon Aug  9 09:53:33 1999: DEBUG: Handling request with Handler 'Realm=DEFAULT'
Mon Aug  9 09:53:33 1999: DEBUG: SDB1 Adding session for jwdavid, 216.98.155.2, 34
Mon Aug  9 09:53:33 1999: DEBUG: Handling with Radius::AuthFILE
Mon Aug  9 09:53:33 1999: DEBUG: Accounting accepted
Mon Aug  9 09:53:33 1999: DEBUG: Packet dump:
*** Sending to 216.98.155.2 port 1026 ....
Code:       Accounting-Response
Identifier: 245
Authentic:  <148>Lel<226><169><251><132><131><239><223>|<182><193><253><171>
Attributes:

------------------98 CONNECTION THAT COULD BROWSE------------------
Mon Aug  9 10:37:10 1999: DEBUG: Packet dump:
*** Received from 216.98.155.3 port 1026 ....
Code:       Access-Request
Identifier: 221
Authentic:  <228><146><219><217><132>l<167><191><29><31>Uy<247><181><166><14>
Attributes:
        User-Name = "jwdavid"
        User-Password = "<222>[k<150><252><146><229>s<3><185><7>}V<173><153>`"
        NAS-Identifier = "216.98.155.3"
        NAS-Port = 5
        NAS-Port-Type = Async
        Service-Type = Framed-User
        Framed-Protocol = PPP
        Connect-Info = "19200 LAPM/V42BIS"

Mon Aug  9 10:37:10 1999: DEBUG: Handling request with Handler 'Realm=DEFAULT'
Mon Aug  9 10:37:10 1999: DEBUG: SDB1 Deleting session for jwdavid, 216.98.155.3, 5
Mon Aug  9 10:37:10 1999: DEBUG: Handling with Radius::AuthFILE
Mon Aug  9 10:37:10 1999: DEBUG: Radius::AuthFILE looks for match with jwdavid
Mon Aug  9 10:37:10 1999: DEBUG: Radius::AuthFILE looks for match with DEFAULT
Mon Aug  9 10:37:10 1999: DEBUG: Handling with Radius::AuthUNIX
Mon Aug  9 10:37:10 1999: DEBUG: Radius::AuthUNIX looks for match with jwdavid
Mon Aug  9 10:37:10 1999: DEBUG: Radius::AuthUNIX ACCEPT: 
Mon Aug  9 10:37:10 1999: DEBUG: Radius::AuthFILE ACCEPT: 
Mon Aug  9 10:37:10 1999: DEBUG: Access accepted for jwdavid
Mon Aug  9 10:37:10 1999: DEBUG: Packet dump:
*** Sending to 216.98.155.3 port 1026 ....
Code:       Access-Accept
Identifier: 221
Authentic:  <228><146><219><217><132>l<167><191><29><31>Uy<247><181><166><14>
Attributes:
        Framed-Address = 255.255.255.254
        User-Service-Type = Framed-User
        Framed-Protocol = PPP
        Framed-IP-Netmask = 255.255.255.0
        Framed-Routing = None
        Framed-MTU = 1500
        Framed-Compression = Van-Jacobsen-TCP-IP
        Session-Timeout = 28800
        Idle-Timeout = 1800

Mon Aug  9 10:37:11 1999: DEBUG: Packet dump:
*** Received from 216.98.155.3 port 1026 ....
Code:       Accounting-Request
Identifier: 222
Authentic:  b<11><252>xq&<135>J<234><158><143><169>HRc)
Attributes:
        Acct-Session-Id = "36004F2A"
        User-Name = "jwdavid"
        NAS-Identifier = "216.98.155.3"
        NAS-Port = 5
        NAS-Port-Type = Async
        Acct-Status-Type = Start
        Acct-Authentic = RADIUS
        Connect-Info = "19200 LAPM/V42BIS"
        Service-Type = Framed-User
        Framed-Protocol = PPP
        Framed-Address = 216.98.155.84
        Acct-Delay-Time = 0

Mon Aug  9 10:37:11 1999: DEBUG: Handling request with Handler 'Realm=DEFAULT'
Mon Aug  9 10:37:11 1999: DEBUG: SDB1 Adding session for jwdavid, 216.98.155.3, 5
Mon Aug  9 10:37:11 1999: DEBUG: Handling with Radius::AuthFILE
Mon Aug  9 10:37:11 1999: DEBUG: Accounting accepted
Mon Aug  9 10:37:11 1999: DEBUG: Packet dump:
*** Sending to 216.98.155.3 port 1026 ....
Code:       Accounting-Response
Identifier: 222
Authentic:  b<11><252>xq&<135>J<234><158><143><169>HRc)
Attributes:

John Davidson

> 
> 
> Hi John -
> 
> It would also be useful to include debug output at Trace level 4 showing what
> is happening. I would have expected to see at least a couple of errors when
> Radiator started up with this configuration.
> 
>  On Sat, 07 Aug 1999, [EMAIL PROTECTED] wrote:
> > Hi;
> > 
> > We installed Radiator last weekend on our system and since that time our dialup NT 
>(4.0) customers have had problems accessing the system.  They authenticate just fine 
>but can't browse. To really confuse things this only happens when they dialup into 
>our PM3's not our Ascend's.
> > 
> > I know that this doesn't sound like a Radius problem, but that is the only thing 
>that has changed on our system.
> > 
> > Here is the info from our config files that is relivant:
> > 
> > From radius.cfg:
> > 
> > <Realm DEFAULT>
> >         AuthByPolicy ContinueUntilAccept
> > 
> >         <AuthBy FILE>
> >                 # The filename defaults to %D/users
> >         </AuthBy>
> > 
> >         # Log accounting to the detail file in LogDir
> >         MaxSessions 1
> >         AcctLogFileName %L/detail
> >         SessionDatabase SDB1
> > </Realm>
> > <Realm thiswontmatchanything>
> > # This clause says that for entries in the users file
> > # that specify Auth-Type=System, use the UNIX module to
> > # authenticate them
> >         <AuthBy UNIX>
> >                 Identifier System
> >                 Filename /etc/master.passwd
> >         </AuthBy>
> >         SessionDatabase SDB1
> > </Realm>
> > 
> 
> I have rewritten part of your config as follows:
> 
> # SessionDatabase is a global parameter using either SQL or DBM
> <SessionDatabase SQL>
>       DBSource ....
>       DBUsername ...
>       DBAuth ...
> </SessionDatabase>
> 
> # This clause says that for entries in the users file
> # that specify Auth-Type=System, use the UNIX module to
> # authenticate them
> <AuthBy UNIX>
>       Identifier System
>       Filename /etc/master.passwd
> </AuthBy>
> 
> # Set up a DEFAULT Realm
> <Realm DEFAULT>
>               <AuthBy FILE>
>                               Filename %D/users  # Make it clear what users file
>                </AuthBy>
>               # Set maximum number of sessions to 1
>               MaxSessions 1
>         # Log accounting to the detail file in LogDir
>               AcctLogFileName %L/detail
> </Realm>
> 
> > 
> > From users:
> > 
> > DEFAULT         Auth-Type=System
> >         User-Service-Type = Framed-User,
> >         Framed-Protocol = PPP,
> >         Framed-IP-Address = 255.255.255.254,
> >         Framed-IP-Netmask = 255.255.255.0,
> >         Framed-Routing = None,
> >         Framed-MTU = 1500,
> >         Framed-Compression = Van-Jacobsen-TCP-IP,
> >         Session-Timeout = 28800,
> >         Idle-Timeout = 1800
> > 
> 
> The standard dictionary supplied with Radiator does not define
> "User-Service-Type", but rather "Service-Type", so that may be your problem.
> 
>  If your pm3's and ascends are behaving differently to the same set of reply
> items as shown above, then the problem must be with the reply items. You should
> check the debug output on the NAS equipment to see what is going on.
> 
> hth
> 
> Hugh
> 
> --
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8,
> NT, Rhapsody
> 
> ===
> Archive at http://www.thesite.com.au/~radiator/
> To unsubscribe, email '[EMAIL PROTECTED]' with
> 'unsubscribe radiator' in the body of the message.
> 


===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Reply via email to