Hi Phil, Looks to me like your remote Radius server is replying to the packets generated by radpwtst, but not the ones from your NAS. I suspect you are going to have to look at whats going on in the remote radius server, and find out why it replies to one type of packet but not the other. As far as I can see, Radiator is doing the right thing. Cheers. > > I apologize for the length of this message; I wanted the > documentation to be as complete as possible. > > I'm having problem with a proxy from Radiator to another (unknown) > radius server. When I run radpwtst, the proxy works just fine. When > I authenticate from a modem, it fails. The big mystery is that in > both cases I get back packets from the remote radius server. But in > the latter case, Radiator (at log level 4) doesn't recognize these > responses. Instead, it times out and retries till the retry limit is > reached. > > It's probably worth mentioning that this is not a new Radiator > installation; it's been up and running for years. > > The specs: > Radiator 2.12.1 > Solaris 2.5.1 > > An excerpt from the config (line wrapped for readability): > > <Realm norcomld.com> > RewriteUsername s/^\s*([^@ ]+).*/$1/ > AcctLogFileName %L/NOR%c-%Y%m%d > <AuthBy RADIUS> > Host ---------- > Secret ---------- > RetryTimeout 7 > AddToReply Session-Timeout=28800, > Idle-Timeout=1200, Class="norcomld.com" > StripFromReply Framed-IP-Address > </AuthBy> > </Realm> > > > Log excerpt: > > ============ This one fails: ============== > Tue Aug 24 06:09:47 1999: DEBUG: Packet dump: > *** Received from 208.130.43.34 port 1645 .... > Code: Access-Request > Identifier: 168 > Authentic: -------------------- > Attributes: > User-Name = "[EMAIL PROTECTED]" > User-Password = ------------------------- > Client-Id = 208.130.43.34 > Client-Port-Id = 2825 > Acct-Session-Id = "185082624" > Interface_Index = 4081 > Service-Type = Login-User > Chassis-Call-Slot = 12 > Chassis-Call-Span = 1 > Chassis-Call-Channel = 9 > Calling-Station-Id = "9787742054" > Called-Station-Id = "1710" > NAS-Port-Type = 0 > > Tue Aug 24 06:09:47 1999: DEBUG: Handling request with > Handler 'Realm=norcomld.com' > Tue Aug 24 06:09:47 1999: DEBUG: Rewrote user name to kofcins > Tue Aug 24 06:09:47 1999: DEBUG: Handling with Radius::AuthRADIUS > Tue Aug 24 06:09:47 1999: DEBUG: Forwarding 1 to 209.137.57.33:1645 > Tue Aug 24 06:09:47 1999: DEBUG: Packet dump: > *** Sending to 209.137.57.33 port 1645 .... > Code: Access-Request > Identifier: 1 > Authentic: ----------------------------------- > Attributes: > User-Name = "kofcins" > User-Password = --------------------------- > Client-Id = 208.130.43.34 > Client-Port-Id = 2825 > Acct-Session-Id = "185082624" > Interface_Index = 4081 > Service-Type = Login-User > Chassis-Call-Slot = 12 > Chassis-Call-Span = 1 > Chassis-Call-Channel = 9 > Calling-Station-Id = "9787742054" > Called-Station-Id = "1710" > NAS-Port-Type = 0 > > (There are several of these as Radiator retries.) > > ============ This one (from radpwtst) suceeds ============ > Tue Aug 24 06:17:19 1999: DEBUG: Packet dump: > *** Received from 205.139.4.15 port 38748 .... > Code: Access-Request > Identifier: 7 > Authentic: 1234567890123456 > Attributes: > User-Name = "[EMAIL PROTECTED]" > Service-Type = Login-User > Client-Id = 206.98.60.33 > Client-Port-Id = 1234 > NAS-Port-Type = 0 > User-Password = ---------------------------- > > Tue Aug 24 06:17:19 1999: DEBUG: Handling request with Handler > 'Realm=norcomld.c > om' > Tue Aug 24 06:17:19 1999: DEBUG: Rewrote user name to kofcins > Tue Aug 24 06:17:20 1999: DEBUG: Handling with Radius::AuthRADIUS > Tue Aug 24 06:17:20 1999: DEBUG: Forwarding 3 to 209.137.57.33:1645 > Tue Aug 24 06:17:20 1999: DEBUG: Packet dump: > *** Sending to 209.137.57.33 port 1645 .... > Code: Access-Request > Identifier: 3 > Authentic: 1234567890123456 > Attributes: > User-Name = "kofcins" > Service-Type = Login-User > Client-Id = 206.98.60.33 > Client-Port-Id = 1234 > NAS-Port-Type = 0 > User-Password = -------------------- > Roaming = ipass > POP = testing > > Tue Aug 24 06:17:20 1999: ERR: Attribute number 218 (vendor ) is not > defined in > your dictionary > Tue Aug 24 06:17:20 1999: DEBUG: Packet dump: > *** Received from 209.137.57.33 port 1645 .... > Code: Access-Accept > Identifier: 3 > Authentic: -------------------------- > Attributes: > User-Name = "kofcins" > Dial-Out-Call-Rest = "" > Failed-Logins = 0 > Framed-Protocol = PPP > Dial-In-Call-Rest = "<0><0><0><1>" > Framed-Routing = None > Req-Db-Mdm-Sel = 2 > Ascend-Idle-Limit = 1800 > Service-Type = Framed-User > > Tue Aug 24 06:17:20 1999: DEBUG: Received reply in AuthRADIUS for req > 3 from 209 > .137.57.33:1645 > Tue Aug 24 06:17:20 1999: DEBUG: Packet dump: > *** Sending to 205.139.4.15 port 38748 .... > Code: Access-Accept > Identifier: 7 > Authentic: 1234567890123456 > Attributes: > User-Name = "kofcins" > Dial-Out-Call-Rest = "" > Failed-Logins = 0 > Framed-Protocol = PPP > Dial-In-Call-Rest = "<0><0><0><1>" > Framed-Routing = None > Req-Db-Mdm-Sel = 2 > Ascend-Idle-Limit = 1800 > Service-Type = Framed-User > Session-Timeout = 28800 > Idle-Timeout = 1200 > Class = "norcomld.com" > > -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. Ltd Unix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, NT, Rhapsody === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
