-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Radiator users,
I am hoping that somebody can help me understand an issue that I am
having with a Radiator config. From the outset I will say that my
experience with RADIUS is rather limited, so please excuse me if I use
the wrong words here and there, or if my ideas are a bit munged.
First a description of the system. We have a Cisco 3620 with ten
digital modems and an ethernet interface. It is to serve dialin PPP
connections to several groups of users. I have Radiator installed on
an NT PDC, supposedly using the NT domain for authenticating the
dialin users. We wish for the dialin users to be assigned IP
addresses from different pools depending on their logical grouping:
students to have an IP address from subnet A, staff from subnet B and
so on. As the NT authentication seems to be "yes" or "no", I have
tried to set up the IP pool assignment based on the _called_ number.
For example, User A (a student) calls 9555-5551 and authenticates,
they are assigned an address from subnet A. Another user, B (a
teacher) calls 9555-5552 and authenticates, they are assigned an
address from subnet B.
The .cfg file that I am using is...
Foreground
LogStdout
LogDir .
DbDir .
<Client 192.168.2.130>
Secret **removed**
DupInterval 0
FramedGroupBaseAddress 192.168.3.0
FramedGroupBaseAddress 192.168.4.0
FramedGroupBaseAddress 192.168.5.0
FramedGroupBaseAddress 192.168.6.0
</Client>
Trace 4
<AuthBy NT>
Identifier Test-Tag
Domain ECC
</AuthBy>
<Handler Called-Station-Id=95555551,Service-Type=Framed-User>
<AuthBy FILE>
Filename users
FramedGroup 0
AddToReply \
Service-Type=Framed-User,\
Framed-Protocol=PPP,\
Annex-Primary-DNS-Server=203.34.218.197,\
Annex-Primary-NBNS-Server=192.168.1.5
</AuthBy>
AcctLogFileName ./detail
</Handler>
<Handler Called-Station-Id=95555552,Service-Type=Framed-User>
<AuthBy FILE>
Filename users
FramedGroup 1
AddToReply \
Service-Type=Framed-User,\
Framed-Protocol=PPP,\
Annex-Primary-DNS-Server=203.34.218.197,\
Annex-Primary-NBNS-Server=192.168.1.5
</AuthBy>
AcctLogFileName ./detail
</Handler>
<Handler Called-Station-Id=95555553,Service-Type=Framed-User>
<AuthBy FILE>
Filename users
FramedGroup 2
AddToReply \
Service-Type=Framed-User,\
Framed-Protocol=PPP,\
Annex-Primary-DNS-Server=203.34.218.197,\
Annex-Primary-NBNS-Server=192.168.1.5
</AuthBy>
AcctLogFileName ./detail
</Handler>
<Handler Called-Station-Id=95555554,Service-Type=Framed-User>
<AuthBy FILE>
Filename users
FramedGroup 3
AddToReply \
Service-Type=Framed-User,\
Framed-Protocol=PPP,\
Annex-Primary-DNS-Server=203.34.218.197,\
Annex-Primary-NBNS-Server=192.168.1.5
</AuthBy>
AcctLogFileName ./detail
</Handler>
The file "user" contains....
DEFAULT Auth-Type=Test-Tag
I was given this config by another Radiator user who had successfully
implemented it on another site. However, when I test this, radiusd
complains that there is "no such user", despite the fact that the user
does exist in the NT domain.
The trace 4 output from the radiusd is shown below...
Wed Jan 5 10:57:58 2000: DEBUG: Reading users file users
Wed Jan 5 10:57:58 2000: DEBUG: Reading users file users
Wed Jan 5 10:57:58 2000: DEBUG: Reading users file users
Wed Jan 5 10:57:58 2000: DEBUG: Reading users file users
Wed Jan 5 10:57:59 2000: INFO: Server started
Wed Jan 5 11:00:11 2000: DEBUG: Packet dump:
*** Received from 192.168.2.130 port 1645 ....
Code: Access-Request
Identifier: 236
Authentic:
<144><161><224><223><212><26>i<249><152>I<20>r<147>'<162><129>
Attributes:
NAS-IP-Address = 192.168.2.130
NAS-Port = 33
NAS-Port-Type = Async
User-Name = "ECC\Alphawest2"
Called-Station-Id = "95555551"
User-Password = "?<184>T<248>/Oi<183>;s8<242>Y<182><154><170>"
Service-Type = Framed-User
Framed-Protocol = PPP
Wed Jan 5 11:00:11 2000: DEBUG: Check if Handler
Called-Station-Id=95555551,Service-Type=Framed
- -User should be used to handle this request
Wed Jan 5 11:00:11 2000: DEBUG: Handling request with Handler
'Called-Station-Id=95555551,Servi
ce-Type=Framed-User'
Wed Jan 5 11:00:11 2000: DEBUG: Deleting session for ECC\Alphawest2,
192.168.2.130, 33
Wed Jan 5 11:00:11 2000: DEBUG: Handling with Radius::AuthFILE
Wed Jan 5 11:00:11 2000: DEBUG: Radius::AuthFILE looks for match with
ECC\Alphawest2
Wed Jan 5 11:00:11 2000: DEBUG: Radius::AuthFILE looks for match with
DEFAULT
Wed Jan 5 11:00:11 2000: DEBUG: Handling with NT
Wed Jan 5 11:00:11 2000: DEBUG: Domain Controller name is
\\ECCSERVER01
Wed Jan 5 11:00:11 2000: DEBUG: Radius::AuthFILE REJECT: NT
GetAttributes failed: 2221: No such
user
Wed Jan 5 11:00:11 2000: INFO: Access rejected for ECC\Alphawest2: NT
GetAttributes failed: 222
1: No such user
Wed Jan 5 11:00:11 2000: DEBUG: Packet dump:
*** Sending to 192.168.2.130 port 1645 ....
Code: Access-Reject
Identifier: 236
Authentic:
<144><161><224><223><212><26>i<249><152>I<20>r<147>'<162><129>
Attributes: Reply-Message = "Request Denied"
Can anybody provide any leads as to why the authentication details are
being rejected?
Thanks in advance
Dave Taylor
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.0.2
Comment: Public key available from ldap://certserver.pgp.com
iQA/AwUBOHJhS7XZ1jV6EllXEQK3cgCg2UcLO4BRTNsGrNNar2Uex8WlfH8AoIyY
UUbJSLBGGaXN5efPH9lBeeFN
=lvgO
-----END PGP SIGNATURE-----
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
