Re: (RADIATOR) Problem with Merit to Radiator proxying

Thu, 6 Jan 2000 17:57:55 -0800 


Hello Steve -

On Fri, 07 Jan 2000, Steve Suehring wrote:

> We're having a problem with authentications from a Merit server to a
> Radiator server.  The path is as follows:
> 
> NAS ---->  Merit ----> Radiator (Do authentication) 
> then
> (If Auth Successful) Radiator(Access Accept) ----> Merit ----> NAS
>   
> What I'm seeing on the Merit server is this:
> 
> Thu Jan  6 17:10:13 2000: Received-AUTHENTICATE: 15/2658
> '[EMAIL PROTECTED]' via as2.realm.net from
> as2.realm.net port 19 PPP/255.255.255.254
> Thu Jan  6 17:10:13 2000: Sending-AUTHENTICATE-AUTHENTICATE: 15/2658
> '[EMAIL PROTECTED]' via as2.realm.net from as2.realm.net
> port 19 PPP/255.255.255.254 to 153.42.42.42[153.42.42.42]:1645  
> 
> Thu Jan  6 17:10:13 2000: Response-AUTHENTICATE: 15/2658
> '[EMAIL PROTECTED]' via as2.realm.net from as2.realm.net port 19
> PPP/255.255.255.254 from 153.42.42.42[153.42.42.42]:1645
> 
> Thu Jan  6 17:10:13 2000: rad_reply: Problem parsing user for request from
> as2.realm.net
> Thu Jan  6 17:10:13 2000: AUTHENTICATE: 15/2658 '[EMAIL PROTECTED]'
> via as2.realm.net from as2.realm.net port 19
> "xxxxx.realm.net" PPP/255.255.255.254 - FAILED  -- total 0, holding 0
> 
> 
> But then it doesn't accounting and the user gets online!  Obviously the
> problem is with Merit parsing the user for the request.  Unfortunately I
> cannot do any debugging on the merit server beyond the logfile.
> 
> I've changed the reply attributes to include User-Name with no luck.  (And
> yes, I know that the session-timeout is being set twice).  :)
> 
> Trace 4 reply sent to the merit server:
> Attributes:
>         Framed-Protocol = PPP
>         Framed-Routing = None
>         Session-Timeout = 14400
>         Framed-Compression = Van-Jacobson-TCP-IP
>         Session-Timeout = 604800
>         NAS-Identifier = "xxx.xxx.xxx.xxx"
>         NAS-Port = 1040
>         User-Name = "[EMAIL PROTECTED]"   
> 

I must confess to being perplexed as to how the user is getting online, if the
Merit server is rejecting the request. It sounds more like the Access-Accept
from the Radiator host is being returned to the NAS by the Merit host, but that
the accounting packets are not being handled correctly.

What exactly are your requirements?

thanks

Hugh


-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8,
NT, Rhapsody

===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Reply via email to