Hi,
I am still experiencing a dilema with a check item problem (which is not
the check item itself as you will see from the Debug output) What is
happening is that the user "foobar" is being rejected due to a Caller-ID
failure (which is what we want) and then being accepted by the DEFAULT
option above the foobar entry in the user file. (I am assuming)
I can see where it is being rejected but then for some reason it wants to
continue on and verify them using AuthUnix. I can guarantee that this user
foobar is AFTER the DEFAULT entry in the users file, even though it comes
up looking for this entry. (I have been told (by Mike) that the order is
not important anyway, but do have it in this order)
Could it be an error in my config file somewhere? I have supplied it minus
most clients.
I have included the radius.cfg file, Trace 4 dump and a snapshot of the
users entry to help.
Here is a snapshot of the Trace Level 4 for the Caller-Station-Id problem.
-------- trace 4 dump
Wed Jan 19 09:57:07 2000: DEBUG: Packet dump:
*** Received from 203.15.24.62 port 1026 ....
Code: Access-Request
Identifier: 140
Authentic: <203>s<142><232><134><136><207>w<210>u<197><255>6<4>bZ
Attributes:
User-Name = "foobar"
User-Password =
"<165>#5<208><186><175><18><187>'<222>=(<187>=<250><169>
"
NAS-IP-Address = 203.15.24.62
NAS-Port = 46
NAS-Port-Type = Async
Service-Type = Framed-User
Framed-Protocol = PPP
Connect-Info = "50000 LAPM/V42BIS"
Called-Station-Id = "82160000"
Calling-Station-Id = "882118612"
Wed Jan 19 09:57:07 2000: DEBUG: Handling request with Handler
'Realm=DEFAULT'
Wed Jan 19 09:57:07 2000: DEBUG: Rewrote user name to foobar
Wed Jan 19 09:57:07 2000: DEBUG: Rewrote user name to foobar
Wed Jan 19 09:57:07 2000: DEBUG: Deleting session for foobar,
203.15.24.62, 46
Wed Jan 19 09:57:07 2000: DEBUG: Handling with Radius::AuthFILE
Wed Jan 19 09:57:07 2000: DEBUG: Radius::AuthFILE looks for match with
foobar
Wed Jan 19 09:57:07 2000: DEBUG: Handling with Radius::AuthUNIX
Wed Jan 19 09:57:07 2000: DEBUG: Radius::AuthUNIX looks for match with
foobar
Wed Jan 19 09:57:07 2000: DEBUG: Radius::AuthUNIX REJECT: Check item
Calling-Sta
tion-Id expression '1111' does not match '882118612' in request
Wed Jan 19 09:57:07 2000: DEBUG: Radius::AuthFILE REJECT: Check item
Calling-Sta
tion-Id expression '1111' does not match '882118612' in request
Wed Jan 19 09:57:07 2000: DEBUG: Radius::AuthFILE looks for match with
DEFAULT
Wed Jan 19 09:57:07 2000: DEBUG: Handling with Radius::AuthUNIX
Wed Jan 19 09:57:07 2000: DEBUG: Radius::AuthUNIX looks for match with
foobar
Wed Jan 19 09:57:07 2000: DEBUG: Radius::AuthUNIX ACCEPT:
Wed Jan 19 09:57:07 2000: DEBUG: Radius::AuthFILE ACCEPT:
Wed Jan 19 09:57:07 2000: DEBUG: Access accepted for foobar
Wed Jan 19 09:57:07 2000: DEBUG: Packet dump:
*** Sending to 203.15.24.62 port 1026 ....
Code: Access-Accept
Identifier: 165
Authentic: 4v<178><242><216>o<135>T<160>{r%<191>YEK
Attributes:
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-MTU = 1500
Reply-Message = "Welcome to DOVE Austalia"
Wed Jan 19 09:57:07 2000: DEBUG: Packet dump:
*** Received from 203.15.24.62 port 1026 ....
Code: Accounting-Request
Identifier: 141
Authentic: <247>?<239><140><189><199>,<163>;r<14><135><18><184><227><156>
Attributes:
Acct-Session-Id = "09026A3F"
User-Name = "foobar"
NAS-IP-Address = 203.15.24.62
NAS-Port = 46
NAS-Port-Type = Async
Acct-Status-Type = Start
Acct-Authentic = RADIUS
Connect-Info = "50000 LAPM/V42BIS"
Called-Station-Id = "82160000"
Calling-Station-Id = "882118612"
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-IP-Address = 203.30.53.225
Acct-Delay-Time = 0
Wed Jan 19 09:57:07 2000: DEBUG: Handling request with Handler
'Realm=DEFAULT'
Wed Jan 19 09:57:07 2000: DEBUG: Rewrote user name to foobar
Wed Jan 19 09:57:07 2000: DEBUG: Rewrote user name to foobar
Wed Jan 19 09:57:07 2000: DEBUG: Adding session for foobar, 203.15.24.62,
46
Wed Jan 19 09:57:07 2000: DEBUG: Handling with Radius::AuthFILE
Wed Jan 19 09:57:07 2000: DEBUG: Accounting accepted
Wed Jan 19 09:57:07 2000: DEBUG: Packet dump:
------ end Trace 4 dump
------ radius.cfg
AuthPort 1645
AcctPort 1646
# Trace 4
BindAddress x.x.x.x
LogDir /usr1/log/radius
# LogStdout
DbDir /usr/local/etc/raddb
DictionaryFile /usr/local/etc/raddb/dictionary
<Client xxx.xx.xx.x>
Secret xxxxxx
DupInterval 180
</Client>
<Realm DEFAULT>
<AuthBy FILE>
Filename /usr/local/etc/raddb/users
</AuthBy>
RewriteUsername s/^([^@]+).*/$1/
RewriteUsername tr/A-Z/a-z/
AcctLogFileName %L/detail
AcctLogFileFormat
%{NAS-Port}|%U|%C|%a|dove|PPP|%{Acct-Status-Type}|%t|%
{Acct-Session-Id}|%{Acct-Terminate-Cause}|%{Acct-Output-Octets}|%{Calling-Statio
n-Id}|%{USR-Connect-Speed}
PasswordLogFileName %L/logfile
</Realm>
<Realm dummyrealmforholdingauthbyunix>
<AuthBy UNIX>
Identifier System
Filename /etc/master.passwd
</AuthBy>
RewriteUsername tr/A-Z/a-z/
AcctLogFileName %L/detail
AcctLogFileFormat
%{NAS-Port}|%U|%C|%a|dove|PPP|%{Acct-Status-Type}|%t|%
{Acct-Session-Id}|%{Acct-Terminate-Cause}|%{Acct-Output-Octets}|%{Calling-Statio
n-Id}|%{USR-Connect-Speed}
PasswordLogFileName %L/logfile
</Realm>
------- end radius.cfg
------- users file mini snapshot
foobar Auth-Type = System, Calling-Station-Id = "1111"
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-MTU = 1500,
Framed-IP-Address = 1.2.3.4
DEFAULT Auth-Type = System
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-MTU = 1500,
Reply-Message = "Welcome to DOVE Austalia"
------ end users file mini snapshot
Hopefully someone can make sense of this user being accepted and sorry for
the mass of information here.
Regards,
Paul Thornton.
,- __ -, DOVE AUSTRALIA SYSADMIN TEAM
/ \___/ /__ _ _____/ \
/ _ / _ / _ \ |/ / -_) _ \ Account queries: [EMAIL PROTECTED]
/.- \_,_/\___/___/\__/ -.\ Tech Support: [EMAIL PROTECTED]
A U S T R A L I A Sales queries: [EMAIL PROTECTED]
http://dove.net.au Admin queries: [EMAIL PROTECTED]
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
