Hi,
I have a trouble on my radiator proxy servers. Sometimes, an
accept-request that sould invoke an Access-Reject receives an
Access-Accept instead.
I have noticed that when a fake Access-Accept is received, it's the same
reply that few times ago. The two request/replies uses the same
Identifier and Authenticator..
The two Access-Accept are exactly the same :
Let's see an example :
> Tue Feb 15 10:25:28 2000: DEBUG: Packet dump:
> *** Sending to 195.114.64.Y port 1645 ....
> Code: Access-Request
> Identifier: 55
> Authentic: <29><18>y<165>|<140>Azb<7>=++<250>U<136>
> Attributes:
> Proxy-Action = "AUTHENTICATE"
> NAS-Identifier = "xxx"
> NAS-IP-Address = 192.168.xxx.xxx
> User-Name = "[EMAIL PROTECTED]"
> CHAP-Password = "xxxx"
> Called-Station-Id = "xxxx"
> Acct-Session-Id = "00003e8d38a91b76e32c6047"
> NAS-Port-Type = Async
> NAS-Port = 20109
> User-Id = "hdantin"
> CHAP-Challenge = "xxxx"
> User-Realm = "easynet.fr"
> Service-Type = Framed-User
> Tunnel-Type = L2F
> Tunnel-Medium-Type = IP
> Proxy-State = 0
> Vendor-Specific = "Siris"
> Tue Feb 15 10:25:28 2000: DEBUG: Packet dump:
> *** Received from 195.114.64.Y port 1645 ....
> Code: Access-Accept
> Identifier: 55
> Authentic: s<4>l1><194><177><146>{<136>*<143>'7<237><240>
> Attributes:
> Service-Type = Framed-User
> Ascend-Idle-Limit = 0
> Maximum-Time = 1
> Framed-IP-Netmask = 255.255.255.255
> Ascend-Metric = 2
> Framed-Routing = None
> Framed-Protocol = PPP
> Reply-Message = "EASYSTART"
Ok, a dialup user was accepted.
7 seconds later in the logfile, I found :
> *** Sending to 195.114.64.Y port 1645 ....
> Code: Access-Request
> Identifier: 55
> Authentic: ]}<185>~<210><230><26><12><163>s42<160><22><163>.
> Attributes:
> User-Name = "totocom-user"
> Service-Type = Without-Password
> NAS-IP-Address = 195.114.64.Z
> NAS-Port = 0
> Vendor-Specific = "Mail"
>
> Tue Feb 15 10:25:35 2000: DEBUG: Packet dump:
> *** Received from 195.114.64.Y port 1645 ....
> Code: Access-Accept
> Identifier: 55
> Authentic: s<4>l1><194><177><146>{<136>*<143>'7<237><240>
> Attributes:
> Service-Type = Framed-User
> Ascend-Idle-Limit = 0
> Maximum-Time = 1
> Framed-IP-Netmask = 255.255.255.255
> Ascend-Metric = 2
> Framed-Routing = None
> Framed-Protocol = PPP
> Reply-Message = "EASYSTART"
>
> Tue Feb 15 10:25:35 2000: DEBUG: Received reply in AuthRADIUS for req 55 from 19
> 5.114.64.Y:1645
> Tue Feb 15 10:25:35 2000: WARNING: Bad authenticator received in reply to ID 55
And 195.114.64.Y never replied such an Access-Accept. The user
"totocom-user" doesn't exist in the database on 195.114.64.Y (this
server uses a patched Livingston Radius, and the users database is a
flat file hierarchy and a old password file.
I'm sure that 195.114.64.Y didn't send an Access-Accept for
"totocom-user".
I'm now trying to use DupInterval, to refuse a second Access-Accept with
the same Identifier, but I don't know if this is really the solution.
Does anyone have any idea about my problem ?
Thanks a lot for help.
Regards,
--
Frederic GARGULA
Ingenieur Reseaux & Systemes
EASYNET France
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
