Salut Fred -
On Tue, 15 Feb 2000, Frederic Gargula wrote:
> Hi,
>
>
> I have a trouble on my radiator proxy servers. Sometimes, an
> accept-request that sould invoke an Access-Reject receives an
> Access-Accept instead.
>
> I have noticed that when a fake Access-Accept is received, it's the same
> reply that few times ago. The two request/replies uses the same
> Identifier and Authenticator..
> The two Access-Accept are exactly the same :
>
>
> Let's see an example :
>
> > Tue Feb 15 10:25:28 2000: DEBUG: Packet dump:
> > *** Sending to 195.114.64.Y port 1645 ....
> > Code: Access-Request
> > Identifier: 55
> > Authentic: <29><18>y<165>|<140>Azb<7>=++<250>U<136>
> > Attributes:
> > Proxy-Action = "AUTHENTICATE"
> > NAS-Identifier = "xxx"
> > NAS-IP-Address = 192.168.xxx.xxx
> > User-Name = "[EMAIL PROTECTED]"
> > CHAP-Password = "xxxx"
> > Called-Station-Id = "xxxx"
> > Acct-Session-Id = "00003e8d38a91b76e32c6047"
> > NAS-Port-Type = Async
> > NAS-Port = 20109
> > User-Id = "hdantin"
> > CHAP-Challenge = "xxxx"
> > User-Realm = "easynet.fr"
> > Service-Type = Framed-User
> > Tunnel-Type = L2F
> > Tunnel-Medium-Type = IP
> > Proxy-State = 0
> > Vendor-Specific = "Siris"
> > Tue Feb 15 10:25:28 2000: DEBUG: Packet dump:
> > *** Received from 195.114.64.Y port 1645 ....
> > Code: Access-Accept
> > Identifier: 55
> > Authentic: s<4>l1><194><177><146>{<136>*<143>'7<237><240>
> > Attributes:
> > Service-Type = Framed-User
> > Ascend-Idle-Limit = 0
> > Maximum-Time = 1
> > Framed-IP-Netmask = 255.255.255.255
> > Ascend-Metric = 2
> > Framed-Routing = None
> > Framed-Protocol = PPP
> > Reply-Message = "EASYSTART"
>
> Ok, a dialup user was accepted.
>
> 7 seconds later in the logfile, I found :
>
> > *** Sending to 195.114.64.Y port 1645 ....
> > Code: Access-Request
> > Identifier: 55
> > Authentic: ]}<185>~<210><230><26><12><163>s42<160><22><163>.
> > Attributes:
> > User-Name = "totocom-user"
> > Service-Type = Without-Password
> > NAS-IP-Address = 195.114.64.Z
> > NAS-Port = 0
> > Vendor-Specific = "Mail"
> >
> > Tue Feb 15 10:25:35 2000: DEBUG: Packet dump:
> > *** Received from 195.114.64.Y port 1645 ....
> > Code: Access-Accept
> > Identifier: 55
> > Authentic: s<4>l1><194><177><146>{<136>*<143>'7<237><240>
> > Attributes:
> > Service-Type = Framed-User
> > Ascend-Idle-Limit = 0
> > Maximum-Time = 1
> > Framed-IP-Netmask = 255.255.255.255
> > Ascend-Metric = 2
> > Framed-Routing = None
> > Framed-Protocol = PPP
> > Reply-Message = "EASYSTART"
> >
> > Tue Feb 15 10:25:35 2000: DEBUG: Received reply in AuthRADIUS for req 55 from 19
> > 5.114.64.Y:1645
> > Tue Feb 15 10:25:35 2000: WARNING: Bad authenticator received in reply to ID 55
>
>
> And 195.114.64.Y never replied such an Access-Accept. The user
> "totocom-user" doesn't exist in the database on 195.114.64.Y (this
> server uses a patched Livingston Radius, and the users database is a
> flat file hierarchy and a old password file.
>
> I'm sure that 195.114.64.Y didn't send an Access-Accept for
> "totocom-user".
> I'm now trying to use DupInterval, to refuse a second Access-Accept with
> the same Identifier, but I don't know if this is really the solution.
>
> Does anyone have any idea about my problem ?
>
It looks to me like the problem is elsewhere, not on this machine at all.
Radiator is receiving a request on one side and sending it out the other. You
should be able to see the packets in both directions. I think I would have a
look at what you can see on the wire with a sniffer or tcpdump, then take your
investigations further.
hth
Hugh
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8,
NT, Rhapsody
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
