Salut Fred -

On Tue, 15 Feb 2000, Frederic Gargula wrote:
> Hi,
> 
> 
> I have a trouble on my radiator proxy servers. Sometimes, an
> accept-request that sould invoke an Access-Reject receives an
> Access-Accept instead.
> 
> I have noticed that when a fake Access-Accept is received, it's the same
> reply that few times ago. The two request/replies uses the same
> Identifier and Authenticator..
> The two Access-Accept are exactly the same :
> 
> 
> Let's see an example :
> 
> > Tue Feb 15 10:25:28 2000: DEBUG: Packet dump:
> > *** Sending to 195.114.64.Y port 1645 ....
> > Code:       Access-Request
> > Identifier: 55
> > Authentic:  <29><18>y<165>|<140>Azb<7>=++<250>U<136>
> > Attributes:
> >         Proxy-Action = "AUTHENTICATE"
> >         NAS-Identifier = "xxx"
> >         NAS-IP-Address = 192.168.xxx.xxx
> >         User-Name = "[EMAIL PROTECTED]"
> >         CHAP-Password = "xxxx"
> >         Called-Station-Id = "xxxx"
> >         Acct-Session-Id = "00003e8d38a91b76e32c6047"
> >         NAS-Port-Type = Async
> >         NAS-Port = 20109
> >         User-Id = "hdantin"
> >         CHAP-Challenge = "xxxx"
> >         User-Realm = "easynet.fr"
> >         Service-Type = Framed-User
> >         Tunnel-Type = L2F
> >         Tunnel-Medium-Type = IP
> >         Proxy-State = 0
> >         Vendor-Specific = "Siris"
> > Tue Feb 15 10:25:28 2000: DEBUG: Packet dump:
> > *** Received from 195.114.64.Y port 1645 ....
> > Code:       Access-Accept
> > Identifier: 55
> > Authentic:  s<4>l1><194><177><146>{<136>*<143>'7<237><240>
> > Attributes:
> >         Service-Type = Framed-User
> >         Ascend-Idle-Limit = 0
> >         Maximum-Time = 1
> >         Framed-IP-Netmask = 255.255.255.255
> >         Ascend-Metric = 2
> >         Framed-Routing = None
> >         Framed-Protocol = PPP
> >         Reply-Message = "EASYSTART"
> 
> Ok, a dialup user was accepted.
> 
> 7 seconds later in the logfile, I found :
> 
> > *** Sending to 195.114.64.Y port 1645 ....
> > Code:       Access-Request
> > Identifier: 55
> > Authentic:  ]}<185>~<210><230><26><12><163>s42<160><22><163>.
> > Attributes:
> >         User-Name = "totocom-user"
> >         Service-Type = Without-Password
> >         NAS-IP-Address = 195.114.64.Z
> >         NAS-Port = 0
> >         Vendor-Specific = "Mail"
> > 
> > Tue Feb 15 10:25:35 2000: DEBUG: Packet dump:
> > *** Received from 195.114.64.Y port 1645 ....
> > Code:       Access-Accept
> > Identifier: 55
> > Authentic:  s<4>l1><194><177><146>{<136>*<143>'7<237><240>
> > Attributes:
> >         Service-Type = Framed-User
> >         Ascend-Idle-Limit = 0
> >         Maximum-Time = 1
> >         Framed-IP-Netmask = 255.255.255.255
> >         Ascend-Metric = 2
> >         Framed-Routing = None
> >         Framed-Protocol = PPP
> >         Reply-Message = "EASYSTART"
> >
> > Tue Feb 15 10:25:35 2000: DEBUG: Received reply in AuthRADIUS for req 55 from 19
> > 5.114.64.Y:1645
> > Tue Feb 15 10:25:35 2000: WARNING: Bad authenticator received in reply to ID 55
> 
> 
> And 195.114.64.Y never replied such an Access-Accept. The user
> "totocom-user" doesn't exist in the database on 195.114.64.Y (this
> server uses a patched Livingston Radius, and the users database is a
> flat file hierarchy and a old password file.
> 
> I'm sure that 195.114.64.Y didn't send an Access-Accept for
> "totocom-user".
> I'm now trying to use DupInterval, to refuse a second Access-Accept with
> the same Identifier, but I don't know if this is really the solution.
> 
> Does anyone have any idea about my problem ?
> 

It looks to me like the problem is elsewhere, not on this machine at all.
Radiator is receiving a request on one side and sending it out the other. You
should be able to see the packets in both directions. I think I would have a
look at what you can see on the wire with a sniffer or tcpdump, then take your
investigations further.

hth

Hugh

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8,
NT, Rhapsody

===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Reply via email to