Thank you, Hugh!
fyi, company is Worldxchange/World Access.
Attachments:
1. la-radius.cfg.txt
2. BAD-CVX-RADIUS-DEBUG.txt
Regards,
Clark Stacer
ISP Product Director
----- Original Message -----
From: "Hugh Irvine" <[EMAIL PROTECTED]>
To: "Clark Stacer" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Tuesday, July 25, 2000 1:05 AM
Subject: Re: (RADIATOR) NortelCVX1800 Problems!
>
> Hello Clark -
>
> I will need to see your configuration file (no secrets) together with a
trace 4
> debug output showing what is going on.
>
> >From what you have sent below, it looks like the device is sending
startup
> information via radius for logging purposes. On Ascends at least, this
> behaviour is configurable and you can turn it off on the NAS. Otherwise,
you
> can set up a special Handler to deal with these records and log them if
you
> wish.
>
> BTW - could you also let me know who the customer is for our records?
>
> thanks
>
> Hugh
>
> On Mon, 24 Jul 2000, Clark Stacer wrote:
> > Hello.
> > I'm currently implementing a European ISP using Nortel CVX1800's and
> > Radiator. I'm having some issues with authentication that I desperately
> > need some help with.
> >
> > Problem:
> > 1a. When I leave the CVX Vendor Attributes (Listed Below) out of the
> > dictionary (Ascend dictionary) and use Ascend for NAS TYPE (Because I
also
> > have an Ascend TNT in our LA site), test users can login with ANY
password
> > as long as the username is valid.
> > 1b. When I put the CVX vendor attributes into the dictionary and use the
> > NortelCVX1800 NASType in radius.cfg, the userid is passed to radius as:
> >
> > Mon Jul 24 00:10:11 2000: INFO: Access rejected for $Id: Aptis.vinfo
> > ImageName
> > =fepmd Version=3.1 BuildNumber=2140 BuildDate=03/20/2000
> > BuildTime=14:28:42
> > Machine=BUILD03 User=Build TargetBoard=scc TargetProcessor=PPC603
> > Branch=p3
> > 11 Exp $: No such user
> >
> >
> > Radius.cfg file snippet:
> > <Client cvx.nas.ip.addr>
> > NasType NortelCVX1800
> > Secret secretpass
> > DupInterval 0
> > SNMPCommunity communityname
> > DefaultRealm DEFAULT
> > </Client>
> >
> > Nortel CVX 1800 Dictionary Entries I am using:
> > # Here are some attributes that will allow us to work with
> > # Nortel CVX 1800
> > #VENDORATTR 2637 User-Name 1 string
> > #VENDORATTR 2637 Filter-Id 11 string
> > #VENDORATTR 2637 Login-IP-Host 14 ipaddr
> > #VENDORATTR 2637 Login-Service 15 integer
> > #VENDORATTR 2637 Login-TCP-Port 16 integer
> > #VENDORATTR 2637 Old-Password 17 string
> > #VENDORATTR 2637 Reply-Message 18 string
> > #VENDORATTR 2637 Callback-Number 19 string
> > #VENDORATTR 2637 Callback-Id 20 string
> > #VENDORATTR 2637 Framed-Route 22 string
> >
> >
> > ===
> > Archive at http://www.starport.net/~radiator/
> > Announcements on [EMAIL PROTECTED]
> > To unsubscribe, email '[EMAIL PROTECTED]' with
> > 'unsubscribe radiator' in the body of the message.
> --
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc.
> Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X.
>
>
>
> ===
> Archive at http://www.starport.net/~radiator/
> Announcements on [EMAIL PROTECTED]
> To unsubscribe, email '[EMAIL PROTECTED]' with
> 'unsubscribe radiator' in the body of the message.
>
# Radiator Radius config file
# Last mod 07-23-2000 by clark
# Enable these for debugging
# Trace 4
# Foreground
# LogStdout
# Logging Info
# Log level (0=err, 1=warn, 2=notice, 3=info, 4=debug, 5=raw hex)
Trace 3
LogDir /var/log
LogFile %L/radius
# Global IP Config
BindAddress 0.0.0.0
AuthPort 1645
AcctPort 1646
# Other Global options
DictionaryFile /usr/local/etc/radius-dictionary
PidFile /var/run/radius.pid
FingerProg /usr/bin/finger
SnmpgetProg /usr/bin/snmpget
# This is the Ascend TNT Max in LA4
<Client DEFAULT>
NasType Ascend
Secret test
DupInterval 0
</Client>
<Client 10.2.20.99>
NasType NortelCVX1800
Secret test
DupInterval 0
SNMPCommunity bammbamm
DefaultRealm DEFAULT
</Client>
<Realm DEFAULT>
AuthByPolicy ContinueUntilAccept
<AuthBy SQL>
AuthSelect
# Having AuthSelect NULL means we don't authenticate; only LOG.
DBSource dbi:mysql:isp
DBUsername isp
DBAuth isp
AccountingTable ACCOUNTING
AcctColumnDef USERNAME,User-Name
AcctColumnDef TIME_STAMP,Timestamp,integer
AcctColumnDef STATUSTYPE,Acct-Status-Type
AcctColumnDef DELAYTIME,Acct-Delay-Time,integer
AcctColumnDef INPUTOCTETS,Acct-Input-Octets,integer
AcctColumnDef OUTPUTOCTETS,Acct-Output-Octets,integer
AcctColumnDef SESSIONID,Acct-Session-Id
AcctColumnDef SESSIONTIME,Acct-Session-Time,integer
AcctColumnDef TERMINATECAUSE,Acct-Terminate-Cause
AcctColumnDef NASID,NAS-Identifier
AcctColumnDef IP,Framed-IP-Address
AcctColumnDef ASCDISCONNECT,Ascend-Disconnect-Cause,integer
AcctColumnDef ASCCONNECT,Ascend-Connect-Progress,integer
AcctColumnDef XMITRATE,Ascend-Xmit-Rate,integer
AcctColumnDef DATARATE,Ascend-Data-Rate,integer
AcctColumnDef MODEMPORTNO,Ascend-Modem-PortNo,integer
AcctColumnDef MODEMSLOTNO,Ascend-Modem-SlotNo,integer
AcctColumnDef MODEMSHELFNO,Ascend-Modem-ShelfNo,integer
AcctColumnDef CALLEDSTATIONID,Called-Station-Id
AcctColumnDef CALLINGSTATIONID,Calling-Station-Id
</AuthBy>
<AuthBy LDAP2>
Host localhost
AuthDN cn=radius,dc=wxc,dc=net
AuthPassword raddd
BaseDN dc=wxc,dc=net
UsernameAttr uid
PasswordAttr userPassword
AuthAttrDef reject,Auth-Type,check
AddToReply Framed-Protocol = PPP,\
Framed-IP-Netmask = 255.255.255.255,\
Framed-Routing = None,\
Framed-MTU = 1500,\
Framed-Compression = Van-Jacobson-TCP-IP
ServerChecksPassword
</AuthBy>
</Realm>
# SQL State/Session Info
# The table MUST be called RADONLINE (bug)
<SessionDatabase SQL>
Identifier SDB
DBSource dbi:mysql:isp
DBUsername root
DBAuth moomoo1
</SessionDatabase>
Tue Jul 25 03:05:45 2000: DEBUG: Packet dump:
*** Received from 10.2.20.99 port 2048 ....
Code: Access-Request
Identifier: 22
Authentic: <10><147><221>R<182><173><223><233>-<240>+<233>!.<14>=
Attributes:
User-Name = " $Id: Aptis.vinfo ImageName=fepmd Version=3.1 BuildNumbe
r=2140 BuildDate=03/20/2000 BuildTime=14:28:42 Machine=BUILD03 User=Build T
argetBoard=scc TargetProcessor=PPC603 Branch=p311 Exp $"
NAS-Identifier = "10.2.20.99"
User-Name = "london"
CHAP-Password = "<1>l<158><194><253><148>yC<204><24><239>]W<205><160>w/"
Called-Station-Id = "4517"
NAS-Port = 1024
NAS-Port-Type = Async
Framed-Protocol = PPP
Service-Type = Framed-User
Tue Jul 25 03:05:45 2000: DEBUG: Handling request with Handler 'Realm=DEFAULT'
Tue Jul 25 03:05:45 2000: DEBUG: SDB Deleting session for $Id: Aptis.vinfo Ima
geName=fepmd Version=3.1 BuildNumber=2140 BuildDate=03/20/2000 BuildTime=14:
28:42 Machine=BUILD03 User=Build TargetBoard=scc TargetProcessor=PPC603 Bra
nch=p311 Exp $, 10.2.20.99, 1024
Tue Jul 25 03:05:45 2000: DEBUG: do query is: delete from RADONLINE where NASIDE
NTIFIER='10.2.20.99' and NASPORT=01024
Tue Jul 25 03:05:45 2000: DEBUG: Handling with Radius::AuthSQL
Tue Jul 25 03:05:45 2000: DEBUG: Handling with Radius::AuthLDAP2
Tue Jul 25 03:05:45 2000: DEBUG: Connecting to localhost, port 389
Tue Jul 25 03:05:45 2000: DEBUG: No entries for $Id: Aptis.vinfo ImageName=fep
md Version=3.1 BuildNumber=2140 BuildDate=03/20/2000 BuildTime=14:28:42 Mac
hine=BUILD03 User=Build TargetBoard=scc TargetProcessor=PPC603 Branch=p311
Exp $ found in LDAP database
Tue Jul 25 03:05:45 2000: DEBUG: Radius::AuthLDAP2 looks for match with $Id: Ap
tis.vinfo ImageName=fepmd Version=3.1 BuildNumber=2140 BuildDate=03/20/2000
BuildTime=14:28:42 Machine=BUILD03 User=Build TargetBoard=scc TargetProcess
or=PPC603 Branch=p311 Exp $
Tue Jul 25 03:05:45 2000: DEBUG: Connecting to localhost, port 389
Tue Jul 25 03:05:45 2000: DEBUG: No entries for DEFAULT found in LDAP database
Tue Jul 25 03:05:45 2000: INFO: Access rejected for $Id: Aptis.vinfo ImageName
=fepmd Version=3.1 BuildNumber=2140 BuildDate=03/20/2000 BuildTime=14:28:42
Machine=BUILD03 User=Build TargetBoard=scc TargetProcessor=PPC603 Branch=p3
11 Exp $: No such user
Tue Jul 25 03:05:45 2000: DEBUG: Packet dump:
*** Sending to 10.2.20.99 port 2048 ....
Code: Access-Reject
Identifier: 22
Authentic: <10><147><221>R<182><173><223><233>-<240>+<233>!.<14>=
Attributes:
Reply-Message = "Request Denied"
