Re: (RADIATOR) NortelCVX1800 Problems!

Tue, 25 Jul 2000 18:50:56 -0700 


Thanks Clark -

The trace debug shows a completely bogus username coming in from the NAS. As
mentioned previously, I would think that this is a NAS configuration issue that
will need to be addressed by your vendor.

Attributes:
        User-Name = " $Id: Aptis.vinfo  ImageName=fepmd  Version=3.1  BuildNumbe
r=2140  BuildDate=03/20/2000  BuildTime=14:28:42  Machine=BUILD03  User=Build  T
argetBoard=scc  TargetProcessor=PPC603  Branch=p311  Exp $"
        NAS-Identifier = "10.2.20.99"
        User-Name = "london"

The above shows that you are receiving two "User-Name" attributes in the
request and the first one looks like the startup line from some piece of
equipment - perhaps the remote NAS itself? The second User-Name is the string
"london" - is this the name of the remote NAS?

I think you will need to sort this out first before worrying about anything
else.

hth

Hugh


On Tue, 25 Jul 2000, Clark Stacer wrote:
> 
> Thank you, Hugh!
> fyi, company is Worldxchange/World Access.
> 
> Attachments:
> 1. la-radius.cfg.txt
> 2. BAD-CVX-RADIUS-DEBUG.txt
> 
> Regards,
> Clark Stacer
> ISP Product Director
> 
> 
> ----- Original Message -----
> From: "Hugh Irvine" <[EMAIL PROTECTED]>
> To: "Clark Stacer" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
> Sent: Tuesday, July 25, 2000 1:05 AM
> Subject: Re: (RADIATOR) NortelCVX1800 Problems!
> 
> 
> >
> > Hello Clark -
> >
> > I will need to see your configuration file (no secrets) together with a
> trace 4
> > debug output showing what is going on.
> >
> > >From what you have sent below, it looks like the device is sending
> startup
> > information via radius for logging purposes. On Ascends at least, this
> > behaviour is configurable and you can turn it off on the NAS. Otherwise,
> you
> > can set up a special Handler to deal with these records and log them if
> you
> > wish.
> >
> > BTW - could you also let me know who the customer is for our records?
> >
> > thanks
> >
> > Hugh
> >
> > On Mon, 24 Jul 2000, Clark Stacer wrote:
> > > Hello.
> > > I'm currently implementing a European ISP using Nortel CVX1800's and
> > > Radiator.  I'm having some issues with authentication that I desperately
> > > need some help with.
> > >
> > > Problem:
> > > 1a. When I leave the CVX Vendor Attributes (Listed Below) out of the
> > > dictionary (Ascend dictionary) and use Ascend for NAS TYPE (Because I
> also
> > > have an Ascend TNT in our LA site), test users can login with ANY
> password
> > > as long as the username is valid.
> > > 1b. When I put the CVX vendor attributes into the dictionary and use the
> > > NortelCVX1800 NASType in radius.cfg, the userid is passed to radius as:
> > >
> > > Mon Jul 24 00:10:11 2000: INFO: Access rejected for  $Id: Aptis.vinfo
> > > ImageName
> > > =fepmd  Version=3.1  BuildNumber=2140  BuildDate=03/20/2000
> > > BuildTime=14:28:42
> > >  Machine=BUILD03  User=Build  TargetBoard=scc  TargetProcessor=PPC603
> > > Branch=p3
> > > 11  Exp $: No such user
> > >
> > >
> > > Radius.cfg file snippet:
> > > <Client cvx.nas.ip.addr>
> > >         NasType                 NortelCVX1800
> > >         Secret                  secretpass
> > >         DupInterval             0
> > >         SNMPCommunity           communityname
> > >         DefaultRealm            DEFAULT
> > > </Client>
> > >
> > > Nortel CVX 1800 Dictionary Entries I am using:
> > > # Here are some attributes that will allow us to work with
> > > # Nortel CVX 1800
> > > #VENDORATTR      2637 User-Name          1       string
> > > #VENDORATTR      2637 Filter-Id          11      string
> > > #VENDORATTR      2637 Login-IP-Host      14      ipaddr
> > > #VENDORATTR      2637 Login-Service      15      integer
> > > #VENDORATTR      2637 Login-TCP-Port     16      integer
> > > #VENDORATTR      2637 Old-Password       17      string
> > > #VENDORATTR      2637 Reply-Message      18      string
> > > #VENDORATTR      2637 Callback-Number    19      string
> > > #VENDORATTR      2637 Callback-Id        20      string
> > > #VENDORATTR      2637 Framed-Route       22      string
> > >
> > >
> > > ===
> > > Archive at http://www.starport.net/~radiator/
> > > Announcements on [EMAIL PROTECTED]
> > > To unsubscribe, email '[EMAIL PROTECTED]' with
> > > 'unsubscribe radiator' in the body of the message.
> > --
> > Radiator: the most portable, flexible and configurable RADIUS server
> > anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> > Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc.
> > Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X.
> >
> >
> >
> > ===
> > Archive at http://www.starport.net/~radiator/
> > Announcements on [EMAIL PROTECTED]
> > To unsubscribe, email '[EMAIL PROTECTED]' with
> > 'unsubscribe radiator' in the body of the message.
> >
> 

----------------------------------------
Content-Type: text/plain; name="la-radius.cfg.txt"
Content-Transfer-Encoding: 7bit
Content-Description: 
----------------------------------------

----------------------------------------
Content-Type: text/plain; name="BAD-CVX-RADIUS-DEBUG.txt"
Content-Transfer-Encoding: quoted-printable
Content-Description: 
----------------------------------------

-- 
Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc.
Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X.



===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Reply via email to