Hello:
We are using Radiator 2.13.1 with openLDAP and works fine, but we need a
special IP allocation mechanism so we are moving to version 2.16.3 with
openLDAP and MySQL for the IP allocation.
We have installed all the required software and configured a test realm.
The tests with radpwtst works ok, the access is granted and the IP is
right allocated.
The problem is that when we try a dial-in access we get this log:
Code: Access-Request
Identifier: 6
Authentic: <27><154><214><186>M<3><246><209><212>b<193><252>PY5+
Attributes:
User-Name = "user2@pruebasql"
CHAP-Password =
"<3><157><31><11><224><143>M%<21><205>T<19><17>3;<218><229>"
NAS-Port = 527
Acct-Session-Id = "34472896"
USR-Interface-Index = 1783
Tunnel-Supports-Tags = 0
Service-Type = Framed-User
Framed-Protocol = PPP
Chassis-Call-Slot = 3
Chassis-Call-Span = 1
Chassis-Call-Channel = 15
Connect-Speed = 300_BPS
Calling-Station-Id = "985195703"
Called-Station-Id = "901666330"
NAS-Port-Type = Async
Wed Oct 25 11:37:20 2000: DEBUG: Handling request with Handler
'Realm=pruebasql'Wed Oct 25 11:37:20 2000: DEBUG: Rewrote user name to
user2
Wed Oct 25 11:37:20 2000: DEBUG: Deleting session for user2@pruebasql,
*Client-IP*, 527
Wed Oct 25 11:37:20 2000: DEBUG: Handling with Radius::AuthLDAP2
Wed Oct 25 11:37:20 2000: DEBUG: Radius::AuthLDAP2 rejected user2
because of an
empty password
Wed Oct 25 11:37:20 2000: INFO: Access rejected for user2: Empty
password
Wed Oct 25 11:37:20 2000: DEBUG: Packet dump:
*** Sending to *Client-IP* port 64731 ....
Code: Access-Reject
Identifier: 6
Authentic: <27><154><214><186>M<3><246><209><212>b<193><252>PY5+
Attributes:
Port-Message = "Request Denied"
If we setup the ppp client with the refuse-chap option, Radiator gets an
User-Password instead a CHAP-Password attribute and everything works
fine, so the LDAP integration still works.
The configuration file is the same for both versions (2.13.1 in
production and 2.16.3 in test) except for the <AuthBy DYNADDRESS> which
I think is not involved in the CHAP authentication. So secrets and
client addresses are right.
The only differences between logs in the production server and the test
server is that the test server makes a "Deleting session for
user2@pruebasql, *Client-IP*, 527" before the AuthLDAP2 Handling and the
Authentic that are different (by the way, what is this Authentic: line?)
We'll be very pleased if somebody can help us with this.
Thanks in advance.
--
--------------------------------------------------------------------
Ignacio Paredes | email: [EMAIL PROTECTED]
Eurocomercial | Tfno: +34 91 4359687
Informatica y Comunicaciones | Fax: +34 91 4313240
--------------------------------------------------------------------
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
