(RADIATOR) Password is rejected when proxy forwards the request

Mon, 20 Nov 2000 07:18:55 -0800 

Hi all,


Proxying requests to one of our customers' servers ends up being rejected
with a "bad password". This user/password combination works in our
individual environments but goes awry when proxied. The customer sees a "bad
password" in his master radiator server's logfile. I would appreciate any
help.

My proxy config file is shown below, "zonnetproxy" is the problem area:

Trace   4

Foreground
LogDir          .
DbDir           .

<Client DEFAULT>
        Secret  xxxxxxxxxx
        DupInterval 0
</Client> 

# proxying to zonnet
<AuthBy RADIUS>
        Identifier zonnetproxy
        Host  xxx.xxx.xxx.xxx
        Secret xxxxxxxxx
</AuthBy>


# Handle everyone with RADIUS
<AuthBy RADIUS>
        Identifier LocalCheck
        Host yyy.yyy.yyy.yyy
        Secret xxxxxxxxxxxxxxxxx
        CachePasswords
        CachePasswordExpiry
</AuthBy>

# proxy to zonnet
<Handler Called-Station-Id=207500370>
        AuthBy zonnetproxy
</Handler>

<Handler>
        AuthByPolicy ContinueWhileAccept
        AuthBy LocalCheck
</Handler>
*****************************************************************
The customer uses LDAP handlers which look like this:

<Handler>
        <AuthBy LDAP2>
        AddToReply Framed-IP-Address=255.255.255.254,\
Framed-MTU=1500,\
Service-Type=Framed-User,\
Framed-Protocol=PPP,\
Ascend-Client-Primary-DNS=xxxx.xxxx.xxxx.xxxx,\
Ascend-Client-Secondary-DNS=xxxx.xxxx.xxxx.xxxx

        Host XXXXXXXXXXXXXXXXXXXXXX.versatel.net
        AuthDN uid=rad02,ou=versatel applications,o=versatel.net
        AuthPassword XXXXXXXXXXXXXXXXXXXXXXXXXX
        BaseDN o=versatel.net
        UsernameAttr uid
        PasswordAttr userpassword
        HoldServerConnection
        NoDefaultIfFound


        </AuthBy>
        PasswordLogFileName /data/radius/log/passwordlogfiles/%Y%m%d.pw
        RejectHasReason
</Handler>



PROXY Config:

Trace   4
PidFile /tmp/radproxy.pid
AuthPort        1645
AcctPort        1646
BindAddress XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
LogDir          /data/radproxy/log
LogFile         %L/logfiles/%Y/%m/%d/%H.log
DbDir           /data/radproxy/raddb

# THIS CLIENT IS MY PROXY SERVER
<Client  xxxx.xxxx.xxxx.xxxx>
        Secret XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
        IgnoreAcctSignature
</Client>

<Handler>
        <AuthBy RADIUS>
                Host zzzz.zzzz.zzzz.zzzz
                Secret XXXXXXXXXXXXXXXXXXXXXXXXx
                AuthPort 1645
                AcctPort 1646
        </AuthBy>
</Handler>







===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Reply via email to