Hello John,
On Jun 13, 10:35am, John Coy wrote:
> Subject: Re: (RADIATOR) Nortel CVX and VSAs
> Mike, in your testing do you happen to know what version of the
> Nortel CVX operating system your customer was running?
No, it was tested with assistance of Lisa Goulet
([EMAIL PROTECTED]) Dave Salaman
([EMAIL PROTECTED]) and others.
Perhaps they can say what the version was?
It certainly loks like your CVX has no idea what those attributes mean.
> When I
> run the "radius" test command on my CVX, here's what I get (copied
> below). Most of the "unknown" attributes are CVX VSAs. I'll copy
> the entry from the RADIUS users file so you can see which attributes
> I'm setting (I'll be glad to send my dictionary file as well if you
> want to look at it):
>
> sending RADIUS auth requests to AAA server for VPOP 0:
> username 'XXX', password 'XXX'
> radius: Access-Request (1) to server 208.133.27.2, id 206, length 300
> radius: auth 5d 7e e3 3f 0f 13 1b f8
> radius: 3d cf 44 d1 32 0f ff 8f
> User-Password [2, len 16] = <3e be 4e 39 bd 29 be c9 ...>
> Vendor-Specific [26, len 207] = <2637>
> CVX-Identication [1, len 201] = < $Id:
> Aptis.vinfo ImageName=fepmd Version=3.6.2p5 BuildNumber=3492
> BuildDate=02/05/2001 BuildTime=14:07:24 Machine=BUILD01 User=build
> TargetBoard=scc TargetProcessor=PPC603 Branch=p362 Exp $>
> NAS-Identifier [32, len 8] = <cvx01-fy>
> User-Name [1, len 5] = <test1>
> Called-Station-Id [30, len 7] = <8675309>
> Calling-Station-Id [31, len 7] = <5551212>
> NAS-Port [5, len 4] = <16843009>
> NAS-Port-Type [61, len 4] = <0>
> Service-Type [6, len 4] = <7>
> radius: Access-Accept (2) from server 208.133.27.2, id 206,
> length 224, time 44 ms
> radius: auth 96 21 fe 1f 48 74 44 aa
> radius: 69 df b9 ca cc 4d dd 17
> Ascend-Maximum-Channels [235, len 4] = <1>
> Ascend-Idle-Limit [244, len 4] = <1800>
> Ascend-Assign-IP-Pool [218, len 4] = <0>
> Service-Type [6, len 4] = <2>
> Framed-Protocol [7, len 4] = <1>
> unknown [125, len 4] = <00 00 01 e0>
> Ascend-Primary-DNS [135, len 4] = <208.133.27.10>
> Ascend-Secondary-DNS [136, len 4] = <216.152.26.168>
> Ascend-Assign-DNS [137, len 4] = <1>
> unknown [128, len 4] = <00 00 00 00>
> Ascend-Multicast-Client [155, len 4] = <1>
> Ascend-Multicast-Rate-Limit [152, len 4] = <5>
> unknown [26, len 10] = <00 00 0a 4d 85 21 02 c3 ...>
> unknown [26, len 13] = <00 00 0a 4d 85 21 02 c9 ...>
> unknown [26, len 13] = <00 00 0a 4d 85 21 02 ca ...>
> unknown [26, len 13] = <00 00 0a 4d 85 21 00 66 ...>
> unknown [26, len 13] = <00 00 0a 4d 85 21 00 67 ...>
> unknown [26, len 10] = <00 00 0a 4d 85 21 00 69 ...>
> unknown [26, len 10] = <00 00 0a 4d 85 21 00 68 ...>
> unknown [26, len 10] = <00 00 0a 4d 85 21 00 6a ...>
> unknown [26, len 10] = <00 00 0a 4d 85 21 00 6b ...>
> unknown [26, len 10] = <00 00 0a 4d 85 21 00 6c ...>
>
>
> Here's the "users" file entry that the attributes are being assigned:
>
> DEFAULT Auth-Type = ANCI-AuthSQLorUNIXPasswd
> Ascend-Idle-Limit = 1800,
> Ascend-Assign-IP-Pool = 0,
> Service-Type = Framed-User,
> Framed-Protocol = PPP,
> Ascend-Maximum-Call-Duration = 480,
> Ascend-Client-Primary-DNS = 208.133.27.10,
> Ascend-Client-Secondary-DNS = 216.152.26.168,
> Ascend-Client-Assign-DNS = DNS-Assign-Yes,
> Ascend-Shared-Profile-Enable = 0,
> Ascend-Multicast-Client = 1,
> Ascend-Multicast-Rate-Limit = 5,
> CVX-PPP-SendDNS = 1,
> CVX-PPP-DNS1 = 208.133.27.10,
> CVX-PPP-DNS2 = 216.152.26.168,
> CVX-PPP-ConnectLimit = 480,
> CVX-PPP-InactivityLimit = 15,
> CVX-PPP-MonitorRxActivity = 1,
> CVX-PPP-MonitorTxActivity = 1,
> CVX-PPP-CountRIP = 0,
> CVX-PPP-CountPings = 0,
> CVX-PPP-CountIGMP = 0
>
>
> At 07:02 PM 6/13/01 -0500, you wrote:
> >Hi John,
> >
> >Yes, 2.18 added support for Nortel CVX vendor specific attribute. Some of
> >these
> >Nortel VSAs have non-standard format, and 2.18 and up knows how to handle
> >them,
> >and the VSA definitions are also in the dictionary.
> >
> >Cheers.
> >
> >On Jun 13, 5:02pm, Hugh Irvine wrote:
> > > Subject: Re: (RADIATOR) Nortel CVX and VSAs
> > >
> > > Hello John -
> > >
> > > I have copied this mail to Mike as he worked with another of our
> > customers to
> > > implement the CVX attributes and hopefully he can tell you more about
them.
> > >
> > > regards
> > >
> > > Hugh
> > >
> > > On Wednesday 13 June 2001 16:29, John Coy wrote:
> > > > I'm wondering if anybody on the list has a Nortel CVX
> > > > and is using Radiator for authentication? I cannot seem
> > > > to get the vendor specific attributes to work properly
> > > > (I'm using the CVX attributes from the dictionary that ships
> > > > with the 2.18.2 Radiator). I even found that the
> > > > CVX-Ascend-Maximum-Channels attribute will cause the CVX
> > > > to dump core (at least it will make CVX OS v3.6p5 dump dore).
> > > > Very ugly.
> > > >
> > > > I'm not exactly sure how to start troubleshooting -- I am
> > > > curious if I post some radius logs from the CVX (it has a
> > > > VERY handy radius debugging tool) as well as logs from
> > > > Radiator if someone can take a look.
> > > >
> > > > I guess my overall question is: anybody out there have
> > > > a CVX, using Radiator, and also using some VSAs? If
> > > > so, any possibility of talking off-list?
> > > >
> > > > Hugh -- was also curious if you guys had a chance to test
> > > > the CVX VSAs? It's my understanding that these are a relatively
> > > > new feature (found in the 2.18 code?)
> > > >
> > > > Thanks in advance,
> > > >
> > > > John
> > > >
> > > > ===
> > > > Archive at http://www.open.com.au/archives/radiator/
> > > > Announcements on [EMAIL PROTECTED]
> > > > To unsubscribe, email '[EMAIL PROTECTED]' with
> > > > 'unsubscribe radiator' in the body of the message.
> > >
> > > --
> > > Radiator: the most portable, flexible and configurable RADIUS server
> > > anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
> > > -
> > > Nets: internetwork inventory and management - graphical, extensible,
> > > flexible with hardware, software, platform and database independence.
> > >
> > >-- End of excerpt from Hugh Irvine
> >
> >
> >
> >--
> >Mike McCauley [EMAIL PROTECTED]
> >Open System Consultants Pty. Ltd Unix, Perl, Motif, C++, WWW
> >24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au
> >Phone +61 3 9598-0985 Fax +61 3 9598-0955
> >
> >Radiator: the most portable, flexible and configurable RADIUS server
> >anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> >Platypus, Freeside, TACACS+, PAM, external, Active Directory etc etc
> >on Unix, Win95/8, 2000, NT, MacOS 9, MacOS X
>
>
>-- End of excerpt from John Coy
--
Mike McCauley [EMAIL PROTECTED]
Open System Consultants Pty. Ltd Unix, Perl, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au
Phone +61 3 9598-0985 Fax +61 3 9598-0955
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory etc etc
on Unix, Win95/8, 2000, NT, MacOS 9, MacOS X
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
