Hello Mary -
You may have a problem with the reply attributes you are sending
back in the access accept. You will have to check with your provider
to ascertain what attributes are in fact required to successfully
start a session. I also seem to remember some discussion about MegaPOP
on the list some time ago, so you should check the archive site and do
a search (www.open.com.au/archives/radiator).
In answer to your questions below, you should be using the
standard dictionary to begin with and add or delete whatever is
required using your favourite text editor. The standard dictionary is
a compendium of most of the others and should work in the majority of
cases.
The "Deleting session ..." message is from the session
management code in Radiator that does an initial delete from the
session database when an access request is received. This is because
we may have missed a stop record and there may be a stale entry which
needs to be cleaned up.
If you have any further questions, please don't hesitate to
ask.
regards
Hugh
btw - we tend to be in different time zones to you, so response
times will vary
At 13:22 -0500 01/11/8, radiator wrote:
You will probably think this is almost an FAQ issue, but I can't find an FAQ entry for authenticating through a US nationwide dialup provider like the Broadwing/MegaPOP proxy system using realms. Please, if anyone can offer us a reason/solution for why users are getting rejected by the Broadwing proxy server after apparently Radiator sends an Access-Accept packet, we would deeply appreciate it! :-) A Macintosh user using the latest Powerbook G4 says his connection is rejected by the remote server after speed is negotiated and PPP starts.
The Level 4 debug is appended below, followed by our radius.cfg
This is an Active State PERL on WinNT4.0 installation, and of course it passed all its startup testing using the Radiator tools. I don't understand what the "Deleting session..." entry is in the debug output, or where it comes from since it comes before the Access-Accept packet is logged as sent.
We tried both the default dictionary and the ascend dictionary - no change.
Thanks! - Mary Grace
*****************************************************************
*** Received from 216.143.197.130 port 34691 ....
Code: Access-Request
Identifier: 1
Authentic: o<178><180>SOP<224>e<249><206>64<18><13>E?
Attributes:
User-Name = "[EMAIL PROTECTED]"
User-Password = "y<3><7><7><215>M<172>*<3>R<246><201>=<30><239>W"
NAS-Identifier = "216.140.14.60"
NAS-Port = 17694981
Service-Type = Framed-User
Framed-Protocol = PPP
Client-Port-DNIS = "xxxxxxxxxx"
Caller-Id = "xxxxxxxxxx"
NAS-Port-Type = Async
Ascend-Data-Rate = 26400
Ascend-PreSession-Time = 27
Ascend-Xmit-Rate = 50667
Thu Nov 8 12:51:57 2001: DEBUG: Handling request with Handler 'Realm=xxxx.net'
Thu Nov 8 12:51:57 2001: DEBUG: Rewrote user name to [EMAIL PROTECTED]
Thu Nov 8 12:51:57 2001: DEBUG: Deleting session for [EMAIL PROTECTED], 216.140.14.60, 17694981
Thu Nov 8 12:51:57 2001: DEBUG: Handling with Radius::AuthFILE:
Thu Nov 8 12:51:57 2001: DEBUG: Radius::AuthFILE looks for match with [EMAIL PROTECTED]
Thu Nov 8 12:51:57 2001: ERR: Attribute number 79 is not defined in your dictionary
Thu Nov 8 12:51:57 2001: DEBUG: Radius::AuthFILE ACCEPT:
Thu Nov 8 12:51:57 2001: DEBUG: Access accepted for [EMAIL PROTECTED]
Thu Nov 8 12:51:57 2001: DEBUG: Packet dump:
*** Sending to 216.143.197.130 port 34691 ....
Code: Access-Accept
Identifier: 1
Authentic: o<178><180>SOP<224>e<249><206>64<18><13>E?
Attributes:
Service-Type = Framed-User
Framed-Protocol = PPP
************************************************
Foreground
LogStdout
Trace 5
PidFile D:\raddb\radiusd.pid
AuthPort 1645
AcctPort 1646
LogDir D:\radlogs
DbDir D:\raddb
LogFile %L/logfile.log
DictionaryFile %D/dictionary.ascend
<Client 216.143.197.2>
Secret xxx
</Client>
<Client 216.143.198.2>
Secret xxx
</Client>
<Client 216.143.197.130>
Secret xxx
</Client>
<Client 216.143.193.146>
Secret xxx
</Client>
<Client 216.143.242.162>
Secret xxx
</Client>
<Realm xxxx.net>
RewriteUsername tr/[A-Z]/[a-z]/
MaxSessions 5
AcctLogFileName %L/detail.log
PasswordLogFileName %L/password.log
<AuthBy FILE>
Filename D:\raddb\users.wri
DefaultSimultaneousUse 2
RejectEmptyPassword
</AuthBy>
</Realm>
<Log FILE>
Filename %L/backuplog.log
Trace 4
</Log>
--
NB: I am travelling this week, so there may be delays in our correspondence.
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc.
Available on Unix, Linux,
FreeBSD, Windows 95/98/2000, NT, MacOS X.
