|
Hello,
I have trouble with setting up authentication with
Cisco VPN3000 and MS-CHAP (v1 or v2).
The authentication works (with the accounting start
packet), but when the user tries any connection to the internal network (a ping
for example), the user is disconnected.
I tried almost everything I found on this
mailing-list with no success....
Note that all is OK when I set internal
authentication on the vpn concentrator.
I use Radiator 3.3.1
Thanks for your help.
Regards,
Romain VERGNIOL -- C E G E D I M --------- �quipe R�seau Tel : +33 (0)1 49 09 84 02 Fax : +33 (0)1 46 03 45 95 user attributes:
fpaczka:
Framed-IP-Address = 172.xxxxxxx
MS-MPPE-Encryption-Policy = Encryption-Allowed
MS-MPPE-Encryption-Types = Encryption-Any
Class = reseaux
radius.cfg :
..............
<AuthBy SQL>
Identifier AUTH_PPTP DBSource dbi:mysql:radius DBUsername xxxxxx DBAuth xxxxxxxxxx
FailureBackoffTime 20
AutoMPPEKeys
AuthSelect select S.PASSWORD, S.CHECKATTR, S.REPLYATTR
\
from SUBSCRIBERS as S, REL_PROFCOM as P \ where S.USERNAME='%n' and S.NASIDENTIFIER='%N' \ and S.PROFCOM=P.ID \ and P.NUM='%{Called-Station-Id}'
AuthColumnDef 0, User-Password,
check
AuthColumnDef 1, GENERIC, check AuthColumnDef 2, GENERIC, reply </AuthBy>
.............
<Handler
Request-Type=Access-Request,User-Name=fpaczka>
RejectHasReason AuthBy AUTH_PPTP AuthLog AUTHLOG
AddToReply Service-Type =
Framed,\
Framed-Protocol = PPP,\ Framed-IP-Netmask = 255.255.255.255,\ Framed-Routing = None,\ Framed-MTU = 1500,\ Framed-Compression = Van-Jacobson-TCP-IP,\ Message-Authenticator = 0000000000000000 </Handler> Trace 4 debug :
Wed Oct 16 11:17:07 2002: DEBUG: Handling request
with Handler 'Request-Type=Access-Request'
Wed Oct 16 11:17:07 2002: DEBUG: Deleting session for fpaczka, 172.xxxxxxxx, 1460 Wed Oct 16 11:17:07 2002: DEBUG: Handling with Radius::AuthRADIUS Wed Oct 16 11:17:07 2002: DEBUG: Packet dump: *** Sending to 172.xxxxxx port 1645 .... Code: Access-Request Identifier: 155 Authentic: <141>J<242><227>x_<248>F<13><<244><25><136>h<185>G Attributes: User-Name = "fpaczka" NAS-Port = 1460 Service-Type = Framed Framed-Protocol = PPP Tunnel-Client-Endpoint = "217.xxxxxxxx" MS-CHAP-Challenge = "<133><148><30><208><164><176>}<157>h<3><187><203><27>.<12><205>" MS-CHAP2-Response = "<2><0><133><144><180><208>+<8>x<21><223><132><162><170>_8N{<0><0><0><0><0><0><0><0><207><15><31><2>*<168>o<225>~<253><25><255>o<173><192>s<201>d<231><198><191> w<157>" NAS-IP-Address = 172.xxxxx NAS-Port-Type = Virtual ..........................
Wed Oct 16 11:17:07 2002: DEBUG: Access accepted
for fpaczka
Wed Oct 16 11:17:07 2002: DEBUG: Packet dump: *** Sending to 172.27.64.6 port 1052 .... Code: Access-Accept Identifier: 191 Authentic: <141>J<242><227>x_<248>F<13><<244><25><136>h<185>G Attributes: MS-CHAP2-Success = "<2>S=AB6A1D5C04B5C3A0B0353F49597545C97401CEE3" MS-MPPE-Send-Key = "<178>H<169><153>;i'^Z<135>g<206><178>v;r<234><12><180><0>TY<189>?<249>r<6>P[4<160><225>$<250>" MS-MPPE-Recv-Key = "<198>.<168><213><207><253><233><172>8<189><254>22<141>u<7><162>46<151>>&<18><216><132><196><245><136><179><236><157>U<184><8>" Framed-IP-Address = 172.xxxxxxxx MS-MPPE-Encryption-Policy =
Encryption-Allowed
MS-MPPE-Encryption-Types = Encryption-Any Class = "reseaux" Framed-MTU = 1000 Service-Type = Framed Framed-Protocol = PPP Framed-IP-Netmask = 255.255.255.255 Framed-Routing = None Framed-MTU = 1500 Framed-Compression = Van-Jacobson-TCP-IP Message-Authenticator = p!4,D<184><8><28><233><132><229>><136>Ul<172> User-Name = "fpaczka" ..............
Wed Oct 16 11:17:15 2002: DEBUG: Handling request
with Handler 'Request-Type=Accounting-Request'
Wed Oct 16 11:17:15 2002: DEBUG: Adding session for fpaczka, 172.xxxxxxx, 1460 Wed Oct 16 11:17:15 2002: DEBUG: Handling with Radius::AuthRADIUS Wed Oct 16 11:17:15 2002: DEBUG: Packet dump: *** Sending to 172.xxxxxxxx port 1646 .... Code: Accounting-Request Identifier: 35 Authentic: <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0> Attributes: User-Name = "fpaczka" NAS-Port = 1460 Service-Type = Framed Framed-Protocol = PPP Framed-IP-Address = 172.xxxxxxx Class = "reseaux" Acct-Status-Type = Start Acct-Session-Id = "2E70011C" Tunnel-Client-Endpoint = "217.xxxxxxx" Acct-Authentic = RADIUS Acct-Delay-Time = 0 NAS-IP-Address = 172.xxxxxxx NAS-Port-Type = Virtual Timestamp = 1034759835 Wed Oct 16 11:17:15 2002: DEBUG: Accounting
accepted
Wed Oct 16 11:17:15 2002: DEBUG: Packet dump: *** Sending to 172xxxxxxx port 1058 .... Code: Accounting-Response Identifier: 55 Authentic: <12>hTN<164>b<211><215><235>a<3><223><192>?yZ Attributes: ...........................
Wed Oct 16 11:17:37 2002: DEBUG: Handling request
with Handler 'Request-Type=Accounting-Request'
Wed Oct 16 11:17:37 2002: DEBUG: Deleting session for fpaczka, 172.xxxxxxx, 1460 Wed Oct 16 11:17:37 2002: DEBUG: Handling with Radius::AuthRADIUS Wed Oct 16 11:17:37 2002: DEBUG: Packet dump: *** Sending to 172.xxxxxxx port 1646 .... Code: Accounting-Request Identifier: 56 Authentic: <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0> Attributes: User-Name = "fpaczka" NAS-Port = 1460 Service-Type = Framed Framed-Protocol = PPP Framed-IP-Address = 172.xxxxxxx Class = "reseaux" Acct-Status-Type = Stop Acct-Input-Octets = 1016 Acct-Output-Octets = 9585 Acct-Session-Id = "2E70011C" Acct-Session-Time = 21 Acct-Input-Packets = 8 Acct-Output-Packets = 8 Acct-Terminate-Cause = User-Request Tunnel-Client-Endpoint = "217.xxxxxxx" Acct-Authentic = RADIUS Acct-Delay-Time = 0 NAS-IP-Address = 172.xxxxxxx NAS-Port-Type = Virtual Timestamp = 1034759857 ...............................
Wed Oct 16 11:17:37 2002: DEBUG: Accounting
accepted
Wed Oct 16 11:17:37 2002: DEBUG: Packet dump: *** Sending to 172.xxxxxx port 1058 .... Code: Accounting-Response Identifier: 56 Authentic: <213><133><15><202><156><251><26><226><192><149><18><253><233><246><163>j Attributes: |
