Hello Nico -
Thanks for sending the debug information.
It looks to me like the NAS is retrying the access requests because you are not sending back any reply attributes in the Access-Accept's. You should add at least the following to your AuthBy FILE clause:
<AuthBy FILE>
....
AddToReply Service-Type = Framed-User, \
Framed-Protocol = PPP
....
<AuthBy>regards
Hugh
On Sunday, Feb 23, 2003, at 21:18 Australia/Melbourne, Nico de Groot wrote:
Hello Hugh,
Below the info you asked for. I'll try sniffing later. I have to locate a
new sniffing program (old one on the crashed disk, sniff ).
Thanks, Nico
--action ----- Local request, localhost to localhost: one request one answer. External request, relayed by radius1(41) or radius2.uu.nl(40) to radius1.ktu.nl alternating
o two or four requests from radius2 on 1840 with each time one positive
reply by us
o one sometimes three requests from radius1 each positive replied by us
exact structure: (40)*3,41,40,41,41.,4040,41,(40)*4,41,41,41... see trace 4 below
--config-file----- Trace 4
# The name of the file where the radiusd PID will be # written after startup PidFile ./radiusd.pid # AuthPort specifies the port to list on for authentication requests AuthPort 1645 # AcctPort specifies the port to list on for accounting requests AcctPort 1646 # LogDir is the directory where logfiles are put LogDir ./log # DbDir is the directory where database and config are put DbDir ./db # LogFile is the name of the log file. LogFile %L/logfile # DictionaryFile is the name of the Radius dictionary file DictionaryFile %D/dictionary # <Client hostname> is used to define each radius client to which # we will respond. Requests received from clients that arent named by # Client clauses in this file here will be ignored # radius1.surf.nl=radius1.studentennet.nl # radius2.surf.nl=radius2.studentennet.nl <Client DEFAULT> Secret een.geheimpje!! DupInterval 0 IgnoreAcctSignature </Client> <Client radius1.uu.nl> Secret *** IgnoreAcctSignature DupInterval 2 </Client> <Client radius2.uu.nl> Secret *** IgnoreAcctSignature DupInterval 2 </Client> <Client radius1.surf.nl> Secret *** IgnoreAcctSignature </Client> # voor lokaal testen met radpwst <Client localhost> Secret alles.is.ijdelheid! DupInterval 0 IgnoreAcctSignature </Client> <Client kt183.ktu.nl> Secret mysecret DupInterval 0 IgnoreAcctSignature </Client>
<Realm ktu.nl> RewriteUsername s/^([EMAIL PROTECTED]).*/$1/ MaxSessions 9999 AcctLogFileName %L/ktu.detail WtmpFileName %L/ktu.wtmp # PasswordLogFileName %L/ktu.passwd <AuthBy FILE> Filename %D/ktu.users </AuthBy> </Realm>
<Realm DEFAULT> RewriteUsername s/^([EMAIL PROTECTED]).*/$1/ MaxSessions 9999 AcctLogFileName %L/detail WtmpFileName %L/wtmp <AuthBy FILE> Filename %D/ktu.users </AuthBy> </Realm> <AuthBy NT> Identifier NT-Theologie Domain THEOLOGIE DomainController \\DIENAAR01 IgnorePasswordChange </AuthBy> <AuthBy NT> Identifier NT-Studenten Domain STUDENTEN DomainController \\BONIFATIUS IgnorePasswordChange </AuthBy>
--trace 4 ----- # first one succesfull communication one request one (correct)denial (localhost) # rest loops (approximate 20 times until requesting remote acces client times out) Sat Feb 22 19:04:03 2003: DEBUG: Packet dump: *** Received from 131.211.69.246 port 3144 .... Code: Access-Request Identifier: 228 Authentic: 1234567890123456 Attributes: User-Name = "[EMAIL PROTECTED]" Service-Type = Framed-User NAS-IP-Address = 203.63.154.1 NAS-Port = 1234 Called-Station-Id = "123456789" Calling-Station-Id = "302533568" NAS-Port-Type = Async User-Password = "8<4>B<209>^<167>w._<144>2ZS<11><172><191>"
Sat Feb 22 19:04:03 2003: DEBUG: Handling request with Handler
'Realm=ktu.nl'
Sat Feb 22 19:04:03 2003: DEBUG: Rewrote user name to test
Sat Feb 22 19:04:03 2003: DEBUG: Deleting session for [EMAIL PROTECTED],
203.63.154.1, 1234
Sat Feb 22 19:04:03 2003: DEBUG: Handling with Radius::AuthFILE:
Sat Feb 22 19:04:03 2003: DEBUG: Radius::AuthFILE looks for match with test
Sat Feb 22 19:04:03 2003: WARNING: Could not find Identifier for Auth-Type
'NT-Studenten'
Sat Feb 22 19:04:03 2003: DEBUG: Radius::AuthFILE REJECT: Could not find
Identifier for Auth-Type 'NT-Studenten'
Sat Feb 22 19:04:03 2003: INFO: Access rejected for test: Could not find
Identifier for Auth-Type 'NT-Studenten'
Sat Feb 22 19:04:03 2003: DEBUG: Packet dump:
*** Sending to 131.211.69.246 port 3144 ....
Code: Access-Reject
Identifier: 228
Authentic: 1234567890123456
Attributes:
Reply-Message = "Request Denied"
Sat Feb 22 19:11:26 2003: DEBUG: Packet dump:
*** Received from 131.211.16.40 port 1840 ....
Code: Access-Request
Identifier: 145
Authentic: <216>|<239><162>L<136>W<5>@<139>bc<155><16><170><183>
Attributes:
Framed-Protocol = PPP
User-Name = "[EMAIL PROTECTED]"
User-Password = "<157>.<234>.<192><228><1><233><143>+2<3><151><166>4<26>"
NAS-Port-Type = Async
Calling-Station-Id = "207798110"
Called-Station-Id = "877880070"
Service-Type = Framed-User
NAS-IP-Address = 195.169.131.8
Sat Feb 22 19:11:26 2003: DEBUG: Handling request with Handler 'Realm=ktu.nl' Sat Feb 22 19:11:26 2003: DEBUG: Rewrote user name to ndegroot Sat Feb 22 19:11:26 2003: DEBUG: Deleting session for [EMAIL PROTECTED], 195.169.131.8, Sat Feb 22 19:11:26 2003: DEBUG: Handling with Radius::AuthFILE: Sat Feb 22 19:11:26 2003: DEBUG: Radius::AuthFILE looks for match with ndegroot Sat Feb 22 19:11:26 2003: DEBUG: Handling with NT Sat Feb 22 19:11:26 2003: DEBUG: Radius::AuthFILE ACCEPT: Sat Feb 22 19:11:26 2003: DEBUG: Access accepted for ndegroot Sat Feb 22 19:11:26 2003: DEBUG: Packet dump: *** Sending to 131.211.16.40 port 1840 .... Code: Access-Accept Identifier: 145 Authentic: <216>|<239><162>L<136>W<5>@<139>bc<155><16><170><183> Attributes:
Sat Feb 22 19:11:29 2003: DEBUG: Packet dump:
*** Received from 131.211.16.40 port 1840 ....
Code: Access-Request
Identifier: 146
Authentic: <216>|<239><162>L<136>W<5>@<139>bc<155><16><170><183>
Attributes:
Framed-Protocol = PPP
User-Name = "[EMAIL PROTECTED]"
User-Password = "<157>.<234>.<192><228><1><233><143>+2<3><151><166>4<26>"
NAS-Port-Type = Async
Calling-Station-Id = "207798110"
Called-Station-Id = "877880070"
Service-Type = Framed-User
NAS-IP-Address = 195.169.131.8
Sat Feb 22 19:11:29 2003: DEBUG: Handling request with Handler 'Realm=ktu.nl' Sat Feb 22 19:11:29 2003: DEBUG: Rewrote user name to ndegroot Sat Feb 22 19:11:29 2003: DEBUG: Deleting session for [EMAIL PROTECTED], 195.169.131.8, Sat Feb 22 19:11:29 2003: DEBUG: Handling with Radius::AuthFILE: Sat Feb 22 19:11:29 2003: DEBUG: Radius::AuthFILE looks for match with ndegroot Sat Feb 22 19:11:29 2003: DEBUG: Handling with NT Sat Feb 22 19:11:29 2003: DEBUG: Radius::AuthFILE ACCEPT: Sat Feb 22 19:11:29 2003: DEBUG: Access accepted for ndegroot Sat Feb 22 19:11:29 2003: DEBUG: Packet dump: *** Sending to 131.211.16.40 port 1840 .... Code: Access-Accept Identifier: 146 Authentic: <216>|<239><162>L<136>W<5>@<139>bc<155><16><170><183> Attributes:
Sat Feb 22 19:11:31 2003: DEBUG: Packet dump:
*** Received from 131.211.16.40 port 1840 ....
Code: Access-Request
Identifier: 145
Authentic: <216>|<239><162>L<136>W<5>@<139>bc<155><16><170><183>
Attributes:
Framed-Protocol = PPP
User-Name = "[EMAIL PROTECTED]"
User-Password = "<157>.<234>.<192><228><1><233><143>+2<3><151><166>4<26>"
NAS-Port-Type = Async
Calling-Station-Id = "207798110"
Called-Station-Id = "877880070"
Service-Type = Framed-User
NAS-IP-Address = 195.169.131.8
Sat Feb 22 19:11:31 2003: DEBUG: Handling request with Handler 'Realm=ktu.nl' Sat Feb 22 19:11:31 2003: DEBUG: Rewrote user name to ndegroot Sat Feb 22 19:11:31 2003: DEBUG: Deleting session for [EMAIL PROTECTED], 195.169.131.8, Sat Feb 22 19:11:31 2003: DEBUG: Handling with Radius::AuthFILE: Sat Feb 22 19:11:31 2003: DEBUG: Radius::AuthFILE looks for match with ndegroot Sat Feb 22 19:11:31 2003: DEBUG: Handling with NT Sat Feb 22 19:11:31 2003: DEBUG: Radius::AuthFILE ACCEPT: Sat Feb 22 19:11:31 2003: DEBUG: Access accepted for ndegroot Sat Feb 22 19:11:31 2003: DEBUG: Packet dump: *** Sending to 131.211.16.40 port 1840 .... Code: Access-Accept Identifier: 145 Authentic: <216>|<239><162>L<136>W<5>@<139>bc<155><16><170><183> Attributes:
Sat Feb 22 19:11:32 2003: DEBUG: Packet dump:
*** Received from 131.211.16.41 port 49278 ....
Code: Access-Request
Identifier: 145
Authentic: <216>|<239><162>L<136>W<5>@<139>bc<155><16><170><183>
Attributes:
Framed-Protocol = PPP
User-Name = "[EMAIL PROTECTED]"
User-Password = "<157>.<234>.<192><228><1><233><143>+2<3><151><166>4<26>"
NAS-Port-Type = Async
Calling-Station-Id = "207798110"
Called-Station-Id = "877880070"
Service-Type = Framed-User
NAS-IP-Address = 195.169.131.8
Sat Feb 22 19:11:32 2003: DEBUG: Handling request with Handler 'Realm=ktu.nl' Sat Feb 22 19:11:32 2003: DEBUG: Rewrote user name to ndegroot Sat Feb 22 19:11:32 2003: DEBUG: Deleting session for [EMAIL PROTECTED], 195.169.131.8, Sat Feb 22 19:11:32 2003: DEBUG: Handling with Radius::AuthFILE: Sat Feb 22 19:11:32 2003: DEBUG: Radius::AuthFILE looks for match with ndegroot Sat Feb 22 19:11:32 2003: DEBUG: Handling with NT Sat Feb 22 19:11:33 2003: DEBUG: Radius::AuthFILE ACCEPT: Sat Feb 22 19:11:33 2003: DEBUG: Access accepted for ndegroot Sat Feb 22 19:11:33 2003: DEBUG: Packet dump: *** Sending to 131.211.16.41 port 49278 .... Code: Access-Accept Identifier: 145 Authentic: <216>|<239><162>L<136>W<5>@<139>bc<155><16><170><183> Attributes:
Sat Feb 22 19:11:34 2003: DEBUG: Packet dump:
*** Received from 131.211.16.40 port 1840 ....
Code: Access-Request
Identifier: 146
Authentic: <216>|<239><162>L<136>W<5>@<139>bc<155><16><170><183>
Attributes:
Framed-Protocol = PPP
User-Name = "[EMAIL PROTECTED]"
User-Password = "<157>.<234>.<192><228><1><233><143>+2<3><151><166>4<26>"
NAS-Port-Type = Async
Calling-Station-Id = "207798110"
Called-Station-Id = "877880070"
Service-Type = Framed-User
NAS-IP-Address = 195.169.131.8
Sat Feb 22 19:11:34 2003: DEBUG: Handling request with Handler 'Realm=ktu.nl' Sat Feb 22 19:11:34 2003: DEBUG: Rewrote user name to ndegroot Sat Feb 22 19:11:34 2003: DEBUG: Deleting session for [EMAIL PROTECTED], 195.169.131.8, Sat Feb 22 19:11:34 2003: DEBUG: Handling with Radius::AuthFILE: Sat Feb 22 19:11:34 2003: DEBUG: Radius::AuthFILE looks for match with ndegroot Sat Feb 22 19:11:34 2003: DEBUG: Handling with NT Sat Feb 22 19:11:34 2003: DEBUG: Radius::AuthFILE ACCEPT: Sat Feb 22 19:11:34 2003: DEBUG: Access accepted for ndegroot Sat Feb 22 19:11:34 2003: DEBUG: Packet dump: *** Sending to 131.211.16.40 port 1840 .... Code: Access-Accept Identifier: 146 Authentic: <216>|<239><162>L<136>W<5>@<139>bc<155><16><170><183> Attributes:
Sat Feb 22 19:11:35 2003: DEBUG: Packet dump:
*** Received from 131.211.16.41 port 49278 ....
Code: Access-Request
Identifier: 146
Authentic: <216>|<239><162>L<136>W<5>@<139>bc<155><16><170><183>
Attributes:
Framed-Protocol = PPP
User-Name = "[EMAIL PROTECTED]"
User-Password = "<157>.<234>.<192><228><1><233><143>+2<3><151><166>4<26>"
NAS-Port-Type = Async
Calling-Station-Id = "207798110"
Called-Station-Id = "877880070"
Service-Type = Framed-User
NAS-IP-Address = 195.169.131.8
Sat Feb 22 19:11:35 2003: DEBUG: Handling request with Handler 'Realm=ktu.nl' Sat Feb 22 19:11:35 2003: DEBUG: Rewrote user name to ndegroot Sat Feb 22 19:11:35 2003: DEBUG: Deleting session for [EMAIL PROTECTED], 195.169.131.8, Sat Feb 22 19:11:35 2003: DEBUG: Handling with Radius::AuthFILE: Sat Feb 22 19:11:35 2003: DEBUG: Radius::AuthFILE looks for match with ndegroot Sat Feb 22 19:11:35 2003: DEBUG: Handling with NT Sat Feb 22 19:11:36 2003: DEBUG: Radius::AuthFILE ACCEPT: Sat Feb 22 19:11:36 2003: DEBUG: Access accepted for ndegroot Sat Feb 22 19:11:36 2003: DEBUG: Packet dump: *** Sending to 131.211.16.41 port 49278 .... Code: Access-Accept Identifier: 146 Authentic: <216>|<239><162>L<136>W<5>@<139>bc<155><16><170><183> Attributes:
Sat Feb 22 19:11:36 2003: DEBUG: Packet dump:
*** Received from 131.211.16.40 port 1840 ....
Code: Access-Request
Identifier: 145
Authentic: <216>|<239><162>L<136>W<5>@<139>bc<155><16><170><183>
Attributes:
Framed-Protocol = PPP
User-Name = "[EMAIL PROTECTED]"
User-Password = "<157>.<234>.<192><228><1><233><143>+2<3><151><166>4<26>"
NAS-Port-Type = Async
Calling-Station-Id = "207798110"
Called-Station-Id = "877880070"
Service-Type = Framed-User
NAS-IP-Address = 195.169.131.8
Sat Feb 22 19:11:36 2003: DEBUG: Handling request with Handler 'Realm=ktu.nl' Sat Feb 22 19:11:36 2003: DEBUG: Rewrote user name to ndegroot Sat Feb 22 19:11:36 2003: DEBUG: Deleting session for [EMAIL PROTECTED], 195.169.131.8, Sat Feb 22 19:11:36 2003: DEBUG: Handling with Radius::AuthFILE: Sat Feb 22 19:11:36 2003: DEBUG: Radius::AuthFILE looks for match with ndegroot Sat Feb 22 19:11:36 2003: DEBUG: Handling with NT Sat Feb 22 19:11:36 2003: DEBUG: Radius::AuthFILE ACCEPT: Sat Feb 22 19:11:36 2003: DEBUG: Access accepted for ndegroot Sat Feb 22 19:11:36 2003: DEBUG: Packet dump: *** Sending to 131.211.16.40 port 1840 .... Code: Access-Accept Identifier: 145 Authentic: <216>|<239><162>L<136>W<5>@<139>bc<155><16><170><183> Attributes:
Sat Feb 22 19:11:36 2003: DEBUG: Packet dump:
*** Received from 131.211.16.40 port 1840 ....
Code: Access-Request
Identifier: 147
Authentic: <216>|<239><162>L<136>W<5>@<139>bc<155><16><170><183>
Attributes:
Framed-Protocol = PPP
User-Name = "[EMAIL PROTECTED]"
User-Password = "<157>.<234>.<192><228><1><233><143>+2<3><151><166>4<26>"
NAS-Port-Type = Async
Calling-Station-Id = "207798110"
Called-Station-Id = "877880070"
Service-Type = Framed-User
NAS-IP-Address = 195.169.131.8
Sat Feb 22 19:11:36 2003: DEBUG: Handling request with Handler 'Realm=ktu.nl' Sat Feb 22 19:11:36 2003: DEBUG: Rewrote user name to ndegroot Sat Feb 22 19:11:36 2003: DEBUG: Deleting session for [EMAIL PROTECTED], 195.169.131.8, Sat Feb 22 19:11:36 2003: DEBUG: Handling with Radius::AuthFILE: Sat Feb 22 19:11:36 2003: DEBUG: Radius::AuthFILE looks for match with ndegroot Sat Feb 22 19:11:36 2003: DEBUG: Handling with NT Sat Feb 22 19:11:36 2003: DEBUG: Radius::AuthFILE ACCEPT: Sat Feb 22 19:11:36 2003: DEBUG: Access accepted for ndegroot Sat Feb 22 19:11:36 2003: DEBUG: Packet dump: *** Sending to 131.211.16.40 port 1840 .... Code: Access-Accept Identifier: 147 Authentic: <216>|<239><162>L<136>W<5>@<139>bc<155><16><170><183> Attributes:
Sat Feb 22 19:11:38 2003: DEBUG: Packet dump:
*** Received from 131.211.16.41 port 49278 ....
Code: Access-Request
Identifier: 145
Authentic: <216>|<239><162>L<136>W<5>@<139>bc<155><16><170><183>
Attributes:
Framed-Protocol = PPP
User-Name = "[EMAIL PROTECTED]"
User-Password = "<157>.<234>.<192><228><1><233><143>+2<3><151><166>4<26>"
NAS-Port-Type = Async
Calling-Station-Id = "207798110"
Called-Station-Id = "877880070"
Service-Type = Framed-User
NAS-IP-Address = 195.169.131.8
Sat Feb 22 19:11:38 2003: DEBUG: Handling request with Handler 'Realm=ktu.nl' Sat Feb 22 19:11:38 2003: DEBUG: Rewrote user name to ndegroot Sat Feb 22 19:11:38 2003: DEBUG: Deleting session for [EMAIL PROTECTED], 195.169.131.8, Sat Feb 22 19:11:38 2003: DEBUG: Handling with Radius::AuthFILE: Sat Feb 22 19:11:38 2003: DEBUG: Radius::AuthFILE looks for match with ndegroot Sat Feb 22 19:11:38 2003: DEBUG: Handling with NT Sat Feb 22 19:11:38 2003: DEBUG: Radius::AuthFILE ACCEPT: Sat Feb 22 19:11:38 2003: DEBUG: Access accepted for ndegroot Sat Feb 22 19:11:38 2003: DEBUG: Packet dump: *** Sending to 131.211.16.41 port 49278 .... Code: Access-Accept Identifier: 145 Authentic: <216>|<239><162>L<136>W<5>@<139>bc<155><16><170><183> Attributes:
Sat Feb 22 19:11:38 2003: DEBUG: Packet dump:
*** Received from 131.211.16.40 port 1840 ....
Code: Access-Request
Identifier: 146
Authentic: <216>|<239><162>L<136>W<5>@<139>bc<155><16><170><183>
Attributes:
Framed-Protocol = PPP
User-Name = "[EMAIL PROTECTED]"
User-Password = "<157>.<234>.<192><228><1><233><143>+2<3><151><166>4<26>"
NAS-Port-Type = Async
Calling-Station-Id = "207798110"
Called-Station-Id = "877880070"
Service-Type = Framed-User
NAS-IP-Address = 195.169.131.8
Sat Feb 22 19:11:38 2003: DEBUG: Handling request with Handler 'Realm=ktu.nl' Sat Feb 22 19:11:38 2003: DEBUG: Rewrote user name to ndegroot Sat Feb 22 19:11:38 2003: DEBUG: Deleting session for [EMAIL PROTECTED], 195.169.131.8, Sat Feb 22 19:11:38 2003: DEBUG: Handling with Radius::AuthFILE: Sat Feb 22 19:11:38 2003: DEBUG: Radius::AuthFILE looks for match with ndegroot Sat Feb 22 19:11:38 2003: DEBUG: Handling with NT Sat Feb 22 19:11:39 2003: DEBUG: Radius::AuthFILE ACCEPT: Sat Feb 22 19:11:39 2003: DEBUG: Access accepted for ndegroot Sat Feb 22 19:11:39 2003: DEBUG: Packet dump: *** Sending to 131.211.16.40 port 1840 .... Code: Access-Accept Identifier: 146 Authentic: <216>|<239><162>L<136>W<5>@<139>bc<155><16><170><183> Attributes:
Sat Feb 22 19:11:39 2003: DEBUG: Packet dump:
*** Received from 131.211.16.40 port 1840 ....
Code: Access-Request
Identifier: 148
Authentic: <216>|<239><162>L<136>W<5>@<139>bc<155><16><170><183>
Attributes:
Framed-Protocol = PPP
User-Name = "[EMAIL PROTECTED]"
User-Password = "<157>.<234>.<192><228><1><233><143>+2<3><151><166>4<26>"
NAS-Port-Type = Async
Calling-Station-Id = "207798110"
Called-Station-Id = "877880070"
Service-Type = Framed-User
NAS-IP-Address = 195.169.131.8
Sat Feb 22 19:11:39 2003: DEBUG: Handling request with Handler 'Realm=ktu.nl' Sat Feb 22 19:11:39 2003: DEBUG: Rewrote user name to ndegroot Sat Feb 22 19:11:39 2003: DEBUG: Deleting session for [EMAIL PROTECTED], 195.169.131.8, Sat Feb 22 19:11:39 2003: DEBUG: Handling with Radius::AuthFILE: Sat Feb 22 19:11:39 2003: DEBUG: Radius::AuthFILE looks for match with ndegroot Sat Feb 22 19:11:39 2003: DEBUG: Handling with NT Sat Feb 22 19:11:39 2003: DEBUG: Radius::AuthFILE ACCEPT: Sat Feb 22 19:11:39 2003: DEBUG: Access accepted for ndegroot Sat Feb 22 19:11:39 2003: DEBUG: Packet dump: *** Sending to 131.211.16.40 port 1840 .... Code: Access-Accept Identifier: 148 Authentic: <216>|<239><162>L<136>W<5>@<139>bc<155><16><170><183> Attributes:
Sat Feb 22 19:11:40 2003: DEBUG: Packet dump:
*** Received from 131.211.16.40 port 1840 ....
Code: Access-Request
Identifier: 145
Authentic: <216>|<239><162>L<136>W<5>@<139>bc<155><16><170><183>
Attributes:
Framed-Protocol = PPP
User-Name = "[EMAIL PROTECTED]"
User-Password = "<157>.<234>.<192><228><1><233><143>+2<3><151><166>4<26>"
NAS-Port-Type = Async
Calling-Station-Id = "207798110"
Called-Station-Id = "877880070"
Service-Type = Framed-User
NAS-IP-Address = 195.169.131.8
Sat Feb 22 19:11:40 2003: DEBUG: Handling request with Handler 'Realm=ktu.nl' Sat Feb 22 19:11:40 2003: DEBUG: Rewrote user name to ndegroot Sat Feb 22 19:11:40 2003: DEBUG: Deleting session for [EMAIL PROTECTED], 195.169.131.8, Sat Feb 22 19:11:40 2003: DEBUG: Handling with Radius::AuthFILE: Sat Feb 22 19:11:40 2003: DEBUG: Radius::AuthFILE looks for match with ndegroot Sat Feb 22 19:11:40 2003: DEBUG: Handling with NT Sat Feb 22 19:11:41 2003: DEBUG: Radius::AuthFILE ACCEPT: Sat Feb 22 19:11:41 2003: DEBUG: Access accepted for ndegroot Sat Feb 22 19:11:41 2003: DEBUG: Packet dump: *** Sending to 131.211.16.40 port 1840 .... Code: Access-Accept Identifier: 145 Authentic: <216>|<239><162>L<136>W<5>@<139>bc<155><16><170><183> Attributes:
Sat Feb 22 19:11:41 2003: DEBUG: Packet dump:
*** Received from 131.211.16.40 port 1840 ....
Code: Access-Request
Identifier: 147
Authentic: <216>|<239><162>L<136>W<5>@<139>bc<155><16><170><183>
Attributes:
Framed-Protocol = PPP
User-Name = "[EMAIL PROTECTED]"
User-Password = "<157>.<234>.<192><228><1><233><143>+2<3><151><166>4<26>"
NAS-Port-Type = Async
Calling-Station-Id = "207798110"
Called-Station-Id = "877880070"
Service-Type = Framed-User
NAS-IP-Address = 195.169.131.8
Sat Feb 22 19:11:41 2003: DEBUG: Handling request with Handler 'Realm=ktu.nl' Sat Feb 22 19:11:41 2003: DEBUG: Rewrote user name to ndegroot Sat Feb 22 19:11:41 2003: DEBUG: Deleting session for [EMAIL PROTECTED], 195.169.131.8, Sat Feb 22 19:11:41 2003: DEBUG: Handling with Radius::AuthFILE: Sat Feb 22 19:11:41 2003: DEBUG: Radius::AuthFILE looks for match with ndegroot Sat Feb 22 19:11:41 2003: DEBUG: Handling with NT Sat Feb 22 19:11:41 2003: DEBUG: Radius::AuthFILE ACCEPT: Sat Feb 22 19:11:41 2003: DEBUG: Access accepted for ndegroot Sat Feb 22 19:11:41 2003: DEBUG: Packet dump: *** Sending to 131.211.16.40 port 1840 .... Code: Access-Accept Identifier: 147 Authentic: <216>|<239><162>L<136>W<5>@<139>bc<155><16><170><183> Attributes:
Sat Feb 22 19:11:41 2003: DEBUG: Packet dump:
*** Received from 131.211.16.41 port 49278 ....
Code: Access-Request
Identifier: 146
Authentic: <216>|<239><162>L<136>W<5>@<139>bc<155><16><170><183>
Attributes:
Framed-Protocol = PPP
User-Name = "[EMAIL PROTECTED]"
User-Password = "<157>.<234>.<192><228><1><233><143>+2<3><151><166>4<26>"
NAS-Port-Type = Async
Calling-Station-Id = "207798110"
Called-Station-Id = "877880070"
Service-Type = Framed-User
NAS-IP-Address = 195.169.131.8
Sat Feb 22 19:11:41 2003: DEBUG: Handling request with Handler 'Realm=ktu.nl' Sat Feb 22 19:11:41 2003: DEBUG: Rewrote user name to ndegroot Sat Feb 22 19:11:41 2003: DEBUG: Deleting session for [EMAIL PROTECTED], 195.169.131.8, Sat Feb 22 19:11:41 2003: DEBUG: Handling with Radius::AuthFILE: Sat Feb 22 19:11:41 2003: DEBUG: Radius::AuthFILE looks for match with ndegroot Sat Feb 22 19:11:41 2003: DEBUG: Handling with NT Sat Feb 22 19:11:41 2003: DEBUG: Radius::AuthFILE ACCEPT: Sat Feb 22 19:11:41 2003: DEBUG: Access accepted for ndegroot Sat Feb 22 19:11:41 2003: DEBUG: Packet dump: *** Sending to 131.211.16.41 port 49278 .... Code: Access-Accept Identifier: 146 Authentic: <216>|<239><162>L<136>W<5>@<139>bc<155><16><170><183> Attributes:
Sat Feb 22 19:11:42 2003: DEBUG: Packet dump:
*** Received from 131.211.16.41 port 49278 ....
Code: Access-Request
Identifier: 147
Authentic: <216>|<239><162>L<136>W<5>@<139>bc<155><16><170><183>
Attributes:
Framed-Protocol = PPP
User-Name = "[EMAIL PROTECTED]"
User-Password = "<157>.<234>.<192><228><1><233><143>+2<3><151><166>4<26>"
NAS-Port-Type = Async
Calling-Station-Id = "207798110"
Called-Station-Id = "877880070"
Service-Type = Framed-User
NAS-IP-Address = 195.169.131.8
Sat Feb 22 19:11:42 2003: DEBUG: Handling request with Handler 'Realm=ktu.nl' Sat Feb 22 19:11:42 2003: DEBUG: Rewrote user name to ndegroot Sat Feb 22 19:11:42 2003: DEBUG: Deleting session for [EMAIL PROTECTED], 195.169.131.8, Sat Feb 22 19:11:42 2003: DEBUG: Handling with Radius::AuthFILE: Sat Feb 22 19:11:42 2003: DEBUG: Radius::AuthFILE looks for match with ndegroot Sat Feb 22 19:11:42 2003: DEBUG: Handling with NT Sat Feb 22 19:11:42 2003: DEBUG: Radius::AuthFILE ACCEPT: Sat Feb 22 19:11:42 2003: DEBUG: Access accepted for ndegroot Sat Feb 22 19:11:42 2003: DEBUG: Packet dump: *** Sending to 131.211.16.41 port 49278 .... Code: Access-Accept Identifier: 147 Authentic: <216>|<239><162>L<136>W<5>@<139>bc<155><16><170><183> Attributes:
Sat Feb 22 19:11:42 2003: DEBUG: Packet dump:
*** Received from 131.211.16.41 port 49278 ....
Code: Access-Request
Identifier: 145
Authentic: <216>|<239><162>L<136>W<5>@<139>bc<155><16><170><183>
Attributes:
Framed-Protocol = PPP
User-Name = "[EMAIL PROTECTED]"
User-Password = "<157>.<234>.<192><228><1><233><143>+2<3><151><166>4<26>"
NAS-Port-Type = Async
Calling-Station-Id = "207798110"
Called-Station-Id = "877880070"
Service-Type = Framed-User
NAS-IP-Address = 195.169.131.8
Sat Feb 22 19:11:42 2003: DEBUG: Handling request with Handler 'Realm=ktu.nl' Sat Feb 22 19:11:42 2003: DEBUG: Rewrote user name to ndegroot Sat Feb 22 19:11:42 2003: DEBUG: Deleting session for [EMAIL PROTECTED], 195.169.131.8, Sat Feb 22 19:11:42 2003: DEBUG: Handling with Radius::AuthFILE: Sat Feb 22 19:11:42 2003: DEBUG: Radius::AuthFILE looks for match with ndegroot Sat Feb 22 19:11:42 2003: DEBUG: Handling with NT Sat Feb 22 19:11:42 2003: DEBUG: Radius::AuthFILE ACCEPT: Sat Feb 22 19:11:42 2003: DEBUG: Access accepted for ndegroot Sat Feb 22 19:11:42 2003: DEBUG: Packet dump: *** Sending to 131.211.16.41 port 49278 .... Code: Access-Accept Identifier: 145 Authentic: <216>|<239><162>L<136>W<5>@<139>bc<155><16><170><183> Attributes:
#repeats likes this some until timeout by requesting remote access client
----- Original Message ----- From: "Hugh Irvine" <[EMAIL PROTECTED]> To: "Nico de Groot" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Sunday, February 23, 2003 12:04 AM Subject: Re: (RADIATOR) Re: Radiator on Windows 2000 AuthbyNT hangs (addition)
Hello Nico -
Thanks for keeping us up to date with your testing.
It would be very helpful to see a copy of your configuration file (no secrets), together with a more complete trace 4 debug showing what is going on with multiple requests and responses.
You should use a packet sniffer to check the actual requests received and sent on the wire (I think Windows NT includes one - I don't know about 2000). The port number that is being used by your radius client to send the radius request is 49278 as shown below. This is the port number that Radiator is sending the response to.
Sat Feb 22 19:12:16 2003: DEBUG: Packet dump: *** Received from 131.211.16.41 port 49278 ....
regards
Hugh
On Sunday, Feb 23, 2003, at 07:01 Australia/Melbourne, Nico de Groot wrote:
First question
I switched to Radiator 3.5 (done a lot of switching lately) This gives
some
more information. And now Radiator doesn't hang . The logfile records
that
request are received. After that a successful lookup is done en the
Access-Accept is send (see below). But directly after that new
requests are
received and returned. It seems that the upsteam Radiusserver isn't
listening or that reverse communication is blocked. Is the port number
ok?
My cfg says 1840.
Is there anything I can do to to improve or check the reverse
communication?
Second question
At least my Radius server is doing the NT lookup correctly. Except, the
console output gives for a succesfull lookup
result 1 error 87
This error code means ERROR_INVALID_PARAMETER But it is working.
source :errorcodes
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/
debug/base/
system_error_codes.asp
Nico de Groot KTU
From log ----
Sat Feb 22 19:12:16 2003: DEBUG: Packet dump: *** Received from 131.211.16.41 port 49278 .... Code: Access-Request Identifier: 151 Authentic: <216>|<239><162>L<136>W<5>@<139>bc<155><16><170><183> Attributes: Framed-Protocol = PPP User-Name = "[EMAIL PROTECTED]" User-Password = "<157>.<234>.<192><228><1><233><143>+2<3><151><166>4<26>" NAS-Port-Type = Async Calling-Station-Id = "207798110" Called-Station-Id = "877880070" Service-Type = Framed-User NAS-IP-Address = 195.169.131.8
Sat Feb 22 19:12:16 2003: DEBUG: Handling request with Handler
'Realm=ktu.nl'
Sat Feb 22 19:12:16 2003: DEBUG: Rewrote user name to ndegroot
Sat Feb 22 19:12:16 2003: DEBUG: Deleting session for [EMAIL PROTECTED],
195.169.131.8,
Sat Feb 22 19:12:16 2003: DEBUG: Handling with Radius::AuthFILE:
Sat Feb 22 19:12:16 2003: DEBUG: Radius::AuthFILE looks for match with
ndegroot
Sat Feb 22 19:12:16 2003: DEBUG: Handling with NT
Sat Feb 22 19:12:16 2003: DEBUG: Radius::AuthFILE ACCEPT:
Sat Feb 22 19:12:16 2003: DEBUG: Access accepted for ndegroot
Sat Feb 22 19:12:16 2003: DEBUG: Packet dump:
*** Sending to 131.211.16.41 port 49278 ....
Code: Access-Accept
Identifier: 151
Authentic: <216>|<239><162>L<136>W<5>@<139>bc<155><16><170><183>
Attributes:
=== Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
-- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence.
=== Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
-- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence.
=== Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
