subject:"RE\: Proxy of accounting message \(Ashwin Gobind\)"

RE: Proxy of accounting message (Ashwin Gobind)

2005-10-03 Thread Ashwin Gobind

Radiator required a valid Authenticator to be part of the Accouning
Request.  I am proxying from freeradius to radiator.  How can this be
resolved ?

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: 30 September 2005 06:12 PM
To: freeradius-users@lists.freeradius.org
Subject: Freeradius-Users Digest, Vol 5, Issue 103

Send Freeradius-Users mailing list submissions to
freeradius-users@lists.freeradius.org

To subscribe or unsubscribe via the World Wide Web, visit
http://lists.freeradius.org/mailman/listinfo/freeradius-users
or, via email, send a message with subject or body 'help' to
[EMAIL PROTECTED]

You can reach the person managing the list at
[EMAIL PROTECTED]

When replying, please edit your Subject line so it is more specific
than Re: Contents of Freeradius-Users digest...

Today's Topics:

   1. RE: Proxy of accounting message (Ashwin Gobind)
   2. EAP-PEAP-MSCHAPv2: use_tunneled_reply = yes (Bjarni Hardarson)
   3. Re: freeradius and MS SQL -- anyone got it working? (Duane Cox)
   4. Re: Expose RADIUS packet's identifier  (James J J Hooper)
   5. Re: Segmentation Fault - 1.0.5  (Alan DeKok)
   6. Re: SSL3_GET_CLIENT_KEY_EXCHANGE  (Alan DeKok)
   7. Re: freeradius and MS SQL -- anyone got it working?  (Alan DeKok)
   8. Re: Proxy of accounting message  (Alan DeKok)

--

Message: 1
Date: Fri, 30 Sep 2005 14:39:18 +0200
From: Ashwin Gobind [EMAIL PROTECTED]
Subject: RE: Proxy of accounting message
To: freeradius-users@lists.freeradius.org
Message-ID:

[EMAIL PROTECTED]
Content-Type: text/plain;   charset=us-ascii

Thanks nick.  However when I proxy the message, the
message-authenticator field has an INVAILID TOKEN (see trace below).
Why is this

Sending Accounting-Request of id 1 to 10.113.46.170:1813
Acct-Status-Type = Start
Service-Type = Framed-User
Called-Station-Id = vlive
Framed-Protocol = GPRS-PDP-Context
Framed-Protocol = GPRS-PDP-Context
Acct-Delay-Time = 5
Calling-Station-Id = 27829800729
NAS-Identifier = GMC-GGSN0-13-2
Acct-Session-Id = 20050529
User-Name = 27829800729
User-Name = 27829800729
NAS-Port = 6000
NAS-Port-Type = Virtual
NAS-IP-Address = 10.111.14.46
Message-Authenticator INVALID-TOKEN
0x
Proxy-State = 0x30

This e-mail is sent on the Terms and Conditions that can be accessed by
Clicking on this link http://www.vodacom.net/legal/email.aspx 

--

Message: 2
Date: Fri, 30 Sep 2005 14:51:25 +0200
From: Bjarni Hardarson [EMAIL PROTECTED]
Subject: EAP-PEAP-MSCHAPv2: use_tunneled_reply = yes
To: freeradius-users@lists.freeradius.org
Message-ID: [EMAIL PROTECTED]
Content-Type: text/plain;   charset=us-ascii

Hi all,

I'm using FreeRADIUS with Cisco 1200 Series Access points for dynamic
VLAN
assignment.

When i set use_tunneled_reply = yes for PEAP i get an Access-Challenge
with
the correct attributes but the final Access-Accept has no attributes and
the
User-Name is the anonymous one from the outer tunnel. This username is
then
used by the AP for accounting.
Is this by design or is my configuration wrong?

Partial debug,

  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 24
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/mschapv2
  rlm_eap: processing type mschapv2
  rlm_eap: Freeing handler
  modcall[authenticate]: module eap returns ok for request 24
modcall: group authenticate returns ok for request 24
  PEAP: Got tunneled reply RADIUS code 2
User-Name = radtest
Tunnel-Private-Group-Id:0 = 310
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Type:0 = VLAN
EAP-Message = 0x03080004
Message-Authenticator = 0x
  PEAP: Processing from tunneled session code 0x818f508 2
User-Name = radtest
Tunnel-Private-Group-Id:0 = 310
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Type:0 = VLAN
EAP-Message = 0x03080004
Message-Authenticator = 0x
  PEAP: Tunneled authentication was successful.
  rlm_eap_peap: SUCCESS
  modcall[authenticate]: module eap returns handled for request 24
modcall: group authenticate returns handled for request 24 Sending
Access-Challenge of id 8 to 127.0.0.1:33229
User-Name = radtest
Tunnel-Private-Group-Id:0 = 310
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Type:0 = VLAN
Message-Authenticator = 0x
EAP-Message =
0x010900501900170301002079fdf7026cf88ffd8c978e4fb62290b4d4f4a1596c767f55
7ada
bdaf51b7437d17030100209a1de8e9b88b4654d03b0754d4f5a04887b57b329c94a6494e
f84d
2bf74f294c
State = 0x3c86d1f16a6312263ae7a01dbfc81a28

Re: Proxy of accounting message (Ashwin Gobind)

2005-10-03 Thread Alan DeKok

Ashwin Gobind [EMAIL PROTECTED] wrote:
 Radiator required a valid Authenticator to be part of the Accouning
 Request.

  A Message-Authenticator?  I doubt that VERY much.  Radiator works
with multiple RADIUS implementations, very few of which send
Message-Authenticator in Accounting-Request.

  I am proxying from freeradius to radiator.  How can this be
 resolved ?

  a) Patch Radiator so that it doesn't require a Message-Authenticator.

  b) Patch FreeRADIUS to create the *non-standard* Message-Authenticator
that Radiator expects.

  For (b), you will have to find out what algorithm Radiator uses to
calculate Message-Authenticator.  Since it's non-standard, you wil l
have to ask the Radiator people how they did it.

  Alan DEKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: Proxy of accounting message (Ashwin Gobind)

Re: Proxy of accounting message (Ashwin Gobind)

2 matches

Site Navigation

Mail list logo

Footer information