Re: (RADIATOR) Authentication via proxy
Hello Chris - If you use radpwtst on the localhost for testing, the shared secret by default is "mysecret", so if you change the secret in the clause you should see the same behaviour as for the other Client. You can set up the clause with the shared secret of the Client that has problems and use radpwtst with the -secret flag to verify correct operation. Ie: Secret ***whatever*** then radpwtst -secret ***whatever*** -user -password If this test works, then you know that the shared secret on the problem Client is not correct. BTW - keep in mind that there is one shared secret between the NAS and the remote proxy, and another shared secret between the proxy and your Radiator. regards Hugh On Wed, 3 Jul 2002 03:36, chris wrote: > I have added a client clause for every nas, and every proxy. I still get > the same results. > Is there anyway to verify that the shared secrets indeed do no match? > > The radpwtst from localhost returns an OK for the user > > > Thanks, > Chris > > > - Original Message - > From: "Hugh Irvine" <[EMAIL PROTECTED]> > To: "chris" <[EMAIL PROTECTED]> > Sent: Monday, July 01, 2002 4:18 PM > Subject: Re: (RADIATOR) Authentication via proxy > > > Hello Chris - > > > > I am still quite sure that the problem is shared secrets. > > > > You should probably add a Client clause for the proxy: > > > > # define Client clause for proxy > > > > > > Secret .. > > . > > > > > > It is fairly easy to verify this by using radpwtst locally against the > > to make sure the user record is checked correctly. > > > > regards > > > > Hugh > > > > On Tue, 2 Jul 2002 04:00, chris wrote: > > > I have verified shared secret, even tried setting to a simple number > > like > > > > 11 to rule out CaSe issues. > > > I am still having the same issues > > > > > > I am not sure how much it matters, but the setup is like this.. > > > Our clients dial into PacWest NAS(Cisco)...Thier NAS talks to thier > > radius > > > > proxy that hands off to us. > > > > > > > > > > > > - Original Message - > > > From: "Hugh Irvine" <[EMAIL PROTECTED]> > > > To: "chris" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> > > > Sent: Monday, June 24, 2002 4:21 PM > > > Subject: Re: (RADIATOR) Authentication via proxy > > > > > > > Hello Chris - > > > > > > > > This is almost always due to incorrect shared secrets. > > > > > > > > If you still have problems, please send me a copy of your > > configuration > > > > file > > > > > > > and a copy of the user record from the users file, as well as a trace > > 4 > > > > debug. > > > > > > > regards > > > > > > > > Hugh > > > > > > > > On Tue, 25 Jun 2002 03:51, chris wrote: > > > > > I am trying to setup a managed modem system with a local clec. They > > > > > > answer > > > > > > > > the calls and proxy to > > > > > my radius. I am trying to figgure our where the problem is in > > > > > authentication. It brings the username over ok, but the password is > > > > > > garbled > > > > > > > > into non-printables > > > > > > > > > > Here is a L5trace of one such session, am I overlooking something > > > > > > obvious? > > > > > > > > Mon Jun 24 10:18:35 2002: DEBUG: Packet dump: > > > > > *** Received from 64.66.192.33 port 34998 > > > > > > > > > > Packet length = 100 > > > > > 01 07 00 64 5f c1 33 73 46 7c 65 72 b8 3f fe 5d > > > > > a5 ff 6d 50 01 08 74 65 73 74 6d 65 02 12 e8 02 > > > > > 83 a4 a8 71 f9 3c 13 59 36 62 c5 29 e3 da 04 06 > > > > > 3f 5d 39 23 05 06 00 00 48 d6 06 06 00 00 00 02 > > > > > 07 06 00 00 00 01 1e 0c 37 30 32 34 34 31 30 30 > > > > > 36 33 1f 0c 32 30 39 39 32 36 33 36 37 37 3d 06 > > > > > 00 00 00 00 > > > > > Code: Access-Request > > > > > Identifier: 7 > > > > > Authentic: _<193>3sF|er<184>?<254>]<165><255>mP > > > > > Attributes: > > > > > User-Name = "testme" > > > > > Password = > > &g
Fw: (RADIATOR) Authentication via proxy
Ok, after hounding the provider, they found a misconfigureation on thier end. In the shared secret I am guessing, but none-the-less they *finally* fixed it up. Thanks for all he help Hugh! You are *the* radiator king! Chris > - Original Message - > From: "chris" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> > Sent: Tuesday, July 02, 2002 10:36 AM > Subject: Re: (RADIATOR) Authentication via proxy > > > > I have added a client clause for every nas, and every proxy. I still get > the > > same results. > > Is there anyway to verify that the shared secrets indeed do no match? > > > > The radpwtst from localhost returns an OK for the user > > > > > > Thanks, > > Chris > > > > > > - Original Message - > > From: "Hugh Irvine" <[EMAIL PROTECTED]> > > To: "chris" <[EMAIL PROTECTED]> > > Sent: Monday, July 01, 2002 4:18 PM > > Subject: Re: (RADIATOR) Authentication via proxy > > > > > > > > > > Hello Chris - > > > > > > I am still quite sure that the problem is shared secrets. > > > > > > You should probably add a Client clause for the proxy: > > > > > > # define Client clause for proxy > > > > > > > > > Secret .. > > > . > > > > > > > > > It is fairly easy to verify this by using radpwtst locally against the > > > to make sure the user record is checked correctly. > > > > > > regards > > > > > > Hugh > > > > > > > > > On Tue, 2 Jul 2002 04:00, chris wrote: > > > > I have verified shared secret, even tried setting to a simple number > > like > > > > 11 to rule out CaSe issues. > > > > I am still having the same issues > > > > > > > > I am not sure how much it matters, but the setup is like this.. > > > > Our clients dial into PacWest NAS(Cisco)...Thier NAS talks to thier > > radius > > > > proxy that hands off to us. > > > > > > > > > > > > > > - Original Message - > > > > From: "Hugh Irvine" <[EMAIL PROTECTED]> > > > > To: "chris" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> > > > > Sent: Monday, June 24, 2002 4:21 PM > > > > Subject: Re: (RADIATOR) Authentication via proxy > > > > > > > > > Hello Chris - > > > > > > > > > > This is almost always due to incorrect shared secrets. > > > > > > > > > > If you still have problems, please send me a copy of your > > configuration > > > > > > > > file > > > > > > > > > and a copy of the user record from the users file, as well as a > trace > > 4 > > > > > > > > debug. > > > > > > > > > regards > > > > > > > > > > Hugh > > > > > > > > > > On Tue, 25 Jun 2002 03:51, chris wrote: > > > > > > I am trying to setup a managed modem system with a local clec. > They > > > > > > > > answer > > > > > > > > > > the calls and proxy to > > > > > > my radius. I am trying to figgure our where the problem is in > > > > > > authentication. It brings the username over ok, but the password > is > > > > > > > > garbled > > > > > > > > > > into non-printables > > > > > > > > > > > > Here is a L5trace of one such session, am I overlooking something > > > > > > > > obvious? > > > > > > > > > > Mon Jun 24 10:18:35 2002: DEBUG: Packet dump: > > > > > > *** Received from 64.66.192.33 port 34998 > > > > > > > > > > > > Packet length = 100 > > > > > > 01 07 00 64 5f c1 33 73 46 7c 65 72 b8 3f fe 5d > > > > > > a5 ff 6d 50 01 08 74 65 73 74 6d 65 02 12 e8 02 > > > > > > 83 a4 a8 71 f9 3c 13 59 36 62 c5 29 e3 da 04 06 > > > > > > 3f 5d 39 23 05 06 00 00 48 d6 06 06 00 00 00 02 > > > > > > 07 06 00 00 00 01 1e 0c 37 30 32 34 34 31 30 30 > > > > > > 36 33 1f 0c 32 30 39 39 32 36 33 36 37 37 3d 06 > > > > > > 00 00 00 00 > > > > > > Code: Access-Request > > > > > > Identifier: 7 > &
Re: (RADIATOR) Authentication via proxy
I have added a client clause for every nas, and every proxy. I still get the same results. Is there anyway to verify that the shared secrets indeed do no match? The radpwtst from localhost returns an OK for the user Thanks, Chris - Original Message - From: "Hugh Irvine" <[EMAIL PROTECTED]> To: "chris" <[EMAIL PROTECTED]> Sent: Monday, July 01, 2002 4:18 PM Subject: Re: (RADIATOR) Authentication via proxy > > Hello Chris - > > I am still quite sure that the problem is shared secrets. > > You should probably add a Client clause for the proxy: > > # define Client clause for proxy > > > Secret .. > . > > > It is fairly easy to verify this by using radpwtst locally against the > to make sure the user record is checked correctly. > > regards > > Hugh > > > On Tue, 2 Jul 2002 04:00, chris wrote: > > I have verified shared secret, even tried setting to a simple number like > > 11 to rule out CaSe issues. > > I am still having the same issues > > > > I am not sure how much it matters, but the setup is like this.. > > Our clients dial into PacWest NAS(Cisco)...Thier NAS talks to thier radius > > proxy that hands off to us. > > > > > > - Original Message - > > From: "Hugh Irvine" <[EMAIL PROTECTED]> > > To: "chris" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> > > Sent: Monday, June 24, 2002 4:21 PM > > Subject: Re: (RADIATOR) Authentication via proxy > > > > > Hello Chris - > > > > > > This is almost always due to incorrect shared secrets. > > > > > > If you still have problems, please send me a copy of your configuration > > > > file > > > > > and a copy of the user record from the users file, as well as a trace 4 > > > > debug. > > > > > regards > > > > > > Hugh > > > > > > On Tue, 25 Jun 2002 03:51, chris wrote: > > > > I am trying to setup a managed modem system with a local clec. They > > > > answer > > > > > > the calls and proxy to > > > > my radius. I am trying to figgure our where the problem is in > > > > authentication. It brings the username over ok, but the password is > > > > garbled > > > > > > into non-printables > > > > > > > > Here is a L5trace of one such session, am I overlooking something > > > > obvious? > > > > > > Mon Jun 24 10:18:35 2002: DEBUG: Packet dump: > > > > *** Received from 64.66.192.33 port 34998 > > > > > > > > Packet length = 100 > > > > 01 07 00 64 5f c1 33 73 46 7c 65 72 b8 3f fe 5d > > > > a5 ff 6d 50 01 08 74 65 73 74 6d 65 02 12 e8 02 > > > > 83 a4 a8 71 f9 3c 13 59 36 62 c5 29 e3 da 04 06 > > > > 3f 5d 39 23 05 06 00 00 48 d6 06 06 00 00 00 02 > > > > 07 06 00 00 00 01 1e 0c 37 30 32 34 34 31 30 30 > > > > 36 33 1f 0c 32 30 39 39 32 36 33 36 37 37 3d 06 > > > > 00 00 00 00 > > > > Code: Access-Request > > > > Identifier: 7 > > > > Authentic: _<193>3sF|er<184>?<254>]<165><255>mP > > > > Attributes: > > > > User-Name = "testme" > > > > Password = > > > > "<232><2><131><164><168>q<249><<19>Y6b<197>)<227><218>" > > > > NAS-IP-Address = 63.93.57.35 > > > > NAS-Port = 18646 > > > > Service-Type = Framed-User > > > > Framed-Protocol = PPP > > > > Called-Station-Id = "7024410063" > > > > Calling-Station-Id = "2099263677" > > > > NAS-Port-Type = Async > > > > NAS-Port-Type = Async > > > > > > > > Mon Jun 24 10:18:35 2002: DEBUG: Handling request with Handler > > > > 'Realm=DEFAULT' > > > > Mon Jun 24 10:18:35 2002: DEBUG: Rewrote user name to testme > > > > Mon Jun 24 10:18:35 2002: DEBUG: Deleting session for testme, > > > > 63.93.57.35, 1864 > > > > 6 > > > > Mon Jun 24 10:18:35 2002: DEBUG: Handling with Radius::AuthFILE > > > > Mon Jun 24 10:18:35 2002: DEBUG: Reading users file > > > > /usr/local/etc/raddb/users > > > > Mon Jun 24 10:18:35 2002: DEBUG: Radius::AuthFILE looks for match with > > > > testme > > > > Mon Jun 24 10:18:36 2002: DEBUG: Radius::AuthFILE REJECT: Bad Password > > > &
Re: (RADIATOR) Authentication via proxy
On sending you the infomation earlier, I thought about the situation some more. This radius server is and has been working for several PM3's. I have made sure I am using the proper configs and dictionary now. The PM3's users are still authenticating great. I think the problem is with the way they are handing it off to me. Thier NAS goes through a proxy to get to me. Although they claim its a transparent proxy that doesnt do anything with the data, except pass it long. Just wanted to let you know that the radius server itself *is* functioning to an extent. Thanks Chris - Original Message - From: "Hugh Irvine" <[EMAIL PROTECTED]> To: "chris" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Friday, June 28, 2002 9:41 PM Subject: Re: (RADIATOR) Authentication via proxy > > Hello Chris - > > I suspect you are not using the latest dictionary file either. > > This is from the standard Radiator 3.1 dictionary: > > ATTRIBUTE EAP-Message 79 binary > > regards > > Hugh > > > On Sat, 29 Jun 2002 02:38, chris wrote: > > > Hello Chris - > > > > > > This sounds like you are not running the 3.1 version of radiusd, which > > > has > > > > a > > > > > call to &Radius::Util::get_port , not &Radius::Radius::get_port. > > > > Doh! I was in such a rush yesterday that I didnt notice it installs the > > radiusd into a different location. > > This server is being upgraded from 2.16. > > > > > > Anyways, that was exactly the problem. I am seeing this in the error log > > now though... > > > > Fri Jun 28 09:12:53 2002: ERR: Attribute number 79 is not defined in your > > dictionary > > > > Which seems to correspond with this > > > > 79 ICL / Fujitsu Computers / TeamWARE Group Tony Gale > > [EMAIL PROTECTED] > > > > Although I use all Lucent PM3's in that location. > > It doesnt seem to be affecting service in any way > > > > Thanks, > > Chris. > > > > === > > Archive at http://www.open.com.au/archives/radiator/ > > Announcements on [EMAIL PROTECTED] > > To unsubscribe, email '[EMAIL PROTECTED]' with > > 'unsubscribe radiator' in the body of the message. > > -- > Radiator: the most portable, flexible and configurable RADIUS server > anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. > - > Nets: internetwork inventory and management - graphical, extensible, > flexible with hardware, software, platform and database independence. > === > Archive at http://www.open.com.au/archives/radiator/ > Announcements on [EMAIL PROTECTED] > To unsubscribe, email '[EMAIL PROTECTED]' with > 'unsubscribe radiator' in the body of the message. > === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Authentication via proxy
Hello Chris - This sounds like you are not running the 3.1 version of radiusd, which has a call to &Radius::Util::get_port , not &Radius::Radius::get_port. regards Hugh On Fri, 28 Jun 2002 10:43, chris wrote: > I am going to be testing it tomorrow again, I will verify that the secrets > do indeed match. > > In the meantime I am trying to install 3.1 and all the 'make test' comes > out OK > but when I start it I get this message > > Undefined subroutine &Radius::Radius::get_port called at > /usr/local/sbin/radiusd line 333. > > Thanks, > Chris > > > > - Original Message - > From: "Hugh Irvine" <[EMAIL PROTECTED]> > To: "chris" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> > Sent: Monday, June 24, 2002 4:21 PM > Subject: Re: (RADIATOR) Authentication via proxy > > > Hello Chris - > > > > This is almost always due to incorrect shared secrets. > > > > If you still have problems, please send me a copy of your configuration > > file > > > and a copy of the user record from the users file, as well as a trace 4 > > debug. > > > regards > > > > Hugh > > > > On Tue, 25 Jun 2002 03:51, chris wrote: > > > I am trying to setup a managed modem system with a local clec. They > > answer > > > > the calls and proxy to > > > my radius. I am trying to figgure our where the problem is in > > > authentication. It brings the username over ok, but the password is > > garbled > > > > into non-printables > > > > > > Here is a L5trace of one such session, am I overlooking something > > obvious? > > > > Mon Jun 24 10:18:35 2002: DEBUG: Packet dump: > > > *** Received from 64.66.192.33 port 34998 > > > > > > Packet length = 100 > > > 01 07 00 64 5f c1 33 73 46 7c 65 72 b8 3f fe 5d > > > a5 ff 6d 50 01 08 74 65 73 74 6d 65 02 12 e8 02 > > > 83 a4 a8 71 f9 3c 13 59 36 62 c5 29 e3 da 04 06 > > > 3f 5d 39 23 05 06 00 00 48 d6 06 06 00 00 00 02 > > > 07 06 00 00 00 01 1e 0c 37 30 32 34 34 31 30 30 > > > 36 33 1f 0c 32 30 39 39 32 36 33 36 37 37 3d 06 > > > 00 00 00 00 > > > Code: Access-Request > > > Identifier: 7 > > > Authentic: _<193>3sF|er<184>?<254>]<165><255>mP > > > Attributes: > > > User-Name = "testme" > > > Password = > > > "<232><2><131><164><168>q<249><<19>Y6b<197>)<227><218>" > > > NAS-IP-Address = 63.93.57.35 > > > NAS-Port = 18646 > > > Service-Type = Framed-User > > > Framed-Protocol = PPP > > > Called-Station-Id = "7024410063" > > > Calling-Station-Id = "2099263677" > > > NAS-Port-Type = Async > > > NAS-Port-Type = Async > > > > > > Mon Jun 24 10:18:35 2002: DEBUG: Handling request with Handler > > > 'Realm=DEFAULT' > > > Mon Jun 24 10:18:35 2002: DEBUG: Rewrote user name to testme > > > Mon Jun 24 10:18:35 2002: DEBUG: Deleting session for testme, > > > 63.93.57.35, 1864 > > > 6 > > > Mon Jun 24 10:18:35 2002: DEBUG: Handling with Radius::AuthFILE > > > Mon Jun 24 10:18:35 2002: DEBUG: Reading users file > > > /usr/local/etc/raddb/users > > > Mon Jun 24 10:18:35 2002: DEBUG: Radius::AuthFILE looks for match with > > > testme > > > Mon Jun 24 10:18:36 2002: DEBUG: Radius::AuthFILE REJECT: Bad Password > > > Mon Jun 24 10:18:36 2002: INFO: Access rejected for testme: Bad > > > Password > > > Mon Jun 24 10:18:36 2002: DEBUG: Packet dump: > > > *** Sending to 64.66.192.33 port 34998 > > > Code: Access-Reject > > > Identifier: 7 > > > Authentic: _<193>3sF|er<184>?<254>]<165><255>mP > > > Attributes: > > > Reply-Message = "Request Denied" > > > Reply-Message = "Bad Password" > > > > > > > > > Thanks, > > > Chris > > > > > > > > > === > > > Archive at http://www.open.com.au/archives/radiator/ > > > Announcements on [EMAIL PROTECTED] > > > To unsubscribe, email '[EMAIL PROTECTED]' with > > > 'unsubscribe radiator' in the body of the message. > > > > -- > > Radiator: the most portable, flexible and configurable RADIUS server > > anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. > > - > > Nets: internetwork inventory and management - graphical, extensible, > > flexible with hardware, software, platform and database independence. > > === > Archive at http://www.open.com.au/archives/radiator/ > Announcements on [EMAIL PROTECTED] > To unsubscribe, email '[EMAIL PROTECTED]' with > 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Authentication via proxy
I am going to be testing it tomorrow again, I will verify that the secrets do indeed match. In the meantime I am trying to install 3.1 and all the 'make test' comes out OK but when I start it I get this message Undefined subroutine &Radius::Radius::get_port called at /usr/local/sbin/radiusd line 333. Thanks, Chris - Original Message - From: "Hugh Irvine" <[EMAIL PROTECTED]> To: "chris" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Monday, June 24, 2002 4:21 PM Subject: Re: (RADIATOR) Authentication via proxy > > Hello Chris - > > This is almost always due to incorrect shared secrets. > > If you still have problems, please send me a copy of your configuration file > and a copy of the user record from the users file, as well as a trace 4 debug. > > regards > > Hugh > > On Tue, 25 Jun 2002 03:51, chris wrote: > > I am trying to setup a managed modem system with a local clec. They answer > > the calls and proxy to > > my radius. I am trying to figgure our where the problem is in > > authentication. It brings the username over ok, but the password is garbled > > into non-printables > > > > Here is a L5trace of one such session, am I overlooking something obvious? > > > > Mon Jun 24 10:18:35 2002: DEBUG: Packet dump: > > *** Received from 64.66.192.33 port 34998 > > > > Packet length = 100 > > 01 07 00 64 5f c1 33 73 46 7c 65 72 b8 3f fe 5d > > a5 ff 6d 50 01 08 74 65 73 74 6d 65 02 12 e8 02 > > 83 a4 a8 71 f9 3c 13 59 36 62 c5 29 e3 da 04 06 > > 3f 5d 39 23 05 06 00 00 48 d6 06 06 00 00 00 02 > > 07 06 00 00 00 01 1e 0c 37 30 32 34 34 31 30 30 > > 36 33 1f 0c 32 30 39 39 32 36 33 36 37 37 3d 06 > > 00 00 00 00 > > Code: Access-Request > > Identifier: 7 > > Authentic: _<193>3sF|er<184>?<254>]<165><255>mP > > Attributes: > > User-Name = "testme" > > Password = > > "<232><2><131><164><168>q<249><<19>Y6b<197>)<227><218>" > > NAS-IP-Address = 63.93.57.35 > > NAS-Port = 18646 > > Service-Type = Framed-User > > Framed-Protocol = PPP > > Called-Station-Id = "7024410063" > > Calling-Station-Id = "2099263677" > > NAS-Port-Type = Async > > NAS-Port-Type = Async > > > > Mon Jun 24 10:18:35 2002: DEBUG: Handling request with Handler > > 'Realm=DEFAULT' > > Mon Jun 24 10:18:35 2002: DEBUG: Rewrote user name to testme > > Mon Jun 24 10:18:35 2002: DEBUG: Deleting session for testme, > > 63.93.57.35, 1864 > > 6 > > Mon Jun 24 10:18:35 2002: DEBUG: Handling with Radius::AuthFILE > > Mon Jun 24 10:18:35 2002: DEBUG: Reading users file > > /usr/local/etc/raddb/users > > Mon Jun 24 10:18:35 2002: DEBUG: Radius::AuthFILE looks for match with > > testme > > Mon Jun 24 10:18:36 2002: DEBUG: Radius::AuthFILE REJECT: Bad Password > > Mon Jun 24 10:18:36 2002: INFO: Access rejected for testme: Bad > > Password > > Mon Jun 24 10:18:36 2002: DEBUG: Packet dump: > > *** Sending to 64.66.192.33 port 34998 > > Code: Access-Reject > > Identifier: 7 > > Authentic: _<193>3sF|er<184>?<254>]<165><255>mP > > Attributes: > > Reply-Message = "Request Denied" > > Reply-Message = "Bad Password" > > > > > > Thanks, > > Chris > > > > > > === > > Archive at http://www.open.com.au/archives/radiator/ > > Announcements on [EMAIL PROTECTED] > > To unsubscribe, email '[EMAIL PROTECTED]' with > > 'unsubscribe radiator' in the body of the message. > > -- > Radiator: the most portable, flexible and configurable RADIUS server > anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. > - > Nets: internetwork inventory and management - graphical, extensible, > flexible with hardware, software, platform and database independence. > === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Authentication via proxy
Hello Chris - This is almost always due to incorrect shared secrets. If you still have problems, please send me a copy of your configuration file and a copy of the user record from the users file, as well as a trace 4 debug. regards Hugh On Tue, 25 Jun 2002 03:51, chris wrote: > I am trying to setup a managed modem system with a local clec. They answer > the calls and proxy to > my radius. I am trying to figgure our where the problem is in > authentication. It brings the username over ok, but the password is garbled > into non-printables > > Here is a L5trace of one such session, am I overlooking something obvious? > > Mon Jun 24 10:18:35 2002: DEBUG: Packet dump: > *** Received from 64.66.192.33 port 34998 > > Packet length = 100 > 01 07 00 64 5f c1 33 73 46 7c 65 72 b8 3f fe 5d > a5 ff 6d 50 01 08 74 65 73 74 6d 65 02 12 e8 02 > 83 a4 a8 71 f9 3c 13 59 36 62 c5 29 e3 da 04 06 > 3f 5d 39 23 05 06 00 00 48 d6 06 06 00 00 00 02 > 07 06 00 00 00 01 1e 0c 37 30 32 34 34 31 30 30 > 36 33 1f 0c 32 30 39 39 32 36 33 36 37 37 3d 06 > 00 00 00 00 > Code: Access-Request > Identifier: 7 > Authentic: _<193>3sF|er<184>?<254>]<165><255>mP > Attributes: > User-Name = "testme" > Password = > "<232><2><131><164><168>q<249><<19>Y6b<197>)<227><218>" > NAS-IP-Address = 63.93.57.35 > NAS-Port = 18646 > Service-Type = Framed-User > Framed-Protocol = PPP > Called-Station-Id = "7024410063" > Calling-Station-Id = "2099263677" > NAS-Port-Type = Async > NAS-Port-Type = Async > > Mon Jun 24 10:18:35 2002: DEBUG: Handling request with Handler > 'Realm=DEFAULT' > Mon Jun 24 10:18:35 2002: DEBUG: Rewrote user name to testme > Mon Jun 24 10:18:35 2002: DEBUG: Deleting session for testme, > 63.93.57.35, 1864 > 6 > Mon Jun 24 10:18:35 2002: DEBUG: Handling with Radius::AuthFILE > Mon Jun 24 10:18:35 2002: DEBUG: Reading users file > /usr/local/etc/raddb/users > Mon Jun 24 10:18:35 2002: DEBUG: Radius::AuthFILE looks for match with > testme > Mon Jun 24 10:18:36 2002: DEBUG: Radius::AuthFILE REJECT: Bad Password > Mon Jun 24 10:18:36 2002: INFO: Access rejected for testme: Bad > Password > Mon Jun 24 10:18:36 2002: DEBUG: Packet dump: > *** Sending to 64.66.192.33 port 34998 > Code: Access-Reject > Identifier: 7 > Authentic: _<193>3sF|er<184>?<254>]<165><255>mP > Attributes: > Reply-Message = "Request Denied" > Reply-Message = "Bad Password" > > > Thanks, > Chris > > > === > Archive at http://www.open.com.au/archives/radiator/ > Announcements on [EMAIL PROTECTED] > To unsubscribe, email '[EMAIL PROTECTED]' with > 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Authentication via proxy
I am trying to setup a managed modem system with a local clec. They answer the calls and proxy to my radius. I am trying to figgure our where the problem is in authentication. It brings the username over ok, but the password is garbled into non-printables Here is a L5trace of one such session, am I overlooking something obvious? Mon Jun 24 10:18:35 2002: DEBUG: Packet dump: *** Received from 64.66.192.33 port 34998 Packet length = 100 01 07 00 64 5f c1 33 73 46 7c 65 72 b8 3f fe 5d a5 ff 6d 50 01 08 74 65 73 74 6d 65 02 12 e8 02 83 a4 a8 71 f9 3c 13 59 36 62 c5 29 e3 da 04 06 3f 5d 39 23 05 06 00 00 48 d6 06 06 00 00 00 02 07 06 00 00 00 01 1e 0c 37 30 32 34 34 31 30 30 36 33 1f 0c 32 30 39 39 32 36 33 36 37 37 3d 06 00 00 00 00 Code: Access-Request Identifier: 7 Authentic: _<193>3sF|er<184>?<254>]<165><255>mP Attributes: User-Name = "testme" Password = "<232><2><131><164><168>q<249><<19>Y6b<197>)<227><218>" NAS-IP-Address = 63.93.57.35 NAS-Port = 18646 Service-Type = Framed-User Framed-Protocol = PPP Called-Station-Id = "7024410063" Calling-Station-Id = "2099263677" NAS-Port-Type = Async NAS-Port-Type = Async Mon Jun 24 10:18:35 2002: DEBUG: Handling request with Handler 'Realm=DEFAULT' Mon Jun 24 10:18:35 2002: DEBUG: Rewrote user name to testme Mon Jun 24 10:18:35 2002: DEBUG: Deleting session for testme, 63.93.57.35, 1864 6 Mon Jun 24 10:18:35 2002: DEBUG: Handling with Radius::AuthFILE Mon Jun 24 10:18:35 2002: DEBUG: Reading users file /usr/local/etc/raddb/users Mon Jun 24 10:18:35 2002: DEBUG: Radius::AuthFILE looks for match with testme Mon Jun 24 10:18:36 2002: DEBUG: Radius::AuthFILE REJECT: Bad Password Mon Jun 24 10:18:36 2002: INFO: Access rejected for testme: Bad Password Mon Jun 24 10:18:36 2002: DEBUG: Packet dump: *** Sending to 64.66.192.33 port 34998 Code: Access-Reject Identifier: 7 Authentic: _<193>3sF|er<184>?<254>]<165><255>mP Attributes: Reply-Message = "Request Denied" Reply-Message = "Bad Password" Thanks, Chris === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
