Re: [RADIATOR] Calling-Station-Id problem
Hello Heikki,
you're right.
It works for me using the %{OuterRequest:Calling-Station-Id} instead of
the %{Calling-Station-Id} form.
Thank you very much.
Regards
Fabio
On 07/12/2011 11:59 PM, Heikki Vatiainen wrote:
On 07/12/2011 06:57 PM, Fabio Ciampi wrote:
Hello Fabio,
I attach the new configuration file that I wrote.
As you can see my configuration file have two different handler. One for
the outer and one for the inner authentication.
I can use radpwtst with the command:
perl radpwtst -user fa...@test.it -password hello -chap
but, in this way , I test only the handler for the outher
authentication. As you said it works.
Good to hear it works.
My problem instead seems to be in the inner authentication that is
dispatched to the handler:
Handler TunnelledByTTLS=1, request_src = test-src
and I don't know how I can test it with radpwtst.
You can not test it with radpwtst. To test TTLS, PEAP and many other
protocols, please see eapol_test
http://hostap.epitest.fi/wpa_supplicant/devel/testing_tools.html
The Access-Request messages contain the Calling-Station-Id and
Called-Station-Id.
Here is what I got in the log file:
Tue Jul 12 16:35:19 2011: DEBUG: TTLS Tunnelled Diameter Packet dump:
Code: UNDEF
Identifier: UNDEF
Authentic: UNDEF
Attributes:
User-Name = fa...@test.it
User-Password = hello000
As you can see the inner authentication contains only two attributes. If
you need to log Called- and Calling-Station-Id from the inner request
with AuthLog, use %{OuterRequest:Calling-Station-Id} with SuccessFormat.
With this you can reach back to the outer request and fetch the
attribute value from there.
Try this: MAC-user = %{OuterRequest:Calling-Station-Id} %r
See ref.pdf section 5.2 Special characters. The table has more about
%{OuterRequest:name} format
Thanks!
Heikki
___
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator
Re: [RADIATOR] Calling-Station-Id problem
On 07/11/2011 05:53 PM, Fabio Ciampi wrote:
Hello Fabio
I have in my radius.cfg file:
AuthLog FILE
Identifier eduroam-isti-log
Filename %L/%Y%m%d-isti-auth.log
LogSuccess 1
LogFailure 1
SuccessFormat %d/%m/%Y -- %H:%M:%S -- DOMAIN: %R :AUTHENTICATION %r \
ssid = eduroam %r \
user = %n %r \
NAS = %N %r \
MAC-user = %{Calling-Station-Id} AP-wvlan =
%{Called-Station-Id} %r
FailureFormat %d/%m/%Y -- %H:%M:%S -- DOMAIN: %R :FAIL %r \
user = %n password= *** %r \
NAS = %N:%{NAS-Identifier} IP-user = %{Framed-IP-Address} %r \
MAC-user = %{Calling-Station-Id} AP-wvlan =
%{Called-Station-Id} ssid = %{ssid} %r
/AuthLog
So I don't get in the isti-auth.log file the Calling-Station-Id
attribute value.
How can I solve this problem?
I tried your configuration with radpwtst. Here's what I did:
% ./radpwtst -trace 4 -noacct -password notfred
% ./radpwtst -trace 4 -noacct
The first request failed as it should, and the second was successful as
it should be.
The authlog looked like this:
12/07/2011 -- 15:46:49 -- DOMAIN: :FAIL
user = mikem password= ***
NAS = 203.63.154.1:203.63.154.1 IP-user =
MAC-user = 987654321 AP-wvlan = 123456789 ssid =
12/07/2011 -- 15:46:52 -- DOMAIN: :AUTHENTICATION
ssid = eduroam
user = mikem
NAS = 203.63.154.1
MAC-user = 987654321 AP-wvlan = 123456789
Attributes radpwtst sends are:
Attributes:
User-Name = mikem
Service-Type = Framed-User
NAS-IP-Address = 203.63.154.1
NAS-Identifier = 203.63.154.1
NAS-Port = 1234
Called-Station-Id = 123456789
Calling-Station-Id = 987654321
NAS-Port-Type = Async
User-Password =
bU2189272415172135M219262364U200
Your configuration looks correct so you should check you are receiving
Calling-Station-Id and Called-Station-Id in the Access-Request messages.
You could also try testing with radpwtst.
Thanks!
--
Heikki Vatiainen h...@open.com.au
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.
___
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator
Re: [RADIATOR] Calling-Station-Id problem
On 07/12/2011 06:57 PM, Fabio Ciampi wrote:
Hello Fabio,
I attach the new configuration file that I wrote.
As you can see my configuration file have two different handler. One for
the outer and one for the inner authentication.
I can use radpwtst with the command:
perl radpwtst -user fa...@test.it -password hello -chap
but, in this way , I test only the handler for the outher
authentication. As you said it works.
Good to hear it works.
My problem instead seems to be in the inner authentication that is
dispatched to the handler:
Handler TunnelledByTTLS=1, request_src = test-src
and I don't know how I can test it with radpwtst.
You can not test it with radpwtst. To test TTLS, PEAP and many other
protocols, please see eapol_test
http://hostap.epitest.fi/wpa_supplicant/devel/testing_tools.html
The Access-Request messages contain the Calling-Station-Id and
Called-Station-Id.
Here is what I got in the log file:
Tue Jul 12 16:35:19 2011: DEBUG: TTLS Tunnelled Diameter Packet dump:
Code: UNDEF
Identifier: UNDEF
Authentic: UNDEF
Attributes:
User-Name = fa...@test.it
User-Password = hello000
As you can see the inner authentication contains only two attributes. If
you need to log Called- and Calling-Station-Id from the inner request
with AuthLog, use %{OuterRequest:Calling-Station-Id} with SuccessFormat.
With this you can reach back to the outer request and fetch the
attribute value from there.
Try this: MAC-user = %{OuterRequest:Calling-Station-Id} %r
See ref.pdf section 5.2 Special characters. The table has more about
%{OuterRequest:name} format
Thanks!
Heikki
--
Heikki Vatiainen h...@open.com.au
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.
___
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator
RE: (RADIATOR) Calling-Station-Id
Hi Vadim, It's either a Cisco or a telco issue, Radiator has no control over this. Cheers, Ingvar -Original Message- From: Vadim Isakov [mailto:[EMAIL PROTECTED]] Sent: den 5 september 2001 05:03 To: [EMAIL PROTECTED] Subject: (RADIATOR) Calling-Station-Id Hi all, We are testing Radiator-Demo now and have problem to get Calling-Station-ID from our Cisco 5200. I set all necessary Atribbutes in AcctLogFileFormat. They all appear in details file except Calling-Station-Id. Cisco debug shows sent atrributes, but there are no attribuite 31. Is it Radiator or Cisco issue? Did anyone have such kind of problem ? Thank you in advance Vadim === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Calling-Station-Id
Hello Vadim - Have a look at a trace 4 debug from Radiator to see exactly what attributes are being sent in the radius requests sent by the Cisco. You can also look at a debug on the Cisco to see what is being sent. hth Hugh At 12:33 +0930 01/9/5, Vadim Isakov wrote: Hi all, We are testing Radiator-Demo now and have problem to get Calling-Station-ID from our Cisco 5200. I set all necessary Atribbutes in AcctLogFileFormat. They all appear in details file except Calling-Station-Id. Cisco debug shows sent atrributes, but there are no attribuite 31. Is it Radiator or Cisco issue? Did anyone have such kind of problem ? Thank you in advance Vadim === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- NB: I am travelling this week, so there may be delays in our correspondence. Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Calling-Station-Id
Hi Hugh, Thank you for your reply. As I see from debugs Cisco sends exactly what Radiator requests. The question is simpler now. How can I get Radius request Calling-Station-Id attribute from Cisco router? Thank you Vadim Radius: Attributes: NAS-IP-Address = 203.24.77.215 NAS-Port = 2 NAS-Port-Type = Async User-Name = vi Called-Station-Id = 82289800 Acct-Status-Type = Stop Acct-Authentic = RADIUS Service-Type = Framed-User Acct-Session-Id = 034B Framed-Protocol = PPP Framed-IP-Address = 210.11.41.130 Acct-Terminate-Cause = Lost-Carrier Acct-Input-Octets = 254 Acct-Output-Octets = 240 Acct-Input-Packets = 7 Acct-Output-Packets = 7 Acct-Session-Time = 47 Acct-Delay-Time = 0 Cisco: Sep 6 10:30:14.613 cst: RADIUS: Initial Transmit id 177 203.24.77.207:1646, Accountin g-Request, len 134 Sep 6 10:30:14.617 cst: Attribute 4 6 CB184DD7 Sep 6 10:30:14.617 cst: Attribute 5 6 0002 Sep 6 10:30:14.621 cst: Attribute 61 6 Sep 6 10:30:14.621 cst: Attribute 1 4 76691E0A Sep 6 10:30:14.625 cst: Attribute 30 10 38323238 Sep 6 10:30:14.625 cst: Attribute 40 6 0002 Sep 6 10:30:14.629 cst: Attribute 45 6 0001 Sep 6 10:30:14.629 cst: Attribute 6 6 0002 Sep 6 10:30:14.629 cst: Attribute 44 10 30303030 Sep 6 10:30:14.633 cst: Attribute 7 6 0001 Sep 6 10:30:14.633 cst: Attribute 8 6 D20B2982 Sep 6 10:30:14.637 cst: Attribute 49 6 0002 Sep 6 10:30:14.637 cst: Attribute 42 6 00FE Sep 6 10:30:14.641 cst: Attribute 43 6 00F0 Sep 6 10:30:14.641 cst: Attribute 47 6 0007 Sep 6 10:30:14.645 cst: Attribute 48 6 0007 Sep 6 10:30:14.645 cst: Attribute 46 6 002F Sep 6 10:30:14.645 cst: Attribute 41 6 Sep 6 10:30:14.753 cst: RADIUS: Received from id 177 203.24.77.207:1646, Accounting-r esponse, len 20 Hello Vadim - Have a look at a trace 4 debug from Radiator to see exactly what attributes are being sent in the radius requests sent by the Cisco. You can also look at a debug on the Cisco to see what is being sent. hth Hugh At 12:33 +0930 01/9/5, Vadim Isakov wrote: Hi all, We are testing Radiator-Demo now and have problem to get Calling-Station-ID from our Cisco 5200. I set all necessary Atribbutes in AcctLogFileFormat. They all appear in details file except Calling-Station-Id. Cisco debug shows sent atrributes, but there are no attribuite 31. Is it Radiator or Cisco issue? Did anyone have such kind of problem ? Thank you in advance Vadim === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- NB: I am travelling this week, so there may be delays in our correspondence. Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Calling-Station-Id
On Thu, Sep 06, 2001 at 10:44:23AM +0930, Vadim Isakov wrote: Thank you for your reply. As I see from debugs Cisco sends exactly what Radiator requests. The question is simpler now. How can I get Radius request Calling-Station-Id attribute from Cisco router? It's in the circuit config - in my case: ds0-group 0 timeslots 1-15,17-31 type r2-digital r2-compelled ani Better to ask at the [EMAIL PROTECTED] mailing list. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Calling-Station-Id/Called-Station-Id
Hello Deepak - On Thu, 16 Nov 2000, Deepak Shrestha wrote: hi, is it possible to have calling-station-id and called-station-id inserted in the DBM SessionDatabase so that it can be viewed from radwho.cgi? any help would be appreciated. The only way you can do this is by modifying the code in Radius/SessDBM.pm, however I would suggest that it would be much simpler for you to change over to using an SQL session database in which you can simply change the queries via the configuration file. In either case, you will also have to alter the radwho.cgi script to match. regards Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
