(RADIATOR) Re: Radiator on Windows 2000 AuthbyNT hangs (addition)
Hugh Irvine
hugh at open.com.au
Sun Feb 23 15:08:16 CST 2003
Hello Nico -
Thanks for sending the debug information.
It looks to me like the NAS is retrying the access requests because you
are not sending back any reply attributes in the Access-Accept's. You
should add at least the following to your AuthBy FILE clause:
<AuthBy FILE>
....
AddToReply Service-Type = Framed-User, \
Framed-Protocol = PPP
....
<AuthBy>
regards
Hugh
On Sunday, Feb 23, 2003, at 21:18 Australia/Melbourne, Nico de Groot
wrote:
> Hello Hugh,
>
> Below the info you asked for. I'll try sniffing later. I have to
> locate a
> new sniffing program (old one on the crashed disk, sniff ).
>
> Thanks,
> Nico
>
> --action -----
> Local request, localhost to localhost: one request one answer.
> External request, relayed by radius1(41) or radius2.uu.nl(40) to
> radius1.ktu.nl alternating
>
> o two or four requests from radius2 on 1840 with each time one
> positive
> reply by us
> o one sometimes three requests from radius1 each positive replied by
> us
>
> exact structure: (40)*3,41,40,41,41.,4040,41,(40)*4,41,41,41...
> see trace 4 below
>
> --config-file-----
> Trace 4
>
> # The name of the file where the radiusd PID will be
> # written after startup
> PidFile ./radiusd.pid
> # AuthPort specifies the port to list on for authentication requests
> AuthPort 1645
> # AcctPort specifies the port to list on for accounting requests
> AcctPort 1646
> # LogDir is the directory where logfiles are put
> LogDir ./log
> # DbDir is the directory where database and config are put
> DbDir ./db
> # LogFile is the name of the log file.
> LogFile %L/logfile
> # DictionaryFile is the name of the Radius dictionary file
> DictionaryFile %D/dictionary
> # <Client hostname> is used to define each radius client to which
> # we will respond. Requests received from clients that arent named by
> # Client clauses in this file here will be ignored
> # radius1.surf.nl=radius1.studentennet.nl
> # radius2.surf.nl=radius2.studentennet.nl
> <Client DEFAULT>
> Secret een.geheimpje!!
> DupInterval 0
> IgnoreAcctSignature
> </Client>
> <Client radius1.uu.nl>
> Secret ***
> IgnoreAcctSignature
> DupInterval 2
> </Client>
> <Client radius2.uu.nl>
> Secret ***
> IgnoreAcctSignature
> DupInterval 2
> </Client>
> <Client radius1.surf.nl>
> Secret ***
> IgnoreAcctSignature
> </Client>
> # voor lokaal testen met radpwst
> <Client localhost>
> Secret alles.is.ijdelheid!
> DupInterval 0
> IgnoreAcctSignature
> </Client>
> <Client kt183.ktu.nl>
> Secret mysecret
> DupInterval 0
> IgnoreAcctSignature
> </Client>
>
> <Realm ktu.nl>
> RewriteUsername s/^([^@]+).*/$1/
> MaxSessions 9999
> AcctLogFileName %L/ktu.detail
> WtmpFileName %L/ktu.wtmp
> # PasswordLogFileName %L/ktu.passwd
> <AuthBy FILE>
> Filename %D/ktu.users
> </AuthBy>
> </Realm>
>
> <Realm DEFAULT>
> RewriteUsername s/^([^@]+).*/$1/
> MaxSessions 9999
> AcctLogFileName %L/detail
> WtmpFileName %L/wtmp
> <AuthBy FILE>
> Filename %D/ktu.users
> </AuthBy>
> </Realm>
> <AuthBy NT>
> Identifier NT-Theologie
> Domain THEOLOGIE
> DomainController \\DIENAAR01
> IgnorePasswordChange
> </AuthBy>
> <AuthBy NT>
> Identifier NT-Studenten
> Domain STUDENTEN
> DomainController \\BONIFATIUS
> IgnorePasswordChange
> </AuthBy>
>
> --trace 4 -----
> # first one succesfull communication one request one (correct)denial
> (localhost)
> # rest loops (approximate 20 times until requesting remote acces client
> times out)
> Sat Feb 22 19:04:03 2003: DEBUG: Packet dump:
> *** Received from 131.211.69.246 port 3144 ....
> Code: Access-Request
> Identifier: 228
> Authentic: 1234567890123456
> Attributes:
> User-Name = "test at ktu.nl"
> Service-Type = Framed-User
> NAS-IP-Address = 203.63.154.1
> NAS-Port = 1234
> Called-Station-Id = "123456789"
> Calling-Station-Id = "302533568"
> NAS-Port-Type = Async
> User-Password = "8<4>B<209>^<167>w._<144>2ZS<11><172><191>"
>
> Sat Feb 22 19:04:03 2003: DEBUG: Handling request with Handler
> 'Realm=ktu.nl'
> Sat Feb 22 19:04:03 2003: DEBUG: Rewrote user name to test
> Sat Feb 22 19:04:03 2003: DEBUG: Deleting session for test at ktu.nl,
> 203.63.154.1, 1234
> Sat Feb 22 19:04:03 2003: DEBUG: Handling with Radius::AuthFILE:
> Sat Feb 22 19:04:03 2003: DEBUG: Radius::AuthFILE looks for match with
> test
> Sat Feb 22 19:04:03 2003: WARNING: Could not find Identifier for
> Auth-Type
> 'NT-Studenten'
> Sat Feb 22 19:04:03 2003: DEBUG: Radius::AuthFILE REJECT: Could not
> find
> Identifier for Auth-Type 'NT-Studenten'
> Sat Feb 22 19:04:03 2003: INFO: Access rejected for test: Could not
> find
> Identifier for Auth-Type 'NT-Studenten'
> Sat Feb 22 19:04:03 2003: DEBUG: Packet dump:
> *** Sending to 131.211.69.246 port 3144 ....
> Code: Access-Reject
> Identifier: 228
> Authentic: 1234567890123456
> Attributes:
> Reply-Message = "Request Denied"
>
> Sat Feb 22 19:11:26 2003: DEBUG: Packet dump:
> *** Received from 131.211.16.40 port 1840 ....
> Code: Access-Request
> Identifier: 145
> Authentic: <216>|<239><162>L<136>W<5>@<139>bc<155><16><170><183>
> Attributes:
> Framed-Protocol = PPP
> User-Name = "ndegroot at ktu.nl"
> User-Password =
> "<157>.<234>.<192><228><1><233><143>+2<3><151><166>4<26>"
> NAS-Port-Type = Async
> Calling-Station-Id = "207798110"
> Called-Station-Id = "877880070"
> Service-Type = Framed-User
> NAS-IP-Address = 195.169.131.8
>
> Sat Feb 22 19:11:26 2003: DEBUG: Handling request with Handler
> 'Realm=ktu.nl'
> Sat Feb 22 19:11:26 2003: DEBUG: Rewrote user name to ndegroot
> Sat Feb 22 19:11:26 2003: DEBUG: Deleting session for ndegroot at ktu.nl,
> 195.169.131.8,
> Sat Feb 22 19:11:26 2003: DEBUG: Handling with Radius::AuthFILE:
> Sat Feb 22 19:11:26 2003: DEBUG: Radius::AuthFILE looks for match with
> ndegroot
> Sat Feb 22 19:11:26 2003: DEBUG: Handling with NT
> Sat Feb 22 19:11:26 2003: DEBUG: Radius::AuthFILE ACCEPT:
> Sat Feb 22 19:11:26 2003: DEBUG: Access accepted for ndegroot
> Sat Feb 22 19:11:26 2003: DEBUG: Packet dump:
> *** Sending to 131.211.16.40 port 1840 ....
> Code: Access-Accept
> Identifier: 145
> Authentic: <216>|<239><162>L<136>W<5>@<139>bc<155><16><170><183>
> Attributes:
>
> Sat Feb 22 19:11:29 2003: DEBUG: Packet dump:
> *** Received from 131.211.16.40 port 1840 ....
> Code: Access-Request
> Identifier: 146
> Authentic: <216>|<239><162>L<136>W<5>@<139>bc<155><16><170><183>
> Attributes:
> Framed-Protocol = PPP
> User-Name = "ndegroot at ktu.nl"
> User-Password =
> "<157>.<234>.<192><228><1><233><143>+2<3><151><166>4<26>"
> NAS-Port-Type = Async
> Calling-Station-Id = "207798110"
> Called-Station-Id = "877880070"
> Service-Type = Framed-User
> NAS-IP-Address = 195.169.131.8
>
> Sat Feb 22 19:11:29 2003: DEBUG: Handling request with Handler
> 'Realm=ktu.nl'
> Sat Feb 22 19:11:29 2003: DEBUG: Rewrote user name to ndegroot
> Sat Feb 22 19:11:29 2003: DEBUG: Deleting session for ndegroot at ktu.nl,
> 195.169.131.8,
> Sat Feb 22 19:11:29 2003: DEBUG: Handling with Radius::AuthFILE:
> Sat Feb 22 19:11:29 2003: DEBUG: Radius::AuthFILE looks for match with
> ndegroot
> Sat Feb 22 19:11:29 2003: DEBUG: Handling with NT
> Sat Feb 22 19:11:29 2003: DEBUG: Radius::AuthFILE ACCEPT:
> Sat Feb 22 19:11:29 2003: DEBUG: Access accepted for ndegroot
> Sat Feb 22 19:11:29 2003: DEBUG: Packet dump:
> *** Sending to 131.211.16.40 port 1840 ....
> Code: Access-Accept
> Identifier: 146
> Authentic: <216>|<239><162>L<136>W<5>@<139>bc<155><16><170><183>
> Attributes:
>
> Sat Feb 22 19:11:31 2003: DEBUG: Packet dump:
> *** Received from 131.211.16.40 port 1840 ....
> Code: Access-Request
> Identifier: 145
> Authentic: <216>|<239><162>L<136>W<5>@<139>bc<155><16><170><183>
> Attributes:
> Framed-Protocol = PPP
> User-Name = "ndegroot at ktu.nl"
> User-Password =
> "<157>.<234>.<192><228><1><233><143>+2<3><151><166>4<26>"
> NAS-Port-Type = Async
> Calling-Station-Id = "207798110"
> Called-Station-Id = "877880070"
> Service-Type = Framed-User
> NAS-IP-Address = 195.169.131.8
>
> Sat Feb 22 19:11:31 2003: DEBUG: Handling request with Handler
> 'Realm=ktu.nl'
> Sat Feb 22 19:11:31 2003: DEBUG: Rewrote user name to ndegroot
> Sat Feb 22 19:11:31 2003: DEBUG: Deleting session for ndegroot at ktu.nl,
> 195.169.131.8,
> Sat Feb 22 19:11:31 2003: DEBUG: Handling with Radius::AuthFILE:
> Sat Feb 22 19:11:31 2003: DEBUG: Radius::AuthFILE looks for match with
> ndegroot
> Sat Feb 22 19:11:31 2003: DEBUG: Handling with NT
> Sat Feb 22 19:11:31 2003: DEBUG: Radius::AuthFILE ACCEPT:
> Sat Feb 22 19:11:31 2003: DEBUG: Access accepted for ndegroot
> Sat Feb 22 19:11:31 2003: DEBUG: Packet dump:
> *** Sending to 131.211.16.40 port 1840 ....
> Code: Access-Accept
> Identifier: 145
> Authentic: <216>|<239><162>L<136>W<5>@<139>bc<155><16><170><183>
> Attributes:
>
> Sat Feb 22 19:11:32 2003: DEBUG: Packet dump:
> *** Received from 131.211.16.41 port 49278 ....
> Code: Access-Request
> Identifier: 145
> Authentic: <216>|<239><162>L<136>W<5>@<139>bc<155><16><170><183>
> Attributes:
> Framed-Protocol = PPP
> User-Name = "ndegroot at ktu.nl"
> User-Password =
> "<157>.<234>.<192><228><1><233><143>+2<3><151><166>4<26>"
> NAS-Port-Type = Async
> Calling-Station-Id = "207798110"
> Called-Station-Id = "877880070"
> Service-Type = Framed-User
> NAS-IP-Address = 195.169.131.8
>
> Sat Feb 22 19:11:32 2003: DEBUG: Handling request with Handler
> 'Realm=ktu.nl'
> Sat Feb 22 19:11:32 2003: DEBUG: Rewrote user name to ndegroot
> Sat Feb 22 19:11:32 2003: DEBUG: Deleting session for ndegroot at ktu.nl,
> 195.169.131.8,
> Sat Feb 22 19:11:32 2003: DEBUG: Handling with Radius::AuthFILE:
> Sat Feb 22 19:11:32 2003: DEBUG: Radius::AuthFILE looks for match with
> ndegroot
> Sat Feb 22 19:11:32 2003: DEBUG: Handling with NT
> Sat Feb 22 19:11:33 2003: DEBUG: Radius::AuthFILE ACCEPT:
> Sat Feb 22 19:11:33 2003: DEBUG: Access accepted for ndegroot
> Sat Feb 22 19:11:33 2003: DEBUG: Packet dump:
> *** Sending to 131.211.16.41 port 49278 ....
> Code: Access-Accept
> Identifier: 145
> Authentic: <216>|<239><162>L<136>W<5>@<139>bc<155><16><170><183>
> Attributes:
>
> Sat Feb 22 19:11:34 2003: DEBUG: Packet dump:
> *** Received from 131.211.16.40 port 1840 ....
> Code: Access-Request
> Identifier: 146
> Authentic: <216>|<239><162>L<136>W<5>@<139>bc<155><16><170><183>
> Attributes:
> Framed-Protocol = PPP
> User-Name = "ndegroot at ktu.nl"
> User-Password =
> "<157>.<234>.<192><228><1><233><143>+2<3><151><166>4<26>"
> NAS-Port-Type = Async
> Calling-Station-Id = "207798110"
> Called-Station-Id = "877880070"
> Service-Type = Framed-User
> NAS-IP-Address = 195.169.131.8
>
> Sat Feb 22 19:11:34 2003: DEBUG: Handling request with Handler
> 'Realm=ktu.nl'
> Sat Feb 22 19:11:34 2003: DEBUG: Rewrote user name to ndegroot
> Sat Feb 22 19:11:34 2003: DEBUG: Deleting session for ndegroot at ktu.nl,
> 195.169.131.8,
> Sat Feb 22 19:11:34 2003: DEBUG: Handling with Radius::AuthFILE:
> Sat Feb 22 19:11:34 2003: DEBUG: Radius::AuthFILE looks for match with
> ndegroot
> Sat Feb 22 19:11:34 2003: DEBUG: Handling with NT
> Sat Feb 22 19:11:34 2003: DEBUG: Radius::AuthFILE ACCEPT:
> Sat Feb 22 19:11:34 2003: DEBUG: Access accepted for ndegroot
> Sat Feb 22 19:11:34 2003: DEBUG: Packet dump:
> *** Sending to 131.211.16.40 port 1840 ....
> Code: Access-Accept
> Identifier: 146
> Authentic: <216>|<239><162>L<136>W<5>@<139>bc<155><16><170><183>
> Attributes:
>
> Sat Feb 22 19:11:35 2003: DEBUG: Packet dump:
> *** Received from 131.211.16.41 port 49278 ....
> Code: Access-Request
> Identifier: 146
> Authentic: <216>|<239><162>L<136>W<5>@<139>bc<155><16><170><183>
> Attributes:
> Framed-Protocol = PPP
> User-Name = "ndegroot at ktu.nl"
> User-Password =
> "<157>.<234>.<192><228><1><233><143>+2<3><151><166>4<26>"
> NAS-Port-Type = Async
> Calling-Station-Id = "207798110"
> Called-Station-Id = "877880070"
> Service-Type = Framed-User
> NAS-IP-Address = 195.169.131.8
>
> Sat Feb 22 19:11:35 2003: DEBUG: Handling request with Handler
> 'Realm=ktu.nl'
> Sat Feb 22 19:11:35 2003: DEBUG: Rewrote user name to ndegroot
> Sat Feb 22 19:11:35 2003: DEBUG: Deleting session for ndegroot at ktu.nl,
> 195.169.131.8,
> Sat Feb 22 19:11:35 2003: DEBUG: Handling with Radius::AuthFILE:
> Sat Feb 22 19:11:35 2003: DEBUG: Radius::AuthFILE looks for match with
> ndegroot
> Sat Feb 22 19:11:35 2003: DEBUG: Handling with NT
> Sat Feb 22 19:11:36 2003: DEBUG: Radius::AuthFILE ACCEPT:
> Sat Feb 22 19:11:36 2003: DEBUG: Access accepted for ndegroot
> Sat Feb 22 19:11:36 2003: DEBUG: Packet dump:
> *** Sending to 131.211.16.41 port 49278 ....
> Code: Access-Accept
> Identifier: 146
> Authentic: <216>|<239><162>L<136>W<5>@<139>bc<155><16><170><183>
> Attributes:
>
> Sat Feb 22 19:11:36 2003: DEBUG: Packet dump:
> *** Received from 131.211.16.40 port 1840 ....
> Code: Access-Request
> Identifier: 145
> Authentic: <216>|<239><162>L<136>W<5>@<139>bc<155><16><170><183>
> Attributes:
> Framed-Protocol = PPP
> User-Name = "ndegroot at ktu.nl"
> User-Password =
> "<157>.<234>.<192><228><1><233><143>+2<3><151><166>4<26>"
> NAS-Port-Type = Async
> Calling-Station-Id = "207798110"
> Called-Station-Id = "877880070"
> Service-Type = Framed-User
> NAS-IP-Address = 195.169.131.8
>
> Sat Feb 22 19:11:36 2003: DEBUG: Handling request with Handler
> 'Realm=ktu.nl'
> Sat Feb 22 19:11:36 2003: DEBUG: Rewrote user name to ndegroot
> Sat Feb 22 19:11:36 2003: DEBUG: Deleting session for ndegroot at ktu.nl,
> 195.169.131.8,
> Sat Feb 22 19:11:36 2003: DEBUG: Handling with Radius::AuthFILE:
> Sat Feb 22 19:11:36 2003: DEBUG: Radius::AuthFILE looks for match with
> ndegroot
> Sat Feb 22 19:11:36 2003: DEBUG: Handling with NT
> Sat Feb 22 19:11:36 2003: DEBUG: Radius::AuthFILE ACCEPT:
> Sat Feb 22 19:11:36 2003: DEBUG: Access accepted for ndegroot
> Sat Feb 22 19:11:36 2003: DEBUG: Packet dump:
> *** Sending to 131.211.16.40 port 1840 ....
> Code: Access-Accept
> Identifier: 145
> Authentic: <216>|<239><162>L<136>W<5>@<139>bc<155><16><170><183>
> Attributes:
>
> Sat Feb 22 19:11:36 2003: DEBUG: Packet dump:
> *** Received from 131.211.16.40 port 1840 ....
> Code: Access-Request
> Identifier: 147
> Authentic: <216>|<239><162>L<136>W<5>@<139>bc<155><16><170><183>
> Attributes:
> Framed-Protocol = PPP
> User-Name = "ndegroot at ktu.nl"
> User-Password =
> "<157>.<234>.<192><228><1><233><143>+2<3><151><166>4<26>"
> NAS-Port-Type = Async
> Calling-Station-Id = "207798110"
> Called-Station-Id = "877880070"
> Service-Type = Framed-User
> NAS-IP-Address = 195.169.131.8
>
> Sat Feb 22 19:11:36 2003: DEBUG: Handling request with Handler
> 'Realm=ktu.nl'
> Sat Feb 22 19:11:36 2003: DEBUG: Rewrote user name to ndegroot
> Sat Feb 22 19:11:36 2003: DEBUG: Deleting session for ndegroot at ktu.nl,
> 195.169.131.8,
> Sat Feb 22 19:11:36 2003: DEBUG: Handling with Radius::AuthFILE:
> Sat Feb 22 19:11:36 2003: DEBUG: Radius::AuthFILE looks for match with
> ndegroot
> Sat Feb 22 19:11:36 2003: DEBUG: Handling with NT
> Sat Feb 22 19:11:36 2003: DEBUG: Radius::AuthFILE ACCEPT:
> Sat Feb 22 19:11:36 2003: DEBUG: Access accepted for ndegroot
> Sat Feb 22 19:11:36 2003: DEBUG: Packet dump:
> *** Sending to 131.211.16.40 port 1840 ....
> Code: Access-Accept
> Identifier: 147
> Authentic: <216>|<239><162>L<136>W<5>@<139>bc<155><16><170><183>
> Attributes:
>
> Sat Feb 22 19:11:38 2003: DEBUG: Packet dump:
> *** Received from 131.211.16.41 port 49278 ....
> Code: Access-Request
> Identifier: 145
> Authentic: <216>|<239><162>L<136>W<5>@<139>bc<155><16><170><183>
> Attributes:
> Framed-Protocol = PPP
> User-Name = "ndegroot at ktu.nl"
> User-Password =
> "<157>.<234>.<192><228><1><233><143>+2<3><151><166>4<26>"
> NAS-Port-Type = Async
> Calling-Station-Id = "207798110"
> Called-Station-Id = "877880070"
> Service-Type = Framed-User
> NAS-IP-Address = 195.169.131.8
>
> Sat Feb 22 19:11:38 2003: DEBUG: Handling request with Handler
> 'Realm=ktu.nl'
> Sat Feb 22 19:11:38 2003: DEBUG: Rewrote user name to ndegroot
> Sat Feb 22 19:11:38 2003: DEBUG: Deleting session for ndegroot at ktu.nl,
> 195.169.131.8,
> Sat Feb 22 19:11:38 2003: DEBUG: Handling with Radius::AuthFILE:
> Sat Feb 22 19:11:38 2003: DEBUG: Radius::AuthFILE looks for match with
> ndegroot
> Sat Feb 22 19:11:38 2003: DEBUG: Handling with NT
> Sat Feb 22 19:11:38 2003: DEBUG: Radius::AuthFILE ACCEPT:
> Sat Feb 22 19:11:38 2003: DEBUG: Access accepted for ndegroot
> Sat Feb 22 19:11:38 2003: DEBUG: Packet dump:
> *** Sending to 131.211.16.41 port 49278 ....
> Code: Access-Accept
> Identifier: 145
> Authentic: <216>|<239><162>L<136>W<5>@<139>bc<155><16><170><183>
> Attributes:
>
> Sat Feb 22 19:11:38 2003: DEBUG: Packet dump:
> *** Received from 131.211.16.40 port 1840 ....
> Code: Access-Request
> Identifier: 146
> Authentic: <216>|<239><162>L<136>W<5>@<139>bc<155><16><170><183>
> Attributes:
> Framed-Protocol = PPP
> User-Name = "ndegroot at ktu.nl"
> User-Password =
> "<157>.<234>.<192><228><1><233><143>+2<3><151><166>4<26>"
> NAS-Port-Type = Async
> Calling-Station-Id = "207798110"
> Called-Station-Id = "877880070"
> Service-Type = Framed-User
> NAS-IP-Address = 195.169.131.8
>
> Sat Feb 22 19:11:38 2003: DEBUG: Handling request with Handler
> 'Realm=ktu.nl'
> Sat Feb 22 19:11:38 2003: DEBUG: Rewrote user name to ndegroot
> Sat Feb 22 19:11:38 2003: DEBUG: Deleting session for ndegroot at ktu.nl,
> 195.169.131.8,
> Sat Feb 22 19:11:38 2003: DEBUG: Handling with Radius::AuthFILE:
> Sat Feb 22 19:11:38 2003: DEBUG: Radius::AuthFILE looks for match with
> ndegroot
> Sat Feb 22 19:11:38 2003: DEBUG: Handling with NT
> Sat Feb 22 19:11:39 2003: DEBUG: Radius::AuthFILE ACCEPT:
> Sat Feb 22 19:11:39 2003: DEBUG: Access accepted for ndegroot
> Sat Feb 22 19:11:39 2003: DEBUG: Packet dump:
> *** Sending to 131.211.16.40 port 1840 ....
> Code: Access-Accept
> Identifier: 146
> Authentic: <216>|<239><162>L<136>W<5>@<139>bc<155><16><170><183>
> Attributes:
>
> Sat Feb 22 19:11:39 2003: DEBUG: Packet dump:
> *** Received from 131.211.16.40 port 1840 ....
> Code: Access-Request
> Identifier: 148
> Authentic: <216>|<239><162>L<136>W<5>@<139>bc<155><16><170><183>
> Attributes:
> Framed-Protocol = PPP
> User-Name = "ndegroot at ktu.nl"
> User-Password =
> "<157>.<234>.<192><228><1><233><143>+2<3><151><166>4<26>"
> NAS-Port-Type = Async
> Calling-Station-Id = "207798110"
> Called-Station-Id = "877880070"
> Service-Type = Framed-User
> NAS-IP-Address = 195.169.131.8
>
> Sat Feb 22 19:11:39 2003: DEBUG: Handling request with Handler
> 'Realm=ktu.nl'
> Sat Feb 22 19:11:39 2003: DEBUG: Rewrote user name to ndegroot
> Sat Feb 22 19:11:39 2003: DEBUG: Deleting session for ndegroot at ktu.nl,
> 195.169.131.8,
> Sat Feb 22 19:11:39 2003: DEBUG: Handling with Radius::AuthFILE:
> Sat Feb 22 19:11:39 2003: DEBUG: Radius::AuthFILE looks for match with
> ndegroot
> Sat Feb 22 19:11:39 2003: DEBUG: Handling with NT
> Sat Feb 22 19:11:39 2003: DEBUG: Radius::AuthFILE ACCEPT:
> Sat Feb 22 19:11:39 2003: DEBUG: Access accepted for ndegroot
> Sat Feb 22 19:11:39 2003: DEBUG: Packet dump:
> *** Sending to 131.211.16.40 port 1840 ....
> Code: Access-Accept
> Identifier: 148
> Authentic: <216>|<239><162>L<136>W<5>@<139>bc<155><16><170><183>
> Attributes:
>
> Sat Feb 22 19:11:40 2003: DEBUG: Packet dump:
> *** Received from 131.211.16.40 port 1840 ....
> Code: Access-Request
> Identifier: 145
> Authentic: <216>|<239><162>L<136>W<5>@<139>bc<155><16><170><183>
> Attributes:
> Framed-Protocol = PPP
> User-Name = "ndegroot at ktu.nl"
> User-Password =
> "<157>.<234>.<192><228><1><233><143>+2<3><151><166>4<26>"
> NAS-Port-Type = Async
> Calling-Station-Id = "207798110"
> Called-Station-Id = "877880070"
> Service-Type = Framed-User
> NAS-IP-Address = 195.169.131.8
>
> Sat Feb 22 19:11:40 2003: DEBUG: Handling request with Handler
> 'Realm=ktu.nl'
> Sat Feb 22 19:11:40 2003: DEBUG: Rewrote user name to ndegroot
> Sat Feb 22 19:11:40 2003: DEBUG: Deleting session for ndegroot at ktu.nl,
> 195.169.131.8,
> Sat Feb 22 19:11:40 2003: DEBUG: Handling with Radius::AuthFILE:
> Sat Feb 22 19:11:40 2003: DEBUG: Radius::AuthFILE looks for match with
> ndegroot
> Sat Feb 22 19:11:40 2003: DEBUG: Handling with NT
> Sat Feb 22 19:11:41 2003: DEBUG: Radius::AuthFILE ACCEPT:
> Sat Feb 22 19:11:41 2003: DEBUG: Access accepted for ndegroot
> Sat Feb 22 19:11:41 2003: DEBUG: Packet dump:
> *** Sending to 131.211.16.40 port 1840 ....
> Code: Access-Accept
> Identifier: 145
> Authentic: <216>|<239><162>L<136>W<5>@<139>bc<155><16><170><183>
> Attributes:
>
> Sat Feb 22 19:11:41 2003: DEBUG: Packet dump:
> *** Received from 131.211.16.40 port 1840 ....
> Code: Access-Request
> Identifier: 147
> Authentic: <216>|<239><162>L<136>W<5>@<139>bc<155><16><170><183>
> Attributes:
> Framed-Protocol = PPP
> User-Name = "ndegroot at ktu.nl"
> User-Password =
> "<157>.<234>.<192><228><1><233><143>+2<3><151><166>4<26>"
> NAS-Port-Type = Async
> Calling-Station-Id = "207798110"
> Called-Station-Id = "877880070"
> Service-Type = Framed-User
> NAS-IP-Address = 195.169.131.8
>
> Sat Feb 22 19:11:41 2003: DEBUG: Handling request with Handler
> 'Realm=ktu.nl'
> Sat Feb 22 19:11:41 2003: DEBUG: Rewrote user name to ndegroot
> Sat Feb 22 19:11:41 2003: DEBUG: Deleting session for ndegroot at ktu.nl,
> 195.169.131.8,
> Sat Feb 22 19:11:41 2003: DEBUG: Handling with Radius::AuthFILE:
> Sat Feb 22 19:11:41 2003: DEBUG: Radius::AuthFILE looks for match with
> ndegroot
> Sat Feb 22 19:11:41 2003: DEBUG: Handling with NT
> Sat Feb 22 19:11:41 2003: DEBUG: Radius::AuthFILE ACCEPT:
> Sat Feb 22 19:11:41 2003: DEBUG: Access accepted for ndegroot
> Sat Feb 22 19:11:41 2003: DEBUG: Packet dump:
> *** Sending to 131.211.16.40 port 1840 ....
> Code: Access-Accept
> Identifier: 147
> Authentic: <216>|<239><162>L<136>W<5>@<139>bc<155><16><170><183>
> Attributes:
>
> Sat Feb 22 19:11:41 2003: DEBUG: Packet dump:
> *** Received from 131.211.16.41 port 49278 ....
> Code: Access-Request
> Identifier: 146
> Authentic: <216>|<239><162>L<136>W<5>@<139>bc<155><16><170><183>
> Attributes:
> Framed-Protocol = PPP
> User-Name = "ndegroot at ktu.nl"
> User-Password =
> "<157>.<234>.<192><228><1><233><143>+2<3><151><166>4<26>"
> NAS-Port-Type = Async
> Calling-Station-Id = "207798110"
> Called-Station-Id = "877880070"
> Service-Type = Framed-User
> NAS-IP-Address = 195.169.131.8
>
> Sat Feb 22 19:11:41 2003: DEBUG: Handling request with Handler
> 'Realm=ktu.nl'
> Sat Feb 22 19:11:41 2003: DEBUG: Rewrote user name to ndegroot
> Sat Feb 22 19:11:41 2003: DEBUG: Deleting session for ndegroot at ktu.nl,
> 195.169.131.8,
> Sat Feb 22 19:11:41 2003: DEBUG: Handling with Radius::AuthFILE:
> Sat Feb 22 19:11:41 2003: DEBUG: Radius::AuthFILE looks for match with
> ndegroot
> Sat Feb 22 19:11:41 2003: DEBUG: Handling with NT
> Sat Feb 22 19:11:41 2003: DEBUG: Radius::AuthFILE ACCEPT:
> Sat Feb 22 19:11:41 2003: DEBUG: Access accepted for ndegroot
> Sat Feb 22 19:11:41 2003: DEBUG: Packet dump:
> *** Sending to 131.211.16.41 port 49278 ....
> Code: Access-Accept
> Identifier: 146
> Authentic: <216>|<239><162>L<136>W<5>@<139>bc<155><16><170><183>
> Attributes:
>
> Sat Feb 22 19:11:42 2003: DEBUG: Packet dump:
> *** Received from 131.211.16.41 port 49278 ....
> Code: Access-Request
> Identifier: 147
> Authentic: <216>|<239><162>L<136>W<5>@<139>bc<155><16><170><183>
> Attributes:
> Framed-Protocol = PPP
> User-Name = "ndegroot at ktu.nl"
> User-Password =
> "<157>.<234>.<192><228><1><233><143>+2<3><151><166>4<26>"
> NAS-Port-Type = Async
> Calling-Station-Id = "207798110"
> Called-Station-Id = "877880070"
> Service-Type = Framed-User
> NAS-IP-Address = 195.169.131.8
>
> Sat Feb 22 19:11:42 2003: DEBUG: Handling request with Handler
> 'Realm=ktu.nl'
> Sat Feb 22 19:11:42 2003: DEBUG: Rewrote user name to ndegroot
> Sat Feb 22 19:11:42 2003: DEBUG: Deleting session for ndegroot at ktu.nl,
> 195.169.131.8,
> Sat Feb 22 19:11:42 2003: DEBUG: Handling with Radius::AuthFILE:
> Sat Feb 22 19:11:42 2003: DEBUG: Radius::AuthFILE looks for match with
> ndegroot
> Sat Feb 22 19:11:42 2003: DEBUG: Handling with NT
> Sat Feb 22 19:11:42 2003: DEBUG: Radius::AuthFILE ACCEPT:
> Sat Feb 22 19:11:42 2003: DEBUG: Access accepted for ndegroot
> Sat Feb 22 19:11:42 2003: DEBUG: Packet dump:
> *** Sending to 131.211.16.41 port 49278 ....
> Code: Access-Accept
> Identifier: 147
> Authentic: <216>|<239><162>L<136>W<5>@<139>bc<155><16><170><183>
> Attributes:
>
> Sat Feb 22 19:11:42 2003: DEBUG: Packet dump:
> *** Received from 131.211.16.41 port 49278 ....
> Code: Access-Request
> Identifier: 145
> Authentic: <216>|<239><162>L<136>W<5>@<139>bc<155><16><170><183>
> Attributes:
> Framed-Protocol = PPP
> User-Name = "ndegroot at ktu.nl"
> User-Password =
> "<157>.<234>.<192><228><1><233><143>+2<3><151><166>4<26>"
> NAS-Port-Type = Async
> Calling-Station-Id = "207798110"
> Called-Station-Id = "877880070"
> Service-Type = Framed-User
> NAS-IP-Address = 195.169.131.8
>
> Sat Feb 22 19:11:42 2003: DEBUG: Handling request with Handler
> 'Realm=ktu.nl'
> Sat Feb 22 19:11:42 2003: DEBUG: Rewrote user name to ndegroot
> Sat Feb 22 19:11:42 2003: DEBUG: Deleting session for ndegroot at ktu.nl,
> 195.169.131.8,
> Sat Feb 22 19:11:42 2003: DEBUG: Handling with Radius::AuthFILE:
> Sat Feb 22 19:11:42 2003: DEBUG: Radius::AuthFILE looks for match with
> ndegroot
> Sat Feb 22 19:11:42 2003: DEBUG: Handling with NT
> Sat Feb 22 19:11:42 2003: DEBUG: Radius::AuthFILE ACCEPT:
> Sat Feb 22 19:11:42 2003: DEBUG: Access accepted for ndegroot
> Sat Feb 22 19:11:42 2003: DEBUG: Packet dump:
> *** Sending to 131.211.16.41 port 49278 ....
> Code: Access-Accept
> Identifier: 145
> Authentic: <216>|<239><162>L<136>W<5>@<139>bc<155><16><170><183>
> Attributes:
>
>
>
>
>
> #repeats likes this some until timeout by requesting remote access
> client
>
>
> ----- Original Message -----
> From: "Hugh Irvine" <hugh at open.com.au>
> To: "Nico de Groot" <ndegroot at ktu.nl>
> Cc: <radiator at open.com.au>
> Sent: Sunday, February 23, 2003 12:04 AM
> Subject: Re: (RADIATOR) Re: Radiator on Windows 2000 AuthbyNT hangs
> (addition)
>
>
>>
>> Hello Nico -
>>
>> Thanks for keeping us up to date with your testing.
>>
>> It would be very helpful to see a copy of your configuration file (no
>> secrets), together with a more complete trace 4 debug showing what is
>> going on with multiple requests and responses.
>>
>> You should use a packet sniffer to check the actual requests received
>> and sent on the wire (I think Windows NT includes one - I don't know
>> about 2000). The port number that is being used by your radius client
>> to send the radius request is 49278 as shown below. This is the port
>> number that Radiator is sending the response to.
>>
>>> Sat Feb 22 19:12:16 2003: DEBUG: Packet dump:
>>> *** Received from 131.211.16.41 port 49278 ....
>>
>> regards
>>
>> Hugh
>>
>>
>> On Sunday, Feb 23, 2003, at 07:01 Australia/Melbourne, Nico de Groot
>> wrote:
>>
>>> First question
>>>
>>> I switched to Radiator 3.5 (done a lot of switching lately) This
>>> gives
>>> some
>>> more information. And now Radiator doesn't hang . The logfile
>>> records
>>> that
>>> request are received. After that a successful lookup is done en the
>>> Access-Accept is send (see below). But directly after that new
>>> requests are
>>> received and returned. It seems that the upsteam Radiusserver isn't
>>> listening or that reverse communication is blocked. Is the port
>>> number
>>> ok?
>>> My cfg says 1840.
>>> Is there anything I can do to to improve or check the reverse
>>> communication?
>>>
>>> Second question
>>>
>>> At least my Radius server is doing the NT lookup correctly. Except,
>>> the
>>> console output gives for a succesfull lookup
>>> result 1 error 87
>>> This error code means ERROR_INVALID_PARAMETER But it is working.
>>> source :errorcodes
>>> http://msdn.microsoft.com/library/default.asp?url=/library/en-us/
>>> debug/base/
>>> system_error_codes.asp
>>>
>>> Nico de Groot
>>> KTU
>>>
>>>> From log ----
>>>
>>> Sat Feb 22 19:12:16 2003: DEBUG: Packet dump:
>>> *** Received from 131.211.16.41 port 49278 ....
>>> Code: Access-Request
>>> Identifier: 151
>>> Authentic: <216>|<239><162>L<136>W<5>@<139>bc<155><16><170><183>
>>> Attributes:
>>> Framed-Protocol = PPP
>>> User-Name = "ndegroot at ktu.nl"
>>> User-Password =
>>> "<157>.<234>.<192><228><1><233><143>+2<3><151><166>4<26>"
>>> NAS-Port-Type = Async
>>> Calling-Station-Id = "207798110"
>>> Called-Station-Id = "877880070"
>>> Service-Type = Framed-User
>>> NAS-IP-Address = 195.169.131.8
>>>
>>> Sat Feb 22 19:12:16 2003: DEBUG: Handling request with Handler
>>> 'Realm=ktu.nl'
>>> Sat Feb 22 19:12:16 2003: DEBUG: Rewrote user name to ndegroot
>>> Sat Feb 22 19:12:16 2003: DEBUG: Deleting session for
>>> ndegroot at ktu.nl,
>>> 195.169.131.8,
>>> Sat Feb 22 19:12:16 2003: DEBUG: Handling with Radius::AuthFILE:
>>> Sat Feb 22 19:12:16 2003: DEBUG: Radius::AuthFILE looks for match
>>> with
>>> ndegroot
>>> Sat Feb 22 19:12:16 2003: DEBUG: Handling with NT
>>> Sat Feb 22 19:12:16 2003: DEBUG: Radius::AuthFILE ACCEPT:
>>> Sat Feb 22 19:12:16 2003: DEBUG: Access accepted for ndegroot
>>> Sat Feb 22 19:12:16 2003: DEBUG: Packet dump:
>>> *** Sending to 131.211.16.41 port 49278 ....
>>> Code: Access-Accept
>>> Identifier: 151
>>> Authentic: <216>|<239><162>L<136>W<5>@<139>bc<155><16><170><183>
>>> Attributes:
>>>
>>> ===
>>> Archive at http://www.open.com.au/archives/radiator/
>>> Announcements on radiator-announce at open.com.au
>>> To unsubscribe, email 'majordomo at open.com.au' with
>>> 'unsubscribe radiator' in the body of the message.
>>>
>>>
>>
>> --
>> Radiator: the most portable, flexible and configurable RADIUS server
>> anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
>> -
>> Nets: internetwork inventory and management - graphical, extensible,
>> flexible with hardware, software, platform and database independence.
>>
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list