FW: (RADIATOR) No reply - Proxy does not catch the Request
Lengacher Stefan
Stefan.Lengacher at weroam.com
Fri Jul 16 01:44:22 CDT 2004
Hi Hugh
Yes, i'm sure that radiator is running on my test system.
This is what happens when i do this locally:
---------------------------------------------
[root at RAdminTest radiator]# radpwtst -s 127.0.0.1 -secret xxxx -auth_port 1645 -noacct -user lemy -password marcelluswallace -trace 4 Reading dictionary file './dictionary' sending Access-Request... Packet dump:
*** Sending to 127.0.0.1 port 1645 ....
Code: Access-Request
Identifier: 149
Authentic: 1234567890123456
Attributes:
User-Name = "lemy"
Service-Type = Framed-User
NAS-IP-Address = 203.63.154.1
NAS-Port = 1234
Called-Station-Id = "123456789"
Calling-Station-Id = "987654321"
NAS-Port-Type = Async
User-Password = "<148><234>-<206><202>0h<131><207>Oh<204><180><28><27><252>^k<252><16><216>KG<129><13><18>*<210><151><145><245><205>"
Packet dump:
*** Received from 127.0.0.1 port 1645 ....
Code: Access-Accept
Identifier: 149
Authentic: <148><139>L9[u<205>W&D<197>6Mb<161>#
Attributes:
OK
-------------------------------------------------
And the Logfile:
-------------------------------------------------
Fri Jul 16 08:17:07 2004: DEBUG: Packet dump:
*** Received from 127.0.0.1 port 1029 ....
Code: Access-Request
Identifier: 142
Authentic: 1234567890123456
Attributes:
User-Name = "lemy"
Service-Type = Framed-User
NAS-IP-Address = 203.63.154.1
NAS-Port = 1234
Called-Station-Id = "123456789"
Calling-Station-Id = "987654321"
NAS-Port-Type = Async
User-Password = "<148><234>-<206><202>0h<131><207>Oh<204><180><28><27><252>^k<252><16><216>KG<129><13><18>*<210><151><145><245><205>"
Fri Jul 16 08:17:07 2004: DEBUG: Handling request with Handler 'Realm=DEFAULT' Fri Jul 16 08:17:07 2004: DEBUG: Deleting session for lemy, 203.63.154.1, 1234 Fri Jul 16 08:17:07 2004: DEBUG: Handling with Radius::AuthFILE: Fri Jul 16 08:17:07 2004: DEBUG: Radius::AuthFILE looks for match with lemy Fri Jul 16 08:17:07 2004: DEBUG: Radius::AuthFILE ACCEPT: Fri Jul 16 08:17:07 2004: DEBUG: Access accepted for lemy Fri Jul 16 08:17:07 2004: DEBUG: Packet dump:
*** Sending to 127.0.0.1 port 1029 ....
Code: Access-Accept
Identifier: 142
Authentic: 1234567890123456
Attributes:
Fri Jul 16 08:17:14 2004: DEBUG: Packet dump:
*** Received from 127.0.0.1 port 1029 ....
Code: Access-Request
Identifier: 149
Authentic: 1234567890123456
Attributes:
User-Name = "lemy"
Service-Type = Framed-User
NAS-IP-Address = 203.63.154.1
NAS-Port = 1234
Called-Station-Id = "123456789"
Calling-Station-Id = "987654321"
NAS-Port-Type = Async
User-Password = "<148><234>-<206><202>0h<131><207>Oh<204><180><28><27><252>^k<252><16><216>KG<129><13><18>*<210><151><145><245><205>"
Fri Jul 16 08:17:14 2004: DEBUG: Handling request with Handler 'Realm=DEFAULT' Fri Jul 16 08:17:14 2004: DEBUG: Deleting session for lemy, 203.63.154.1, 1234 Fri Jul 16 08:17:14 2004: DEBUG: Handling with Radius::AuthFILE: Fri Jul 16 08:17:14 2004: DEBUG: Radius::AuthFILE looks for match with lemy Fri Jul 16 08:17:14 2004: DEBUG: Radius::AuthFILE ACCEPT: Fri Jul 16 08:17:14 2004: DEBUG: Access accepted for lemy Fri Jul 16 08:17:14 2004: DEBUG: Packet dump:
*** Sending to 127.0.0.1 port 1029 ....
Code: Access-Accept
Identifier: 149
Authentic: 1234567890123456
Attributes:
-------------------------------------------------
So, locally it seems to work for me or am i wrong?
Kindly Regards,
Stefan
-----Original Message-----
From: Hugh Irvine [mailto:hugh at open.com.au]
Sent: Freitag, 16. Juli 2004 03:41
To: Lengacher Stefan
Cc: radiator at open.com.au
Subject: Re: (RADIATOR) No reply - Proxy does not catch the Request
Hello Stefan -
As far as I can see what you are trying to do should work.
Are you sure that Radiator is running on the testing host when you try
your tests?
And what does the local radpwtst show on the testing host?
regards
Hugh
On 16 Jul 2004, at 01:18, Lengacher Stefan wrote:
> Hello all
>
> I'm playing around with Radmin now and therefore i just installed a
> _simple and thin_ radiator on the same machine for this purpose.
> Radmin works fine with the appropriate Radiator. Now i'm trying to use
> this installation with our working radiator environment. This means:
>
> We have a working Radius Proxy (Radiator) which now tries to do
> Auth-Requests on my testing Radiator where i'm playing around with
> Radmin.
>
> I can successful use radpwtst on my testing radius locally. It works
> with my defined user. I can successful use radpwtst on my testing
> radius against the working
> radiator. It works with the users which are defined in the working
> environment.
> Unfortunately vice-versa does not work. I get no reply from the
> testing radiator on the request from the working one.
>
> It is not a routing/networking issue since i see on my testing
> computer (using tcpdump) that the requests arrives correctly on
> udp-port 1645 (as defined). On the testing side nothing gets logged
> (using Trace 4!). On the working side i get:
>
> INFO: AuthRADIUS: No reply after 3 retransmissions to xxx.xxx.xxx.xxx
> for lemy at lemy.ch (226)
> INFO: AuthRADIUS could not find a working host to forward to.
> Ignoring. (you can see the whole downwards)
>
> This is the request i sent on my working radius machine:
> -----------------------------------------------------------
> Radpwtst -s 127.0.0.1 -secret xxxx -auth_port 11812 -noacct -user
> lemy at lemy.ch -password xxxxxxxx -trace 4
> -----------------------------------------------------------
>
> On the test-machine, tcpdump gives me:
> -----------------------------------------------------------
> [root at RAdminTest radiator]# tcpdump -i eth0 -t udp
> tcpdump: listening on eth0
> 195.141.161.202.32841 > 195.141.161.230.datametrics: rad-access-req
> 114 [id 11] Attr[ User{lemy at lemy.ch} Service_type{Framed}
> NAS_ipaddr{oscar.open.com.au} NAS_port{1234} [|radius] (DF)
> 195.141.161.230.1029 > ns2.togewa.com.domain: 36594+ PTR?
> 230.161.141.195.in-addr.arpa. (46) (DF)
> ns2.togewa.com.domain > 195.141.161.230.1029: 36594 NXDomain* 0/1/0
> (131)
> 195.141.161.230.1029 > ns2.togewa.com.domain: 36595+ PTR?
> 202.161.141.195.in-addr.arpa. (46) (DF)
> ns2.togewa.com.domain > 195.141.161.230.1029: 36595 NXDomain* 0/1/0
> (131)
> 195.141.161.230.1029 > ns2.togewa.com.domain: 36596+ PTR?
> 1.154.63.203.in-addr.arpa. (43) (DF)
> ns2.togewa.com.domain > 195.141.161.230.1029: 36596 1/0/0 (74)
> 195.141.161.230.1029 > ns2.togewa.com.domain: 36597+ PTR?
> 10.149.2.62.in-addr.arpa. (42) (DF)
> ns2.togewa.com.domain > 195.141.161.230.1029: 36597* 1/0/0
> PTR[|domain]
> 195.141.161.202.32841 > 195.141.161.230.datametrics: rad-access-req
> 114 [id 11] Attr[ User{lemy at lemy.ch} Service_type{Framed}
> NAS_ipaddr{oscar.open.com.au} NAS_port{1234} [|radius] (DF)
> 195.141.161.202.32841 > 195.141.161.230.datametrics: rad-access-req
> 114 [id 11] Attr[ User{lemy at lemy.ch} Service_type{Framed}
> NAS_ipaddr{oscar.open.com.au} NAS_port{1234} [|radius] (DF)
> 195.141.161.202.32841 > 195.141.161.230.datametrics: rad-access-req
> 114 [id 11] Attr[ User{lemy at lemy.ch} Service_type{Framed}
> NAS_ipaddr{oscar.open.com.au} NAS_port{1234} [|radius] (DF)
> -----------------------------------------------------------
> This means, the request arrives at my testing machine and since there
> is no firewall on it running, this is really no networking/routing
> issue.
>
> These are the files on the working machine (well not the whole, just
> the parts catching this case since these files are really big ;-):
>
> Radius.cfg:
> ------------------
> AuthPort 11812
> AcctPort 11814
>
> Trace 4
>
> <Realm lemy.ch>
> <AuthBy RADIUS>
> Host xxx.xxx.xxx.xxx (this is the ip of the testing machine)
> Secret <snipped>
> AuthPort 1645
> AcctPort 1646
> </AuthBy>
> </Realm>
> ------------------ /Radius.cfg
>
> Logfile:
> ------------------
> *** Received from 127.0.0.1 port 32840 ....
> Code: Access-Request
> Identifier: 226
> Authentic: 1234567890123456
> Attributes:
> User-Name = "lemy at lemy.ch"
> Service-Type = Framed-User
> NAS-IP-Address = 203.63.154.1
> NAS-Port = 1234
> Called-Station-Id = "123456789"
> Calling-Station-Id = "987654321"
> NAS-Port-Type = Async
> User-Password =
> "<134><238><29><182><146><18><178><199><9><176><151><4><230>g[<229>g<1
> 6
> 5>"<167><202><241><192><155>"<25><178>B<28><223>)<17>"
>
> Thu Jul 15 16:32:20 2004: DEBUG: Rewrote user name to lemy at lemy.ch Thu
> Jul 15 16:32:20 2004: DEBUG: Handling request with Handler
> 'Realm=lemy.ch'
> Thu Jul 15 16:32:20 2004: DEBUG: Deleting session for lemy at lemy.ch,
> 203.63.154.1, 1234
> Thu Jul 15 16:32:20 2004: DEBUG: do query is: 'delete from RADONLINE
> where NASIDENTIFIER='203.63.154.1' and NASPORT=01234':
>
> Thu Jul 15 16:32:20 2004: DEBUG: Handling with Radius::AuthRADIUS Thu
> Jul 15 16:32:20 2004: DEBUG: Packet dump:
> *** Sending to 195.141.161.230 port 1645 ....
> Code: Access-Request
> Identifier: 9
> Authentic: 1234567890123456
> Attributes:
> User-Name = "lemy at lemy.ch"
> Service-Type = Framed-User
> NAS-IP-Address = 203.63.154.1
> NAS-Port = 1234
> Called-Station-Id = "123456789"
> Calling-Station-Id = "987654321"
> NAS-Port-Type = Async
> User-Password =
> "z<252>Nk<159><205><0>i*'g<178><12>U<133><189>U5<203><225><198><227><25
> 0><249><250><245><235>|5<25><182><216>"
>
> Thu Jul 15 16:32:25 2004: DEBUG: Timed out, retransmitting Thu Jul 15
> 16:32:25 2004: DEBUG: Packet dump:
> *** Sending to 195.141.161.230 port 1645 ....
> Code: Access-Request
> Identifier: 9
> Authentic: 1234567890123456
> Attributes:
> User-Name = "lemy at lemy.ch"
> Service-Type = Framed-User
> NAS-IP-Address = 203.63.154.1
> NAS-Port = 1234
> Called-Station-Id = "123456789"
> Calling-Station-Id = "987654321"
> NAS-Port-Type = Async
> User-Password =
> "z<252>Nk<159><205><0>i*'g<178><12>U<133><189>U5<203><225><198><227><25
> 0><249><250><245><235>|5<25><182><216>"
>
> Thu Jul 15 16:32:30 2004: DEBUG: Timed out, retransmitting Thu Jul 15
> 16:32:30 2004: DEBUG: Packet dump:
> *** Sending to 195.141.161.230 port 1645 ....
> Code: Access-Request
> Identifier: 9
> Authentic: 1234567890123456
> Attributes:
> User-Name = "lemy at lemy.ch"
> Service-Type = Framed-User
> NAS-IP-Address = 203.63.154.1
> NAS-Port = 1234
> Called-Station-Id = "123456789"
> Calling-Station-Id = "987654321"
> NAS-Port-Type = Async
> User-Password =
> "z<252>Nk<159><205><0>i*'g<178><12>U<133><189>U5<203><225><198><227><25
> 0><249><250><245><235>|5<25><182><216>"
>
> Thu Jul 15 16:32:35 2004: DEBUG: Timed out, retransmitting Thu Jul 15
> 16:32:35 2004: DEBUG: Packet dump:
> *** Sending to 195.141.161.230 port 1645 ....
> Code: Access-Request
> Identifier: 9
> Authentic: 1234567890123456
> Attributes:
> User-Name = "lemy at lemy.ch"
> Service-Type = Framed-User
> NAS-IP-Address = 203.63.154.1
> NAS-Port = 1234
> Called-Station-Id = "123456789"
> Calling-Station-Id = "987654321"
> NAS-Port-Type = Async
> User-Password =
> "z<252>Nk<159><205><0>i*'g<178><12>U<133><189>U5<203><225><198><227><25
> 0><249><250><245><235>|5<25><182><216>"
>
> Thu Jul 15 16:32:40 2004: INFO: AuthRADIUS: No reply after 3
> retransmissions to 195.141.161.230:1645 for lemy at lemy.ch (226)
> Thu Jul 15 16:32:40 2004: INFO: AuthRADIUS could not find a working
> host to forward to. Ignoring
> ------------------------ /Logfile
>
> And finally, these are the _small and thin_ files on my testing
> environment:
>
> Radius.cfg
> ---------------------------
> AuthPort 1645
> AcctPort 1646
> Trace 4
>
> <Client 195.141.161.202>
> Secret xxxxxx
> </Client>
>
> <Client DEFAULT>
> Secret xxxxxxx
> DupInterval 0
> </Client>
>
> <Realm lemy.ch>
> RewriteUsername s/^([^@]+).*/$1/
> <AuthBy FILE>
> Filename %D/users
> </AuthBy>
> # Log accounting to a detail file
> AcctLogFileName %L/detail
> </Realm>
>
> <Realm DEFAULT>
> <AuthBy FILE>
> Filename %D/users
> </AuthBy>
> # Log accounting to a detail file
> AcctLogFileName %L/detail
> </Realm>
> ---------------------------/Radius.cfg
>
> Users
> ---------------------------
> lemy User-Password="xxxxxxxxxxxxxx"
> ---------------------------/Users
>
> Logfile:
> ---------------------------
> Thu Jul 15 17:12:32 2004: NOTICE: SIGTERM received: stopping Thu Jul
> 15 17:12:32 2004: DEBUG: Reading users file /etc/radiator/users Thu
> Jul 15 17:12:32 2004: DEBUG: Reading users file /etc/radiator/users
> Thu Jul 15 17:12:32 2004: DEBUG: Finished reading configuration file
> '/etc/radia
> tor/radius.cfg'
> Thu Jul 15 17:12:32 2004: DEBUG: Reading dictionary file
> '/etc/radiator/dictiona
> ry'
> Thu Jul 15 17:12:32 2004: DEBUG: Creating authentication port
> 0.0.0.0:1645
> Thu Jul 15 17:12:32 2004: DEBUG: Creating accounting port 0.0.0.0:1646
> Thu Jul 15 17:12:32 2004: NOTICE: Server started: Radiator 3.9 on
> RAdminTest
> ---------------------------/Logfile
>
> That's all information i got. I really hope, someone can help me,
> since rebuilding the whole testing environment is never funny at all
> :-|
>
> Regards,
>
> Stefan Lengacher
> Project & Testing Manager
>
> ____________________________________________
> WeRoam®
>
> TOGEWAnet AG / P.O. Box / Nussbaumstrasse 25
> CH-3000 Bern 22 / Switzerland
> tel. +41 31 341 10 20
> direct: +41 31 341 1126
> fax: +41 31 341 10 21
> mobile: +41 79 483 8422
> Stefan.Lengacher at weroam.com
> www.weroam.com
> ____________________________________________
> This email may contain confidential and/or privileged information
> which should not be used, copied or disclosed without permission. If
> you are not an intended recipient, please contact the sender
> immediately.
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with 'unsubscribe
> radiator' in the body of the message.
>
>
NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list