(RADIATOR) motorola canopy and radiator

Hugh Irvine hugh at open.com.au
Tue Aug 21 20:55:50 CDT 2007 

Hello Michael -

Thanks for sending the Radiator debug.

It shows Radiator sending what appears to be a correct access accept,  
with a number of reply attributes.

Can you please send us a packet dump of the access accept that is  
working from freeradius? There must be some difference in what is  
being sent.

Another possibility is that the reply from Radiator is not getting  
back to the Motorola device - can you check a debug there?

BTW - could you also send us the Motorola-Canopy-* dictionary  
definitions so we can add them to the standard Radiator dictionary?

regards

Hugh


On 22 Aug 2007, at 02:14, Michael Shoemaker wrote:

> Okie... this is the debug from radiator
>
>
> Tue Aug 21 12:07:55 2007: DEBUG: Packet dump:
> *** Received from 12.169.62.8 port 36672 ....
>
> Packet length = 84
> 01 0a 00 54 60 b1 8b 27 a2 d0 7c d6 ba 07 c4 c9
> 7c 2a b8 a0 01 0e 30 61 30 30 33 65 39 31 63 33
> 31 34 02 12 98 1b 44 17 77 ef 1f 31 7c de 82 9a
> 84 63 15 40 04 06 0c a9 3e 08 1e 0e 30 41 30 30
> 33 45 39 31 41 32 32 44 05 06 00 00 00 02 3d 06
> 00 00 00 12
> Code:       Access-Request
> Identifier: 10
> Authentic:  `<177><139>'<162><208>|<214><186><7><196><201>|*<184><160>
> Attributes:
>         User-Name = "0a003e91c314"
>         Password = "<152><27>D<23>w<239><31>1| 
> <222><130><154><132>c<21>@"
>         NAS-Identifier = 12.169.62.8
>         Client-Port-DNIS = "0A003E91A22D"
>         NAS-Port = 2
>         NAS-Port-Type = 18
>
> Tue Aug 21 12:07:55 2007: DEBUG: Rewrote user name to 0a003e91c314
> Tue Aug 21 12:07:55 2007: DEBUG: Handling request with
> Handler 'Realm=shoe.prizmtesting.net'
> Tue Aug 21 12:07:55 2007: DEBUG: Rewrote user name to 0a003e91c314
> Tue Aug 21 12:07:55 2007: DEBUG: Rewrote user name to 0a003e91c314
> Tue Aug 21 12:07:55 2007: DEBUG:  Deleting session for 0a003e91c314,
> 12.169.62.8, 2
> Tue Aug 21 12:07:55 2007: DEBUG: Handling with Radius::AuthFILE:
> Tue Aug 21 12:07:55 2007: DEBUG: Reading users
> file /etc/raddb.proxy/conf/realms/prizmuser
> Tue Aug 21 12:07:55 2007: DEBUG: Radius::AuthFILE looks for match with
> 0a003e91c314
> Tue Aug 21 12:07:55 2007: DEBUG: Radius::AuthFILE ACCEPT:
> Tue Aug 21 12:07:55 2007: DEBUG: AuthBy FILE result: ACCEPT,
> Tue Aug 21 12:07:55 2007: DEBUG: Access accepted for 0a003e91c314
> Tue Aug 21 12:07:55 2007: DEBUG: Packet dump:
> *** Sending to 12.169.62.8 port 36672 ....
>
> Packet length = 204
> 02 0a 00 cc a5 fc 85 ae fc 9b 11 f0 f5 c7 40 7a
> f5 87 e3 c8 06 06 00 00 00 02 07 06 00 00 00 01
> 09 06 ff ff ff ff 0a 06 00 00 00 00 0d 06 00 00
> 00 01 19 12 70 72 69 7a 6d 74 65 73 74 69 6e 67
> 2e 6e 65 74 1a 09 00 00 00 a1 e0 03 30 1a 0b 00
> 00 00 a1 e1 05 35 31 32 1a 0c 00 00 00 a1 e2 06
> 31 30 32 34 1a 0a 00 00 00 a1 e3 04 35 36 1a 0a
> 00 00 00 a1 e4 04 35 36 1a 09 00 00 00 a1 e5 03
> 31 1a 0c 00 00 00 a1 e6 06 32 30 30 30 1a 0c 00
> 00 00 a1 e7 06 32 30 30 30 1a 09 00 00 00 a1 e8
> 03 31 1a 0c 00 00 00 a1 e9 06 34 30 30 30 1a 0c
> 00 00 00 a1 ea 06 34 30 30 30 1a 09 00 00 00 a1
> eb 03 30 1a 09 00 00 00 a1 ec 03 31
> Code:       Access-Accept
> Identifier: 10
> Authentic:  `<177><139>'<162><208>|<214><186><7><196><201>|*<184><160>
> Attributes:
>         User-Service = Framed-User
>         Framed-Protocol = PPP
>         Framed-Netmask = 255.255.255.255
>         Framed-Routing = None
>         Framed-Compression = Van-Jacobsen-TCP-IP
>         Class = "prizmtesting.net"
>         Motorola-Canopy-Shared-Secret = "0"
>         Motorola-Canopy-SULDR = "512"
>         Motorola-Canopy-SDLDR = "1024"
>         Motorola-Canopy-ULBA = "56"
>         Motorola-Canopy-DLBA = "56"
>         Motorola-Canopy-Enable = "1"
>         Motorola-Canopy-LPSULDR = "2000"
>         Motorola-Canopy-LPSDLDR = "2000"
>         Motorola-Canopy-HPCENABLE = "1"
>         Motorola-Canopy-HPSULDR = "4000"
>         Motorola-Canopy-HPSDLDR = "4000"
>         Motorola-Canopy-HIGHERBW = "0"
>         Motorola-Canopy-CIRENABLE = "1"
>
> Tue Aug 21 12:07:56 2007: DEBUG: Packet dump:
> *** Received from 12.169.62.8 port 36672 ....
>
> Packet length = 84
> 01 0b 00 54 60 b1 8b 27 a2 d0 7c d6 ba 07 c4 c9
> 7c 2a b8 a0 01 0e 30 61 30 30 33 65 39 31 63 33
> 31 34 02 12 98 1b 44 17 77 ef 1f 31 7c de 82 9a
> 84 63 15 40 04 06 0c a9 3e 08 1e 0e 30 41 30 30
> 33 45 39 31 41 32 32 44 05 06 00 00 00 00 3d 06
> 00 00 00 12
> Code:       Access-Request
> Identifier: 11
> Authentic:  `<177><139>'<162><208>|<214><186><7><196><201>|*<184><160>
> Attributes:
>         User-Name = "0a003e91c314"
>         Password = "<152><27>D<23>w<239><31>1| 
> <222><130><154><132>c<21>@"
>         NAS-Identifier = 12.169.62.8
>         Client-Port-DNIS = "0A003E91A22D"
>         NAS-Port = 0
>         NAS-Port-Type = 18
>
> Tue Aug 21 12:07:56 2007: DEBUG: Rewrote user name to 0a003e91c314
> Tue Aug 21 12:07:56 2007: DEBUG: Handling request with
> Handler 'Realm=shoe.prizmtesting.net'
> Tue Aug 21 12:07:56 2007: DEBUG: Rewrote user name to 0a003e91c314
> Tue Aug 21 12:07:56 2007: DEBUG: Rewrote user name to 0a003e91c314
> Tue Aug 21 12:07:56 2007: DEBUG:  Deleting session for 0a003e91c314,
> 12.169.62.8, 0
> Tue Aug 21 12:07:56 2007: DEBUG: Handling with Radius::AuthFILE:
> Tue Aug 21 12:07:56 2007: DEBUG: Radius::AuthFILE looks for match with
> 0a003e91c314
> Tue Aug 21 12:07:56 2007: DEBUG: Radius::AuthFILE ACCEPT:
> Tue Aug 21 12:07:56 2007: DEBUG: AuthBy FILE result: ACCEPT,
> Tue Aug 21 12:07:56 2007: DEBUG: Access accepted for 0a003e91c314
> Tue Aug 21 12:07:56 2007: DEBUG: Packet dump:
> *** Sending to 12.169.62.8 port 36672 ....
>
> Packet length = 204
> 02 0b 00 cc 87 6f 0d d7 79 49 f6 20 bd bf 98 48
> 79 b9 fb 3b 06 06 00 00 00 02 07 06 00 00 00 01
> 09 06 ff ff ff ff 0a 06 00 00 00 00 0d 06 00 00
> 00 01 19 12 70 72 69 7a 6d 74 65 73 74 69 6e 67
> 2e 6e 65 74 1a 09 00 00 00 a1 e0 03 30 1a 0b 00
> 00 00 a1 e1 05 35 31 32 1a 0c 00 00 00 a1 e2 06
> 31 30 32 34 1a 0a 00 00 00 a1 e3 04 35 36 1a 0a
> 00 00 00 a1 e4 04 35 36 1a 09 00 00 00 a1 e5 03
> 31 1a 0c 00 00 00 a1 e6 06 32 30 30 30 1a 0c 00
> 00 00 a1 e7 06 32 30 30 30 1a 09 00 00 00 a1 e8
> 03 31 1a 0c 00 00 00 a1 e9 06 34 30 30 30 1a 0c
> 00 00 00 a1 ea 06 34 30 30 30 1a 09 00 00 00 a1
> eb 03 30 1a 09 00 00 00 a1 ec 03 31
> Code:       Access-Accept
> Identifier: 11
> Authentic:  `<177><139>'<162><208>|<214><186><7><196><201>|*<184><160>
> Attributes:
>         User-Service = Framed-User
>         Framed-Protocol = PPP
>         Framed-Netmask = 255.255.255.255
>         Framed-Routing = None
>         Framed-Compression = Van-Jacobsen-TCP-IP
>         Class = "prizmtesting.net"
>         Motorola-Canopy-Shared-Secret = "0"
>         Motorola-Canopy-SULDR = "512"
>         Motorola-Canopy-SDLDR = "1024"
>         Motorola-Canopy-ULBA = "56"
>         Motorola-Canopy-DLBA = "56"
>         Motorola-Canopy-Enable = "1"
>         Motorola-Canopy-LPSULDR = "2000"
>         Motorola-Canopy-LPSDLDR = "2000"
>         Motorola-Canopy-HPCENABLE = "1"
>         Motorola-Canopy-HPSULDR = "4000"
>         Motorola-Canopy-HPSDLDR = "4000"
>         Motorola-Canopy-HIGHERBW = "0"
>         Motorola-Canopy-CIRENABLE = "1"
>
>
> and the radius.cfg
>
> PidFile /etc/raddb.proxy/pids/radius.pid
> AuthPort 1815
> AcctPort 1816
> DbDir /etc/raddb.proxy
> DictionaryFile /etc/raddb.proxy/conf/dictionary
> RewriteUsername s/(\\)/@/
>
> ### Include our client.inc file:
> include /etc/raddb.proxy/conf/clients.inc
> include /etc/rad-log.cfg
> include /etc/raddb.proxy/conf/realms/shoe.prizmtesting.net
> <Realm DEFAULT>
>
> </Realm>
>
> This is all authing off a flat file with the radius setup inside.
>
> On Friday 17 August 2007 6:12:46 pm Hugh Irvine wrote:
>> Hello Michael -
>>
>> We will need to see a copy of your Radiator configuration file
>> together with a trace 5 debug from Radiator showing what is  
>> happening.
>>
>> It would also be very useful to see packet dumps of the freeradius
>> access accept and the Radiator access accept to see what is  
>> different.
>>
>> regards
>>
>> Hugh
>>
>> On 18 Aug 2007, at 01:14, Michael Shoemaker wrote:
>>> Hello all,
>>>
>>> We have a client that is using a 900mhz Motorola Advantage Platform
>>> AP with
>>> CANOPY 7.2.9 and they are unable to authenticate against radiator.
>>>
>>> They can authenticate against a freeradius server using the same
>>> radius
>>> information. We have watched the packet traffic and can see that
>>> access-accept packets are being sent from radius to the AP,
>>> however, we have
>>> no way to see from the AP to the SM.
>>>
>>> Has anyone else come across this and or anyone have any advice on
>>> where to go
>>> from here?
>>>
>>> We got motorola on the phone, and they told us "We don't support
>>> radiator" and
>>> would continue to repeat that throughout the conversation.
>>>
>>> I have used my google-fu to the best of my ability and have found
>>> nothing to
>>> indicate a direction to go on this.
>>>
>>> Thanks for any help you may be able to provide.
>>>
>>> --
>>> Archive at http://www.open.com.au/archives/radiator/
>>> Announcements on radiator-announce at open.com.au
>>> To unsubscribe, email 'majordomo at open.com.au' with
>>> 'unsubscribe radiator' in the body of the message.
>>
>> NB:
>>
>> Have you read the reference manual ("doc/ref.html")?
>> Have you searched the mailing list archive (www.open.com.au/archives/
>> radiator)?
>> Have you had a quick look on Google (www.google.com)?
>> Have you included a copy of your configuration file (no secrets),
>> together with a trace 4 debug showing what is happening?
>> Have you checked the RadiusExpert wiki:
>> http://www.open.com.au/wiki/index.php/Main_Page
>



NB:

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/ 
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
Have you checked the RadiusExpert wiki:
http://www.open.com.au/wiki/index.php/Main_Page

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.


--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list