[RADIATOR] radius attribute errors

Murat Kocum mkocum at inteltek.com.tr
Fri Aug 24 08:27:16 CDT 2012 

Dear Martin,

Thanks a lot :) You can find what I have done.


I have mofified radius.cfg file;


#modified mkocum 24082012
#DbDir           .
DbDir           /etc/radiator



Radius logfile  is as follows;


Before change ;

Mon Aug 20 15:29:40 2012: DEBUG: ClientListSQL adds Client 10.15.220.152
Mon Aug 20 15:29:40 2012: DEBUG: ClientListSQL adds Client 10.17.3.253
Mon Aug 20 15:29:40 2012: DEBUG: ClientListSQL adds Client 10.17.4.254
Mon Aug 20 15:29:40 2012: DEBUG: ClientListSQL adds Client 10.17.4.253
Mon Aug 20 15:29:40 2012: DEBUG: ClientListSQL adds Client 10.17.3.254
Mon Aug 20 15:29:40 2012: DEBUG: ClientListSQL adds Client 172.29.63.183
Mon Aug 20 15:29:40 2012: DEBUG: Finished reading configuration file '/etc/radiator/radius.cfg'
Mon Aug 20 15:29:40 2012: DEBUG: Reading dictionary file './dictionary'
Mon Aug 20 15:29:40 2012: ERR: Could not open dictionary file './dictionary': No such file or directory
Mon Aug 20 15:29:40 2012: DEBUG: Creating authentication port 0.0.0.0:1812
Mon Aug 20 15:29:40 2012: DEBUG: Creating accounting port 0.0.0.0:1813
Mon Aug 20 15:29:40 2012: NOTICE: Server started: Radiator 4.6 on radius1
Mon Aug 20 15:29:40 2012: ERR: Attribute number 1 is not defined in your dictionary   
                               

After change;
Fri Aug 24 18:09:12 2012: DEBUG: ClientListSQL adds Client 10.15.220.152
Fri Aug 24 18:09:12 2012: DEBUG: ClientListSQL adds Client 10.17.3.253
Fri Aug 24 18:09:12 2012: DEBUG: ClientListSQL adds Client 10.17.4.254
Fri Aug 24 18:09:12 2012: DEBUG: ClientListSQL adds Client 10.17.4.253
Fri Aug 24 18:09:12 2012: DEBUG: ClientListSQL adds Client 10.17.3.254
Fri Aug 24 18:09:12 2012: DEBUG: ClientListSQL adds Client 127.0.0.1
Fri Aug 24 18:09:13 2012: DEBUG: Finished reading configuration file '/etc/radiator/radius.cfg'
Fri Aug 24 18:09:13 2012: DEBUG: Reading dictionary file '/etc/radiator/dictionary'
Fri Aug 24 18:09:13 2012: DEBUG: Creating authentication port 0.0.0.0:1812
Fri Aug 24 18:09:13 2012: DEBUG: Creating accounting port 0.0.0.0:1646
Fri Aug 24 18:09:13 2012: DEBUG: Creating accounting port 0.0.0.0:1813
Fri Aug 24 18:09:13 2012: NOTICE: Server started: Radiator 4.6 on radius1                       

-----Original Message-----
From: radiator-bounces at open.com.au [mailto:radiator-bounces at open.com.au] On Behalf Of Martin Burton
Sent: Friday, August 24, 2012 3:49 PM
To: radiator at open.com.au
Subject: Re: [RADIATOR] radius attribute errors

If you replace:

DbDir           .

with

DbDir  /etc/radiator

in your radius.cfg then it should fix your problem.

I suspect that the intermittent issue you are seeing depends on whether your current working directory is /etc/radiator when you start radiator.
 It will work correctly if that is the case, but fail if it is started when your CWD is elsewhere.

HTH.

Cheers,

Martin.

On 24/08/12 12:01, Murat Kocum wrote:
> Dear Hugh,
> 
> 
> What dictionary file are you using?
> It is the default one that comes with the software.
> 
>  What version of Radiator? 
> My colleague installed with file Radiator-4.6-1.noarch.rpm
> 
> What version of Perl? 
> v5.8.8
> 
> What configuration file (do not include shared secrets)?
> Please see attached.
> 
> We will need to know more about your installation to be able to say anything more.
> 
> 
> [root@ radiator]# ps -ef|grep radi
> avahi     3464     1  0 Aug22 ?        00:00:00 avahi-daemon: running [azradius1.local]
> root      3928  3904  0 Aug22 pts/3    00:00:00 tail -100f /var/log/radius/logfile-2012-08-22
> root      5534     1  0 Aug22 ?        00:01:25 /usr/bin/perl /usr/bin/radiusd -config_file /etc/radiator/radius.cfg -daemon
> root     11201  3817  0 14:54 pts/2    00:00:00 grep radi
> [root at azradius1 radiator]# ls -ltr /etc/radiator/ total 404
> -rw-r--r-- 1 root root    583 Feb  5  2010 users
> -rw-r--r-- 1 root root 319483 Feb  5  2010 dictionary
> -rw-r--r-- 1 root root   8362 Aug 21 11:06 radius.cfg.bck
> -rw-r--r-- 1 root root  39822 Aug 22 18:16 tcpdump.azradius1.2208_1612
> -rw-r--r-- 1 root root   6282 Aug 22 18:40 tcpdump.azradius1.2208_1639
> -rw-r--r-- 1 root root   8369 Aug 22 20:24 radius.cfg.back2
> -rw-r--r-- 1 root root   8374 Aug 24 12:47 radius.cfg
> [root at azradius1 radiator]# pwd
> /etc/radiator
> [root at azradius1 radiator]#
> 
> 
> Thanks,
> Murat
> 
> 
> -----Original Message-----
> From: Hugh Irvine [mailto:hugh at open.com.au]
> Sent: Friday, August 24, 2012 12:31 PM
> To: Murat Kocum
> Cc: radiator at open.com.au
> Subject: Re: [RADIATOR] radius attribute errors
> 
> 
> Hello Murat Kocum -
> 
> This looks like Radiator is not seeing its dictionary file, as the 
> packet you show below decodes correctly with a User-name of
> 
>> 01 0a 31 30 35 31 31 34 30 31
> 
> 10511401
> 
> The other attribute numbers are also defined in the standard Radiator dictionary.
> 
> What dictionary file are you using? What version of Radiator? What version of Perl? What configuration file (do not include shared secrets)?
> 
> We will need to know more about your installation to be able to say anything more.
> 
> regards
> 
> Hugh
> 
> 
> On 24 Aug 2012, at 18:35, Murat Kocum <mkocum at inteltek.com.tr> wrote:
> 
>> Dear All,
>>
>> We have mass disconnections on our radius server radiator and then they can not connect. It was a smooth running server until our provider made some changes on their side. What I see is that we are receiving username null when problems occur. We have no username null it should be 8 digit figure. Besides I see several attribute not found errors. Both of them appear together. For some periods of time they connect and work properly. What may be the problem? 
>>
>> Thanks
>>
>>
>> Packet length = 96
>> 01 b9 00 60 fe 9f dc 6b 6f a0 55 c6 4f 6c 0c 7d 8c 66 b3 33 01 0a 31
>> 30 35 31 31 34 30 31 02 12
>> 56 76 5a 41 6b 86 97 f6 68 af 2c 3f 99 32 1a c3
>> 04 06 0a 11 03 fe 20 11 4d 31 32 30 5f 32 5f 41 7a 65 72 63 65 6c 6c 
>> 1e 07 69 6e 74 65 6c 07 06
>> 00 00 00 07 06 06 00 00 00 02 3d 06 00 00 00 05
>> Code: Access-Request
>> Identifier: 185
>> Authentic: <254><159><220>ko<160>U<198>Ol<12>}<140>f<179>3
>> Attributes:
>>
>> Mon Aug 20 17:07:48 2012: ERR: Attribute number 5 is not defined in 
>> your dictionary Mon Aug 20 17:07:48 2012: ERR: Attribute number 40 is 
>> not defined in your dictionary Mon Aug 20 17:07:48 2012: DEBUG: Handling request with Handler 'Realm=DEFAULT'
>> Mon Aug 20 17:07:48 2012: ERR: Attribute number 4 is not defined in 
>> your dictionary Mon Aug 20 17:07:48 2012: ERR: Attribute number 32 is 
>> not defined in your dictionary Mon Aug 20 17:07:48 2012: ERR:
>> Attribute number 44 is not defined in your dictionary Mon Aug 20
>> 17:07:48 2012: ERR: Attribute number 8 is not defined in your 
>> dictionary Mon Aug 20 17:07:48 2012: DEBUG: Deleting session for , 10.17.3.254, Mon Aug 20 17:07:48 2012: DEBUG: do query is: 'delete from RADONLINE where NASIDENTIFIER='10.17.3.254' and NASPORT=0':
>> Mon Aug 20 17:07:48 2012: DEBUG: Handling with Radius::AuthRADMIN: 
>> Mon Aug 20 17:07:48 2012: DEBUG: Handling with Radius::AuthRADMIN: 
>> Mon Aug 20 17:07:48 2012: ERR: Attribute number 79 is not defined in 
>> your dictionary Mon Aug 20 17:07:48 2012: DEBUG: Query is: 'select PASS_WORD, STATICADDRESS, TIMELEFT, MAXLOGINS, SERVICENAME, BADLOGINS, VALIDFROM, VALIDTO from RADUSERS where USERNAME=NULL':
>> Mon Aug 20 17:07:48 2012: DEBUG: Radius::AuthRADMIN looks for match 
>> with [] Mon Aug 20 17:07:48 2012: DEBUG: Radius::AuthRADMIN REJECT: 
>> No such user: [] Mon Aug 20 17:07:48 2012: DEBUG: AuthBy RADMIN result:
>> REJECT, No such user Mon Aug 20 17:07:48 2012: INFO: Access rejected 
>> for : No such user Mon Aug 20 17:07:48 2012: ERR: Attribute number 2 
>> is not defined in your dictionary Mon Aug 20 17:07:48 2012: DEBUG: do query is: 'insert into RADAUTHLOG (TIME_STAMP, USERNAME, TYPE, REASON) values (1345464468, '', 0, 'No such user')':
>> Mon Aug 20 17:07:48 2012: ERR: Attribute number 18 is not defined in 
>> your dictionary Mon Aug 20 17:07:48 2012: ERR: Attribute number 18 is 
>> not defined in your dictionary Mon Aug 20 17:07:48 2012: ERR:
>> Attribute number 211 is not defined in your dictionary Mon Aug 20
>> 17:07:48 2012: WARNING: No such attribute Unknown Mon Aug 20 17:07:48 2012: DEBUG: Packet dump:
>> *** Sending to 10.17.3.254 port 63160 ....
>>
>> Packet length = 20
>> 03 b9 00 14 18 88 f4 7d 1f 34 4b f5 d8 f9 ea 96
>> 05 ea b3 ef
>> Code: Access-Reject
>> Identifier: 185
>> Authentic: 
>> <24><136><244>}<31>4K<245><216><249><234><150><5><234><179><239>
>> Attributes:
>> Unknown = Request Denied
>>  
>> Disclaimer:
>> Bu e-posta mesaji ve ekleri sadece gonderildigi kisi veya kuruma ozeldir. Eger dogru kisiye ulasmadigini dusunuyorsaniz, bu mesajin yonlendirilmesi, kopyalanmasi veya herhangi bir sekilde kullanilmasi yasaktir.Mesaj iceriginde bulunan fikir ve yorumlar, INTELTEK'e degil sadece gondericiye aittir. Bu mesaj bilinen tum viruslere karsi test edilmistir.
>>
>> This e-mail and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you are not the intended recipient you are hereby notified that any dissemination, copying or use of the information is prohibited. The opinions expressed in this message belong to sender alone. There is no implied endorsement by INTELTEK.This e-mail has been scanned for all known computer viruses.
>> _______________________________________________
>> radiator mailing list
>> radiator at open.com.au
>> http://www.open.com.au/mailman/listinfo/radiator
> 
> 
> --
> 
> Hugh Irvine
> hugh at open.com.au
> 
> Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. 
> Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc.
> 
> 
> <P align=left><A href="http://www.iddaa.com/"></A>&nbsp;</P>
> <P style="MARGIN-LEFT: -1px" align=left><B>Disclaimer:</B></P> <HR>
> 
> <P align=left><FONT size=2>Bu e-posta mesaji ve ekleri sadece 
> gonderildigi kisi veya kuruma ozeldir. Eger dogru kisiye ulasmadigini 
> dusunuyorsaniz, bu mesajin yonlendirilmesi, kopyalanmasi veya herhangi 
> bir sekilde kullanilmasi yasaktir.Mesaj iceriginde bulunan fikir ve 
> yorumlar, INTELTEK'e degil sadece gondericiye aittir. Bu mesaj bilinen 
> tum viruslere karsi test edilmistir.</FONT><BR><A 
> href="http://www.iddaa.com/"><IMG height=60 
> src="http://www.inteltek.com.tr/exchange_banner/468x60.gif" width=468 
> border=0></A><BR><FONT size=2>This e-mail and any files transmitted 
> with it are confidential and intended solely for the use of the 
> individual or entity to whom they are addressed. If you are not the 
> intended recipient you are hereby notified that any dissemination, 
> copying or use of the information is prohibited. The opinions 
> expressed in this message belong to sender alone. There is no implied 
> endorsement by INTELTEK.This e-mail has been scanned for all known 
> computer viruses.</FONT><
/P>
> <HR>
> 
> 
> 
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator
> 

--
Martin Burton
Principal Systems Administrator            \\\|||///
Network Team                              \\  ^ ^  //
Wellcome Trust Sanger Institute            (  6 6  )
-----------------------------------------oOOo-(_)-oOOo---
                                  http://www.sanger.ac.uk


<P align=left><A href="http://www.iddaa.com/"></A>&nbsp;</P>
<P style="MARGIN-LEFT: -1px" align=left><B>Disclaimer:</B></P>
<HR>

<P align=left><FONT size=2>Bu e-posta mesaji ve ekleri sadece gonderildigi kisi veya kuruma ozeldir. Eger dogru kisiye ulasmadigini dusunuyorsaniz, bu mesajin yonlendirilmesi, kopyalanmasi veya herhangi bir sekilde kullanilmasi yasaktir.Mesaj iceriginde bulunan fikir ve yorumlar, INTELTEK'e degil sadece gondericiye aittir. Bu mesaj bilinen tum viruslere karsi test edilmistir.</FONT><BR><A href="http://www.iddaa.com/"><IMG height=60 src="http://www.inteltek.com.tr/exchange_banner/468x60.gif" width=468 border=0></A><BR><FONT size=2>This e-mail and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you are not the intended recipient you are hereby notified that any dissemination, copying or use of the information is prohibited. The opinions expressed in this message belong to sender alone. There is no implied endorsement by INTELTEK.This e-mail has been scanned for all known computer viruses.</FONT></P>
<HR>

More information about the radiator mailing list