(RADIATOR) URGENT:AuthByPolicy problem!
ganbold
ganbold at micom.mng.net
Fri Aug 17 10:20:04 CDT 2001
Hello,
We are using Radiator-2.18.1 on FreeBSD-4.3-STABLE.
It is working very well and good enough.
I have using AuthBySQL for dial-up subscribers and AuthByRadius for
iPass outbound authentication.
Just yesterday I added another AuthByRadius for proxy authentication to
our old Merit AAA-4.2.1E.
After that Merit AAA-4.2.1E radius users can't to authenticate.
They received, username/password wrong or invalid message from Radiator.
Following Radiator logfile:
---------------------------------------------
Fri Aug 17 09:57:39 2001: DEBUG: Packet dump:
*** Received from 202.179.0.135 port 1645 ....
Code: Access-Request
Identifier: 212
Authentic: <237><204><218>3y<212><208>t <153><225><241><1><219><153>b
Attributes:
NAS-IP-Address = 202.179.0.135
NAS-Port = 536
Cisco-NAS-Port = "Async3/104"
NAS-Port-Type = Async
User-Name = "stac"
Called-Station-Id = "1633"
Calling-Station-Id = "11315556"
User-Password = "<217>'<158>b#)-(u<182><24>K<25><252><134>["
Service-Type = Framed-User
Framed-Protocol = PPP
Fri Aug 17 09:57:39 2001: DEBUG: Rewrote user name to stac
Fri Aug 17 09:57:39 2001: DEBUG: Rewrote user name to stac
Fri Aug 17 09:57:39 2001: DEBUG: Check if Handler Request-Type =
Accounting-Request, Class = MERIT should be used to handle this request
Fri Aug 17 09:57:39 2001: DEBUG: Check if Handler Request-Type =
Accounting-Request, Class = IPASS should be used to handle this request
Fri Aug 17 09:57:39 2001: DEBUG: Check if Handler Request-Type =
Accounting-Request should be used to handle this request
Fri Aug 17 09:57:39 2001: DEBUG: Check if Handler NAS-IP-Address =
202.179.0.130 should be used to handle this request
Fri Aug 17 09:57:39 2001: DEBUG: Check if Handler NAS-IP-Address =
202.179.0.135 should be used to handle this request
Fri Aug 17 09:57:39 2001: DEBUG: Handling request with Handler
'NAS-IP-Address = 202.179.0.135'
Fri Aug 17 09:57:39 2001: DEBUG: SQL1 Deleting session for stac,
202.179.0.135, 536
Fri Aug 17 09:57:39 2001: DEBUG: do query is: delete from RADONLINE
where USERNAME='stac' and NASIDENTIFIER='202.179.0.135' and NASPORT=536
Fri Aug 17 09:57:40 2001: DEBUG: Handling with Radius::AuthSQL
Fri Aug 17 09:57:40 2001: DEBUG: Handling with Radius::AuthSQL
Fri Aug 17 09:57:40 2001: DEBUG: Query is: select
ENCRYPTEDPASSWORD,CHECKATTR,REPLYATTR,if(PREPAID="YES",TIMELEFT,NIGHT)
as TIME, class from
SUBSCRIBERS where USERNAME='stac' and STATUS='Active'
Fri Aug 17 09:57:40 2001: DEBUG: Radius::AuthSQL looks for match with stac
Fri Aug 17 09:57:40 2001: DEBUG: Query is: select
ENCRYPTEDPASSWORD,CHECKATTR,REPLYATTR,if(PREPAID="YES",TIMELEFT,NIGHT)
as TIME, class from
SUBSCRIBERS where USERNAME='DEFAULT' and STATUS='Active'
Fri Aug 17 09:57:40 2001: DEBUG: Handling with Radius::AuthRADIUS
Fri Aug 17 09:57:40 2001: DEBUG: Packet dump:
*** Sending to 202.179.0.106 port 1645 ....
Code: Access-Request
Identifier: 197
Authentic: <237><204><218>3y<212><208>t <153><225><241><1><219><153>b
Attributes:
NAS-IP-Address = 202.179.0.135
NAS-Port = 536
Cisco-NAS-Port = "Async3/104"
NAS-Port-Type = Async
User-Name = "stac"
Called-Station-Id = "1633"
Calling-Station-Id = "11315556"
User-Password = "M<253><156>Z<167><2>R[&T<226><210>_<220><251>-"
Service-Type = Framed-User
Framed-Protocol = PPP
Fri Aug 17 09:57:40 2001: DEBUG: Handling with Radius::AuthRADIUS
Fri Aug 17 09:57:40 2001: DEBUG: Packet dump:
*** Sending to 202.179.0.167 port 1645 ....
Code: Access-Request
Identifier: 201
Authentic: <237><204><218>3y<212><208>t <153><225><241><1><219><153>b
Attributes:
NAS-IP-Address = 202.179.0.135
NAS-Port = 536
Cisco-NAS-Port = "Async3/104"
NAS-Port-Type = Async
User-Name = "stac"
Called-Station-Id = "1633"
Calling-Station-Id = "11315556"
User-Password = "M<253><156>Z<167><2>R[&T<226><210>_<220><251>-"
Service-Type = Framed-User
Framed-Protocol = PPP
Fri Aug 17 09:57:40 2001: ERR: Attribute number 145 (vendor 61) is not
defined in your dictionary
Fri Aug 17 09:57:40 2001: DEBUG: Packet dump:
*** Received from 202.179.0.106 port 1645 ....
Code: Access-Accept
Identifier: 197
Authentic: <210>Q<139>Lp<146><146><227><146>;{<148>I<212><186><166>
Attributes:
NAS-IP-Address = 202.179.0.135
NAS-Port = 536
Cisco-NAS-Port = "Async3/104"
NAS-Port-Type = Async
User-Name = "stac"
Called-Station-Id = "1633"
Calling-Station-Id = "11315556"
User-Password = "M<253><156>Z<167><2>R[&T<226><210>_<220><251>-"
Service-Type = Framed-User
Framed-Protocol = PPP
User-Id = "stac"
NAS-Identifier = "202.179.0.135"
User-Realm = ""
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-MTU = 1500
Framed-Compression = Van-Jacobson-TCP-IP
Class = "3b7c799c.e.nmc.ub.mng.net"
Fri Aug 17 09:57:40 2001: DEBUG: Received reply in AuthRADIUS for req
197 from 202.179.0.106:1645
Fri Aug 17 09:57:40 2001: DEBUG: Access accepted for stac
Fri Aug 17 09:57:40 2001: DEBUG: Packet dump:
*** Sending to 202.179.0.135 port 1645 ....
Code: Access-Accept
Identifier: 212
Authentic: <237><204><218>3y<212><208>t <153><225><241><1><219><153>b
Attributes:
NAS-IP-Address = 202.179.0.135
NAS-Port = 536
Cisco-NAS-Port = "Async3/104"
NAS-Port-Type = Async
User-Name = "stac"
Called-Station-Id = "1633"
Calling-Station-Id = "11315556"
User-Password = "M<253><156>Z<167><2>R[&T<226><210>_<220><251>-"
Service-Type = Framed-User
Framed-Protocol = PPP
User-Id = "stac"
NAS-Identifier = "202.179.0.135"
User-Realm = ""
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-MTU = 1500
Framed-Compression = Van-Jacobson-TCP-IP
Class = "3b7c799c.e.nmc.ub.mng.net"
Class = "MERIT"
Fri Aug 17 09:57:40 2001: DEBUG: Packet dump:
*** Received from 202.179.0.167 port 1645 ....
Code: Access-Reject
Identifier: 201
Authentic:
c<247><16><143><203><222><144><189>x<236><215><163><6>2<176><216>
Attributes:
Fri Aug 17 09:57:40 2001: DEBUG: Received reply in AuthRADIUS for req
201 from 202.179.0.167:1645
Fri Aug 17 09:57:40 2001: INFO: Access rejected for stac: Proxied
Fri Aug 17 09:57:40 2001: DEBUG: Packet dump:
*** Sending to 202.179.0.135 port 1645 ....
Code: Access-Reject
Identifier: 212
Authentic: <237><204><218>3y<212><208>t <153><225><241><1><219><153>b
Attributes:
NAS-IP-Address = 202.179.0.135
NAS-Port = 536
Cisco-NAS-Port = "Async3/104"
NAS-Port-Type = Async
User-Name = "stac"
Called-Station-Id = "1633"
Calling-Station-Id = "11315556"
User-Password = "M<253><156>Z<167><2>R[&T<226><210>_<220><251>-"
Service-Type = Framed-User
Framed-Protocol = PPP
User-Id = "stac"
NAS-Identifier = "202.179.0.135"
User-Realm = ""
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-MTU = 1500
Framed-Compression = Van-Jacobson-TCP-IP
Class = "3b7c799c.e.nmc.ub.mng.net"
Class = "MERIT"
Class = "IPASS"
Reply-Message = "Proxied"
-----------------------------------------------
I don't understand why Radiator sending Access-Request simultaneously to
both iPass outbound and Merit AAA.
Could you help me to solve it?
I think Radiator should to do authentication one-by-one. We are using
"ContinueUntilAccept" policy. Is it correct?
I attached Radiator configuration file.
Thank you,
Ganbold
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: micomradius.cfg
URL: <http://www.open.com.au/pipermail/radiator/attachments/20010817/6622297e/attachment.ksh>
More information about the radiator
mailing list