(RADIATOR) random problems authenticating
Hugh Irvine
hugh at open.com.au
Wed Jul 25 01:31:37 CDT 2001
Hello Andrew -
The Access-Request and subsequent Access-Accept shown in the trace output
below appears completely normal. I will need to see a trace 4 debug showing
the actual problem, otherwise it is impossible for me to say what is wrong.
regards
Hugh
On Wednesday 25 July 2001 05:47, Andrew Kaplan wrote:
> We are using the Total Control chassis with Rodopi. Within the past few
> weeks dailup users have been complaining of problems connecting/getting a
> fast connection etc. If they try a couple of times they connect. I have
> tested my equipment and spoken with the telephone company - everything
> checks out.
>
> I turned off authentication on my Total Control Chassis and now it seems
> everyone is able to connect. It seems difficult to imagine Rodopi having
> random authenticating problems, but I have to purse every avenue.
>
> Below is my .cfg. any a snippet from my logs. Any comments would be
> appreciated. We are using Radiator 2.18 on Debian.
>
>
>
>
> Trace 4
>
> AuthPort 1645
> AcctPort 1646
> LogDir /usr/local/radius/log
> # The line below was remmed out 11/7/00 in efforts to turn logging ON!
> #LogFile
> DbDir /usr/local/radius/raddb
> DictionaryFile /usr/local/radius/dictionary.ascend
> PidFile /var/run/radiusd.pid
>
> #<SNMPAgent>
> # Community TeekieUptiC
> #</SNMPAgent>
>
> RewriteUsername tr/[A-Z]/[a-z]/
>
> #the following will strip out the realms
> RewriteUsername s/^([^@]+).*/$1/
>
> #added by eddy for testing
> <Client 63.115.88.53>
> Secret test
> </Client>
>
> <Client 63.112.159.252>
> Secret XXXXX
> NasType TotalControlSNMP
> SNMPCommunity xxx
> </Client>
>
>
> <Client 63.112.159.254>
> Secret XXXXX
> NasType TotalControlSNMP
> SNMPCommunity XXX
> </Client>
>
> # added second HiPer ARC 2-20-01
> <Client 63.112.157.254>
> Secret XXXXX
> NasType TotalControlSNMP
> SNMPCommunity XXX
> </Client>
>
>
> # added to run radpwtst 2-27-01
> <Client 63.237.136.8>
> Secret XXXXX
> NasType TotalControlSNMP
> SNMPCommunity XXX
> </Client>
>
>
> <Client 63.237.136.2>
> Secret XXXXX
> NasType TotalControlSNMP
> SNMPCommunity XXX
> </Client>
> <Client 209.206.60.133>
> Secret XXXX
> </Client>
> #test for ntplex
> <Client 204.213.176.6>
> Secret XXXXX
> </Client>
> <Client 204.213.176.7>
> Secret XXXXX
> </Client>
> <Client 204.213.179.30>
> Secret XXXXX
> </Client>
> <Client 204.213.176.152>
> Secret XXXXX
> IgnoreAcctSignature
> </Client>
>
>
> #added 6/01/01
> <Client 216.126.128.9>
> Secret XXXXX
> </Client>
>
> #added 6/07/01
> <Client 216.126.128.10>
> Secret XXXXX
> </Client>
>
>
>
>
> # MegaPop Radius Servers
> <Client 204.178.185.222>
> Secret XXXXX
> </Client>
> <Client 204.178.185.3>
> Secret XXXXX
> </Client>
> <Client 204.178.185.221>
> Secret XXXXX
> </Client>
> <Client 204.178.185.220>
> Secret XXXXX
> </Client>
> <Client 204.178.185.218>
> Secret XXXXX
> </Client>
> <Client 204.178.185.219>
> Secret XXXXX
> </Client>
> <Client 216.126.128.8>
> Secret XXXXX
> </Client>
> # End of MegaPop Servers
> <Client 63.237.136.100>
> Secret testing123
> </Client>
>
> <Client 127.0.0.1>
> Secret testing123
> DupInterval 0
> </Client>
>
> <Realm DEFAULT>
> # AuthByPolicy ContinueUntilAccept
>
> AcctLogFileName %L/%Y/%m/%d-details
> <AuthBy RODOPI>
> DBSource dbi:Sybase:server=AbacBill
> DBUsername rodopi
> DBAuth rodopi
> </AuthBy>
>
> <AuthBy FILE>
> Filename /etc/acctmgr/users
> </AuthBy>
> </Realm>
>
>
> <Realm cshore.com>
> # AuthByPolicy ContinueUntilAccept
>
> AcctLogFileName %L/%Y/%m/%d-details
> <AuthBy RODOPI>
> DBSource dbi:Sybase:server=AbacBill
> DBUsername rodopi
> DBAuth rodopi
> </AuthBy>
>
> <AuthBy FILE>
> Filename /etc/acctmgr/users
> </AuthBy>
> </Realm>
>
>
> <SessionDatabase SQL>
> DBSource dbi:mysql:Radius
> DBUsername Radius
> DBAuth KnubbyDo
> AddQuery \
> insert into Sessions (UserName, NASIdent, NASPort, \
> SessionID, TimeStamp, FramedIPAddress, NASPortType, \
> ServiceType) values ('%n', '%N', %{NAS-Port}, \
> '%{Acct-Session-Id}', %{Timestamp}, '%{Framed-Address}', \
> '%{NAS-Port-Type}', '%{Service-Type}')
> DeleteQuery \
> delete from Sessions where Username='%n' and \
> NASIdent='%N' and NASPort=%{NAS-Port}
> ClearNasQuery \
> delete from Sessions where NASIdent='%N'
> CountQuery \
> select NASIdent, NASPort, SessionID from Sessions \
> where Username='%n'
> </SessionDatabase>
>
> ++++++++++++++++++++++++++++++++++++++
>
>
> *** Received from 63.112.157.254 port 1646 ....
> Code: Accounting-Request
> Identifier: 179
> Authentic: X<189>q<137>r:(5<23>ln<179>[!<127><210>
> Attributes:
> User-Name = "brg"
> NAS-Identifier = "63.112.157.254"
> Acct-Status-Type = Stop
> Acct-Session-Id = "68222995"
> Acct-Delay-Time = 0
> Acct-Authentic = RADIUS
> Service-Type = Framed-User
> NAS-Port-Type = Async
> NAS-Port = 1042
> Caller-Id = "8606675624"
> Client-Port-DNIS = "8609411055"
> Framed-Protocol = PPP
> Framed-Address = 63.112.159.16
> Acct-Session-Time = 363
> Acct-Terminate-Cause = 2
> Acct-Input-Octets = 746
> Acct-Output-Octets = 822
> Acct-Input-Packets = 23
> Acct-Output-Packets = 19
>
> Tue Jul 24 06:29:30 2001: DEBUG: Rewrote user name to brg
> Tue Jul 24 06:29:30 2001: DEBUG: Rewrote user name to brg
> Tue Jul 24 06:29:30 2001: DEBUG: Handling request with Handler
> 'Realm=DEFAULT'
> Tue Jul 24 06:29:30 2001: DEBUG: Deleting session for brg, 63.112.157.254,
> 1042
> Tue Jul 24 06:29:30 2001: DEBUG: do query is: delete from Sessions where
> Username='brg' and NASIdent='63.112.157.254' and NASPort=1042
>
> Tue Jul 24 06:29:30 2001: DEBUG: do query is: exec Interface_VircomDetails
> '68222995', 'Jul 24, 2001 06:29', 'brg', '63.112.157.254', 1042,
> 'Framed-User', 'PPP', '63.112.159.16', '8606675624', '63.112.157.254',
> 'Stop', 0, 746, 822, 363, 23, 19, '2', 'Async', NULL,
> '8609411055'
>
> Tue Jul 24 06:29:30 2001: DEBUG: Accounting accepted
> Tue Jul 24 06:29:30 2001: DEBUG: Packet dump:
> *** Sending to 63.112.157.254 port 1646 ....
> Code: Accounting-Response
> Identifier: 179
> Authentic: X<189>q<137>r:(5<23>ln<179>[!<127><210>
> Attributes:
>
> Tue Jul 24 06:29:31 2001: ERR: Attribute number 38979 (vendor 429) is not
> defined in your dictionary
> Tue Jul 24 06:29:31 2001: ERR: Attribute number 36889 (vendor 429) is not
> defined in your dictionary
> Tue Jul 24 06:29:31 2001: ERR: Attribute number 36890 (vendor 429) is not
> defined in your dictionary
> Tue Jul 24 06:29:31 2001: ERR: Attribute number 36891 (vendor 429) is not
> defined in your dictionary
> Tue Jul 24 06:29:31 2001: DEBUG: Packet dump:
> *** Received from 63.112.159.254 port 1645 ....
> Code: Access-Request
> Identifier: 52
> Authentic: A<3>c<168><158><183><242><231>O<29>S<26><13><146><135><177>
> Attributes:
> User-Name = "jellybean"
> User-Password = "<152>2<24><177>(<171><149>w[<139><209><233>?K<204><195>"
> NAS-Identifier = "63.112.159.254"
> NAS-Port = 1287
> Acct-Session-Id = "84279299"
> Service-Type = Framed-User
> Framed-Protocol = PPP
> Caller-Id = "2032489153"
> Client-Port-DNIS = "2038151055"
> NAS-Port-Type = Async
>
> Tue Jul 24 06:29:31 2001: DEBUG: Rewrote user name to jellybean
> Tue Jul 24 06:29:31 2001: DEBUG: Rewrote user name to jellybean
> Tue Jul 24 06:29:31 2001: DEBUG: Handling request with Handler
> 'Realm=DEFAULT'
> Tue Jul 24 06:29:31 2001: DEBUG: Deleting session for jellybean,
> 63.112.159.254, 1287
> Tue Jul 24 06:29:31 2001: DEBUG: do query is: delete from Sessions where
> Username='jellybean' and NASIdent='63.112.159.254' and NASPort=1287
>
> Tue Jul 24 06:29:31 2001: DEBUG: Handling with Radius::AuthRODOPI
> Tue Jul 24 06:29:31 2001: DEBUG: Handling with Radius::AuthRODOPI
> Tue Jul 24 06:29:31 2001: DEBUG: Query is: exec Interface_VircomUsers
> jellybean
>
> Tue Jul 24 06:29:31 2001: DEBUG: Radius::AuthRODOPI looks for match with
> jellybean
> Tue Jul 24 06:29:31 2001: DEBUG: Query is: select NASIdent, NASPort,
> SessionID from Sessions where Username='jellybean'
>
> Tue Jul 24 06:29:31 2001: DEBUG: Radius::AuthRODOPI ACCEPT:
> Tue Jul 24 06:29:31 2001: DEBUG: Access accepted for jellybean
> Tue Jul 24 06:29:31 2001: DEBUG: Packet dump:
> *** Sending to 63.112.159.254 port 1645 ....
> Code: Access-Accept
> Identifier: 52
> Authentic: A<3>c<168><158><183><242><231>O<29>S<26><13><146><135><177>
> Attributes:
> Idle-Timeout = 1800
> Service-Type = Framed-User
> Session-Timeout = 21600
>
> Tue Jul 24 06:29:32 2001: ERR: Attribute number 38978 (vendor 429) is not
> defined in your dictionary
> Tue Jul 24 06:29:32 2001: ERR: Attribute number 38979 (vendor 429) is not
> defined in your dictionary
> Tue Jul 24 06:29:32 2001: ERR: Attribute number 36889 (vendor 429) is not
> defined in your dictionary
> Tue Jul 24 06:29:32 2001: ERR: Attribute number 36890 (vendor 429) is not
> defined in your dictionary
> Tue Jul 24 06:29:32 2001: ERR: Attribute number 36891 (vendor 429) is not
> defined in your dictionary
> Tue Jul 24 06:29:32 2001: ERR: Attribute number 36893 (vendor 429) is not
> defined in your dictionary
> Tue Jul 24 06:29:32 2001: ERR: Attribute number 108 (vendor 429) is not
> defined in your dictionary
> Tue Jul 24 06:29:32 2001: ERR: Attribute number 153 (vendor 429) is not
> defined in your dictionary
> Tue Jul 24 06:29:32 2001: ERR: Attribute number 199 (vendor 429) is not
> defined in your dictionary
> Tue Jul 24 06:29:32 2001: ERR: Attribute number 36899 (vendor 429) is not
> defined in your dictionary
> Tue Jul 24 06:29:32 2001: DEBUG: Packet dump:
> *** Received from 63.112.159.254 port 1646 ....
> Code: Accounting-Request
> Identifier: 16
> Authentic: <187><243>7a<225><17>%%<158><133><156><3><129>r<30>U
> Attributes:
> User-Name = "jellybean"
> NAS-Identifier = "63.112.159.254"
> Acct-Status-Type = Start
> Acct-Session-Id = "84279299"
> Acct-Delay-Time = 0
> Acct-Authentic = RADIUS
> Service-Type = Framed-User
> NAS-Port-Type = Async
> NAS-Port = 1287
> Caller-Id = "2032489153"
> Client-Port-DNIS = "2038151055"
> Framed-Protocol = PPP
> Framed-Address = 63.112.158.113
>
> Tue Jul 24 06:29:32 2001: DEBUG: Rewrote user name to jellybean
> Tue Jul 24 06:29:32 2001: DEBUG: Rewrote user name to jellybean
> Tue Jul 24 06:29:32 2001: DEBUG: Handling request with Handler
> 'Realm=DEFAULT'
> Tue Jul 24 06:29:32 2001: DEBUG: Adding session for jellybean,
> 63.112.159.254, 1287
> Tue Jul 24 06:29:32 2001: DEBUG: do query is: delete from Sessions where
> Username='jellybean' and NASIdent='63.112.159.254' and NASPort=1287
>
> Tue Jul 24 06:29:32 2001: DEBUG: do query is: insert into Sessions
> (UserName, NASIdent, NASPort, SessionID, TimeStamp, FramedIPAddress,
> NASPortType, ServiceType) values ('jellybean', '63.112.159.254', 1287,
> '84279299', 995970572, '63.112.158.113', 'Async', 'Framed-User')
>
> Tue Jul 24 06:29:32 2001: DEBUG: do query is: exec Interface_VircomDetails
> '84279299', 'Jul 24, 2001 06:29', 'jellybean', '63.112.159.254', 1287,
> 'Framed-User', 'PPP', '63.112.158.113', '2032489153', '63.112.159.254',
> 'Start', 0, NULL, NULL, NULL, NULL, NULL, NULL, 'Async', NULL,
> '2038151055'
>
> Tue Jul 24 06:29:32 2001: DEBUG: Accounting accepted
> Tue Jul 24 06:29:32 2001: DEBUG: Packet dump:
> *** Sending to 63.112.159.254 port 1646 ....
> Code: Accounting-Response
> Identifier: 16
> Authentic: <187><243>7a<225><17>%%<158><133><156><3><129>r<30>U
> Attributes:
>
> Tue Jul 24 06:29:34 2001: ERR: Attribute number 38978 (vendor 429) is not
> defined in your dictionary
> Tue Jul 24 06:29:34 2001: ERR: Attribute number 38979 (vendor 429) is not
> defined in your dictionary
> Tue Jul 24 06:29:34 2001: ERR: Attribute number 36889 (vendor 429) is not
> defined in your dictionary
> Tue Jul 24 06:29:34 2001: ERR: Attribute number 36890 (vendor 429) is not
> defined in your dictionary
> Tue Jul 24 06:29:34 2001: ERR: Attribute number 36891 (vendor 429) is not
> defined in your dictionary
> Tue Jul 24 06:29:34 2001: ERR: Attribute number 36893 (vendor 429) is not
> defined in your dictionary
> Tue Jul 24 06:29:34 2001: ERR: Attribute number 108 (vendor 429) is not
> defined in your dictionary
> Tue Jul 24 06:29:34 2001: ERR: Attribute number 153 (vendor 429) is not
> defined in your dictionary
> Tue Jul 24 06:29:34 2001: ERR: Attribute number 199 (vendor 429) is not
> defined in your dictionary
> Tue Jul 24 06:29:34 2001: ERR: Attribute number 36899 (vendor 429) is not
> defined in your dictionary
> Tue Jul 24 06:29:34 2001: DEBUG: Packet dump:
> *** Received from 63.112.159.254 port 1646 ....
> Code: Accounting-Request
> Identifier: 17
> Authentic: <187><173>4NM<209>g<226><149><194><8><136><152><217><139><31>
> Attributes:
> User-Name = "lisa"
> NAS-Identifier = "63.112.159.254"
> Acct-Status-Type = Stop
> Acct-Session-Id = "33751044"
> Acct-Delay-Time = 0
> Acct-Authentic = RADIUS
> Service-Type = Framed-User
> NAS-Port-Type = Async
> NAS-Port = 516
> Caller-Id = "2035624225"
> Client-Port-DNIS = "2038151055"
> Framed-Protocol = PPP
> Framed-Address = 63.112.158.71
> Acct-Session-Time = 21643
> Acct-Terminate-Cause = 5
> Acct-Input-Octets = 14458
> Acct-Output-Octets = 29408
> Acct-Input-Packets = 332
> Acct-Output-Packets = 395
>
> Tue Jul 24 06:29:34 2001: DEBUG: Rewrote user name to lisa
> Tue Jul 24 06:29:34 2001: DEBUG: Rewrote user name to lisa
> Tue Jul 24 06:29:34 2001: DEBUG: Handling request with Handler
> 'Realm=DEFAULT'
> Tue Jul 24 06:29:34 2001: DEBUG: Deleting session for lisa,
> 63.112.159.254, 516
> Tue Jul 24 06:29:34 2001: DEBUG: do query is: delete from Sessions where
> Username='lisa' and NASIdent='63.112.159.254' and NASPort=516
>
> Tue Jul 24 06:29:34 2001: DEBUG: do query is: exec Interface_VircomDetails
> '33751044', 'Jul 24, 2001 06:29', 'lisa', '63.112.159.254', 516,
> 'Framed-User', 'PPP', '63.112.158.71', '2035624225', '63.112.159.254',
> 'Stop', 0, 14458, 29408, 21643, 332, 395, '5', 'Async', NULL,
> '2038151055'
>
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list