(RADIATOR) Nortel CVX and VSAs

Mike McCauley mikem at open.com.au
Fri Jun 15 09:19:02 CDT 2001 

Hello John,


On Jun 13, 10:35am, John Coy wrote:
> Subject: Re: (RADIATOR) Nortel CVX and VSAs
> Mike, in your testing do you happen to know what version of the
> Nortel CVX operating system your customer was running?

No, it was tested with assistance of Lisa Goulet
   (Lisa.Goulet at versatel.nl) Dave Salaman
   (dsalaman at salaman.org) and others.
Perhaps they can say what the version was?


It certainly loks like your CVX has no idea what those attributes mean.

> When I
> run the "radius" test command on my CVX, here's what I get (copied
> below).  Most of the "unknown" attributes are CVX VSAs.  I'll copy
> the entry from the RADIUS users file so you can see which attributes
> I'm setting (I'll be glad to send my dictionary file as well if you
> want to look at it):
>
> sending RADIUS auth requests to AAA server for VPOP 0:
> username 'XXX', password 'XXX'
> radius: Access-Request (1) to server 208.133.27.2, id 206, length 300
> radius: auth 5d 7e e3 3f 0f 13 1b f8
> radius:      3d cf 44 d1 32 0f ff 8f
>     User-Password [2, len 16] = <3e be 4e 39 bd 29 be c9 ...>
>     Vendor-Specific [26, len 207] = <2637>
>                  CVX-Identication [1, len 201] = < $Id:
> Aptis.vinfo  ImageName=fepmd  Version=3.6.2p5  BuildNumber=3492
> BuildDate=02/05/2001  BuildTime=14:07:24  Machine=BUILD01  User=build
> TargetBoard=scc  TargetProcessor=PPC603  Branch=p362  Exp $>
>     NAS-Identifier [32, len 8] = <cvx01-fy>
>     User-Name [1, len 5] = <test1>
>     Called-Station-Id [30, len 7] = <8675309>
>     Calling-Station-Id [31, len 7] = <5551212>
>     NAS-Port [5, len 4] = <16843009>
>     NAS-Port-Type [61, len 4] = <0>
>     Service-Type [6, len 4] = <7>
> radius: Access-Accept (2) from server 208.133.27.2, id 206,
>          length 224, time 44 ms
> radius: auth 96 21 fe 1f 48 74 44 aa
> radius:      69 df b9 ca cc 4d dd 17
>     Ascend-Maximum-Channels [235, len 4] = <1>
>     Ascend-Idle-Limit [244, len 4] = <1800>
>     Ascend-Assign-IP-Pool [218, len 4] = <0>
>     Service-Type [6, len 4] = <2>
>     Framed-Protocol [7, len 4] = <1>
>     unknown [125, len 4] = <00 00 01 e0>
>     Ascend-Primary-DNS [135, len 4] = <208.133.27.10>
>     Ascend-Secondary-DNS [136, len 4] = <216.152.26.168>
>     Ascend-Assign-DNS [137, len 4] = <1>
>     unknown [128, len 4] = <00 00 00 00>
>     Ascend-Multicast-Client [155, len 4] = <1>
>     Ascend-Multicast-Rate-Limit [152, len 4] = <5>
>                  unknown [26, len 10] = <00 00 0a 4d 85 21 02 c3 ...>
>                  unknown [26, len 13] = <00 00 0a 4d 85 21 02 c9 ...>
>                  unknown [26, len 13] = <00 00 0a 4d 85 21 02 ca ...>
>                  unknown [26, len 13] = <00 00 0a 4d 85 21 00 66 ...>
>                  unknown [26, len 13] = <00 00 0a 4d 85 21 00 67 ...>
>                  unknown [26, len 10] = <00 00 0a 4d 85 21 00 69 ...>
>                  unknown [26, len 10] = <00 00 0a 4d 85 21 00 68 ...>
>                  unknown [26, len 10] = <00 00 0a 4d 85 21 00 6a ...>
>                  unknown [26, len 10] = <00 00 0a 4d 85 21 00 6b ...>
>                  unknown [26, len 10] = <00 00 0a 4d 85 21 00 6c ...>
>
>
> Here's the "users" file entry that the attributes are being assigned:
>
> DEFAULT Auth-Type = ANCI-AuthSQLorUNIXPasswd
>          Ascend-Idle-Limit = 1800,
>          Ascend-Assign-IP-Pool = 0,
>          Service-Type = Framed-User,
>          Framed-Protocol = PPP,
>          Ascend-Maximum-Call-Duration = 480,
>          Ascend-Client-Primary-DNS = 208.133.27.10,
>          Ascend-Client-Secondary-DNS = 216.152.26.168,
>          Ascend-Client-Assign-DNS = DNS-Assign-Yes,
>          Ascend-Shared-Profile-Enable = 0,
>          Ascend-Multicast-Client = 1,
>          Ascend-Multicast-Rate-Limit = 5,
>          CVX-PPP-SendDNS = 1,
>          CVX-PPP-DNS1 = 208.133.27.10,
>          CVX-PPP-DNS2 = 216.152.26.168,
>          CVX-PPP-ConnectLimit = 480,
>          CVX-PPP-InactivityLimit = 15,
>          CVX-PPP-MonitorRxActivity = 1,
>          CVX-PPP-MonitorTxActivity = 1,
>          CVX-PPP-CountRIP = 0,
>          CVX-PPP-CountPings = 0,
>          CVX-PPP-CountIGMP = 0
>
>
> At 07:02 PM 6/13/01 -0500, you wrote:
> >Hi John,
> >
> >Yes, 2.18 added support for Nortel CVX vendor specific attribute. Some of
> >these
> >Nortel VSAs have non-standard format, and 2.18 and up knows how to handle
> >them,
> >and the VSA definitions are also in the dictionary.
> >
> >Cheers.
> >
> >On Jun 13,  5:02pm, Hugh Irvine wrote:
> > > Subject: Re: (RADIATOR) Nortel CVX and VSAs
> > >
> > > Hello John -
> > >
> > > I have copied this mail to Mike as he worked with another of our
> > customers to
> > > implement the CVX attributes and hopefully he can tell you more about
them.
> > >
> > > regards
> > >
> > > Hugh
> > >
> > > On Wednesday 13 June 2001 16:29, John Coy wrote:
> > > > I'm wondering if anybody on the list has a Nortel CVX
> > > > and is using Radiator for authentication?  I cannot seem
> > > > to get the vendor specific attributes to work properly
> > > > (I'm using the CVX attributes from the dictionary that ships
> > > > with the 2.18.2 Radiator).  I even found that the
> > > > CVX-Ascend-Maximum-Channels attribute will cause the CVX
> > > > to dump core (at least it will make CVX OS v3.6p5 dump dore).
> > > > Very ugly.
> > > >
> > > > I'm not exactly sure how to start troubleshooting -- I am
> > > > curious if I post some radius logs from the CVX (it has a
> > > > VERY handy radius debugging tool) as well as logs from
> > > > Radiator if someone can take a look.
> > > >
> > > > I guess my overall question is: anybody out there have
> > > > a CVX, using Radiator, and also using some VSAs?  If
> > > > so, any possibility of talking off-list?
> > > >
> > > > Hugh -- was also curious if you guys had a chance to test
> > > > the CVX VSAs?  It's my understanding that these are a relatively
> > > > new feature (found in the 2.18 code?)
> > > >
> > > > Thanks in advance,
> > > >
> > > > John
> > > >
> > > > ===
> > > > Archive at http://www.open.com.au/archives/radiator/
> > > > Announcements on radiator-announce at open.com.au
> > > > To unsubscribe, email 'majordomo at open.com.au' with
> > > > 'unsubscribe radiator' in the body of the message.
> > >
> > > --
> > > Radiator: the most portable, flexible and configurable RADIUS server
> > > anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
> > > -
> > > Nets: internetwork inventory and management - graphical, extensible,
> > > flexible with hardware, software, platform and database independence.
> > >
> > >-- End of excerpt from Hugh Irvine
> >
> >
> >
> >--
> >Mike McCauley                               mikem at open.com.au
> >Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++, WWW
> >24 Bateman St Hampton, VIC 3188 Australia   http://www.open.com.au
> >Phone +61 3 9598-0985                       Fax   +61 3 9598-0955
> >
> >Radiator: the most portable, flexible and configurable RADIUS server
> >anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> >Platypus, Freeside, TACACS+, PAM, external, Active Directory etc etc
> >on Unix, Win95/8, 2000, NT, MacOS 9, MacOS X
>
>
>-- End of excerpt from John Coy



-- 
Mike McCauley                               mikem at open.com.au
Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia   http://www.open.com.au
Phone +61 3 9598-0985                       Fax   +61 3 9598-0955

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory etc etc 
on Unix, Win95/8, 2000, NT, MacOS 9, MacOS X
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list