(RADIATOR) AuthTo RADIUS with MIND-iPhonEX problem

Povarov Rustam - Kiwwi Czech Republic Rustam.Povarov at kiwwi.com
Tue May 22 09:55:30 CDT 2001 

Hello,

 First - how the normal radius worked (RADIATOR):

./radpwtst -s 213.174.84.78 -secret xxx -user nocol -password xxx -trace

==== output from radius sniffer
interface: hme0 (213.174.84.188/255.255.255.252)     filter: udp and port 1645
Request (ac) - 213.174.84.189:32838 -> 213.174.84.78:1645 (L91)
  User-Name              Len  7         "nocol"
  Service-Type           Len  6         Framed-User
  NAS-IP-Address         Len  6         203.63.154.1
  NAS-Port-Id            Len  6         1234
  Called-Station-Id      Len 11         "123456789"
  Calling-Station-Id     Len 11         "987654321"
  NAS-Port-Type          Len  6         Async
  Password               Len 18         "K*****B)~**B**yj"
Accept  (ac) - 213.174.84.189:32838 <- 213.174.84.78:1645 (L20)
===

Packet sent from local port 32838 (dynamic) to RADIUS port 1645.
Answer came from 1645 to 32838.

Now - how it worked with MIND-radius:

./radpwtst -s 213.174.84.32 -secret xxx -user 668943 -password xxx -trace

---
sending Access-Request...
No reply
---

=== output from radius sniffer
Request (2d) - 213.174.84.189:32840 -> 213.174.84.32:1645 (L92)
  User-Name              Len  8         "668943"
  Service-Type           Len  6         Framed-User
  NAS-IP-Address         Len  6         203.63.154.1
  NAS-Port-Id            Len  6         1234
  Called-Station-Id      Len 11         "123456789"
  Calling-Station-Id     Len 11         "987654321"
  NAS-Port-Type          Len  6         Async
  Password               Len 18         "******B)~**B**yj"
Reject  (2d) - 213.174.84.189:1645 <- 213.174.84.32:1645 (L38)
  Service-Type           Len  6         0
  Framed-Protocol        Len  6         0
  Framed-IP-Address      Len  6         0.0.0.0
===

(Reject - this is normal)
Packet sent from local port 32840 (dynamic) to MIND port 1645:
Answer from MIND came from 1645 to 1645.

I changed out-port to 1001:
MIND still send answers to port 1645.

=== output from radius sniffer
Request ( 1) - 213.174.84.189:1001 -> 213.174.84.32:1645 (L92)
  User-Name              Len  8         "668943"
  Service-Type           Len  6         Framed-User
  NAS-IP-Address         Len  6         203.63.154.1
  NAS-Port-Id            Len  6         1234
  Called-Station-Id      Len 11         "123456789"
  Calling-Station-Id     Len 11         "987654321"
  NAS-Port-Type          Len  6         Async
  Password               Len 18         "******B)~**B**yj"
Reject  ( 1) - 213.174.84.189:1645 <- 213.174.84.32:1645 (L38)
  Service-Type           Len  6         0
  Framed-Protocol        Len  6         0
  Framed-IP-Address      Len  6         0.0.0.0
===

Any application, who used RADIUS protocol, wait for answer on port,
from which packet was sended. With MIND it's not working.

Following the logfile pieces from Radiator:

===========
*** Sending to 213.174.84.32 port 1645 ....
Code:       Access-Request
Identifier: 16
Authentic:  1234567890123456
Attributes:
        User-Name = "668943"
        Service-Type = Framed-User
        NAS-IP-Address = 203.63.154.1
        NAS-Port = 1234
        Called-Station-Id = "123456789"
        Calling-Station-Id = "987654321"
        NAS-Port-Type = Async
        User-Password = "<20><131><148><189><221><161>B)~<172><255>B<245><215>yj
"

Tue May 22 16:44:11 2001: DEBUG: Packet dump:
*** Received from 213.174.84.32 port 1645 ....
Code:       Access-Reject
Identifier: 16
Authentic:  <5><223><166>H<4>X<225><135><193>,kv<148><184><149>z
Attributes:
        Service-Type = Annex-Framed-Tunnel
        Framed-Protocol = 0
        Framed-IP-Address = 0.0.0.0

Tue May 22 16:44:11 2001: ERR: No orig_authenticator supplied to check_authentic
ator
Tue May 22 16:44:11 2001: WARNING: Bad authenticator in request from 213.174.84.
32 (213.174.84.33)

Tue May 22 16:44:16 2001: INFO: AuthRADIUS: No reply after 3 retransmissions to
213.174.84.33:1645 for 668943  (216)
Tue May 22 16:44:16 2001: INFO: AuthRADIUS could not find a working host to forw
ard to. Ignoring
Tue May 22 16:44:16 2001: DEBUG: Packet dump:
*** Received from 213.174.84.33 port 1646 ....
Code:       Accounting-Response
Identifier: 23
Authentic:  Oe<136><163><6>.i<156>)XY<203><1><172><19><20>
Attributes:

Tue May 22 16:44:16 2001: ERR: No orig_authenticator supplied to check_authentic
ator
Tue May 22 16:44:16 2001: WARNING: Bad authenticator in request from 213.174.84.
32 (213.174.84.33)
Tue May 22 16:44:21 2001: INFO: AuthRADIUS: No reply after 3 retransmissions to
213.174.84.33:1646 for 668943  (217)
Tue May 22 16:44:21 2001: INFO: AuthRADIUS could not find a working host to forw
ard to. Ignoring

====

I tried to enable IgnoreReplySignature in <AutBy RADIUS> clause, but
it does not help.

I don't know what to do now - is it problem on my side, or in MIND
code?

Thanks in advance!

-- 
Rustam Povarov


===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list