(RADIATOR) AuthTo RADIUS with MIND-iPhonEX problem

Hugh Irvine hugh at open.com.au
Tue May 22 21:35:31 CDT 2001


Hello Rustam -

As I can't find you in our customer database, could you please send me the 
registered name of the company that purchased this copy of Radiator?

thanks

Hugh


On Wednesday 23 May 2001 00:55, Povarov Rustam - Kiwwi Czech Republic wrote:
> Hello,
>
>  First - how the normal radius worked (RADIATOR):
>
> ../radpwtst -s 213.174.84.78 -secret xxx -user nocol -password xxx -trace
>
> ==== output from radius sniffer
> interface: hme0 (213.174.84.188/255.255.255.252)     filter: udp and port
> 1645 Request (ac) - 213.174.84.189:32838 -> 213.174.84.78:1645 (L91)
>   User-Name              Len  7         "nocol"
>   Service-Type           Len  6         Framed-User
>   NAS-IP-Address         Len  6         203.63.154.1
>   NAS-Port-Id            Len  6         1234
>   Called-Station-Id      Len 11         "123456789"
>   Calling-Station-Id     Len 11         "987654321"
>   NAS-Port-Type          Len  6         Async
>   Password               Len 18         "K*****B)~**B**yj"
> Accept  (ac) - 213.174.84.189:32838 <- 213.174.84.78:1645 (L20)
> ===
>
> Packet sent from local port 32838 (dynamic) to RADIUS port 1645.
> Answer came from 1645 to 32838.
>
> Now - how it worked with MIND-radius:
>
> ../radpwtst -s 213.174.84.32 -secret xxx -user 668943 -password xxx -trace
>
> ---
> sending Access-Request...
> No reply
> ---
>
> === output from radius sniffer
> Request (2d) - 213.174.84.189:32840 -> 213.174.84.32:1645 (L92)
>   User-Name              Len  8         "668943"
>   Service-Type           Len  6         Framed-User
>   NAS-IP-Address         Len  6         203.63.154.1
>   NAS-Port-Id            Len  6         1234
>   Called-Station-Id      Len 11         "123456789"
>   Calling-Station-Id     Len 11         "987654321"
>   NAS-Port-Type          Len  6         Async
>   Password               Len 18         "******B)~**B**yj"
> Reject  (2d) - 213.174.84.189:1645 <- 213.174.84.32:1645 (L38)
>   Service-Type           Len  6         0
>   Framed-Protocol        Len  6         0
>   Framed-IP-Address      Len  6         0.0.0.0
> ===
>
> (Reject - this is normal)
> Packet sent from local port 32840 (dynamic) to MIND port 1645:
> Answer from MIND came from 1645 to 1645.
>
> I changed out-port to 1001:
> MIND still send answers to port 1645.
>
> === output from radius sniffer
> Request ( 1) - 213.174.84.189:1001 -> 213.174.84.32:1645 (L92)
>   User-Name              Len  8         "668943"
>   Service-Type           Len  6         Framed-User
>   NAS-IP-Address         Len  6         203.63.154.1
>   NAS-Port-Id            Len  6         1234
>   Called-Station-Id      Len 11         "123456789"
>   Calling-Station-Id     Len 11         "987654321"
>   NAS-Port-Type          Len  6         Async
>   Password               Len 18         "******B)~**B**yj"
> Reject  ( 1) - 213.174.84.189:1645 <- 213.174.84.32:1645 (L38)
>   Service-Type           Len  6         0
>   Framed-Protocol        Len  6         0
>   Framed-IP-Address      Len  6         0.0.0.0
> ===
>
> Any application, who used RADIUS protocol, wait for answer on port,
> from which packet was sended. With MIND it's not working.
>
> Following the logfile pieces from Radiator:
>
> ===========
> *** Sending to 213.174.84.32 port 1645 ....
> Code:       Access-Request
> Identifier: 16
> Authentic:  1234567890123456
> Attributes:
>         User-Name = "668943"
>         Service-Type = Framed-User
>         NAS-IP-Address = 203.63.154.1
>         NAS-Port = 1234
>         Called-Station-Id = "123456789"
>         Calling-Station-Id = "987654321"
>         NAS-Port-Type = Async
>         User-Password =
> "<20><131><148><189><221><161>B)~<172><255>B<245><215>yj "
>
> Tue May 22 16:44:11 2001: DEBUG: Packet dump:
> *** Received from 213.174.84.32 port 1645 ....
> Code:       Access-Reject
> Identifier: 16
> Authentic:  <5><223><166>H<4>X<225><135><193>,kv<148><184><149>z
> Attributes:
>         Service-Type = Annex-Framed-Tunnel
>         Framed-Protocol = 0
>         Framed-IP-Address = 0.0.0.0
>
> Tue May 22 16:44:11 2001: ERR: No orig_authenticator supplied to
> check_authentic ator
> Tue May 22 16:44:11 2001: WARNING: Bad authenticator in request from
> 213.174.84. 32 (213.174.84.33)
>
> Tue May 22 16:44:16 2001: INFO: AuthRADIUS: No reply after 3
> retransmissions to 213.174.84.33:1645 for 668943  (216)
> Tue May 22 16:44:16 2001: INFO: AuthRADIUS could not find a working host to
> forw ard to. Ignoring
> Tue May 22 16:44:16 2001: DEBUG: Packet dump:
> *** Received from 213.174.84.33 port 1646 ....
> Code:       Accounting-Response
> Identifier: 23
> Authentic:  Oe<136><163><6>.i<156>)XY<203><1><172><19><20>
> Attributes:
>
> Tue May 22 16:44:16 2001: ERR: No orig_authenticator supplied to
> check_authentic ator
> Tue May 22 16:44:16 2001: WARNING: Bad authenticator in request from
> 213.174.84. 32 (213.174.84.33)
> Tue May 22 16:44:21 2001: INFO: AuthRADIUS: No reply after 3
> retransmissions to 213.174.84.33:1646 for 668943  (217)
> Tue May 22 16:44:21 2001: INFO: AuthRADIUS could not find a working host to
> forw ard to. Ignoring
>
> ====
>
> I tried to enable IgnoreReplySignature in <AutBy RADIUS> clause, but
> it does not help.
>
> I don't know what to do now - is it problem on my side, or in MIND
> code?
>
> Thanks in advance!

-- 
Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list