(RADIATOR) Not hitting the correct group

Hugh Irvine hugh at open.com.au
Wed May 23 18:40:19 CDT 2001 

Hello Keith -

The log file shown below indicates a problem with your Client clauses - you 
are receiving requests from an unknown Client - ie. a NAS that does not have 
a corresponding Client definition in the Radiator configuration file.

Also, you should set up your DEFAULT users like this:

DEFAULT NAS-Port-Type = Async, Auth-Type = System, Group = dxd00

Which will check the NAS-Port-Type first, before anything else.

hth

Hugh

On Thursday 24 May 2001 07:28, Keith Olmstead wrote:
> Ok,
>
> Just so everybody had all the information.  I am unable to get a dialup
> account to work with a certain group.  It by passes it and ends up
> authenticating off the default group.  Here are the 2 groups:
>
> # Default Dial-Up PPP user with X-Stop
> DEFAULT Auth-Type = System, Group = dxd00, NAS-Port-Type = Async
>          Service-Type = Framed-User,
>          Framed-Protocol = PPP,
>          Framed-IP-Address = 255.255.255.254,
>          Framed-IP-Netmask = 255.255.255.255,
>          Reply-Message="choice: ",
>          Port-Limit = 1,
>          Idle-Timeout = 1200,
>          Session-Timeout = 28800,
>          cisco-avpair = "lcp:interface-config=ip policy route-map faccess",
>          Filter-Id = "xstop.sec",
>          Class = dxd00
>
> # Default Dial-Up PPP User System Profile
> DEFAULT Auth-Type = System, NAS-Port-Type = Async
>          Service-Type = Framed-User,
>          Framed-Protocol = PPP,
>          Framed-IP-Address = 255.255.255.254,
>          Framed-IP-Netmask = 255.255.255.255,
>          Reply-Message="choice: ",
>          Port-Limit = 1,
>          Idle-Timeout = 1200,
>          Session-Timeout = 28800,
>          Class = default
>
> Here is also a trace 4 debug on radius when dialing in.  As you can see it
> is not even looking for the groups.
>
> Wed May 23 16:22:20 2001: DEBUG: Rewrote user name to ctnxxxxx
> Wed May 23 16:22:20 2001: DEBUG: Rewrote user name to ctnxxxxx
> Wed May 23 16:22:20 2001: NOTICE: Request from unknown client
> xxx.xxx.xxx.xxx: ignored
> Wed May 23 16:22:32 2001: DEBUG: Reading users file /etc/raddb/users
> Wed May 23 16:22:52 2001: DEBUG: Reading group file /etc/group
> Wed May 23 16:22:59 2001: DEBUG: Reading users file /etc/raddb/users
> Wed May 23 16:23:19 2001: DEBUG: Reading group file /etc/group
> Wed May 23 16:23:21 2001: DEBUG: Packet dump:
> *** Received from xxx.xxx.xxx.xxx port 1036 ....
> Code:       Accounting-Request
> Identifier: 27
> Authentic:  <159><142><150>yf<207><159><24><11>J<222>KH$,<13>
> Attributes:
>          Acct-Session-Id = "22000008"
>          User-Name = "ctnxxxxx"
>          NAS-IP-Address = xxx.xxx.xxx.xxx
>          NAS-Port = 0
>          NAS-Port-Type = Async
>          Acct-Status-Type = Start
>          Acct-Authentic = RADIUS
>          Connect-Info = "26400 LAPM/V42BIS"
>          Called-Station-Id = "xxxxxx"
>          Calling-Station-Id = "xxxxxxxxxx"
>          Class = "default"
>          Service-Type = Framed-User
>          Framed-Protocol = PPP
>          Framed-IP-Address = xxx.xxx.xxx.xxx
>          Acct-Delay-Time = 0
>
> Wed May 23 16:23:21 2001: DEBUG: Rewrote user name to ctnxxxxx
> Wed May 23 16:23:21 2001: DEBUG: Rewrote user name to ctnxxxxx
> Wed May 23 16:23:21 2001: NOTICE: Request from unknown client
> xxx.xxx.xxx.xxx: ignored
> Wed May 23 16:23:25 2001: DEBUG: Reading users file /etc/raddb/users
> Wed May 23 16:23:38 2001: DEBUG: Packet dump:
> *** Received from xxx.xxx.xxx.xxx port 1036 ....
> Code:       Accounting-Request
> Identifier: 28
> Authentic:  wZ`<9>&`<13><153><155><205><1>_<190>9d<166>
> Attributes:
>          Acct-Session-Id = "22000008"
>          User-Name = "ctnxxxxx"
>          NAS-IP-Address = xxx.xxx.xxx.xxx
>          NAS-Port = 0
>          NAS-Port-Type = Async
>          Acct-Status-Type = Stop
>          Acct-Session-Time = 17
>          Acct-Authentic = RADIUS
>          Connect-Info = "26400 LAPM/V42BIS"
>          Acct-Input-Octets = 6262
>          Acct-Output-Octets = 682
>          Called-Station-Id = "xxxxxx"
>          Calling-Station-Id = "xxxxxxxxxx"
>          Class = "default"
>          Acct-Terminate-Cause = User-Request
>          LE-Terminate-Detail = "User Request - PPP Term Req"
>          Service-Type = Framed-User
>          Framed-Protocol = PPP
>          Framed-IP-Address = xxx.xxx.xxx.xxx
>          Acct-Delay-Time = 0
>
> Wed May 23 16:23:38 2001: DEBUG: Rewrote user name to ctn83410
> Wed May 23 16:23:38 2001: DEBUG: Rewrote user name to ctn83410
> Wed May 23 16:23:38 2001: NOTICE: Request from unknown client
> 209.142.136.22: ignored
>
> This is what I have in my radtest.cfg
>
> <Realm>
>        <AuthBy FILE>
>          # The filename defaults to %D/users
>         </AuthBy>
>          # Log accounting to the detail file in LogDir
>         AcctLogFileName %L/%N/detail
> </Realm>
> #
> <Realm DEFAULT>
>        <AuthBy UNIX>
>          Identifier System
>          Filename /etc/shadow
>          GroupFilename /etc/group
>        </AuthBy>
>         AcctLogFileName %L/%N/detail
> </Realm>
> #
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.

-- 
Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list