(RADIATOR) Why is Broadwing/MegaPOP not taking our access-accept?

Hugh Irvine hugh at open.com.au
Thu Nov 8 22:38:19 CST 2001 

Hello Mary -

You may have a problem with the reply attributes you are sending back 
in the access accept. You will have to check with your provider to 
ascertain what attributes are in fact required to successfully start 
a session. I also seem to remember some discussion about MegaPOP on 
the list some time ago, so you should check the archive site and do a 
search (www.open.com.au/archives/radiator).

In answer to your questions below, you should be using the standard 
dictionary to begin with and add or delete whatever is required using 
your favourite text editor. The standard dictionary is a compendium 
of most of the others and should work in the majority of cases.

The "Deleting session ..." message is from the session management 
code in Radiator that does an initial delete from the session 
database when an access request is received. This is because we may 
have missed a stop record and there may be a stale entry which needs 
to be cleaned up.

If you have any further questions, please don't hesitate to ask.

regards

Hugh

btw - we tend to be in different time zones to you, so response times will vary



At 13:22 -0500 01/11/8, radiator wrote:
>You will probably think this is almost an FAQ issue, but I can't 
>find an FAQ entry for authenticating through a US nationwide dialup 
>provider like the Broadwing/MegaPOP proxy system using realms. 
>Please, if anyone can offer us a reason/solution for why users are 
>getting rejected by the Broadwing proxy server after apparently 
>Radiator sends an Access-Accept packet, we would deeply appreciate 
>it! :-)  A Macintosh user using the latest Powerbook G4 says his 
>connection is rejected by the remote server after speed is 
>negotiated and PPP starts.
>
>The Level 4 debug is appended below, followed by our radius.cfg
>
>This is an Active State PERL on WinNT4.0 installation, and of course 
>it passed all its startup testing using the Radiator tools.  I don't 
>understand what the "Deleting session..." entry is in the debug 
>output, or where it comes from since it comes before the 
>Access-Accept packet is logged as sent.
>
>We tried both the default dictionary and the ascend dictionary - no change.
>
>Thanks! - Mary Grace
>*****************************************************************
>
>
>*** Received from 216.143.197.130 port 34691 ....
>
>Code:       Access-Request
>Identifier: 1
>Authentic:  o<178><180>SOP<224>e<249><206>64<18><13>E?
>Attributes:
>	User-Name = "brwtest at xxxx.net"
>	User-Password = "y<3><7><7><215>M<172>*<3>R<246><201>=<30><239>W"
>	NAS-Identifier = "216.140.14.60"
>	NAS-Port = 17694981
>	Service-Type = Framed-User
>	Framed-Protocol = PPP
>	Client-Port-DNIS = "xxxxxxxxxx"
>	Caller-Id = "xxxxxxxxxx"
>	NAS-Port-Type = Async
>	Ascend-Data-Rate = 26400
>	Ascend-PreSession-Time = 27
>	Ascend-Xmit-Rate = 50667
>
>Thu Nov  8 12:51:57 2001: DEBUG: Handling request with Handler 
>'Realm=xxxx.net'
>Thu Nov  8 12:51:57 2001: DEBUG: Rewrote user name to brwtest at xxxx.net
>Thu Nov  8 12:51:57 2001: DEBUG:  Deleting session for 
>brwtest at xxxx.net, 216.140.14.60, 17694981
>Thu Nov  8 12:51:57 2001: DEBUG: Handling with Radius::AuthFILE:
>Thu Nov  8 12:51:57 2001: DEBUG: Radius::AuthFILE looks for match 
>with brwtest at xxxx.net
>Thu Nov  8 12:51:57 2001: ERR: Attribute number 79 is not defined in 
>your dictionary
>Thu Nov  8 12:51:57 2001: DEBUG: Radius::AuthFILE ACCEPT:
>Thu Nov  8 12:51:57 2001: DEBUG: Access accepted for brwtest at xxxx.net
>Thu Nov  8 12:51:57 2001: DEBUG: Packet dump:
>*** Sending to 216.143.197.130 port 34691 ....
>
>Code:       Access-Accept
>Identifier: 1
>Authentic:  o<178><180>SOP<224>e<249><206>64<18><13>E?
>Attributes:
>	Service-Type = Framed-User
>	Framed-Protocol = PPP
>
>************************************************
>Foreground
>LogStdout
>Trace 5
>PidFile     D:\raddb\radiusd.pid
>AuthPort    1645
>AcctPort    1646
>LogDir D:\radlogs
>DbDir D:\raddb
>LogFile          %L/logfile.log
>DictionaryFile %D/dictionary.ascend
><Client 216.143.197.2> 
>Secret xxx
></Client>
><Client 216.143.198.2> 
>Secret xxx
></Client>
><Client 216.143.197.130>    
>Secret xxx
></Client>
><Client 216.143.193.146>    
>Secret xxx
></Client>
><Client 216.143.242.162>
>Secret xxx
></Client>
><Realm xxxx.net>
>RewriteUsername  tr/[A-Z]/[a-z]/
>MaxSessions 5
>AcctLogFileName  %L/detail.log
>PasswordLogFileName %L/password.log
><AuthBy FILE>
>Filename    D:\raddb\users.wri
>DefaultSimultaneousUse 2
>RejectEmptyPassword
></AuthBy>
></Realm>
><Log FILE>
>Filename %L/backuplog.log
>Trace 4
></Log>

-- 

NB: I am travelling this week, so there may be delays in our correspondence.

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc.
Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.open.com.au/pipermail/radiator/attachments/20011109/b0377e3a/attachment.html>

More information about the radiator mailing list