(RADIATOR) WARNING: Bad EAP Message-Authenticator
Dave Albertson
wavey at intercom.net
Wed Sep 19 11:46:25 CDT 2001
Trying to set up a new install of Radiator 2.18.4.
Would like requests to go through a user file to get reply attributes then
to be authed via system as the users all have local accounts on the same
solaris box.
It works as it should so long as I use radpwtst but when I point a bay 5399
RAC at the radius server start getting
WARNING: Bad EAP Message-Authenticator
WARNING: Bad authenticator in request from DEFAULT (216.240.100.231)
I know that the shared secret is correct. The radius server handles
accounting just fine for radpwtst and the bay rac. Any ideas ? Please
help.
Thank you in advance!
included is
config file (radius.cfg)
user file
radpwtst trace 4
real security requests from bay rac trace 4
RADIUS.CFG
################################################
Foreground
LogStdout
Trace 4
DbDir /etc/Radiator
LogDir /var/adm
LogFile /var/adm/radiusd.log
BindAddress 216.240.106.10
PidFile /etc/Radiator/radiusd.pid
RewriteUsername tr/-A-Za-z0-9_\.\@//cd
<Log FILE>
Filename /var/adm/radius.log
</Log FILE>
<Client localhost>
Secret xxxxxx
</Client>
<Client DEFAULT>
NasType Bay
Secret xxxxxx
</Client>
<Handler>
AuthByPolicy ContinueAlways
<AuthBy FILE>
Filename /etc/Radiator/users
AddToReply NAS-Port=0
</AuthBy>
# Log accounting to the detail file in LogDir
AcctLogFileName /var/adm/radacct/%N/detail
PasswordLogFileName /var/adm/radius.log
ExcludeFromPasswordLog root admin ronh kennethj ward wavey
</Handler>
<AuthBy SYSTEM>
Identifier System
UseGetspnamf
</AuthBy>
#######################################################
USERS
wavey Auth-Type = System
Service-Type = Framed-User,
Session-Timeout = 28800,
Idle-Timeout = 900,
Framed-Protocol = PPP,
Framed-IP-Address = 216.240.110.251,
Framed-Routing = None,
Framed-MTU = 1500,
Framed-Compression = Van-Jacobson-TCP-IP
DEFAULT Auth-Type = System, Simultaneous-Use = 1
Session-Timeout = 28800,
Idle-Timeout = 900,
Framed-IP-Address = 255.255.255.254,
Framed-MTU = 1500,
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-Compression = Van-Jacobson-TCP-IP
#############################################################
TRACE 4 W/ radpwtst -user wavey -password xxxx
Radiator> sudo perl ./radiusd -config_file radius.cfg -dictionary_file
dictionary
Wed Sep 19 12:11:40 2001: DEBUG: Reading users file /etc/Radiator/users
Wed Sep 19 12:11:42 2001: INFO: Server started: Radiator 2.18.4 on urchin
Wed Sep 19 12:12:41 2001: DEBUG: Packet dump:
*** Received from 216.240.106.3 port 36119 ....
Code: Access-Request
Identifier: 160
Authentic: 1234567890123456
Attributes:
User-Name = "wavey"
Service-Type = Framed-User
NAS-IP-Address = 203.63.154.1
NAS-Port = 1234
Called-Station-Id = "123456789"
Calling-Station-Id = "987654321"
NAS-Port-Type = Async
User-Password =
"N<214><203><168><193>S<163>B<199><240><248><160><254><239><232>'"
Wed Sep 19 12:12:41 2001: DEBUG: Rewrote user name to wavey
Wed Sep 19 12:12:41 2001: DEBUG: Check if Handler should be used to handle
this request
Wed Sep 19 12:12:41 2001: DEBUG: Handling request with Handler ''
Wed Sep 19 12:12:41 2001: DEBUG: Deleting session for wavey, 203.63.154.1,
1234
Wed Sep 19 12:12:41 2001: DEBUG: Handling with Radius::AuthFILE:
Wed Sep 19 12:12:41 2001: DEBUG: Radius::AuthFILE looks for match with wavey
Wed Sep 19 12:12:41 2001: DEBUG: Radius::AuthFILE looks for match with
DEFAULT
Wed Sep 19 12:12:41 2001: DEBUG: Handling with Radius::AuthSYSTEM: System
Wed Sep 19 12:12:42 2001: DEBUG: getpwnam got wavey, KpYDRRUwrn6Hc, 896, 10,
, David Albertson,001004, David Albertson,001004, /export/home/w/wavey,
/usr/local/bin/tcsh, -1
Wed Sep 19 12:12:42 2001: DEBUG: Radius::AuthSYSTEM looks for match with
wavey
Wed Sep 19 12:12:42 2001: DEBUG: Radius::AuthSYSTEM ACCEPT:
Wed Sep 19 12:12:42 2001: DEBUG: Radius::AuthFILE ACCEPT:
Wed Sep 19 12:12:42 2001: DEBUG: Access accepted for wavey
Wed Sep 19 12:12:42 2001: DEBUG: Packet dump:
*** Sending to 216.240.106.3 port 36119 ....
Code: Access-Accept
Identifier: 160
Authentic: 1234567890123456
Attributes:
Framed-IP-Address = 255.255.255.254
Session-Timeout = 28800
Idle-Timeout = 900
Framed-MTU = 1500
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-Compression = Van-Jacobson-TCP-IP
NAS-Port = 0
Wed Sep 19 12:12:42 2001: DEBUG: Packet dump:
##################################################################
TRACE 4 from bay annex 5399 RAC (Real requests from customers)
Wed Sep 19 12:17:04 2001: DEBUG: Reading users file /etc/Radiator/users
Wed Sep 19 12:17:06 2001: INFO: Server started: Radiator 2.18.4 on urchin
Wed Sep 19 12:17:32 2001: DEBUG: Packet dump:
*** Received from 216.240.100.231 port 1576 ....
Code: Access-Request
Identifier: 250
Authentic: <156>p<9><146><129><192><7>vf<16><6>\K`<4><0>
Attributes:
User-Name = "billsue1"
User-Password =
"7<15><142>6<193>3<181><167><228><131><20><140><166>[<206><133>"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-IP-Address = 216.240.100.231
Framed-IP-Address = 216.240.100.1
NAS-Port = 28
Annex-Port = 20101
NAS-Port-Type = Async
Connect-Info = "42666 28800 V.90"
Annex-Transmit-Speed = 42666
Annex-Receive-Speed = 28800
Annex-Wan-Number = 1
Annex-Logical-Channel-Number = 8
Called-Station-Id = "8240550"
Calling-Station-Id = "7573365256"
Message-Authenticator =
<5><251><224>yL<205>.<129><149>:D<29>V\<134>v
Wed Sep 19 12:17:32 2001: DEBUG: Rewrote user name to billsue1
Wed Sep 19 12:17:32 2001: WARNING: Bad EAP Message-Authenticator
Wed Sep 19 12:17:32 2001: WARNING: Bad authenticator in request from DEFAULT
(216.240.100.231)
Wed Sep 19 12:17:38 2001: DEBUG: Packet dump:
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list