(RADIATOR) Steel Belter Radius Shared Secret Problem

Hugh Irvine hugh at open.com.au
Mon Sep 24 19:28:34 CDT 2001 

Hello Leon -

On Tuesday 25 September 2001 07:26, Leon Oosterwijk wrote:
> All,
>
> I'm trying to setup my radiator to anwer a Steel Belter Radius server (SBR)
> who forwars requests to me. And vica verca. So far this has not working
> very well.
>
> The scenario's:
>
> 1: Radiator Server sends a Request to the SBR server
> 2: SBR Server sends a request to Radiator Server
>
> In scenario 1 Radiator gets a reply back from SBR telling it if the user
> authenticated or not
> In Scenario 2 Radiator sends a packet to the SBR telling if if the user
> authenticated or not: The SBR server ignores the packet because it thinks
> the signature is invalid.
>
> Following is a packet dump from the SBR:
>
> 09/24/2001 17:10:09 Received from: ip=216.153.4.22 port=1645
> 09/24/2001 17:10:09
> 09/24/2001 17:10:09 Raw Packet :
> 09/24/2001 17:10:09 000: 0203004a 5da36ead 526dde28 945837ab
>
> |...J].n.Rm.(.X7.|
>
> 09/24/2001 17:10:09 010: 9628b52c da060000 00030806 fffffffe
>
> |.(.,............|
>
> 09/24/2001 17:10:09 020: 06060000 00020706 00000001 0906ffff
>
> |................|
>
> 09/24/2001 17:10:09 030: ffff0d06 00000001 0c060000 05dcf406
>
> |................|
>
> 09/24/2001 17:10:09 040: 000004b0 80060000 0001              |..........
>
> 09/24/2001 17:10:09
> 09/24/2001 17:10:09
> -----------------------------------------------------------
> 09/24/2001 17:10:09 Proxy: Discarding response due to invalid signature
> 09/24/2001 17:10:09 Stale Proxy: ID #3, nPortIndex #0
>
> I have in my logs where Radiator sends the packet away. It seems strange
> that Radiator can authenticate against the SBR but that the SBR cannot
> authenticate against the Radiator server. The secret was changed multiple
> times. Strangely this will randomly work for short periods of time, but
> never longer than 5 minutes. We have tried using both CHAP and PAP.
>
> Can anyone figure out why SBR will not accept packets from Radiator
> correctely?
>

I will need to see the Radiator configuration file, together with a trace 4 
debug showing what is happening.

I will also need a clear explanation of what is supposed to be happening.

Don't forget that there are two different pairs of shared secrets. One pair 
between the SBR as a client, and Radiator as the server, and the other pair 
between Radiator as the client and the SBR as the server.

regards

Hugh


-- 
Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list