(RADIATOR) bad eap snoop & trace

Dave Albertson wavey at intercom.net
Tue Sep 25 16:12:06 CDT 2001


Hello fellas,
Attached is a verbose snoop port 1645  and a trace 5 on Radiator.
also here again is the radius.cfg being used and a radpwtst working w/ it
Thank you very much for taking the time!


RADPSTST~~~~~~~~~~~~~~~~
wavey at seamist:~> sudo ./radpwtst -user radius -password radius
Password:
sending Access-Request...
OK
sending Accounting-Request Start...
OK
sending Accounting-Request Stop...
OK



RADIUS.CFG~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
wavey at urchin:Radiator> cat radius.cfg
Foreground
LogStdout
Trace   5
DbDir           /etc/Radiator
LogDir          /var/adm
LogFile         /var/adm/radiusd.log
BindAddress     216.240.106.10

PidFile         /etc/Radiator/radiusd.pid
RewriteUsername tr/-A-Za-z0-9_\.\@//cd
# This clause defines a single client to listen to
# You will probably want to change localhost and mysecret
# to suit your site.
<Log FILE>
        Filename        /var/adm/radius.log
</Log FILE>

<Client localhost>
        Secret  xxxxx
</Client>

<Client DEFAULT>
        NasType Bay
        IgnoreAcctSignature
        Secret   xxxxx
</Client>

<Handler>

        AuthByPolicy    ContinueAlways

# leave <authby file> out for now till we can get through EAP prob
# for the sake of simplifying

#       <AuthBy FILE>
#               EAPType One-Time-Password
#               Filename /etc/Radiator/users
#               AddToReply NAS-Port=0
#       </AuthBy>

<AuthBy SYSTEM>
        Identifier System
        UseGetspnamf
</AuthBy>

        # Log accounting to the detail file in LogDir
        AcctLogFileName /var/adm/radacct/%N/detail
        PasswordLogFileName     /var/adm/radius.log
        ExcludeFromPasswordLog root admin ronh kennethj ward wavey
</Handler>



SNOOP~~~~~~~~~~~~~~~~~~~
wavey at urchin:/etc> sudo snoop -v port 1645
Using device /dev/le (promiscuous mode)
ETHER:  ----- Ether Header -----
ETHER:
ETHER:  Packet 1 arrived at 22:01:56.20
ETHER:  Packet size = 240 bytes
ETHER:  Destination = 8:0:20:7b:4c:b, Sun
ETHER:  Source      = 0:d0:97:d3:84:0,
ETHER:  Ethertype = 0800 (IP)
ETHER:
IP:   ----- IP Header -----
IP:
IP:   Version = 4
IP:   Header length = 20 bytes
IP:   Type of service = 0x00
IP:         xxx. .... = 0 (precedence)
IP:         ...0 .... = normal delay
IP:         .... 0... = normal throughput
IP:         .... .0.. = normal reliability
IP:   Total length = 226 bytes
IP:   Identification = 36424
IP:   Flags = 0x0
IP:         .0.. .... = may fragment
IP:         ..0. .... = last fragment
IP:   Fragment offset = 0 bytes
IP:   Time to live = 25 seconds/hops
IP:   Protocol = 17 (UDP)
IP:   Header checksum = 91ef
IP:   Source address = 216.240.100.232, accomack2.intercom.net
IP:   Destination address = 216.240.106.10, rad1.intercom.net
IP:   No options
IP:
UDP:  ----- UDP Header -----
UDP:
UDP:  Source port = 2436
UDP:  Destination port = 1645
UDP:  Length = 206
UDP:  Checksum = C670
UDP:

ETHER:  ----- Ether Header -----
ETHER:
ETHER:  Packet 2 arrived at 22:01:58.27
ETHER:  Packet size = 78 bytes
ETHER:  Destination = 0:d0:97:d3:84:0,
ETHER:  Source      = 8:0:20:7b:4c:b, Sun
ETHER:  Ethertype = 0800 (IP)
ETHER:
IP:   ----- IP Header -----
IP:
IP:   Version = 4
IP:   Header length = 20 bytes
IP:   Type of service = 0x00
IP:         xxx. .... = 0 (precedence)
IP:         ...0 .... = normal delay
IP:         .... 0... = normal throughput
IP:         .... .0.. = normal reliability
IP:   Total length = 64 bytes
IP:   Identification = 39753
IP:   Flags = 0x4
IP:         .1.. .... = do not fragment
IP:         ..0. .... = last fragment
IP:   Fragment offset = 0 bytes
IP:   Time to live = 255 seconds/hops
IP:   Protocol = 17 (UDP)
IP:   Header checksum = 5f8f
IP:   Source address = 216.240.106.10, rad1.intercom.net
IP:   Destination address = 216.240.100.232, accomack2.intercom.net
IP:   No options
IP:
UDP:  ----- UDP Header -----
UDP:
UDP:  Source port = 1645
UDP:  Destination port = 2436
UDP:  Length = 44
UDP:  Checksum = 561C
UDP:

ETHER:  ----- Ether Header -----
ETHER:
ETHER:  Packet 3 arrived at 22:01:58.40
ETHER:  Packet size = 244 bytes
ETHER:  Destination = 8:0:20:7b:4c:b, Sun
ETHER:  Source      = 0:d0:97:d3:84:0,
ETHER:  Ethertype = 0800 (IP)
ETHER:
IP:   ----- IP Header -----
IP:
IP:   Version = 4
IP:   Header length = 20 bytes
IP:   Type of service = 0x00
IP:         xxx. .... = 0 (precedence)
IP:         ...0 .... = normal delay
IP:         .... 0... = normal throughput
IP:         .... .0.. = normal reliability
IP:   Total length = 230 bytes
IP:   Identification = 53142
IP:   Flags = 0x0
IP:         .0.. .... = may fragment
IP:         ..0. .... = last fragment
IP:   Fragment offset = 0 bytes
IP:   Time to live = 25 seconds/hops
IP:   Protocol = 17 (UDP)
IP:   Header checksum = 509e
IP:   Source address = 216.240.100.231, accomack1.intercom.net
IP:   Destination address = 216.240.106.10, rad1.intercom.net
IP:   No options
IP:
UDP:  ----- UDP Header -----
UDP:
UDP:  Source port = 2523
UDP:  Destination port = 1645
UDP:  Length = 210
UDP:  Checksum = F925
UDP:

ETHER:  ----- Ether Header -----
ETHER:
ETHER:  Packet 4 arrived at 22:01:59.96
ETHER:  Packet size = 78 bytes
ETHER:  Destination = 0:d0:97:d3:84:0,
ETHER:  Source      = 8:0:20:7b:4c:b, Sun
ETHER:  Ethertype = 0800 (IP)
ETHER:
IP:   ----- IP Header -----
IP:
IP:   Version = 4
IP:   Header length = 20 bytes
IP:   Type of service = 0x00
IP:         xxx. .... = 0 (precedence)
IP:         ...0 .... = normal delay
IP:         .... 0... = normal throughput
IP:         .... .0.. = normal reliability
IP:   Total length = 64 bytes
IP:   Identification = 47208
IP:   Flags = 0x4
IP:         .1.. .... = do not fragment
IP:         ..0. .... = last fragment
IP:   Fragment offset = 0 bytes
IP:   Time to live = 255 seconds/hops
IP:   Protocol = 17 (UDP)
IP:   Header checksum = 4271
IP:   Source address = 216.240.106.10, rad1.intercom.net
IP:   Destination address = 216.240.100.231, accomack1.intercom.net
IP:   No options
IP:
UDP:  ----- UDP Header -----
UDP:
UDP:  Source port = 1645
UDP:  Destination port = 2523
UDP:  Length = 44
UDP:  Checksum = 6ED7
UDP:

ETHER:  ----- Ether Header -----
ETHER:
ETHER:  Packet 5 arrived at 22:02:1.40
ETHER:  Packet size = 244 bytes
ETHER:  Destination = 8:0:20:7b:4c:b, Sun
ETHER:  Source      = 0:d0:97:d3:84:0,
ETHER:  Ethertype = 0800 (IP)
ETHER:
IP:   ----- IP Header -----
IP:
IP:   Version = 4
IP:   Header length = 20 bytes
IP:   Type of service = 0x00
IP:         xxx. .... = 0 (precedence)
IP:         ...0 .... = normal delay
IP:         .... 0... = normal throughput
IP:         .... .0.. = normal reliability
IP:   Total length = 230 bytes
IP:   Identification = 53166
IP:   Flags = 0x0
IP:         .0.. .... = may fragment
IP:         ..0. .... = last fragment
IP:   Fragment offset = 0 bytes
IP:   Time to live = 25 seconds/hops
IP:   Protocol = 17 (UDP)
IP:   Header checksum = 5086
IP:   Source address = 216.240.100.231, accomack1.intercom.net
IP:   Destination address = 216.240.106.10, rad1.intercom.net
IP:   No options
IP:
UDP:  ----- UDP Header -----
UDP:
UDP:  Source port = 2524
UDP:  Destination port = 1645
UDP:  Length = 210
UDP:  Checksum = F904
UDP:




TRACE5~~~~~~~~~~~~~~~~~~~~~~~~~~
wavey at mailgw:~> cat trace5
Mon Sep 24 22:01:56 2001: DEBUG: Packet dump:
*** Received from 216.240.100.232 port 2436 ....

Packet length = 198
01 aa 00 c6 2a 50 02 21 18 40 01 10 08 40 ff ff
f8 40 0f 00 01 06 6b 69 6b 69 02 12 eb ec 1c cd
01 57 9e 7f 06 0c 3a 73 c8 78 01 c7 06 06 00 00
00 02 07 06 00 00 00 01 04 06 d8 f0 64 e8 08 06
d8 f0 64 33 05 06 00 00 00 24 1a 0c 00 00 06 30
53 06 00 00 4e 89 3d 06 00 00 00 00 4d 13 35 33
33 33 33 20 20 31 39 32 30 30 20 56 2e 39 30 1a
0c 00 00 06 30 32 06 00 00 d0 55 1a 0c 00 00 06
30 33 06 00 00 4b 00 1a 0c 00 00 06 30 52 06 00
00 00 01 1a 0c 00 00 06 30 51 06 00 00 00 0a 1e
09 37 38 37 37 33 30 30 1f 0c 37 35 37 34 34 32
32 34 33 33 50 12 81 34 61 f0 2a d7 9c 48 b3 08
74 ae fd 2a df 81
Code:       Access-Request
Identifier: 170
Authentic:  *P<2>!<24>@<1><16><8>@<255><255><248>@<15><0>
Attributes:
        User-Name = "kiki"
        User-Password =
"<235><236><28><205><1>W<158><127><6><12>:s<200>x<1><199>"
        Service-Type = Framed-User
        Framed-Protocol = PPP
        NAS-IP-Address = 216.240.100.232
        Framed-IP-Address = 216.240.100.51
        NAS-Port = 36
        Annex-Port = 20105
        NAS-Port-Type = Async
        Connect-Info = "53333  19200 V.90"
        Annex-Transmit-Speed = 53333
        Annex-Receive-Speed = 19200
        Annex-Wan-Number = 1
        Annex-Logical-Channel-Number = 10
        Called-Station-Id = "7877300"
        Calling-Station-Id = "7574422433"
        Message-Authenticator =
<129>4a<240>*<215><156>H<179><8>t<174><253>*<223><129>

Mon Sep 24 22:01:56 2001: DEBUG: Rewrote user name to kiki
Mon Sep 24 22:01:56 2001: DEBUG: Check if Handler  should be used to handle
this request
Mon Sep 24 22:01:56 2001: DEBUG: Handling request with Handler ''
Mon Sep 24 22:01:56 2001: DEBUG:  Deleting session for kiki,
216.240.100.232, 36
Mon Sep 24 22:01:56 2001: DEBUG: Handling with Radius::AuthSYSTEM: System
Mon Sep 24 22:01:57 2001: DEBUG: getpwnam got kiki, VTfI7pzmvh1lM, 26464,
9002, , Clark Lovelady,010809, Clark
Lovelady,010809, /export/home/k/kiki, /ftponly, -1
Mon Sep 24 22:01:57 2001: DEBUG: Radius::AuthSYSTEM looks for match with
kiki
Mon Sep 24 22:01:57 2001: DEBUG: Handling with EAP
Mon Sep 24 22:01:57 2001: DEBUG: Radius::AuthSYSTEM REJECT: Missing
EAP-Message
Mon Sep 24 22:01:58 2001: INFO: Access rejected for kiki: Missing
EAP-Message
Mon Sep 24 22:01:58 2001: DEBUG: Packet dump:
*** Sending to 216.240.100.232 port 2436 ....

Packet length = 36
03 aa 00 24 fe 2f fc fc f4 28 3c a5 ac f6 24 73
d5 ab 7a 24 12 10 52 65 71 75 65 73 74 20 44 65
6e 69 65 64
Code:       Access-Reject
Identifier: 170
Authentic:  *P<2>!<24>@<1><16><8>@<255><255><248>@<15><0>
Attributes:
        Reply-Message = "Request Denied"

Mon Sep 24 22:01:58 2001: DEBUG: Packet dump:
*** Received from 216.240.100.231 port 2523 ....

Packet length = 202
01 f9 00 ca 7d 70 07 72 61 c0 05 57 46 10 04 3c
2c 60 02 00 01 0a 74 72 73 63 68 65 73 74 02 12
2e e9 1a be 7e 49 0a fc cd 02 4f 0f 30 27 8f 68
06 06 00 00 00 02 07 06 00 00 00 01 04 06 d8 f0
64 e7 08 06 d8 f0 64 1c 05 06 00 00 00 2a 1a 0c
00 00 06 30 53 06 00 00 4e ed 3d 06 00 00 00 00
4d 13 34 35 33 33 33 20 20 32 34 30 30 30 20 56
2e 39 30 1a 0c 00 00 06 30 32 06 00 00 b1 15 1a
0c 00 00 06 30 33 06 00 00 5d c0 1a 0c 00 00 06
30 52 06 00 00 00 02 1a 0c 00 00 06 30 51 06 00
00 00 15 1e 09 38 32 34 30 35 35 30 1f 0c 37 35
37 36 36 35 34 38 35 34 50 12 34 f2 b8 ad 1d 0f
78 bf 1e 72 37 ac ba c7 6b 19
Code:       Access-Request
Identifier: 249
Authentic:  }p<7>ra<192><5>WF<16><4><,`<2><0>
Attributes:
        User-Name = "trschest"
        User-Password = ".<233><26><190>~I<10><252><205><2>O<15>0'<143>h"
        Service-Type = Framed-User
        Framed-Protocol = PPP
        NAS-IP-Address = 216.240.100.231
        Framed-IP-Address = 216.240.100.28
        NAS-Port = 42
        Annex-Port = 20205
        NAS-Port-Type = Async
        Connect-Info = "45333  24000 V.90"
        Annex-Transmit-Speed = 45333
        Annex-Receive-Speed = 24000
        Annex-Wan-Number = 2
        Annex-Logical-Channel-Number = 21
        Called-Station-Id = "8240550"
        Calling-Station-Id = "7576654854"
        Message-Authenticator =
4<242><184><173><29><15>x<191><30>r7<172><186><199>k<25>

Mon Sep 24 22:01:58 2001: DEBUG: Rewrote user name to trschest
Mon Sep 24 22:01:58 2001: DEBUG: Check if Handler  should be used to handle
this request
Mon Sep 24 22:01:58 2001: DEBUG: Handling request with Handler ''
Mon Sep 24 22:01:58 2001: DEBUG:  Deleting session for trschest,
216.240.100.231, 42
Mon Sep 24 22:01:58 2001: DEBUG: Handling with Radius::AuthSYSTEM: System
Mon Sep 24 22:01:59 2001: DEBUG: getpwnam got trschest, EPWk.FI3iQ3Ec,
16633, 9002, , McCready, Tommy,000115, McCready,
Tommy,000115, /export/home/t/trschest, /ftponly, -1
Mon Sep 24 22:01:59 2001: DEBUG: Radius::AuthSYSTEM looks for match with
trschest
Mon Sep 24 22:01:59 2001: DEBUG: Handling with EAP
Mon Sep 24 22:01:59 2001: DEBUG: Radius::AuthSYSTEM REJECT: Missing
EAP-Message
Mon Sep 24 22:01:59 2001: INFO: Access rejected for trschest: Missing
EAP-Message
Mon Sep 24 22:01:59 2001: DEBUG: Packet dump:
*** Sending to 216.240.100.231 port 2523 ....

Packet length = 36
03 f9 00 24 3d b7 0e 74 95 be 8c af 57 23 60 d7
58 d4 b4 6c 12 10 52 65 71 75 65 73 74 20 44 65
6e 69 65 64
Code:       Access-Reject
Identifier: 249
Authentic:  }p<7>ra<192><5>WF<16><4><,`<2><0>
Attributes:
        Reply-Message = "Request Denied"

Mon Sep 24 22:02:01 2001: DEBUG: Packet dump:
*** Received from 216.240.100.231 port 2524 ....

Packet length = 202
01 fa 00 ca e1 b0 0d d6 c5 ff 0c bb aa 50 0a a0
8f a0 08 00 01 0a 74 72 73 63 68 65 73 74 02 12
15 e6 78 9d 6c 80 e5 43 18 d2 70 a2 47 e8 4d ec
06 06 00 00 00 02 07 06 00 00 00 01 04 06 d8 f0
64 e7 08 06 d8 f0 64 1c 05 06 00 00 00 2a 1a 0c
00 00 06 30 53 06 00 00 4e ed 3d 06 00 00 00 00
4d 13 34 35 33 33 33 20 20 32 34 30 30 30 20 56
2e 39 30 1a 0c 00 00 06 30 32 06 00 00 b1 15 1a
0c 00 00 06 30 33 06 00 00 5d c0 1a 0c 00 00 06
30 52 06 00 00 00 02 1a 0c 00 00 06 30 51 06 00
00 00 15 1e 09 38 32 34 30 35 35 30 1f 0c 37 35
37 36 36 35 34 38 35 34 50 12 bd 65 ca d9 7f 88
70 12 60 ac d8 66 46 68 0d 08
Code:       Access-Request
Identifier: 250
Authentic:
<225><176><13><214><197><255><12><187><170>P<10><160><143><160><8><0>
Attributes:
        User-Name = "trschest"
        User-Password =
"<21><230>x<157>l<128><229>C<24><210>p<162>G<232>M<236>"
        Service-Type = Framed-User
        Framed-Protocol = PPP
        NAS-IP-Address = 216.240.100.231
        Framed-IP-Address = 216.240.100.28
        NAS-Port = 42
        Annex-Port = 20205
        NAS-Port-Type = Async
        Connect-Info = "45333  24000 V.90"
        Annex-Transmit-Speed = 45333
        Annex-Receive-Speed = 24000
        Annex-Wan-Number = 2
        Annex-Logical-Channel-Number = 21
        Called-Station-Id = "8240550"
        Calling-Station-Id = "7576654854"
        Message-Authenticator =
<189>e<202><217><127><136>p<18>`<172><216>fFh<13><8>

Mon Sep 24 22:02:01 2001: DEBUG: Rewrote user name to trschest
Mon Sep 24 22:02:01 2001: DEBUG: Check if Handler  should be used to handle
this request
Mon Sep 24 22:02:01 2001: DEBUG: Handling request with Handler ''
Mon Sep 24 22:02:01 2001: DEBUG:  Deleting session for trschest,
216.240.100.231, 42
Mon Sep 24 22:02:01 2001: DEBUG: Handling with Radius::AuthSYSTEM: System
Mon Sep 24 22:02:02 2001: DEBUG: getpwnam got trschest, EPWk.FI3iQ3Ec,
16633, 9002, , McCready, Tommy,000115, McCready,
Tommy,000115, /export/home/t/trschest, /ftponly, -1
Mon Sep 24 22:02:02 2001: DEBUG: Radius::AuthSYSTEM looks for match with
trschest
Mon Sep 24 22:02:02 2001: DEBUG: Handling with EAP
Mon Sep 24 22:02:02 2001: DEBUG: Radius::AuthSYSTEM REJECT: Missing
EAP-Message
Mon Sep 24 22:02:02 2001: INFO: Access rejected for trschest: Missing
EAP-Message
Mon Sep 24 22:02:02 2001: DEBUG: Packet dump:
*** Sending to 216.240.100.231 port 2524 ....

Packet length = 36
03 fa 00 24 91 cf 83 69 19 5b 79 cb f2 55 96 95
a0 9a 0b 7e 12 10 52 65 71 75 65 73 74 20 44 65
6e 69 65 64
Code:       Access-Reject
Identifier: 250
Authentic:
<225><176><13><214><197><255><12><187><170>P<10><160><143><160><8><0>
Attributes:
        Reply-Message = "Request Denied"

Mon Sep 24 22:02:04 2001: DEBUG: Packet dump:
*** Received from 216.240.100.231 port 2525 ....

Packet length = 202
01 fb 00 ca 83 e0 07 79 68 20 06 5d 4d 80 04 42
32 d0 02 00 01 0a 74 72 73 63 68 65 73 74 02 12
98 fc 77 6b a6 9c c7 a7 4a 22 75 9e ff 33 ea 99
06 06 00 00 00 02 07 06 00 00 00 01 04 06 d8 f0
64 e7 08 06 d8 f0 64 1c 05 06 00 00 00 2a 1a 0c
00 00 06 30 53 06 00 00 4e ed 3d 06 00 00 00 00
4d 13 34 35 33 33 33 20 20 32 34 30 30 30 20 56
2e 39 30 1a 0c 00 00 06 30 32 06 00 00 b1 15 1a
0c 00 00 06 30 33 06 00 00 5d c0 1a 0c 00 00 06
30 52 06 00 00 00 02 1a 0c 00 00 06 30 51 06 00
00 00 15 1e 09 38 32 34 30 35 35 30 1f 0c 37 35
37 36 36 35 34 38 35 34 50 12 57 6c 8f 29 c8 84
a4 28 f4 18 45 dd b9 25 c3 14
Code:       Access-Request
Identifier: 251
Authentic:  <131><224><7>yh <6>]M<128><4>B2<208><2><0>
Attributes:
        User-Name = "trschest"
        User-Password =
"<152><252>wk<166><156><199><167>J"u<158><255>3<234><153>"
        Service-Type = Framed-User
        Framed-Protocol = PPP
        NAS-IP-Address = 216.240.100.231
        Framed-IP-Address = 216.240.100.28
        NAS-Port = 42
        Annex-Port = 20205

        NAS-Port-Type = Async
        Connect-Info = "45333  24000 V.90"
        Annex-Transmit-Speed = 45333
        Annex-Receive-Speed = 24000
        Annex-Wan-Number = 2
        Annex-Logical-Channel-Number = 21
        Called-Station-Id = "8240550"
        Calling-Station-Id = "7576654854"
        Message-Authenticator =
Wl<143>)<200><132><164>(<244><24>E<221><185>%<195><20>

Mon Sep 24 22:02:04 2001: DEBUG: Rewrote user name to trschest
Mon Sep 24 22:02:04 2001: DEBUG: Check if Handler  should be used to handle
this request
Mon Sep 24 22:02:04 2001: DEBUG: Handling request with Handler ''
Mon Sep 24 22:02:04 2001: DEBUG:  Deleting session for trschest,
216.240.100.231, 42
Mon Sep 24 22:02:04 2001: DEBUG: Handling with Radius::AuthSYSTEM: System




===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list