(RADIATOR) ipass problem

Ayotunde Itayemi aitayemi at metrong.com
Mon Dec 2 11:39:35 CST 2002


Hi Hugh,

Finally getting near UHURU!
I found out from IPASS that they don't support chap and all the while my
test NAS (a patton) was set to use text or pap or chap!
So, the test worked after changing the NAS to "textORchap"
OK. New problem. Given my radius config file which I sent to you in
my last mail.
HOW DO I, get IPs to be allocated based on the NAS to which say an IPASS
roaming client dials into?
At the moment, radiator is allocating IPs to my Windows NASes and the
patton boxes are configured to allocate IPs from pools defined on them.

How can I get the pattons to still allocate IPs (not minding whether the
client is
local or a IPASS client) and still allow radiator to allocate IPs if the
IPASS client
dials into one of my Windows servers?

Regards,
Tunde I.

----- Original Message -----
From: "Hugh Irvine" <hugh at open.com.au>
To: "Ayotunde Itayemi" <aitayemi at metrong.com>
Sent: Saturday, November 30, 2002 12:16 AM
Subject: Re: (RADIATOR) ipass problem


>
> Hello Tunde -
>
> Thanks for sending the files.
>
> The Radiator log file shows that you are sending the access request to
> IPASS, but that you are getting an access reject back from them. You
> will need to check with IPASS to see what is happening at their end.
>
> regards
>
> Hugh
>
>
> On Saturday, Nov 30, 2002, at 05:47 Australia/Melbourne, Ayotunde
> Itayemi wrote:
>
> > Hi Hugh,
> > Please find attached the following files:
> > radius.cfg (my full config file with no passwords)
> > cmdtest.txt (test carried out with test credentials from ipass using
> > the
> >                     command line tester that comes with ipass
> > netserver)
> > logfile.txt (radius logfile after attempting access twice via the NAS
> > 80.247.140.30)
> >
> > Hope to hear from you soon.
> >
> > Regards,
> > Tunde I.
> >
> > ----- Original Message -----
> > From: "Hugh Irvine" <hugh at open.com.au>
> > To: "Ayotunde Itayemi" <aitayemi at metrong.com>
> > Cc: <radiator at open.com.au>
> > Sent: Thursday, November 28, 2002 11:28 PM
> > Subject: Re: (RADIATOR) ipass problem
> >
> >
> >
> > Hello Tunde -
> >
> > I will need to see a trace 4 debug from Radiator showing what happens
> > in both cases.
> >
> > regards
> >
> > Hugh
> >
> >
> > On Friday, Nov 29, 2002, at 07:08 Australia/Melbourne, Ayotunde Itayemi
> > wrote:
> >
> >> Hi Hugh, Hi All,
> >>
> >> I am testing my config for ipass. I have used ipass' own config
> >> checker
> >> from the prompt of my radiator server, and I was able to authenticate
> >> the
> >> username/password given to me by ipass.
> >>
> >> But dialing into one of the NASes on my network with the same
> >> credentials
> >> results in a "request denied" . Any help would be appreciated.
> >>
> >> My config:
> >>
> >> =======================================<Client 80.4.4.30>
> >> Secret asecret
> >> DupInterval 0
> >> NasType Patton
> >> SNMPCommunity patt222
> >> Identifier viruse1
> >> IdenticalClients 80.4.4.61 80.4.4.92
> >> RewriteUsername s/^IPASS\/([^@]+)\@([^@]+)$/IPASS\/$1#$2\@myipass/
> >> </Client>
> >> <Client localhost>
> >> # ipass client for VNAS (incoming roamers)
> >> Secret asecret
> >> Identifier ipassclient
> >> IdenticalClients 63.4.4.212
> >> RewriteUsername s/^IPASS\/([^@]+)\@([^@]+)$/IPASS\/$1#$2\@myipass/
> >> </Client>
> >> # =================== AUTH BYs =================================
> >> ###### proxy radius for IPASS
> >> <AuthBy RADIUS>
> >> Identifier ipassNetserver
> >> Host 63.4.4.212
> >> Secret asecret
> >> AuthPort 11812
> >> AcctPort 11813
> >> # AddToRequest NAS-IP-Address=%N
> >> AddToRequest Called-Station-Id=%{Called-Station-Id}, NAS-IP-Address=%N
> >> </AuthBy>
> >> #=================== HANDLERs ================================
> >> <Handler Realm=myipass>
> >> AcctLogFileName %L/ipass/detail
> >> RewriteUsername s/^IPASS\/([^#]+)\#([^@]+)\@myipass$/IPASS\/$1\@$2/
> >> # MaxSessions 1
> >> AuthBy ipassNetserver
> >> </Handler>
> >> <Handler Client-Identifier=ipassclient>
> >> AuthByPolicy ContinueWhileAccept
> >> RewriteUsername s/^([^@]+).*/$1/
> >> RewriteUsername tr/A-Z/a-z/
> >> UsernameCharset a-zA-Z0-9\._ at -
> >> AcctLogFileName %L/account.log
> >> PasswordLogFileName %L/password.log
> >> SessionDatabase SDB1
> >> AuthBy SQLClientauth
> >> StripFromReply Framed-IP-Address
> >> </Handler>
> >> <Handler Client-Identifier=viruse1>
> >> AuthByPolicy ContinueWhileAccept
> >> RewriteUsername s/^([^@]+).*/$1/
> >> RewriteUsername tr/A-Z/a-z/
> >> UsernameCharset a-zA-Z0-9\._ at -
> >> # MaxSessions 1
> >> # Show rejection reason to users
> >> RejectHasReason
> >> AcctLogFileName %L/account.log
> >> PasswordLogFileName %L/password.log
> >> SessionDatabase SDB1
> >> AuthBy SQLClientauth
> >> # AuthBy pattonIPADDRESSauth
> >> </Handler>
> >>
> >>
> >>
> >
> > --
> > Radiator: the most portable, flexible and configurable RADIUS server
> > anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
> > -
> > Nets: internetwork inventory and management - graphical, extensible,
> > flexible with hardware, software, platform and database independence.
> >
> > ===
> > Archive at http://www.open.com.au/archives/radiator/
> > Announcements on radiator-announce at open.com.au
> > To unsubscribe, email 'majordomo at open.com.au' with
> > 'unsubscribe radiator' in the body of the message.
> >
> > <radius.cfg><cmdtest.txt><logfile.txt>
>
> --
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database independence.
>
>

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list