(RADIATOR) Authentication via proxy

chris lists at powernet.net
Tue Jul 2 12:36:35 CDT 2002


I have added a client clause for every nas, and every proxy. I still get the
same results.
Is there anyway to verify that the shared secrets indeed do no match?

The radpwtst from localhost returns an OK for the user....


Thanks,
Chris


----- Original Message -----
From: "Hugh Irvine" <hugh at open.com.au>
To: "chris" <lists at powernet.net>
Sent: Monday, July 01, 2002 4:18 PM
Subject: Re: (RADIATOR) Authentication via proxy


>
> Hello Chris -
>
> I am still quite sure that the problem is shared secrets.
>
> You should probably add a Client clause for the proxy:
>
> # define Client clause for proxy
>
> <Client 64.66.192.32>
> Secret ......
> .....
> </Client>
>
> It is fairly easy to verify this by using radpwtst locally against the
> <Client localhost> to make sure the user record is checked correctly.
>
> regards
>
> Hugh
>
>
> On Tue, 2 Jul 2002 04:00, chris wrote:
> > I have verified shared secret, even tried setting to a simple number
like
> > 11 to rule out CaSe issues.
> > I am still having the same issues
> >
> > I am not sure how much it matters, but the setup is like this......
> > Our clients dial into PacWest NAS(Cisco)...Thier NAS talks to thier
radius
> > proxy that hands off to us.
> >

> >
> > ----- Original Message -----
> > From: "Hugh Irvine" <hugh at open.com.au>
> > To: "chris" <lists at powernet.net>; <radiator at open.com.au>
> > Sent: Monday, June 24, 2002 4:21 PM
> > Subject: Re: (RADIATOR) Authentication via proxy
> >
> > > Hello Chris -
> > >
> > > This is almost always due to incorrect shared secrets.
> > >
> > > If you still have problems, please send me a copy of your
configuration
> >
> > file
> >
> > > and a copy of the user record from the users file, as well as a trace
4
> >
> > debug.
> >
> > > regards
> > >
> > > Hugh
> > >
> > > On Tue, 25 Jun 2002 03:51, chris wrote:
> > > > I am trying to setup a managed modem system with a local clec. They
> >
> > answer
> >
> > > > the calls and proxy to
> > > > my radius. I am trying to figgure our where the problem is in
> > > > authentication. It brings the username over ok, but the password is
> >
> > garbled
> >
> > > > into non-printables....
> > > >
> > > > Here is a L5trace of one such session, am I overlooking something
> >
> > obvious?
> >
> > > > Mon Jun 24 10:18:35 2002: DEBUG: Packet dump:
> > > > *** Received from 64.66.192.33 port 34998 ....
> > > >
> > > > Packet length = 100
> > > > 01 07 00 64 5f c1 33 73 46 7c 65 72 b8 3f fe 5d
> > > > a5 ff 6d 50 01 08 74 65 73 74 6d 65 02 12 e8 02
> > > > 83 a4 a8 71 f9 3c 13 59 36 62 c5 29 e3 da 04 06
> > > > 3f 5d 39 23 05 06 00 00 48 d6 06 06 00 00 00 02
> > > > 07 06 00 00 00 01 1e 0c 37 30 32 34 34 31 30 30
> > > > 36 33 1f 0c 32 30 39 39 32 36 33 36 37 37 3d 06
> > > > 00 00 00 00
> > > > Code:       Access-Request
> > > > Identifier: 7
> > > > Authentic:  _<193>3sF|er<184>?<254>]<165><255>mP
> > > > Attributes:
> > > >         User-Name = "testme"
> > > > Password =
> > > > "<232><2><131><164><168>q<249><<19>Y6b<197>)<227><218>"
> > > > NAS-IP-Address = 63.93.57.35
> > > >         NAS-Port = 18646
> > > > Service-Type = Framed-User
> > > > Framed-Protocol = PPP
> > > > Called-Station-Id = "7024410063"
> > > > Calling-Station-Id = "2099263677"
> > > > NAS-Port-Type = Async
> > > >         NAS-Port-Type = Async
> > > >
> > > > Mon Jun 24 10:18:35 2002: DEBUG: Handling request with Handler
> > > > 'Realm=DEFAULT'
> > > > Mon Jun 24 10:18:35 2002: DEBUG: Rewrote user name to testme
> > > > Mon Jun 24 10:18:35 2002: DEBUG:  Deleting session for testme,
> > > > 63.93.57.35, 1864
> > > > 6
> > > > Mon Jun 24 10:18:35 2002: DEBUG: Handling with Radius::AuthFILE
> > > > Mon Jun 24 10:18:35 2002: DEBUG: Reading users file
> > > > /usr/local/etc/raddb/users
> > > > Mon Jun 24 10:18:35 2002: DEBUG: Radius::AuthFILE looks for match
with
> > > > testme
> > > > Mon Jun 24 10:18:36 2002: DEBUG: Radius::AuthFILE REJECT: Bad
Password
> > > > Mon Jun 24 10:18:36 2002: INFO: Access rejected for testme: Bad
> > > > Password
> > > > Mon Jun 24 10:18:36 2002: DEBUG: Packet dump:
> > > > *** Sending to 64.66.192.33 port 34998 ....
> > > > Code:       Access-Reject
> > > > Identifier: 7
> > > > Authentic:  _<193>3sF|er<184>?<254>]<165><255>mP
> > > > Attributes:
> > > >         Reply-Message = "Request Denied"
> > > > Reply-Message = "Bad Password"
> > > >
> > > >
> > > > Thanks,
> > > > Chris
> > > >
> > > >
> > > > ===
> > > > Archive at http://www.open.com.au/archives/radiator/
> > > > Announcements on radiator-announce at open.com.au
> > > > To unsubscribe, email 'majordomo at open.com.au' with
> > > > 'unsubscribe radiator' in the body of the message.
> > >
> > > --
> > > Radiator: the most portable, flexible and configurable RADIUS server
> > > anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
> > > -
> > > Nets: internetwork inventory and management - graphical, extensible,
> > > flexible with hardware, software, platform and database independence.
> > > ===
> > > Archive at http://www.open.com.au/archives/radiator/
> > > Announcements on radiator-announce at open.com.au
> > > To unsubscribe, email 'majordomo at open.com.au' with
> > > 'unsubscribe radiator' in the body of the message.
>
> --
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database independence.
>

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list