Fw: (RADIATOR) Authentication via proxy
chris
lists at powernet.net
Tue Jul 2 19:03:39 CDT 2002
Ok, after hounding the provider, they found a misconfigureation on thier
end. In the shared secret I am guessing, but none-the-less they *finally*
fixed it up.
Thanks for all he help Hugh! You are *the* radiator king!
Chris
> ----- Original Message -----
> From: "chris" <lists at powernet.net>
> To: <hugh at open.com.au>; <radiator at open.com.au>
> Sent: Tuesday, July 02, 2002 10:36 AM
> Subject: Re: (RADIATOR) Authentication via proxy
>
>
> > I have added a client clause for every nas, and every proxy. I still get
> the
> > same results.
> > Is there anyway to verify that the shared secrets indeed do no match?
> >
> > The radpwtst from localhost returns an OK for the user....
> >
> >
> > Thanks,
> > Chris
> >
> >
> > ----- Original Message -----
> > From: "Hugh Irvine" <hugh at open.com.au>
> > To: "chris" <lists at powernet.net>
> > Sent: Monday, July 01, 2002 4:18 PM
> > Subject: Re: (RADIATOR) Authentication via proxy
> >
> >
> > >
> > > Hello Chris -
> > >
> > > I am still quite sure that the problem is shared secrets.
> > >
> > > You should probably add a Client clause for the proxy:
> > >
> > > # define Client clause for proxy
> > >
> > > <Client 64.66.192.32>
> > > Secret ......
> > > .....
> > > </Client>
> > >
> > > It is fairly easy to verify this by using radpwtst locally against the
> > > <Client localhost> to make sure the user record is checked correctly.
> > >
> > > regards
> > >
> > > Hugh
> > >
> > >
> > > On Tue, 2 Jul 2002 04:00, chris wrote:
> > > > I have verified shared secret, even tried setting to a simple number
> > like
> > > > 11 to rule out CaSe issues.
> > > > I am still having the same issues
> > > >
> > > > I am not sure how much it matters, but the setup is like this......
> > > > Our clients dial into PacWest NAS(Cisco)...Thier NAS talks to thier
> > radius
> > > > proxy that hands off to us.
> > > >
> >
> > > >
> > > > ----- Original Message -----
> > > > From: "Hugh Irvine" <hugh at open.com.au>
> > > > To: "chris" <lists at powernet.net>; <radiator at open.com.au>
> > > > Sent: Monday, June 24, 2002 4:21 PM
> > > > Subject: Re: (RADIATOR) Authentication via proxy
> > > >
> > > > > Hello Chris -
> > > > >
> > > > > This is almost always due to incorrect shared secrets.
> > > > >
> > > > > If you still have problems, please send me a copy of your
> > configuration
> > > >
> > > > file
> > > >
> > > > > and a copy of the user record from the users file, as well as a
> trace
> > 4
> > > >
> > > > debug.
> > > >
> > > > > regards
> > > > >
> > > > > Hugh
> > > > >
> > > > > On Tue, 25 Jun 2002 03:51, chris wrote:
> > > > > > I am trying to setup a managed modem system with a local clec.
> They
> > > >
> > > > answer
> > > >
> > > > > > the calls and proxy to
> > > > > > my radius. I am trying to figgure our where the problem is in
> > > > > > authentication. It brings the username over ok, but the password
> is
> > > >
> > > > garbled
> > > >
> > > > > > into non-printables....
> > > > > >
> > > > > > Here is a L5trace of one such session, am I overlooking
something
> > > >
> > > > obvious?
> > > >
> > > > > > Mon Jun 24 10:18:35 2002: DEBUG: Packet dump:
> > > > > > *** Received from 64.66.192.33 port 34998 ....
> > > > > >
> > > > > > Packet length = 100
> > > > > > 01 07 00 64 5f c1 33 73 46 7c 65 72 b8 3f fe 5d
> > > > > > a5 ff 6d 50 01 08 74 65 73 74 6d 65 02 12 e8 02
> > > > > > 83 a4 a8 71 f9 3c 13 59 36 62 c5 29 e3 da 04 06
> > > > > > 3f 5d 39 23 05 06 00 00 48 d6 06 06 00 00 00 02
> > > > > > 07 06 00 00 00 01 1e 0c 37 30 32 34 34 31 30 30
> > > > > > 36 33 1f 0c 32 30 39 39 32 36 33 36 37 37 3d 06
> > > > > > 00 00 00 00
> > > > > > Code: Access-Request
> > > > > > Identifier: 7
> > > > > > Authentic: _<193>3sF|er<184>?<254>]<165><255>mP
> > > > > > Attributes:
> > > > > > User-Name = "testme"
> > > > > > Password =
> > > > > > "<232><2><131><164><168>q<249><<19>Y6b<197>)<227><218>"
> > > > > > NAS-IP-Address = 63.93.57.35
> > > > > > NAS-Port = 18646
> > > > > > Service-Type = Framed-User
> > > > > > Framed-Protocol = PPP
> > > > > > Called-Station-Id = "7024410063"
> > > > > > Calling-Station-Id = "2099263677"
> > > > > > NAS-Port-Type = Async
> > > > > > NAS-Port-Type = Async
> > > > > >
> > > > > > Mon Jun 24 10:18:35 2002: DEBUG: Handling request with Handler
> > > > > > 'Realm=DEFAULT'
> > > > > > Mon Jun 24 10:18:35 2002: DEBUG: Rewrote user name to testme
> > > > > > Mon Jun 24 10:18:35 2002: DEBUG: Deleting session for testme,
> > > > > > 63.93.57.35, 1864
> > > > > > 6
> > > > > > Mon Jun 24 10:18:35 2002: DEBUG: Handling with Radius::AuthFILE
> > > > > > Mon Jun 24 10:18:35 2002: DEBUG: Reading users file
> > > > > > /usr/local/etc/raddb/users
> > > > > > Mon Jun 24 10:18:35 2002: DEBUG: Radius::AuthFILE looks for
match
> > with
> > > > > > testme
> > > > > > Mon Jun 24 10:18:36 2002: DEBUG: Radius::AuthFILE REJECT: Bad
> > Password
> > > > > > Mon Jun 24 10:18:36 2002: INFO: Access rejected for testme: Bad
> > > > > > Password
> > > > > > Mon Jun 24 10:18:36 2002: DEBUG: Packet dump:
> > > > > > *** Sending to 64.66.192.33 port 34998 ....
> > > > > > Code: Access-Reject
> > > > > > Identifier: 7
> > > > > > Authentic: _<193>3sF|er<184>?<254>]<165><255>mP
> > > > > > Attributes:
> > > > > > Reply-Message = "Request Denied"
> > > > > > Reply-Message = "Bad Password"
> > > > > >
> > > > > >
> > > > > > Thanks,
> > > > > > Chris
> > > > > >
> > > > > >
> > > > > > ===
> > > > > > Archive at http://www.open.com.au/archives/radiator/
> > > > > > Announcements on radiator-announce at open.com.au
> > > > > > To unsubscribe, email 'majordomo at open.com.au' with
> > > > > > 'unsubscribe radiator' in the body of the message.
> > > > >
> > > > > --
> > > > > Radiator: the most portable, flexible and configurable RADIUS
server
> > > > > anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS
X.
> > > > > -
> > > > > Nets: internetwork inventory and management - graphical,
extensible,
> > > > > flexible with hardware, software, platform and database
> independence.
> > > > > ===
> > > > > Archive at http://www.open.com.au/archives/radiator/
> > > > > Announcements on radiator-announce at open.com.au
> > > > > To unsubscribe, email 'majordomo at open.com.au' with
> > > > > 'unsubscribe radiator' in the body of the message.
> > >
> > > --
> > > Radiator: the most portable, flexible and configurable RADIUS server
> > > anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
> > > -
> > > Nets: internetwork inventory and management - graphical, extensible,
> > > flexible with hardware, software, platform and database independence.
> > >
> >
> > ===
> > Archive at http://www.open.com.au/archives/radiator/
> > Announcements on radiator-announce at open.com.au
> > To unsubscribe, email 'majordomo at open.com.au' with
> > 'unsubscribe radiator' in the body of the message.
> >
>
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list