Follow-up: (RADIATOR) TNT Authentication problem Lucent can't figure out

Hugh Irvine hugh at open.com.au
Mon Jun 24 18:44:57 CDT 2002 

Hello Terry -

Have you double checked the shared secrets?

regards

Hugh

On Tue, 25 Jun 2002 02:13, terryr at ccis.net wrote:
> I've just gotten this running with an old ascend radius, but still no luck
> with radiator. Version radiator is 2.19, and TAOS is 9.1.2
> I also tried Scott's suggestion (changing allow-unencrypted-tunnel-password
> = yes), no diff..
>
>
>
>
>
>                     "Nicholas N.
>                     Sten"                To:     <terryr at ccis.net>
>                     <nsten at o1.com>       cc:
>                                          Subject:     RE: Follow-up:
> (RADIATOR) TNT 06/24/2002            Authentication problem Lucent can't
> figure out 10:46 AM
>
>
>
>
>
>
> Two questions.  What RADIUS server (and version) are you using?  What
> revision of TAOS is on your TNTs?
>
> -Nick
>
>
> -----Original Message-----
> From: terryr at ccis.net [mailto:terryr at ccis.net]
> Sent: Monday, June 24, 2002 7:16 AM
> To: radiator at open.com.au
> Subject: Follow-up: (RADIATOR) TNT Authentication problem Lucent can't
> figure out
>
>
>
> This dump shows auth-radius-compat = vendor-specific; I've also tried
> old-ascend.
>
>
>
>
>                     terryr at ccis.net
>                     Sent by:               To:     radiator at open.com.au
>                     owner-radiator at o       cc:
>                     pen.com.au             Subject:     (RADIATOR) TNT
> Authentication problem
>                                             Lucent can't figure out
>
>                     06/24/2002 09:11
>                     AM
>
>
>
>
>
>
> I'm having a problem getting my first Max TNT up and authenticating.
> Looking at the debug (below) it appears the secrets aren't matching - the
> password string being sent is garbage. Lucent is stumped, and I HAVE to
> have this server up by this time tomorrow. Anybody have a suggestion?
>
> From clients:
> 209.195.207.174         123
>
> From the TNT:
> admin> list rad-auth-client
> [in EXTERNAL-AUTH:rad-auth-client]
> auth-server-1 = 209.195.224.6
> auth-server-2 = 0.0.0.0
> auth-server-3 = 0.0.0.0
> auth-port = 1645
> auth-src-port = 0
> auth-key = 123
> auth-pool = no
> auth-timeout = 5
> auth-rsp-required = no
> auth-id-fail-return-busy = no
> auth-id-timeout-return-busy = no
> auth-sess-interval = 0
> auth-TS-secure = yes
> auth-Send67 = yes
> auth-frm-adr-start = no
> auth-boot-host = 0.0.0.0
> auth-boot-host-2 = 0.0.0.0
> auth-boot-port = 0
> auth-reset-time = 0
> auth-id-max-retry-time = 0
> auth-radius-compat = vendor-specific
> auth-keep-user-name = change-name
> auth-realm-delimiters = /\@%
> id-auth-prefix = ""
> allow-auth-config-rqsts = no
> auth-req-delim-count = 0
> auth-req-strip-side = none
> auth-network-route-server = yes
> id-auth-prefix-x25 = ""
> allow-unencrypted-tunnel-password = no
>
> From my reject file:
> Mon Jun 24 08:55:05 2002
>     User-Name = pfischer
>         CallerId = 6108738491
>       Typed-Password = ¨'1"<åbð¹hº4º!á&
>    Reason = Bad Encrypted password
>
> Dump:
>
> Mon Jun 24 08:54:55 2002: DEBUG: Packet dump:
> *** Received from 209.195.207.174 port 7022 ....
>
> Packet length = 197
> 01 08 00 c5 2d 61 80 4c 87 b7 44 c0 12 30 48 89
> fa b2 32 55 01 0a 70 66 69 73 63 68 65 72 02 12
> c7 d5 67 5b 0b eb cd 2d 77 87 8f 29 ab c6 7c 3d
> 04 06 d1 c3 cf aa 05 06 00 00 04 00 1a 0c 00 00
> 02 11 0d 06 00 00 00 02 3d 06 00 00 00 00 06 06
> 00 00 00 02 07 06 00 00 00 01 1f 0c 36 31 30 38
> 37 33 38 34 39 31 1a 0c 00 00 02 11 42 06 00 00
> 00 02 1a 0c 00 00 02 11 43 06 00 00 00 01 1a 0c
> 00 00 02 11 44 06 00 00 00 00 1a 0c 00 00 02 11
> 45 06 00 00 00 03 1e 0c 38 35 36 38 37 33 37 32
> 30 30 2c 0b 33 39 33 35 30 37 31 30 39 1a 0c 00
> 00 02 11 c5 06 00 00 79 e0 1a 0c 00 00 02 11 ff
> 06 00 00 d5 8b
> Code:       Access-Request
> Identifier: 8
> Authentic:  -a<128>L<135><183>D<192><18>0H<137><250><178>2U
> Attributes:
>         User-Name = "pfischer"
>         User-Password = "<199><213>g[<11><235><205>-w<135><143>)<171><198>
>
> |="
>
>         NAS-IP-Address = 209.195.207.170
>         NAS-Port = 1024
>         Framed-Compression = 2
>         NAS-Port-Type = Async
>         Service-Type = Framed-User
>         Framed-Protocol = PPP
>         Calling-Station-Id = "6108738491"
>         Tunnel-Client-Endpoint = "<0><0><0><2>"
>         Tunnel-Server-Endpoint = "<0><0><0><1>"
>         Tunnel-ID = ""
>         Tunnel-Password = "<0><0><0><3>"
>         Called-Station-Id = "8568737200"
>         Acct-Session-Id = "393507109"
>         Ascend-Data-Rate = 31200
>         Ascend-Xmit-Rate = 54667
>
> Mon Jun 24 08:54:55 2002: DEBUG: Check if Handler NAS-Identifier
> = "PHLAPAKKR11" should be used to handle this request
> Mon Jun 24 08:54:55 2002: DEBUG: Check if Handler NAS-Port-Type = ISDN
> should be used to handle this request
> Mon Jun 24 08:54:55 2002: DEBUG: Check if Handler  should be used to handle
> this request
> Mon Jun 24 08:54:55 2002: DEBUG: Handling request with Handler ''
> Mon Jun 24 08:54:55 2002: DEBUG: Rewrote user name to pfischer
> Mon Jun 24 08:54:55 2002: DEBUG: Rewrote user name to pfischer
> Mon Jun 24 08:54:55 2002: DEBUG:  Deleting session for pfischer,
> 209.195.207.170, 1024
> Mon Jun 24 08:54:55 2002: DEBUG: Handling with Radius::AuthSQL
> Mon Jun 24 08:54:55 2002: DEBUG: Handling with Radius::AuthFILE:
> Mon Jun 24 08:54:55 2002: DEBUG: Radius::AuthFILE looks for match with
> pfischer
> Mon Jun 24 08:54:55 2002: DEBUG: Radius::AuthFILE looks for match with
> DEFAULT
> Mon Jun 24 08:54:55 2002: DEBUG: Handling with Radius::AuthUNIX: UNIX
> Mon Jun 24 08:54:55 2002: DEBUG: Radius::AuthUNIX looks for match with
> pfischer
> Mon Jun 24 08:54:55 2002: DEBUG: Radius::AuthUNIX REJECT: Bad Encrypted
> password
> Mon Jun 24 08:54:55 2002: DEBUG: Radius::AuthFILE REJECT: Bad Encrypted
> password
> Mon Jun 24 08:54:55 2002: INFO: Access rejected for pfischer: Bad Encrypted
> password
> Mon Jun 24 08:54:55 2002: DEBUG: Packet dump:
> *** Sending to 209.195.207.174 port 7022 ....
>
> Packet length = 36
> 03 08 00 24 88 f0 27 b7 0d e4 dd 20 7f 6b d5 cd
> 87 16 d1 3f 12 10 52 65 71 75 65 73 74 20 44 65
> 6e 69 65 64
> Code:       Access-Reject
> Identifier: 8
> Authentic:  -a<128>L<135><183>D<192><18>0H<137><250><178>2U
> Attributes:
>         Reply-Message = "Request Denied"
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>
>
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>
>
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list