(RADIATOR) Cisco/Altiga - Cannot obtain an IP address for remote peer

Bob Shafer bshafer at du.edu
Mon Mar 11 02:09:30 CST 2002 

We're using Radiator to authenticate a Cisco VPN 3000.  I would like to
assign an IP address to the client on the basis of the user.

The user file looks like this:

DU_Users_Test   Password="XXX"
                Class="OU=DU_Users_Test;",
                Altiga-IPSec-Authentication-G="RADIUS",
                Altiga-Tunneling-Protocols-G/U="IPSec"

aneuman         Password = "YYY"
                Service-Type = Framed-User,
                Framed-Protocol = PPP,
                Framed-IP-Address = 130.253.105.2,
                Framed-IP-Netmask = 255.255.255.0,
                Framed-Routing = None,
                Framed-MTU = 1500,
                Class = DU_Users_Test

When attempting to connect as that user the connection hangs, attempting
to negotiate security settings and the server reports: "Cannot obtain an
IP address for remote peer"

I've attached a trace 4 debug at the end of this message.

I suspect the problem is something about the VPN server, and not radius,
but I'm hoping someone will be able to help me out, anyway.

Bob Shafer
University of Denver
_________________________________

Mon Mar 11 00:50:01 2002: DEBUG: Packet dump:
*** Received from 130.253.254.10 port 1066 ....
Code:       Access-Request
Identifier: 71
Authentic:  ;<176><185>(<242><197>3<15><218><127><206><3><7>y<226><23>
Attributes:
        User-Name = "DU_Users_Test"
        User-Password =
        NAS-Port = 0
        Service-Type = Framed-User
        Framed-Protocol = PPP
        Tunnel-Client-Endpoint = "24.226.200.126"
        Altiga-Auth-Server-Type = 1
        NAS-IP-Address = 130.253.254.10
        NAS-Port-Type = Virtual

Mon Mar 11 00:50:01 2002: DEBUG: Handling request with Handler
'Realm=DEFAULT'
Mon Mar 11 00:50:01 2002: DEBUG:  Deleting session for DU_Users_Test,
130.253.254.10, 0
Mon Mar 11 00:50:01 2002: DEBUG: Handling with Radius::AuthDBFILE:
Mon Mar 11 00:50:01 2002: DEBUG: Radius::AuthDBFILE looks for match with
DU_Users_Test
Mon Mar 11 00:50:01 2002: DEBUG: Handling with Radius::AuthDBFILE:
Mon Mar 11 00:50:01 2002: DEBUG: Radius::AuthDBFILE looks for match with
DU_Users_Test
Mon Mar 11 00:50:01 2002: DEBUG: Handling with Radius::AuthFILE:
Mon Mar 11 00:50:01 2002: DEBUG: Radius::AuthFILE looks for match with
DU_Users_Test
Mon Mar 11 00:50:01 2002: DEBUG: Radius::AuthFILE ACCEPT:
Mon Mar 11 00:50:01 2002: DEBUG: Access accepted for DU_Users_Test
Mon Mar 11 00:50:01 2002: DEBUG: Packet dump:
*** Sending to 130.253.254.10 port 1066 ....
Code:       Access-Accept
Identifier: 71
Authentic:  ;<176><185>(<242><197>3<15><218><127><206><3><7>y<226><23>
Attributes:
        Class = "OU=DU_Users_Test;"
        Altiga-IPSec-Authentication-G = RADIUS
        Altiga-Tunneling-Protocols-G/U = IPSec

Mon Mar 11 00:50:15 2002: DEBUG: Packet dump:
*** Received from 130.253.254.10 port 1066 ....
Code:       Access-Request
Identifier: 72
Authentic:  Z<2><214><239><146><255>|<29>~<19>^4fp/<169>
Attributes:
        User-Name = "aneuman"
        User-Password =
        NAS-Port = 1256
        Service-Type = Framed-User
        Framed-Protocol = PPP
        Tunnel-Client-Endpoint = "24.226.200.126"
        NAS-IP-Address = 130.253.254.10
        NAS-Port-Type = Virtual

Mon Mar 11 00:50:15 2002: DEBUG: Handling request with Handler
'Realm=DEFAULT'
Mon Mar 11 00:50:15 2002: DEBUG:  Deleting session for aneuman,
130.253.254.10, 1256
Mon Mar 11 00:50:15 2002: DEBUG: Handling with Radius::AuthDBFILE:
Mon Mar 11 00:50:15 2002: DEBUG: Radius::AuthDBFILE looks for match with
aneuman
Mon Mar 11 00:50:15 2002: DEBUG: Handling with Radius::AuthDBFILE:
Mon Mar 11 00:50:15 2002: DEBUG: Radius::AuthDBFILE looks for match with
aneuman
Mon Mar 11 00:50:15 2002: DEBUG: Handling with Radius::AuthFILE:
Mon Mar 11 00:50:15 2002: DEBUG: Radius::AuthFILE looks for match with
aneuman
Mon Mar 11 00:50:15 2002: DEBUG: Radius::AuthFILE ACCEPT:
Mon Mar 11 00:50:15 2002: DEBUG: Access accepted for aneuman
Mon Mar 11 00:50:15 2002: DEBUG: Packet dump:
*** Sending to 130.253.254.10 port 1066 ....
Code:       Access-Accept
Identifier: 72
Authentic:  Z<2><214><239><146><255>|<29>~<19>^4fp/<169>
Attributes:
        Framed-IP-Address = 130.253.105.2
        Service-Type = Framed-User
        Framed-Protocol = PPP
        Framed-IP-Netmask = 255.255.255.0
        Framed-Routing = None
        Framed-MTU = 1500
        Class = "DU_Users_Test"

Mon Mar 11 00:50:16 2002: DEBUG: Packet dump:
*** Received from 130.253.254.10 port 1066 ....
Code:       Access-Request
Identifier: 73
Authentic:  <10>?w<149><9>b<190>cF`<246><240><203>w<1>;
Attributes:
        User-Name = "DU_Users_Test"
        User-Password =
        NAS-IP-Address = 130.253.254.10
        NAS-Port-Type = Virtual

Mon Mar 11 00:50:16 2002: DEBUG: Handling request with Handler
'Realm=DEFAULT'
Mon Mar 11 00:50:16 2002: DEBUG:  Deleting session for DU_Users_Test,
130.253.254.10,
Mon Mar 11 00:50:16 2002: DEBUG: Handling with Radius::AuthDBFILE:
Mon Mar 11 00:50:16 2002: DEBUG: Radius::AuthDBFILE looks for match with
DU_Users_Test
Mon Mar 11 00:50:16 2002: DEBUG: Handling with Radius::AuthDBFILE:
Mon Mar 11 00:50:16 2002: DEBUG: Radius::AuthDBFILE looks for match with
DU_Users_Test
Mon Mar 11 00:50:16 2002: DEBUG: Handling with Radius::AuthFILE:
Mon Mar 11 00:50:16 2002: DEBUG: Radius::AuthFILE looks for match with
DU_Users_Test
Mon Mar 11 00:50:16 2002: DEBUG: Radius::AuthFILE ACCEPT:
Mon Mar 11 00:50:16 2002: DEBUG: Access accepted for DU_Users_Test
Mon Mar 11 00:50:16 2002: DEBUG: Packet dump:
*** Sending to 130.253.254.10 port 1066 ....
Code:       Access-Accept
Identifier: 73
Authentic:  <10>?w<149><9>b<190>cF`<246><240><203>w<1>;
Attributes:
        Class = "OU=DU_Users_Test;"
        Altiga-IPSec-Authentication-G = RADIUS
        Altiga-Tunneling-Protocols-G/U = IPSec

Mon Mar 11 00:50:16 2002: DEBUG: Packet dump:
*** Received from 130.253.254.10 port 1066 ....
Code:       Access-Request
Identifier: 74
Authentic:  <250>3@#<186>G<174>M<138><253>s<177><26><153><254><254>
Attributes:
        User-Name = "DU_Users_Test"
        User-Password =
        NAS-IP-Address = 130.253.254.10
        NAS-Port-Type = Virtual

Mon Mar 11 00:50:16 2002: DEBUG: Handling request with Handler
'Realm=DEFAULT'
Mon Mar 11 00:50:16 2002: DEBUG:  Deleting session for DU_Users_Test,
130.253.254.10,
Mon Mar 11 00:50:16 2002: DEBUG: Handling with Radius::AuthDBFILE:
Mon Mar 11 00:50:16 2002: DEBUG: Radius::AuthDBFILE looks for match with
DU_Users_Test
Mon Mar 11 00:50:16 2002: DEBUG: Handling with Radius::AuthDBFILE:
Mon Mar 11 00:50:16 2002: DEBUG: Radius::AuthDBFILE looks for match with
DU_Users_Test
Mon Mar 11 00:50:16 2002: DEBUG: Handling with Radius::AuthFILE:
Mon Mar 11 00:50:16 2002: DEBUG: Radius::AuthFILE looks for match with
DU_Users_Test
Mon Mar 11 00:50:16 2002: DEBUG: Radius::AuthFILE ACCEPT:
Mon Mar 11 00:50:16 2002: DEBUG: Access accepted for DU_Users_Test
Mon Mar 11 00:50:16 2002: DEBUG: Packet dump:
*** Sending to 130.253.254.10 port 1066 ....
Code:       Access-Accept
Identifier: 74
Authentic:  <250>3@#<186>G<174>M<138><253>s<177><26><153><254><254>
Attributes:
        Class = "OU=DU_Users_Test;"
        Altiga-IPSec-Authentication-G = RADIUS
        Altiga-Tunneling-Protocols-G/U = IPSec


===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list