Fwd: (RADIATOR) Problems with authentication

Mike McCauley mikem at open.com.au
Wed Oct 16 00:41:22 CDT 2002 

Hello Edgar ,

I can see 2 possible reasons for this problem, but Im not sure which one it 
could be:

1. The POP3 part of the authentication seems to be taking a very long time. 
According to the log it was about 18 seconds. Most NASs will give up if they 
have not had a reply from the Radius server by 15 seconds (but this of course 
depends on the retry count and timeout configured in the NAS). Perhaps you 
should check if there is a problem in your POP server causing it to trun 
slow? Or some problem causing the CPU load on the Radiator host to be very 
high? Or maybe a very slow/unreliable network connection between the Radiator 
host and the POP server?

2. When Radiator finally replies with an accept, there are no reply items in 
the reply. This is OK for most NASs, but Ciscos in particular wont complete 
the connection unless they get 
Service-Type=Framed-User
Framed-Protocol=PPP
in the reply.

Hope that helps.

Cheers.

On Wed, 16 Oct 2002 15:29, Hugh Irvine wrote:
> Mikey -
>
> Can you take a look at this please?
>
> ta
>
> Hugh
>
> Begin forwarded message:
> > Received: from itesm.mx (itesm.mx [131.178.53.230])
> > 	by server1.open.com.au (8.11.0/8.11.0) with ESMTP id g9FHhDC21249
> > 	for <radiator at open.com.au>; Tue, 15 Oct 2002 12:43:13 -0500
> > Received: from campus.ccm.itesm.mx (148.241.179.50) by itesm.mx
> > (5.5.058)
> >  (authenticated as edgar.bermejo at itesm.mx) id 3DA73779000379E8 for
> >  radiator at open.com.au; Tue, 15 Oct 2002 17:37:40 -0500 Message-ID:
> >  <3DACA6B2.A1BEFEE at campus.ccm.itesm.mx>
> > Date: Tue, 15 Oct 2002 17:37:22 -0600
> > From: Edgar Bermejo =?iso-8859-1?Q?Ar=E1mburo?=
> >  <edbermej at campus.ccm.itesm.mx> Organization: Tec de Monterrey, Campus
> > Ciudad
> >  de =?iso-8859-1?Q?M=E9xico?= X-Mailer: Mozilla 4.78 [en] (Windows NT
> > 5.0; U)
> > X-Accept-Language: en
> > MIME-Version: 1.0
> > To: radiator at open.com.au
> > Subject: Problems with authentication
> > Content-Type: multipart/alternative;
> >  boundary="------------B0A9E81369FE167A374C68E1"
> >
> >
> > --------------B0A9E81369FE167A374C68E1
> > Content-Type: text/plain; charset=iso-8859-1
> > Content-Transfer-Encoding: 8bit
> >
> > Hello!
> >
> > I'm trying a demo version of Radiator. I followed the steps to install
> > and test the server and everything was fine, but when I tried to
> > authenticate with the NAS I couldn't. I checked the log file and found
> > the following:
> >
> > Tue Oct 15 10:44:33 2002: DEBUG: Packet dump:
> > *** Received from 148.241.152.245 port 1645 ....
> > Code:       Access-Request
> > Identifier: 30
> > Authentic:  r<154><12>c<3><17>w<217>0<176>!<231>p'<22><192>
> > Attributes:
> >         User-Name = "dmartine"
> >         User-Password =
> > "<250><167><197><193><182><170>6|?<221><236><246>E<183>E<175>"
> >         NAS-IP-Address = 148.241.152.245
> >         NAS-Port = 64
> >
> > Tue Oct 15 10:44:33 2002: DEBUG: Handling request with Handler
> > 'Realm=DEFAULT'
> > Tue Oct 15 10:44:33 2002: DEBUG:  Deleting session for dmartine,
> > 148.241.152.245, 64
> > Tue Oct 15 10:44:33 2002: DEBUG: Handling with POP3
> > POP3 <- +OK POP3 server ready (5.5.058)
> > <FA422E54F9FA6F95A22CB8F7C740BA3AA67103BE at itesm.mx>
> >  at Radius/AuthPOP3.pm line 72
> > POP3 -> USER dmartine
> >  at Radius/AuthPOP3.pm line 75
> > POP3 <- +OK Password required
> >  at Radius/AuthPOP3.pm line 75
> > POP3 -> PASS aWfnWfT0
> >  at Radius/AuthPOP3.pm line 75
> > POP3 <- +OK 26 messages
> >  at Radius/AuthPOP3.pm line 75
> > POP3 -> STAT
> >  at Radius/AuthPOP3.pm line 75
> > POP3 <- +OK 26 425799
> >  at Radius/AuthPOP3.pm line 75
> > POP3 -> QUIT
> >  at Radius/AuthPOP3.pm line 77
> > POP3 <- +OK POP3 server closing connection
> >  at Radius/AuthPOP3.pm line 77
> > Tue Oct 15 10:44:51 2002: DEBUG: Access accepted for dmartine
> > Tue Oct 15 10:44:51 2002: DEBUG: Packet dump:
> > *** Sending to 148.241.152.245 port 1645 ....
> > Code:       Access-Accept
> > Identifier: 30
> > Authentic:  r<154><12>c<3><17>w<217>0<176>!<231>p'<22><192>
> > Attributes:
> >
> > The POP3 server validated the user and password but the NAS still asked
> > for the user and pass like they were incorrect.
> >
> > Here is the configuration file:
> >
> > Foreground
> > LogStdout
> > LogDir          .
> > DbDir           .
> > # User a lower trace level in production systems:
> > Trace           4
> >
> > # You will probably want to add other Clients to suit your site,
> > # one for each NAS you want to work with
> >
> > <Client xyz.ccm.itesm.mx>
> >         Secret abcd
> > </Client>
> >
> > <Client DEFAULT>
> >         Secret  mysecret
> >         DupInterval 0
> > </Client>
> >
> > <Realm DEFAULT>
> >         <AuthBy POP3>
> >                 # Host specifies the na,e of the POP server to use
> >                 # Defaults to 'pop3'
> >                 # You should set this to suit your own site
> >                 Host itesm.mx
> >
> >                 # AuthMode specifies the POP authentication mode to use
> >                 # APOP means use APOP authentication
> >                 # PASS means to use plaintext passwords (deprecated)
> >                 # BEST means use APOP if available, else plaintext
> >                 # Defaults to BEST
> >                 AuthMode PASS
> >
> >                 # If Debug is set, PO3Client will print details
> >                 # of its communications to stdout
> >                 Debug 1
> >
> >                 # Timeout specifies a timeout in seconds, If the POP
> >                 # server does not respond in this time, the
> > authenticaiton
> >                 # will fail.
> >                 # Defaults to 10 seconds
> >                 Timeout 10
> >
> >                 # LocalAddr specifies the local Internet address to use
> >                 # in the form 'xxx.xxx.xxx.xxx[:xx]'
> > #               LocalAddr 203.63.154.1
> >
> >                 # Port specifies the number of the POP port to use on
> >                 # Host.
> >                 # Defaults to 110
> >                 Port 110
> >
> >         </AuthBy>
> > </Realm>
> >
> > If can give a hint I'll appreciate it.
> > --
> > _________________________________________
> >
> > Ing. Edgar Bermejo Arámburo
> > Líder de Proyecto
> > Depto. de Redes
> > Dirección de Telecomunicaciones - DINF
> > Tec de Monterrey, Campus Ciudad de México
> > Tel. 5483 2007/2008 Fax. 5483 2002
> >
> > _________________________________________
>
> NB: I am travelling this week, so there may be delays in our
> correspondence.

-- 
Mike McCauley                               mikem at open.com.au
Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia   http://www.open.com.au
Phone +61 3 9598-0985                       Fax   +61 3 9598-0955

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
TTLS etc on Unix, Windows, MacOS etc.

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list