(RADIATOR) Basic users file & MSCHAP question
Hugh Irvine
hugh at open.com.au
Thu Oct 17 01:15:40 CDT 2002
Hello Luis -
Thanks for sending the files.
As far as I can see, Radiator is operating correctly, with the user
being ACCEPT'ed.
However, you are not returning any reply attributes, so the session is
not being created.
Your users file should only contain your own users and nothing else
(ie. don't use the example file).
Depending on what else you are doing, you may need other reply
attributes, but this should get you started:
# users file
mschaptest Password=MyPw
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-IP-Netmask = 255.255.255.255
Check with your vendor or the Cisco web site to verify what radius
attributes are required to operate this equipment.
regards
Hugh
On Thursday, October 17, 2002, at 05:36 AM, Luis Marquez wrote:
> Hello,
>
> I recently got an eval version of radiator to test on our Linux server
> and I
> could use a bit of advice on creating a users file. The example users
> file
> seems like it might be a bit much for our needs. Also, I am trying to
> get
> mschap support working with our Cisco VPN 3000 concentrator. I'll
> give you
> some information on our setup.
>
> We have a Cisco VPN 3000 vpn concentrator that authenticates via
> radius.
> Customers that connect with the cisco vpn client software can connect
> ok,
> but when a customer tries to connect using a PPTP vpn connection using
> MSCHAP, their computer gives an error about the server not using the
> correct
> type of encryption. I have included the users file and radius.cfg.
>
> This is what radiator has to say when I run radiusd in trace 4 debug
> mode
> and tail -f the log file:
>
> Wed Oct 16 11:58:32 2002: DEBUG: Packet dump:
> *** Received from 65.164.104.10 port 1025 ....
> Code: Access-Request
> Identifier: 12
> Authentic: <229><26><180><180><168><5>(<5>B<5><181><209><208>2A<192>
> Attributes:
> User-Name = "mschaptest"
> NAS-Port = 1264
> Service-Type = Framed-User
> Framed-Protocol = PPP
> Tunnel-Client-Endpoint = 49:0.0.97.67
> MS-CHAP-Challenge =
> "-Z]<4><144><127><163>Iq<226><17><198>Wz<185>V"
> MS-CHAP2-Response =
> "<2><0><211><137>2<214>/
> <169><244><222>[c<231>i)<146>;o<0><0><0><0><0><0><0>
> <0>i<222><8>}j5<254><225><198><211><128>i:wt;<137><223><236>%<250><13>8
> m"
> NAS-IP-Address = 65.164.104.10
> NAS-Port-Type = Virtual
>
> Wed Oct 16 11:58:32 2002: DEBUG: Handling request with Handler
> 'Realm=DEFAULT'
> Wed Oct 16 11:58:32 2002: DEBUG: Deleting session for mschaptest,
> 65.164.104.10, 1264
> Wed Oct 16 11:58:32 2002: DEBUG: Handling with Radius::AuthFILE:
> Wed Oct 16 11:58:32 2002: DEBUG: Radius::AuthFILE looks for match with
> mschaptest
> Wed Oct 16 11:58:32 2002: DEBUG: Radius::AuthFILE ACCEPT:
> Wed Oct 16 11:58:32 2002: DEBUG: Access accepted for mschaptest
> Wed Oct 16 11:58:32 2002: DEBUG: Packet dump:
> *** Sending to 65.164.104.10 port 1025 ....
> Code: Access-Accept
> Identifier: 12
> Authentic: <229><26><180><180><168><5>(<5>B<5><181><209><208>2A<192>
> Attributes:
> MS-CHAP2-Success =
> "<2>S=BA3CEA0D05FC896F8E792A15213BC9F69DA5AED4"
>
>
> Any advice appreciated,
>
>
> thanks
>
> Luis
>
> <users><radius.cfg>
NB: I am travelling this week, so there may be delays in our
correspondence.
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list