(RADIATOR) Chap Challenge Problem

ilkera at koc.net ilkera at koc.net
Mon Oct 21 09:19:55 CDT 2002


Dear Sirs,
 
We are using Radiator as a Radius Proxy server with CiscoSecure ACS Radius. It works fine with our Cisco NASs with both PAP and CHAP authentication.
We are also using Radiator for gprs connection authentication. The NAS that accepts gprs connections does not belong to us and is controlled by our gprs provider. When we connect to the gprs NAS with PAP we have no problem. We can easily authenticate through the Radiator and then CiscoSecure with PAP.
When we try to connect with CHAP we can not get authenticated.
 
Below is the sample "trace 5" log with CHAP authentication from the GPRS NAS :
 
Mon Oct 21 16:48:43 2002: DEBUG: Packet dump:  
*** Received from 195.87.246.1 port 1812 ....
 
Packet length = 114
01 b9 00 72 75 b8 7d 1f fa 24 2a 24 13 98 46 c9
70 08 77 da 01 0d 69 6c 6b 65 72 61 40 67 70 72
73 03 13 01 54 0a 79 0b e2 52 d2 cf 9d 82 e9 40
23 24 83 af 04 06 c3 57 f6 01 06 06 00 00 00 02
07 06 00 00 00 01 1f 0e 39 30 35 33 33 37 31 34
31 34 32 32 20 08 6b 6f 63 6e 65 74 3c 16 ea 76
43 69 01 22 e3 5f ab e0 17 67 e8 b2 dd 82 b8 96
37 b0
Code:       Access-Request
Identifier: 185
Authentic:  u<184>}<31><250>$*$<19><152>F<201>p<8>w<218>
Attributes:
        User-Name = " ilkera at gprs"
        CHAP-Password = <1>T<10>y<11><226>R<210><207><157><130><233>@#$<131><175>
        NAS-IP-Address = 195.87.246.1
        Service-Type = Framed-User
        Framed-Protocol = PPP
        Calling-Station-Id = "905337141422"
        NAS-Identifier = "kocnet"
        CHAP-Challenge = <234>vCi<1>"<227>_<171><224><23>g<232><178><221><130><184><150>7<176>
 
Mon Oct 21 16:48:43 2002: DEBUG: Handling request with Handler 'Realm=gprs'
Mon Oct 21 16:48:43 2002: DEBUG:  Deleting session for ilkera at gprs, 195.87.246.1,
Mon Oct 21 16:48:43 2002: DEBUG: Handling with Radius::AuthRADIUS   
Mon Oct 21 16:48:43 2002: DEBUG: Packet dump:
*** Sending to 195.87.1.231 port 1645 ....
 
Packet length = 114
01 08 00 72 75 b8 7d 1f fa 24 2a 24 13 98 46 c9
70 08 77 da 01 0d 69 6c 6b 65 72 61 40 67 70 72
73 03 13 01 54 0a 79 0b e2 52 d2 cf 9d 82 e9 40
23 24 83 af 04 06 c3 57 f6 01 06 06 00 00 00 02
07 06 00 00 00 01 1f 0e 39 30 35 33 33 37 31 34
31 34 32 32 20 08 6b 6f 63 6e 65 74 3c 16 ea 76
43 69 01 22 e3 5f ab e0 17 67 e8 b2 dd 82 b8 96
37 b0
Code:       Access-Request 
Identifier: 8
Authentic:  u<184>}<31><250>$*$<19><152>F<201>p<8>w<218>
Attributes:
        User-Name = " ilkera at gprs"
        CHAP-Password = <1>T<10>y<11><226>R<210><207>
        NAS-IP-Address = 195.87.246.1
        Service-Type = Framed-User
        Framed-Protocol = PPP
        Calling-Station-Id = "905337141422"
        NAS-Identifier = "kocnet"
        CHAP-Challenge = <234>vCi<1>"<227>_<171><224><23>g<232><178><221><130><184><150>7<176>
 
Mon Oct 21 16:48:44 2002: DEBUG: Packet dump:
*** Received from 195.87.1.231 port 1645 ....
 
Packet length = 20
03 08 00 14 23 d5 f3 db 42 bf 18 20 2b 00 bc 8c
32 72 03 3a
Code:       Access-Reject  
Identifier: 8
Authentic:  #<213><243><219>B<191><24> +<0><188><140>2r<3>:
Attributes:
 
Mon Oct 21 16:48:44 2002: DEBUG: Received reply in AuthRADIUS for req 8 from 195.87.1.231:1645
Mon Oct 21 16:48:44 2002: INFO: Access rejected for ilkera at gprs:
Mon Oct 21 16:48:44 2002: DEBUG: Packet dump:
*** Sending to 195.87.246.1 port 1812 ....

Packet length = 36
03 b9 00 24 e3 82 7d f9 70 31 ae 08 84 90 c9 e1
c6 fe c2 ed 12 10 52 65 71 75 65 73 74 20 44 65
6e 69 65 64
Code:       Access-Reject  
Identifier: 185
Authentic:  u<184>}<31><250>$*$<19><152>F<201>p<8>w<218>
Attributes:
        Reply-Message = "Request Denied"
 
Can you help us to find where the problem is and solve it ?
 
Best Regards,
ilker Aktuna
Koc.net Network Services
 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.open.com.au/pipermail/radiator/attachments/20021021/0adca80f/attachment.html>


More information about the radiator mailing list