(RADIATOR) Re: Radiator on Windows 2000 AuthbyNT hangs (addition)

Nico de Groot ndegroot at ktu.nl
Sun Feb 23 16:04:26 CST 2003


Dear Hugh,

In the setup (Surfnet Thuisnet) we are using all that we have to send back
is Access-Accept or Access-Denied. I think this last problem could very well
be to a communication problem between our Radius and the upstream server.

[RAS-requestor] -username/pw/number-> [Central Radius]-u/p/n-> [Utrecht
University Radiator] -u/p/n-> [KTU Radiator]

[KTU Radiator] - Accept or Denied ->[UU] -A/D->[Central]-A/D->[RAS
requestor]

I'll check this first thing tomorrow (Monday, its 23:00 Sunday-evening here)
when I'm back at the University. In the Utrecht University radiator log-file
they must be able to find more info. I'll let you know.

By the way: I'm impressed by your swift responses especially considering
the time-differences and even during the weekend!

Greetings

Nico


----- Original Message -----
From: "Hugh Irvine" <hugh at open.com.au>
To: "Nico de Groot" <ndegroot at ktu.nl>
Cc: <radiator at open.com.au>
Sent: Sunday, February 23, 2003 10:08 PM
Subject: Re: (RADIATOR) Re: Radiator on Windows 2000 AuthbyNT hangs
(addition)


>
> Hello Nico -
>
> Thanks for sending the debug information.
>
> It looks to me like the NAS is retrying the access requests because you
> are not sending back any reply attributes in the Access-Accept's. You
> should add at least the following to your AuthBy FILE clause:
>
> <AuthBy FILE>
> ....
> AddToReply Service-Type = Framed-User, \
> Framed-Protocol = PPP
> ....
> <AuthBy>
>
> regards
>
> Hugh
>
>
>
> On Sunday, Feb 23, 2003, at 21:18 Australia/Melbourne, Nico de Groot
> wrote:
>
> > Hello Hugh,
> >
> > Below the info you asked for. I'll try sniffing later. I have to
> > locate a
> > new sniffing program (old one on the crashed disk, sniff ).
> >
> > Thanks,
> > Nico
> >
> > --action -----
> > Local request, localhost to localhost: one request one answer.
> > External request, relayed by radius1(41) or radius2.uu.nl(40) to
> > radius1.ktu.nl alternating
> >
> >   o two or four requests from radius2 on 1840 with each time one
> > positive
> > reply by us
> >   o one sometimes three requests from radius1 each positive replied by
> > us
> >
> > exact structure: (40)*3,41,40,41,41.,4040,41,(40)*4,41,41,41...
> > see trace 4 below
> >
> > --config-file-----
> > Trace   4
> >
> > # The name of the file where the radiusd PID will be
> > # written after startup
> > PidFile ./radiusd.pid
> > # AuthPort specifies the port to list on for authentication requests
> > AuthPort        1645
> > # AcctPort specifies the port to list on for accounting requests
> > AcctPort        1646
> > # LogDir is the directory where logfiles are put
> > LogDir ./log
> > # DbDir is the directory where database and config are put
> > DbDir ./db
> > # LogFile is the name of the log file.
> > LogFile         %L/logfile
> > # DictionaryFile is the name of the Radius dictionary file
> > DictionaryFile  %D/dictionary
> > # <Client hostname> is used to define each radius client to which
> > # we will respond. Requests received from clients that arent named by
> > # Client clauses in this file here will be ignored
> > # radius1.surf.nl=radius1.studentennet.nl
> > # radius2.surf.nl=radius2.studentennet.nl
> > <Client DEFAULT>
> >       Secret  een.geheimpje!!
> >  DupInterval 0
> >  IgnoreAcctSignature
> > </Client>
> > <Client radius1.uu.nl>
> >  Secret  ***
> >  IgnoreAcctSignature
> >  DupInterval 2
> > </Client>
> > <Client radius2.uu.nl>
> >  Secret  ***
> >  IgnoreAcctSignature
> >  DupInterval 2
> > </Client>
> > <Client radius1.surf.nl>
> >  Secret  ***
> >  IgnoreAcctSignature
> > </Client>
> > # voor lokaal testen met radpwst
> > <Client localhost>
> >  Secret  alles.is.ijdelheid!
> >  DupInterval 0
> >  IgnoreAcctSignature
> > </Client>
> > <Client kt183.ktu.nl>
> >  Secret  mysecret
> >  DupInterval 0
> >  IgnoreAcctSignature
> > </Client>
> >
> > <Realm ktu.nl>
> >  RewriteUsername         s/^([^@]+).*/$1/
> >  MaxSessions             9999
> >  AcctLogFileName         %L/ktu.detail
> >  WtmpFileName            %L/ktu.wtmp
> > # PasswordLogFileName     %L/ktu.passwd
> >  <AuthBy FILE>
> >   Filename        %D/ktu.users
> >  </AuthBy>
> > </Realm>
> >
> > <Realm DEFAULT>
> >  RewriteUsername         s/^([^@]+).*/$1/
> >  MaxSessions             9999
> >  AcctLogFileName         %L/detail
> >  WtmpFileName            %L/wtmp
> >  <AuthBy FILE>
> >   Filename        %D/ktu.users
> >  </AuthBy>
> > </Realm>
> > <AuthBy NT>
> >  Identifier NT-Theologie
> >  Domain THEOLOGIE
> >  DomainController \\DIENAAR01
> >  IgnorePasswordChange
> > </AuthBy>
> > <AuthBy NT>
> >  Identifier NT-Studenten
> >  Domain STUDENTEN
> >  DomainController \\BONIFATIUS
> >  IgnorePasswordChange
> > </AuthBy>
> >
> > --trace 4 -----
> > # first one succesfull communication one request one (correct)denial
> > (localhost)
> > # rest loops (approximate 20 times until requesting remote acces client
> > times out)
> > Sat Feb 22 19:04:03 2003: DEBUG: Packet dump:
> > *** Received from 131.211.69.246 port 3144 ....
> > Code:       Access-Request
> > Identifier: 228
> > Authentic:  1234567890123456
> > Attributes:
> >  User-Name = "test at ktu.nl"
> >  Service-Type = Framed-User
> >  NAS-IP-Address = 203.63.154.1
> >  NAS-Port = 1234
> >  Called-Station-Id = "123456789"
> >  Calling-Station-Id = "302533568"
> >  NAS-Port-Type = Async
> >  User-Password = "8<4>B<209>^<167>w._<144>2ZS<11><172><191>"
> >
> > Sat Feb 22 19:04:03 2003: DEBUG: Handling request with Handler
> > 'Realm=ktu.nl'
> > Sat Feb 22 19:04:03 2003: DEBUG: Rewrote user name to test
> > Sat Feb 22 19:04:03 2003: DEBUG:  Deleting session for test at ktu.nl,
> > 203.63.154.1, 1234
> > Sat Feb 22 19:04:03 2003: DEBUG: Handling with Radius::AuthFILE:
> > Sat Feb 22 19:04:03 2003: DEBUG: Radius::AuthFILE looks for match with
> > test
> > Sat Feb 22 19:04:03 2003: WARNING: Could not find Identifier for
> > Auth-Type
> > 'NT-Studenten'
> > Sat Feb 22 19:04:03 2003: DEBUG: Radius::AuthFILE REJECT: Could not
> > find
> > Identifier for Auth-Type 'NT-Studenten'
> > Sat Feb 22 19:04:03 2003: INFO: Access rejected for test: Could not
> > find
> > Identifier for Auth-Type 'NT-Studenten'
> > Sat Feb 22 19:04:03 2003: DEBUG: Packet dump:
> > *** Sending to 131.211.69.246 port 3144 ....
> > Code:       Access-Reject
> > Identifier: 228
> > Authentic:  1234567890123456
> > Attributes:
> >  Reply-Message = "Request Denied"
> >
> > Sat Feb 22 19:11:26 2003: DEBUG: Packet dump:
> > *** Received from 131.211.16.40 port 1840 ....
> > Code:       Access-Request
> > Identifier: 145
> > Authentic:  <216>|<239><162>L<136>W<5>@<139>bc<155><16><170><183>
> > Attributes:
> >  Framed-Protocol = PPP
> >  User-Name = "ndegroot at ktu.nl"
> >  User-Password =
> > "<157>.<234>.<192><228><1><233><143>+2<3><151><166>4<26>"
> >  NAS-Port-Type = Async
> >  Calling-Station-Id = "207798110"
> >  Called-Station-Id = "877880070"
> >  Service-Type = Framed-User
> >  NAS-IP-Address = 195.169.131.8
> >
> > Sat Feb 22 19:11:26 2003: DEBUG: Handling request with Handler
> > 'Realm=ktu.nl'
> > Sat Feb 22 19:11:26 2003: DEBUG: Rewrote user name to ndegroot
> > Sat Feb 22 19:11:26 2003: DEBUG:  Deleting session for ndegroot at ktu.nl,
> > 195.169.131.8,
> > Sat Feb 22 19:11:26 2003: DEBUG: Handling with Radius::AuthFILE:
> > Sat Feb 22 19:11:26 2003: DEBUG: Radius::AuthFILE looks for match with
> > ndegroot
> > Sat Feb 22 19:11:26 2003: DEBUG: Handling with NT
> > Sat Feb 22 19:11:26 2003: DEBUG: Radius::AuthFILE ACCEPT:
> > Sat Feb 22 19:11:26 2003: DEBUG: Access accepted for ndegroot
> > Sat Feb 22 19:11:26 2003: DEBUG: Packet dump:
> > *** Sending to 131.211.16.40 port 1840 ....
> > Code:       Access-Accept
> > Identifier: 145
> > Authentic:  <216>|<239><162>L<136>W<5>@<139>bc<155><16><170><183>
> > Attributes:
> >
> > Sat Feb 22 19:11:29 2003: DEBUG: Packet dump:
> > *** Received from 131.211.16.40 port 1840 ....
> > Code:       Access-Request
> > Identifier: 146
> > Authentic:  <216>|<239><162>L<136>W<5>@<139>bc<155><16><170><183>
> > Attributes:
> >  Framed-Protocol = PPP
> >  User-Name = "ndegroot at ktu.nl"
> >  User-Password =
> > "<157>.<234>.<192><228><1><233><143>+2<3><151><166>4<26>"
> >  NAS-Port-Type = Async
> >  Calling-Station-Id = "207798110"
> >  Called-Station-Id = "877880070"
> >  Service-Type = Framed-User
> >  NAS-IP-Address = 195.169.131.8
> >
> > Sat Feb 22 19:11:29 2003: DEBUG: Handling request with Handler
> > 'Realm=ktu.nl'
> > Sat Feb 22 19:11:29 2003: DEBUG: Rewrote user name to ndegroot
> > Sat Feb 22 19:11:29 2003: DEBUG:  Deleting session for ndegroot at ktu.nl,
> > 195.169.131.8,
> > Sat Feb 22 19:11:29 2003: DEBUG: Handling with Radius::AuthFILE:
> > Sat Feb 22 19:11:29 2003: DEBUG: Radius::AuthFILE looks for match with
> > ndegroot
> > Sat Feb 22 19:11:29 2003: DEBUG: Handling with NT
> > Sat Feb 22 19:11:29 2003: DEBUG: Radius::AuthFILE ACCEPT:
> > Sat Feb 22 19:11:29 2003: DEBUG: Access accepted for ndegroot
> > Sat Feb 22 19:11:29 2003: DEBUG: Packet dump:
> > *** Sending to 131.211.16.40 port 1840 ....
> > Code:       Access-Accept
> > Identifier: 146
> > Authentic:  <216>|<239><162>L<136>W<5>@<139>bc<155><16><170><183>
> > Attributes:
> >
> > Sat Feb 22 19:11:31 2003: DEBUG: Packet dump:
> > *** Received from 131.211.16.40 port 1840 ....
> > Code:       Access-Request
> > Identifier: 145
> > Authentic:  <216>|<239><162>L<136>W<5>@<139>bc<155><16><170><183>
> > Attributes:
> >  Framed-Protocol = PPP
> >  User-Name = "ndegroot at ktu.nl"
> >  User-Password =
> > "<157>.<234>.<192><228><1><233><143>+2<3><151><166>4<26>"
> >  NAS-Port-Type = Async
> >  Calling-Station-Id = "207798110"
> >  Called-Station-Id = "877880070"
> >  Service-Type = Framed-User
> >  NAS-IP-Address = 195.169.131.8
> >
> > Sat Feb 22 19:11:31 2003: DEBUG: Handling request with Handler
> > 'Realm=ktu.nl'
> > Sat Feb 22 19:11:31 2003: DEBUG: Rewrote user name to ndegroot
> > Sat Feb 22 19:11:31 2003: DEBUG:  Deleting session for ndegroot at ktu.nl,
> > 195.169.131.8,
> > Sat Feb 22 19:11:31 2003: DEBUG: Handling with Radius::AuthFILE:
> > Sat Feb 22 19:11:31 2003: DEBUG: Radius::AuthFILE looks for match with
> > ndegroot
> > Sat Feb 22 19:11:31 2003: DEBUG: Handling with NT
> > Sat Feb 22 19:11:31 2003: DEBUG: Radius::AuthFILE ACCEPT:
> > Sat Feb 22 19:11:31 2003: DEBUG: Access accepted for ndegroot
> > Sat Feb 22 19:11:31 2003: DEBUG: Packet dump:
> > *** Sending to 131.211.16.40 port 1840 ....
> > Code:       Access-Accept
> > Identifier: 145
> > Authentic:  <216>|<239><162>L<136>W<5>@<139>bc<155><16><170><183>
> > Attributes:
> >
> > Sat Feb 22 19:11:32 2003: DEBUG: Packet dump:
> > *** Received from 131.211.16.41 port 49278 ....
> > Code:       Access-Request
> > Identifier: 145
> > Authentic:  <216>|<239><162>L<136>W<5>@<139>bc<155><16><170><183>
> > Attributes:
> >  Framed-Protocol = PPP
> >  User-Name = "ndegroot at ktu.nl"
> >  User-Password =
> > "<157>.<234>.<192><228><1><233><143>+2<3><151><166>4<26>"
> >  NAS-Port-Type = Async
> >  Calling-Station-Id = "207798110"
> >  Called-Station-Id = "877880070"
> >  Service-Type = Framed-User
> >  NAS-IP-Address = 195.169.131.8
> >
> > Sat Feb 22 19:11:32 2003: DEBUG: Handling request with Handler
> > 'Realm=ktu.nl'
> > Sat Feb 22 19:11:32 2003: DEBUG: Rewrote user name to ndegroot
> > Sat Feb 22 19:11:32 2003: DEBUG:  Deleting session for ndegroot at ktu.nl,
> > 195.169.131.8,
> > Sat Feb 22 19:11:32 2003: DEBUG: Handling with Radius::AuthFILE:
> > Sat Feb 22 19:11:32 2003: DEBUG: Radius::AuthFILE looks for match with
> > ndegroot
> > Sat Feb 22 19:11:32 2003: DEBUG: Handling with NT
> > Sat Feb 22 19:11:33 2003: DEBUG: Radius::AuthFILE ACCEPT:
> > Sat Feb 22 19:11:33 2003: DEBUG: Access accepted for ndegroot
> > Sat Feb 22 19:11:33 2003: DEBUG: Packet dump:
> > *** Sending to 131.211.16.41 port 49278 ....
> > Code:       Access-Accept
> > Identifier: 145
> > Authentic:  <216>|<239><162>L<136>W<5>@<139>bc<155><16><170><183>
> > Attributes:
> >
> > Sat Feb 22 19:11:34 2003: DEBUG: Packet dump:
> > *** Received from 131.211.16.40 port 1840 ....
> > Code:       Access-Request
> > Identifier: 146
> > Authentic:  <216>|<239><162>L<136>W<5>@<139>bc<155><16><170><183>
> > Attributes:
> >  Framed-Protocol = PPP
> >  User-Name = "ndegroot at ktu.nl"
> >  User-Password =
> > "<157>.<234>.<192><228><1><233><143>+2<3><151><166>4<26>"
> >  NAS-Port-Type = Async
> >  Calling-Station-Id = "207798110"
> >  Called-Station-Id = "877880070"
> >  Service-Type = Framed-User
> >  NAS-IP-Address = 195.169.131.8
> >
> > Sat Feb 22 19:11:34 2003: DEBUG: Handling request with Handler
> > 'Realm=ktu.nl'
> > Sat Feb 22 19:11:34 2003: DEBUG: Rewrote user name to ndegroot
> > Sat Feb 22 19:11:34 2003: DEBUG:  Deleting session for ndegroot at ktu.nl,
> > 195.169.131.8,
> > Sat Feb 22 19:11:34 2003: DEBUG: Handling with Radius::AuthFILE:
> > Sat Feb 22 19:11:34 2003: DEBUG: Radius::AuthFILE looks for match with
> > ndegroot
> > Sat Feb 22 19:11:34 2003: DEBUG: Handling with NT
> > Sat Feb 22 19:11:34 2003: DEBUG: Radius::AuthFILE ACCEPT:
> > Sat Feb 22 19:11:34 2003: DEBUG: Access accepted for ndegroot
> > Sat Feb 22 19:11:34 2003: DEBUG: Packet dump:
> > *** Sending to 131.211.16.40 port 1840 ....
> > Code:       Access-Accept
> > Identifier: 146
> > Authentic:  <216>|<239><162>L<136>W<5>@<139>bc<155><16><170><183>
> > Attributes:
> >
> > Sat Feb 22 19:11:35 2003: DEBUG: Packet dump:
> > *** Received from 131.211.16.41 port 49278 ....
> > Code:       Access-Request
> > Identifier: 146
> > Authentic:  <216>|<239><162>L<136>W<5>@<139>bc<155><16><170><183>
> > Attributes:
> >  Framed-Protocol = PPP
> >  User-Name = "ndegroot at ktu.nl"
> >  User-Password =
> > "<157>.<234>.<192><228><1><233><143>+2<3><151><166>4<26>"
> >  NAS-Port-Type = Async
> >  Calling-Station-Id = "207798110"
> >  Called-Station-Id = "877880070"
> >  Service-Type = Framed-User
> >  NAS-IP-Address = 195.169.131.8
> >
> > Sat Feb 22 19:11:35 2003: DEBUG: Handling request with Handler
> > 'Realm=ktu.nl'
> > Sat Feb 22 19:11:35 2003: DEBUG: Rewrote user name to ndegroot
> > Sat Feb 22 19:11:35 2003: DEBUG:  Deleting session for ndegroot at ktu.nl,
> > 195.169.131.8,
> > Sat Feb 22 19:11:35 2003: DEBUG: Handling with Radius::AuthFILE:
> > Sat Feb 22 19:11:35 2003: DEBUG: Radius::AuthFILE looks for match with
> > ndegroot
> > Sat Feb 22 19:11:35 2003: DEBUG: Handling with NT
> > Sat Feb 22 19:11:36 2003: DEBUG: Radius::AuthFILE ACCEPT:
> > Sat Feb 22 19:11:36 2003: DEBUG: Access accepted for ndegroot
> > Sat Feb 22 19:11:36 2003: DEBUG: Packet dump:
> > *** Sending to 131.211.16.41 port 49278 ....
> > Code:       Access-Accept
> > Identifier: 146
> > Authentic:  <216>|<239><162>L<136>W<5>@<139>bc<155><16><170><183>
> > Attributes:
> >
> > Sat Feb 22 19:11:36 2003: DEBUG: Packet dump:
> > *** Received from 131.211.16.40 port 1840 ....
> > Code:       Access-Request
> > Identifier: 145
> > Authentic:  <216>|<239><162>L<136>W<5>@<139>bc<155><16><170><183>
> > Attributes:
> >  Framed-Protocol = PPP
> >  User-Name = "ndegroot at ktu.nl"
> >  User-Password =
> > "<157>.<234>.<192><228><1><233><143>+2<3><151><166>4<26>"
> >  NAS-Port-Type = Async
> >  Calling-Station-Id = "207798110"
> >  Called-Station-Id = "877880070"
> >  Service-Type = Framed-User
> >  NAS-IP-Address = 195.169.131.8
> >
> > Sat Feb 22 19:11:36 2003: DEBUG: Handling request with Handler
> > 'Realm=ktu.nl'
> > Sat Feb 22 19:11:36 2003: DEBUG: Rewrote user name to ndegroot
> > Sat Feb 22 19:11:36 2003: DEBUG:  Deleting session for ndegroot at ktu.nl,
> > 195.169.131.8,
> > Sat Feb 22 19:11:36 2003: DEBUG: Handling with Radius::AuthFILE:
> > Sat Feb 22 19:11:36 2003: DEBUG: Radius::AuthFILE looks for match with
> > ndegroot
> > Sat Feb 22 19:11:36 2003: DEBUG: Handling with NT
> > Sat Feb 22 19:11:36 2003: DEBUG: Radius::AuthFILE ACCEPT:
> > Sat Feb 22 19:11:36 2003: DEBUG: Access accepted for ndegroot
> > Sat Feb 22 19:11:36 2003: DEBUG: Packet dump:
> > *** Sending to 131.211.16.40 port 1840 ....
> > Code:       Access-Accept
> > Identifier: 145
> > Authentic:  <216>|<239><162>L<136>W<5>@<139>bc<155><16><170><183>
> > Attributes:
> >
> > Sat Feb 22 19:11:36 2003: DEBUG: Packet dump:
> > *** Received from 131.211.16.40 port 1840 ....
> > Code:       Access-Request
> > Identifier: 147
> > Authentic:  <216>|<239><162>L<136>W<5>@<139>bc<155><16><170><183>
> > Attributes:
> >  Framed-Protocol = PPP
> >  User-Name = "ndegroot at ktu.nl"
> >  User-Password =
> > "<157>.<234>.<192><228><1><233><143>+2<3><151><166>4<26>"
> >  NAS-Port-Type = Async
> >  Calling-Station-Id = "207798110"
> >  Called-Station-Id = "877880070"
> >  Service-Type = Framed-User
> >  NAS-IP-Address = 195.169.131.8
> >
> > Sat Feb 22 19:11:36 2003: DEBUG: Handling request with Handler
> > 'Realm=ktu.nl'
> > Sat Feb 22 19:11:36 2003: DEBUG: Rewrote user name to ndegroot
> > Sat Feb 22 19:11:36 2003: DEBUG:  Deleting session for ndegroot at ktu.nl,
> > 195.169.131.8,
> > Sat Feb 22 19:11:36 2003: DEBUG: Handling with Radius::AuthFILE:
> > Sat Feb 22 19:11:36 2003: DEBUG: Radius::AuthFILE looks for match with
> > ndegroot
> > Sat Feb 22 19:11:36 2003: DEBUG: Handling with NT
> > Sat Feb 22 19:11:36 2003: DEBUG: Radius::AuthFILE ACCEPT:
> > Sat Feb 22 19:11:36 2003: DEBUG: Access accepted for ndegroot
> > Sat Feb 22 19:11:36 2003: DEBUG: Packet dump:
> > *** Sending to 131.211.16.40 port 1840 ....
> > Code:       Access-Accept
> > Identifier: 147
> > Authentic:  <216>|<239><162>L<136>W<5>@<139>bc<155><16><170><183>
> > Attributes:
> >
> > Sat Feb 22 19:11:38 2003: DEBUG: Packet dump:
> > *** Received from 131.211.16.41 port 49278 ....
> > Code:       Access-Request
> > Identifier: 145
> > Authentic:  <216>|<239><162>L<136>W<5>@<139>bc<155><16><170><183>
> > Attributes:
> >  Framed-Protocol = PPP
> >  User-Name = "ndegroot at ktu.nl"
> >  User-Password =
> > "<157>.<234>.<192><228><1><233><143>+2<3><151><166>4<26>"
> >  NAS-Port-Type = Async
> >  Calling-Station-Id = "207798110"
> >  Called-Station-Id = "877880070"
> >  Service-Type = Framed-User
> >  NAS-IP-Address = 195.169.131.8
> >
> > Sat Feb 22 19:11:38 2003: DEBUG: Handling request with Handler
> > 'Realm=ktu.nl'
> > Sat Feb 22 19:11:38 2003: DEBUG: Rewrote user name to ndegroot
> > Sat Feb 22 19:11:38 2003: DEBUG:  Deleting session for ndegroot at ktu.nl,
> > 195.169.131.8,
> > Sat Feb 22 19:11:38 2003: DEBUG: Handling with Radius::AuthFILE:
> > Sat Feb 22 19:11:38 2003: DEBUG: Radius::AuthFILE looks for match with
> > ndegroot
> > Sat Feb 22 19:11:38 2003: DEBUG: Handling with NT
> > Sat Feb 22 19:11:38 2003: DEBUG: Radius::AuthFILE ACCEPT:
> > Sat Feb 22 19:11:38 2003: DEBUG: Access accepted for ndegroot
> > Sat Feb 22 19:11:38 2003: DEBUG: Packet dump:
> > *** Sending to 131.211.16.41 port 49278 ....
> > Code:       Access-Accept
> > Identifier: 145
> > Authentic:  <216>|<239><162>L<136>W<5>@<139>bc<155><16><170><183>
> > Attributes:
> >
> > Sat Feb 22 19:11:38 2003: DEBUG: Packet dump:
> > *** Received from 131.211.16.40 port 1840 ....
> > Code:       Access-Request
> > Identifier: 146
> > Authentic:  <216>|<239><162>L<136>W<5>@<139>bc<155><16><170><183>
> > Attributes:
> >  Framed-Protocol = PPP
> >  User-Name = "ndegroot at ktu.nl"
> >  User-Password =
> > "<157>.<234>.<192><228><1><233><143>+2<3><151><166>4<26>"
> >  NAS-Port-Type = Async
> >  Calling-Station-Id = "207798110"
> >  Called-Station-Id = "877880070"
> >  Service-Type = Framed-User
> >  NAS-IP-Address = 195.169.131.8
> >
> > Sat Feb 22 19:11:38 2003: DEBUG: Handling request with Handler
> > 'Realm=ktu.nl'
> > Sat Feb 22 19:11:38 2003: DEBUG: Rewrote user name to ndegroot
> > Sat Feb 22 19:11:38 2003: DEBUG:  Deleting session for ndegroot at ktu.nl,
> > 195.169.131.8,
> > Sat Feb 22 19:11:38 2003: DEBUG: Handling with Radius::AuthFILE:
> > Sat Feb 22 19:11:38 2003: DEBUG: Radius::AuthFILE looks for match with
> > ndegroot
> > Sat Feb 22 19:11:38 2003: DEBUG: Handling with NT
> > Sat Feb 22 19:11:39 2003: DEBUG: Radius::AuthFILE ACCEPT:
> > Sat Feb 22 19:11:39 2003: DEBUG: Access accepted for ndegroot
> > Sat Feb 22 19:11:39 2003: DEBUG: Packet dump:
> > *** Sending to 131.211.16.40 port 1840 ....
> > Code:       Access-Accept
> > Identifier: 146
> > Authentic:  <216>|<239><162>L<136>W<5>@<139>bc<155><16><170><183>
> > Attributes:
> >
> > Sat Feb 22 19:11:39 2003: DEBUG: Packet dump:
> > *** Received from 131.211.16.40 port 1840 ....
> > Code:       Access-Request
> > Identifier: 148
> > Authentic:  <216>|<239><162>L<136>W<5>@<139>bc<155><16><170><183>
> > Attributes:
> >  Framed-Protocol = PPP
> >  User-Name = "ndegroot at ktu.nl"
> >  User-Password =
> > "<157>.<234>.<192><228><1><233><143>+2<3><151><166>4<26>"
> >  NAS-Port-Type = Async
> >  Calling-Station-Id = "207798110"
> >  Called-Station-Id = "877880070"
> >  Service-Type = Framed-User
> >  NAS-IP-Address = 195.169.131.8
> >
> > Sat Feb 22 19:11:39 2003: DEBUG: Handling request with Handler
> > 'Realm=ktu.nl'
> > Sat Feb 22 19:11:39 2003: DEBUG: Rewrote user name to ndegroot
> > Sat Feb 22 19:11:39 2003: DEBUG:  Deleting session for ndegroot at ktu.nl,
> > 195.169.131.8,
> > Sat Feb 22 19:11:39 2003: DEBUG: Handling with Radius::AuthFILE:
> > Sat Feb 22 19:11:39 2003: DEBUG: Radius::AuthFILE looks for match with
> > ndegroot
> > Sat Feb 22 19:11:39 2003: DEBUG: Handling with NT
> > Sat Feb 22 19:11:39 2003: DEBUG: Radius::AuthFILE ACCEPT:
> > Sat Feb 22 19:11:39 2003: DEBUG: Access accepted for ndegroot
> > Sat Feb 22 19:11:39 2003: DEBUG: Packet dump:
> > *** Sending to 131.211.16.40 port 1840 ....
> > Code:       Access-Accept
> > Identifier: 148
> > Authentic:  <216>|<239><162>L<136>W<5>@<139>bc<155><16><170><183>
> > Attributes:
> >
> > Sat Feb 22 19:11:40 2003: DEBUG: Packet dump:
> > *** Received from 131.211.16.40 port 1840 ....
> > Code:       Access-Request
> > Identifier: 145
> > Authentic:  <216>|<239><162>L<136>W<5>@<139>bc<155><16><170><183>
> > Attributes:
> >  Framed-Protocol = PPP
> >  User-Name = "ndegroot at ktu.nl"
> >  User-Password =
> > "<157>.<234>.<192><228><1><233><143>+2<3><151><166>4<26>"
> >  NAS-Port-Type = Async
> >  Calling-Station-Id = "207798110"
> >  Called-Station-Id = "877880070"
> >  Service-Type = Framed-User
> >  NAS-IP-Address = 195.169.131.8
> >
> > Sat Feb 22 19:11:40 2003: DEBUG: Handling request with Handler
> > 'Realm=ktu.nl'
> > Sat Feb 22 19:11:40 2003: DEBUG: Rewrote user name to ndegroot
> > Sat Feb 22 19:11:40 2003: DEBUG:  Deleting session for ndegroot at ktu.nl,
> > 195.169.131.8,
> > Sat Feb 22 19:11:40 2003: DEBUG: Handling with Radius::AuthFILE:
> > Sat Feb 22 19:11:40 2003: DEBUG: Radius::AuthFILE looks for match with
> > ndegroot
> > Sat Feb 22 19:11:40 2003: DEBUG: Handling with NT
> > Sat Feb 22 19:11:41 2003: DEBUG: Radius::AuthFILE ACCEPT:
> > Sat Feb 22 19:11:41 2003: DEBUG: Access accepted for ndegroot
> > Sat Feb 22 19:11:41 2003: DEBUG: Packet dump:
> > *** Sending to 131.211.16.40 port 1840 ....
> > Code:       Access-Accept
> > Identifier: 145
> > Authentic:  <216>|<239><162>L<136>W<5>@<139>bc<155><16><170><183>
> > Attributes:
> >
> > Sat Feb 22 19:11:41 2003: DEBUG: Packet dump:
> > *** Received from 131.211.16.40 port 1840 ....
> > Code:       Access-Request
> > Identifier: 147
> > Authentic:  <216>|<239><162>L<136>W<5>@<139>bc<155><16><170><183>
> > Attributes:
> >  Framed-Protocol = PPP
> >  User-Name = "ndegroot at ktu.nl"
> >  User-Password =
> > "<157>.<234>.<192><228><1><233><143>+2<3><151><166>4<26>"
> >  NAS-Port-Type = Async
> >  Calling-Station-Id = "207798110"
> >  Called-Station-Id = "877880070"
> >  Service-Type = Framed-User
> >  NAS-IP-Address = 195.169.131.8
> >
> > Sat Feb 22 19:11:41 2003: DEBUG: Handling request with Handler
> > 'Realm=ktu.nl'
> > Sat Feb 22 19:11:41 2003: DEBUG: Rewrote user name to ndegroot
> > Sat Feb 22 19:11:41 2003: DEBUG:  Deleting session for ndegroot at ktu.nl,
> > 195.169.131.8,
> > Sat Feb 22 19:11:41 2003: DEBUG: Handling with Radius::AuthFILE:
> > Sat Feb 22 19:11:41 2003: DEBUG: Radius::AuthFILE looks for match with
> > ndegroot
> > Sat Feb 22 19:11:41 2003: DEBUG: Handling with NT
> > Sat Feb 22 19:11:41 2003: DEBUG: Radius::AuthFILE ACCEPT:
> > Sat Feb 22 19:11:41 2003: DEBUG: Access accepted for ndegroot
> > Sat Feb 22 19:11:41 2003: DEBUG: Packet dump:
> > *** Sending to 131.211.16.40 port 1840 ....
> > Code:       Access-Accept
> > Identifier: 147
> > Authentic:  <216>|<239><162>L<136>W<5>@<139>bc<155><16><170><183>
> > Attributes:
> >
> > Sat Feb 22 19:11:41 2003: DEBUG: Packet dump:
> > *** Received from 131.211.16.41 port 49278 ....
> > Code:       Access-Request
> > Identifier: 146
> > Authentic:  <216>|<239><162>L<136>W<5>@<139>bc<155><16><170><183>
> > Attributes:
> >  Framed-Protocol = PPP
> >  User-Name = "ndegroot at ktu.nl"
> >  User-Password =
> > "<157>.<234>.<192><228><1><233><143>+2<3><151><166>4<26>"
> >  NAS-Port-Type = Async
> >  Calling-Station-Id = "207798110"
> >  Called-Station-Id = "877880070"
> >  Service-Type = Framed-User
> >  NAS-IP-Address = 195.169.131.8
> >
> > Sat Feb 22 19:11:41 2003: DEBUG: Handling request with Handler
> > 'Realm=ktu.nl'
> > Sat Feb 22 19:11:41 2003: DEBUG: Rewrote user name to ndegroot
> > Sat Feb 22 19:11:41 2003: DEBUG:  Deleting session for ndegroot at ktu.nl,
> > 195.169.131.8,
> > Sat Feb 22 19:11:41 2003: DEBUG: Handling with Radius::AuthFILE:
> > Sat Feb 22 19:11:41 2003: DEBUG: Radius::AuthFILE looks for match with
> > ndegroot
> > Sat Feb 22 19:11:41 2003: DEBUG: Handling with NT
> > Sat Feb 22 19:11:41 2003: DEBUG: Radius::AuthFILE ACCEPT:
> > Sat Feb 22 19:11:41 2003: DEBUG: Access accepted for ndegroot
> > Sat Feb 22 19:11:41 2003: DEBUG: Packet dump:
> > *** Sending to 131.211.16.41 port 49278 ....
> > Code:       Access-Accept
> > Identifier: 146
> > Authentic:  <216>|<239><162>L<136>W<5>@<139>bc<155><16><170><183>
> > Attributes:
> >
> > Sat Feb 22 19:11:42 2003: DEBUG: Packet dump:
> > *** Received from 131.211.16.41 port 49278 ....
> > Code:       Access-Request
> > Identifier: 147
> > Authentic:  <216>|<239><162>L<136>W<5>@<139>bc<155><16><170><183>
> > Attributes:
> >  Framed-Protocol = PPP
> >  User-Name = "ndegroot at ktu.nl"
> >  User-Password =
> > "<157>.<234>.<192><228><1><233><143>+2<3><151><166>4<26>"
> >  NAS-Port-Type = Async
> >  Calling-Station-Id = "207798110"
> >  Called-Station-Id = "877880070"
> >  Service-Type = Framed-User
> >  NAS-IP-Address = 195.169.131.8
> >
> > Sat Feb 22 19:11:42 2003: DEBUG: Handling request with Handler
> > 'Realm=ktu.nl'
> > Sat Feb 22 19:11:42 2003: DEBUG: Rewrote user name to ndegroot
> > Sat Feb 22 19:11:42 2003: DEBUG:  Deleting session for ndegroot at ktu.nl,
> > 195.169.131.8,
> > Sat Feb 22 19:11:42 2003: DEBUG: Handling with Radius::AuthFILE:
> > Sat Feb 22 19:11:42 2003: DEBUG: Radius::AuthFILE looks for match with
> > ndegroot
> > Sat Feb 22 19:11:42 2003: DEBUG: Handling with NT
> > Sat Feb 22 19:11:42 2003: DEBUG: Radius::AuthFILE ACCEPT:
> > Sat Feb 22 19:11:42 2003: DEBUG: Access accepted for ndegroot
> > Sat Feb 22 19:11:42 2003: DEBUG: Packet dump:
> > *** Sending to 131.211.16.41 port 49278 ....
> > Code:       Access-Accept
> > Identifier: 147
> > Authentic:  <216>|<239><162>L<136>W<5>@<139>bc<155><16><170><183>
> > Attributes:
> >
> > Sat Feb 22 19:11:42 2003: DEBUG: Packet dump:
> > *** Received from 131.211.16.41 port 49278 ....
> > Code:       Access-Request
> > Identifier: 145
> > Authentic:  <216>|<239><162>L<136>W<5>@<139>bc<155><16><170><183>
> > Attributes:
> >  Framed-Protocol = PPP
> >  User-Name = "ndegroot at ktu.nl"
> >  User-Password =
> > "<157>.<234>.<192><228><1><233><143>+2<3><151><166>4<26>"
> >  NAS-Port-Type = Async
> >  Calling-Station-Id = "207798110"
> >  Called-Station-Id = "877880070"
> >  Service-Type = Framed-User
> >  NAS-IP-Address = 195.169.131.8
> >
> > Sat Feb 22 19:11:42 2003: DEBUG: Handling request with Handler
> > 'Realm=ktu.nl'
> > Sat Feb 22 19:11:42 2003: DEBUG: Rewrote user name to ndegroot
> > Sat Feb 22 19:11:42 2003: DEBUG:  Deleting session for ndegroot at ktu.nl,
> > 195.169.131.8,
> > Sat Feb 22 19:11:42 2003: DEBUG: Handling with Radius::AuthFILE:
> > Sat Feb 22 19:11:42 2003: DEBUG: Radius::AuthFILE looks for match with
> > ndegroot
> > Sat Feb 22 19:11:42 2003: DEBUG: Handling with NT
> > Sat Feb 22 19:11:42 2003: DEBUG: Radius::AuthFILE ACCEPT:
> > Sat Feb 22 19:11:42 2003: DEBUG: Access accepted for ndegroot
> > Sat Feb 22 19:11:42 2003: DEBUG: Packet dump:
> > *** Sending to 131.211.16.41 port 49278 ....
> > Code:       Access-Accept
> > Identifier: 145
> > Authentic:  <216>|<239><162>L<136>W<5>@<139>bc<155><16><170><183>
> > Attributes:
> >
> >
> >
> >
> >
> > #repeats likes this some until timeout by requesting remote access
> > client
> >
> >
> > ----- Original Message -----
> > From: "Hugh Irvine" <hugh at open.com.au>
> > To: "Nico de Groot" <ndegroot at ktu.nl>
> > Cc: <radiator at open.com.au>
> > Sent: Sunday, February 23, 2003 12:04 AM
> > Subject: Re: (RADIATOR) Re: Radiator on Windows 2000 AuthbyNT hangs
> > (addition)
> >
> >
> >>
> >> Hello Nico -
> >>
> >> Thanks for keeping us up to date with your testing.
> >>
> >> It would be very helpful to see a copy of your configuration file (no
> >> secrets), together with a more complete trace 4 debug showing what is
> >> going on with multiple requests and responses.
> >>
> >> You should use a packet sniffer to check the actual requests received
> >> and sent on the wire (I think Windows NT includes one - I don't know
> >> about 2000).  The port number that is being used by your radius client
> >> to send the radius request is 49278 as shown below. This is the port
> >> number that Radiator is sending the response to.
> >>
> >>> Sat Feb 22 19:12:16 2003: DEBUG: Packet dump:
> >>> *** Received from 131.211.16.41 port 49278 ....
> >>
> >> regards
> >>
> >> Hugh
> >>
> >>
> >> On Sunday, Feb 23, 2003, at 07:01 Australia/Melbourne, Nico de Groot
> >> wrote:
> >>
> >>> First question
> >>>
> >>> I switched to Radiator 3.5 (done a lot of switching lately) This
> >>> gives
> >>> some
> >>> more information. And now  Radiator doesn't hang . The logfile
> >>> records
> >>> that
> >>> request are received. After that a successful lookup is done en the
> >>> Access-Accept is send (see below). But directly after that new
> >>> requests are
> >>> received and returned. It seems that the upsteam Radiusserver isn't
> >>> listening or that reverse communication is blocked. Is the port
> >>> number
> >>> ok?
> >>> My cfg says 1840.
> >>> Is there anything I can do to to improve or check the reverse
> >>> communication?
> >>>
> >>> Second question
> >>>
> >>> At least my Radius server is doing the NT lookup correctly. Except,
> >>> the
> >>> console output gives for a succesfull lookup
> >>>     result  1 error 87
> >>> This error code means ERROR_INVALID_PARAMETER But it is working.
> >>> source :errorcodes
> >>> http://msdn.microsoft.com/library/default.asp?url=/library/en-us/
> >>> debug/base/
> >>> system_error_codes.asp
> >>>
> >>> Nico de Groot
> >>> KTU
> >>>
> >>>> From log ----
> >>>
> >>> Sat Feb 22 19:12:16 2003: DEBUG: Packet dump:
> >>> *** Received from 131.211.16.41 port 49278 ....
> >>> Code:       Access-Request
> >>> Identifier: 151
> >>> Authentic:  <216>|<239><162>L<136>W<5>@<139>bc<155><16><170><183>
> >>> Attributes:
> >>>  Framed-Protocol = PPP
> >>>  User-Name = "ndegroot at ktu.nl"
> >>>  User-Password =
> >>> "<157>.<234>.<192><228><1><233><143>+2<3><151><166>4<26>"
> >>>  NAS-Port-Type = Async
> >>>  Calling-Station-Id = "207798110"
> >>>  Called-Station-Id = "877880070"
> >>>  Service-Type = Framed-User
> >>>  NAS-IP-Address = 195.169.131.8
> >>>
> >>> Sat Feb 22 19:12:16 2003: DEBUG: Handling request with Handler
> >>> 'Realm=ktu.nl'
> >>> Sat Feb 22 19:12:16 2003: DEBUG: Rewrote user name to ndegroot
> >>> Sat Feb 22 19:12:16 2003: DEBUG:  Deleting session for
> >>> ndegroot at ktu.nl,
> >>> 195.169.131.8,
> >>> Sat Feb 22 19:12:16 2003: DEBUG: Handling with Radius::AuthFILE:
> >>> Sat Feb 22 19:12:16 2003: DEBUG: Radius::AuthFILE looks for match
> >>> with
> >>> ndegroot
> >>> Sat Feb 22 19:12:16 2003: DEBUG: Handling with NT
> >>> Sat Feb 22 19:12:16 2003: DEBUG: Radius::AuthFILE ACCEPT:
> >>> Sat Feb 22 19:12:16 2003: DEBUG: Access accepted for ndegroot
> >>> Sat Feb 22 19:12:16 2003: DEBUG: Packet dump:
> >>> *** Sending to 131.211.16.41 port 49278 ....
> >>> Code:       Access-Accept
> >>> Identifier: 151
> >>> Authentic:  <216>|<239><162>L<136>W<5>@<139>bc<155><16><170><183>
> >>> Attributes:
> >>>
> >>> ===
> >>> Archive at http://www.open.com.au/archives/radiator/
> >>> Announcements on radiator-announce at open.com.au
> >>> To unsubscribe, email 'majordomo at open.com.au' with
> >>> 'unsubscribe radiator' in the body of the message.
> >>>
> >>>
> >>
> >> --
> >> Radiator: the most portable, flexible and configurable RADIUS server
> >> anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
> >> -
> >> Nets: internetwork inventory and management - graphical, extensible,
> >> flexible with hardware, software, platform and database independence.
> >>
> >
> > ===
> > Archive at http://www.open.com.au/archives/radiator/
> > Announcements on radiator-announce at open.com.au
> > To unsubscribe, email 'majordomo at open.com.au' with
> > 'unsubscribe radiator' in the body of the message.
> >
> >
>
> --
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database independence.
>

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list