(RADIATOR) Alcatel SMC proxy radius -->Radiator issue (fwd)
Hugh Irvine
hugh at open.com.au
Thu Jan 16 16:42:33 CST 2003
Hello Abel -
Your problem is due to your use of "DefaultReply" which only adds the
attributes if there are *none* there already.
You should use "AddToReply" instead.
<AuthBy FILE>
Identifier DBcustomer
Filename %D/db/users-customer
AddToReply Service-Type=Framed-User,Framed-Protocol=PPP
RejectEmptyPassword
DefaultSimultaneousUse 1
</AuthBy>
regards
Hugh
On Thursday, Jan 16, 2003, at 23:37 Australia/Melbourne, Abel Lucano
wrote:
>
> Hi all,
> I'm trying to debug the following:
> One proxy-radius (Alcatel-SMC) that forwarding radius authentication
> and
> accounting packets to Radiator.
>
> The whole conversation is configured to use 1645/1646 ports.
>
> When Alcatel-SMC's proxy radius send access-request to Radiator
> this latter sees the packet coming from 1800 or 4248 port(?); radiator
> return this request from 1645 to 1800 or 4248 port.
>
> The SMC side claims that they just are receiving from Radiator the
> Proxy-State (33 binary) attribute but they cannot see basic attributes
> 6 and
> 7 (Service-Type and Framed-Protocol), and then the ppp connnection
> drops.
>
> The basic <Handler> includes "DefaultReply" too and the rest is very
> basic
> working configuration talking with other systems
>
> <AuthBy FILE>
> Identifier DBcustomer
> Filename %D/db/users-customer
> DefaultReply Service-Type=Framed-User,Framed-Protocol=PPP
> RejectEmptyPassword
> DefaultSimultaneousUse 1
> </AuthBy>
>
>
> Somebody has seen this kind of problems? (I've not found it searching
> the
> list archives )
>
>
> I'm including a tcpdump extract of the basic conversation
> (sorry for the XXs, YYs and ZZs; i'm doing a consulting job to others
> and
> they've not authorized me to show their data)
>
>
> 19:04:46.311731 200.XX.XX.XX.4248 > 200.YY.YY.YY.1645: rad-access-req
> 129
> [id 11] Attr[ Proxy_state{....} NAS_ipaddr{200.ZZ.ZZ.ZZ} NAS_port{65}
> NAS_port_type{Sync} User{prueba} [|radius]
>
> 19:04:46.381731 200.YY.YY.YY.1645 > 200.XX.XX.XX.4248:
> rad-access-accept 26
> [id 11] Attr[ Proxy_state{....} ] (DF)
>
> 19:05:43.641731 200.XX.XX.XX.4248 > 200.YY.YY.YY.1645: rad-access-req
> 127
> [id 12] Attr[ Proxy_state{....} NAS_ipaddr{200.ZZ.ZZ.ZZ} NAS_port{66}
> NAS_port_type{Sync} User{prueba} [|radius]
>
> 19:05:44.351731 200.YY.YY.YY.1645 > 200.XX.XX.XX.4248:
> rad-access-accept 26
> [id 12] Attr[ Proxy_state{....} ] (DF)
>
> Thanks in advance,
> Best regards
>
>
> -----------------------------------------------------------------------
> -----
> Abel Lucano
> DECODE SA
> Av Independencia 1355 2B
> TE/FAX +5411 4383 1161
> abel at decode.com.ar
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list