(RADIATOR) Problems with Colubris CN3000

Hugh Irvine hugh at open.com.au
Fri Jan 17 16:22:05 CST 2003 

Salut Denis -

Did you see my previous mail?

Your problem below is almost certainly your dictionary alterations.

You should remove what you added to the dictionary, and just use the  
"Colubris-AVPAIR" attribute that is already in the dictionary.

If you send us a trace 5 debug from Radiator, we will be able to see  
the encoded attributes.

You could also run a packet sniffer on the ethernet interface to see  
what is actually on the wire.

regards

Hugh


On Saturday, Jan 18, 2003, at 03:31 Australia/Melbourne, Denis  
Beauchemin wrote:

> Hello,
>
> Here is my trace 4 debug:
> Thu Jan 16 16:04:47 2003: DEBUG: Packet dump:
> *** Received from 132.210.X.Y port 1024 ....
> Code:       Access-Request
> Identifier: 164
> Authentic:  9kD<23>N<177>M<14><153><131><248><216><139>MH<163>
> Attributes:
> 	Acct-Session-Id = "306f8d83"
> 	NAS-Port = 0
> 	NAS-Port-Type = 19
> 	User-Name = "CN3000"
> 	Calling-Station-Id = "00-02-2D-66-XX-YY"
> 	MS-CHAP2-Response =  
> "<164><0><227>T[<229><162><180><2>p(0c"<239>o<149><240><0><0><0><0><0>< 
> 0><0><0><239>i<222>_<194><183><213>"<169>^<248><139>W<180>n<225>Z<21><2 
> 7><207><164> :P"
> 	MS-CHAP-Challenge =  
> "9kD<23>N<177>M<14><153><131><248><216><139>MH<163>"
> 	NAS-Identifier = "J004-00025"
> 	NAS-IP-Address = 132.210.X.Y
> 	Framed-MTU = 1496
> 	Connect-Info = "HTTPS"
> 	Service-Type = Administrative-User
> 	Message-Authenticator =  
> <28><207><132>uK<191><209><170>~<130><11>X^<245><143><197>
>
> Thu Jan 16 16:04:47 2003: DEBUG: Handling request with Handler  
> 'Client-Identifier=colubris'
> Thu Jan 16 16:04:47 2003: DEBUG:  Deleting session for CN3000,  
> 132.210.X.Y, 0
> Thu Jan 16 16:04:47 2003: DEBUG: Handling with Radius::AuthDBFILE:
> Thu Jan 16 16:04:47 2003: DEBUG: Radius::AuthDBFILE looks for match  
> with CN3000
> Thu Jan 16 16:04:47 2003: DEBUG: Radius::AuthDBFILE ACCEPT:
> Thu Jan 16 16:04:47 2003: DEBUG: Access accepted for CN3000
> Thu Jan 16 16:04:47 2003: DEBUG: Packet dump:
> *** Sending to 132.210.X.Y port 1024 ....
> Code:       Access-Accept
> Identifier: 164
> Authentic:  9kD<23>N<177>M<14><153><131><248><216><139>MH<163>
> Attributes:
> 	MS-CHAP2-Success = "<164>S=35449DBE5D956D58F6C3AC6715A03026FD650291"
> 	MS-MPPE-Send-Key =  
> "<250>EK<129><138><185><165>}Z<166>7<188><239><152><196><193>y<29>R<218 
> ><237>[-=<206><177><11>=b<4><20><168><136><252>"
> 	MS-MPPE-Recv-Key =  
> "<186>g<197><159><223>u<26><151>sC<214><170>@<162>('<193>ZGCpx<189><237 
> ><26>D<246>n<27><226>c5<131><205>"
> 	Service-Type = Framed-User
> 	MS-MPPE-Encryption-Policy = Encryption-Allowed
> 	MS-MPPE-Encryption-Types = Encryption-Any
> 	Framed-Protocol = PPP
> 	Framed-IP-Netmask = 255.255.255.255
> 	Framed-Routing = None
> 	Framed-MTU = 1500
> 	Colubris-AVPair =  
> "login-url=https://somewhere.USherbrooke.ca:8443/java/colubris/ 
> login.jsp?loginurl=Thu Jan 16 16:04:47 2003"
> 	Colubris-AVPair =  
> "session-page=https://somewhere.USherbrooke.ca:8443/java/colubris/ 
> session.html"
> 	Colubris-AVPair =  
> "transport-page=https://somewhere.USherbrooke.ca:8443/java/colubris/ 
> transport.html"
> 	Colubris-AVPair =  
> "fail-page=https://somewhere.USherbrooke.ca:8443/java/colubris/ 
> fail.html"
> 	Colubris-AVPair =  
> "logo=https://somewhere.USherbrooke.ca:8443/java/colubris/logo.gif"
> 	Colubris-AVPair = "access-list=carrefour,ACCEPT,tcp,132.210.Y.Z,8443"
> 	Colubris-AVPair = "access-list=carrefour,ACCEPT,tcp,132.210.Y.Z,80"
>
>
> Thanks!
>
> Denis
>
> Le jeu 16/01/2003 à 12:42, Frank Danielson a écrit :
>> Hi-
>>
>> As Hugh has said in the past, please send a trace 4 debug showing  
>> what's
>> happening during an acess-request so we can see what the problem is.
>>
>> -----Original Message-----
>> From: Denis Beauchemin [mailto:Denis.Beauchemin at USherbrooke.ca]
>> Sent: Thursday, January 16, 2003 12:02 PM
>> To: Radiator
>> Subject: (RADIATOR) Problems with Colubris CN3000
>>
>>
>> Hello,
>>
>> We are testing a Colubris CN3000 802.1x wireless access point and are
>> having some problems with it. (see
>> http://www.colubris.com/en/products/public_access/CN3000/ for more
>> info).
>>
>> The biggest one is the HTTP URLs that don't seem to be sent to (or
>> accepted by) the unit.
>>
>> Here is what I have in radius.cfg (I am using Radiator 3.5):
>> <Client 132.210.X.Y>
>>     Secret oursecret
>>     Identifier  colubris
>> </Client>
>> <Handler Client-Identifier=colubris>
>>     MaxSessions 1
>>     WtmpFileName %L/wtmp
>>     AcctLogFileName %L/accounting
>> #   PasswordLogFileName %L/password.log
>>     <AuthBy DBFILE>
>>         AutoMPPEKeys    Yes
>>         AddToReply  Service-Type = Framed-User,\
>>         MS-MPPE-Encryption-Policy = Encryption-Allowed,\
>>         MS-MPPE-Encryption-Types = Encryption-Any,\
>>         Framed-Protocol = PPP,\
>>         Framed-IP-Netmask = 255.255.255.255,\
>>         Framed-Routing = None,\
>>         Framed-MTU = 1500,\
>>         Colubris-AVPair =
>> "login-url=https://somewhere.USherbrooke.ca:8443/java/colubris/ 
>> login.jsp?log
>> inurl=%l",\
>>         Colubris-AVPair =
>> "session-page=https://somewhere.USherbrooke.ca:8443/java/colubris/ 
>> session.ht
>> ml",\
>>         Colubris-AVPair =
>> "transport-page=https://somewhere.USherbrooke.ca:8443/java/colubris/ 
>> transpor
>> t.html",\
>>         Colubris-AVPair =
>> "fail-page=https://somewhere.USherbrooke.ca:8443/java/colubris/ 
>> fail.html",\
>>         Colubris-AVPair =
>> "logo=https://somewhere.USherbrooke.ca:8443/java/colubris/logo.gif",\
>>         Colubris-AVPair =
>> "access-list=carrefour,ACCEPT,tcp,132.210.X.Y,8443",\
>>         Colubris-AVPair =  
>> "access-list=carrefour,ACCEPT,tcp,132.210.X.Y,80"
>>         Filename %D/usersdb
>>         RcryptKey our key
>>     </AuthBy>
>>     AuthLog Defaut
>> </Handler>
>>
>> This is what I added to dictionary:
>> VENDOR     Colubris    8744
>> VENDORATTR    8744   Colubris-AVPair   0   string
>> ATTRIBUTE            Colubris-AVPair   0   string
>>
>> The Colubris-AVPair don't seem to get to the CN3000 when it logs on.
>>
>> Any ideas?  I'm pretty sure I made a mistake in one of Radiator's conf
>> files.
>>
>> Thanks!
> -- 
> Denis Beauchemin, analyste
> Université de Sherbrooke, S.T.I.
> T: 819.821.8000x2252 F: 819.821.8045
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list