(RADIATOR) Problems with Colubris CN3000

Anton Krall akrall at intruder.com.mx
Sat Jan 18 09:59:45 CST 2003


Guys.. Can anybody send me some screenshots of the screens the colubris
uses to tell the user to enter their username, and the ones used to tell
the user their minutes left, status and such?

I would be of great help to see what the unit can do and how it looks
like.

Thx!!
__________________________________________________________________
Anton Krall
CEO 
Intruder Consulting
 
Email: akrall at intruder.com.mx
Tel: (55)5233-9281 
Celular: (044)55-5105-5160 
ICQ#: 4979450
MSN: akrall at hotmail.com
AIM: antonkrall
Web: www.intruder.com.mx
 
Outside Mexico
Tel: (+52)555-233-9281 
Celular: (+52)555-105-5160


%-----Original Message-----
%From: owner-radiator at open.com.au 
%[mailto:owner-radiator at open.com.au] On Behalf Of Mike McCauley
%Sent: Viernes, 17 de Enero de 2003 06:07 p.m.
%To: Hugh Irvine; Vincent.Hua at power2roam.com
%Cc: 'engineering'; radiator at open.com.au
%Subject: Re: (RADIATOR) Problems with Colubris CN3000
%
%
%Hello all,
%
%Vincents patch is exactly the right answer.
%We will post a patch in about 2 days.
%
%Cheers.
%
%On Thu, 16 Jan 2003 19:36, Hugh Irvine wrote:
%> Hello Vincent -
%>
%> Many thanks for the patch. This is indeed a bug.
%>
%> Mike will have a patch up on the web site in the next day or so (we 
%> will post a message to the list).
%>
%> thanks again
%>
%> regards
%>
%> Hugh
%>
%>
%> On Friday, Jan 17, 2003, at 11:29 Australia/Melbourne, Vincent Hua
%>
%> wrote:
%> > Hi, there,
%> >
%> > I'm assuming all of you are using EAP-MD5 for authentication. We 
%> > identified the same problem with 3.5. 3.3.1 didn't have the issue. 
%> > Upon checking out
%> > the source code, there was problems with the EAP_4.pm source code.
%> > Maybe the
%> > programming team can tell us whether this is a blind spot in the
%> > design or a
%> > failure in architect ?
%> >
%> > I have the fix here for your reference here. Other auth 
%methods seem 
%> > to be fine.
%> >
%> > Good luck!
%> >
%> > ======================================
%> > Vincent Hua
%> > Vice President Operations
%> > Power2Roam Technologies Inc.
%> > ISG InfoTech Systems Group Inc.
%> > 13988 Cambie Road, Suite 313 (2/F)
%> > Richmond, BC, V6V 2K4
%> > V:  +1 (604) 303 6881 ext. 101
%> > F:  +1 (604) 303 6854
%> > W:	www.Power2Roam.com 	www.ISGGroup.com
%> > ICQ: 196980	http://wwp.icq.com/196980
%> >
%> >
%> > ===================
%> > # EAP_4.pm
%> > #
%> > # Module for  handling Authentication via EAP type 4 
%(MD5-Challenge) 
%> > # # See RFCs 2869 2284 1994 # # Author: Mike McCauley 
%> > (mikem at open.com.au) # Copyright (C) 2001 Open System Consultants # 
%> > $Id: EAP_4.pm,v 1.9 2002/11/07
%> > 04:10:47 mikem Exp $
%> >
%> > package Radius::EAP_4;
%> > use strict;
%> >
%> > 
%####################################################################
%> > #
%> > # request
%> > # Called by EAP.pm when a request is received for this 
%protocol type
%> > sub
%> > request {
%> >     my ($classname, $self, $context, $p, $data) = @_;
%> >
%> >     return ($main::ACCEPT);
%> > }
%> >
%> > 
%####################################################################
%> > #
%> > # Called by EAP.pm when an EAP Response/Identity is received sub
%> > response_identity {
%> >     my ($classname, $self, $context, $p) = @_;
%> >
%> >     $context->{md5_challenge} = &Radius::Util::random_string(16);
%> >     my $message = pack('C a16 a*',
%> > 		       16,  # MD5 challenge length
%> > 		       $context->{md5_challenge},
%> > 		       $main::hostname);
%> >     $self->eap_request($p->{rp}, $context, 
%> > $Radius::EAP::EAP_TYPE_MD5_CHALLENGE, $message);
%> >     return ($main::CHALLENGE, 'EAP MD5-Challenge');
%> > }
%> >
%> > 
%####################################################################
%> > #
%> > # Called by EAP.pm when an EAP Response (other than Identity)
%> > # is received
%> > # $id is the id of the received EAP response
%> > sub response
%> > {
%> >     my ($classname, $self, $context, $p, $type, $typedata) = @_;
%> >
%> >     # This should be a response to a challenge
%> >     # we sent previously. The challenge is cached
%> >     # in the challenges array, indexed by
%> >     # challenge_id. The response should be the MD5 hash
%> >     # the challenge_id, the password, the challenge
%> >     my ($length, $response, $username) = unpack('C a16 a*', 
%> > $typedata);
%> >
%> >     # OK, now we need the user details to check the password
%> >     my ($user, $result, $reason) = 
%> > $self->get_user($context->{identity},
%> > $p);
%> >     if ($user && $result == $main::ACCEPT)
%> >     {
%> > 	my $correct_password = 
%$user->get_check->get_attr('User-Password')
%> >
%> > 	    || $user->get_check->get_attr('Password') ;
%> >
%> > 	my $correct_response = Digest::MD5::md5
%> > 	    (chr($context->{this_id}) .
%> > 	     $correct_password . $context->{md5_challenge});
%> >
%> > 	if ($correct_response eq $response)
%> > 	{
%> > 	    $self->eap_success($p->{rp}, $context);
%> > # add extra reply attributes for user			
%	<==   NEXT
%> > LINE IS THE LINE THAT'S MISSING WHICH CAUSES PROBLEM!
%> > 	    $self->authoriseUser($user, $p);
%> > 	    $self->adjustReply($p);
%> > 	    return ($main::ACCEPT);
%> > 	}
%> >     }
%> >     $self->eap_failure($p->{rp}, $context);
%> >     return ($main::REJECT, 'EAP MD5-Challenge failed');
%> > }
%> >
%> > 1;
%> >
%> > =====================================================
%> >
%> >
%> > -----Original Message-----
%> > From: owner-radiator at open.com.au 
%[mailto:owner-radiator at open.com.au] 
%> > On Behalf Of engineering
%> > Sent: January 16, 2003 12:50 PM
%> > To: radiator at open.com.au
%> > Subject: Re: (RADIATOR) Problems with Colubris CN3000
%> >
%> >
%> > Denis,
%> >
%> > We are encountering a very similar (if not the same) 
%problem. We are 
%> > also testing with a Colubris CN3000 and do not see the 
%> > Colubris-AVPair attributes
%> > reaching the CN3000.  Our radiator logs do not display the
%> > Colubris-AVPair
%> > attributes at all.
%> >
%> > This is for Radiator 3.5.
%> >
%> > We went back to 3.3.1, and the Colubris-AVPair attributes 
%seem to be 
%> > getting through.  The Radiator logs and the Colubris logs both
%> > attest to this.
%> >
%> >
%> > Rodney Ebersole
%> > Abbco Inc.
%> > phone: (814) 234-9420
%> > eMail:   rebersole at abbcoinc.com
%> > IM:       rebersoleabbcoinc [AIM, MSN, YAHOO]
%> >
%> >
%> >
%> > ----- Original Message -----
%> > From: "Denis Beauchemin" <Denis.Beauchemin at USherbrooke.ca>
%> > To: "Radiator" <radiator at open.com.au>
%> > Sent: Thursday, January 16, 2003 12:01 PM
%> > Subject: (RADIATOR) Problems with Colubris CN3000
%> >
%> >
%> > Hello,
%> >
%> > We are testing a Colubris CN3000 802.1x wireless access point and 
%> > are having some problems with it. (see
%> > http://www.colubris.com/en/products/public_access/CN3000/ for more
%> > info).
%> >
%> > The biggest one is the HTTP URLs that don't seem to be sent to (or 
%> > accepted
%> > by) the unit.
%> >
%> > Here is what I have in radius.cfg (I am using Radiator 
%3.5): <Client 
%> > 132.210.X.Y>
%> >     Secret oursecret
%> >     Identifier  colubris
%> > </Client>
%> > <Handler Client-Identifier=colubris>
%> >     MaxSessions 1
%> >     WtmpFileName %L/wtmp
%> >     AcctLogFileName %L/accounting
%> > #   PasswordLogFileName %L/password.log
%> >     <AuthBy DBFILE>
%> >         AutoMPPEKeys    Yes
%> >         AddToReply  Service-Type = Framed-User,\
%> >         MS-MPPE-Encryption-Policy = Encryption-Allowed,\
%> >         MS-MPPE-Encryption-Types = Encryption-Any,\
%> >         Framed-Protocol = PPP,\
%> >         Framed-IP-Netmask = 255.255.255.255,\
%> >         Framed-Routing = None,\
%> >         Framed-MTU = 1500,\
%> >         Colubris-AVPair = 
%> > "login-url=https://somewhere.USherbrooke.ca:8443/java/colubris/
%> > login.jsp?log
%> > inurl=%l",\
%> >         Colubris-AVPair = 
%> > "session-page=https://somewhere.USherbrooke.ca:8443/java/colubris/
%> > session.ht
%> > ml",\
%> >         Colubris-AVPair = 
%> > 
%"transport-page=https://somewhere.USherbrooke.ca:8443/java/colubris/
%> > transpor
%> > t.html",\
%> >         Colubris-AVPair = 
%> > "fail-page=https://somewhere.USherbrooke.ca:8443/java/colubris/
%> > fail.html",\
%> >         Colubris-AVPair = 
%> > 
%"logo=https://somewhere.USherbrooke.ca:8443/java/colubris/logo.gif",\
%> >         Colubris-AVPair = 
%> > "access-list=carrefour,ACCEPT,tcp,132.210.X.Y,8443",\
%> >         Colubris-AVPair = 
%> > "access-list=carrefour,ACCEPT,tcp,132.210.X.Y,80"
%> >         Filename %D/usersdb
%> >         RcryptKey our key
%> >     </AuthBy>
%> >     AuthLog Defaut
%> > </Handler>
%> >
%> > This is what I added to dictionary:
%> > VENDOR     Colubris    8744
%> > VENDORATTR    8744   Colubris-AVPair   0   string
%> > ATTRIBUTE            Colubris-AVPair   0   string
%> >
%> > The Colubris-AVPair don't seem to get to the CN3000 when 
%it logs on.
%> >
%> > Any ideas?  I'm pretty sure I made a mistake in one of Radiator's 
%> > conf files.
%> >
%> > Thanks!
%> > --
%> > Denis Beauchemin, analyste
%> > Université de Sherbrooke, S.T.I.
%> > T: 819.821.8000x2252 F: 819.821.8045
%> >
%> > ===
%> > Archive at http://www.open.com.au/archives/radiator/
%> > Announcements on radiator-announce at open.com.au
%> > To unsubscribe, email 'majordomo at open.com.au' with 'unsubscribe 
%> > radiator' in the body of the message.
%> >
%> >
%> > ===
%> > Archive at http://www.open.com.au/archives/radiator/
%> > Announcements on radiator-announce at open.com.au
%> > To unsubscribe, email 'majordomo at open.com.au' with 'unsubscribe 
%> > radiator' in the body of the message.
%> >
%> >
%> > ===
%> > Archive at http://www.open.com.au/archives/radiator/
%> > Announcements on radiator-announce at open.com.au
%> > To unsubscribe, email 'majordomo at open.com.au' with 'unsubscribe 
%> > radiator' in the body of the message.
%
%-- 
%I am travelling at the moment, and there may be delays in our 
%correspondence. Mike McCauley, Open System Consultants, 
%mikem at open.com.au, www.open.com.au
%
%===
%Archive at http://www.open.com.au/archives/radiator/
%Announcements on radiator-announce at open.com.au
%To unsubscribe, email 'majordomo at open.com.au' with
%'unsubscribe radiator' in the body of the message.
%
%


===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list