(RADIATOR) Cisco 2611 VPN group authentication
Hugh Irvine
hugh at open.com.au
Fri Jan 31 18:10:05 CST 2003
Hello Emilie -
Thanks for the update.
I will need to see a trace 4 debug from Radiator showing what is
happening.
I suspect the Service-Type in the access request for "eshoop" does not
match what you have in your users file.
regards
Hugh
On Saturday, Feb 1, 2003, at 03:10 Australia/Melbourne, Emilie Shoop
wrote:
> Hugh,
>
> It turns out that it was looking for the password cisco, so after I
> set it to that, it was successful.
>
> Now onto my next problem. I have been successful in getting the group
> and user to authenticate, but not establish a connection. I believe
> that I am missing some reply attributes. Can you tell me what I am
> missing? And where do I put them?
>
> Here is my working Radiator config:
> # radius.cfg
>
> LogDir /services/radius/log
> DbDir /services/radius/conf
> BindAddress x.x.x.25
> AuthPort 1812
> AcctPort 1813
> Trace 5
>
>
> #For VPN access
> <Client x.x.x.54>
> Secret xxxx
> </Client>
>
> #VPN Authentication x.x.x.54
> <Handler NAS-IP-Address = "x.x.x.54">
> <AuthBy FILE>
> Filename %D/vpn_users
> </AuthBy>
>
> PasswordLogFileName %D/passwordlog
>
>
> </Handler>
>
>
> Here is my vpn_users file:
>
> eshoop User-Password = xxxxx
> Service-Type= "Framed-User"
> Framed-Protocol= "PPP"
> cisco-avpair= "ISAKMP:addr-pool=ippool"
>
> VPNclients User-Password = cisco
> cisco-avpair= "ipsec:key-exchange=ike"
> cisco-avpair= "tunnel-password=bbb"
>
>
>
> Here is my debug from my 2611:
>
> 5w1d: ISAKMP (0:0): received packet from x.x.x.127 (N) NEW SA
> 5w1d: ISAKMP: local port 500, remote port 500
> 5w1d: ISAKMP: Created a peer node for x.x.x.127
> 5w1d: ISAKMP (0:1): Setting client config settings 82DE3AE0
> 5w1d: ISAKMP (0:1): (Re)Setting client xauth list userauthen and
> state
> 5w1d: ISAKMP: Locking CONFIG struct 0x82DE3AE0 from
> crypto_ikmp_config_initialize_sa, count 1
> 5w1d: ISAKMP (0:1): processing SA payload. message ID = 0
> 5w1d: ISAKMP (0:1): processing ID payload. message ID = 0
> 5w1d: ISAKMP (0:1): processing vendor id payload
> 5w1d: ISAKMP (0:1): vendor ID seems Unity/DPD but bad major
> 5w1d: ISAKMP (0:1): vendor ID is XAUTH
> 5w1d: ISAKMP (0:1): processing vendor id payload
> 5w1d: ISAKMP (0:1): vendor ID is DPD
> 5w1d: ISAKMP (0:1): processing vendor id payload
> 5w1d: ISAKMP (0:1): vendor ID seems Unity/DPD but bad major
> 5w1d: ISAKMP (0:1): processing vendor id payload
> 5w1d: ISAKMP (0:1): vendor ID seems Unity/DPD but bad major
> 5w1d: ISAKMP (0:1): processing vendor id payload
> 5w1d: ISAKMP (0:1): vendor ID is Unity
> 5w1d: ISAKMP (0:1): Checking ISAKMP transform 1 against priority 3
> policy
> 5w1d: ISAKMP: encryption... What? 7?
> 5w1d: ISAKMP: hash SHA
> 5w1d: ISAKMP: default group 2
> 5w1d: ISAKMP: auth XAUTHInitPreShared
> 5w1d: ISAKMP: life type in seconds
> 5w1d: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
> 5w1d: ISAKMP: attribute 14
> 5w1d: ISAKMP (0:1): Encryption algorithm offered does not match
> policy!
> 5w1d: ISAKMP (0:1): atts are not acceptable. Next payload is 3
> 5w1d: ISAKMP (0:1): Checking ISAKMP transform 2 against priority 3
> policy
> 5w1d: ISAKMP: encryption... What? 7?
> 5w1d: ISAKMP: hash MD5
> 5w1d: ISAKMP: default group 2
> 5w1d: ISAKMP: auth XAUTHInitPreShared
> 5w1d: ISAKMP: life type in seconds
> 5w1d: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
> 5w1d: ISAKMP: attribute 14
> 5w1d: ISAKMP (0:1): Encryption algorithm offered does not match
> policy!
> 5w1d: ISAKMP (0:1): atts are not acceptable. Next payload is 3
> 5w1d: ISAKMP (0:1): Checking ISAKMP transform 3 against priority 3
> policy
> 5w1d: ISAKMP: encryption... What? 7?
> 5w1d: ISAKMP: hash SHA
> 5w1d: ISAKMP: default group 2
> 5w1d: ISAKMP: auth pre-share
> 5w1d: ISAKMP: life type in seconds
> 5w1d: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
> 5w1d: ISAKMP: attribute 14
> 5w1d: ISAKMP (0:1): Encryption algorithm offered does not match
> policy!
> 5w1d: ISAKMP (0:1): atts are not acceptable. Next payload is 3
> 5w1d: ISAKMP (0:1): Checking ISAKMP transform 4 against priority 3
> policy
> 5w1d: ISAKMP: encryption... What? 7?
> 5w1d: ISAKMP: hash MD5
> 5w1d: ISAKMP: default group 2
> 5w1d: ISAKMP: auth pre-share
> 5w1d: ISAKMP: life type in seconds
> 5w1d: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
> 5w1d: ISAKMP: attribute 14
> 5w1d: ISAKMP (0:1): Encryption algorithm offered does not match
> policy!
> 5w1d: ISAKMP (0:1): atts are not acceptable. Next payload is 3
> 5w1d: ISAKMP (0:1): Checking ISAKMP transform 5 against priority 3
> policy
> 5w1d: ISAKMP: encryption... What? 7?
> 5w1d: ISAKMP: hash SHA
> 5w1d: ISAKMP: default group 2
> 5w1d: ISAKMP: auth XAUTHInitPreShared
> 5w1d: ISAKMP: life type in seconds
> 5w1d: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
> 5w1d: ISAKMP: attribute 14
> 5w1d: ISAKMP (0:1): Encryption algorithm offered does not match
> policy!
> 5w1d: ISAKMP (0:1): atts are not acceptable. Next payload is 3
> 5w1d: ISAKMP (0:1): Checking ISAKMP transform 6 against priority 3
> policy
> 5w1d: ISAKMP: encryption... What? 7?
> 5w1d: ISAKMP: hash MD5
> 5w1d: ISAKMP: default group 2
> 5w1d: ISAKMP: auth XAUTHInitPreShared
> 5w1d: ISAKMP: life type in seconds
> 5w1d: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
> 5w1d: ISAKMP: attribute 14
> 5w1d: ISAKMP (0:1): Encryption algorithm offered does not match
> policy!
> 5w1d: ISAKMP (0:1): atts are not acceptable. Next payload is 3
> 5w1d: ISAKMP (0:1): Checking ISAKMP transform 7 against priority 3
> policy
> 5w1d: ISAKMP: encryption... What? 7?
> 5w1d: ISAKMP: hash SHA
> 5w1d: ISAKMP: default group 2
> 5w1d: ISAKMP: auth pre-share
> 5w1d: ISAKMP: life type in seconds
> 5w1d: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
> 5w1d: ISAKMP: attribute 14
> 5w1d: ISAKMP (0:1): Encryption algorithm offered does not match
> policy!
> 5w1d: ISAKMP (0:1): atts are not acceptable. Next payload is 3
> 5w1d: ISAKMP (0:1): Checking ISAKMP transform 8 against priority 3
> policy
> 5w1d: ISAKMP: encryption... What? 7?
> 5w1d: ISAKMP: hash MD5
> 5w1d: ISAKMP: default group 2
> 5w1d: ISAKMP: auth pre-share
> 5w1d: ISAKMP: life type in seconds
> 5w1d: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
> 5w1d: ISAKMP: attribute 14
> 5w1d: ISAKMP (0:1): Encryption algorithm offered does not match
> policy!
> 5w1d: ISAKMP (0:1): atts are not acceptable. Next payload is 3
> 5w1d: ISAKMP (0:1): Checking ISAKMP transform 9 against priority 3
> policy
> 5w1d: ISAKMP: encryption... What? 7?
> 5w1d: ISAKMP: hash SHA
> 5w1d: ISAKMP: default group 2
> 5w1d: ISAKMP: auth XAUTHInitPreShared
> 5w1d: ISAKMP: life type in seconds
> 5w1d: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
> 5w1d: ISAKMP: attribute 14
> 5w1d: ISAKMP (0:1): Encryption algorithm offered does not match
> policy!
> 5w1d: ISAKMP (0:1): atts are not acceptable. Next payload is 3
> 5w1d: ISAKMP (0:1): Checking ISAKMP transform 10 against priority 3
> policy
> 5w1d: ISAKMP: encryption... What? 7?
> 5w1d: ISAKMP: hash MD5
> 5w1d: ISAKMP: default group 2
> 5w1d: ISAKMP: auth XAUTHInitPreShared
> 5w1d: ISAKMP: life type in seconds
> 5w1d: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
> 5w1d: ISAKMP: attribute 14
> 5w1d: ISAKMP (0:1): Encryption algorithm offered does not match
> policy!
> 5w1d: ISAKMP (0:1): atts are not acceptable. Next payload is 3
> 5w1d: ISAKMP (0:1): Checking ISAKMP transform 11 against priority 3
> policy
> 5w1d: ISAKMP: encryption... What? 7?
> 5w1d: ISAKMP: hash SHA
> 5w1d: ISAKMP: default group 2
> 5w1d: ISAKMP: auth pre-share
> 5w1d: ISAKMP: life type in seconds
> 5w1d: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
> 5w1d: ISAKMP: attribute 14
> 5w1d: ISAKMP (0:1): Encryption algorithm offered does not match
> policy!
> 5w1d: ISAKMP (0:1): atts are not acceptable. Next payload is 3
> 5w1d: ISAKMP (0:1): Checking ISAKMP transform 12 against priority 3
> policy
> 5w1d: ISAKMP: encryption... What? 7?
> 5w1d: ISAKMP: hash MD5
> 5w1d: ISAKMP: default group 2
> 5w1d: ISAKMP: auth pre-share
> 5w1d: ISAKMP: life type in seconds
> 5w1d: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
> 5w1d: ISAKMP: attribute 14
> 5w1d: ISAKMP (0:1): Encryption algorithm offered does not match
> policy!
> 5w1d: ISAKMP (0:1): atts are not acceptable. Next payload is 3
> 5w1d: ISAKMP (0:1): Checking ISAKMP transform 13 against priority 3
> policy
> 5w1d: ISAKMP: encryption 3DES-CBC
> 5w1d: ISAKMP: hash SHA
> 5w1d: ISAKMP: default group 2
> 5w1d: ISAKMP: auth XAUTHInitPreShared
> 5w1d: ISAKMP: life type in seconds
> 5w1d: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
> 5w1d: ISAKMP (0:1): atts are acceptable. Next payload is 3
> 5w1d: ISAKMP (0:1): processing KE payload. message ID = 0
> 5w1d: ISAKMP (0:1): processing NONCE payload. message ID = 0
> 5w1d: ISAKMP (0:1): processing vendor id payload
> 5w1d: ISAKMP (0:1): processing vendor id payload
> 5w1d: ISAKMP (0:1): processing vendor id payload
> 5w1d: ISAKMP (0:1): processing vendor id payload
> 5w1d: ISAKMP (0:1): processing vendor id payload
> 5w1d: voice_parse_intf_name: Using the old NAS_PORT string
> 5w1d: AAA: parse name=ISAKMP-ID-AUTH idb type=-1 tty=-1
> 5w1d: AAA/MEMORY: create_user (0x82DFF060) user='VPNclients'
> ruser='NULL' ds0=0 port='ISAKMP-ID-AUTH' rem_addr='x.x.x.127'
> authen_type=NONE service=LOGIN priv=0 initial_task_id='0'
> 5w1d: ISAKMP (0:1): Input = IKE_MESG_FROM_PEER, IKE_AM_EXCH
> Old State = IKE_READY New State = IKE_R_AM_AAA_AWAIT
>
> 5w1d: ISAKMP-ID-AUTH AAA/AUTHOR/CRYPTO AAA(473770404): Port='ISAKMP-
> ID-AUTH' list='groupauthor' service=NET
> 5w1d: AAA/AUTHOR/CRYPTO AAA: ISAKMP-ID-AUTH(473770404)
> user='VPNclients'
> 5w1d: ISAKMP-ID-AUTH AAA/AUTHOR/CRYPTO AAA(473770404): send AV
> service=ike
> 5w1d: ISAKMP-ID-AUTH AAA/AUTHOR/CRYPTO AAA(473770404): send AV
> protocol=ipsec
> 5w1d: ISAKMP-ID-AUTH AAA/AUTHOR/CRYPTO AAA(473770404): found
> list "groupauthor"
> 5w1d: ISAKMP-ID-AUTH AAA/AUTHOR/CRYPTO AAA(473770404): Method=radius
> (radius)
> 5w1d: RADIUS: authenticating to get author data
> 5w1d: RADIUS: ustruct sharecount=3
> 5w1d: Radius: radius_port_info() success=0 radius_nas_port=1
> 5w1d: RADIUS: added cisco VSA 2 len 14 "ISAKMP-ID-AUTH"
> 5w1d: RADIUS: Send to ISAKMP-ID-AUTH id 175 x.x.x.25:1812, Access-
> Request, len 107
> 5w1d: RADIUS: authenticator DA FF 45 E8 79 F6 B0 61 - 53 1A E3 1A
> 08 26 FF C3
> 5w1d: RADIUS: NAS-IP-Address [4] 6 x.x.x.54
> 5w1d: RADIUS: Vendor, Cisco [26] 22
> 5w1d: RADIUS: Unsupported [2] 16
> 5w1d: RADIUS: 49 53 41 4B 4D 50 2D 49 44 2D 41 55 54 48
> [ISAKMP-ID-AUTH]
> 5w1d: RADIUS: NAS-Port-Type [61] 6
> Async [0]
> 5w1d: RADIUS: User-Name [1] 12 "VPNclients"
> 5w1d: RADIUS: Calling-Station-Id [31] 17 "x.x.x.127"
> 5w1d: RADIUS: User-Password [2] 18 *
> 5w1d: RADIUS: Service-Type [6] 6
> Outbound [5]
> 5w1d: RADIUS: Received from id 175 x.x.x.25:1812, Access-Accept, len
> 77
> 5w1d: RADIUS: authenticator 4E C5 12 67 E9 9F AD 7B - 3B 85 B2 AD
> C4 37 CA B4
> 5w1d: RADIUS: Vendor, Cisco [26] 30
> 5w1d: RADIUS: Cisco AVpair [1] 24 "ipsec:key-exchange=ike"
> 5w1d: RADIUS: Vendor, Cisco [26] 27
> 5w1d: RADIUS: Cisco AVpair [1] 21 "tunnel-password=bbb"
> 5w1d: RADIUS: saved authorization data for user 82DFF060 at 82DE2B4C
> 5w1d: RADIUS: cisco AVPair "ipsec:key-exchange=ike"
> 5w1d: RADIUS: cisco AVPair ":tunnel-password=bbb"
> 5w1d: AAA/AUTHOR (473770404): Post authorization status = PASS_REPL
> 5w1d: ISAKMP: got callback 1
> AAA/AUTHOR/IKE: Processing AV key-exchange=ike
> AAA/AUTHOR/IKE: Processing AV tunnel-password=bbb
> 5w1d: ISAKMP (0:1): SKEYID state generated
> 5w1d: ISAKMP (0:1): SA is doing pre-shared key authentication plux
> XAUTH using id type ID_IPV4_ADDR
> 5w1d: ISAKMP (1): ID payload
> next-payload : 10
> type : 1
> protocol : 17
> port : 500
> length : 8
> 5w1d: ISAKMP (1): Total payload length: 12
> 5w1d: ISAKMP (0:1): sending packet to x.x.x.127 (R) AG_INIT_EXCH
> 5w1d: ISAKMP (0:1): Input = IKE_MESG_FROM_AAA, PRESHARED_KEY_REPLY
> Old State = IKE_R_AM_AAA_AWAIT New State = IKE_R_AM2
>
> 5w1d: AAA/MEMORY: free_user (0x82DFF060) user='VPNclients'
> ruser='NULL' port='ISAKMP-ID-AUTH' rem_addr='x.x.x.127'
> authen_type=NONE service=LOGIN priv=0
> 5w1d: ISAKMP (0:1): received packet from x.x.x.127 (R) AG_INIT_EXCH
> 5w1d: ISAKMP (0:1): processing HASH payload. message ID = 0
> 5w1d: ISAKMP (0:1): processing NOTIFY INITIAL_CONTACT protocol 1
> spi 0, message ID = 0, sa = 82DF9E90
> 5w1d: ISAKMP (0:1): Process initial contact, bring down existing
> phase 1 and 2 SA's
> 5w1d: ISAKMP (0:1): returning IP addr to the address pool
> 5w1d: ISAKMP (0:1): peer does not do paranoid keepalives.
>
> 5w1d: ISAKMP (0:1): SA has been authenticated with x.x.x.127
> 5w1d: IPSEC(key_engine): got a queue event...
> 5w1d: IPSEC(key_engine_delete_sas): rec'd delete notify from ISAKMP
> 5w1d: IPSEC(key_engine_delete_sas): delete all SAs shared with
> x.x.x.127
> 5w1d: ISAKMP (0:1): sending packet to x.x.x.127 (R) QM_IDLE
> 5w1d: ISAKMP (0:1): purging node 1017928958
> 5w1d: ISAKMP: Sending phase 1 responder lifetime 86400
>
> 5w1d: ISAKMP (0:1): Input = IKE_MESG_FROM_PEER, IKE_AM_EXCH
> Old State = IKE_R_AM2 New State = IKE_P1_COMPLETE
>
> 5w1d: ISAKMP (0:1): Need XAUTH
> 5w1d: voice_parse_intf_name: Using the old NAS_PORT string
> 5w1d: AAA: parse name=ISAKMP idb type=-1 tty=-1
> 5w1d: AAA/MEMORY: create_user (0x82DFF060) user='NULL' ruser='NULL'
> ds0=0 port='ISAKMP' rem_addr='x.x.x.127' authen_type=ASCII
> service=LOGIN priv=0 initial_task_id='0'
> 5w1d: ISAKMP (0:1): Input = IKE_MESG_INTERNAL, IKE_PHASE1_COMPLETE
> Old State = IKE_P1_COMPLETE New State =
> IKE_XAUTH_AAA_START_LOGIN_AWAIT
>
> 5w1d: AAA/AUTHEN/START (2297331969): port='ISAKMP' list='userauthen'
> action=LOGIN service=LOGIN
> 5w1d: AAA/AUTHEN/START (2297331969): found list userauthen
> 5w1d: AAA/AUTHEN/START (2297331969): Method=radius (radius)
> 5w1d: AAA/AUTHEN(2297331969): Status=GETUSER
> 5w1d: ISAKMP: got callback 1
> 5w1d: ISAKMP/xauth: request attribute XAUTH_TYPE_V2
> 5w1d: ISAKMP/xauth: request attribute XAUTH_MESSAGE_V2
> 5w1d: ISAKMP/xauth: request attribute XAUTH_USER_NAME_V2
> 5w1d: ISAKMP/xauth: request attribute XAUTH_USER_PASSWORD_V2
> 5w1d: ISAKMP (0:1): initiating peer config to x.x.x.127. ID = -
> 1267797712
> 5w1d: ISAKMP (0:1): sending packet to x.x.x.127 (R) CONF_XAUTH
> 5w1d: ISAKMP (0:1): Input = IKE_MESG_FROM_AAA, IKE_AAA_START_LOGIN
> Old State = IKE_XAUTH_AAA_START_LOGIN_AWAIT New State =
> IKE_XAUTH_REQ_SENT
>
> 5w1d: ISAKMP (0:1): received packet from x.x.x.127 (R) CONF_XAUTH
> 5w1d: ISAKMP (0:1): processing transaction payload from
> 141.142.102.127. message ID = -1267797712
> 5w1d: ISAKMP: Config payload REPLY
> 5w1d: ISAKMP/xauth: reply attribute XAUTH_TYPE_V2 unexpected
> 5w1d: ISAKMP/xauth: reply attribute XAUTH_USER_NAME_V2
> 5w1d: ISAKMP/xauth: reply attribute XAUTH_USER_PASSWORD_V2
> 5w1d: ISAKMP (0:1): deleting node -1267797712 error FALSE
> reason "done with xauth request/reply exchange"
> 5w1d: ISAKMP (0:1): Input = IKE_MESG_FROM_PEER, IKE_CFG_REPLY
> Old State = IKE_XAUTH_REQ_SENT New State =
> IKE_XAUTH_AAA_CONT_LOGIN_AWAIT
>
> 5w1d: AAA/AUTHEN/CONT (2297331969): continue_login (user='(undef)')
> 5w1d: AAA/AUTHEN(2297331969): Status=GETUSER
> 5w1d: AAA/AUTHEN(2297331969): Method=radius (radius)
> 5w1d: AAA/AUTHEN(2297331969): Status=GETPASS
> 5w1d: AAA/AUTHEN/CONT (2297331969): continue_login (user='eshoop')
> 5w1d: AAA/AUTHEN(2297331969): Status=GETPASS
> 5w1d: AAA/AUTHEN(2297331969): Method=radius (radius)
> 5w1d: RADIUS: ustruct sharecount=2
> 5w1d: Radius: radius_port_info() success=0 radius_nas_port=1
> 5w1d: RADIUS: added cisco VSA 2 len 6 "ISAKMP"
> 5w1d: RADIUS: Send to ISAKMP id 176 x.x.x.25:1812, Access-Request,
> len 89
> 5w1d: RADIUS: authenticator E5 D7 05 AF C4 E2 0B 4B - 50 92 BA 88
> 77 A6 4E 0A
> 5w1d: RADIUS: NAS-IP-Address [4] 6 x.x.x.54
> 5w1d: RADIUS: Vendor, Cisco [26] 14
> 5w1d: RADIUS: Unsupported [2] 8
> 5w1d: RADIUS: 49 53 41 4B 4D 50
> [ISAKMP]
> 5w1d: RADIUS: NAS-Port-Type [61] 6
> Async [0]
> 5w1d: RADIUS: User-Name [1] 8 "eshoop"
> 5w1d: RADIUS: Calling-Station-Id [31] 17 "x.x.x.127"
> 5w1d: RADIUS: User-Password [2] 18 *
> 5w1d: RADIUS: Received from id 176 x.x.x.25:1812, Access-Accept, len
> 63
> 5w1d: RADIUS: authenticator F2 C3 74 B9 C1 76 E1 7E - 2C 88 42 87
> 2E F1 36 94
> 5w1d: RADIUS: Service-Type [6] 6
> Framed [2]
> 5w1d: RADIUS: Framed-Protocol [7] 6
> PPP [1]
> 5w1d: RADIUS: Vendor, Cisco [26] 31
> 5w1d: RADIUS: Cisco AVpair [1] 25 "ISAKMP:addr-
> pool=ippool"
> 5w1d: RADIUS: saved authorization data for user 82DFF060 at 82DDD3FC
> 5w1d: AAA/AUTHEN(2297331969): Status=PASS
> 5w1d: ISAKMP: got callback 1
> 5w1d: ISAKMP (0:1): initiating peer config to x.x.x.127. ID = -
> 732527648
> 5w1d: ISAKMP (0:1): sending packet to x.x.x.127 (R) CONF_XAUTH
> 5w1d: ISAKMP (0:1): Input = IKE_MESG_FROM_AAA, IKE_AAA_CONT_LOGIN
> Old State = IKE_XAUTH_AAA_CONT_LOGIN_AWAIT New State =
> IKE_XAUTH_SET_SENT
>
> 5w1d: AAA/MEMORY: free_user (0x82DFF060) user='eshoop' ruser='NULL'
> port='ISAKMP' rem_addr='x.x.x.127' authen_type=ASCII service=LOGIN
> priv=0
> 5w1d: ISAKMP (0:1): received packet from x.x.x.127 (R) CONF_XAUTH
> 5w1d: ISAKMP (0:1): processing transaction payload from
> 141.142.102.127. message ID = -732527648
> 5w1d: ISAKMP: Config payload ACK
> 5w1d: ISAKMP (0:1): XAUTH ACK Processed
> 5w1d: ISAKMP (0:1): deleting node -732527648 error FALSE
> reason "done with transaction"
> 5w1d: ISAKMP (0:1): Input = IKE_MESG_FROM_PEER, IKE_CFG_ACK
> Old State = IKE_XAUTH_SET_SENT New State = IKE_P1_COMPLETE
>
> 5w1d: ISAKMP (0:1): received packet from x.x.x.127 (R) QM_IDLE
> 5w1d: ISAKMP (0:1): processing transaction payload from x.x.x.127.
> message ID = -2147199950
> 5w1d: ISAKMP: Config payload REQUEST
> 5w1d: ISAKMP (0:1): checking request:
> 5w1d: ISAKMP: IP4_ADDRESS
> 5w1d: ISAKMP: IP4_NETMASK
> 5w1d: ISAKMP: IP4_DNS
> 5w1d: ISAKMP: IP4_NBNS
> 5w1d: ISAKMP: ADDRESS_EXPIRY
> 5w1d: ISAKMP: APPLICATION_VERSION
> 5w1d: ISAKMP: UNKNOWN Unknown Attr: 0x7000
> 5w1d: ISAKMP: UNKNOWN Unknown Attr: 0x7001
> 5w1d: ISAKMP: DEFAULT_DOMAIN
> 5w1d: ISAKMP: SPLIT_INCLUDE
> 5w1d: ISAKMP: UNKNOWN Unknown Attr: 0x7003
> 5w1d: ISAKMP: UNKNOWN Unknown Attr: 0x7007
> 5w1d: ISAKMP: UNKNOWN Unknown Attr: 0x7008
> 5w1d: ISAKMP: UNKNOWN Unknown Attr: 0x7009
> 5w1d: ISAKMP: UNKNOWN Unknown Attr: 0x700A
> 5w1d: ISAKMP: UNKNOWN Unknown Attr: 0x7005
> 5w1d: ISAKMP: UNKNOWN Unknown Attr: 0x7006
> 5w1d: voice_parse_intf_name: Using the old NAS_PORT string
> 5w1d: AAA: parse name=ISAKMP-GROUP-AUTH idb type=-1 tty=-1
> 5w1d: AAA/MEMORY: create_user (0x82DEE76C) user='VPNclients'
> ruser='NULL' ds0=0 port='ISAKMP-GROUP-AUTH' rem_addr='x.x.x.127'
> authen_type=NONE service=LOGIN priv=0 initial_task_id='0'
> 5w1d: ISAKMP (0:1): Input = IKE_MESG_FROM_PEER, IKE_CFG_REQUEST
> Old State = IKE_P1_COMPLETE New State = IKE_CONFIG_AUTHOR_AAA_AWAIT
>
> 5w1d: ISAKMP (0:1): Unknown Input: state =
> IKE_CONFIG_AUTHOR_AAA_AWAIT, major, minor = IKE_MESG_INTERNAL,
> IKE_PHASE1_COMPLETE
>
> 5w1d: ISAKMP-GROUP-AUTH AAA/AUTHOR/CRYPTO AAA(1896844658):
> Port='ISAKMP-GROUP-AUTH' list='groupauthor' service=NET
> 5w1d: AAA/AUTHOR/CRYPTO AAA: ISAKMP-GROUP-AUTH(1896844658)
> user='VPNclients'
> 5w1d: ISAKMP-GROUP-AUTH AAA/AUTHOR/CRYPTO AAA(1896844658): send AV
> service=ike
> 5w1d: ISAKMP-GROUP-AUTH AAA/AUTHOR/CRYPTO AAA(1896844658): send AV
> protocol=ipsec
> 5w1d: ISAKMP-GROUP-AUTH AAA/AUTHOR/CRYPTO AAA(1896844658): found
> list "groupauthor"
> 5w1d: ISAKMP-GROUP-AUTH AAA/AUTHOR/CRYPTO AAA(1896844658):
> Method=radius (radius)
> 5w1d: RADIUS: authenticating to get author data
> 5w1d: RADIUS: ustruct sharecount=3
> 5w1d: Radius: radius_port_info() success=0 radius_nas_port=1
> 5w1d: RADIUS: added cisco VSA 2 len 17 "ISAKMP-GROUP-AUTH"
> 5w1d: RADIUS: Send to ISAKMP-GROUP-AUTH id 177 x.x.x.25:1812, Access-
> Request, len 110
> 5w1d: RADIUS: authenticator F6 55 BC F6 B5 CF AD 29 - 6D AD CA CF
> 22 04 77 54
> 5w1d: RADIUS: NAS-IP-Address [4] 6 x.x.x.54
> 5w1d: RADIUS: Vendor, Cisco [26] 25
> 5w1d: RADIUS: Unsupported [2] 19
> 5w1d: RADIUS: 49 53 41 4B 4D 50 2D 47 52 4F 55 50 2D 41 55 54
> [ISAKMP-GROUP-AUT]
> 5w1d: RADIUS: 48 [H]
> 5w1d: RADIUS: NAS-Port-Type [61] 6
> Async [0]
> 5w1d: RADIUS: User-Name [1] 12 "VPNclients"
> 5w1d: RADIUS: Calling-Station-Id [31] 17 "x.x.x.127"
> 5w1d: RADIUS: User-Password [2] 18 *
> 5w1d: RADIUS: Service-Type [6] 6
> Outbound [5]
> 5w1d: RADIUS: Received from id 177 x.x.25:1812, Access-Accept, len 77
> 5w1d: RADIUS: authenticator 07 E6 72 73 E3 09 FC 50 - 95 C5 85 8C
> F8 CA E2 B7
> 5w1d: RADIUS: Vendor, Cisco [26] 30
> 5w1d: RADIUS: Cisco AVpair [1] 24 "ipsec:key-exchange=ike"
> 5w1d: RADIUS: Vendor, Cisco [26] 27
> 5w1d: RADIUS: Cisco AVpair [1] 21 "tunnel-password=bbb"
> 5w1d: RADIUS: saved authorization data for user 82DEE76C at 82DFF060
> 5w1d: RADIUS: cisco AVPair "ipsec:key-exchange=ike"
> 5w1d: RADIUS: cisco AVPair ":tunnel-password=bbb"
> 5w1d: AAA/AUTHOR (1896844658): Post authorization status = PASS_REPL
> 5w1d: ISAKMP: got callback 1
> AAA/AUTHOR/IKE: Processing AV key-exchange=ike
> AAA/AUTHOR/IKE: Processing AV tunnel-password=bbb
> 5w1d: ISAKMP (0:1): attributes sent in message:
> 5w1d: Address: 0.2.0.0
> 5w1d: ISAKMP (0:1): No IP address pool defined for ISAKMP!
> 5w1d: ISAKMP: Unknown Attr: IP4_NETMASK (0x2)
> 5w1d: ISAKMP: Sending ADDRESS_EXPIRY seconds left to use the
> address: 86397
> 5w1d: ISAKMP: Sending APPLICATION_VERSION string: Cisco Internetwork
> Operating System Software
> IOS (tm) C2600 Software (C2600-IK9O3S-M), Version 12.2(8)T4,
> RELEASE SOFTWARE (fc1)
> TAC Support: http://www.cisco.com/tac
> Copyright (c) 1986-2002 by cisco Systems, Inc.
> Compiled Mon 06-May-02 00:52 by ccai
> 5w1d: ISAKMP: Unknown Attr: UNKNOWN (0x7000)
> 5w1d: ISAKMP: Unknown Attr: UNKNOWN (0x7001)
> 5w1d: ISAKMP: Unknown Attr: UNKNOWN (0x7003)
> 5w1d: ISAKMP: Unknown Attr: UNKNOWN (0x7007)
> 5w1d: ISAKMP: Unknown Attr: UNKNOWN (0x7008)
> 5w1d: ISAKMP: Unknown Attr: UNKNOWN (0x7009)
> 5w1d: ISAKMP: Unknown Attr: UNKNOWN (0x700A)
> 5w1d: ISAKMP: Unknown Attr: UNKNOWN (0x7005)
> 5w1d: ISAKMP: Unknown Attr: UNKNOWN (0x7006)
> 5w1d: ISAKMP (0:1): responding to peer config from x.x.x.127. ID = -
> 2147199950
> 5w1d: ISAKMP (0:1): sending packet to x.x.x.127 (R) CONF_ADDR
> 5w1d: ISAKMP (0:1): deleting node -2147199950 error FALSE reason ""
> 5w1d: ISAKMP (0:1): Input = IKE_MESG_FROM_AAA, IKE_AAA_GROUP_ATTR
> Old State = IKE_CONFIG_AUTHOR_AAA_AWAIT New State = IKE_P1_COMPLETE
>
> 5w1d: AAA/MEMORY: free_user (0x82DEE76C) user='VPNclients'
> ruser='NULL' port='ISAKMP-GROUP-AUTH' rem_addr='x.x.x.127'
> authen_type=NONE service=LOGIN priv=0
> 5w1d: ISAKMP (0:1): received packet from x.x.x.127 (R) QM_IDLE
> 5w1d: ISAKMP (0:1): processing HASH payload. message ID = -1206147374
> 5w1d: ISAKMP (0:1): processing DELETE payload. message ID = -
> 1206147374
> 5w1d: ISAKMP (0:1): peer does not do paranoid keepalives.
>
> 5w1d: ISAKMP (0:1): deleting SA reason "P1 delete notify (in)" state
> (R) QM_IDLE (peer x.x.x.127) input queue 0
> 5w1d: ISAKMP (0:1): deleting node -1206147374 error FALSE
> reason "informational (in) state 1"
> 5w1d: ISAKMP (0:1): Input = IKE_MESG_FROM_PEER, IKE_INFO_DELETE
> Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE
>
> 5w1d: ISAKMP (0:1): Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL
> Old State = IKE_P1_COMPLETE New State = IKE_DEST_SA
>
> 5w1d: ISAKMP (0:1): deleting SA reason "" state (R) QM_IDLE
> (peer 141.142.102.127) input queue 0
> 5w1d: ISAKMP (0:1): Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
> Old State = IKE_DEST_SA New State = IKE_DEST_SA
>
>
>
> Thanks,
> Emilie
>
>
>
>
>
> At 01:01 AM 1/25/2003, Hugh Irvine wrote:
>
> Hello Emilie -
>
> I can only think that the shared secret is incorrect between the Cisco
> and Radiator.
>
> Please check the shared secrets and if still unsuccessful please send
> me a trace 5 debug together with the real passwords and the shared
> secrets so we can check that they are correctly encrypted.
>
> regards
>
> Hugh
>
>
> On Saturday, Jan 25, 2003, at 08:29 Australia/Melbourne, Emilie Shoop
> wrote:
>
>
> Hugh,
>
> I've tried every way I can think of to make this work today. I was at
> first assuming that since it finds the user "VPNclients" (which is the
> group name) in the user file, that it should be able to authenticate
> the group with the user file. Here is the trace that is making me
> think that way. However, I get Bad Password...which I know is
> correct. I can log in as the user VPNclients with the same password,
> when I turn the group authentication on locally on the router.
>
> Code: Access-Request
> Identifier: 14
> Authentic: <215>iw<236><189><145><29>N=<236><16><243><245>\<171><145>
> Attributes:
> NAS-IP-Address = x.x.x.x
> NAS-Port-Type = Async
> User-Name = "VPNclients"
> Calling-Station-Id = "y.y.y.y"
> User-Password = "|<20>RIQ)5<175>MV<196><21><190><191>5<198>"
> Service-Type = Outbound-User
>
> Fri Jan 24 15:26:59 2003: DEBUG: Handling request with Handler
> 'NAS-IP-Address = "x.x.x.x"'
> Fri Jan 24 15:26:59 2003: DEBUG: Deleting session for VPNclients,
> x.x.x.x,
> Fri Jan 24 15:26:59 2003: DEBUG: Handling with Radius::AuthFILE:
> Fri Jan 24 15:26:59 2003: DEBUG: Radius::AuthFILE looks for match with
> VPNclients
> Fri Jan 24 15:26:59 2003: DEBUG: Radius::AuthFILE REJECT: Bad Password
> Fri Jan 24 15:26:59 2003: INFO: Access rejected for VPNclients: Bad
> Password
> Fri Jan 24 15:26:59 2003: DEBUG: Packet dump:
> *** Sending to 141.142.101.54 port 1645 ....
> Code: Access-Reject
> Identifier: 14
> Authentic: <215>iw<236><189><145><29>N=<236><16><243><245>\<171><145>
> Attributes:
> Reply-Message = "Request Denied"
>
> I tried to create a group that was called VPNclients with the right
> password, but was unsuccessful in figuring that out.
>
> Any ideas?
>
> Thanks,
> Emilie
>
>
>
>
> At 05:12 PM 1/24/2003 +1100, Hugh Irvine wrote:
>
> Hello Emily -
>
> Thanks for sending the URL.
>
> As far as I can see, you will need to use the Cisco VPN client to make
> the connection which will first ask you for the group and the group
> password, then the username and the username password.
>
> You should configure both the name of the group with its password and
> corresponding reply attributes, and the username and password with its
> reply attributes.
>
> If you have any other questions, don't hesitate to ask.
>
> regards
>
> Hugh
>
>
> On Friday, Jan 24, 2003, at 02:15 Australia/Melbourne, Emilie Shoop
> wrote:
>
> Hugh,
>
> You are correct about the authentication of the group first, and then
> the username.
>
> Here is the url where Cisco explains how to do it on a Cisco Radius
> server.
> http://www.cisco.com/en/US/tech/tk648/tk367/
> technologies_configuration_example09186a00800949ba.shtml
>
> Does that help?
>
> Thanks,
> Emilie
>
> At 08:54 PM 1/23/2003 +1100, Hugh Irvine wrote:
>
> Hello Emilie -
>
> Thanks for sending the trace files.
>
> I am not familiar with this aspect of the Cisco IOS, but it may be
> that it tries the group first, and then if it gets an accept it will
> try the username.
>
> You should check the Cisco web site to verify how this is supposed to
> work, then configure Radiator in consequence.
>
> If you can send me a reference to the Cisco URL I will take a look.
>
> regards
>
> Hugh
>
>
> On Thursday, Jan 23, 2003, at 02:18 Australia/Melbourne, Emilie Shoop
> wrote:
>
> Thanks for the quick response.
>
>
> This is the trace as I see it with the cisco configured with aaa
> authorization network groupauthor local.
> *** Received from x.x.x.x port 1645 ....
>
> Packet length = 75
> 01 f4 00 4b f1 e4 49 72 a8 e7 29 28 94 cf 2a aa
> b2 78 13 66 04 06 8d 8e 65 36 3d 06 00 00 00 00
> 01 08 65 73 68 6f 6f 70 1f 11 31 34 31 2e 31 34
> 32 2e 31 30 32 2e 31 32 37 02 12 6a 4a a4 90 af
> 70 8d 39 bf 20 17 0d 76 d3 71 0a
> Code: Access-Request
> Identifier: 244
> Authentic: <241><228>Ir<168><231>)(<148><207>*<170><178>x<19>f
> Attributes:
> NAS-IP-Address = x.x.x.x
> NAS-Port-Type = Async
> User-Name = "eshoop"
> Calling-Station-Id = "y.y.y.y"
> User-Password = "jJ<164><144><175>p<141>9<191>
> <23><13>v<211>q<10>"
>
> Wed Jan 22 08:57:06 2003: DEBUG: Handling request with Handler
> 'NAS-IP-Address = "x.x.x.x"'
> Wed Jan 22 08:57:06 2003: DEBUG: Deleting session for eshoop,
> x.x.x.x,
> Wed Jan 22 08:57:06 2003: DEBUG: Handling with Radius::AuthFILE:
> Wed Jan 22 08:57:06 2003: DEBUG: Radius::AuthFILE looks for match
> with eshoop
> Wed Jan 22 08:57:06 2003: DEBUG: Radius::AuthFILE ACCEPT:
> Wed Jan 22 08:57:06 2003: DEBUG: Access accepted for eshoop
> Wed Jan 22 08:57:06 2003: DEBUG: Packet dump:
> *** Sending to x.x.x.x port 1645 ....
>
> Packet length = 32
> 02 f4 00 20 03 f8 31 7e 5c 75 48 85 30 fd 2c ac
> 78 94 12 95 19 0c 56 50 4e 63 6c 69 65 6e 74 73
> Code: Access-Accept
> Identifier: 244
> Authentic: <241><228>Ir<168><231>)(<148><207>*<170><178>x<19>f
> Attributes:
>
>
>
> This is the trace when I changed the cisco config. from aaa
> authorization network groupauthor local to aaa authorization network
> groupauthor group radius.
>
> Wed Jan 22 09:01:39 2003: DEBUG: Packet dump:
> *** Received from x.x.x.x port 1645 ....
>
> Packet length = 85
> 01 f5 00 55 4b 93 93 fd d5 84 01 d0 28 d5 84 1e
> 83 05 69 c5 04 06 8d 8e 65 36 3d 06 00 00 00 00
> 01 0c 56 50 4e 63 6c 69 65 6e 74 73 1f 11 31 34
> 31 2e 31 34 32 2e 31 30 32 2e 31 32 37 02 12 07
> 87 dc 59 24 d7 63 07 02 1f 90 c9 cf 15 cf 40 06
> 06 00 00 00 05
> Code: Access-Request
> Identifier: 245
> Authentic:
> K<147><147><253><213><132><1><208>(<213><132><30><131><5>i<197>
> Attributes:
> NAS-IP-Address = x.x.x.x
> NAS-Port-Type = Async
> User-Name = "VPNclients"
> Calling-Station-Id = "y.y.y.y"
> User-Password =
> "<7><135><220>Y$<215>c<7><2><31><144><201><207><21><207>@"
> Service-Type = Outbound-User
>
> Wed Jan 22 09:01:39 2003: DEBUG: Handling request with Handler
> 'NAS-IP-Address = "x.x.x.x"'
> Wed Jan 22 09:01:39 2003: DEBUG: Deleting session for VPNclients,
> x.x.x.x,
> Wed Jan 22 09:01:39 2003: DEBUG: Handling with Radius::AuthFILE:
> Wed Jan 22 09:01:39 2003: DEBUG: Radius::AuthFILE looks for match
> with VPNclients
> Wed Jan 22 09:01:39 2003: DEBUG: Radius::AuthFILE REJECT: Bad
> Password
> Wed Jan 22 09:01:39 2003: INFO: Access rejected for VPNclients: Bad
> Password
> Wed Jan 22 09:01:39 2003: DEBUG: Packet dump:
> *** Sending to 141.142.101.54 port 1645 ....
>
> Packet length = 36
> 03 f5 00 24 1f 66 6f de ba 0f b2 4e 6e 59 b2 0d
> fc 53 3e ad 12 10 52 65 71 75 65 73 74 20 44 65
> 6e 69 65 64
> Code: Access-Reject
> Identifier: 245
> Authentic:
> K<147><147><253><213><132><1><208>(<213><132><30><131><5>i<197>
> Attributes:
> Reply-Message = "Request Denied"
>
> It appears to me that it tries to authenticate the group information
> (VPNclients and password) before it prompts me for my username.
> This fails, so I never put in my personal information. However, if
> I change the cisco config back to group authorization locally, I can
> log in successfully as a user named VPNclients.
>
> I'm not sure if this is what you were looking for or not?
>
> Thanks,
> Emilie
>
> At 11:30 AM 1/22/2003 +1100, Hugh Irvine wrote:
>
> Hello Emilie -
>
> If the Cisco can be configured to do group authentication with
> radius, then it should be possible to use Radiator to deal with the
> requests.
>
> If you run Radiator at trace 4 you will be able to see the incoming
> requests and then you can configure accordingly.
>
> The simplest way to do this sort of debugging is to run radiusd
> from the command line and watch the log messages:
>
> perl radiusd -foreground -log_stdout -trace 4 -config_file
> ......
>
> If you send me a copy of the trace 4 I will try to help.
>
> regards
>
> Hugh
>
>
>
> I was wondering if anyone had a sample Radiator config. for
> authenticating
> the group information on a Cisco 2611, and subsequently handing
> out DNS and
> WINS information?
>
> I have my Radius set up to authenticate the users, but now would
> like to
> move the group information (for the group VPNClients) to the
> radius as well.
>
>
> Here is my Radius config:
>
> # radius.cfg
>
> LogDir /services/radius/log
> DbDir /services/radius/conf
> BindAddress x.x.x.x
> AuthPort 1812
> AcctPort 1813
> Trace 5
> #User
> #Group
>
>
> #For VPN access
> <Client x.x.x.x>
> Secret xxxx
> </Client>
>
> # For testing: this allows us to honour requests from radpwtst on
> localhost
> <Client localhost>
> Secret mysecret
> DupInterval 0
> </Client>
>
> #Look for a Realm with an exact match on the realm name
> #look for a matching regular expression Realm
> #look for a <Realm DEFAULT>
> #look at each Handler in the order they appear
>
> #VPN Authentication x.x.x.x
> <Handler NAS-IP-Address = "x.x.x.x">
> <AuthBy FILE>
> Filename %D/vpn_users
> </AuthBy>
>
> </Handler>
>
> #Default Handler for anything not specified above
> <Handler>
> <AuthBy FILE>
> #The Filename defaults to %D/users
> </AuthBy>
> </Handler>
>
> Here is my Cisco 2611 config.:
>
> CLIENT_VPN#sh run
>
>
> aaa authentication login userauthen group radius
> aaa authorization network groupauthor local
> aaa session-id common
> !
> !
>
> crypto isakmp policy 3
> encr 3des
> authentication pre-share
> group 2
> !
> crypto isakmp client configuration group VPNClients
> key xxxx
> dns x.x.x.x
> wins x.x.x.x
> domain ncsa.uiuc.edu
> pool ippool
> !
> !
> crypto ipsec transform-set SET1 esp-3des esp-md5-hmac
> !
> crypto dynamic-map dynmap 10
> set transform-set SET1
> !
> !
> crypto map clientmap client authentication list userauthen
> crypto map clientmap isakmp authorization list groupauthor
> crypto map clientmap client configuration address respond
> crypto map clientmap 10 ipsec-isakmp dynamic dynmap
> !
>
> interface FastEthernet0/0
> crypto map clientmap
> !
>
> ip local pool ippool x.x.x.x y.y.y.y
>
> radius-server host x.x.x.x auth-port 1812 acct-port 1813 key xxxx
> radius-server retransmit 3
> call rsvp-sync
> !
>
>
> Thanks,
> Emilie
>
> *********************************************************
> Emilie Shoop Network Engineer
> eshoop at ncsa.edu
> Phone: 217.244.5407 Cell: 217.649.8514
> National Center for Supercomputing Applications
> **********************************************************
>
> -------------------------------------------------------
>
> --
> Mike McCauley mikem at open.com.au
> Open System Consultants Pty. Ltd Unix, Perl, Motif,
> C++, WWW
> 24 Bateman St Hampton, VIC 3188 Australia
> http://www.open.com.au
> Phone +61 3 9598-0985 Fax +61 3 9598-0955
>
> Radiator: the most portable, flexible and configurable RADIUS
> server
> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT,
> Emerald,
> Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP,
> TLS,
> TTLS, PEAP etc on Unix, Windows, MacOS etc.
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>
> --
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database
> independence.
>
>
> *********************************************************
> Emilie Shoop Network Engineer
> eshoop at ncsa.edu
> Phone: 217.244.5407 Cell: 217.649.8514
> National Center for Supercomputing Applications
> **********************************************************
>
>
> --
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database independence.
>
>
> *********************************************************
> Emilie Shoop Network Engineer
> eshoop at ncsa.edu
> Phone: 217.244.5407 Cell: 217.649.8514
> National Center for Supercomputing Applications
> **********************************************************
>
>
> --
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database independence.
>
>
> *********************************************************
> Emilie Shoop Network Engineer
> eshoop at ncsa.edu
> Phone: 217.244.5407 Cell:
> 217.649.8514
> National Center for Supercomputing Applications
> **********************************************************
>
>
> --
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database independence.
>
>
> *********************************************************
> Emilie Shoop Network Engineer
> eshoop at ncsa.edu
> Phone: 217.244.5407 Cell:
> 217.649.8514
> National Center for Supercomputing Applications
> **********************************************************
>
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list