(RADIATOR) Attribute number 9 (vendor 2233623) is not defined

Hugh Irvine hugh at open.com.au
Thu Mar 20 16:31:11 CST 2003 

Hello Haven -

Thanks for sending the debug trace.

This is a broken vendor-specific attribute at the end of the radius  
request packet:

........1a 2e 00
22 15 17 09 28 01 45 4d 42 6d 06 4b 64 00 00 00
7d 00 00 92 56 00 00 3d 58 00 00 a0 c6 b9 b0 fd
57 40 fe e5 79 bb 70 2b 50 e3 5d

1a = 26 = Vendor-Specific

2e = 46 = length

00 22 15 17 = 2233623 = bogus

You should check with your NAS vendor for a fix.

BTW - here is the RFC definition (contained in the Radiator  
distribution in "doc/rfc2865.txt"):

5.26.  Vendor-Specific

    Description

       This Attribute is available to allow vendors to support their own
       extended Attributes not suitable for general usage.  It MUST not
       affect the operation of the RADIUS protocol.

       Servers not equipped to interpret the vendor-specific information
       sent by a client MUST ignore it (although it may be reported).
       Clients which do not receive desired vendor-specific information
       SHOULD make an attempt to operate without it, although they may do
       so (and report they are doing so) in a degraded mode.

    A summary of the Vendor-Specific Attribute format is shown below.
    The fields are transmitted from left to right.

     0                   1                   2                   3
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |     Type      |  Length       |            Vendor-Id
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
         Vendor-Id (cont)           |  String...
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-

    Type

       26 for Vendor-Specific.

    Length

       >= 7

    Vendor-Id

       The high-order octet is 0 and the low-order 3 octets are the SMI
       Network Management Private Enterprise Code of the Vendor in
       network byte order, as defined in the "Assigned Numbers" RFC [6].

.....

regards

Hugh


On Friday, Mar 21, 2003, at 00:41 Australia/Melbourne,  
haven at meadows.net wrote:

> Hello,
>
> I looked in the archive and did not find an anwser to this puzzle.  I  
> did however see the Trace 5 data being requested so here it is.
>
> I originally thought it had something to do with the Accounting  
> becuase it comes up at the end of an accounting request though on  
> futher examination the timestamp shows it is with the Auth Request.
>
> Any support will be appreciated.
> Cheers!
> Haven Skys
>
>
> ----------------------------------------------------------------------- 
> ----
> 1048166753.80938 0      Attribute number 9 (vendor 2233623) is not  
> defined in your dictionary
>
> 1048166753.81360 4      Packet dump:
> *** Received from 65.167.179.3 port 3746 ....
>
> Packet length = 219
> 01 06 00 db ca bc 6a 6b 4d d1 fd a3 80 8f d5 47
> 6e 0e e2 72 07 06 00 00 00 01 01 15 74 65 73 74
> 75 73 65 72 33 40 6d 79 6d 6d 69 2e 63 6f 6d 03
> 13 30 90 2b 86 e4 f0 d7 ea 31 d7 2d 4b 5e 8b bb
> 43 e4 1e 0c 32 31 38 32 37 39 34 35 30 35 1f 0c
> 32 31 38 37 32 39 35 37 35 35 1a 1f 00 00 00 09
> 02 19 41 73 79 6e 63 35 2f 31 37 2a 53 65 72 69
> 61 6c 37 2f 30 3a 39 3a 35 05 06 00 00 1d 05 3d
> 06 00 00 00 00 06 06 00 00 00 02 04 06 43 01 f0
> 03 2c 0a 30 33 30 32 34 33 32 44 3c 12 70 df d5
> 06 f2 07 9e 0d 57 2f 5d e5 b7 b2 55 b8 1a 2e 00
> 22 15 17 09 28 01 45 4d 42 6d 06 4b 64 00 00 00
> 7d 00 00 92 56 00 00 3d 58 00 00 a0 c6 b9 b0 fd
> 57 40 fe e5 79 bb 70 2b 50 e3 5d
> Code: Access-Request
> Identifier: 6
> Authentic: <202><188>jkM<209><253><163><128><143><213>Gn<14><226>r
> Attributes:
> Framed-Protocol = PPP
> User-Name = "testuser3 at mymmi.com"
> CHAP-Password =  
> 0<144>+<134><228><240><215><234>1<215>-K^<139><187>C<228>
> Called-Station-Id = "2182794505"
> Calling-Station-Id = "<mine>"
> Cisco-NAS-Port = "Async5/17*Serial7/0:9:5"
> NAS-Port = 7429
> NAS-Port-Type = Async
> Service-Type = Framed-User
> NAS-IP-Address = 67.1.240.3
> Acct-Session-Id = "0302432D"
> CHAP-Challenge =  
> p<223><213><6><242><7><158><13>W/]<229><183><178>U<184>
>
>
> 1048166753.81522 4      Rewrote user name to testuser3 at mymmi.com
>
> 1048166753.81646 4      Rewrote user name to testuser3 at mymmi.com
>
> 1048166753.81784 4      Rewrote user name to testuser3 at mymmi.com
>
> 1048166753.81908 4      Rewrote user name to testuser3 at mymmi
>
> 1048166753.82109 4   testuser3   Handling request with Handler  
> 'Realm=DEFAULT'
>
> 1048166753.82302 4   testuser3   Deleting session for  
> testuser3 at mymmi.com, 67.1.240.3, 7429
>
> 1048166753.82429 4      do query is: delete from RADONLINE where  
> NASIDENTIFIER='67.1.240.3' and NASPORT=07429
>
>
> 1048166753.82624 4   testuser3   Handling with Radius::AuthSQL
>
> 1048166753.82755 4   testuser3   Handling with Radius::AuthSQL:
>
> 1048166753.82957 4      Query is: select password, t.replyattr,  
> greatest(3600, least(maxtime-timeused,10800)) from usermymmi , type t  
> where typeid = t.id and status = 1 and username = 'testuser3' and  
> timeused < maxtime;
>
>
> 1048166753.83386 4   testuser3   Radius::AuthSQL looks for match with  
> testuser3 at mymmi
>
> 1048166753.83593 4      Query is: select NASIDENTIFIER, NASPORT,  
> ACCTSESSIONID, FRAMEDIPADDRESS from RADONLINE where  
> USERNAME='testuser3 at mymmi.com'
>
>
> 1048166753.83815 4   testuser3   Radius::AuthSQL ACCEPT:
>
> 1048166753.84135 4   testuser3   Access accepted for testuser3 at mymmi
>
> 1048166753.84612 4   testuser3   Packet dump:
> *** Sending to 65.167.179.3 port 3746 ....
>
> Packet length = 187
> 02 06 00 bb ed 26 4e d0 5e 7c 5f 73 b4 98 26 65
> da 92 53 b9 06 06 00 00 00 02 07 06 00 00 00 01
> 0a 06 00 00 00 00 0c 06 00 00 05 dc 0d 06 00 00
> 00 01 1a 1d 00 00 02 11 f2 17 69 70 20 69 6e 20
> 66 6f 72 77 61 72 64 20 74 63 70 20 65 73 74 1a
> 2b 00 00 02 11 f2 25 69 70 20 69 6e 20 66 6f 72
> 77 61 72 64 20 64 73 74 69 70 20 32 31 36 2e 37
> 30 2e 39 2e 31 32 36 2f 33 32 1a 26 00 00 02 11
> f2 20 69 70 20 69 6e 20 66 6f 72 77 61 72 64 20
> 74 63 70 20 64 73 74 70 6f 72 74 20 3d 20 32 35
> 1a 15 00 00 02 11 f2 0f 69 70 20 69 6e 20 66 6f
> 72 77 61 72 64 1b 06 00 00 21 bd
> Code: Access-Accept
> Identifier: 6
> Authentic: <202><188>jkM<209><253><163><128><143><213>Gn<14><226>r
> Attributes:
> Service-Type = Framed-User
> Framed-Protocol = PPP
> Framed-Routing = None
> Framed-MTU = 1500
> Framed-Compression = Van-Jacobson-TCP-IP
> Ascend-Data-Filter = "ip in forward tcp est"
> Ascend-Data-Filter = "ip in forward dstip 216.70.9.126/32"
> Ascend-Data-Filter = "ip in forward tcp dstport = 25"
> Ascend-Data-Filter = "ip in forward"
> Session-Timeout = 8637
>
>
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>

NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list