(RADIATOR) Re: About Packet of Disconnect
Hugh Irvine
hugh at open.com.au
Mon May 12 21:34:56 CDT 2003
Ciao Giuseppe -
Thanks for your note.
There are now patches available on the web site with the POD fixes.
grazie
Hugo
On Tuesday, May 13, 2003, at 02:19 Australia/Melbourne, Giuseppe Denora
wrote:
> Hi Hugh and Mick,
>
> if you wanna use radpwtst to send a POD request you should follow the
> following steps:
>
>
> 1) modify the method assemble_packet in Radius.pm in the following
> lines:
>
> 889 if $code eq 'Accounting-Request' ;
> becomes 899 if $code eq 'Accounting-Request' ||
> $code eq 'Disconnect-Request';
>
>
> and
>
> 926 || $code eq 'Accounting-Response'
>
> becomes
>
> 926 || $code eq 'Accounting-Response' || $code eq
> 'Disconnect-Request'
>
>
> This because in the POD request the Authenticator must be calculated
> employing the same algorithm
> as the one used for Accounting-Requests (draft-chiba
> radius-dynamic-authorization-01.txt),
> while radpwtst always send 1234567890123456 as Authenticatator in the
> Access-Requests.
>
>
> 2) use this of part of your radius file configuration:
>
> <Client 127.0.0.1>
> Secret SAME_SECRET_AS_POD_SERVE
> </Client>
>
>
>
> <Handler Class = POD>
> PreAuthHook file:"%D/stripClassPOD"
> <AuthBy RADIUS>
> Host xxx.yyy.ttt.zzz
> Secret xxxxx
> AuthPort 1700
> AcctPort 1700
> </AuthBy>
> </Handler>
>
>
> where 1700 is the default port for the POD Server (the cisco NAS)
> and SAME_SECRET_AS_POD_SERVER is the secret of the POD Server
>
> 3) with "aaa pod server auth-type any server-key
> SAME_SECRET_AS_POD_SERVER"
> use radpwtst in this way :
>
> radpwtst -code Disconnect-Request Class=POD -noacct -noauth
> -secret SAME_SECRET_AS_POD_SERVER User-Name=xxxxx
>
> or
>
> radpwtst -code Disconnect-Request Class=POD -noacct -noauth -secret
> SAME_SECRET_AS_POD_SERVER Acct-Session-Id=xxxxx
>
> or
>
> radpwtst -code Disconnect-Request Class=POD -noacct -noauth -secret
> SAME_SECRET_AS_POD_SERVER Framed-IP_Address=aaa.bbb.ccc.ddd
> or
>
> radpwtst -code Disconnect-Request Class=POD -noacct -noauth -secret
> SAME_SECRET_AS_POD_SERVER Session-Svr-Key=acccfffgg
>
>
> DON'T USE
>
> radpwtst -code Disconnect-Request Class=POD -noacct -noauth -secret
> SAME_SECRET_AS_POD_SERVER username=xxxxx
>
> radpwtst -code Disconnect-Request Class=POD -noacct -noauth -secret
> SAME_SECRET_AS_POD_SERVER session_id=xxxxx
>
> We tested the POD on AS5300, IOS 12.2-11.t2 for VOIP application with
> success. PAY Attention: the destination port for the ACK packet is
> different from the source port of the POD Packet (this a bug of
> CISCO!).
>
>
> Bye
>
>
>
>
>
>
>
NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list