(RADIATOR) RADIUS adding characters to VSA Attribute Response

Hugh Irvine hugh at open.com.au
Thu Apr 15 13:23:18 CDT 2004 

Hello John -

What you are showing is correct.

Here is your trace:

> 28.356-(1085136064)-HTRadius-290: a.attribute 26
> 28.356-(1085136064)-HTRadius-291: a.length    12
> 28.356-(1085136064)-HTRadius-293: a.data[0]   0
> 28.356-(1085136064)-HTRadius-293: a.data[1]   0
> 28.356-(1085136064)-HTRadius-293: a.data[2]   78
> 28.356-(1085136064)-HTRadius-293: a.data[3]   117
> 28.356-(1085136064)-HTRadius-293: a.data[4]   26
> 28.356-(1085136064)-HTRadius-293: a.data[5]   6
> 28.356-(1085136064)-HTRadius-293: a.data[6]   116
> 28.356-(1085136064)-HTRadius-293: a.data[7]   114
> 28.356-(1085136064)-HTRadius-293: a.data[8]   117
> 28.356-(1085136064)-HTRadius-293: a.data[9]   101


Which is the following

	vendor specific a.attribute = 26,

	with a.length = 12,

	vendor number = 0, 0, 78, 117 (20085),

	VSA number = 26 (Opt-In),

	VSA length = 6,

	VSA value = true (116, 114, 117, 101)

The quotes shown in the trace 4 are merely added for clarity in the 
printout - they are not part of the string.

You should look at a trace 5 from Radiator if you want to see the hex 
packet dumps.

regards

Hugh


On 16 Apr 2004, at 01:42, Jon Coffee wrote:

> Here is an attached log file.  The only problem I see in this log file 
> are quotes around the string I need to have returned.
>
> Here is what I have added to the end of the dictionary file:
>
> #
> # Hyperspace Communications, Inc. VSA
> #
>
> VENDORATTR  20085	Opt-In				26	string
>
> Thanks for your help.
> Jon
>
>
>
> -----Original Message-----
> From: Frank Danielson [mailto:fdanielson at csky.com]
> Sent: Thursday, April 15, 2004 9:14 AM
> To: Jon Coffee; radiator at open.com.au
> Subject: RE: (RADIATOR) RADIUS adding characters to VSA Attribute
> Response
>
>
> John-
>
> Huh? This doesn't look like a Radiator trace. How about a trace 4 from
> Radiator, your config file, and a snippet from your dictionary showing 
> the
> VSA you added.
>
> -Frank
>
> -----Original Message-----
> From: Jon Coffee [mailto:jcoffee at ehyperspace.com]
> Sent: Thursday, April 15, 2004 10:14 AM
> To: radiator at open.com.au
> Subject: (RADIATOR) RADIUS adding characters to VSA Attribute Response
>
>
> Hello,
>
> I am having an issue with a response RADIUS is sending back to my 
> client
> regarding a VSA Attribute I have setup.  I need RADIUS to simply 
> respond
> with a string = true .  It is sending back a response however with 6
> characters before that.  Below is part of a log file with the error:
>
> 27.000-(1085136064)-HTTrans-763: adding 8110ACC->14 to rset
> 27.000-(1085136064)-HTTrans-810: Not adding 8110ACC->14 to wset sslc=4
> sendable=0
> 27.000-(1085136064)-HTTrans-828: calling select(), max_sd == 15 timeout
> 15.000
> 28.355-(1085136064)-HTTrans-834: select() returned 1
> 28.355-(1085136064)-HTTrans-1103: check_hosts( begin )
> 28.355-(1085136064)-HTTrans-1136: check_hosts( end )
> 28.355-(1085136064)-HTTrans-901: check_channels( begin )
> 28.355-(1085136064)-HTTrans-905: check_channels( 8110ACC )
> 28.355-(1085136064)-HTRadius-236: recv_RADIUS( 26 )
> 28.355-(1085136064)-HTRadius-237: recv_RADIUS( true )
> 28.355-(1085136064)-HTRadius-239: recv_RADIUS( 116 )
> 28.355-(1085136064)-HTRadius-239: recv_RADIUS( 114 )
> 28.355-(1085136064)-HTRadius-239: recv_RADIUS( 117 )
> 28.355-(1085136064)-HTRadius-239: recv_RADIUS( 101 )
> 28.355-(1085136064)-HTRadius-253: recv_from() = 44
> 28.356-(1085136064)-HTRadius-266: recv packet->code   = 2
> 28.356-(1085136064)-HTRadius-268: recv packet->id     = 28
> 28.356-(1085136064)-HTRadius-270: recv packet->length = 44
> 28.356-(1085136064)-HTRadius-280: RADIUS PASSED
> 28.356-(1085136064)-HTRadius-290: a.attribute 6
> 28.356-(1085136064)-HTRadius-291: a.length    6
> 28.356-(1085136064)-HTRadius-293: a.data[0]   0
> 28.356-(1085136064)-HTRadius-293: a.data[1]   0
> 28.356-(1085136064)-HTRadius-293: a.data[2]   0
> 28.356-(1085136064)-HTRadius-293: a.data[3]   2
> 28.356-(1085136064)-HTRadius-290: a.attribute 7
> 28.356-(1085136064)-HTRadius-291: a.length    6
> 28.356-(1085136064)-HTRadius-293: a.data[0]   0
> 28.356-(1085136064)-HTRadius-293: a.data[1]   0
> 28.356-(1085136064)-HTRadius-293: a.data[2]   0
> 28.356-(1085136064)-HTRadius-293: a.data[3]   1
> 28.356-(1085136064)-HTRadius-290: a.attribute 26
> 28.356-(1085136064)-HTRadius-291: a.length    12
> 28.356-(1085136064)-HTRadius-293: a.data[0]   0
> 28.356-(1085136064)-HTRadius-293: a.data[1]   0
> 28.356-(1085136064)-HTRadius-293: a.data[2]   78
> 28.356-(1085136064)-HTRadius-293: a.data[3]   117
> 28.356-(1085136064)-HTRadius-293: a.data[4]   26
> 28.356-(1085136064)-HTRadius-293: a.data[5]   6
> 28.356-(1085136064)-HTRadius-293: a.data[6]   116
> 28.356-(1085136064)-HTRadius-293: a.data[7]   114
> 28.356-(1085136064)-HTRadius-293: a.data[8]   117
> 28.356-(1085136064)-HTRadius-293: a.data[9]   101
> 28.356-(1085136064)-HTRadius-206: ours != radius ( true !=  )
> 28.356-(1085136064)-HTTransSrv-421: RC = -2
> 28.356-(1085136064)-HTTransSrv-422: AuthStatus = 3
> 28.356-(1085136064)-Socket-203: CloseSocket ( 15 )
> 28.356-(1085136064)-HTTransSrv-494: recv_RADIUS
>
> As you can see attribute 26 is only 116, 114, 117, and 101 
> respectiviley in
> that order on the client side.  But the RADIUS server is sending back
> 0,0,78,117,26,6,116,114,117,and 101 respectiviley in that order.  This 
> error
> is effectively stopping my client from setting up a connection.
>
> Has anyone seen this before, and what should I be doing to fix this 
> issue?
>
> Thanks in advance,
> Jonathan Coffee
>
>
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
> <logfile>

NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list