(RADIATOR) No reply - Proxy does not catch the Request

Lengacher Stefan Stefan.Lengacher at weroam.com
Thu Jul 15 10:18:56 CDT 2004 

Hello all

I'm playing around with Radmin now and therefore i just installed a _simple and thin_ radiator on the same machine for this purpose. Radmin works fine with the appropriate Radiator. Now i'm trying to use this installation with our working radiator environment. This means:

We have a working Radius Proxy (Radiator) which now tries to do Auth-Requests on my testing Radiator where i'm playing around with Radmin.

I can successful use radpwtst on my testing radius locally. It works with my defined user.
I can successful use radpwtst on my testing radius against the working radiator. It works with the users which are defined in the working environment. 
Unfortunately vice-versa does not work. I get no reply from the testing radiator on the request from the working one. 

It is not a routing/networking issue since i see on my testing computer (using tcpdump) that the requests arrives correctly on udp-port 1645 (as defined). On the testing side nothing gets logged (using Trace 4!). On the working side i get:

INFO: AuthRADIUS: No reply after 3 retransmissions to xxx.xxx.xxx.xxx for lemy at lemy.ch (226)
INFO: AuthRADIUS could not find a working host to forward to. Ignoring.
(you can see the whole downwards)

This is the request i sent on my working radius machine:
-----------------------------------------------------------
Radpwtst -s 127.0.0.1 -secret xxxx -auth_port 11812 -noacct -user lemy at lemy.ch -password xxxxxxxx -trace 4
-----------------------------------------------------------

On the test-machine, tcpdump gives me:
-----------------------------------------------------------
[root at RAdminTest radiator]# tcpdump -i eth0 -t udp
tcpdump: listening on eth0
195.141.161.202.32841 > 195.141.161.230.datametrics:  rad-access-req 114 [id 11] Attr[  User{lemy at lemy.ch} Service_type{Framed} NAS_ipaddr{oscar.open.com.au} NAS_port{1234} [|radius] (DF)
195.141.161.230.1029 > ns2.togewa.com.domain:  36594+ PTR? 230.161.141.195.in-addr.arpa. (46) (DF)
ns2.togewa.com.domain > 195.141.161.230.1029:  36594 NXDomain* 0/1/0 (131)
195.141.161.230.1029 > ns2.togewa.com.domain:  36595+ PTR? 202.161.141.195.in-addr.arpa. (46) (DF)
ns2.togewa.com.domain > 195.141.161.230.1029:  36595 NXDomain* 0/1/0 (131)
195.141.161.230.1029 > ns2.togewa.com.domain:  36596+ PTR? 1.154.63.203.in-addr.arpa. (43) (DF)
ns2.togewa.com.domain > 195.141.161.230.1029:  36596 1/0/0 (74)
195.141.161.230.1029 > ns2.togewa.com.domain:  36597+ PTR? 10.149.2.62.in-addr.arpa. (42) (DF)
ns2.togewa.com.domain > 195.141.161.230.1029:  36597* 1/0/0 PTR[|domain]
195.141.161.202.32841 > 195.141.161.230.datametrics:  rad-access-req 114 [id 11] Attr[  User{lemy at lemy.ch} Service_type{Framed} NAS_ipaddr{oscar.open.com.au} NAS_port{1234} [|radius] (DF)
195.141.161.202.32841 > 195.141.161.230.datametrics:  rad-access-req 114 [id 11] Attr[  User{lemy at lemy.ch} Service_type{Framed} NAS_ipaddr{oscar.open.com.au} NAS_port{1234} [|radius] (DF)
195.141.161.202.32841 > 195.141.161.230.datametrics:  rad-access-req 114 [id 11] Attr[  User{lemy at lemy.ch} Service_type{Framed} NAS_ipaddr{oscar.open.com.au} NAS_port{1234} [|radius] (DF)
-----------------------------------------------------------
This means, the request arrives at my testing machine and since there is no firewall on it running, this is really no networking/routing issue.

These are the files on the working machine (well not the whole, just the parts catching this case since these files are really big ;-):

Radius.cfg:
------------------
AuthPort	11812
AcctPort	11814

Trace 4

<Realm lemy.ch>
	<AuthBy RADIUS>
		Host xxx.xxx.xxx.xxx (this is the ip of the testing machine)
		Secret <snipped>
		AuthPort 1645
		AcctPort 1646
	</AuthBy>
</Realm>
------------------ /Radius.cfg

Logfile:
------------------
*** Received from 127.0.0.1 port 32840 ....
Code:       Access-Request
Identifier: 226
Authentic:  1234567890123456
Attributes:
        User-Name = "lemy at lemy.ch"
        Service-Type = Framed-User
        NAS-IP-Address = 203.63.154.1
        NAS-Port = 1234
        Called-Station-Id = "123456789"
        Calling-Station-Id = "987654321"
        NAS-Port-Type = Async
        User-Password = "<134><238><29><182><146><18><178><199><9><176><151><4><230>g[<229>g<165>"<167><202><241><192><155>"<25><178>B<28><223>)<17>"

Thu Jul 15 16:32:20 2004: DEBUG: Rewrote user name to lemy at lemy.ch
Thu Jul 15 16:32:20 2004: DEBUG: Handling request with Handler 'Realm=lemy.ch'
Thu Jul 15 16:32:20 2004: DEBUG:  Deleting session for lemy at lemy.ch, 203.63.154.1, 1234
Thu Jul 15 16:32:20 2004: DEBUG: do query is: 'delete from RADONLINE where NASIDENTIFIER='203.63.154.1' and NASPORT=01234':

Thu Jul 15 16:32:20 2004: DEBUG: Handling with Radius::AuthRADIUS
Thu Jul 15 16:32:20 2004: DEBUG: Packet dump:
*** Sending to 195.141.161.230 port 1645 ....
Code:       Access-Request
Identifier: 9
Authentic:  1234567890123456
Attributes:
        User-Name = "lemy at lemy.ch"
        Service-Type = Framed-User
        NAS-IP-Address = 203.63.154.1
        NAS-Port = 1234
        Called-Station-Id = "123456789"
        Calling-Station-Id = "987654321"
        NAS-Port-Type = Async
        User-Password = "z<252>Nk<159><205><0>i*'g<178><12>U<133><189>U5<203><225><198><227><250><249><250><245><235>|5<25><182><216>"

Thu Jul 15 16:32:25 2004: DEBUG: Timed out, retransmitting
Thu Jul 15 16:32:25 2004: DEBUG: Packet dump:
*** Sending to 195.141.161.230 port 1645 ....
Code:       Access-Request
Identifier: 9
Authentic:  1234567890123456
Attributes:
        User-Name = "lemy at lemy.ch"
        Service-Type = Framed-User
        NAS-IP-Address = 203.63.154.1
        NAS-Port = 1234
        Called-Station-Id = "123456789"
        Calling-Station-Id = "987654321"
        NAS-Port-Type = Async
        User-Password = "z<252>Nk<159><205><0>i*'g<178><12>U<133><189>U5<203><225><198><227><250><249><250><245><235>|5<25><182><216>"

Thu Jul 15 16:32:30 2004: DEBUG: Timed out, retransmitting
Thu Jul 15 16:32:30 2004: DEBUG: Packet dump:
*** Sending to 195.141.161.230 port 1645 ....
Code:       Access-Request
Identifier: 9
Authentic:  1234567890123456
Attributes:
        User-Name = "lemy at lemy.ch"
        Service-Type = Framed-User
        NAS-IP-Address = 203.63.154.1
        NAS-Port = 1234
        Called-Station-Id = "123456789"
        Calling-Station-Id = "987654321"
        NAS-Port-Type = Async
        User-Password = "z<252>Nk<159><205><0>i*'g<178><12>U<133><189>U5<203><225><198><227><250><249><250><245><235>|5<25><182><216>"

Thu Jul 15 16:32:35 2004: DEBUG: Timed out, retransmitting
Thu Jul 15 16:32:35 2004: DEBUG: Packet dump:
*** Sending to 195.141.161.230 port 1645 ....
Code:       Access-Request
Identifier: 9
Authentic:  1234567890123456
Attributes:
        User-Name = "lemy at lemy.ch"
        Service-Type = Framed-User
        NAS-IP-Address = 203.63.154.1
        NAS-Port = 1234
        Called-Station-Id = "123456789"
        Calling-Station-Id = "987654321"
        NAS-Port-Type = Async
        User-Password = "z<252>Nk<159><205><0>i*'g<178><12>U<133><189>U5<203><225><198><227><250><249><250><245><235>|5<25><182><216>"

Thu Jul 15 16:32:40 2004: INFO: AuthRADIUS: No reply after 3 retransmissions to 195.141.161.230:1645 for lemy at lemy.ch  (226)
Thu Jul 15 16:32:40 2004: INFO: AuthRADIUS could not find a working host to forward to. Ignoring
------------------------ /Logfile

And finally, these are the _small and thin_ files on my testing environment:

Radius.cfg
---------------------------
AuthPort	1645
AcctPort	1646
Trace		4

<Client 195.141.161.202>
        Secret xxxxxx
</Client>

<Client DEFAULT>
        Secret  xxxxxxx
        DupInterval 0
</Client>

<Realm lemy.ch>
        RewriteUsername s/^([^@]+).*/$1/
        <AuthBy FILE>
                Filename %D/users
        </AuthBy>
        # Log accounting to a detail file
        AcctLogFileName %L/detail
</Realm>

<Realm DEFAULT>
        <AuthBy FILE>
                Filename %D/users
        </AuthBy>
        # Log accounting to a detail file
        AcctLogFileName %L/detail
</Realm>
---------------------------/Radius.cfg

Users
---------------------------
lemy    User-Password="xxxxxxxxxxxxxx"
---------------------------/Users

Logfile:
---------------------------
Thu Jul 15 17:12:32 2004: NOTICE: SIGTERM received: stopping
Thu Jul 15 17:12:32 2004: DEBUG: Reading users file /etc/radiator/users
Thu Jul 15 17:12:32 2004: DEBUG: Reading users file /etc/radiator/users
Thu Jul 15 17:12:32 2004: DEBUG: Finished reading configuration file '/etc/radia
tor/radius.cfg'
Thu Jul 15 17:12:32 2004: DEBUG: Reading dictionary file '/etc/radiator/dictiona
ry'
Thu Jul 15 17:12:32 2004: DEBUG: Creating authentication port 0.0.0.0:1645
Thu Jul 15 17:12:32 2004: DEBUG: Creating accounting port 0.0.0.0:1646
Thu Jul 15 17:12:32 2004: NOTICE: Server started: Radiator 3.9 on RAdminTest
---------------------------/Logfile

That's all information i got. I really hope, someone can help me, since rebuilding the whole testing environment is never funny at all :-|

Regards,

Stefan Lengacher
Project & Testing Manager

____________________________________________
WeRoam®

TOGEWAnet AG / P.O. Box / Nussbaumstrasse 25
CH-3000 Bern 22 / Switzerland
tel. +41 31 341 10 20
direct: +41 31 341 1126
fax: +41 31 341 10 21 
mobile: +41 79 483 8422
Stefan.Lengacher at weroam.com 
www.weroam.com
____________________________________________
This email may contain confidential and/or privileged information which should not be used, copied or disclosed without  permission. If you are not an intended recipient, please contact the sender immediately.

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list