(RADIATOR) No reply - Proxy does not catch the Request

Hugh Irvine hugh at open.com.au
Thu Jul 15 20:41:28 CDT 2004 

Hello Stefan -

As far as I can see what you are trying to do should work.

Are you sure that Radiator is running on the testing host when you try  
your tests?

And what does the local radpwtst show on the testing host?

regards

Hugh


On 16 Jul 2004, at 01:18, Lengacher Stefan wrote:

> Hello all
>
> I'm playing around with Radmin now and therefore i just installed a  
> _simple and thin_ radiator on the same machine for this purpose.  
> Radmin works fine with the appropriate Radiator. Now i'm trying to use  
> this installation with our working radiator environment. This means:
>
> We have a working Radius Proxy (Radiator) which now tries to do  
> Auth-Requests on my testing Radiator where i'm playing around with  
> Radmin.
>
> I can successful use radpwtst on my testing radius locally. It works  
> with my defined user.
> I can successful use radpwtst on my testing radius against the working  
> radiator. It works with the users which are defined in the working  
> environment.
> Unfortunately vice-versa does not work. I get no reply from the  
> testing radiator on the request from the working one.
>
> It is not a routing/networking issue since i see on my testing  
> computer (using tcpdump) that the requests arrives correctly on  
> udp-port 1645 (as defined). On the testing side nothing gets logged  
> (using Trace 4!). On the working side i get:
>
> INFO: AuthRADIUS: No reply after 3 retransmissions to xxx.xxx.xxx.xxx  
> for lemy at lemy.ch (226)
> INFO: AuthRADIUS could not find a working host to forward to. Ignoring.
> (you can see the whole downwards)
>
> This is the request i sent on my working radius machine:
> -----------------------------------------------------------
> Radpwtst -s 127.0.0.1 -secret xxxx -auth_port 11812 -noacct -user  
> lemy at lemy.ch -password xxxxxxxx -trace 4
> -----------------------------------------------------------
>
> On the test-machine, tcpdump gives me:
> -----------------------------------------------------------
> [root at RAdminTest radiator]# tcpdump -i eth0 -t udp
> tcpdump: listening on eth0
> 195.141.161.202.32841 > 195.141.161.230.datametrics:  rad-access-req  
> 114 [id 11] Attr[  User{lemy at lemy.ch} Service_type{Framed}  
> NAS_ipaddr{oscar.open.com.au} NAS_port{1234} [|radius] (DF)
> 195.141.161.230.1029 > ns2.togewa.com.domain:  36594+ PTR?  
> 230.161.141.195.in-addr.arpa. (46) (DF)
> ns2.togewa.com.domain > 195.141.161.230.1029:  36594 NXDomain* 0/1/0  
> (131)
> 195.141.161.230.1029 > ns2.togewa.com.domain:  36595+ PTR?  
> 202.161.141.195.in-addr.arpa. (46) (DF)
> ns2.togewa.com.domain > 195.141.161.230.1029:  36595 NXDomain* 0/1/0  
> (131)
> 195.141.161.230.1029 > ns2.togewa.com.domain:  36596+ PTR?  
> 1.154.63.203.in-addr.arpa. (43) (DF)
> ns2.togewa.com.domain > 195.141.161.230.1029:  36596 1/0/0 (74)
> 195.141.161.230.1029 > ns2.togewa.com.domain:  36597+ PTR?  
> 10.149.2.62.in-addr.arpa. (42) (DF)
> ns2.togewa.com.domain > 195.141.161.230.1029:  36597* 1/0/0  
> PTR[|domain]
> 195.141.161.202.32841 > 195.141.161.230.datametrics:  rad-access-req  
> 114 [id 11] Attr[  User{lemy at lemy.ch} Service_type{Framed}  
> NAS_ipaddr{oscar.open.com.au} NAS_port{1234} [|radius] (DF)
> 195.141.161.202.32841 > 195.141.161.230.datametrics:  rad-access-req  
> 114 [id 11] Attr[  User{lemy at lemy.ch} Service_type{Framed}  
> NAS_ipaddr{oscar.open.com.au} NAS_port{1234} [|radius] (DF)
> 195.141.161.202.32841 > 195.141.161.230.datametrics:  rad-access-req  
> 114 [id 11] Attr[  User{lemy at lemy.ch} Service_type{Framed}  
> NAS_ipaddr{oscar.open.com.au} NAS_port{1234} [|radius] (DF)
> -----------------------------------------------------------
> This means, the request arrives at my testing machine and since there  
> is no firewall on it running, this is really no networking/routing  
> issue.
>
> These are the files on the working machine (well not the whole, just  
> the parts catching this case since these files are really big ;-):
>
> Radius.cfg:
> ------------------
> AuthPort	11812
> AcctPort	11814
>
> Trace 4
>
> <Realm lemy.ch>
> 	<AuthBy RADIUS>
> 		Host xxx.xxx.xxx.xxx (this is the ip of the testing machine)
> 		Secret <snipped>
> 		AuthPort 1645
> 		AcctPort 1646
> 	</AuthBy>
> </Realm>
> ------------------ /Radius.cfg
>
> Logfile:
> ------------------
> *** Received from 127.0.0.1 port 32840 ....
> Code:       Access-Request
> Identifier: 226
> Authentic:  1234567890123456
> Attributes:
>         User-Name = "lemy at lemy.ch"
>         Service-Type = Framed-User
>         NAS-IP-Address = 203.63.154.1
>         NAS-Port = 1234
>         Called-Station-Id = "123456789"
>         Calling-Station-Id = "987654321"
>         NAS-Port-Type = Async
>         User-Password =  
> "<134><238><29><182><146><18><178><199><9><176><151><4><230>g[<229>g<16 
> 5>"<167><202><241><192><155>"<25><178>B<28><223>)<17>"
>
> Thu Jul 15 16:32:20 2004: DEBUG: Rewrote user name to lemy at lemy.ch
> Thu Jul 15 16:32:20 2004: DEBUG: Handling request with Handler  
> 'Realm=lemy.ch'
> Thu Jul 15 16:32:20 2004: DEBUG:  Deleting session for lemy at lemy.ch,  
> 203.63.154.1, 1234
> Thu Jul 15 16:32:20 2004: DEBUG: do query is: 'delete from RADONLINE  
> where NASIDENTIFIER='203.63.154.1' and NASPORT=01234':
>
> Thu Jul 15 16:32:20 2004: DEBUG: Handling with Radius::AuthRADIUS
> Thu Jul 15 16:32:20 2004: DEBUG: Packet dump:
> *** Sending to 195.141.161.230 port 1645 ....
> Code:       Access-Request
> Identifier: 9
> Authentic:  1234567890123456
> Attributes:
>         User-Name = "lemy at lemy.ch"
>         Service-Type = Framed-User
>         NAS-IP-Address = 203.63.154.1
>         NAS-Port = 1234
>         Called-Station-Id = "123456789"
>         Calling-Station-Id = "987654321"
>         NAS-Port-Type = Async
>         User-Password =  
> "z<252>Nk<159><205><0>i*'g<178><12>U<133><189>U5<203><225><198><227><25 
> 0><249><250><245><235>|5<25><182><216>"
>
> Thu Jul 15 16:32:25 2004: DEBUG: Timed out, retransmitting
> Thu Jul 15 16:32:25 2004: DEBUG: Packet dump:
> *** Sending to 195.141.161.230 port 1645 ....
> Code:       Access-Request
> Identifier: 9
> Authentic:  1234567890123456
> Attributes:
>         User-Name = "lemy at lemy.ch"
>         Service-Type = Framed-User
>         NAS-IP-Address = 203.63.154.1
>         NAS-Port = 1234
>         Called-Station-Id = "123456789"
>         Calling-Station-Id = "987654321"
>         NAS-Port-Type = Async
>         User-Password =  
> "z<252>Nk<159><205><0>i*'g<178><12>U<133><189>U5<203><225><198><227><25 
> 0><249><250><245><235>|5<25><182><216>"
>
> Thu Jul 15 16:32:30 2004: DEBUG: Timed out, retransmitting
> Thu Jul 15 16:32:30 2004: DEBUG: Packet dump:
> *** Sending to 195.141.161.230 port 1645 ....
> Code:       Access-Request
> Identifier: 9
> Authentic:  1234567890123456
> Attributes:
>         User-Name = "lemy at lemy.ch"
>         Service-Type = Framed-User
>         NAS-IP-Address = 203.63.154.1
>         NAS-Port = 1234
>         Called-Station-Id = "123456789"
>         Calling-Station-Id = "987654321"
>         NAS-Port-Type = Async
>         User-Password =  
> "z<252>Nk<159><205><0>i*'g<178><12>U<133><189>U5<203><225><198><227><25 
> 0><249><250><245><235>|5<25><182><216>"
>
> Thu Jul 15 16:32:35 2004: DEBUG: Timed out, retransmitting
> Thu Jul 15 16:32:35 2004: DEBUG: Packet dump:
> *** Sending to 195.141.161.230 port 1645 ....
> Code:       Access-Request
> Identifier: 9
> Authentic:  1234567890123456
> Attributes:
>         User-Name = "lemy at lemy.ch"
>         Service-Type = Framed-User
>         NAS-IP-Address = 203.63.154.1
>         NAS-Port = 1234
>         Called-Station-Id = "123456789"
>         Calling-Station-Id = "987654321"
>         NAS-Port-Type = Async
>         User-Password =  
> "z<252>Nk<159><205><0>i*'g<178><12>U<133><189>U5<203><225><198><227><25 
> 0><249><250><245><235>|5<25><182><216>"
>
> Thu Jul 15 16:32:40 2004: INFO: AuthRADIUS: No reply after 3  
> retransmissions to 195.141.161.230:1645 for lemy at lemy.ch  (226)
> Thu Jul 15 16:32:40 2004: INFO: AuthRADIUS could not find a working  
> host to forward to. Ignoring
> ------------------------ /Logfile
>
> And finally, these are the _small and thin_ files on my testing  
> environment:
>
> Radius.cfg
> ---------------------------
> AuthPort	1645
> AcctPort	1646
> Trace		4
>
> <Client 195.141.161.202>
>         Secret xxxxxx
> </Client>
>
> <Client DEFAULT>
>         Secret  xxxxxxx
>         DupInterval 0
> </Client>
>
> <Realm lemy.ch>
>         RewriteUsername s/^([^@]+).*/$1/
>         <AuthBy FILE>
>                 Filename %D/users
>         </AuthBy>
>         # Log accounting to a detail file
>         AcctLogFileName %L/detail
> </Realm>
>
> <Realm DEFAULT>
>         <AuthBy FILE>
>                 Filename %D/users
>         </AuthBy>
>         # Log accounting to a detail file
>         AcctLogFileName %L/detail
> </Realm>
> ---------------------------/Radius.cfg
>
> Users
> ---------------------------
> lemy    User-Password="xxxxxxxxxxxxxx"
> ---------------------------/Users
>
> Logfile:
> ---------------------------
> Thu Jul 15 17:12:32 2004: NOTICE: SIGTERM received: stopping
> Thu Jul 15 17:12:32 2004: DEBUG: Reading users file /etc/radiator/users
> Thu Jul 15 17:12:32 2004: DEBUG: Reading users file /etc/radiator/users
> Thu Jul 15 17:12:32 2004: DEBUG: Finished reading configuration file  
> '/etc/radia
> tor/radius.cfg'
> Thu Jul 15 17:12:32 2004: DEBUG: Reading dictionary file  
> '/etc/radiator/dictiona
> ry'
> Thu Jul 15 17:12:32 2004: DEBUG: Creating authentication port  
> 0.0.0.0:1645
> Thu Jul 15 17:12:32 2004: DEBUG: Creating accounting port 0.0.0.0:1646
> Thu Jul 15 17:12:32 2004: NOTICE: Server started: Radiator 3.9 on  
> RAdminTest
> ---------------------------/Logfile
>
> That's all information i got. I really hope, someone can help me,  
> since rebuilding the whole testing environment is never funny at all  
> :-|
>
> Regards,
>
> Stefan Lengacher
> Project & Testing Manager
>
> ____________________________________________
> WeRoam®
>
> TOGEWAnet AG / P.O. Box / Nussbaumstrasse 25
> CH-3000 Bern 22 / Switzerland
> tel. +41 31 341 10 20
> direct: +41 31 341 1126
> fax: +41 31 341 10 21
> mobile: +41 79 483 8422
> Stefan.Lengacher at weroam.com
> www.weroam.com
> ____________________________________________
> This email may contain confidential and/or privileged information  
> which should not be used, copied or disclosed without  permission. If  
> you are not an intended recipient, please contact the sender  
> immediately.
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>

NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list