(RADIATOR) Some errors with VPN and POPTOP

Hugh Irvine hugh at open.com.au
Tue Jun 8 13:12:42 CDT 2004 

Hello Antonio -

The problem is in the Handler which _must_ have an AuthBy clause in it  
so that the accounting requests get acknowledged.

Something like this:

<Handler Acct-Status-Type = /^(Start|Stop)$/, Client-Identifier=VPN>
         SessionDatabase NULL
         AcctLogFileName %L/VPNaccounting.log
         <AuthBy INTERNAL>
		AcctResult ACCEPT
	</AuthBy>
</Handler>

See section 6.46 in the Radiator 3.9 reference manual.

regards

Hugh


On 8 Jun 2004, at 13:56, António Fernandes wrote:

> Hi!
>
> I was trying to use Radiator with POPTOP and despite the fact that it  
> works
> (having to wait for a couple of minutes for the accounting procedure to
> timeout) it comes up with these errors:
>
> VPN LOGs
> --------
> Jun  8 12:27:24 fw pppd[23742]: rc_ip_hostname: couldn't look up host  
> by
> addr: C0A80105
> Jun  8 12:27:24 fw pppd[23742]: rc_send_server: no reply from RADIUS  
> server
> unknown:1813
> Jun  8 12:27:24 fw pppd[23742]: Accounting START failed for XXXXXXXXX
>
>
>
> What do you think the problem is?
> In
> http://cvs.berlios.de/cgi-bin/viewcvs.cgi/radiusclient-ng/ 
> radiusclient-ng/li
> b/ip_util.c?rev=1.5 in function rc_ip_hostname, is says something about
> reverse dns "gethostbyaddr"...
>
>
> Thank you,
>
> António Fernandes
>
>
>
>
>
>
> Conf
> ----
> <Handler Acct-Status-Type = /^(Start|Stop)$/, Client-Identifier=VPN>
>         SessionDatabase NULL
>         AcctLogFileName %L/VPNaccounting.log
> </Handler>
> <Handler Client-Identifier=VPN>
>         SessionDatabase NULL
>         RewriteUsername s/^([^@]+).*/$1/
>         UsernameCharset a-zA-Z0-9\._\@-
>         AuthByPolicy ContinueUntilAccept
>         AuthBy authby_FILE_vpn
>         AuthLog log_LocalUsers
> </Handler>
> <AuthBy FILE>
>         Identifier authby_FILE_vpn
>         Filename /etc/radiator/usersVPN
>         AutoMPPEKeys Yes
>         AddToReply MS-MPPE-Encryption-Policy=Encryption-Required
> </AuthBy>
>
>
> User File
> ---------
> xxxx    Password = yyyyyy
>         Framed-IP-Address = 192.168.51.100
>
>
> Radiator LOGS
> -------------
> Tue Jun  8 11:45:12 2004: NOTICE: Server started: Radiator 3.8 on
> localhost.localdomain
> Tue Jun  8 12:32:54 2004: DEBUG: Packet dump:
> *** Received from 192.168.1.254 port 33299 ....
>
> Packet length = 136
> 01 ab 00 88 19 90 0b de dd 30 45 fa 57 f9 24 bb
> 5d be 2c 2f 06 06 00 00 00 02 07 06 00 00 00 01
> 01 0a 65 75 72 6f 74 75 78 32 1a 18 00 00 01 37
> 0b 12 54 c5 a7 4c 5e ba 2b c0 a7 45 13 67 58 66
> c6 b1 1a 3a 00 00 01 37 19 34 71 00 8e f0 e3 66
> 9d ab 9b 4c 1f 6f 2e 2b ba 87 ef a4 00 00 00 00
> 00 00 00 00 1d f1 3f 4c 8e 1d ce d7 a4 7a df 39
> 62 fa ec db 80 90 97 bf 24 8f 86 69 04 06 c1 89
> 31 81 05 06 00 00 00 00
> Code:       Access-Request
> Identifier: 171
> Authentic:  <25><144><11><222><221>0E<250>W<249>$<187>]<190>,/
> Attributes:
>         Service-Type = Framed-User
>         Framed-Protocol = PPP
>         User-Name = "xxxxxxx"
>         MS-CHAP-Challenge =
> "T<197><167>L^<186>+<192><167>E<19>gXf<198><177>"
>         MS-CHAP2-Response =
> "q<0><142><240><227>f<157><171><155>L<31>o.+<186><135><239><164><0><0>< 
> 0><0>
> <0><0><0><0><29><241>? 
> L<142><29><206><215><164>z<223>9b<250><236><219><128><
> 144><151><191>$<143><134>i"
>         NAS-IP-Address = 192.168.1.100
>         NAS-Port = 0
>
> Tue Jun  8 12:32:54 2004: DEBUG: Handling request with Handler
> 'Client-Identifier=VPN'
> Tue Jun  8 12:32:54 2004: DEBUG: Rewrote user name to xxxxxxx
> Tue Jun  8 12:32:54 2004: DEBUG: Handling with Radius::AuthFILE:
> authby_FILE_vpn
> Tue Jun  8 12:32:54 2004: DEBUG: Radius::AuthFILE looks for match with
> xxxxxxx
> Tue Jun  8 12:32:54 2004: DEBUG: Radius::AuthFILE ACCEPT:
> Tue Jun  8 12:32:54 2004: DEBUG: Access accepted for xxxxxxx
> Tue Jun  8 12:32:54 2004: DEBUG: Packet dump:
> *** Sending to 192.168.1.254 port 33299 ....
>
> Packet length = 173
> 02 ab 00 ad 99 0f ae f2 01 e1 77 c2 83 dd 70 fa
> d6 c4 f1 1f 1a 33 00 00 01 37 1a 2d 71 53 3d 31
> 36 31 36 46 31 33 37 38 41 42 41 36 45 32 38 45
> 30 36 33 44 44 31 43 46 38 39 39 31 46 39 35 38
> 46 43 46 43 34 36 34 1a 2a 00 00 01 37 10 24 9c
> 34 6c 0b 32 26 80 65 45 47 39 eb 2f 5e ab d0 9b
> 28 da 4d b6 bd fa 2e 98 e8 fe 21 f7 c3 ad 51 50
> f7 1a 2a 00 00 01 37 11 24 f6 de e1 fb f2 0d 1e
> cf fd b3 3d e7 82 b0 70 78 65 4a 17 57 4d 1d 20
> 19 98 06 c2 87 15 bd ca e4 b2 c7 08 06 c0 a8 33
> 64 1a 0c 00 00 01 37 07 06 00 00 00 02
> Code:       Access-Accept
> Identifier: 171
> Authentic:  <25><144><11><222><221>0E<250>W<249>$<187>]<190>,/
> Attributes:
>         MS-CHAP2-Success =  
> "qS=1616F1378ABA6E28E063DD1CF8991F958FCFC464"
>         MS-MPPE-Send-Key =
> "<156>4l<11>2&<128>eEG9<235>/ 
> ^<171><208><155>(<218>M<182><189><250>.<152><23
> 2><254>!<247><195><173>QP<247>"
>         MS-MPPE-Recv-Key =
> "<246><222><225><251><242><13><30><207><253><179>=<231><130><176>pxeJ<2 
> 3>WM<
> 29> <25><152><6><194><135><21><189><202><228><178><199>"
>         Framed-IP-Address = 192.168.51.100
>         MS-MPPE-Encryption-Policy = Encryption-Required
>
> Tue Jun  8 12:32:57 2004: DEBUG: Packet dump:
> *** Received from 192.168.1.254 port 33299 ....
>
> Packet length = 98
> 04 ac 00 62 27 35 b5 af 34 5b f3 0f 58 15 16 59
> d5 b0 71 9a 2c 0e 34 30 43 35 41 32 37 45 35 43
> 42 45 01 0a 65 75 72 6f 74 75 78 32 28 06 00 00
> 00 01 06 06 00 00 00 02 07 06 00 00 00 01 2d 06
> 00 00 00 01 3d 06 00 00 00 00 08 06 c0 a8 33 64
> 04 06 c1 89 31 81 05 06 00 00 00 00 29 06 00 00
> 00 00
> Code:       Accounting-Request
> Identifier: 172
> Authentic:  '5<181><175>4[<243><15>X<21><22>Y<213><176>q<154>
> Attributes:
>         Acct-Session-Id = "40C5A27E5CBE"
>         User-Name = "xxxxxxx"
>         Acct-Status-Type = Start
>         Service-Type = Framed-User
>         Framed-Protocol = PPP
>         Acct-Authentic = RADIUS
>         NAS-Port-Type = Async
>         Framed-IP-Address = 192.168.51.100
>         NAS-IP-Address = 192.168.1.100
>         NAS-Port = 0
>         Acct-Delay-Time = 0
>
> Tue Jun  8 12:32:57 2004: DEBUG: Handling request with Handler
> 'Acct-Status-Type = /^(Start|Stop)$/, Client-Identifier=VPN'
> Tue Jun  8 12:33:07 2004: DEBUG: Packet dump:
> *** Received from 192.168.1.254 port 33299 ....
>
> Packet length = 98
> 04 ac 00 62 27 35 b5 af 34 5b f3 0f 58 15 16 59
> d5 b0 71 9a 2c 0e 34 30 43 35 41 32 37 45 35 43
> 42 45 01 0a 65 75 72 6f 74 75 78 32 28 06 00 00
> 00 01 06 06 00 00 00 02 07 06 00 00 00 01 2d 06
> 00 00 00 01 3d 06 00 00 00 00 08 06 c0 a8 33 64
> 04 06 c1 89 31 81 05 06 00 00 00 00 29 06 00 00
> 00 00
> Code:       Accounting-Request
> Identifier: 172
> Authentic:  '5<181><175>4[<243><15>X<21><22>Y<213><176>q<154>
> Attributes:
>         Acct-Session-Id = "40C5A27E5CBE"
>         User-Name = "xxxxxxx"
>         Acct-Status-Type = Start
>         Service-Type = Framed-User
>         Framed-Protocol = PPP
>         Acct-Authentic = RADIUS
>         NAS-Port-Type = Async
>         Framed-IP-Address = 192.168.51.100
>         NAS-IP-Address = 192.168.1.100
>         NAS-Port = 0
>         Acct-Delay-Time = 0
>
> Tue Jun  8 12:33:07 2004: DEBUG: Handling request with Handler
> 'Acct-Status-Type = /^(Start|Stop)$/, Client-Identifier=VPN'
> Tue Jun  8 12:33:17 2004: DEBUG: Packet dump:
> *** Received from 192.168.1.254 port 33299 ....
>
> Packet length = 98
> 04 ac 00 62 27 35 b5 af 34 5b f3 0f 58 15 16 59
> d5 b0 71 9a 2c 0e 34 30 43 35 41 32 37 45 35 43
> 42 45 01 0a 65 75 72 6f 74 75 78 32 28 06 00 00
> 00 01 06 06 00 00 00 02 07 06 00 00 00 01 2d 06
> 00 00 00 01 3d 06 00 00 00 00 08 06 c0 a8 33 64
> 04 06 c1 89 31 81 05 06 00 00 00 00 29 06 00 00
> 00 00
> Code:       Accounting-Request
> Identifier: 172
> Authentic:  '5<181><175>4[<243><15>X<21><22>Y<213><176>q<154>
> Attributes:
>         Acct-Session-Id = "40C5A27E5CBE"
>         User-Name = "xxxxxxx"
>         Acct-Status-Type = Start
>         Service-Type = Framed-User
>         Framed-Protocol = PPP
>         Acct-Authentic = RADIUS
>         NAS-Port-Type = Async
>         Framed-IP-Address = 192.168.51.100
>         NAS-IP-Address = 192.168.1.100
>         NAS-Port = 0
>         Acct-Delay-Time = 0
>
> Tue Jun  8 12:33:17 2004: DEBUG: Handling request with Handler
> 'Acct-Status-Type = /^(Start|Stop)$/, Client-Identifier=VPN'
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>

NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list