(RADIATOR) Radiator 3.9 with Microsoft PPTP Server

Hugh Irvine hugh at open.com.au
Fri Sep 10 20:59:53 CDT 2004


Hello William -

The error message shown below indicates the attributes are still not  
defined in the dictionary.

It would also appear that there are additional reply attributes that  
should be sent with the Access-Accept.

It would be very useful to compare a trace 4 debug showing the Radiator  
3.6 operation and a trace 4 debug showing Radiator 3.9 operation.

regards

Hugh


On 11 Sep 2004, at 00:19, William Holmes wrote:

> Hello,
>
> I have been sucessfully using radiator 3.6 with PPTP running on windows
> 2000/2003. I am now deploying Radiator 3.9 using MYSQL instead of flat  
> files
> and I am attempting to make a connection to a pptp server. However the  
> client
> responds with the following error message:
>
> Error: 742 The remote computer does not support the required data  
> encryption
> type.
>
> On the Radiator here is the trace. The only things I see that are  
> obvious to
> me are:
>
> Thu Sep  9 15:29:47 2004: ERR: Attribute number 35 (vendor 311) is not
> defined in your dictionary Thu Sep  9 15:29:47 2004: ERR: Attribute  
> number 34
> (vendor 311) is not defined in your dictionary
>
> I added these attibutes to the dictionary and the removed those errors.
>
> I would appreciate it if someone with more insight might be able to  
> help me
> out.
>
> Thanks
>
> Bill
>
> C:\Radiator-3.9>perl c:\perl\bin\radiusd Thu Sep  9 15:29:22 2004:  
> DEBUG:
> Adding Clients from SQL database Thu Sep  9 15:29:22 2004: DEBUG:  
> Query is:
> 'select
>         NASIDENTIFIER,
>         SECRET,
>         IGNOREACCTSIGNATURE,
>         DUPINTERVAL,
>         DEFAULTREALM,
>         NASTYPE,
>         SNMPCOMMUNITY,
>         LIVINGSTONOFFS,
>         LIVINGSTONHOLE,
>         FRAMEDGROUPBASEADDRESS,
>         FRAMEDGROUPMAXPORTSPERCLASSC,
>         REWRITEUSERNAME,
>         NOIGNOREDUPLICATES,
>         PREHANDLERHOOK from RADCLIENTLIST':
>
> Thu Sep  9 15:29:22 2004: DEBUG: Finished reading configuration file
> 'C:\Program Files\Radiator\radius.cfg'
> Thu Sep  9 15:29:22 2004: DEBUG: Reading dictionary file 'c:/Program
> Files/Radiator/dictionary'
> Thu Sep  9 15:29:23 2004: DEBUG: Creating authentication port  
> 0.0.0.0:1645
> Thu Sep  9 15:29:23 2004: DEBUG: Creating authentication port  
> 0.0.0.0:1812
> Thu Sep  9 15:29:23 2004: DEBUG: Creating accounting port 0.0.0.0:1646  
> Thu
> Sep  9 15:29:23 2004: DEBUG: Creating accounting port 0.0.0.0:1813 Thu  
> Sep  9
> 15:29:23 2004: NOTICE: Server started: Radiator 3.9 on radius1
>
> Thu Sep  9 15:29:47 2004: ERR: Attribute number 35 (vendor 311) is not
> defined in your dictionary Thu Sep  9 15:29:47 2004: ERR: Attribute  
> number 34
> (vendor 311) is not defined in your dictionary Thu Sep  9 15:29:47  
> 2004:
> DEBUG: Packet dump:
> *** Received from 128.84.96.29 port 4431 ....
> Code:       Access-Request
> Identifier: 29
> Authentic:  <5><12><231><233><21><187>t>+<222>&~<18>D<142><219>
> Attributes:
>         Acct-Session-Id = "35"
>         NAS-IP-Address = 128.84.96.29
>         Service-Type = Framed-User
>         Framed-Protocol = PPP
>         NAS-Port = 134
>         MS-RAS-Vendor = 311
>         MS-RAS-Version = "MSRASV5.20"
>         NAS-Port-Type = Virtual
>         Tunnel-Type = 0:PPTP
>         Tunnel-Medium-Type = 0:IP
>         Calling-Station-Id = "128.84.98.40"
>         Tunnel-Client-Endpoint = 128.84.98.40
>         User-Name = "wtholmes"
>         MS-CHAP-Challenge = "_9<24><195><177><218>&&5*I)<132>3[<209>"
>         MS-CHAP2-Response =
> "<0><0><149>+<13><30><170><234><22><171>@<29>rv<214>
> <14><156><171><0><0><0><0><0><0><0><0><230>qW<142>bH<232>Dp<174>H<223>< 
> 149>=<
> 177
>> <245>9<14><255><167><144><175>ux"
>
> Thu Sep  9 15:29:47 2004: DEBUG: Rewrote user name to wtholmes Thu Sep  
>  9
> 15:29:47 2004: DEBUG: Rewrote user name to wtholmes Thu Sep  9  
> 15:29:47 2004:
> DEBUG: Handling request with Handler 'Realm=DEFAULT'
> Thu Sep  9 15:29:47 2004: DEBUG:  Deleting session for wtholmes,
> 128.84.96.29, 1
> 34
> Thu Sep  9 15:29:48 2004: DEBUG: do query is: 'delete from RADONLINE  
> where
> NASID ENTIFIER='128.84.96.29' and NASPORT=0134':
>
> Thu Sep  9 15:29:48 2004: DEBUG: Handling with Radius::AuthSQL Thu Sep  
>  9
> 15:29:48 2004: DEBUG: Handling with Radius::AuthSQL:
> Thu Sep  9 15:29:48 2004: DEBUG: Query is: 'select PASSWORD from  
> SUBSCRIBERS
> whe re USERNAME='wtholmes'':
>
> Thu Sep  9 15:29:48 2004: DEBUG: Radius::AuthSQL looks for match with
> wtholmes Thu Sep  9 15:29:48 2004: DEBUG: Radius::AuthSQL ACCEPT:
> Thu Sep  9 15:29:48 2004: DEBUG: Access accepted for wtholmes Thu Sep   
> 9
> 15:29:48 2004: DEBUG: Packet dump:
> *** Sending to 128.84.96.29 port 4431 ....
> Code:       Access-Accept
> Identifier: 29
> Authentic:  <5><12><231><233><21><187>t>+<222>&~<18>D<142><219>
> Attributes:
>         MS-CHAP2-Success =  
> "<0>S=35732452D62517225A73101DB385C89F460FB3CF"
>
> Thu Sep  9 15:29:50 2004: ERR: Attribute number 35 (vendor 311) is not
> defined in your dictionary Thu Sep  9 15:29:50 2004: ERR: Attribute  
> number 34
> (vendor 311) is not defined in your dictionary Thu Sep  9 15:29:50  
> 2004:
> DEBUG: Packet dump:
> *** Received from 128.84.96.29 port 4432 ....
> Code:       Accounting-Request
> Identifier: 28
> Authentic:  ><247>i><250><189><191>7w<152><142><136>4<226>}<188>
> Attributes:
>         Acct-Status-Type = Stop
>         Acct-Delay-Time = 0
>         NAS-IP-Address = 128.84.96.29
>         Service-Type = Framed-User
>         Framed-Protocol = PPP
>         NAS-Port = 134
>         MS-RAS-Vendor = 311
>         MS-RAS-Version = "MSRASV5.20"
>         NAS-Port-Type = Virtual
>         Tunnel-Type = 0:PPTP
>         Tunnel-Medium-Type = 0:IP
>         Calling-Station-Id = "128.84.98.40"
>         Tunnel-Client-Endpoint = 128.84.98.40
>         Acct-Session-Id = "35"
>         User-Name = "wtholmes"
>         Framed-MTU = 1400
>         Acct-Multi-Session-Id = "89"
>         Acct-Link-Count = 1
>         Event-Timestamp = 1094758188
>         Acct-Authentic = RADIUS
>         MS-MPPE-Encryption-Types = 0
>         Acct-Session-Time = 0
>         Acct-Output-Octets = 340
>         Acct-Input-Octets = 321
>         Acct-Output-Packets = 14
>         Acct-Input-Packets = 13
>         Acct-Terminate-Cause = User-Request
>
> Thu Sep  9 15:29:50 2004: DEBUG: Rewrote user name to wtholmes Thu Sep  
>  9
> 15:29:50 2004: DEBUG: Rewrote user name to wtholmes Thu Sep  9  
> 15:29:50 2004:
> DEBUG: Handling request with Handler 'Realm=DEFAULT'
> Thu Sep  9 15:29:50 2004: DEBUG:  Deleting session for wtholmes,
> 128.84.96.29, 1
> 34
> Thu Sep  9 15:29:50 2004: DEBUG: do query is: 'delete from RADONLINE  
> where
> NASID ENTIFIER='128.84.96.29' and NASPORT=0134':
>
> Thu Sep  9 15:29:50 2004: DEBUG: Handling with Radius::AuthSQL Thu Sep  
>  9
> 15:29:50 2004: DEBUG: Handling accounting with Radius::AuthSQL Thu Sep  
>  9
> 15:29:50 2004: DEBUG: do query is: 'insert into ACCOUNTING (ACCTDELAY
> TIME,ACCTINPUTOCTETS,ACCTOUTPUTOCTETS,ACCTSESSIONID,ACCTSESSIONTIME,ACC 
> TSTATU
> STY
> PE,ACCTTERMINATECAUSE,NASPORT,TIME_STAMP,USERNAME) values
> (0,321,340,'35',0,'Sto
> p','User-Request',134,1094758190,'wtholmes')':
>
> Thu Sep  9 15:29:50 2004: DEBUG: Accounting accepted Thu Sep  9  
> 15:29:50
> 2004: DEBUG: Packet dump:
> *** Sending to 128.84.96.29 port 4432 ....
> Code:       Accounting-Response
> Identifier: 28
> Authentic:  ><247>i><250><189><191>7w<152><142><136>4<226>}<188>
> Attributes:
>
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>

NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list