(RADIATOR) Radiator Auth issues (I think)...
Mark Sergeant
msergeant at snsonline.net
Sun Apr 3 19:21:22 CDT 2005
To start with I'll admit I'm new to radiator and am in the process of
trying to migrate all our systems from cistron to radiator. I'm
having an issue with our test cisco kit authenticating sessions...
the test auth from the radpwtest command works fine, as does a test
aaa group radius username password legacy on the actual cisco router
itself, yet when I try and get a dsl session to login it just sits
there reauthing, the following is the log output and config files,
let me know what else is needed... and if I missed something obvious
a pointer to the doco would be great !
The system is a FreeBSD 5.3-RELEASE-p5 machine, with perl 5.8.6 and
all other ports up to date, the eventual plan is to do a full
postgres setup but for now I'd like to work with the old cistron
files...
Users file entry...
0755555555 at qIEXECTEST.rdsln03 Password = "blah"
Service-Type = Framed,
Framed-Protocol = PPP,
Framed-MTU = 1450,
Framed-IP-Address = 192.168.254.198,
Cisco-AVPair = "lcp:interface-config=ip vrf forwarding VPN-
IEXEC\\nip unnumbered loopback 86",
Cisco-AVPair = "ip:route#1=vrf VPN-IEXEC 192.168.100.0
255.255.255.0 192.168.254.198",
Cisco-AVPair = "lcp:interface-config=bandwidth 512",
Cisco-AVPair = "lcp:interface-config=description iexecpty-test"
N.B. I've added Framed and Cisco-AVPair into the dictionary file
instead of Framed-User & cisco-avpair.
Config file...
Foreground
LogStdout
Trace 4
PidFile /tmp/radiusd.pid
AuthPort 1812
AcctPort 1813
BindAddress 127.0.0.1, x.x.x.x
LogDir /var/log/radius
DbDir /usr/local/etc/raddb
<Client 127.0.0.1>
Secret mysecret
DupInterval 0
</Client>
<Client x.x.x.x>
Secret mysecret
DupInterval 0
</Client>
<Handler Realm=/qEXESIIG|qEXESFIX|qEXESVOL|[nvw]IEXEC|[qnvw]IEXECVPN|
[qnvw]IEXECTEST|dsl\.iexec.*|dialports.iexec.com.au/>
AcctLogFileName %L/detail
WtmpFileName %L/wtmp
PasswordLogFileName %L/password.log
RejectHasReason
<AuthBy FILE>
Filename %D/users
</AuthBy>
</Handler>
# Ignore the preauth requests.
<Handler Realm=/dnis.*/i>
</Handler>
-- Log entries...
Thu Mar 31 16:07:58 2005: DEBUG: Packet dump:
*** Received from x.x.x.x port 1645 ....
Code: Access-Request
Identifier: 8
Authentic: <154><20>@<141>:h2e<26><0><222>I<216>9<239><247>
Attributes:
Framed-Protocol = PPP
User-Name = "iexec at qIEXECTEST"
CHAP-Password =
<2><254><235><227><153>#<247><149><213><227>k<210><222>O<7><0><127>
NAS-Port-Type = Virtual
NAS-Port = 187
NAS-Port-Id = "Uniq-Sess-ID187"
Connect-Info = "524288"
Service-Type = Framed-User
NAS-IP-Address = 210.18.254.47
Thu Mar 31 16:07:58 2005: DEBUG: Handling request with Handler
'Realm=/qEXESIIG|qEXESFIX|qEXESVOL|[nvw]IEXEC|[qnvw]IEXECVPN|[qnvw]
IEXECTEST|dsl\.iexec.*|dialports
.iexec.com.au/'
Thu Mar 31 16:07:58 2005: DEBUG: Deleting session for
iexec at qIEXECTEST, x.x.x.x
Thu Mar 31 16:07:58 2005: DEBUG: Handling with Radius::AuthFILE:
Thu Mar 31 16:07:58 2005: DEBUG: Radius::AuthFILE looks for match
with iexec at qIEXECTEST
Thu Mar 31 16:07:58 2005: DEBUG: Radius::AuthFILE ACCEPT:
Thu Mar 31 16:07:58 2005: DEBUG: Access accepted for iexec at qIEXECTEST
Thu Mar 31 16:07:58 2005: DEBUG: Packet dump:
*** Sending to 210.18.254.47 port 1645 ....
Code: Access-Accept
Identifier: 8
Authentic: <154><20>@<141>:h2e<26><0><222>I<216>9<239><247>
Attributes:
Framed-IP-Address = 192.168.250.101
Service-Type = Framed
Framed-Protocol = PPP
Framed-MTU = 1450
Cisco-AVPair = "lcp:interface-config=ip vrf forwarding VPN-
IEXEC\\nip unnumbered loopback 86"
Cisco-AVPair = "lcp:interface-config=bandwidth 512"
Cisco-AVPair = "lcp:interface-config=description iexec-test-
shdsl"
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.open.com.au/pipermail/radiator/attachments/20050404/38a80556/attachment.html>
More information about the radiator
mailing list