(RADIATOR) Radiator Auth issues (I think)...

Hugh Irvine hugh at open.com.au
Mon Apr 4 15:29:26 CDT 2005 

Hello Mark -

I can't see anything obviously wrong with what you show below.

I suggest you check a debug on the Cisco to see what it thinks is wrong.

regards

Hugh


On 4 Apr 2005, at 02:21, Mark Sergeant wrote:

> To start with I'll admit I'm new to radiator and am in the process of  
> trying to migrate all our systems from cistron to radiator. I'm having  
> an issue with our test cisco kit authenticating sessions... the test  
> auth from the radpwtest command works fine, as does a test aaa group  
> radius username password legacy on the actual cisco router itself, yet  
> when I try and get a dsl session to login it just sits there  
> reauthing, the following is the log output and config files, let me  
> know what else is needed... and if I missed something obvious a  
> pointer to the doco would be great !
>
> The system is a FreeBSD 5.3-RELEASE-p5 machine, with perl 5.8.6 and  
> all other ports up to date, the eventual plan is to do a full postgres  
> setup but for now I'd like to work with the old cistron files...
>
> Users file entry...
>
> 0755555555 at qIEXECTEST.rdsln03 Password = "blah"
>         Service-Type = Framed,
>         Framed-Protocol = PPP,
>         Framed-MTU = 1450,
>         Framed-IP-Address = 192.168.254.198,
>         Cisco-AVPair = "lcp:interface-config=ip vrf forwarding  
> VPN-IEXEC\\nip unnumbered loopback 86",
>         Cisco-AVPair = "ip:route#1=vrf VPN-IEXEC 192.168.100.0  
> 255.255.255.0 192.168.254.198",
>         Cisco-AVPair = "lcp:interface-config=bandwidth 512",
>         Cisco-AVPair = "lcp:interface-config=description iexecpty-test"
>
> N.B. I've added Framed and Cisco-AVPair into the dictionary file  
> instead of Framed-User & cisco-avpair.
>
> Config file...
>
> Foreground
> LogStdout
> Trace   4
> PidFile /tmp/radiusd.pid
> AuthPort        1812
> AcctPort        1813
> BindAddress     127.0.0.1, x.x.x.x
> LogDir          /var/log/radius
> DbDir           /usr/local/etc/raddb
>
> <Client 127.0.0.1>
>         Secret mysecret
>         DupInterval 0
> </Client>
>
> <Client x.x.x.x>
>         Secret mysecret
>         DupInterval 0
> </Client>
>
> <Handler  
> Realm=/ 
> qEXESIIG|qEXESFIX|qEXESVOL|[nvw]IEXEC|[qnvw]IEXECVPN|[qnvw]IEXECTEST|ds 
> l\.iexec.*|dialports.iexec.com.au/>
>         AcctLogFileName %L/detail
>         WtmpFileName %L/wtmp
>         PasswordLogFileName %L/password.log
>         RejectHasReason
>         <AuthBy FILE>
>                 Filename        %D/users
>         </AuthBy>
> </Handler>
>
> # Ignore the preauth requests.
> <Handler Realm=/dnis.*/i>
> </Handler>
>
> -- Log entries...
>
> Thu Mar 31 16:07:58 2005: DEBUG: Packet dump:
> *** Received from x.x.x.x port 1645 ....
> Code:       Access-Request
> Identifier: 8
> Authentic:  <154><20>@<141>:h2e<26><0><222>I<216>9<239><247>
> Attributes:
>         Framed-Protocol = PPP
>         User-Name = "iexec at qIEXECTEST"
>         CHAP-Password =  
> <2><254><235><227><153>#<247><149><213><227>k<210><222>O<7><0><127>
>         NAS-Port-Type = Virtual
>         NAS-Port = 187
>         NAS-Port-Id = "Uniq-Sess-ID187"
>         Connect-Info = "524288"
>         Service-Type = Framed-User
>         NAS-IP-Address = 210.18.254.47
>
> Thu Mar 31 16:07:58 2005: DEBUG: Handling request with Handler  
> 'Realm=/ 
> qEXESIIG|qEXESFIX|qEXESVOL|[nvw]IEXEC|[qnvw]IEXECVPN|[qnvw]IEXECTEST|ds 
> l\.iexec.*|dialports
> .iexec.com.au/'
> Thu Mar 31 16:07:58 2005: DEBUG:  Deleting session for  
> iexec at qIEXECTEST, x.x.x.x
> Thu Mar 31 16:07:58 2005: DEBUG: Handling with Radius::AuthFILE:
>  Thu Mar 31 16:07:58 2005: DEBUG: Radius::AuthFILE looks for match  
> with iexec at qIEXECTEST
> Thu Mar 31 16:07:58 2005: DEBUG: Radius::AuthFILE ACCEPT:
>  Thu Mar 31 16:07:58 2005: DEBUG: Access accepted for iexec at qIEXECTEST
> Thu Mar 31 16:07:58 2005: DEBUG: Packet dump:
> *** Sending to 210.18.254.47 port 1645 ....
> Code:       Access-Accept
> Identifier: 8
> Authentic:  <154><20>@<141>:h2e<26><0><222>I<216>9<239><247>
> Attributes:
>         Framed-IP-Address = 192.168.250.101
>         Service-Type = Framed
>         Framed-Protocol = PPP
>         Framed-MTU = 1450
>         Cisco-AVPair = "lcp:interface-config=ip vrf forwarding  
> VPN-IEXEC\\nip unnumbered loopback 86"
>         Cisco-AVPair = "lcp:interface-config=bandwidth 512"
>         Cisco-AVPair = "lcp:interface-config=description  
> iexec-test-shdsl"
>

NB: I am travelling this week, so there may be delays in our  
correspondence.

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list