(RADIATOR) AuthBy RADIUS and MPPE
Vlad Shalnev
vlad at asv.ru
Wed Aug 24 04:37:02 CDT 2005
Hi all
I use AuthBy RADIUS for forwarding requests of VPN user sessions with MS-CHAP V2
and MPPE. In radiusd log I see that value of MPPE-Recv-Key and MPPE-Send-Key
changed when forwarding request back to nas. In doc I found that when this
attributes appear in reply, radiusd encrypt value with Client shared secret. But
in my case value already encrypted. How can I solve this problem ?
Thanks for any help
--- cut of log ---
Wed Aug 24 12:51:56 2005: DEBUG: Packet dump:
*** Received from 62.33.245.3 port 1812 ....
Packet length = 227
02 07 00 e3 a7 98 5a aa 56 45 4b 7c a1 be 83 62
57 fe fe 44 08 06 ff ff ff fe 07 06 00 00 00 01
06 06 00 00 00 02 19 20 5b ab 07 44 00 00 01 37
00 01 c0 a8 64 04 01 c5 a6 87 0a 92 f0 c8 00 00
00 00 00 00 0c e7 1a 2a 00 00 01 37 11 24 80 37
0b 28 4c e5 ca 1c 5a d4 5f 22 e3 ca 3b 85 5e 2e
0d 3b 26 a6 8b 87 01 f3 c5 7e 59 31 de 21 b5 2a
1a 2a 00 00 01 37 10 24 80 38 46 a6 c1 a9 88 02
9d 46 3c 8e 2c 01 02 be b6 27 5d 71 18 ca 8f 35
d0 91 bf a7 df d8 60 92 91 3c 1a 33 00 00 01 37
1a 2d 01 53 3d 35 39 30 39 31 41 37 39 45 33 34
39 38 37 44 42 34 35 44 43 37 38 37 41 38 45 42
46 33 39 34 31 38 37 36 32 44 43 41 43 1a 16 00
00 01 37 0a 10 01 41 43 43 45 53 53 2d 53 45 52
56 45 52
Code: Access-Accept
Identifier: 7
Authentic: <167><152>Z<170>VEK|<161><190><131>bW<254><254>D
Attributes:
Framed-IP-Address = 255.255.255.254
Framed-Protocol = PPP
Service-Type = Framed-User
Class =
"[<171><7>D<0><0><1>7<0><1><192><168>d<4><1><197><166><135><10><146><240><200><0><0><0><0><0><0><12><231>"
MS-MPPE-Recv-Key =
<128>7<11>(L<229><202><28>Z<212>_"<227><202>;<133>^.<13>;&<166><139><135><1><243><197>~Y1<222>!<181>*
MS-MPPE-Send-Key =
<128>8F<166><193><169><136><2><157>F<<142>,<1><2><190><182>']q<24><202><143>5<208><145><191><167><223><216>`<146><145><
MS-CHAP2-Success = "<1>S=59091A79E34987DB45DC787A8EBF39418762DCAC"
MS-CHAP-Domain = "<1>ACCESS-SERVER"
Wed Aug 24 12:51:56 2005: DEBUG: Received reply in AuthRADIUS for req 7 from 62.
33.245.3:1812
Wed Aug 24 12:51:56 2005: DEBUG: Access accepted for asv-test
Wed Aug 24 12:51:56 2005: DEBUG: Packet dump:
*** Sending to 192.168.0.36 port 57967 ....
Packet length = 227
02 1f 00 e3 59 4a 0a 19 c3 56 3f cd c5 eb f8 2b
c7 e4 f7 d7 08 06 ff ff ff fe 07 06 00 00 00 01
06 06 00 00 00 02 19 20 5b ab 07 44 00 00 01 37
00 01 c0 a8 64 04 01 c5 a6 87 0a 92 f0 c8 00 00
00 00 00 00 0c e7 1a 2a 00 00 01 37 11 24 8d ad
16 4b 59 a1 ae 56 f2 eb f3 b1 c6 9b 12 d6 c3 60
e7 83 f3 e8 f9 30 88 39 69 e5 93 70 49 36 05 49
1a 2a 00 00 01 37 10 24 a3 5c 81 0b e7 f9 f1 f9
f7 c8 0c 6b 63 11 55 55 60 b4 17 37 a3 27 e8 dc
19 85 a1 ad 59 b1 f0 58 a6 cc 1a 33 00 00 01 37
1a 2d 01 53 3d 35 39 30 39 31 41 37 39 45 33 34
39 38 37 44 42 34 35 44 43 37 38 37 41 38 45 42
46 33 39 34 31 38 37 36 32 44 43 41 43 1a 16 00
00 01 37 0a 10 01 41 43 43 45 53 53 2d 53 45 52
56 45 52
Code: Access-Accept
Identifier: 31
Authentic: <158><211><187> <157><235>!<165><229><175>#<4><23><150><174>(
Attributes:
Framed-IP-Address = 255.255.255.254
Framed-Protocol = PPP
Service-Type = Framed-User
Class =
"[<171><7>D<0><0><1>7<0><1><192><168>d<4><1><197><166><135><10><146><240><200><0><0><0><0><0><0><12><231>"
MS-MPPE-Recv-Key =
<141><173><22>KY<161><174>V<242><235><243><177><198><155><18><214><195>`<231><131><243><232><249>0<136>9i<229><147>pI6<5>I
MS-MPPE-Send-Key =
<163>\<129><11><231><249><241><249><247><200><12>kc<17>UU`<180><23>7<163>'<232><220><25><133><161><173>Y<177><240>X<166><204>
MS-CHAP2-Success = "<1>S=59091A79E34987DB45DC787A8EBF39418762DCAC"
MS-CHAP-Domain = "<1>ACCESS-SERVER"
--- end of cut ---
--
--------------------------------------------------------------------------------
Vlad A. Shalnev
E-mail: vlad at asv.ru
"Gravity can't be blamed
for someone
falling in love"
( Albert Einstein )
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list