AW: (RADIATOR) Problem with ISDN connections on new Radiator Install

Martin Wallner Martin.Wallner at eunet.co.at
Thu Dec 29 19:55:30 CST 2005


Looks to me like either the user tries to channel bundle with a different/non-existant password or RADIATOR send the NAS in the first authentication PortLimit = 2, might be that the NAS sends on MPPP to the client, client starts another session for the second channel, and then got whacked out by the RADIATOR, because it says in realm max session one... which causes the NAS to drop the whole session (even the existing one) because of authentication problems. 
 
I had similar problems some time ago when (a CISCO) LAC was set on MPPP on demand (via l2tp), but the NAS was not and got REALLY confused about what to do with even the first connection (which authenticated fine), because LCP was not able to finish the MPPP request...
 
I fear this one is going to be a bit of a pain.  As Hugh said, no Radius problem, looks like just a bit confusion in the settings.... 
 
Martin.

________________________________

Von: owner-radiator at open.com.au im Auftrag von Terry Rossi
Gesendet: Fr 30.12.2005 00:03
An: Hugh Irvine; Terry Rossi
Cc: radiator at open.com.au
Betreff: RE: (RADIATOR) Problem with ISDN connections on new Radiator Install



No traffic is passing to the isdn client then the connection is dropped.  The multiple password lines is strange?

Sent with Wireless Sync from Verizon Wireless

---- Original Message ----
From: "Hugh Irvine" <hugh at open.com.au>
Date: 12/29/05 5:54 pm
To: "Terry Rossi" <tpr at pics.com>
Cc: "radiator at open.com.au" <radiator at open.com.au>
Subj: Re: (RADIATOR) Problem with ISDN connections on new Radiator Install

Hello Terry -

What exactly is the problem?

As far as I can see from the Radiator log, Radiator is operating 
correctly and returning an Access-Accept for "honick". The Access-
Accept contains the reply attributes as specified in the user record.

If the session is being dropped by the NAS it looks more like a NAS 
problem, but I can't be sure.

regards

Hugh


On 30 Dec 2005, at 09:38, Terry Rossi wrote:

>
>
> My own failed for about 30 hours straight with the same symptoms 
> now I have a customer failing too.  Can you please help point me in 
> the right direction.    My connection is now working fine but the 
> user "honick" is not.
>
>
>
> Brand new machine (replacement) and new install of Radiator via RPM 
> 3.13.1
>
>
>
> Linux picspc01.pics.com 2.4.21-37.ELsmp #1 SMP Wed Sep 7 13:28:55 
> EDT 2005 i686 i686 i386 GNU/Linux
>
>
>
> *** password.log**
>
>
>
> Thu Dec 29 17:05:14 2005:1135893914:honick:XXXxxxXXX:XXXxxxXXX:PASS
>
> Thu Dec 29 17:07:48 2005:1135894068:conner:UNKNOWN-CHAP:1075:PASS
>
> Thu Dec 29 17:11:16 2005:1135894276:honick:XXXxxxXXX:XXXxxxXXX:PASS
>
> Thu Dec 29 17:11:57 2005:1135894317:kennyg:UNKNOWN-CHAP:tazz:PASS
>
> Thu Dec 29 17:12:28 2005:1135894348:honick:XXXxxxXXX:XXXxxxXXX:PASS
>
> Thu Dec 29 17:13:03 2005:1135894383:honick:XXXxxxXXX:XXXxxxXXX:PASS
>
> Thu Dec 29 17:13:23 2005:1135894403:honick:XXXxxxXXX:XXXxxxXXX:PASS
>
> Thu Dec 29 17:13:43 2005:1135894423:honick:XXXxxxXXX:XXXxxxXXX:PASS
>
> Thu Dec 29 17:14:05 2005:1135894445:honick:XXXxxxXXX:XXXxxxXXX:PASS
>
> Thu Dec 29 17:14:32 2005:1135894472:honick:XXXxxxXXX:XXXxxxXXX:PASS
>
> Thu Dec 29 17:14:52 2005:1135894492:honick:XXXxxxXXX:XXXxxxXXX:PASS
>
> Thu Dec 29 17:15:22 2005:1135894522:honick:XXXxxxXXX:XXXxxxXXX:PASS
>
> Thu Dec 29 17:16:05 2005:1135894565:honick:XXXxxxXXX:XXXxxxXXX:PASS
>
> Thu Dec 29 17:16:19 2005:1135894579:honick:XXXxxxXXX:XXXxxxXXX:PASS
>
> Thu Dec 29 17:16:37 2005:1135894597:honick:XXXxxxXXX:XXXxxxXXX:PASS
>
> Thu Dec 29 17:17:04 2005:1135894624:honick:XXXxxxXXX:XXXxxxXXX:PASS
>
>
>
>
>
> *** logfile ***
>
> Packet length = 20
>
> 05 da 00 14 fc 89 5d f7 89 30 8f a9 5c b9 61 39
>
> 09 de e7 34
>
> Code:       Accounting-Response
>
> Identifier: 218
>
> Authentic:  WQ#<28><150><*<150>*>*<9><11>tS^
>
> Attributes:
>
>
>
> Thu Dec 29 17:16:37 2005: DEBUG: Packet dump:
>
> *** Received from 192.135.189.36 port 1645 ....
>
>
>
> Packet length = 239
>
> 01 fc 00 ef 4e 79 4d 88 1f c4 13 47 db 01 37 fa
>
> 4f 36 67 11 01 08 68 6f 6e 69 63 6b 02 12 27 21
>
> 09 7d 87 a0 a7 c8 ec da 5f 95 c0 f3 7f 24 04 06
>
> cf 08 a8 01 20 0d 32 30 37 2e 38 2e 31 36 38 2e
>
> 31 05 06 00 00 01 83 2c 0a 36 37 32 33 39 39 36
>
> 31 1a 0e 00 00 01 ad 00 00 98 43 00 00 08 eb 1a
>
> 0e 00 00 01 ad 00 00 98 89 00 00 00 00 06 06 00
>
> 00 00 02 07 06 00 00 00 01 1a 10 00 00 01 ad 00
>
> 00 98 41 00 00 c5 7b c8 0c 1a 10 00 00 01 ad 00
>
> 4f 36 67 11 01 08 68 6f 6e 69 63 6b 02 12 27 21
>
> 09 7d 87 a0 a7 c8 ec da 5f 95 c0 f3 7f 24 04 06
>
> cf 08 a8 01 20 0d 32 30 37 2e 38 2e 31 36 38 2e
>
> 31 05 06 00 00 01 83 2c 0a 36 37 32 33 39 39 36
>
> 31 1a 0e 00 00 01 ad 00 00 98 43 00 00 08 eb 1a
>
> 0e 00 00 01 ad 00 00 98 89 00 00 00 00 06 06 00
>
> 00 00 02 07 06 00 00 00 01 1a 10 00 00 01 ad 00
>
> 00 98 41 00 00 c5 7b c8 0c 1a 10 00 00 01 ad 00
>
> 00 90 25 00 00 c5 7b c8 0c 1a 0e 00 00 01 ad 00
>
> 00 90 19 00 00 00 05 1a 0e 00 00 01 ad 00 00 90
>
> 1a 00 00 00 01 1a 0e 00 00 01 ad 00 00 90 1b 00
>
> 00 00 03 1a 0e 00 00 01 ad 00 00 90 23 00 00 00
>
> 01 1f 0c 36 30 39 37 30 34 37 36 32 38 1e 0c 38
>
> 35 36 36 32 36 38 38 39 39 3d 06 00 00 00 02
>
> Code:       Access-Request
>
> Identifier: 252
>
> Authentic:  NyM<136><31><196><19>G<219><1>7<250>O6g<17>
>
> Attributes:
>
>         User-Name = "honick"
>
>         User-Password = '!<9>}
> <135><160><167><200><236><218>_<149><192><243><127>$
>
>         NAS-IP-Address = 207.8.168.1
>
>         NAS-Identifier = "207.8.168.1"
>
> Thu Dec 29 17:16:37 2005: DEBUG: Radius::AuthFILE looks for match 
> with honick
>
> Thu Dec 29 17:16:37 2005: DEBUG: Radius::AuthFILE ACCEPT:
>
> Thu Dec 29 17:16:37 2005: DEBUG: AuthBy FILE result: ACCEPT,
>
> Thu Dec 29 17:16:37 2005: DEBUG: Access accepted for honick
>
> Thu Dec 29 17:16:37 2005: DEBUG: Packet dump:
>
> *** Sending to 192.135.189.36 port 1645 ....
>
>
>
> Packet length = 80
>
> 02 fc 00 50 23 44 c3 07 1e 3b c6 6f 45 ba 2f 78
>
> d3 21 54 e7 08 06 cf 08 a8 df 06 06 00 00 00 02
>
> 07 06 00 00 00 01 09 06 ff ff ff ff 0a 06 00 00
>
> 00 03 0d 06 00 00 00 01 0c 06 00 00 05 dc 3e 06
>
> 00 00 00 02 1b 06 00 00 a8 c0 1c 06 00 00 04 b0
>
> Code:       Access-Accept
>
> Identifier: 252
>
> Authentic:  NyM<136><31><196><19>G<219><1>7<250>O6g<17>
>
> Attributes:
>
>         Framed-IP-Address = 207.8.168.223
>
>         Service-Type = Framed-User
>
>         Framed-Protocol = PPP
>
>         Framed-IP-Netmask = 255.255.255.255
>
>         Framed-Routing = Broadcast-Listen
>
>         Framed-Compression = Van-Jacobson-TCP-IP
>
>         NAS-Port = 387
>
>          Acct-Session-Id = "67239961"
>
>         USR-Interface-Index = 2283
>
>         USR-Tunnel-Supports-Tags = 0
>
>         Service-Type = Framed-User
>
>         Framed-Protocol = PPP
>
>         USR-MP-EDO = "<0><0><197>{<200><12>"
>
>         USR-MP-EDO = "<0><0><197>{<200><12>"
>
>         USR-Chassis-Call-Slot = 5
>
>         USR-Chassis-Call-Span = 1
>
>         USR-Chassis-Call-Channel = 3
>
>         USR-Connect-Speed = NONE
>
>         Calling-Station-Id = "6097047628"
>
>         Called-Station-Id = "8566268899"
>
>         NAS-Port-Type = ISDN
>
>
>
> Thu Dec 29 17:16:37 2005: DEBUG: Rewrote user name to honick
>
> Thu Dec 29 17:16:37 2005: DEBUG: Handling request with Handler 
> 'Realm=DEFAULT'
>
> Thu Dec 29 17:16:37 2005: DEBUG: Rewrote user name to honick
>
> Thu Dec 29 17:16:37 2005: DEBUG: DefaultSessionDB Deleting session 
> for honick, 207.8.168.1, 387
>
> Thu Dec 29 17:16:37 2005: DEBUG: Handling with Radius::AuthFILE: ID_0
>
> Thu Dec 29 17:16:37 2005: DEBUG: Radius::AuthFILE looks for match 
> with honick
>
> Thu Dec 29 17:16:37 2005: DEBUG: Radius::AuthFILE ACCEPT:
>
> Thu Dec 29 17:16:37 2005: DEBUG: Access accepted for honick
>
> Thu Dec 29 17:16:37 2005: DEBUG: Packet dump:
>
> *** Sending to 192.135.189.36 port 1645 ....
>
>
>
> Packet length = 80
>
> 02 fc 00 50 23 44 c3 07 1e 3b c6 6f 45 ba 2f 78
>
> d3 21 54 e7 08 06 cf 08 a8 df 06 06 00 00 00 02
>
> 07 06 00 00 00 01 09 06 ff ff ff ff 0a 06 00 00
>
> 00 03 0d 06 00 00 00 01 0c 06 00 00 05 dc 3e 06
>
> 00 00 00 02 1b 06 00 00 a8 c0 1c 06 00 00 04 b0
>
> Code:       Access-Accept
>
> Identifier: 252
>
> Authentic:  NyM<136><31><196><19>G<219><1>7<250>O6g<17>
>
> Attributes:
>
>         Framed-IP-Address = 207.8.168.223
>
>         Service-Type = Framed-User
>
>         Framed-Protocol = PPP
>
>         Framed-IP-Netmask = 255.255.255.255
>
>         Framed-Routing = Broadcast-Listen
>
>         Framed-Compression = Van-Jacobson-TCP-IP
>
>         Framed-MTU = 1500
>
>         Port-Limit = 2
>
>         Session-Timeout = 43200
>
>         Idle-Timeout = 1200
>
>
>
> Thu Dec 29 17:16:38 2005: DEBUG: Packet dump:
>
> *** Received from 192.135.189.36 port 1646 ....
>
>
>
> Packet length = 351
>
> 04 db 01 5f 1e c8 50 90 0a ee 98 6f 4b 99 be 36
>
> 0f 4d 57 75 01 11 75 6e 61 75 74 68 65 6e 74 69
>
> 63 61 74 65 64 04 06 cf 08 a8 01 28 06 00 00 00
>
> 02 2c 0a 36 37 32 33 39 39 36 31 29 06 00 00 00
>
> 00 06 06 00 00 00 02 3d 06 00 00 00 02 05 06 00
>
> 00 01 83 1a 0e 00 00 01 ad 00 00 98 43 00 00 08
>
> eb 1a 0e 00 00 01 ad 00 00 90 19 00 00 00 05 1a
>
> 0e 00 00 01 ad 00 00 90 1a 00 00 00 01 1a 0e 00
>
> 00 01 ad 00 00 90 1b 00 00 00 03 1a 0e 00 00 01
>
> ad 00 00 90 1d 00 00 00 04 1a 0e 00 00 01 ad 00
>
> 00 98 42 00 00 00 04 1f 0c 36 30 39 37 30 34 37
>
> 36 32 38 1e 0c 38 35 36 36 32 36 38 38 39 39 1a
>
> 0e 00 00 01 ad 00 00 00 6c 00 00 00 1b 1a 0e 00
>
> 00 01 ad 00 00 00 99 00 00 00 06 1a 0e 00 00 01
>
> ad 00 00 00 c7 00 00 00 01 1a 0e 00 00 01 ad 00
>
> 00 90 23 00 00 00 27 07 06 00 00 00 01 08 06 00
>
> 0e 00 00 01 ad 00 00 98 8b 00 00 00 1e 1a 0e 00
>
> 00 01 ad 00 00 98 01 00 00 fa 00 2a 06 00 00 01
>
> 1c 2b 06 00 00 00 8c 2f 06 00 00 00 09 30 06 00
>
> 00 00 07 1a 0e 00 00 01 ad 00 00 98 58 12 cd 03
>
> 4b 1a 0e 00 00 01 ad 00 00 98 59 12 cd 03 4f
>
> Code:       Accounting-Request
>
> Identifier: 219
>
> Authentic:  <30><200>P<144><10><238><152>oK<153><190>6<15>MWu
>
> Attributes:
>
>         User-Name = "unauthenticated"
>
>         NAS-IP-Address = 207.8.168.1
>
>         Acct-Status-Type = Stop
>
>         Acct-Session-Id = "67239961"
>
>         Acct-Delay-Time = 0
>
>         Service-Type = Framed-User
>
>         NAS-Port-Type = ISDN
>
>         NAS-Port = 387
>
>         USR-Interface-Index = 2283
>
>         USR-Chassis-Call-Slot = 5
>
>         USR-Chassis-Call-Span = 1
>
>         USR-Chassis-Call-Channel = 3
>
>         USR-Unauthenticated-Time = 4
>
>         USR-Modem-Training-Time = 4
>
>         Calling-Station-Id = "6097047628"
>
>         Called-Station-Id = "8566268899"
>
>         USR-Modulation-Type = ayncSyncPPP
>
>         USR-Simplified-MNP-Levels = synchronousNone
>
>         USR-Simplified-V42bis-Usage = NONE
>
>         USR-Connect-Speed = 64000_BPS
>
>         Framed-Protocol = PPP
>
>         Framed-IP-Address = 0.0.0.0
>
>         Acct-Session-Time = 0
>
>         Acct-Terminate-Cause = NAS-Error
>
>         USR-Disconnect-Reason = 30
>
>         USR-Speed-of-Connection = 64000
>
>         Acct-Input-Octets = 284
>
>         Acct-Output-Octets = 140
>
>         Acct-Input-Packets = 9
>
>         Acct-Output-Packets = 7
>
>         USR-Call-Arrived-Time = 315425611
>
>         USR-Call-Lost-Time = 315425615
>
>
>
>
>
> Thu Dec 29 17:16:38 2005: DEBUG: Rewrote user name to unauthenticated
>
> Thu Dec 29 17:16:38 2005: DEBUG: Handling request with Handler 
> 'Realm=DEFAULT'
>
> Thu Dec 29 17:16:38 2005: DEBUG: Rewrote user name to unauthenticated
>
> Thu Dec 29 17:16:38 2005: DEBUG: DefaultSessionDB Deleting session 
> for unauthenticated, 207.8.168.1, 387
>
> Thu Dec 29 17:16:38 2005: DEBUG: Handling with Radius::AuthFILE: ID_0
>
> Thu Dec 29 17:16:38 2005: DEBUG: AuthBy FILE result: ACCEPT,
>
> Thu Dec 29 17:16:38 2005: DEBUG: Accounting accepted
>
> Thu Dec 29 17:16:38 2005: DEBUG: Packet dump:
>
> *** Sending to 192.135.189.36 port 1646 ....
>
>
>
>
>
> *** radiator.cfg ***
>
>
>
> # Radiator configuration file.
>
> # Produced by /~tpr/Radiator-3.5/goodies/radconfig.cgi Thu Feb 27 
> 19:32:24 2003
>
> #REMOTE_USER: , REMOTE_ADDR: 192.135.189.223
>
>   #  Was DupInterval 60 on 12/29/05 changed to DupInterval 0
>
>
>
> AcctPort 1646
>
> AuthPort 1645
>
> DbDir /etc/radiator
>
> DictionaryFile /etc/radiator/dictionary
>
> #Foreground
>
> LivingstonHole 2
>
> LivingstonOffs 29
>
> LogDir /var/log
>
> LogFile %L/logfile
>
> RewriteUsername s/^([^@]+).*/$1/
>
> SnmpgetProg /usr/bin/snmpget
>
> Trace 5
>
>
>
>   #DefaultSimultaneousUse 1
>
> <AuthBy FILE>
>
>   AddToReply Idle-Timeout = 1200
>
>   DefaultSimultaneousUse 1
>
>   Filename /etc/radiator/users
>
>   Identifier ID_0
>
> </AuthBy>
>
>
>
> <Client DEFAULT>
>
>   DupInterval 0
>
>   IgnoreAcctSignature
>
>   NasType TotalControlSNMP
>
>   Secret SecretXXXPass
>
> </Client>
>
>
>
> <Realm picsonline.com>
>
>   AcctLogFileName /logs/detail
>
>   AuthBy ID_0
>
>   AuthByPolicy ContinueWhileIgnore
>
>   Description DialUpUSA Realm
>
>   PasswordLogFileName /var/log/password.log
>
>   MaxSessions 1
>
>   RejectHasReason
>
>   RewriteUsername %U
>
>   SessionDatabase DefaultSessionDB
>
> </Realm>
>
>
>
>
>
>
>
> <Realm DEFAULT>
>
>   AcctLogFileName /logs/detail
>
>   AuthBy ID_0
>
>   AuthByPolicy ContinueWhileIgnore
>
>   Description Default PICS Realm
>
>   PasswordLogFileName /var/log/password.log
>
>   RewriteUsername s/^([^@]+).*/$1/
>
>   SessionDatabase DefaultSessionDB
>
> </Realm>
>
>
>
> <SessionDatabase DBM>
>
>   Filename %D/online
>
>   Identifier DefaultSessionDB
>
> </SessionDatabase>
>
>
>
>
>
> *** users ***
>
>
>
>
>
> honick        Password = "XXXxxxXXX"
>
>                 Service-Type = Framed-User,
>
>                 Framed-Protocol = PPP,
>
>                 Framed-IP-Address = 207.8.168.223,
>
>                 Framed-IP-Netmask = 255.255.255.255,
>
>                 Framed-Routing = Broadcast-Listen,
>
>                 Framed-Compression = Van-Jacobson-TCP-IP,
>
>                 Framed-MTU = 1500,
>
>                 Port-Limit = 2,
>
>                 Session-Timeout = 43200
>
>
>
>
>
>
>
>
>
>


NB:

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.





-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.open.com.au/pipermail/radiator/attachments/20051230/c1b06043/attachment.html>


More information about the radiator mailing list