(RADIATOR) reject then accept

Hugh Irvine hugh at open.com.au
Mon Feb 28 11:04:46 CST 2005 

Hello Mark -

It is not clear to me what is happening, but it looks like your NAS is 
sending just the username in the first access request with a 
Service-Type = Outbound-User, then sending the username plus the realm 
in the second access request with a Service-Type = Framed-User. I'm 
guessing this has something to do with your NAS configuration - 
possibly VPN?

regards

Hugh


On 28 Feb 2005, at 14:07, Mark R Russell wrote:

> I seem to have stuffed something up with my config, it rejects the 
> user then accepts it. As this is happening to our broadband and 
> wireless clients its not an issue its just damn annoying. If you ned 
> anymore info please let me know
>
> <-----<level 4 trace>----->
>
> Mon Feb 28 23:47:30 2005: DEBUG: Packet dump:
> *** Received from 202.1.117.5 port 1645 ....
> Code:       Access-Request
> Identifier: 174
> Authentic:  <222><214><7><26><133><0>V{l<162><213><189><142><183><135>/
> Attributes:
>         User-Name = "ib-mark"
>         User-Password = 
> "<148><254>g<196><22><16><152>2<140><165>Y<253><26>*<181>w"
>         NAS-Port-Type = Async
>         Calling-Station-Id = "001264403503276"
>         Called-Station-Id = "<1><16>bD0<5>#g"
>         Service-Type = Outbound-User
>         NAS-IP-Address = 202.1.117.5
>
> Mon Feb 28 23:47:30 2005: DEBUG: Handling request with Handler 
> 'User-Name = /i[bc]\-.*/'
> Mon Feb 28 23:47:30 2005: DEBUG:  Deleting session for ib-mark, 
> 202.1.117.5,
> Mon Feb 28 23:47:30 2005: DEBUG: do query is: delete from RADONLINE 
> where USERNAME='ib-mark at isp.net.au' AND ACCTSESSIONID = ''
>
> Mon Feb 28 23:47:30 2005: DEBUG: Handling with Radius::AuthSQL
> Mon Feb 28 23:47:30 2005: DEBUG: Handling with Radius::AuthSQL: chap
> Mon Feb 28 23:47:30 2005: DEBUG: Query is: select plain_passwd, 
> checkattr, replyattr from auth where username='ib-mark at isp.net.au'
>
> Mon Feb 28 23:47:30 2005: DEBUG: Radius::AuthSQL looks for match with 
> ib-mark at isp.net.au
> Mon Feb 28 23:47:30 2005: DEBUG: Radius::AuthSQL REJECT: Bad Password
> Mon Feb 28 23:47:30 2005: INFO: Access rejected for 
> ib-mark at isp.net.au: Bad Password
> Mon Feb 28 23:47:30 2005: DEBUG: Packet dump:
> *** Sending to 202.1.117.5 port 1645 ....
> Code:       Access-Reject
> Identifier: 174
> Authentic:  <222><214><7><26><133><0>V{l<162><213><189><142><183><135>/
> Attributes:Mon Feb 28 23:47:30 2005: DEBUG: Packet dump:
> *** Received from 202.1.117.5 port 1645 ....
> Code:       Access-Request
> Identifier: 175
> Authentic:  <224>3]c<154><198><27><11><20><20><173>o2<249><131>c
> Attributes:
>         Framed-Protocol = PPP
>         User-Name = "ib-mark at isp.net.au"
>         User-Password = 
> "xc<180><203>"<205>(<169><155>;<244>3I<14><138>}"
>         NAS-Port-Type = Async
>         Calling-Station-Id = "001264403503276"
>         Called-Station-Id = "<1><16>bD0<5>#g"
>         Service-Type = Framed-User
>         NAS-IP-Address = 202.1.117.5
>
> Mon Feb 28 23:47:30 2005: DEBUG: Handling request with Handler 
> 'User-Name = /i[bc]\-.*/'
> Mon Feb 28 23:47:30 2005: DEBUG:  Deleting session for 
> ib-mark at isp.net.au, 202.1.117.5,
> Mon Feb 28 23:47:30 2005: DEBUG: do query is: delete from RADONLINE 
> where USERNAME='ib-mark at isp.net.au' AND ACCTSESSIONID = ''
>
> Mon Feb 28 23:47:30 2005: DEBUG: Handling with Radius::AuthSQL
> Mon Feb 28 23:47:30 2005: DEBUG: Handling with Radius::AuthSQL: chap
> Mon Feb 28 23:47:31 2005: DEBUG: Query is: select plain_passwd, 
> checkattr, replyattr from auth where username='ib-mark at isp.net.au'
>
> Mon Feb 28 23:47:31 2005: DEBUG: Radius::AuthSQL looks for match with 
> ib-mark at isp.net.au
> Mon Feb 28 23:47:31 2005: DEBUG: Radius::AuthSQL ACCEPT:
> Mon Feb 28 23:47:31 2005: DEBUG: Access accepted for ib-mark at isp.net.au
> Mon Feb 28 23:47:31 2005: DEBUG: Packet dump:
> *** Sending to 202.1.117.5 port 1645 ....
> Code:       Access-Accept
> Identifier: 175
> Authentic:  <224>3]c<154><198><27><11><20><20><173>o2<249><131>c
> Attributes:
>         Framed-IP-Address = 203.18.151.250
>         Framed-Compression = Van-Jacobson-TCP-IP
>         Port-Limit = 5
>         Acct-Interim-Interval = 600
>
> Mon Feb 28 23:47:31 2005: DEBUG: Packet dump:
> *** Received from 202.1.117.5 port 1646 ....
> Code:       Accounting-Request
> Identifier: 85
> Authentic:  <<17><226>Z<158>Kg|7<231>r!<234>v<178><213>
> Attributes:
>         Acct-Session-Id = "00002691"
>         Tunnel-Server-Endpoint = 202.1.117.16
>         Tunnel-Client-Endpoint = 202.128.126.11
>         Tunnel-Assignment-ID = iburst-syd
>         Tunnel-Type = 0:L2TP
>         Tunnel-ID = 36820
>         Tunnel-Client-Auth-ID = PBA-SYD01
>         Tunnel-Server-Auth-ID = pba-iburst
>         Framed-Protocol = PPP
>         User-Name = "ib-mark at isp.net.au"
>        cisco-avpair = "connect-progress=Call Up"
>         Acct-Authentic = RADIUS
>         Acct-Status-Type = Start
>         NAS-Port-Type = Async
>         Calling-Station-Id = "001264403503276"
>         Called-Station-Id = "<1><16>bD0<5>#g"
>         Service-Type = Framed-User
>         NAS-IP-Address = 202.1.117.5
>         Acct-Delay-Time = 0
>
> Mon Feb 28 23:47:31 2005: DEBUG: Handling request with Handler 
> 'User-Name = /i[bc]\-.*/'
> Mon Feb 28 23:47:31 2005: DEBUG:  Adding session for 
> ib-mark at isp.net.au, 202.1.117.5,
> Mon Feb 28 23:47:31 2005: DEBUG: do query is: delete from RADONLINE 
> where USERNAME='ib-mark at isp.net.au' AND ACCTSESSIONID = '00002691'
>
> Mon Feb 28 23:47:31 2005: DEBUG: do query is: replace into RADONLINE 
> (USERNAME, NASIDENTIFIER, NASPORT, ACCTSESSIONID,ASCENDSESSIONSVRKEY, 
> TIME_STAMP, FRAMED$
>
> Mon Feb 28 23:47:31 2005: DEBUG: Handling with Radius::AuthSQL
> Mon Feb 28 23:47:31 2005: DEBUG: Handling accounting with 
> Radius::AuthSQL
> Mon Feb 28 23:47:31 2005: DEBUG: Accounting accepted
> Mon Feb 28 23:47:31 2005: DEBUG: Packet dump:
>
>         Reply-Message = "Request Denied"
>
>
> <------</level 4 trace>---->
>
> <-----<config>------->
> <AuthBy SQL>
>   AddToReply Acct-Interim-Interval=600
>   AuthColumnDef 0, User-Password, check
>   AuthColumnDef 1, GENERIC, check
>   AuthColumnDef 2, GENERIC, reply
>   AuthSelect select plain_passwd, checkattr, replyattr from auth where 
> username='%n'
>   DBAuth xxxxxx
>   DBSource dbi:mysql:radiator:localhost
>   DBUsername radius
>   EncryptedPassword
>   Identifier chap
>   NoDefault
> </AuthBy>
>
>
>
> <Handler User-Name = /i[bc]\-.*/>
>   AuthBy chap
> </Handler>
>
> <----</config>----->
>
>
>
> Thanx
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>

NB: I am travelling this week, so there may be delays in our 
correspondence.

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list