(RADIATOR) puzzling auth failure

Tariq Rashid tariq.rashid at uk.easynet.net
Mon Jun 13 04:18:28 CDT 2005 


hi - we have many lucent stingers which auth to radiator fine and have done
so for a long time. however we have one which seems to be configured exactly
as the many others ... but we get auth failures with this one (see log
below).

if we point the NAS to an old livingston-based server (old C code) the auths
work fine .. but if we use radiator it fails (versions 3.7 to 3.11).

we've had issues before with CHAP whic disappear when PAP is enforced... but
this seems not be the case here.

we were suspicious that the password fields of the request packet are not
the required lengthin bytes according to the RFCs.

any ideas? anyone with similar experiences?

tariq


------------

Fri Jun 10 12:29:26 2005: DEBUG: Packet dump:
*** Received from 217.206.246.231 port 9142 ....

Packet length = 79
01 60 00 4f 23 5b c6 3b 2b 1b 06 72 47 23 56 66
02 ab 07 c1 01 19 6d 61 72 63 64 62 6c 40 75 6b
6f 6e 6c 69 6e 65 2e 63 6f 2e 75 6b 00 02 10 50
ad 8d 37 b7 7d 5c 26 5f e4 00 9e 0d 60 04 06 d9
ce f6 e7 05 06 00 00 00 00 3d 06 00 00 00 05
Code:       Access-Request
Identifier: 96
Authentic:  #[<198>;+<27><6>rG#Vf<2><171><7><193>
Attributes:
        User-Name = "marcdbl at ukonline.co.uk"
        Password = "P<173><141>7<183>}\&_<228><0><158><13>`"
        NAS-Identifier = "217.206.246.231"
        NAS-Port = 0
        NAS-Port-Type = Virtual

Fri Jun 10 12:29:26 2005: DEBUG: Rewrote user name to
marcdbl at ukonline.co.uk
Fri Jun 10 12:29:26 2005: DEBUG: Rewrote user name to
marcdbl at ukonline.co.uk
Fri Jun 10 12:29:26 2005: DEBUG: Rewrote user name to
marcdbl at ukonline.co.uk
Fri Jun 10 12:29:26 2005: DEBUG: Rewrote user name to
marcdbl at ukonline.co.uk
Fri Jun 10 12:29:26 2005: DEBUG: Rewrote user name to
marcdbl at ukonline.co.uk
Fri Jun 10 12:29:26 2005: DEBUG: Handling request with Handler
'Realm=ukonline.co.uk'
Fri Jun 10 12:29:26 2005: DEBUG: SDB1 Deleting session for
marcdbl at ukonline.co.uk, 217.206.246.231, 0
Fri Jun 10 12:29:26 2005: DEBUG: do query is: 'delete from RADONLINE
where NASIDENTIFIER='217.206.246.231' and ACCTSESSIONID=''': 
Fri Jun 10 12:29:26 2005: DEBUG: Query is: 'select NASIDENTIFIER,
NASPORT, ACCTSESSIONID, FRAMEDIPADDRESS from RADONLINE where
USERNAME='marcdbl at ukonline.co.uk'': 
Fri Jun 10 12:29:26 2005: DEBUG: Handling with Radius::AuthGROUP
Fri Jun 10 12:29:26 2005: DEBUG: Handling with Radius::AuthLDAP2: 
Fri Jun 10 12:29:26 2005: INFO: Connecting to 212.135.1.207, port 389
Fri Jun 10 12:29:26 2005: INFO: Attempting to bind to LDAP server
212.135.1.207:389)
Fri Jun 10 12:29:26 2005: DEBUG: LDAP got result for
uid=marcdbl at ukonline.co.uk,ou=users,domain=ukonline.co.uk,vip=easynet-uk,o=e
asynet.net
Fri Jun 10 12:29:26 2005: DEBUG: LDAP got dialAttr: Cisco-AVPair =
"ip:dns-servers=195.40.1.36 212.135.1.36"
Fri Jun 10 12:29:26 2005: DEBUG: LDAP got dialUserCLI:
uko-0808:01932560805
Fri Jun 10 12:29:26 2005: ERR: Bad attribute=value pair:
uko-0808:01932560805
Fri Jun 10 12:29:26 2005: DEBUG: LDAP got ipAddr: 82.110.142.216
Fri Jun 10 12:29:26 2005: DEBUG: LDAP got ipNetmask: 255.255.255.255
Fri Jun 10 12:29:26 2005: DEBUG: LDAP got protocol: PPP
Fri Jun 10 12:29:26 2005: DEBUG: LDAP got userPassword: *******.*****
Fri Jun 10 12:29:26 2005: DEBUG: LDAP got services: pstn isdn mail
dialweb unmetered-dial uk.cdsl dial
Fri Jun 10 12:29:26 2005: ERR: Bad attribute=value pair:
pstn,isdn,mail,dialweb,unmetered-dial,uk.cdsl,dial
Fri Jun 10 12:29:26 2005: DEBUG: POST Search Hook -- Start Processing
Fri Jun 10 12:29:26 2005: DEBUG: Time of Day Restriction Check
Fri Jun 10 12:29:26 2005: DEBUG: No time checking done or required
Fri Jun 10 12:29:26 2005: DEBUG: Timeout -1
Fri Jun 10 12:29:26 2005: DEBUG: Radius::AuthLDAP2 looks for match with
marcdbl at ukonline.co.uk
Fri Jun 10 12:29:26 2005: DEBUG: Radius::AuthLDAP2 REJECT: Bad Password
Fri Jun 10 12:29:26 2005: INFO: Connecting to 212.135.1.207, port 389
Fri Jun 10 12:29:26 2005: INFO: Attempting to bind to LDAP server
212.135.1.207:389)
Fri Jun 10 12:29:26 2005: DEBUG: No entries for DEFAULT found in LDAP
database
Fri Jun 10 12:29:26 2005: INFO: Access rejected for
marcdbl at ukonline.co.uk: Bad Password
Fri Jun 10 12:29:26 2005: DEBUG: Packet dump:
*** Sending to 217.206.246.231 port 9142 ....

Packet length = 36
03 60 00 24 79 5c ff e5 9f 4a 01 dd 07 7f e8 5a
d3 3f 4c 57 12 10 52 65 71 75 65 73 74 20 44 65
6e 69 65 64
Code:       Access-Reject
Identifier: 96
Authentic:  #[<198>;+<27><6>rG#Vf<2><171><7><193>
Attributes:
        Reply-Message = "Request Denied"

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list