(RADIATOR) Unknown reply received in RADIUS Accounting-Response
William Hernandez
whr at essnet.com
Mon Jun 13 15:15:52 CDT 2005
Hello everyone,
We're constantly seeing log entries like the following every day.
Mon May 2 00:00:23 2005: WARNING: Unknown reply received in
AuthRADIUS for request 65 from xx.xx.xx.xx:1646
Mon May 2 00:00:29 2005: WARNING: Unknown reply received in
AuthRADIUS for request 66 from xx.xx.xx.xx:1646
Mon May 2 00:00:32 2005: WARNING: Unknown reply received in
AuthRADIUS for request 67 from xx.xx.xx.xx:1646
Mon May 2 00:00:50 2005: WARNING: Unknown reply received in
AuthRADIUS for request 68 from xx.xx.xx.xx:1646
The log entries come from the "Accounting-Response" that are
being sent to us from a remote Radius Server that is running
Radiator 3.7.1 according to "radpwtst -status". We're running
Radiator 3.12. The remote server is not under our administration
and I have not been able to obtain debug information from them.
Here is some more DEBUG info from our logs:
Mon May 2 16:43:15 2005: DEBUG: Packet dump:
*** Received from xx.xx.xx.xx port 1812 ....
Code: Access-Request
Identifier: 224
Authentic:
<161>G<149><163><143><155>~<166><218><0><133><205><148><202>l<200
>
Attributes:
User-Name = "xxxxxx"
User-Password = "6Ge2<252><165><255>HQ<9>q^44AU"
NAS-IP-Address = 10.1.1.12
NAS-Identifier = "10.1.1.12"
NAS-Port = 46
Acct-Session-Id = "2491343"
USR-Interface-Index = 1295
Tunnel-Supports-Tags = 0
Service-Type = Framed-User
Framed-Protocol = PPP
Chassis-Call-Slot = 1
Chassis-Call-Span = 2
Chassis-Call-Channel = 39
Connect-Speed = NONE
Called-Station-Id = "9999999"
NAS-Port-Type = Async
Mon May 2 16:43:15 2005: DEBUG: Handling with Radius::AuthRADIUS
Mon May 2 16:43:15 2005: DEBUG: Packet dump:
*** Sending to xx.xx.xx.xx port 1645 ....
Code: Access-Request
Identifier: 2
Authentic:
<161>G<149><163><143><155>~<166><218><0><133><205><148><202>l<200
>
Attributes:
User-Name = "xxxxxx"
User-Password =
"<209><136><220><127><207><217><247><184>C<180><135>#<9><9>{<168>
"
NAS-IP-Address = xx.xx.xx.xx
NAS-Identifier = "10.1.1.12"
NAS-Port = 46
Acct-Session-Id = "2491343"
USR-Interface-Index = 1295
Tunnel-Supports-Tags = 0
Service-Type = Framed-User
Framed-Protocol = PPP
Chassis-Call-Slot = 1
Chassis-Call-Span = 2
Chassis-Call-Channel = 39
Connect-Speed = NONE
Called-Station-Id = "9999999999"
NAS-Port-Type = Async
Mon May 2 16:43:15 2005: DEBUG: Packet dump:
*** Received from xx.xx.xx.xx port 1645 ....
Code: Access-Accept
Identifier: 2
Authentic: <5><250>mZ<22>n)<230>5{?<157><168><173><230>r
Attributes:
Ascend-Data-Filter = ip in forward tcp est
Ascend-Data-Filter = ip in forward dstip xx.xx.xx.xx/24
Ascend-Data-Filter = ip in drop tcp dstport = 25
Ascend-Data-Filter = ip in forward
Idle-Timeout = 900
Service-Type = Framed-User
Framed-Protocol = PPP
Session-Timeout = 28800
Mon May 2 16:43:15 2005: DEBUG: Received reply in AuthRADIUS for
req 2 from xx.xx.xx.xx:1645
Mon May 2 16:43:15 2005: DEBUG: Access accepted for xxxxxx
Mon May 2 16:43:15 2005: DEBUG: Packet dump:
*** Sending to xx.xx.xx.xx port 1812 ....
Code: Access-Accept
Identifier: 224
Authentic:
<161>G<149><163><143><155>~<166><218><0><133><205><148><202>l<200
>
Attributes:
Ascend-Data-Filter = ip in forward tcp est
Ascend-Data-Filter = ip in forward dstip xx.xx.xx.xx/24
Ascend-Data-Filter = ip in drop tcp dstport = 25
Ascend-Data-Filter = ip in forward
Idle-Timeout = 900
Service-Type = Framed-User
Framed-Protocol = PPP
Session-Timeout = 28800
Framed-IP-Netmask = 255.255.255.255
Framed-Compression = Van-Jacobson-TCP-IP
USR-V92-Feature-Control = 1
Mon May 2 16:43:15 2005: DEBUG: Packet dump:
*** Received from 208.249.78.130 port 55915 ....
Code: Accounting-Request
Identifier: 64
Authentic:
<168><210><226><209><21><22><213><214><207><211><155><185><128><2
33><131>-
Attributes:
User-Name = "xxxxxx"
NAS-IP-Address = 10.1.1.12
NAS-Identifier = "10.1.1.12"
Acct-Status-Type = Start
Acct-Session-Id = "2491343"
Acct-Delay-Time = 0
Acct-Authentic = RADIUS
Service-Type = Framed-User
NAS-Port-Type = Async
NAS-Port = 46
USR-Modem-Training-Time = 19
USR-Interface-Index = 1295
Chassis-Call-Slot = 1
Chassis-Call-Span = 2
Chassis-Call-Channel = 39
Unauthenticated-Time = 1
Calling-Station-Id = ""
Called-Station-Id = "9999999"
VPN-ID = 0
Modulation-Type = v90Digital
Simplified-MNP-Levels = ccittV42SREJ
Simplified-V42bis-Usage = 4
Connect-Speed = 45333_BPS
Framed-Protocol = PPP
Framed-IP-Address = xx.xx.xx.xx
VTS-Session-Key =
"<193>-<218><204><233>3<247>g+qR<131>,<175><11>4"
Call-Arrived-time = 294612175
Mon May 2 16:43:15 2005: DEBUG: Handling with Radius::AuthRADIUS
Mon May 2 16:43:15 2005: DEBUG: Packet dump:
*** Sending to xx.xx.xx.xx port 1646 ....
Code: Accounting-Request
Identifier: 5
Authentic: <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Attributes:
User-Name = "xxxxxx"
NAS-IP-Address = xx.xx.xx.xx
NAS-Identifier = "10.1.1.12"
Acct-Status-Type = Start
Acct-Session-Id = "2491343"
Acct-Delay-Time = 0
Acct-Authentic = RADIUS
Service-Type = Framed-User
NAS-Port-Type = Async
NAS-Port = 46
USR-Modem-Training-Time = 19
USR-Interface-Index = 1295
Chassis-Call-Slot = 1
Chassis-Call-Span = 2
Chassis-Call-Channel = 39
Unauthenticated-Time = 1
Calling-Station-Id = ""
Called-Station-Id = "9999999999"
VPN-ID = 0
Modulation-Type = v90Digital
Simplified-MNP-Levels = ccittV42SREJ
Simplified-V42bis-Usage = 4
Connect-Speed = 45333
Framed-Protocol = PPP
Framed-IP-Address = xx.xx.xx.xx
VTS-Session-Key =
"<193>-<218><204><233>3<247>g+qR<131>,<175><11>4"
Call-Arrived-time = 294612175
Mon May 2 16:43:16 2005: DEBUG: Packet dump:
*** Received from xx.xx.xx.xx port 1646 ....
Code: Accounting-Response
Identifier: 5
Authentic: /Q<216>Fe<1><132><253><7><240>><213>)<205><129><210>
Attributes:
Service-Type = Framed-User
Framed-Protocol = PPP
Mon May 2 16:43:16 2005: DEBUG: Received reply in AuthRADIUS for
req 5 from xx.xx.xx.xx:1646
Mon May 2 16:43:16 2005: DEBUG: Accounting accepted
Mon May 2 16:43:16 2005: DEBUG: Packet dump:
*** Sending to 208.249.78.130 port 55915 ....
Code: Accounting-Response
Identifier: 64
Authentic:
<168><210><226><209><21><22><213><214><207><211><155><185><128><2
33><131>-
Attributes:
Service-Type = Framed-User
Framed-Protocol = PPP
USR-V92-Feature-Control = 1
Mon May 2 16:43:16 2005: DEBUG: Packet dump:
*** Received from xx.xx.xx.xx port 1646 ....
Code: Accounting-Response
Identifier: 5
Authentic: <212><135>WU<15>6.P<0>|<213><133>y-<250><13>
Attributes:
Service-Type = Framed-User
Framed-Protocol = PPP
Service-Type = Framed-User
Framed-Protocol = PPP
Mon May 2 16:43:16 2005: WARNING: Unknown reply received in
AuthRADIUS for request 5 from xx.xx.xx.xx:1646
The debug seems to show the following actions:
1. Our RADIUS server receives an Access-Request from one of ours
NASes.
2. Our RADIUS server forwards The Access-Request to xx.xx.xx.xx.
3. Our RADIUS server receives an Access-Accept from xx.xx.xx.xx.
4. Our RADIUS server sends the Access-Accept to our NAS.
5. Our RADIUS server receives an Accounting-Request from one of
our NASes.
6. Our RADIUS server forwards the Accounting-Request to
xx.xx.xx.xx.
7. Our RADIUS server receives an Accounting-Response from
xx.xx.xx.xx.
8. Our RADIUS server sends the Accounting-Response to our NAS.
9. Our RADIUS server receives a second Accounting-Response from
xx.xx.xx.xx.
It appears to be step 9 that is generating the "Unknown reply",
although I don't see a Proxy-State attribute in any response.
The radius.cfg has the following:
<AuthLog FILE>
Identifier abc-logfile
Filename %L/abc/radius.log
LogSuccess 1
SuccessFormat %l: Login OK: [%u] (%c)
LogFailure 1
FailureFormat %l: INFO: Access rejected for %n: %1
</AuthLog>
<AuthBy PORTLIMITCHECK>
Identifier abc-portlimitcheck
SessionLimit 200
CountQuery select COUNT(*) from RADONLINE_ABC
</AuthBy>
<AuthBy SQL>
Identifier accessnumber
DBSource dbi:Sybase:database=xxx
DBUsername xxxxxx
DBAuth xxxxxx
DBSource dbi:mysql:xxx:xxx
DBUsername xxxxxx
DBAuth xxxxxx
</AuthBy>
<AuthBy RADIUS>
Identifier abc-radius
Host xx.xx.xx.xx
Host yy.yy.yy.yy
Secret xxxxxx
AuthPort 1645
AcctPort 1646
StripFromRequest Active
AddToReplyIfNotExist Service-Type = Framed-User, \
Framed-Protocol = PPP, \
Framed-IP-Netmask = 255.255.255.255, \
Framed-Compression = Van-Jacobson-TCP-IP
</AuthBy>
<AuthBy FILE>
Identifier abc-users
Filename /etc/raddb/users.abc
NoDefaultIfFound
</AuthBy>
<AuthLog SQL>
Identifier abc-replyhook
DBSource dbi:Sybase:database=xxx
DBUsername xxxxxx
DBAuth xxxxxx
DBSource dbi:mysql:xxx:xxx
DBUsername xxxxxx
DBAuth xxxxxx
Table AUTHLOG_ABC
LogSuccess 1
SuccessQuery insert into AUTHLOG_ABC \
(USERNAME, NASIDENTIFIER,
NASPORT, \
ACCTSESSIONID, TIME_STAMP,
FRAMEDIPADDRESS, \
NASPORTTYPE, SERVICETYPE) \
values \
('%2', '%{NAS-Identifier}',
'%{NAS-Port}', \
'%{Acct-Session-Id}',
%t,'%{Framed-IP-Address}',
\
'%{NAS-Port-Type}',
'%{Service-Type}')
</AuthLog>
<SessionDatabase SQL>
Identifier sessiondb-abc-radius
DBSource dbi:Sybase:database=xxx
DBUsername xxxxxx
DBAuth xxxxxx
DBSource dbi:mysql:xxx:xxx
DBUsername xxxxxx
DBAuth xxxxxx
AddQuery insert into RADONLINE_ABC \
(USERNAME, NASIDENTIFIER,
NASPORT, \
ACCTSESSIONID, TIME_STAMP,
FRAMEDIPADDRESS, \
NASPORTTYPE, SERVICETYPE) \
values \
('%n', '%N', 0%{NAS-Port}, \
'%{Acct-Session-Id}', %{Timestamp},
'%{Framed-IP-Address}', \
'%{NAS-Port-Type}', '%{Service-Type}')
CountQuery select NASIDENTIFIER, NASPORT, ACCTSESSIONID \
from RADONLINE_ABC \
where USERNAME='%n'
DeleteQuery delete from RADONLINE_ABC \
where NASIDENTIFIER='%N' and
NASPORT=0%{NAS-Port}
</SessionDatabase>
<Handler Called-Station-Id=/9999$/>
SessionDatabase sessiondb-abc-radius
AuthByPolicy ContinueWhileAccept
AuthBy abc-portlimitcheck
AuthBy abc-radius
AcctLogFileName %L/abc/detail
AuthLog abc-logfile
PasswordLogFileName %L/abc/radius.log
</Handler>
Is this WARNING a portent of more serious problems? If it can be
ignored, will using "UseExtendedIds" eliminate the warnings
although the docs seem to say that that should only be used with
broken Radius Servers and the remote server in this case appears
to be running Radiator 3.7.1?
Please advise,
William
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list