(RADIATOR) cisco 3330 vpn config
kevin_amorin at harvard.edu
kevin_amorin at harvard.edu
Thu Sep 8 23:10:39 CDT 2005
Hello,
I have a quick question. I've done a bit of testing, and reading the
archives but I seem to be stuck on what I hope is an easy fix.
Background:
Cisco 3330 VPN
Raditor 3.13
LDAP Proxy
The first time I authenticate to vpn it works, every next time it fails.
Logs:
Fri Sep 9 04:46:22 2005: DEBUG: Finished reading configuration file
'/etc/radiator/radius.cfg'
Fri Sep 9 04:46:22 2005: DEBUG: Reading dictionary file
'/etc/radiator/dictionary'
Fri Sep 9 04:46:22 2005: DEBUG: Creating authentication port 0.0.0.0:1812
Fri Sep 9 04:46:22 2005: DEBUG: Creating accounting port 0.0.0.0:1813
Fri Sep 9 04:46:22 2005: NOTICE: Server started: Radiator 3.13 on xxxxx
(LOCKED)
Fri Sep 9 04:46:59 2005: DEBUG: Packet dump:
*** Received from 128.103.xxx port 1025 ....
Code: Access-Request
Identifier: 1
Authentic: dOxxxx
Attributes:
User-Name = "kamorin"
User-Password = <173>xxxx
Altiga-Argument-Auth-Server-Priority = 2
NAS-IP-Address = 128.103.xxx
NAS-Port-Type = Virtual
Fri Sep 9 04:46:59 2005: DEBUG: Handling request with Handler
'Realm=DEFAULT'
Fri Sep 9 04:46:59 2005: DEBUG: Deleting session for kamorin,
128.103.xxx.xxx
Fri Sep 9 04:46:59 2005: DEBUG: Handling with Radius::AuthLDAP2:
Fri Sep 9 04:46:59 2005: INFO: Connecting to xxxldap.harvard.edu, port 389
Fri Sep 9 04:46:59 2005: INFO: Attempting to bind to LDAP server
xxxxxxx.harvard.edu:389
Fri Sep 9 04:46:59 2005: DEBUG: LDAP got result for CN=Kevin Amorin
Fri Sep 9 04:46:59 2005: DEBUG: LDAP got uid: kamorin leftybk kevdogg
Fri Sep 9 04:46:59 2005: ERR: Bad attribute=value pair:
kamorin,leftybk,kevdogg
Fri Sep 9 04:46:59 2005: DEBUG: Radius::AuthLDAP2 looks for match with
kamorin
Fri Sep 9 04:46:59 2005: DEBUG: Radius::AuthLDAP2 ACCEPT:
Fri Sep 9 04:46:59 2005: DEBUG: AuthBy LDAP2 result: ACCEPT,
Fri Sep 9 04:46:59 2005: DEBUG: Access accepted for kamorin
Fri Sep 9 04:46:59 2005: DEBUG: Packet dump:
*** Sending to 128.103.xxx port 1025 ....
Code: Access-Accept
Identifier: 1
Authentic: dOxxxxx
Attributes:
(vpn returns sucessful)
Fri Sep 9 04:47:14 2005: DEBUG: Packet dump:
*** Received from 128.103.xxx port 1025 ....
Code: Access-Request
Identifier: 2
Authentic: <182>xxxx
Attributes:
User-Name = "kamorin"
User-Password = xC<157>xxxx
Altiga-Argument-Auth-Server-Priority = 2
NAS-IP-Address = 128.103.xxx
NAS-Port-Type = Virtual
Fri Sep 9 04:47:14 2005: DEBUG: Handling request with Handler
'Realm=DEFAULT'
Fri Sep 9 04:47:14 2005: DEBUG: Deleting session for kamorin,
128.103.xxx.xxx,
Fri Sep 9 04:47:14 2005: DEBUG: Handling with Radius::AuthLDAP2:
Fri Sep 9 04:47:14 2005: INFO: Connecting to xxxxx.harvard.edu, port 389
Fri Sep 9 04:47:14 2005: INFO: Attempting to bind to LDAP server
xxxx.harvard.edu:389
Fri Sep 9 04:47:15 2005: DEBUG: LDAP got result for CN=Kevin Amorin
Fri Sep 9 04:47:15 2005: DEBUG: LDAP got uid: kamorin leftybk kevdogg
Fri Sep 9 04:47:15 2005: ERR: Bad attribute=value pair:
kamorin,leftybk,kevdogg
Fri Sep 9 04:47:15 2005: DEBUG: Radius::AuthLDAP2 looks for match with
kamorin
Fri Sep 9 04:47:15 2005: DEBUG: Radius::AuthLDAP2 ACCEPT:
Fri Sep 9 04:47:15 2005: DEBUG: AuthBy LDAP2 result: ACCEPT,
Fri Sep 9 04:47:15 2005: DEBUG: Access accepted for kamorin
Fri Sep 9 04:47:15 2005: DEBUG: Packet dump:
*** Sending to 128.103.xxx port 1025 ....
Code: Access-Accept
Identifier: 2
Authentic: <182>
Attributes:
Fri Sep 9 04:47:18 2005: DEBUG: Packet dump:
*** Received from 128.103.xxx port 1025 ....
Code: Access-Request
Identifier: 2
Authentic: <182>
Attributes:
User-Name = "kamorin"
User-Password = <157>
Altiga-Argument-Auth-Server-Priority = 2
NAS-IP-Address = 128.103.xxx
NAS-Port-Type = Virtual
Fri Sep 9 04:47:18 2005: DEBUG: Handling request with Handler
'Realm=DEFAULT'
Fri Sep 9 04:47:18 2005: DEBUG: Deleting session for kamorin,
128.103.xxx,
Fri Sep 9 04:47:18 2005: DEBUG: Handling with Radius::AuthLDAP2:
Fri Sep 9 04:47:18 2005: INFO: Connecting to xxxldap.harvard.edu, port 389
Fri Sep 9 04:47:18 2005: INFO: Attempting to bind to LDAP server
xxxldap.harvard.edu:389
Fri Sep 9 04:47:20 2005: DEBUG: LDAP got result for CN=Kevin Amorin
Fri Sep 9 04:47:20 2005: DEBUG: LDAP got uid: kamorin leftybk kevdogg
Fri Sep 9 04:47:20 2005: ERR: Bad attribute=value pair:
kamorin,leftybk,kevdogg
Fri Sep 9 04:47:20 2005: DEBUG: Radius::AuthLDAP2 looks for match with
kamorin
Fri Sep 9 04:47:20 2005: DEBUG: Radius::AuthLDAP2 ACCEPT:
Fri Sep 9 04:47:20 2005: DEBUG: AuthBy LDAP2 result: ACCEPT,
Fri Sep 9 04:47:20 2005: DEBUG: Access accepted for kamorin
Fri Sep 9 04:47:20 2005: DEBUG: Packet dump:
*** Sending to 128.103.xxx port 1025 ....
Code: Access-Accept
Identifier: 2
Authentic: <182>
Attributes:
asks twice then fails. The Radius server is then deemed "offline" by the
vpn and all auth fails.
Config:
Foreground
LogStdout
Trace 4
AcctPort 1813
AuthPort 1812
LogDir /var/log/radius
DbDir /etc/radiator
<Client DEFAULT>
Secret xxxxxxxxx
DupInterval 0
</Client>
<Realm DEFAULT>
AcctLogFileName %L/detail
AcctLogFileName %L/detail-%Y%m
<AuthBy LDAP2>
Host xxxxx.harvard.edu
AuthDN cn=xxxxxx
AuthPassword xxxxxx
BaseDN c=US
UsernameAttr uid
ServerChecksPassword
CheckAttr uid
PasswordAttr userpassword
Version 3
</AuthBy>
</Realm>
any help is appreciated.
Thanks
Kevin
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list