(RADIATOR) Help with Lucent TNT and Radiator 3.1

Hugh Irvine hugh at open.com.au
Thu Jan 5 18:03:27 CST 2006 

Hello Tu Nguyen -

I think part of the problem is your user configuration which should  
look like this:

DEFAULT         Auth-Type = "uidauthent", Called-Station-Id =  
"206xxxx, Simultaneous-Use = "1"
                 Session-Timeout = "600",
                 Fall-Through = "Yes",
                 Service-Type = Framed-User,
                 Framed-IP-Address = 255.255.255.254,
                 Framed-Protocol = PPP,
                 Reply-Message = "206xxxx:Permission granted"

The first line is the list of check items and the second and  
following lines with indentation are the reply items.

The tcpdump shows an access request followed by an access reject  
which indicates an authentication failure.

I am guessing this is because one or more of the check items does not  
match the request.

It is much more helpful if you send a copy of your configuration file  
and a trace 4 debug from Radiator showing what is happening.

regards

Hugh


On 6 Jan 2006, at 10:11, Tu Nguyen wrote:

> Hi All:
>  I'm running into a very peculiar problem  and just wonder if
> anyone can help? We are switching dialup platform  from Cisco5300
> to Lucent TNT. On the Lucent TNT, when issueing a radius call,
> only accept-code is returned, no additional radius attributes
> such as Session-Timeout, Service-Type, Framed-Protocol, Framed-IP- 
> Address
> are returned.
>  It  only happens with Lucent TNT. All the attributes are returned
> as normal however, when using radpwtst. I examined the request Lucent
> radius packets but found nothing unsuall.
>
>  We are using Radiator 3.1 on Red Hat Linux release 7.3
>
> Here is my user config:
>
> DEFAULT         Auth-Type = "uidauthent",
>                 Called-Station-Id = "206xxxx",
>                 Simultaneous-Use = "1"
>
>                 Session-Timeout = "600",
>                 Fall-Through = "Yes",
>                 Service-Type = Framed-User,
>                 Framed-IP-Address = 255.255.255.254,
>                 Framed-Protocol = PPP,
>                 Reply-Message = "206xxxx:Permission granted"
>
> and below is the tcpdump of the request and reply packets:
>
> No.     Time        Source                Destination            
> Protocol Info
>       1 0.000000    216.123.198.242       xxx.xxx.34.141         
> RADIUS   Access Request(1) (id=247, l=98)
>
> Frame 1 (140 bytes on wire, 140 bytes captured)
> Ethernet II, Src: 00:09:7b:c5:14:38, Dst: 00:01:30:03:97:00
> Internet Protocol, Src Addr: 216.123.198.242 (216.123.198.242), Dst  
> Addr: xxx.xxx.34.141 (xxx.xxx.34.141)
> User Datagram Protocol, Src Port: 36862 (36862), Dst Port: radius  
> (1812)
> Radius Protocol
>     Code: Access Request (1)
>     Packet identifier: 0xf7 (247)
>     Length: 98
>     Authenticator: 0xA0D7E61A750C57F32A9699829D086B3D
>     Attribute value pairs
>         t:User Password(2) l:18, Value: 
> 1D3A866160483B845CA5D5BFA2C7F3AA
>         t:Framed Protocol(7) l:6, Value:PPP(1)
>         t:User Name(1) l:6, Value:"noca"
>         t:NAS Port Type(61) l:6, Value:Virtual(5)
>         t:NAS Port(5) l:6, Value:928
>         t:Calling Station Id(31) l:12, Value:"4032829595"
>         t:Called Station Id(30) l:12, Value:"403206xxxx"
>         t:Service Type(6) l:6, Value:Framed(2)
>         t:NAS IP Address(4) l:6, Value:154.11.81.8
>
> No.     Time        Source                Destination            
> Protocol Info
>       2 0.510939    xxx.xxx.34.141        216.123.198.242        
> RADIUS   Access Accept(2) (id=247, l=20)
>
> Frame 2 (62 bytes on wire, 62 bytes captured)
> Ethernet II, Src: 00:01:30:03:97:00, Dst: 00:09:7b:c5:14:38
> Internet Protocol, Src Addr: xxx.xxx.34.141 (xxx.xxx.34.141), Dst  
> Addr: 216.123.198.242 (216.123.198.242)
> User Datagram Protocol, Src Port: radius (1812), Dst Port: 36862  
> (36862)
> Radius Protocol
>     Code: Access Accept (2)
>     Packet identifier: 0xf7 (247)
>     Length: 20
>     Authenticator: 0xDC5FCA6A73B7A652ED527A8952590830
>
> No.     Time        Source                Destination            
> Protocol Info
>       3 0.252224    216.123.198.242       xxx.xxx.34.141         
> RADIUS   Access Request(1) (id=140, l=112)
>
> Frame 3 (154 bytes on wire, 154 bytes captured)
> Ethernet II, Src: 00:09:7b:c5:14:38, Dst: 00:01:30:03:97:00
> Internet Protocol, Src Addr: 216.123.198.242 (216.123.198.242), Dst  
> Addr: xxx.xxx.34.141 (xxx.xxx.34.141)
> User Datagram Protocol, Src Port: 36863 (36863), Dst Port: radius  
> (1812)
> Radius Protocol
>     Code: Access Request (1)
>     Packet identifier: 0x8c (140)
>     Length: 112
>     Authenticator: 0xA0D7E61A750C57F32A9699829D086B3D
>     Attribute value pairs
>         t:User Password(2) l:18, Value: 
> 3A32B9637B7B0BB45CA5D5BFA2C7F3AA
>         t:User Name(1) l:20, Value:"pools-EDTNAB02DV02"
>         t:Framed Protocol(7) l:6, Value:PPP(1)
>         t:NAS Port Type(61) l:6, Value:Virtual(5)
>         t:NAS Port(5) l:6, Value:928
>         t:Calling Station Id(31) l:12, Value:"4032829595"
>         t:Called Station Id(30) l:12, Value:"403206xxxx"
>         t:Service Type(6) l:6, Value:Outbound(5)
>         t:NAS IP Address(4) l:6, Value:154.11.81.8
>
> No.     Time        Source                Destination            
> Protocol Info
>       4 0.431231    xxx.xxx.34.141        216.123.198.242        
> RADIUS   Access Reject(3) (id=140, l=36)
>
> Frame 4 (78 bytes on wire, 78 bytes captured)
> Ethernet II, Src: 00:01:30:03:97:00, Dst: 00:09:7b:c5:14:38
> Internet Protocol, Src Addr: xxx.xxx.34.141 (xxx.xxx.34.141), Dst  
> Addr: 216.123.198.242 (216.123.198.242)
> User Datagram Protocol, Src Port: radius (1812), Dst Port: 36863  
> (36863)
> Radius Protocol
>     Code: Access Reject (3)
>     Packet identifier: 0x8c (140)
>     Length: 36
>     Authenticator: 0x1B4BB45211447BE0AC338A842BAD5A4F
>     Attribute value pairs
>         t:Reply Message(18) l:16, Value:"Request Denied"
>
>
> --
> tu nguyen
> nguyen at ucalgary.ca
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.


NB:

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/ 
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.


--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list