AW: (RADIATOR) Cisco AS5300 and Radiator Issue.

Martin Wallner Martin.Wallner at eunet.co.at
Wed May 31 20:13:57 CDT 2006


Hi Uday,
 
Hm. that 'feels' like different radius-secret on the cisco than the RADIATOR provides.
 
I would also suggest a lock down of the radius-source-IP on cisco with 
 
ip radius source-interface 'interface-you-like'
 
so that you have a secure client IP on your Radiusbox... 
 
If you checked this out, and it still not works, I would suggest a
 
debug ppp authentication
debug AAA authentication
term mon
 
and a try, to see what the Cisco makes of this request it obviously should receive.... 
 
=mw=
 

________________________________

Von: owner-radiator at open.com.au im Auftrag von Uday K. MOORJANI
Gesendet: Mi 31.05.2006 18:58
An: radiator at open.com.au
Betreff: (RADIATOR) Cisco AS5300 and Radiator Issue.



Hi All,

I am very new to radiator and I have a very small problem, and I think
with the experience you all have
you can guide me to resolving this issue.

We have a NAS, a Cisco AS5300 that is configured in Group-Async. See
Attached for the server configuration (as5300.cisco).
This NAS recieves connections from two different numbers.
Previously we were using an operator delivered NAS (Ascend Max) that was
working fine, but when I added the NAS in a <client> tag with the same
realm used by the other NASs it doesn't work.
Radiator sends an "Access-Accept" to the NAS but the NAS does not
authenticate, attached is radius.cfg file I'm using. See Trace 4 below :

-Snip--

*** Received from 213.x.160.33 port 1645 ....
Code:       Access-Request
Identifier: 22
Authentic:  2OC<211><243>g<189>W<0><0><0><0><0><0><0><0>
Attributes:
        NAS-IP-Address = 213.x.175.62
        NAS-Port = 207
        NAS-Port-Type = Async
        User-Name = "tristan"
        Called-Station-Id = "xx68572624"
        Calling-Station-Id = "590571015"
        Acct-Session-Id = "0000001B"
        MS-CHAP-Challenge = 2OC<211><243>g<189>W
        MS-CHAP-Response =
<1><1><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><195><216>X<26><15>&<160><169><221><209><215>u<237>*<197><156><30><158><246>6<141><232><164><157>
        Service-Type = Framed-User
        Framed-Protocol = PPP

Wed May 31 12:03:40 2006: DEBUG: Handling request with Handler ''
Wed May 31 12:03:40 2006: DEBUG: dialupsessiondb Deleting session for
tristan, 213.x.175.62, 207
Wed May 31 12:03:40 2006: DEBUG: do query is: 'delete from
RADONLINEDIALUP where username = 'tristan'':

Wed May 31 12:03:40 2006: DEBUG: Handling with Radius::AuthSQL
Wed May 31 12:03:40 2006: DEBUG: Handling with Radius::AuthSQL:
Wed May 31 12:03:40 2006: DEBUG: Query is: 'select '' as password, '' as
checkattr,'' as replyattr from SUBSCRIBERS limit 1':

Wed May 31 12:03:40 2006: DEBUG: Radius::AuthSQL looks for match with
tristan
Wed May 31 12:03:40 2006: DEBUG: Query is: 'select nasidentifier,
nasport, acctsessionid, framedipaddress from RADONLINEDIALUP where
username='tristan'':

Wed May 31 12:03:40 2006: DEBUG: Radius::AuthSQL ACCEPT:
Wed May 31 12:03:40 2006: DEBUG: Access accepted for tristan
Wed May 31 12:03:40 2006: DEBUG: do query is: 'insert into RADAUTHLOG
(time_stamp, username, password, type, typemsg, reason, service,
time_stamphr, severity, clientipaddress, nasipaddress)  VALUES
(1149091420, 'tristan', '', 1, 'OK', NULL, 'free', 'May 31, 2006
12:03:40', 0,'213.x.160.33','213.x.175.62')':

Wed May 31 12:03:40 2006: DEBUG: Packet dump:
*** Sending to 213.x.160.33 port 1645 ....
Code:       Access-Accept
Identifier: 22
Authentic:  2OC<211><243>g<189>W<0><0><0><0><0><0><0><0>
Attributes:

--Snip--

I have to admit, I'm a little confused.

--

Cordialement,
Sincerely Yours,

Uday K. MOORJANI
Systems Technician
-------------------
MEDIASERV.NET SARL
6,Tour Cécid
Place de la Rénovation
97110 POINTE A PITRE
GUADELOUPE (F.W.I)
-------------------
00(590)590571015
umoorjani at mediaserv.net



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.open.com.au/pipermail/radiator/attachments/20060601/e445a471/attachment.html>


More information about the radiator mailing list