(RADIATOR) motorola canopy and radiator

Hugh Irvine hugh at open.com.au
Thu Aug 23 18:29:02 CDT 2007


Hello Michael -

According to the freeradius log, the Motorola device keeps sending  
access requests in exactly the same manner that we see in the  
Radiator logs, so it doesn't look to me like the Motorola device is  
authenticating in either case.

What you need to ask Motorola is what is required in the access  
accept for the device to authenticate properly. Once you have  
freeradius doing it, we can configure Radiator to do the same thing.

As mentioned previously, at the moment both Radiator and freeradius  
appear to be doing exactly the same thing.

BTW - I do notice that you seem to be using a custom Radiator  
dictionary - are you sure it is correct?

regards

Hugh


On 23 Aug 2007, at 23:10, Michael Shoemaker wrote:

> That they are doing the same thing is what we seem to have found as  
> well.
> However, the motorola device will authenticate and connect with  
> freeradius.
> All attempts to contact motorola about it have resulted in a stream  
> of "we
> don't support radiator".
>
> The devices in question are:
>
> radiator/freeradius <-> prizm server (redhat) <-> wireless AP <->  
> customer SM
>
>> From what we can see, the access accept packets manage to make it  
>> from the
> radius server, TO prizm, and back out of it towards the AP,  
> however, only the
> freeradius auths.
>
> Not sure if this helps or not, but I will try to get some logs from  
> the prizm
> server and post later today.
>
>
> On Wednesday 22 August 2007 7:19:03 pm Hugh Irvine wrote:
>> Hello Michael -
>>
>> Thanks for sending the debug.
>>
>> As far as I can see, Radiator and freeradius are doing exactly the
>> same thing.
>>
>> And from what I can tell in the freeradius debug, the access requests
>> are being accepted, but the Motorola device continues to retry the
>> request.
>>
>> So it appears that neither Radiator nor freeradius is sending an
>> access accept that satisfies the Motorola device? Is that your
>> observation?
>>
>> As mentioned previously, have you checked the debug on the Motorola
>> device to see what it is complaining about?
>>
>> And thanks for sending the Motorola attribute definitions - I will
>> add them to the Radiator dictionary today.
>>
>> regards
>>
>> Hugh
>>
>> On 23 Aug 2007, at 01:48, Michael Shoemaker wrote:
>>> here is the whole log snippet
>>>
>>>
>>> rad_recv: Access-Request packet from host 12.169.62.8:37045,
>>> id=135, length=84
>>>         User-Name = "0a003e91c314"
>>>         User-Password = "Canopy"
>>>         NAS-IP-Address = 12.169.62.8
>>>         Called-Station-Id = "0A003E91A22D"
>>>         NAS-Port = 2
>>>         NAS-Port-Type = Wireless-Other
>>>   Processing the authorize section of radiusd.conf
>>> modcall: entering group authorize for request 0
>>>   modcall[authorize]: module "preprocess" returns ok for request 0
>>> radius_xlat:  '/var/log/freeradius/radacct/12.169.62.8/auth-
>>> detail-20070822'
>>> rlm_detail: /var/log/freeradius/radacct/%{Client-IP-Address}/auth-
>>> detail-%Y%m%d
>>> expands to /var/log/freeradius/radacct/12.169.62.8/auth-
>>> detail-20070822
>>>   modcall[authorize]: module "auth_log" returns ok for request 0
>>>   modcall[authorize]: module "chap" returns noop for request 0
>>>   modcall[authorize]: module "mschap" returns noop for request 0
>>>     rlm_realm: No '@' in User-Name = "0a003e91c314", looking up
>>> realm NULL
>>>     rlm_realm: No such realm "NULL"
>>>   modcall[authorize]: module "suffix" returns noop for request 0
>>>   rlm_eap: No EAP-Message, not doing EAP
>>>   modcall[authorize]: module "eap" returns noop for request 0
>>>     users: Matched entry 0a003e91c314 at line 110
>>>   modcall[authorize]: module "files" returns ok for request 0
>>> modcall: leaving group authorize (returns ok) for request 0
>>>   rad_check_password:  Found Auth-Type Local
>>> auth: type Local
>>> auth: user supplied User-Password matches local User-Password
>>> Login OK: [0a003e91c314/Canopy] (from client prizm port 2)
>>>   Processing the post-auth section of radiusd.conf
>>> modcall: entering group post-auth for request 0
>>> radius_xlat:  '/var/log/freeradius/radacct/12.169.62.8/reply-
>>> detail-20070822'
>>> rlm_detail: /var/log/freeradius/radacct/%{Client-IP-Address}/reply-
>>> detail-%Y%m%d
>>> expands to /var/log/freeradius/radacct/12.169.62.8/reply-
>>> detail-20070822
>>>   modcall[post-auth]: module "reply_log" returns ok for request 0
>>> modcall: leaving group post-auth (returns ok) for request 0
>>> Sending Access-Accept of id 135 to 12.169.62.8 port 37045
>>>         Service-Type = Framed-User
>>>         Framed-Netmask = 255.255.255.255
>>>         Framed-Routing = None
>>>         Framed-Compression = Van-Jacobson-TCP-IP
>>>         Class = 0x7072697a6d74657374696e672e6e6574
>>>         Motorola-Canopy-Shared-Secret = "0"
>>>         Motorola-Canopy-SULDR = "512"
>>>         Motorola-Canopy-SDLDR = "1024"
>>>         Motorola-Canopy-ULBA = "56"
>>>         Motorola-Canopy-DLBA = "56"
>>>         Motorola-Canopy-Enable = "1"
>>>         Motorola-Canopy-LPSULDR = "2000"
>>>         Motorola-Canopy-LPSDLDR = "2000"
>>>         Motorola-Canopy-HPCENABLE = "1"
>>>         Motorola-Canopy-HPSULDR = "4000"
>>>         Motorola-Canopy-HPSDLDR = "4000"
>>>         Motorola-Canopy-HIGHERBW = "0"
>>>         Motorola-Canopy-CIRENABLE = "1"
>>> Finished request 0
>>> Going to the next request
>>> --- Walking the entire request list ---
>>> Waking up in 6 seconds...
>>> rad_recv: Access-Request packet from host 12.169.62.8:37045,
>>> id=136, length=84
>>>         User-Name = "0a003e91c314"
>>>         User-Password = "Canopy"
>>>         NAS-IP-Address = 12.169.62.8
>>>         Called-Station-Id = "0A003E91A22D"
>>>         NAS-Port = 0
>>>         NAS-Port-Type = Wireless-Other
>>>   Processing the authorize section of radiusd.conf
>>> modcall: entering group authorize for request 1
>>>   modcall[authorize]: module "preprocess" returns ok for request 1
>>> radius_xlat:  '/var/log/freeradius/radacct/12.169.62.8/auth-
>>> detail-20070822'
>>> rlm_detail: /var/log/freeradius/radacct/%{Client-IP-Address}/auth-
>>> detail-%Y%m%d
>>> expands to /var/log/freeradius/radacct/12.169.62.8/auth-
>>> detail-20070822
>>>   modcall[authorize]: module "auth_log" returns ok for request 1
>>>   modcall[authorize]: module "chap" returns noop for request 1
>>>   modcall[authorize]: module "mschap" returns noop for request 1
>>>     rlm_realm: No '@' in User-Name = "0a003e91c314", looking up
>>> realm NULL
>>>     rlm_realm: No such realm "NULL"
>>>   modcall[authorize]: module "suffix" returns noop for request 1
>>>   rlm_eap: No EAP-Message, not doing EAP
>>>   modcall[authorize]: module "eap" returns noop for request 1
>>>     users: Matched entry 0a003e91c314 at line 110
>>>   modcall[authorize]: module "files" returns ok for request 1
>>> modcall: leaving group authorize (returns ok) for request 1
>>>   rad_check_password:  Found Auth-Type Local
>>> auth: type Local
>>> auth: user supplied User-Password matches local User-Password
>>> Login OK: [0a003e91c314/Canopy] (from client prizm port 0)
>>>   Processing the post-auth section of radiusd.conf
>>> modcall: entering group post-auth for request 1
>>> radius_xlat:  '/var/log/freeradius/radacct/12.169.62.8/reply-
>>> detail-20070822'
>>> rlm_detail: /var/log/freeradius/radacct/%{Client-IP-Address}/reply-
>>> detail-%Y%m%d
>>> expands to /var/log/freeradius/radacct/12.169.62.8/reply-
>>> detail-20070822
>>>   modcall[post-auth]: module "reply_log" returns ok for request 1
>>> modcall: leaving group post-auth (returns ok) for request 1
>>> Sending Access-Accept of id 136 to 12.169.62.8 port 37045
>>>         Service-Type = Framed-User
>>>         Framed-Netmask = 255.255.255.255
>>>         Framed-Routing = None
>>>         Framed-Compression = Van-Jacobson-TCP-IP
>>>         Class = 0x7072697a6d74657374696e672e6e6574
>>>         Motorola-Canopy-Shared-Secret = "0"
>>>         Motorola-Canopy-SULDR = "512"
>>>         Motorola-Canopy-SDLDR = "1024"
>>>         Motorola-Canopy-ULBA = "56"
>>>         Motorola-Canopy-DLBA = "56"
>>>         Motorola-Canopy-Enable = "1"
>>>         Motorola-Canopy-LPSULDR = "2000"
>>>         Motorola-Canopy-LPSDLDR = "2000"
>>>         Motorola-Canopy-HPCENABLE = "1"
>>>         Motorola-Canopy-HPSULDR = "4000"
>>>         Motorola-Canopy-HPSDLDR = "4000"
>>>         Motorola-Canopy-HIGHERBW = "0"
>>>         Motorola-Canopy-CIRENABLE = "1"
>>> Finished request 1
>>> Going to the next request
>>> --- Walking the entire request list ---
>>> Waking up in 5 seconds...
>>> rad_recv: Access-Request packet from host 12.169.62.8:37045,
>>> id=137, length=84
>>>         User-Name = "0a003e91c314"
>>>         User-Password = "Canopy"
>>>         NAS-IP-Address = 12.169.62.8
>>>         Called-Station-Id = "0A003E91A22D"
>>>         NAS-Port = 0
>>>         NAS-Port-Type = Wireless-Other
>>>   Processing the authorize section of radiusd.conf
>>> modcall: entering group authorize for request 2
>>>   modcall[authorize]: module "preprocess" returns ok for request 2
>>> radius_xlat:  '/var/log/freeradius/radacct/12.169.62.8/auth-
>>> detail-20070822'
>>> rlm_detail: /var/log/freeradius/radacct/%{Client-IP-Address}/auth-
>>> detail-%Y%m%d
>>> expands to /var/log/freeradius/radacct/12.169.62.8/auth-
>>> detail-20070822
>>>   modcall[authorize]: module "auth_log" returns ok for request 2
>>>   modcall[authorize]: module "chap" returns noop for request 2
>>>   modcall[authorize]: module "mschap" returns noop for request 2
>>>     rlm_realm: No '@' in User-Name = "0a003e91c314", looking up
>>> realm NULL
>>>     rlm_realm: No such realm "NULL"
>>>   modcall[authorize]: module "suffix" returns noop for request 2
>>>   rlm_eap: No EAP-Message, not doing EAP
>>>   modcall[authorize]: module "eap" returns noop for request 2
>>>     users: Matched entry 0a003e91c314 at line 110
>>>   modcall[authorize]: module "files" returns ok for request 2
>>> modcall: leaving group authorize (returns ok) for request 2
>>>   rad_check_password:  Found Auth-Type Local
>>> auth: type Local
>>> auth: user supplied User-Password matches local User-Password
>>> Login OK: [0a003e91c314/Canopy] (from client prizm port 0)
>>>   Processing the post-auth section of radiusd.conf
>>> modcall: entering group post-auth for request 2
>>> radius_xlat:  '/var/log/freeradius/radacct/12.169.62.8/reply-
>>> detail-20070822'
>>> rlm_detail: /var/log/freeradius/radacct/%{Client-IP-Address}/reply-
>>> detail-%Y%m%d
>>> expands to /var/log/freeradius/radacct/12.169.62.8/reply-
>>> detail-20070822
>>>   modcall[post-auth]: module "reply_log" returns ok for request 2
>>> modcall: leaving group post-auth (returns ok) for request 2
>>> Sending Access-Accept of id 137 to 12.169.62.8 port 37045
>>>         Service-Type = Framed-User
>>>         Framed-Netmask = 255.255.255.255
>>>         Framed-Routing = None
>>>         Framed-Compression = Van-Jacobson-TCP-IP
>>>         Class = 0x7072697a6d74657374696e672e6e6574
>>>         Motorola-Canopy-Shared-Secret = "0"
>>>         Motorola-Canopy-SULDR = "512"
>>>         Motorola-Canopy-SDLDR = "1024"
>>>         Motorola-Canopy-ULBA = "56"
>>>         Motorola-Canopy-DLBA = "56"
>>>         Motorola-Canopy-Enable = "1"
>>>         Motorola-Canopy-LPSULDR = "2000"
>>>         Motorola-Canopy-LPSDLDR = "2000"
>>>         Motorola-Canopy-HPCENABLE = "1"
>>>         Motorola-Canopy-HPSULDR = "4000"
>>>         Motorola-Canopy-HPSDLDR = "4000"
>>>         Motorola-Canopy-HIGHERBW = "0"
>>>         Motorola-Canopy-CIRENABLE = "1"
>>> Finished request 2
>>> Going to the next request
>>> Waking up in 5 seconds...
>>> --- Walking the entire request list ---
>>> Cleaning up request 0 ID 135 with timestamp 46cc59af
>>> Waking up in 1 seconds...
>>> --- Walking the entire request list ---
>>> Cleaning up request 1 ID 136 with timestamp 46cc59b0
>>> Cleaning up request 2 ID 137 with timestamp 46cc59b0
>>> Nothing to do.  Sleeping until we see a request.
>>>
>>>
>>>
>>> the motorola dictionary stuff is as follows:
>>> VENDORATTR    161       Motorola-Canopy-Shared-Secret   224      
>>> string
>>> VENDORATTR    161       Motorola-Canopy-SULDR           225      
>>> string
>>> VENDORATTR    161       Motorola-Canopy-SDLDR           226      
>>> string
>>> VENDORATTR    161       Motorola-Canopy-ULBA            227      
>>> string
>>> VENDORATTR    161       Motorola-Canopy-DLBA            228      
>>> string
>>> VENDORATTR    161       Motorola-Canopy-Enable          229      
>>> string
>>> VENDORATTR    161       Motorola-Canopy-LPSULDR         230      
>>> string
>>> VENDORATTR    161       Motorola-Canopy-LPSDLDR         231      
>>> string
>>> VENDORATTR    161       Motorola-Canopy-HPCENABLE       232      
>>> string
>>> VENDORATTR    161       Motorola-Canopy-HPSULDR         233      
>>> string
>>> VENDORATTR    161       Motorola-Canopy-HPSDLDR         234      
>>> string
>>> VENDORATTR    161       Motorola-Canopy-HIGHERBW        235      
>>> string
>>> VENDORATTR    161       Motorola-Canopy-CIRENABLE       236      
>>> string
>>>
>>> On Tuesday 21 August 2007 9:55:50 pm Hugh Irvine wrote:
>>>> Hello Michael -
>>>>
>>>> Thanks for sending the Radiator debug.
>>>>
>>>> It shows Radiator sending what appears to be a correct access  
>>>> accept,
>>>> with a number of reply attributes.
>>>>
>>>> Can you please send us a packet dump of the access accept that is
>>>> working from freeradius? There must be some difference in what is
>>>> being sent.
>>>>
>>>> Another possibility is that the reply from Radiator is not getting
>>>> back to the Motorola device - can you check a debug there?
>>>>
>>>> BTW - could you also send us the Motorola-Canopy-* dictionary
>>>> definitions so we can add them to the standard Radiator dictionary?
>>>>
>>>> regards
>>>>
>>>> Hugh
>>>>
>>>> On 22 Aug 2007, at 02:14, Michael Shoemaker wrote:
>>>>> Okie... this is the debug from radiator
>>>>>
>>>>>
>>>>> Tue Aug 21 12:07:55 2007: DEBUG: Packet dump:
>>>>> *** Received from 12.169.62.8 port 36672 ....
>>>>>
>>>>> Packet length = 84
>>>>> 01 0a 00 54 60 b1 8b 27 a2 d0 7c d6 ba 07 c4 c9
>>>>> 7c 2a b8 a0 01 0e 30 61 30 30 33 65 39 31 63 33
>>>>> 31 34 02 12 98 1b 44 17 77 ef 1f 31 7c de 82 9a
>>>>> 84 63 15 40 04 06 0c a9 3e 08 1e 0e 30 41 30 30
>>>>> 33 45 39 31 41 32 32 44 05 06 00 00 00 02 3d 06
>>>>> 00 00 00 12
>>>>> Code:       Access-Request
>>>>> Identifier: 10
>>>>> Authentic:  `<177><139>'<162><208>|<214><186><7><196><201>|
>>>>> *<184><160>
>>>>> Attributes:
>>>>>         User-Name = "0a003e91c314"
>>>>>         Password = "<152><27>D<23>w<239><31>1|
>>>>> <222><130><154><132>c<21>@"
>>>>>         NAS-Identifier = 12.169.62.8
>>>>>         Client-Port-DNIS = "0A003E91A22D"
>>>>>         NAS-Port = 2
>>>>>         NAS-Port-Type = 18
>>>>>
>>>>> Tue Aug 21 12:07:55 2007: DEBUG: Rewrote user name to 0a003e91c314
>>>>> Tue Aug 21 12:07:55 2007: DEBUG: Handling request with
>>>>> Handler 'Realm=shoe.prizmtesting.net'
>>>>> Tue Aug 21 12:07:55 2007: DEBUG: Rewrote user name to 0a003e91c314
>>>>> Tue Aug 21 12:07:55 2007: DEBUG: Rewrote user name to 0a003e91c314
>>>>> Tue Aug 21 12:07:55 2007: DEBUG:  Deleting session for  
>>>>> 0a003e91c314,
>>>>> 12.169.62.8, 2
>>>>> Tue Aug 21 12:07:55 2007: DEBUG: Handling with Radius::AuthFILE:
>>>>> Tue Aug 21 12:07:55 2007: DEBUG: Reading users
>>>>> file /etc/raddb.proxy/conf/realms/prizmuser
>>>>> Tue Aug 21 12:07:55 2007: DEBUG: Radius::AuthFILE looks for match
>>>>> with
>>>>> 0a003e91c314
>>>>> Tue Aug 21 12:07:55 2007: DEBUG: Radius::AuthFILE ACCEPT:
>>>>> Tue Aug 21 12:07:55 2007: DEBUG: AuthBy FILE result: ACCEPT,
>>>>> Tue Aug 21 12:07:55 2007: DEBUG: Access accepted for 0a003e91c314
>>>>> Tue Aug 21 12:07:55 2007: DEBUG: Packet dump:
>>>>> *** Sending to 12.169.62.8 port 36672 ....
>>>>>
>>>>> Packet length = 204
>>>>> 02 0a 00 cc a5 fc 85 ae fc 9b 11 f0 f5 c7 40 7a
>>>>> f5 87 e3 c8 06 06 00 00 00 02 07 06 00 00 00 01
>>>>> 09 06 ff ff ff ff 0a 06 00 00 00 00 0d 06 00 00
>>>>> 00 01 19 12 70 72 69 7a 6d 74 65 73 74 69 6e 67
>>>>> 2e 6e 65 74 1a 09 00 00 00 a1 e0 03 30 1a 0b 00
>>>>> 00 00 a1 e1 05 35 31 32 1a 0c 00 00 00 a1 e2 06
>>>>> 31 30 32 34 1a 0a 00 00 00 a1 e3 04 35 36 1a 0a
>>>>> 00 00 00 a1 e4 04 35 36 1a 09 00 00 00 a1 e5 03
>>>>> 31 1a 0c 00 00 00 a1 e6 06 32 30 30 30 1a 0c 00
>>>>> 00 00 a1 e7 06 32 30 30 30 1a 09 00 00 00 a1 e8
>>>>> 03 31 1a 0c 00 00 00 a1 e9 06 34 30 30 30 1a 0c
>>>>> 00 00 00 a1 ea 06 34 30 30 30 1a 09 00 00 00 a1
>>>>> eb 03 30 1a 09 00 00 00 a1 ec 03 31
>>>>> Code:       Access-Accept
>>>>> Identifier: 10
>>>>> Authentic:  `<177><139>'<162><208>|<214><186><7><196><201>|
>>>>> *<184><160>
>>>>> Attributes:
>>>>>         User-Service = Framed-User
>>>>>         Framed-Protocol = PPP
>>>>>         Framed-Netmask = 255.255.255.255
>>>>>         Framed-Routing = None
>>>>>         Framed-Compression = Van-Jacobsen-TCP-IP
>>>>>         Class = "prizmtesting.net"
>>>>>         Motorola-Canopy-Shared-Secret = "0"
>>>>>         Motorola-Canopy-SULDR = "512"
>>>>>         Motorola-Canopy-SDLDR = "1024"
>>>>>         Motorola-Canopy-ULBA = "56"
>>>>>         Motorola-Canopy-DLBA = "56"
>>>>>         Motorola-Canopy-Enable = "1"
>>>>>         Motorola-Canopy-LPSULDR = "2000"
>>>>>         Motorola-Canopy-LPSDLDR = "2000"
>>>>>         Motorola-Canopy-HPCENABLE = "1"
>>>>>         Motorola-Canopy-HPSULDR = "4000"
>>>>>         Motorola-Canopy-HPSDLDR = "4000"
>>>>>         Motorola-Canopy-HIGHERBW = "0"
>>>>>         Motorola-Canopy-CIRENABLE = "1"
>>>>>
>>>>> Tue Aug 21 12:07:56 2007: DEBUG: Packet dump:
>>>>> *** Received from 12.169.62.8 port 36672 ....
>>>>>
>>>>> Packet length = 84
>>>>> 01 0b 00 54 60 b1 8b 27 a2 d0 7c d6 ba 07 c4 c9
>>>>> 7c 2a b8 a0 01 0e 30 61 30 30 33 65 39 31 63 33
>>>>> 31 34 02 12 98 1b 44 17 77 ef 1f 31 7c de 82 9a
>>>>> 84 63 15 40 04 06 0c a9 3e 08 1e 0e 30 41 30 30
>>>>> 33 45 39 31 41 32 32 44 05 06 00 00 00 00 3d 06
>>>>> 00 00 00 12
>>>>> Code:       Access-Request
>>>>> Identifier: 11
>>>>> Authentic:  `<177><139>'<162><208>|<214><186><7><196><201>|
>>>>> *<184><160>
>>>>> Attributes:
>>>>>         User-Name = "0a003e91c314"
>>>>>         Password = "<152><27>D<23>w<239><31>1|
>>>>> <222><130><154><132>c<21>@"
>>>>>         NAS-Identifier = 12.169.62.8
>>>>>         Client-Port-DNIS = "0A003E91A22D"
>>>>>         NAS-Port = 0
>>>>>         NAS-Port-Type = 18
>>>>>
>>>>> Tue Aug 21 12:07:56 2007: DEBUG: Rewrote user name to 0a003e91c314
>>>>> Tue Aug 21 12:07:56 2007: DEBUG: Handling request with
>>>>> Handler 'Realm=shoe.prizmtesting.net'
>>>>> Tue Aug 21 12:07:56 2007: DEBUG: Rewrote user name to 0a003e91c314
>>>>> Tue Aug 21 12:07:56 2007: DEBUG: Rewrote user name to 0a003e91c314
>>>>> Tue Aug 21 12:07:56 2007: DEBUG:  Deleting session for  
>>>>> 0a003e91c314,
>>>>> 12.169.62.8, 0
>>>>> Tue Aug 21 12:07:56 2007: DEBUG: Handling with Radius::AuthFILE:
>>>>> Tue Aug 21 12:07:56 2007: DEBUG: Radius::AuthFILE looks for match
>>>>> with
>>>>> 0a003e91c314
>>>>> Tue Aug 21 12:07:56 2007: DEBUG: Radius::AuthFILE ACCEPT:
>>>>> Tue Aug 21 12:07:56 2007: DEBUG: AuthBy FILE result: ACCEPT,
>>>>> Tue Aug 21 12:07:56 2007: DEBUG: Access accepted for 0a003e91c314
>>>>> Tue Aug 21 12:07:56 2007: DEBUG: Packet dump:
>>>>> *** Sending to 12.169.62.8 port 36672 ....
>>>>>
>>>>> Packet length = 204
>>>>> 02 0b 00 cc 87 6f 0d d7 79 49 f6 20 bd bf 98 48
>>>>> 79 b9 fb 3b 06 06 00 00 00 02 07 06 00 00 00 01
>>>>> 09 06 ff ff ff ff 0a 06 00 00 00 00 0d 06 00 00
>>>>> 00 01 19 12 70 72 69 7a 6d 74 65 73 74 69 6e 67
>>>>> 2e 6e 65 74 1a 09 00 00 00 a1 e0 03 30 1a 0b 00
>>>>> 00 00 a1 e1 05 35 31 32 1a 0c 00 00 00 a1 e2 06
>>>>> 31 30 32 34 1a 0a 00 00 00 a1 e3 04 35 36 1a 0a
>>>>> 00 00 00 a1 e4 04 35 36 1a 09 00 00 00 a1 e5 03
>>>>> 31 1a 0c 00 00 00 a1 e6 06 32 30 30 30 1a 0c 00
>>>>> 00 00 a1 e7 06 32 30 30 30 1a 09 00 00 00 a1 e8
>>>>> 03 31 1a 0c 00 00 00 a1 e9 06 34 30 30 30 1a 0c
>>>>> 00 00 00 a1 ea 06 34 30 30 30 1a 09 00 00 00 a1
>>>>> eb 03 30 1a 09 00 00 00 a1 ec 03 31
>>>>> Code:       Access-Accept
>>>>> Identifier: 11
>>>>> Authentic:  `<177><139>'<162><208>|<214><186><7><196><201>|
>>>>> *<184><160>
>>>>> Attributes:
>>>>>         User-Service = Framed-User
>>>>>         Framed-Protocol = PPP
>>>>>         Framed-Netmask = 255.255.255.255
>>>>>         Framed-Routing = None
>>>>>         Framed-Compression = Van-Jacobsen-TCP-IP
>>>>>         Class = "prizmtesting.net"
>>>>>         Motorola-Canopy-Shared-Secret = "0"
>>>>>         Motorola-Canopy-SULDR = "512"
>>>>>         Motorola-Canopy-SDLDR = "1024"
>>>>>         Motorola-Canopy-ULBA = "56"
>>>>>         Motorola-Canopy-DLBA = "56"
>>>>>         Motorola-Canopy-Enable = "1"
>>>>>         Motorola-Canopy-LPSULDR = "2000"
>>>>>         Motorola-Canopy-LPSDLDR = "2000"
>>>>>         Motorola-Canopy-HPCENABLE = "1"
>>>>>         Motorola-Canopy-HPSULDR = "4000"
>>>>>         Motorola-Canopy-HPSDLDR = "4000"
>>>>>         Motorola-Canopy-HIGHERBW = "0"
>>>>>         Motorola-Canopy-CIRENABLE = "1"
>>>>>
>>>>>
>>>>> and the radius.cfg
>>>>>
>>>>> PidFile /etc/raddb.proxy/pids/radius.pid
>>>>> AuthPort 1815
>>>>> AcctPort 1816
>>>>> DbDir /etc/raddb.proxy
>>>>> DictionaryFile /etc/raddb.proxy/conf/dictionary
>>>>> RewriteUsername s/(\\)/@/
>>>>>
>>>>> ### Include our client.inc file:
>>>>> include /etc/raddb.proxy/conf/clients.inc
>>>>> include /etc/rad-log.cfg
>>>>> include /etc/raddb.proxy/conf/realms/shoe.prizmtesting.net
>>>>> <Realm DEFAULT>
>>>>>
>>>>> </Realm>
>>>>>
>>>>> This is all authing off a flat file with the radius setup inside.
>>>>>
>>>>> On Friday 17 August 2007 6:12:46 pm Hugh Irvine wrote:
>>>>>> Hello Michael -
>>>>>>
>>>>>> We will need to see a copy of your Radiator configuration file
>>>>>> together with a trace 5 debug from Radiator showing what is
>>>>>> happening.
>>>>>>
>>>>>> It would also be very useful to see packet dumps of the  
>>>>>> freeradius
>>>>>> access accept and the Radiator access accept to see what is
>>>>>> different.
>>>>>>
>>>>>> regards
>>>>>>
>>>>>> Hugh
>>>>>>
>>>>>> On 18 Aug 2007, at 01:14, Michael Shoemaker wrote:
>>>>>>> Hello all,
>>>>>>>
>>>>>>> We have a client that is using a 900mhz Motorola Advantage
>>>>>>> Platform
>>>>>>> AP with
>>>>>>> CANOPY 7.2.9 and they are unable to authenticate against  
>>>>>>> radiator.
>>>>>>>
>>>>>>> They can authenticate against a freeradius server using the same
>>>>>>> radius
>>>>>>> information. We have watched the packet traffic and can see that
>>>>>>> access-accept packets are being sent from radius to the AP,
>>>>>>> however, we have
>>>>>>> no way to see from the AP to the SM.
>>>>>>>
>>>>>>> Has anyone else come across this and or anyone have any  
>>>>>>> advice on
>>>>>>> where to go
>>>>>>> from here?
>>>>>>>
>>>>>>> We got motorola on the phone, and they told us "We don't support
>>>>>>> radiator" and
>>>>>>> would continue to repeat that throughout the conversation.
>>>>>>>
>>>>>>> I have used my google-fu to the best of my ability and have  
>>>>>>> found
>>>>>>> nothing to
>>>>>>> indicate a direction to go on this.
>>>>>>>
>>>>>>> Thanks for any help you may be able to provide.
>>>>>>>
>>>>>>> --
>>>>>>> Archive at http://www.open.com.au/archives/radiator/
>>>>>>> Announcements on radiator-announce at open.com.au
>>>>>>> To unsubscribe, email 'majordomo at open.com.au' with
>>>>>>> 'unsubscribe radiator' in the body of the message.
>>>>>>
>>>>>> NB:
>>>>>>
>>>>>> Have you read the reference manual ("doc/ref.html")?
>>>>>> Have you searched the mailing list archive (www.open.com.au/
>>>>>> archives/
>>>>>> radiator)?
>>>>>> Have you had a quick look on Google (www.google.com)?
>>>>>> Have you included a copy of your configuration file (no secrets),
>>>>>> together with a trace 4 debug showing what is happening?
>>>>>> Have you checked the RadiusExpert wiki:
>>>>>> http://www.open.com.au/wiki/index.php/Main_Page
>>>>
>>>> NB:
>>>>
>>>> Have you read the reference manual ("doc/ref.html")?
>>>> Have you searched the mailing list archive (www.open.com.au/ 
>>>> archives/
>>>> radiator)?
>>>> Have you had a quick look on Google (www.google.com)?
>>>> Have you included a copy of your configuration file (no secrets),
>>>> together with a trace 4 debug showing what is happening?
>>>> Have you checked the RadiusExpert wiki:
>>>> http://www.open.com.au/wiki/index.php/Main_Page
>>>
>>> --
>>> Archive at http://www.open.com.au/archives/radiator/
>>> Announcements on radiator-announce at open.com.au
>>> To unsubscribe, email 'majordomo at open.com.au' with
>>> 'unsubscribe radiator' in the body of the message.
>>
>> NB:
>>
>> Have you read the reference manual ("doc/ref.html")?
>> Have you searched the mailing list archive (www.open.com.au/archives/
>> radiator)?
>> Have you had a quick look on Google (www.google.com)?
>> Have you included a copy of your configuration file (no secrets),
>> together with a trace 4 debug showing what is happening?
>> Have you checked the RadiusExpert wiki:
>> http://www.open.com.au/wiki/index.php/Main_Page
>
>



NB:

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/ 
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
Have you checked the RadiusExpert wiki:
http://www.open.com.au/wiki/index.php/Main_Page

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.


--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list