(RADIATOR) Problem with OTP/Radmin and Cisco VPN 3000

Haakan Olofsson olofson at dax.net
Fri Mar 16 02:47:54 CST 2007


I got one step forward in the process here. But this that follows now 
is strange

Cisco VPNclient login and authenticates the group first and if the 
VPN Concentrator gets an OK it takes the
user itself. But here with the group testme it never authenticates 
the normal user. Is there away to make it check group-username and 
then the normal username?


Fri Mar 16 08:32:49 2007: ERR: Attribute number 66 is not defined in 
your dictionary
Fri Mar 16 08:32:49 2007: ERR: Attribute number 22 (vendor 3076) is 
not defined in your dictionary
Fri Mar 16 08:32:49 2007: DEBUG: Packet dump:
*** Received from 10.0.202.2 port 1590 ....

Packet length = 136
01 74 00 88 a5 71 49 55 61 91 f9 ca 7c 18 68 92
f7 c9 91 e8 01 08 74 65 73 74 6d 65 02 12 77 5e
1f 4a d1 90 17 53 79 9f 0e 04 e8 80 68 cf 05 06
00 00 00 00 06 06 00 00 00 02 07 06 00 00 00 01
1e 10 31 39 33 2e 32 31 36 2e 31 32 37 2e 34 32
1f 10 31 39 33 2e 32 31 36 2e 31 38 34 2e 34 35
42 10 31 39 33 2e 32 31 36 2e 31 38 34 2e 34 35
1a 0c 00 00 0c 04 16 06 00 00 00 05 04 06 0a 00
ca 02 3d 06 00 00 00 05
Code:       Access-Request
Identifier: 116
Authentic:  <165>qIUa<145><249><202>|<24>h<146><247><201><145><232>
Attributes:
         User-Name = "testme"
         User-Password = "w^<31>J<209><144><23>Sy<159><14><4><232><128>h<207>"
         NAS-Port = 0
         Service-Type = Framed
         Framed-Protocol = PPP
         Called-Station-Id = "192.168.1.250"
         Calling-Station-Id = "192.168.254.254"
         NAS-IP-Address = 10.0.202.2
         NAS-Port-Type = Virtual

Fri Mar 16 08:32:49 2007: DEBUG: Handling request with Handler 'Realm=DEFAULT'
Fri Mar 16 08:32:49 2007: DEBUG:  Deleting session for testme, 10.0.202.2, 0
Fri Mar 16 08:32:49 2007: DEBUG: do query is: 'delete from RADONLINE 
where NASIDENTIFIER='10.0.202.2' and NASPORT=00':
Fri Mar 16 08:32:49 2007: DEBUG: Handling with Radius::AuthRADMIN
Fri Mar 16 08:32:49 2007: DEBUG: Handling with Radius::AuthRADMIN:
Fri Mar 16 08:32:49 2007: ERR: Attribute number 79 is not defined in 
your dictionary
Fri Mar 16 08:32:49 2007: DEBUG: Query is: 'select PASS_WORD, 
STATICADDRESS, TIMELEFT, MAXLOGINS, SERVICENAME, BADLOGINS, 
VALIDFROM, VALIDTO, FULLNAME from RADUSERS where USERNAME='testme'':
Fri Mar 16 08:32:49 2007: DEBUG: Query is: 'select ATTR_ID, 
VENDOR_ID, IVALUE, SVALUE, ITEM_TYPE from RADCONFIG where 
NAME='testme' order by ITEM_TYPE':
Fri Mar 16 08:32:49 2007: DEBUG: Radius::AuthRADMIN looks for match 
with testme [testme]
Fri Mar 16 08:32:49 2007: DEBUG: Query is: 'select NASIDENTIFIER, 
NASPORT, ACCTSESSIONID, FRAMEDIPADDRESS from RADONLINE where 
USERNAME='testme'':
Fri Mar 16 08:32:49 2007: DEBUG: ValidFrom date converted to: 1173977965
Fri Mar 16 08:32:49 2007: DEBUG: Expiration date converted to: 1205539200
Fri Mar 16 08:32:49 2007: DEBUG: do query is: 'update RADUSERS set 
BADLOGINS=0 where USERNAME='testme'':
Fri Mar 16 08:32:49 2007: DEBUG: AuthBy RADMIN result: ACCEPT,
Fri Mar 16 08:32:49 2007: DEBUG: Handling with Radius::AuthOTP:
Fri Mar 16 08:32:49 2007: DEBUG: Radius::AuthOTP looks for match with 
testme [testme]
Fri Mar 16 08:32:49 2007: DEBUG: Radius::AuthOTP ACCEPT: : testme [testme]
Fri Mar 16 08:32:49 2007: DEBUG: AuthBy OTP result: ACCEPT,
Fri Mar 16 08:32:49 2007: DEBUG: Access accepted for testme
Fri Mar 16 08:32:49 2007: DEBUG: do query is: 'insert into RADAUTHLOG 
(TIME_STAMP, USERNAME, TYPE) values (1174033969, 'testme', 1)':
Fri Mar 16 08:32:49 2007: DEBUG: Packet dump:
*** Sending to 10.0.202.2 port 1590 ....

Packet length = 20
02 74 00 14 47 a2 68 9b 90 57 2b 08 6b 1e 10 5c
59 7a d8 df
Code:       Access-Accept
Identifier: 116
Authentic:  <165>qIUa<145><249><202>|<24>h<146><247><201><145><232>
Attributes:

Have an excellent weekend

/Olofson

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list