[RADIATOR] COA for Cisco ISG

Deniz Aydin deniza at netone.net.tr
Mon Aug 25 09:07:36 CDT 2008


Sory for the late response,,
        I have tried the "4 " and its the same, giving error.


 radpwtst -s x -secret x -noauth -noacct -code Change-Filter-Request
-trace 4 -dictionary
/usr/share/doc/packages/Radiator/goodies/dictionary.cisco
Account-Info="Sx" Command-Code="4 "



Aug 25 13:55:49: RADIUS: COA  received from id 103 x:33164, CoA Request,
len 53
Aug 25 13:55:49: RADIUS(00000000): sending
Aug 25 13:55:49: RADIUS(00000000): Send CoA Nack Response to x:33164 id
103, len 84
Aug 25 13:55:49: RADIUS:  authenticator 61 CA AB 27 34 71 A7 8F - 8E 84
19 4A 75 4D 2B 63
Aug 25 13:55:49: RADIUS:  Vendor, Cisco       [26]  23  
Aug 25 13:55:49: RADIUS:   ssg-account-info   [250] 17  "Sx"
Aug 25 13:55:49: RADIUS:  Vendor, Cisco       [26]  10  
Aug 25 13:55:49: RADIUS:   ssg-command-code   [252] 4   
Aug 25 13:55:49: RADIUS:   34 20                [Unknown 4 ]
Aug 25 13:55:49: RADIUS:  Reply-Message       [18]  25  
Aug 25 13:55:49: RADIUS:   4E 6F 20 63 6F 6E 66 69 67 20 66 6F 75 6E 64
20  [No config found ]
Aug 25 13:55:49: RADIUS:   74 6F 20 70 75 73 68           [ to push]
Aug 25 13:55:49: RADIUS:  Dynamic-Author-Error[101] 6   Session Context
Not Found [503] 


Deniz AYDIN

-----Original Message-----
From: Mike McCauley [mailto:mikem at open.com.au] 
Sent: Wednesday, August 20, 2008 1:53 AM
To: radiator at open.com.au
Cc: Deniz Aydin; Hugh Irvine
Subject: Re: [RADIATOR] COA for Cisco ISG

Hello Deniz,


On Wednesday 20 August 2008 04:05, Deniz Aydin wrote:
> Hi Hugh,
>   Here is the cisco doc.
> http://www.cisco.com/en/US/docs/ios/12_2sb/isg/coa/guide/isgcoa3.html#
> wp
> 1100293
> You can look at CoA Request Response Code section and also table 7 for

> detailed information under that chapter.

According to that doc near table 7, "The command codes can be encoded in
binary or in ASCII.".

So, have you tried using:

radpwtst -s x.x.x.x -secret ????? -noauth -noacct -code
Change-Filter-Request -trace 4 -dictionary
/usr/share/doc/packages/Radiator/goodies/dictionary.cisco
Account-Info="Sx.x.x.x" Command-Code="4 "

(Thats a space after the 4 in Command-Code).

BTW, in the latest patch set the name of the Command-Code attribute has
been changed to Cisco-Command-Code because of a collision with another
VSA.

Cheers.

>
>
> Deniz AYDIN
>
> -----Original Message-----
> From: Hugh Irvine [mailto:hugh at open.com.au]
> Sent: Tuesday, August 19, 2008 12:14 PM
> To: Deniz Aydin
> Cc: radiator at open.com.au
> Subject: Re: [RADIATOR] COA for Cisco ISG
>
>
> Hello Deniz -
>
> Thanks for the additional information.
>
> Can you please send us a reference to the Cisco documentation that 
> describes the format of this attribute?
>
> The Cisco debug appears to show that this is 2 octets with values of 
> "04" and "20".
>
> You can see additional detail from radpwtst by using "-trace 5".
>
> regards
>
> Hugh
>
> On 19 Aug 2008, at 15:28, Deniz Aydin wrote:
> > Hi Hugh,
> >   Version is 4.2.
> > Here there is working debug i got from cisco.
> > As you see they sent a command code 4 with a space after it, and the

> > router correctly recognize the atttribute value.
> >
> > Aug 16 11:11:31.299: RADIUS: COA  received from id 3 x.x.x.x:1700, 
> > CoA
> >
> > Request, len 47 *Aug 16 11:11:31.299: COA: x.x.x.x request queued 
> > *Aug
> >
> > 16 11:11:31.299: RADIUS:  authenticator C5 E4 09 50 1F 02 2A 1D -
> > 45 E7 A6 47 08 D2 53 19
> > *Aug 16 11:11:31.299: RADIUS:  Vendor, Cisco       [26]  17
> > *Aug 16 11:11:31.299: RADIUS:   ssg-account-info   [250] 11
> > "Sx.x.x.x"
> > *Aug 16 11:11:31.299: RADIUS:  Vendor, Cisco       [26]  10
> > *Aug 16 11:11:31.299: RADIUS:   ssg-command-code   [252] 4
> > *Aug 16 11:11:31.299: RADIUS:   04 20                 [Account-Ping
]
> > <<=====
> > *Aug 16 11:11:31.299:  ++++++ CoA Attribute List ++++++
> >
> > Here is debug of my request, as you see router recognize this 
> > attribute as its in ASCI format. I have also captured radius packets

> > and its also shows that Command-Code = 04 20. Is there any value 
> > that shows the attribute value is binary or ASCI in the radius
header?
> >
> > radpwtst -s x.x.x.x -secret dr5mak -noauth -noacct -code 
> > Change-Filter-Request -trace 4 -dictionary 
> > /usr/share/doc/packages/Radiator/goodies/dictionary.cisco
> > Account-Info="Sx.x.x.x" Command-Code="04 20"
> > Tue Aug 19 08:46:54 2008: DEBUG: Reading dictionary file 
> > '/usr/share/doc/packages/Radiator/goodies/dictionary.cisco'
> > sending Change-Filter-Request...
> > Tue Aug 19 08:46:54 2008: DEBUG: Packet dump:
> > *** Sending to x.x.x.x port x ....
> > Code:       Change-Filter-Request
> > Identifier: 159
> > Authentic:  <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> > Attributes:
> >         Account-Info = "Sx.x.x.x"
> >         Command-Code = 04 20
> >
> >
> > Aug 18 12:35:40: RADIUS: COA  received from id 95 x.x.x.x:33070, CoA

> > Request, len 55 Aug 18 12:35:40: COA: 193.192.100.200 request queued

> > Aug 18 12:35:40: RADIUS:  authenticator 94 3A BC 82 6F 8B 09 03 -
> > 44 0A
> > B7 FE 27 F3 A3 1A
> > Aug 18 12:35:40: RADIUS:  Vendor, Cisco       [26]  22
> > Aug 18 12:35:40: RADIUS:   ssg-account-info   [250] 16  "Sx.x.x.x"
> > Aug 18 12:35:40: RADIUS:  Vendor, Cisco       [26]  13
> > Aug 18 12:35:40: RADIUS:   ssg-command-code   [252] 7
> > Aug 18 12:35:40: RADIUS:   30 34 20 32 30             [Unknown 04
20]
> >
> >
> >
> >
> > Deniz AYDIN
> >
> > -----Original Message-----
> > From: Hugh Irvine [mailto:hugh at open.com.au]
> > Sent: Tuesday, August 19, 2008 5:42 AM
> > To: Deniz Aydin
> > Cc: radiator at open.com.au
> > Subject: Re: [RADIATOR] COA for Cisco ISG
> >
> >
> > Hello Deniz -
> >
> > The Command-Code that you are sending is in fact an ASCII string - 
> > you will see the same thing as both ASCII and binary.
> >
> > What version of Radiator are you using? And what does the Cisco 
> > device debug say is wrong?
> >
> > You can see what radpwtst is sending by using "-trace 4" as a 
> > parameter (you are just using "-trace" in what you show below).
> >
> > regards
> >
> > Hugh
> >
> > On 18 Aug 2008, at 19:08, Deniz Aydin wrote:
> >> Hi,
> >>         I have been tring to testing radpwtst utility.But there is 
> >> some problem about the Command-Code attribute. Firstly I tried with

> >> ASCI mode command-code ;
> >>
> >> radpwtst -s x.x.x.x -secret x -noauth -noacct -code Change-Filter- 
> >> Request -trace -dictionary 
> >> /usr/share/doc/packages/Radiator/goodies/
> >> dictionary.cisco Account-Info="Sx.x.x.x.x" Command- 
> >> Code="subscriber:command=account-status-query"
> >>
> >> And Cisco want me to try with binary mode command code. So I  have 
> >> changed dictionary file for Command-Code
> >> VENDORATTR      9               Command-Code            252
> >> binary
> >>
> >> Is it enough for sending this attribute in binary mode, because 
> >> when i
> >>
> >> look at cisco debugs, i am seeing that it recognize this as string.
> >>
> >> radpwtst -s x.x.x.x -secret x -noauth -noacct -code Change-Filter- 
> >> Request -trace -dictionary 
> >> /usr/share/doc/packages/Radiator/goodies/
> >> dictionary.cisco Account-Info="Sx.x.x.x" Command-Code="04 20"
> >>
> >> Deniz AYDIN
> >>
> >> _______________________________________________
> >> radiator mailing list
> >> radiator at open.com.au
> >> http://www.open.com.au/mailman/listinfo/radiator
> >
> > NB:
> >
> > Have you read the reference manual ("doc/ref.html")?
> > Have you searched the mailing list archive 
> > (www.open.com.au/archives/ radiator)?
> > Have you had a quick look on Google (www.google.com)?
> > Have you included a copy of your configuration file (no secrets), 
> > together with a trace 4 debug showing what is happening?
> > Have you checked the RadiusExpert wiki:
> > http://www.open.com.au/wiki/index.php/Main_Page
> >
> > --
> > Radiator: the most portable, flexible and configurable RADIUS server

> > anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> > Includes support for reliable RADIUS transport (RadSec), and 
> > DIAMETER translation agent.
> > -
> > Nets: internetwork inventory and management - graphical, extensible,

> > flexible with hardware, software, platform and database
independence.
> > -
> > CATool: Private Certificate Authority for Unix and Unix-like
systems.
>
> NB:
>
> Have you read the reference manual ("doc/ref.html")?
> Have you searched the mailing list archive (www.open.com.au/archives/ 
> radiator)?
> Have you had a quick look on Google (www.google.com)?
> Have you included a copy of your configuration file (no secrets), 
> together with a trace 4 debug showing what is happening?
> Have you checked the RadiusExpert wiki:
> http://www.open.com.au/wiki/index.php/Main_Page

-- 
Mike McCauley                               mikem at open.com.au
Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++, WWW
9 Bulbul Place Currumbin Waters QLD 4223 Australia
http://www.open.com.au
Phone +61 7 5598-7474                       Fax   +61 7 5598-7070

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco etc on Unix, Windows, MacOSX,
Solaris, VMS, NetWare etc.



More information about the radiator mailing list