[RADIATOR] help with AuthBy LSA failure

Jason Mueller jasmuell at indiana.edu
Mon Jul 14 10:22:52 CDT 2008 

Hugh,

> Can you please tell me what access server, what version of Windows,  
> what version of Perl, and what version of OpenSSL you are running?

NAS: HP5406zl running K.13.09; authenticating client on a 24-port  
Ethernet Gig module (J8702A)
Windows: Win2003 Server SP1
Perl: 5.8.8 (ActiveState distribution)
OpenSSL: 0.9.8g (Shining Light binary distribution)

I have commented out "AutoMPPEKeys", as we will only need that for our  
wireless users. Otherwise, there is not much to the config.


> If you can send us a trace 5 debug it will help.

A trace with debug level 5 is below:

Mon Jul 14 11:18:14 2008: DEBUG: Finished reading configuration file  
'C:\Program Files\Radiator\radius.cfg'
This Radiator license will expire on 2008-08-30
This Radiator license will stop operating after 1000 requests
To purchase an unlimited full source version of Radiator, see
http://www.open.com.au/ordering.html
To extend your license period, contact admin at open.com.au

Mon Jul 14 11:18:14 2008: DEBUG: Reading dictionary file 'E:/Radiator/ 
dictionary'
Mon Jul 14 11:18:15 2008: DEBUG: Creating authentication port  
0.0.0.0:1812
Mon Jul 14 11:18:15 2008: DEBUG: Creating accounting port 0.0.0.0:1813
Mon Jul 14 11:18:15 2008: NOTICE: Server started: Radiator 4.2 on  
iubiastest (LOCKED)
Mon Jul 14 11:18:23 2008: ERR: Attribute number 255 (vendor 11) is not  
defined in your dictionary
Mon Jul 14 11:18:23 2008: ERR: Attribute number 255 (vendor 11) is not  
defined in your dictionary
Mon Jul 14 11:18:23 2008: ERR: Attribute number 255 (vendor 11) is not  
defined in your dictionary
Mon Jul 14 11:18:23 2008: ERR: Attribute number 255 (vendor 11) is not  
defined in your dictionary
Mon Jul 14 11:18:23 2008: ERR: Attribute number 255 (vendor 11) is not  
defined in your dictionary
Mon Jul 14 11:18:23 2008: ERR: Attribute number 255 (vendor 11) is not  
defined in your dictionary
Mon Jul 14 11:18:23 2008: ERR: Attribute number 255 (vendor 11) is not  
defined in your dictionary
Mon Jul 14 11:18:23 2008: ERR: Attribute number 255 (vendor 11) is not  
defined in your dictionary
Mon Jul 14 11:18:23 2008: DEBUG: Packet dump:
*** Received from 129.79.9.37 port 1026 ....

Packet length = 315
01 20 01 3b 4e 17 c8 b2 31 43 36 a9 2e 05 67 7a
1b a2 9a 64 0c 06 00 00 05 ba 04 06 81 4f 09 25
20 0a 6a 63 6d 2d 74 65 73 74 01 0a 6a 61 73 6d
75 65 6c 6c 06 06 00 00 00 02 07 06 00 00 00 01
05 06 00 00 00 18 3d 06 00 00 00 0f 57 05 41 32
34 1e 13 30 30 2d 31 37 2d 61 34 2d 62 62 2d 30
37 2d 30 30 1f 13 30 30 2d 31 36 2d 63 62 2d 38
61 2d 61 38 2d 37 65 4d 27 43 4f 4e 4e 45 43 54
20 45 74 68 65 72 6e 65 74 20 31 30 30 30 4d 62
70 73 20 46 75 6c 6c 20 64 75 70 6c 65 78 40 06
00 00 00 0d 41 06 00 00 00 06 51 05 31 30 30 4f
0f 02 16 00 0d 01 6a 61 73 6d 75 65 6c 6c 50 12
41 a3 49 ae d5 bd c6 90 ee 62 19 88 26 38 f1 a7
1a 0c 00 00 01 37 09 06 00 00 00 0b 1a 0f 00 00
00 0b ff 09 01 1a 00 00 00 0b 28 1a 0f 00 00 00
0b ff 09 01 1a 00 00 00 0b 2e 1a 0f 00 00 00 0b
ff 09 01 1a 00 00 00 0b 3d 1a 0a 00 00 00 0b ff
04 01 38 1a 0a 00 00 00 0b ff 04 01 3a 1a 0a 00
00 00 0b ff 04 01 40 1a 0a 00 00 00 0b ff 04 01
41 1a 0a 00 00 00 0b ff 04 01 51
Code:       Access-Request
Identifier: 32
Authentic:  N<23><200><178>1C6<169>.<5>gz<27><162><154>d
Attributes:
         Framed-MTU = 1466
         NAS-IP-Address = 129.79.9.37
         NAS-Identifier = "jcm-test"
         User-Name = "jasmuell"
         Service-Type = Framed-User
         Framed-Protocol = PPP
         NAS-Port = 24
         NAS-Port-Type = Ethernet
         NAS-Port-Id = "A24"
         Called-Station-Id = "00-17-a4-bb-07-00"
         Calling-Station-Id = "00-16-cb-8a-a8-7e"
         Connect-Info = "CONNECT Ethernet 1000Mbps Full duplex"
         Tunnel-Type = 0:VLAN
         Tunnel-Medium-Type = 0:802
         Tunnel-Private-Group-ID = 100
         EAP-Message = <2><22><0><13><1>jasmuell
         Message-Authenticator =  
A<163>I<174><213><189><198><144><238>b<25><136>&8<241><167>
         MS-RAS-Vendor = 11

Mon Jul 14 11:18:23 2008: DEBUG: Handling request with Handler ''
Mon Jul 14 11:18:23 2008: DEBUG:  Deleting session for jasmuell,  
129.79.9.37, 24
Mon Jul 14 11:18:23 2008: DEBUG: Handling with Radius::AuthFILE:
Mon Jul 14 11:18:23 2008: DEBUG: Handling with EAP: code 2, 22, 13, 1
Mon Jul 14 11:18:23 2008: DEBUG: Response type 1
Prototype mismatch: sub Net::SSLeay::randomize (;$$) vs none at (eval  
48) line 1.
Mon Jul 14 11:18:23 2008: ERR: TLS could not load_verify_locations , :
Mon Jul 14 11:18:23 2008: DEBUG: EAP result: 1, EAP TLS Could not  
initialise context
Mon Jul 14 11:18:23 2008: DEBUG: AuthBy FILE result: REJECT, EAP TLS  
Could not initialise context
Mon Jul 14 11:18:23 2008: INFO: Access rejected for jasmuell: EAP TLS  
Could not initialise context
Mon Jul 14 11:18:23 2008: DEBUG: Packet dump:
*** Sending to 129.79.9.37 port 1026 ....

Packet length = 36
03 20 00 24 d9 67 5f a3 a4 0c f9 aa b2 0c 1b 45
b2 69 ed be 12 10 52 65 71 75 65 73 74 20 44 65
6e 69 65 64
Code:       Access-Reject
Identifier: 32
Authentic:   
<217>g_<163><164><12><249><170><178><12><27>E<178>i<237><190>
Attributes:
         Reply-Message = "Request Denied"

More information about the radiator mailing list